This page (revision-45) was last changed on 23-Apr-2022 17:06 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
45 23-Apr-2022 17:06 24 KB Harry Metske to previous
44 23-Apr-2022 17:05 24 KB Harry Metske to previous | to last
43 23-Apr-2022 17:05 24 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 24 KB Harry Metske to previous | to last
41 23-Apr-2022 17:05 21 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Computerhok 2013
Computerhok 2013

Version management

Difference between version and

At line 8 removed one line
%%warning We went live on Sunday 2013-02-24! %%
At line 30 removed 8 lines
%%warning
After doing some experiments I decided to leave Virtualbox:
* it is poorly documented (only "click here, click that", no good reference of all command options)
* you cannot resize harddisks (anymore ?)
* unstable, vboxdrv driver modules disappearing for unknown reasons
I stumbled upon __[lxc|http://lxc.sourceforge.net/]__, so I started figuring out what that offers, see here [my experiments with lxc|lxc].
%%
At line 92 changed one line
* Add CD and disk controller:
* Add CD and disk:
At line 391 changed one line
!! Extra installed packages
! Extra installed packages
At line 393 removed one line
! Extra installed packages for the Host
At line 395 changed 278 lines
* vim htop openjdk-7-jdk wget mailutils lsof uuid fsarchiver fail2ban
! Extra installed packages for the container(s)
* htop apache2 aptitude unzip locate fping postfix telnet mailutils lsof
{{{
sudo sh -c 'echo "deb http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu precise main" >> /etc/apt/sources.list.d/mariadb.list'
}}}
* mariadb-server mariadb-client
* imagemagick php5-imagick man-db fail2ban
!! Install/migrate Gallery
* Download the Gallery 3 zip
* unpack to /var/www/gallery3
* {{mkdir /var/www/gallery3/var}}
* {{chown www-data.www-data /var/www/gallery3}}
* install mariadb (root pw see keepass)
*
{{{
MariaDB [(none)]> create user 'gallery3'@'localhost' identified by "gallery3pw";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create database gallery3;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on gallery3.* to gallery3;
Query OK, 0 rows affected (0.00 sec)
}}}
* install php stuff:
* add {{deb http://ppa.launchpad.net/ondrej/php5/ubuntu precise main}} to /etc/apt/sources.list
{{{
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CBCB082A1BB943DB
apt-get update
}}}
* apt-get install php5-common libapache2-mod-php5 php5-mysql php5-gd
Now before copying over photo's from the old site, we first have to increase the filesystem space.
* shut down container
* {{lvcreate --size=20G --name=lvol.cn1 vg0}}
* {{cd /var/lib/lxc }}
* {{mv cn1 cn1.ff && mkdir cn1}}
* {{mkfs.ext4 /dev/vg0/lvol.cn1}}
* update {{/etc/fstab}} and issue {{mount -a}}
* {{cd /var/lib/lxc && cp -pR cn1.ff/* cn1}}
! Forget about gallery3
After a couple of hours trying/googling I gave up on migrating from gallery2 to gallery3.
!! zabbix 2.0 experiment
cn4 cloned for this purpose
* installed mariadb
* downloaded and untarred zabbix-server 2.0
* group and user zabbix created
* installed mariadb, including the devel package {{libmariadbclient-dev}}
* follow the default installation procedure from the zabbix website
** create user zabbix
** create database zabbix, dbuser zabbix/zabbixpw
** loaded the tables
** modified {{/etc/php5/apache2/php.ini}}
** created dir {{/var/log/zabbix}}
** modified {{/usr/local/etc/zabbix*}}
** (copied from ./misc dir) to /etc/init : upstart config files (adding ''setuid zabbix'')
!! firewall configurations
! apollo
Stuck into /etc/rc.local:
%%small
{{{
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i lxcbr0 -j ACCEPT
/sbin/iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
/sbin/iptables -A INPUT -s 10.0.3.1/24 -j ACCEPT
/sbin/iptables -A INPUT -s 140.211.11.9 -j ACCEPT
/sbin/iptables -A INPUT -s 145.72.98.1 -j ACCEPT
#/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1122 -j DNAT --to 10.0.3.11:22
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1125 -j DNAT --to 10.0.3.11:25
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1180 -j DNAT --to 10.0.3.11:80
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11443 -j DNAT --to 10.0.3.11:443
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11808 -j DNAT --to 10.0.3.11:8080
#
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1222 -j DNAT --to 10.0.3.12:22
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1225 -j DNAT --to 10.0.3.12:25
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1280 -j DNAT --to 10.0.3.12:80
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 12443 -j DNAT --to 10.0.3.12:443
#
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1322 -j DNAT --to 10.0.3.13:22
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1325 -j DNAT --to 10.0.3.13:25
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1380 -j DNAT --to 10.0.3.13:80
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 13443 -j DNAT --to 10.0.3.13:443
#
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1422 -j DNAT --to 10.0.3.14:22
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1425 -j DNAT --to 10.0.3.14:25
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1480 -j DNAT --to 10.0.3.14:80
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 14443 -j DNAT --to 10.0.3.14:443
}}}
%%
! cn1
Stuck into /etc/rc.local:
%%small
{{{
/sbin/iptables -F
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
/sbin/iptables -A INPUT -s 10.0.3.0/24 -j ACCEPT
/sbin/iptables -A INPUT -s 140.211.11.9 -j ACCEPT
/sbin/iptables -A INPUT -s 145.72.98.1 -j ACCEPT
/sbin/iptables -A INPUT -s 178.18.80.48 -j ACCEPT
/sbin/iptables -A INPUT --match multiport -p tcp --dports 80,443 -j ACCEPT
/sbin/iptables -A INPUT --match multiport -p udp --dports 80,443 -j ACCEPT
#/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A INPUT -j DROP
}}}
%%
!! Miscellaneous
* set timezone on containers, put ''Europe/Amsterdam'' to ''/etc/timezone'' and run ''dpkg-reconfigure --frontend noninteractive tzdata''.
* zabbix MySQL support, adjust ''/usr/local/etc/zabbix_agentd.conf.d/userparameter_mysql.conf'' and create ~~zabbix/.my.cnf with user/pw in it
* ''too many open files'' on tail -f ==> ''echo 1024 > /proc/sys/fs/inotify/max_user_instances''
! lxc-rsync
To be able to quickly "copy/clone" lxc's (while having their own filesystem/lv already) :
%%small
{{{
root@apollo:~/bin# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda7 9.2G 5.3G 3.5G 61% /
udev 971M 12K 971M 1% /dev
tmpfs 389M 408K 389M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 972M 0 972M 0% /run/shm
cgroup 972M 0 972M 0% /sys/fs/cgroup
/dev/mapper/vg0-lvol.cn1 20G 7.4G 12G 40% /var/lib/lxc/cn1
/dev/mapper/vg0-lvol.cn4 5.0G 2.0G 2.7G 43% /var/lib/lxc/cn4
/dev/mapper/vg0-lvol.cn2 20G 6.7G 13G 36% /var/lib/lxc/cn2
/dev/mapper/vg0-lvol.cn3 3.0G 69M 2.8G 3% /var/lib/lxc/cn3
}}}
%%
I created the following ~root/bin/lxc-rsync script :
%%small
%%prettify
{{{
#!/bin/bash
#
# rsync on lxc with another
# args: <src lxc> <tgt lxc>
#
NUMARGS=$#
if [ $NUMARGS -ne 2 ]; then
echo "Usage: lxc-rsync <src lxc> <tgt lxc>"
exit 8
fi
SRCLXC=$1
TGTLXC=$2
SRCDIR=/var/lib/lxc/${SRCLXC}/rootfs
TGTDIR=/var/lib/lxc/${TGTLXC}/rootfs
if [ -d $SRCDIR -a -d $TGTDIR ]; then
echo "rsyncing from $SRCLXC to $TGTLXC"
cd $SRCDIR || exit 8
# save the old IP address
OLDIP=`grep address ${TGTDIR}/etc/network/interfaces | awk '{ print $NF}'`
rsync --exclude "tmp" --exclude "dev" --exclude "media" --exclude "mnt" --exclude "proc" --exclude "sys" --exclude "var/run" --verbose --recursive --links --perms --acls --times --owner --group --one-file-system --delete . $TGTDIR
# patching hostname and IP address
echo "patching /etc/hostname, /etc/hosts and /etc/network/interfaces ==> $TGTLXC / $OLDIP"
sed --in-place s/${SRCLXC}/${TGTLXC}/g ${TGTDIR}/etc/hostname
sed --in-place s/${SRCLXC}/${TGTLXC}/g ${TGTDIR}/etc/hosts
WRONGIP=`grep address ${TGTDIR}/etc/network/interfaces | awk '{ print $NF}'`
sed --in-place s/${WRONGIP}/${OLDIP}/g ${TGTDIR}/etc/network/interfaces
else
echo "either $SRCDIR or $TGTDIR does not exist"
exit 8
fi
}}}
%%
%%
%%warning But this rsync does not properly clone, for example /run/zabbix /var/run/zabbix fails, and mysqld does not start. %%
Therefore I created lxc-copy that uses __fsarchiver__ to do the heavy lifting.
! lxc-copy
The following script (takes longer but) works better :
%%prettify
{{{
#!/bin/bash
#
# copy an lxc (filesystem) to another one
# args: <src lxc> (must bu either cn1 or cn4, they will get copied to resp. cn2 and cn3)
#
# funtions first
logDie()
{
msg=$1
echo "$msg"
exit 8
}
# m a i n l i n e
#
NUMARGS=$#
if [ $NUMARGS -ne 1 ]; then
echo "Usage: lxc-copy <src lxc> (must bu either cn1 or cn4, they will get copied to resp. cn2 and cn3)"
exit 8
fi
SRCLXC=$1
if [ $SRCLXC != "cn1" -a $SRCLXC != "cn4" ]; then
echo "argument must be either cn1 or cn4"
exit 8
fi
TGTLXC=cn2
if [ $SRCLXC = "cn4" ]; then
TGTLXC=cn3
fi
echo "cloning from $SRCLXC to $TGTLXC"
mount |grep "/var/lib/lxc/${TGTLXC}" > /dev/null || logDie "/var/lib/lxc/${TGTLXC} is not mounted"
TGTDIR=/var/lib/lxc/${TGTLXC}/rootfs
OLDIP=`grep address ${TGTDIR}/etc/network/interfaces | awk '{print $NF}'`
OLDUUID=`cat /etc/fstab|grep /${TGTLXC} | awk '{ print $1}'|awk -F= '{print $NF}'`
# save old metadata of target lxc
cd /var/lib/lxc/${TGTLXC} && tar -cf /tmp/old-metadata-of-TGTLXC.tar config fstab rootfs.hold || logDie "saving old metadata of ${TGTLXC} failed"
cd -
MNTPOINT=/var/lib/lxc/${TGTLXC}
echo "umounting ${MNTPOINT}"
umount ${MNTPOINT} || logDie "umount failed for ${MNTPOINT}"
#
# check if container fs has been mounted
df /mnt/container/ | grep /dev/mapper/vg0-container > /dev/null
RC=$?
if [ $RC -eq 1 ]; then
mount /dev/mapper/vg0-container /mnt/container
echo "container fs mounted"
fi
echo "dumping source filesystem"
TAPEFILE=/mnt/container/savedfs.fsa
fsarchiver -A savefs ${TAPEFILE} /dev/mapper/vg0-lvol.${SRCLXC} || logDie "fsarchive savefs failed"
echo "restoring filesystem"
fsarchiver restfs ${TAPEFILE} id=0,dest=/dev/mapper/vg0-lvol.${TGTLXC} || logDie "fsarchive restfs failed"
echo "restoring old UUID ${OLDUUID}"
tune2fs /dev/mapper/vg0-lvol.${TGTLXC} -U ${OLDUUID}
echo "mounting back again"
mount -a || logDie "mount -a failed"
echo "restoring old metadata"
cd /var/lib/lxc/${TGTLXC} && tar -xf /tmp/old-metadata-of-TGTLXC.tar || logDie "restoring old metadata failed"
echo "patching /etc/hostname, /etc/hosts and /etc/network/interfaces ==> $TGTLXC / $OLDIP"
sed --in-place s/${SRCLXC}/${TGTLXC}/g ${TGTDIR}/etc/hostname || logDie "patching /etc/hostname failed"
sed --in-place s/${SRCLXC}/${TGTLXC}/g ${TGTDIR}/etc/hosts || logDie "patching /etc/hosts failed"
WRONGIP=`grep address ${TGTDIR}/etc/network/interfaces | awk '{ print $NF}'`
sed --in-place s/${WRONGIP}/${OLDIP}/g ${TGTDIR}/etc/network/interfaces || logDie "patching /etc/network/interfaces failed"
rm -f ${TAPEFILE} /tmp/old-metadata-of-TGTLXC.tar
umount /mnt/container
}}}
%%
* vim
* htop
This page (revision-45) was last changed on 23-Apr-2022 17:06 by Harry MetskeTop