¶ Servers in vcenter-b
vcenter
alfa.cnap.hv.se (DNS-server för cnap.hv.se, master @ ns1.hv.se :- )
wiki
dns.lab.hv.se (193.10.236.3, no IPv6) CentOS release 6.10 (Final)
tholun chda0006 mats lejon robert
- zone "lab.hv.se" {
zone "236.10.193.in-addr.arpa" {
zone "237.10.193.in-addr.arpa" {
?? http://dns.lab.hv.se/ (ITB301 data ??)
fog server
catch-up
catch-up2
**CONTAINER ID NAMES PORTS**
xxx CENSORED xxx
4fef40b1607a netbox-docker_postgres_1 5432/tcp
0686bf6c0222 netbox-docker_redis-cache_1 6379/tcp
dcbd8d34eccf netbox-docker_redis_1 6379/tcp
1db6853061d8 gitea 0.0.0.0:3000->3000/tcp, 0.0.0.0:222->22/tcp
6ea0231e14b8 gitea-giteaDB-1 3306/tcp, 33060/tcp
3d1fbfe103c3 portainer 9000/tcp, 0.0.0.0:9443->9443/tcp, 0.0.0.0:9000->8000/tcp
dfafd8bfc70b nginx 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp
2dbfca55090c wiki 3000/tcp, 3443/tcp
5108337c79c3 db 5432/tcp
¶ ALFA
WORK IN PROGRESS
¶ SERVER DOKUMENTATION
root@alfa:/etc# uname -a
Linux alfa 5.10.0-19-amd64 #1 SMP Debian 5.10.149-2 (2022-10-21) x86_64 GNU/Linux
Date when info was updated: 2020-09-23
Hostnamn: alfa.cnap.hv.se
IP-address(es): 193.10.203.11
Operativsystem: CentOS release 5.8 (Final)
Kernel release: 2.6.18-308.13.1.el5
Kernel version: #1 SMP Tue Aug 21 17:10:06 EDT 2012
Hardware:
1x 18GB SCSI FUJITSI Disk
1x 18GB SCSI SEAGATE Disk
Intel Pentium III CopperMine, 1GHz, 256K Cache, 1133MHz FSB
100Mb Ethernet uplink
2GB SDRAM, 133MHz
¶ Overview
Machine roles:
Primary DNS-server for *.cnap.hv.se domain (named service)
NTP-peer (ntpd)
Legacy configuration:
DHCP Server (unused)
Sendmail Server (unknown)
alfa.cnap.hv.se currently runs as the master DNS server for *.cnap.hv.se along with beta.cnap.hv.se (193.10.203.12) which is mounted in the same rack in B212-215. It uses 1x 18.4GB Fujitsi SCSI drive and 1x 18GB Seagate SCSI drive for storage.
¶ Network
netstat -tulpn output (if Linux)
Proto Local Address State PID/Program name
tcp 127.0.0.1:2208 LISTEN 2278/./hpiod
tcp 0.0.0.0:5666 LISTEN 2330/xinetd
tcp 0.0.0.0:389 LISTEN 2237/slapd
tcp 193.10.203.11:53 LISTEN 2156/named
tcp 127.0.0.1:53 LISTEN 2156/named
tcp 0.0.0.0:22 LISTEN 2308/sshd
tcp 127.0.0.1:631 LISTEN 2317/cupsd
tcp 127.0.0.1:25 LISTEN 2378/sendmail
tcp 127.0.0.1:953 LISTEN 2156/named
tcp 127.0.0.1:2207 LISTEN 2283/python
tcp :::389 LISTEN 2237/slapd
tcp :::53 LISTEN 2156/named
tcp :::22 LISTEN 2308/sshd
udp 0.0.0.0:514 2114/syslogd
udp 193.10.203.11:53 2156/named
udp 127.0.0.1:53 2156/named
udp 0.0.0.0:67 5840/dhcpd
udp 0.0.0.0:69 2330/xinetd
udp 0.0.0.0:631 2317/cupsd
udp 193.10.203.11:123 2342/ntpd
udp 127.0.0.1:123 2342/ntpd
udp 0.0.0.0:123 2342/ntpd
udp :::53 2156/named
udp ::1:123 2342/ntpd
udp fe80::206:5bff:fe3d:196b:123 2342/ntpd
udp 2001:6b0:1d:10::11:123 2342/ntpd
udp :::123 2342/ntpd
alfa.cnap.hv.se[~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:06:5B:3D:19:6B
inet addr:193.10.203.11 Bcast:193.10.203.31 Mask:255.255.255.224
inet6 addr: 2001:6b0:1d:10::11/64 Scope:Global
inet6 addr: fe80::206:5bff:fe3d:196b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6300524 errors:0 dropped:0 overruns:0 frame:0
TX packets:7953051 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:421050506 (401.5 MiB) TX bytes:2278409964 (2.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:193 errors:0 dropped:0 overruns:0 frame:0
TX packets:193 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25269 (24.6 KiB) TX bytes:25269 (24.6 KiB)
Services running (external and local)
Name
Description
Networked?
named
¶ Firewall (Iptables)
alfa.cnap.hv.se[~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Wed Aug 17 08:26:07 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:blocksshd - [0:0]
-A INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
-A INPUT -s 193.10.192.0/255.255.240.0 -p tcp -m tcp --dport 22 -j blocksshd
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -s 193.10.203.12 -p tcp -m state --state NEW -m tcp --dport 647 -j ACCEPT
-A INPUT -s 193.10.188.0/255.255.252.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.10.188.0/255.255.252.0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -s 193.10.192.0/255.255.240.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.10.192.0/255.255.240.0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -s 193.10.234.0/255.255.254.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.10.234.0/255.255.254.0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.254.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.254.0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -s 193.10.203.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -s 193.10.237.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -s 0.0.0.0 -d 255.255.255.255 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 --dport 123 -j ACCEPT
-A INPUT -s 193.10.202.21 -p tcp -m state --state NEW -m tcp --dport 1241 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 1241 -j ACCEPT
-A INPUT -s 193.10.202.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 193.10.203.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 193.10.237.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 192.168.16.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 192.168.17.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 192.168.17.0/255.255.255.0 -p tcp -m tcp --dport 69 -j ACCEPT
-A INPUT -s 192.168.18.0/255.255.255.0 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 193.10.191.52 -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 193.10.203.0/255.255.255.0 -p udp -m udp --dport 514 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p udp -m udp --dport 514 -j ACCEPT
-A INPUT -s 193.10.237.0/255.255.255.0 -p udp -m udp --dport 514 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p udp -m udp --dport 1812 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p udp -m udp --dport 1813 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p tcp -m tcp --dport 1812 -j ACCEPT
-A INPUT -s 193.10.236.0/255.255.255.0 -p tcp -m tcp --dport 1813 -j ACCEPT
-A INPUT -s 193.10.0.0/255.255.0.0 -p tcp -m tcp --dport 5001 -j ACCEPT
-A INPUT -s 193.10.0.0/255.255.0.0 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 193.10.0.0/255.255.0.0 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 193.10.0.0/255.255.0.0 -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -s 193.10.0.0/255.255.0.0 -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -s 193.10.202.40 -d 193.10.236.11 -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -m limit --limit 1/sec --limit-burst 10 -j LOG --log-prefix "FWInput: " --log-level 3
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m limit --limit 1/sec --limit-burst 10 -j LOG --log-prefix "FWForward: " --log-level 3
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j ACCEPT
-A OUTPUT -m limit --limit 1/sec --limit-burst 10 -j LOG --log-prefix "FWOutput: " --log-level 3
-A OUTPUT -j REJECT --reject-with icmp-host-prohibited
-A blocksshd -s 196.200.132.18 -p tcp -m tcp --dport 22 -j DROP
-A blocksshd -s 175.206.32.149 -p tcp -m tcp --dport 22 -j DROP
-A blocksshd -s 219.238.253.143 -p tcp -m tcp --dport 22 -j DROP
COMMIT
# Completed on Wed Aug 17 08:26:07 2011
¶ Storage
alfa.cnap.hv.se[~]# lsscsi
[0:0:0:0] disk FUJITSU MAN3184MC 5508 /dev/sda
[0:0:1:0] disk SEAGATE ST318305LC 2203 /dev/sdb
[0:0:6:0] process DELL 1x3 U2W SCSI BP 1.21 -
alfa.cnap.hv.se[~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 17G 15G 1.1G 94% /
/dev/sdb2 13G 1.3G 11G 11% /opt
/dev/sda1 99M 23M 72M 24% /boot
tmpfs 1014M 0 1014M 0% /dev/shm
¶ DNS (Named config)
alfa.cnap.hv.se[~]# cat /etc/named.conf
//
// named.conf.ALFA
//
// 2009-01-15/ih
acl "slaves" {
193.10.198.34; //ns1
193.10.198.35; //ns3
193.10.199.95; //ns2
193.10.199.96; //ns4
// 193.10.199.228; //labns
193.10.203.12; //beta
};
acl "lokala" {
192.168.16.0/20; // Some local, internal nets -- Robert
193.10.188.0/22;
193.10.192.0/20;
193.10.234.0/23;
193.10.236.0/23;
193.10.237.0/24;
//81.216.218.82;
::1;
2001:6b0:1d::0/48;
};
acl "trans" {
193.10.188.0/22;
193.10.192.0/20;
193.10.236.0/23;
//193.10.237.0/24;
//81.216.218.82;
};
include "/var/named/INCLUDE/rndc.key";
options {
directory "/var/named";
pid-file "data/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named.stats";
dnssec-enable no;
dnssec-validation no;
//query-source address * port 53;
query-source address * port *;
allow-transfer { 127.0.0.1; ::1; "slaves"; "trans"; };
allow-recursion { 127.0.0.1; "lokala"; };
allow-query { 127.0.0.1; "lokala"; };
allow-query-cache { 127.0.0.1; "lokala"; };
notify yes;
//listen-on-v6 { ::1; 2001:6b0:1d:42::11; };
listen-on-v6 { any; };
version none;
};
controls {
inet 127.0.0.1 port 953
allow { localhost; }
keys { rndc-key; };
};
zone "cnap.hv.se" {
type master;
//file "db.cnap";
//file "db.cnap.signed";
file "db.cnap.hv.se";
also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
allow-query { any; };
allow-update { none; };
};
#zone "lab.hv.se" {
# type master;
# //file "db.lab";
# file "db.lab.signed";
# also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
# allow-query { any; };
# allow-update { none; };
#};
zone "203.10.193.in-addr.arpa" {
type master;
file "db.193.10.203";
//file "db.193.10.203.signed";
also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
allow-query { any; };
allow-update { none; };
};
#zone "236.10.193.in-addr.arpa" {
# type master;
# //file "db.193.10.236";
# file "db.193.10.236.signed";
# also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
# allow-query { any; };
# allow-update { none; };
#};
#
#zone "237.10.193.in-addr.arpa" {
# type master;
# file "db.193.10.237";
# //file "db.193.10.237.signed";
# also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
# allow-query { any; };
# allow-update { none; };
#};
// 2015-08-26/imra, for local management of switches and wmware kernel ports
zone "17.168.192.in-addr.arpa" {
type master;
file "bakat.192.168.17";
also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
allow-query { any; };
allow-update { none; };
};
// 2010-10-01/imra, for VMware course
zone "20.168.192.in-addr.arpa" {
type master;
file "bakat.192.168.20";
also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
allow-query { any; };
allow-update { none; };
};
// 2009-02-23/ih
zone "d.1.0.0.0.b.6.0.1.0.0.2.ip6.arpa" IN {
type master;
//file "db.2001.6b0.1d";
file "db.2001.6b0.1d.signed";
also-notify { 193.10.198.34; 193.10.198.35; 193.10.199.96; 193.10.199.228; 193.10.236.12; };
allow-query { any; };
allow-update { none; };
};
zone "." {
type hint;
file "db.cache";
};
include "INCLUDE/named.logging";
include "INCLUDE/rfc1912.zones";
include "spcl.slaves";
¶ Virtual Apache Web, Containers, https instances
Rule: the below list should be http(s) accessible, and NOT be a hardware
- Netbox http://193.10.203.20:8000
- Get-a-Po
- See rule above: Fortigate, ...
¶ Proxmox on Dell R710 - installation
Use https://etcher.balena.io/ , Rufus is BROKEN
¶ Manage Disks!
After BIOS, press CTRL-R to enter Disk-Management;
Reset, Delete, Initialize and Create one Virtual Disk
¶ Network cables
- Connect one Access-cable to the dedicated iDRAC interface to the left (spanner icon)
- Connect one Trunk-cable to port 1 (missing 10GBE
) to a switch trunk interface
¶ Configure iDRAC (IPMI) remote management
Wait for BIOS (no F2, no F11)
Press CTRL-E to enter IP config of iDRAC (?)
- Reset iDRAC to restore default password
- Enter IP-address information
Download Firefox version 1 (sic) because of TLS 1.0, unzip and double-click firefox.exe
Username: root Password: calvin
FTW: Go back to your office and do the rest of the config remotely via WEB iPMI
¶ Firmware Upgrade
Snoopy:
Woodstock:
Charlie: PowerEdge R710 BIOS Version 6.6.0 Service Tag 3BW3B5J
- Download Ubuntu Desktop and burn USB-stick with Etcher
- Download https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=9ghnc&oscode=ws8r2&productcode=poweredge-r710
- Mount SUU in windows and COPY all files to Bootable Ubuntu USB-stick
¶ Configure BOOT
-
Update everything: ERROR = Not for PowerEdge R710 !!! Dell Command | Update --- https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=6VFWW
-
BIOS: Change to UEFI
-
Misslyckades att installera via "System Services" (typ BIOS liksom)
-
F11 -> Terminal UI (inte Grafik) fungerade...
¶ Configure PROXMOX
Ethernet devices: en*, systemd network interface names.
Bridge names: Commonly vmbr[N], where 0 ≤ N ≤ 4094 (vmbr0 - vmbr4094),
auto lo
iface lo inet loopback
iface eno1 inet manual
The installation program creates a single bridge named vmbr0, which is connected to the first Ethernet card. The corresponding configuration in /etc/network/interfaces might look like this:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.10.2/24
gateway 192.168.10.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
Trunk
auto vmbr0.10
iface vmbr0.5 inet static
address 193.10.203.27/26
gateway 193.10.203.1
auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
create storage failed: command '/sbin/pvs --separator : --noheadings --units k --unbuffered --nosuffix --options pv_name,pv_size,vg_name,pv_uuid /dev/disk/by-id/scsi-36000d310013d0c00000000000000005a' failed: exit code 5 (500)
hej