forksand
/
forksand-it-manual
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Colophon branded, lmroman12 font issues fixed, cleaned up deprecated nodes,

Browse Source 
Cluster Evolution moved to another chapter, cleaned up binary apps files,
minor fixes
master
Linreigns 7 years ago
parent d0d6d3d1b0
commit d0caae87f6
19 changed files with 200 additions and 1936 deletions
Show Stats Download Patch File Download Diff File

42
source/Colophon.tex
Unescape View File

@ -14,20 +14,34 @@
%
%%% COLOPHON %%%
\begin{vplace}
\centering
\emph{\LARGE Colophon}
\includepdf[width=210mm,%
picturecommand*={%
\color[rgb]{0.631,0.957,1}% HEX # A1F4FF R:161 G:244 B:255 C:37 M:4 Y:0 K:0
\linethickness{30mm}
\put( 100,378){\line(1,0){397.50793}}
\color[rgb]{0.361,0.922,1}% HEX # 5CEBFF R:92 G:235 B:255 C:64 M:8 Y:0 K:0
\put( 0,378){\line(1,0){100}}
\put( 497.50793,378){\line(1,0){100}}
\color[rgb]{0,0.2,0.2}
\linethickness{0.3mm}
\put( 0,420){\line(1,0){597.50793}}
\put( 0,336){\line(1,0){597.50793}}
\put(120,435){\begin{minipage}{357.50793pt}\centering
\emph{\LARGE Colophon}
\end{minipage}}
\put(120,395){\begin{minipage}{357.50793pt}\centering
{\tiny Created with 100\% Free Software}
\end{minipage}}
\put(120,382){\begin{minipage}{357.50793pt}\centering
Debian GNU/Linux
\end{minipage}}
\put(120,370){\begin{minipage}{357.50793pt}\centering
{\LaTeX} Memoir
\end{minipage}}
\color[rgb]{0,0,0}
}%
]{LetterheadPDF.pdf}
\thispagestyle{empty}
\rule{0.5\textwidth}{0.4pt}\\[\baselineskip]
{\tiny Created with 100\% Free Software}
Debian GNU/Linux
{\LaTeX} Memoir
\rule{0\textwidth}{0pt}\\[\baselineskip]%
\rule{0.5\textwidth}{0.4pt}\\[\baselineskip]
\end{vplace}
%%% END COLOPHON %%%

2
source/Copyright.tex
Unescape View File

@ -15,7 +15,7 @@
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\fontspec{lmroman12-regular.otf}
%\fontspec{lmroman12-regular.otf}
\clearpage\null\vfill
\begingroup

169
source/Hardware.tex
Unescape View File

@ -12,53 +12,18 @@
%
\section{Hardware}
\subsection{Cluster Evolution}
Forksand started deployment on dedicated servers.
\vspace{0.6cm}
First stage. Exclusively dedicated servers (deprecated)
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-1-dedicated-vlan.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Second stage. Dedicated servers along with a colocation
cabinet. Flat hierarchy. (deprecated)
\vspace{0.1cm}
In progress, services were being migrated one after another to
a colocation instance. On the next stage hierarchy becomes vertical. \\
\vspace{0.1cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-2-mixed-vlan.pdf} \\ %
%
\section{Cluster Diagram}
\raggedright
Third stage. Dedicated servers buffered by
a colocation cabinet. Vertical hierarchy. (deprecated)
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-3-colo-dedicated.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Fourth stage. Dedicated servers discarded.
Colocation cabinet buffered only with a firewall. (current)
Dedicated servers discarded.
Colocation cabinet buffered only with a firewall.
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
\includegraphics[width=210mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-4-final-colocation.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Final stage. Firewall discarded. Single colocation cabinet. (in process)
\vspace{0.4cm}
\centering
%\includegraphics[width=115mm,trim=10mm 10mm 10mm 10mm]
%{sharkfork-cabling-4-single-colocation.pdf} \\ %
%
\raggedright
\newpage
@ -370,41 +335,66 @@ Who we'll get hardware from.
%\includescreen{shark2/03.png}{Logged in to admin-webview. Notification of no valid subscription}{}
%\includescreen{shark2/04.png}{Browse Datacenter, log hidden}{\label{fig:shark2browsedatacenter}}
%\includescreen{shark2/05.png}{Browse shark2 Node}{\label{fig:shark2browsenode}}
%\newpage
\includescreen{shark2/06.png}{Browse shark2 Network}{\label{fig:shark2network}}
%\includescreen{shark2/07.png}{Select first shark2 Network device}{}
\newpage
\includescreen{shark2/08.png}{Edit first shark2 Network device}{}
%\newpage
\includescreen{shark2/09.png}{Cleanup first shark2 Network device}{\label{fig:shark2cleanupnetdevice1}}
\newpage
\includescreen{shark2/10.png}{Browse shark2 Network}{}
\includescreen{shark2/11.png}{Create shark2 Linux Bridge}{\label{fig:shark2linuxbridge}}
%\includescreen{shark2/12.png}{Create shark2 Linux Bridge}{}
\newpage
\includescreen{shark2/13.png}{Create shark2 Linux Bridge}{}
{{\grenewcommand{\currentColor}{primary-blue}}}
{{\grenewcommand{\currentTextColor}{ao-black}}}
\providecommand{\sharkIPConfigItem}[4]{
\rowcolor{\currentColor} \vspace{-1pt}
\rule[-0.3em]{0pt}{-0.5em} \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#2}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#3}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#4}} \\
}
\providecommand{\sharkIPConfigLastItem}[4]{
\rowcolor{\currentColor} \vspace{-1pt}
\rule[-1.0em]{0pt}{1em} \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#2}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#3}} & \vspace{-1pt}
\small{\textcolor{\currentTextColor}{#4}} \\
\tabucline[2pt]{1-4}
}
\providecommand{\SIPCCwidth}{3.5cm}
\begin{table}[!htb]
\caption{IP configs of nodes} \label{tab:sharkNodeIPConfig}
\begin{tabular}{|l|l|l|l|}
\hline
\multicolumn {1}{|l|}{ Parameter}&
\multicolumn {1}{l|}{ Shark2}&
\multicolumn {1}{l|}{ Shark3}&
\multicolumn {1}{l|}{ Shark4} \\ \hline
Linux bridge & & & \\ %\hline
Name & vmbr0 & vmbr0 & vmbr0 \\ %\hline
IP address & 174.128.229.130 & 70.39.103.218 & 70.39.103.210 \\ %\hline
Subnet mask & 255.255.255.224 & 255.255.255.248 & 255.255.255.248 \\ %\hline
Gateway & 174.128.229.129 & 70.39.103.217 & 70.39.103.209 \\ %\hline
Bridge ports & enp2s0 & enp3s0 & enp3s0 \\ \hline
Network Device & & & \\ %\hline
Name & enp3s0 & enp4s0 & enp4s0 \\ %\hline
IP address & 10.2.2.2 & 10.2.2.3 & 10.2.2.4 \\ %\hline
Subnet mask & 255.255.255.0 & 255.255.255.0 & 255.255.255.0 \\ \hline
Network Device & & & \\ %\hline
Name & enp4s0 & enp5s0 & enp5s0 \\ %\hline
IP address & 10.99.99.2 & 10.99.99.3 & 10.99.99.4 \\ %\hline
Subnet mask & 255.255.255.0 & 255.255.255.0 & 255.255.255.0 \\ \hline
\end{tabular}
\begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth}|p{\SIPCCwidth}|p{\SIPCCwidth}|[2pt]}
\tabucline[2pt]{1-4}
\multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
\multicolumn {1}{l|}{\cellcolor{primary-brown} {Shark2}}&
\multicolumn {1}{l|}{\cellcolor{primary-brown} {Shark3}}&
\multicolumn {1}{l|[2pt]}{\cellcolor{primary-brown} {Shark4}} \\
\tabucline[2pt]{1-4}
\sharkIPConfigItem { Linux bridge }{}{}{}
\sharkIPConfigItem { Name }{ vmbr0 }{ vmbr0 }{ vmbr0 }
\sharkIPConfigItem { IP address }{ 174.128.229.130 }{ 70.39.103.218 }{ 70.39.103.210 }
\sharkIPConfigItem { Subnet mask }{ 255.255.255.224 }{ 255.255.255.248 }{ 255.255.255.248 }
\sharkIPConfigItem { Gateway }{ 174.128.229.129 }{ 70.39.103.217 }{ 70.39.103.209 }
\sharkIPConfigLastItem{ Bridge ports }{ enp2s0 }{ enp3s0 }{ enp3s0 }
\sharkIPConfigItem { Network Device }{}{}{}
\sharkIPConfigItem { Name }{ enp3s0 }{ enp4s0 }{ enp4s0 }
\sharkIPConfigItem { IP address }{ 10.2.2.2 }{ 10.2.2.3 }{ 10.2.2.4 }
\sharkIPConfigLastItem{ Subnet mask }{ 255.255.255.0 }{ 255.255.255.0 }{ 255.255.255.0 }
\sharkIPConfigItem { Network Device }{}{}{}
\sharkIPConfigItem { Name }{ enp4s0 }{ enp5s0 }{ enp5s0 }
\sharkIPConfigItem { IP address }{ 10.99.99.2 }{ 10.99.99.3 }{ 10.99.99.4 }
\sharkIPConfigLastItem{ Subnet mask }{ 255.255.255.0 }{ 255.255.255.0 }{ 255.255.255.0 }
\end{tabu}
\end{table}
\newpage
\includescreen{shark2/14.png}{Browse shark2 Network}{}
%\includescreen{shark2/15.png}{Select second shark2 Network device}{}
%\includescreen{shark2/16.png}{Edit second shark2 Network device}{}
@ -412,34 +402,35 @@ Who we'll get hardware from.
%\includescreen{shark2/18.png}{Browse shark2 Network}{}
%\includescreen{shark2/19.png}{Select third shark2 Network device}{}
%\includescreen{shark2/20.png}{Edit third shark2 Network device}{}
\newpage
\includescreen{shark2/21.png}{Edit third on the list shark2 Network device}{}
\begin{table}[!htb]
\caption{IP configs of nodes, duplicate of table \ref{tab:sharkNodeIPConfig}} % \label{tab:sharkLinuxBridge}
\begin{tabular}{|l|l|l|l|}
\hline
\multicolumn {1}{|l|}{ Parameter}&
\multicolumn {1}{l|}{ Shark2}&
\multicolumn {1}{l|}{ Shark3}&
\multicolumn {1}{l|}{ Shark4} \\ \hline
Linux bridge & & & \\ %\hline
Name & vmbr0 & vmbr0 & vmbr0 \\ %\hline
IP address & 174.128.229.130 & 70.39.103.218 & 70.39.103.210 \\ %\hline
Subnet mask & 255.255.255.224 & 255.255.255.248 & 255.255.255.248 \\ %\hline
Gateway & 174.128.229.129 & 70.39.103.217 & 70.39.103.209 \\ %\hline
Bridge ports & enp2s0 & enp3s0 & enp3s0 \\ \hline
Network Device & & & \\ %\hline
Name & enp3s0 & enp4s0 & enp4s0 \\ %\hline
IP address & 10.2.2.2 & 10.2.2.3 & 10.2.2.4 \\ %\hline
Subnet mask & 255.255.255.0 & 255.255.255.0 & 255.255.255.0 \\ \hline
Network Device & & & \\ %\hline
Name & enp4s0 & enp5s0 & enp5s0 \\ %\hline
IP address & 10.99.99.2 & 10.99.99.3 & 10.99.99.4 \\ %\hline
Subnet mask & 255.255.255.0 & 255.255.255.0 & 255.255.255.0 \\ \hline
\end{tabular}
\begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth}|p{\SIPCCwidth}|p{\SIPCCwidth}|[2pt]}
\tabucline[2pt]{1-4}
\multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
\multicolumn {1}{l|}{\cellcolor{primary-brown} {Shark2}}&
\multicolumn {1}{l|}{\cellcolor{primary-brown} {Shark3}}&
\multicolumn {1}{l|[2pt]}{\cellcolor{primary-brown} {Shark4}} \\
\tabucline[2pt]{1-4}
\sharkIPConfigItem { Linux bridge }{}{}{}
\sharkIPConfigItem { Name }{ vmbr0 }{ vmbr0 }{ vmbr0 }
\sharkIPConfigItem { IP address }{ 174.128.229.130 }{ 70.39.103.218 }{ 70.39.103.210 }
\sharkIPConfigItem { Subnet mask }{ 255.255.255.224 }{ 255.255.255.248 }{ 255.255.255.248 }
\sharkIPConfigItem { Gateway }{ 174.128.229.129 }{ 70.39.103.217 }{ 70.39.103.209 }
\sharkIPConfigLastItem{ Bridge ports }{ enp2s0 }{ enp3s0 }{ enp3s0 }
\sharkIPConfigItem { Network Device }{}{}{}
\sharkIPConfigItem { Name }{ enp3s0 }{ enp4s0 }{ enp4s0 }
\sharkIPConfigItem { IP address }{ 10.2.2.2 }{ 10.2.2.3 }{ 10.2.2.4 }
\sharkIPConfigLastItem{ Subnet mask }{ 255.255.255.0 }{ 255.255.255.0 }{ 255.255.255.0 }
\sharkIPConfigItem { Network Device }{}{}{}
\sharkIPConfigItem { Name }{ enp4s0 }{ enp5s0 }{ enp5s0 }
\sharkIPConfigItem { IP address }{ 10.99.99.2 }{ 10.99.99.3 }{ 10.99.99.4 }
\sharkIPConfigLastItem{ Subnet mask }{ 255.255.255.0 }{ 255.255.255.0 }{ 255.255.255.0 }
\end{tabu}
\end{table}
\newpage
\includescreen{shark2/22.png}{Browse shark2 Network}{}
%\includescreen{shark2/23.png}{Browse shark2 node}{}
\includescreen{shark2/24.png}{Restart shark2 node}{}

62
source/History.tex
Unescape View File

@ -0,0 +1,62 @@
%
% History.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{History}
\subsection{Cluster Evolution}
Forksand started deployment on dedicated servers.
\vspace{0.6cm}
First stage. Exclusively dedicated servers (deprecated)
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-1-dedicated-vlan.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Second stage. Dedicated servers along with a colocation
cabinet. Flat hierarchy. (deprecated)
\vspace{0.1cm}
In progress, services were being migrated one after another to
a colocation instance. On the next stage hierarchy becomes vertical. \\
\vspace{0.1cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-2-mixed-vlan.pdf} \\ %
%
\raggedright
Third stage. Dedicated servers buffered by
a colocation cabinet. Vertical hierarchy. (deprecated)
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-3-colo-dedicated.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Fourth stage. Dedicated servers discarded.
Colocation cabinet buffered only with a firewall. (current)
\vspace{0.4cm}
\centering
\includegraphics[width=115mm,trim=20mm 20mm 20mm 20mm]
{sharkfork-cabling-4-final-colocation.pdf} \\ %
%
\vspace{0.2cm}
\raggedright
Final stage. Firewall discarded. Single colocation cabinet. (in process)
\vspace{0.4cm}
\centering
%\includegraphics[width=115mm,trim=10mm 10mm 10mm 10mm]
%{sharkfork-cabling-4-single-colocation.pdf} \\ %
%
\raggedright

6
source/Software-daemons.tex
Unescape View File

@ -208,11 +208,9 @@ address 5.152.179.226
netmask 255.255.255.0
gateway 5.152.179.1
\end{minted}
\subsection{Install Firewall}\label{ssec:nextcloudfirewall}
\url{https://wiki.debian.org/iptables}
\begin{minted}{sh}
# Install Firewall
# =============
# https://wiki.debian.org/iptables
#Create /etc/iptables.up.rules and /etc/network/if-pre-up.d/iptables
touch /etc/iptables.up.rules /etc/network/if-pre-up.d/iptables
/etc/iptables.test.rules

26
source/Source-gen.tex
Unescape View File

@ -2,7 +2,7 @@
\texttt{SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855}
\inputminted{sh}{resources/SHA256SUM}
\section{\texttt{STATS}}
\texttt{SHA256: adadaa5e46ade71aa99d833d7cf64cf012501c8b7a6f6c15a3563f6ceeffa9c6}
\texttt{SHA256: b5fd0d24673c05a70026ca4db2576a80f8e8b4740e4558f29c63194a4ae58829}
\inputminted{sh}{resources/STATS}
\section{\texttt{apps/ansible-debian-mail/ansible.cfg}}
\texttt{SHA256: 5c5bbe341a18319f6f24033c4f63fc5f1594469b4f2cfbb991ec596fd30e9a3b}
@ -148,9 +148,6 @@
\section{\texttt{apps/ansible-gitea/roles/gitea/templates/gitea.service.j2}}
\texttt{SHA256: 0acbfe01156c9e39ee71a4fc64310ab003f09bfcf544df00b1f3cff010ed8f38}
\inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.service.j2}
\section{\texttt{apps/ansible-gitea/roles/gitea/.DS\char`_Store}}
\texttt{SHA256: e97bff48aa282aacf1c59c754a7b9adfe56120c4cb1545a7488f03fee9f4e479}
\inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/.DS_Store}
\section{\texttt{apps/ansible-gitea/roles/nginx/defaults/main.yml}}
\texttt{SHA256: 20c921226115e5a92309d543b66066438e6565bdbd054e7ca41d0fc6ddcfcd9a}
\inputminted{sh}{resources/apps/ansible-gitea/roles/nginx/defaults/main.yml}
@ -169,24 +166,9 @@
\section{\texttt{apps/ansible-gitea/site.yml}}
\texttt{SHA256: d74378b00af74eabe0cc11d0f0b1db5c902116c583216f14152d968e5a71e474}
\inputminted{sh}{resources/apps/ansible-gitea/site.yml}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-hk1-bootstrap}}
\texttt{SHA256: d3b370cdf087289f89c827aefaf1915c35843f01f9f2d8bbeb412184b2ce2fa6}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-hk1-bootstrap}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-hk2-bootstrap}}
\texttt{SHA256: d62d8c5f8269253f07bdd01abaf0653797627477827163625c9d2e3d207e27c8}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-hk2-bootstrap}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-hk3-bootstrap}}
\texttt{SHA256: 7d56b22aec7e53798e88d4a03d7e390393899e1a33e03da864c817bea83c86c8}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-hk3-bootstrap}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-shark4-bootstrap}}
\texttt{SHA256: 04a5efbe9a3809ac7050b727eb1d9b8f755b68dc44c990f71866422ff9bc5b15}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-shark4-bootstrap}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-the-bootstrap}}
\texttt{SHA256: cb61199026a4850f6beb9e3a2b9abcadd7f3d15c894c01060aadcc83bde25c96}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-the-bootstrap}
\section{\texttt{apps/forksand-nodes-bootstrap/forksand-truck-bootstrap}}
\texttt{SHA256: 0691270004a884d962e82f61bbce6ffd094653d7419b081099a9f180d456719a}
\inputminted{sh}{resources/apps/forksand-nodes-bootstrap/forksand-truck-bootstrap}
\section{\texttt{apps/iptables/etc/iptables}}
\texttt{SHA256: 825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889}
\inputminted{sh}{resources/apps/iptables/etc/iptables}
@ -232,12 +214,6 @@
\section{\texttt{apps/ssh/socks-proxy.sh}}
\texttt{SHA256: 646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf}
\inputminted{sh}{resources/apps/ssh/socks-proxy.sh}
\section{\texttt{apps/sunstone/etc/one/sunstone-logos.yaml}}
\texttt{SHA256: b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e}
\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-logos.yaml}
\section{\texttt{apps/sunstone/etc/one/sunstone-views.yaml}}
\texttt{SHA256: 34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f}
\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-views.yaml}
\section{\texttt{apps/yadifa-master/etc/yadifa/yadifad.conf}}
\texttt{SHA256: 1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8}
\inputminted{sh}{resources/apps/yadifa-master/etc/yadifa/yadifad.conf}

29
source/forksand-it-manual.tex
Unescape View File

@ -102,7 +102,21 @@ leftmargin=1cm,rightmargin=1cm
% http://mirrors.ctan.org/macros/latex/contrib/fontspec/fontspec.pdf
\usepackage{fontspec}
\defaultfontfeatures{Ligatures=TeX} % To support LaTeX quoting style
\setmainfont{lmroman12-regular.otf}
\setmainfont{lmroman12}[
Extension=.otf ,
UprightFont = *-regular ,
SmallCapsFont = *-regular ,
BoldFont = *-bold ,
BoldItalicFont = *-bold ,
BoldSlantedFont = *-italic ,
ItalicFont = *-italic ,
SlantedFont = *-italic
%,
%SmallCapsFeatures = {Letters=SmallCaps}
,
SlantedFeatures = {FakeSlant,Colour=FF0000}
]
\usepackage[normalem]{ulem} % underline
@ -186,7 +200,7 @@ leftmargin=1cm,rightmargin=1cm
\makeoddfoot{aocstyle}{}{\thepage}{}
%%% END forksand-it-manual PAGE STYLE %%%
%%% forksand-it-manualSKI CHAPTER STYLE %%%
%%% forksand-it-manual SKI CHAPTER STYLE %%%
\makechapterstyle{aocski}{%
\renewcommand*{\printchaptername}{} % Clear out the chapter name (e.g. capítulo)
\renewcommand*{\printchapternum}{} % Clear out the chapter number
@ -197,7 +211,7 @@ leftmargin=1cm,rightmargin=1cm
\renewcommand*{\afterchaptertitle}{\vskip\onelineskip \hrule\vskip
\afterchapskip}
}
%%% END forksand-it-manualSKI CHAPTER STYLE %%%
%%% END forksand-it-manual SKI CHAPTER STYLE %%%
%%% FORMATTING... %%%
\midsloppy
@ -265,7 +279,10 @@ leftmargin=1cm,rightmargin=1cm
\pagenumbering*{arabic}
%%% TABLE OF CONTENTS %%%
{\fontspec{lmroman12-regular.otf}
{
\fontspec{lmroman12-regular.otf}[
BoldFont = lmroman12-regular.otf
]
\maxtocdepth{subsection}
\settocdepth{subsection}
%\setsecnumdepth{subsection}
@ -339,7 +356,6 @@ leftmargin=1cm,rightmargin=1cm
%%% END CHAPTER CONFIG %%%
%%% FRONTMATTER CHAPTERS %%%
\fontspec{lmroman12-regular.otf}
% Format:
% \chapterconf{Name of file to include}{Title of Chapter}
@ -353,7 +369,6 @@ leftmargin=1cm,rightmargin=1cm
%% MAINMATTER CHAPTERS %%%
% Default chapter font
\fontspec{lmroman12-regular.otf}
% Format:
% \chapterconf{Name of file to include}{Title of Chapter}{Subtitle}
@ -371,6 +386,7 @@ leftmargin=1cm,rightmargin=1cm
\chapterconf{DNS}{Domain Name Service (DNS)}{Who Names You?}
\chapterconf{NTP}{Network Time Protocol}{A Hole in Time}
\chapterconf{Firmware}{Firmware}{Embedded Software}
\chapterconf{History}{History}{Evolution History}
%%% Appendix %%%
%\part{Appendix} % XXX
\appendix
@ -411,7 +427,6 @@ leftmargin=1cm,rightmargin=1cm
\endgroup
\pagebreak{}
\thispagestyle{empty}
\fontspec{lmroman12-regular.otf}
{\include{Colophon}}
%%% END COLOPHON %%%

BIN
source/lmroman12-bold.otf
View File

Binary file not shown.

BIN
source/lmroman12-italic.otf
View File

Binary file not shown.

10
source/resources/SHA256SUM
Unescape View File

@ -1,5 +1,5 @@
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ./SHA256SUM
adadaa5e46ade71aa99d833d7cf64cf012501c8b7a6f6c15a3563f6ceeffa9c6 ./STATS
b5fd0d24673c05a70026ca4db2576a80f8e8b4740e4558f29c63194a4ae58829 ./STATS
5c5bbe341a18319f6f24033c4f63fc5f1594469b4f2cfbb991ec596fd30e9a3b ./apps/ansible-debian-mail/ansible.cfg
b5f417e155b47834e49be9243ba776a6516c56c3ed0121d2bc4d022d5acacd87 ./apps/ansible-debian-mail/group_vars/all.yml
cc816d03579097542ca85c188995a412d619c08c84bf3dfef73191fc5cc05b54 ./apps/ansible-debian-mail/inventory.yml
@ -48,19 +48,13 @@ cc816d03579097542ca85c188995a412d619c08c84bf3dfef73191fc5cc05b54 ./apps/ansible
bc5f081dfd51f5c920c8dda1873560a2602204dd9d28a881238fd66e22437c2d ./apps/ansible-gitea/roles/gitea/tasks/main.yml
c8be571f2f2407240bc88997aedf70c9230554a65132ebab9a1ee0d4296ff9d3 ./apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2
0acbfe01156c9e39ee71a4fc64310ab003f09bfcf544df00b1f3cff010ed8f38 ./apps/ansible-gitea/roles/gitea/templates/gitea.service.j2
e97bff48aa282aacf1c59c754a7b9adfe56120c4cb1545a7488f03fee9f4e479 ./apps/ansible-gitea/roles/gitea/.DS_Store
20c921226115e5a92309d543b66066438e6565bdbd054e7ca41d0fc6ddcfcd9a ./apps/ansible-gitea/roles/nginx/defaults/main.yml
5a3990dbfb331c83fbbff76368a2426ae03d34052454aa6676f52b7e4652d561 ./apps/ansible-gitea/roles/nginx/handlers/main.yml
5232d5b0894c1e6a3da8472591ef49e9c80e927cdbec626c15c9e1a9796729a8 ./apps/ansible-gitea/roles/nginx/tasks/main.yml
1ecb64716e6674eb30a145c79859774cc5772304828553474c05820a2151ff3b ./apps/ansible-gitea/roles/nginx/templates/nginx.conf.j2
4d7edebbe48f20aeeb49599d32fc5531db943cbf43d7e9995674c180b56f2e77 ./apps/ansible-gitea/roles/nginx/templates/nginxssl.conf.j2
d74378b00af74eabe0cc11d0f0b1db5c902116c583216f14152d968e5a71e474 ./apps/ansible-gitea/site.yml
d3b370cdf087289f89c827aefaf1915c35843f01f9f2d8bbeb412184b2ce2fa6 ./apps/forksand-nodes-bootstrap/forksand-hk1-bootstrap
d62d8c5f8269253f07bdd01abaf0653797627477827163625c9d2e3d207e27c8 ./apps/forksand-nodes-bootstrap/forksand-hk2-bootstrap
7d56b22aec7e53798e88d4a03d7e390393899e1a33e03da864c817bea83c86c8 ./apps/forksand-nodes-bootstrap/forksand-hk3-bootstrap
04a5efbe9a3809ac7050b727eb1d9b8f755b68dc44c990f71866422ff9bc5b15 ./apps/forksand-nodes-bootstrap/forksand-shark4-bootstrap
cb61199026a4850f6beb9e3a2b9abcadd7f3d15c894c01060aadcc83bde25c96 ./apps/forksand-nodes-bootstrap/forksand-the-bootstrap
0691270004a884d962e82f61bbce6ffd094653d7419b081099a9f180d456719a ./apps/forksand-nodes-bootstrap/forksand-truck-bootstrap
825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889 ./apps/iptables/etc/iptables
4b50c760daa85619a74f1c635b26807fcc7f8bedb90bd22893de8c98f3d78ff1 ./apps/iptables/etc/iptables.test.rules
acb247e6caa20a6e5cac57de3137a6bd561f810e4b92d2e32d31064e4e998720 ./apps/oca-forksand-v1_1/README.rst
@ -76,8 +70,6 @@ a149aa2a11f17a20eda8f32e2ef5b34e403b772d53f1dcd2a62bd44b166c2122 ./apps/oca/lib
eec3af072498c00dd207f85d05de93ae81b4a0a6f4d31aa6b1dfb31af84eb07f ./apps/odoo/odoo11-deb-install.sh
8e0ee0af15f20e6a5120f9bca4b073532002f8d309dc365c64734b111c03ae4e ./apps/ssh/socks-chain.sh
646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf ./apps/ssh/socks-proxy.sh
b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e ./apps/sunstone/etc/one/sunstone-logos.yaml
34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f ./apps/sunstone/etc/one/sunstone-views.yaml
1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8 ./apps/yadifa-master/etc/yadifa/yadifad.conf
e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830 ./apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone
705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186 ./apps/yadifa-slave/etc/yadifa/yadifad.conf

4
source/resources/STATS
Unescape View File

@ -1,2 +1,2 @@
There are 86 source code files included.
There are 83 unique files.
There are 78 source code files included.
There are 75 unique files.

329
source/resources/apps/forksand-nodes-bootstrap/forksand-hk1-bootstrap
Unescape View File

@ -1,329 +0,0 @@
#!/bin/bash
# forksand-bootstrap-hk1
# GPLv3+
# This script does some initial setup and config
# Sets up Proxmox.
# Log script
exec > >(tee /root/bootstrap-hk1.log) 2>/root/bootstrap-hk1.err
set -x
# Set locale
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
update-locale
# XXX Set timezone
ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# Set up git for tracking. XXX Ansible... XXX
apt-get -y install git sudo
cd /etc
git init
chmod og-rwx /etc/.git
cat > /etc/.gitignore <<EOF
prelink.cache
*.swp
ld.so.cache
adjtime
blkid.tab
blkid.tab.old
mtab
resolv.conf
asound.state
mtab.fuselock
aliases.db
EOF
git config --global user.name "debian"
git config --global user.email git@localhost
cd /etc ; git add . ; git commit -a -m 'Set up new Debian Stretch hk1 server.'
# SET UP APT
#
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.kernel.org/debian/ stretch-backports main
deb http://mirrors.kernel.org/debian/ stretch main
deb http://mirrors.kernel.org/debian/ stretch-updates main
deb http://security.debian.org/ stretch/updates main
EOF
# Make apt use IPv4:
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
git add /etc/apt/apt.conf.d/99force-ipv4
git commit -m "Force APT to use IPv4, not IPv6." /etc/apt/apt.conf.d/99force-ipv4
cd /etc ; git add . ; git commit -a -m 'Set up apt.'
# UPGRADE SERVER
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
cd /etc ; git add . ; git commit -a -m 'Update base install'
apt-get -y --download-only install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confnew" \
install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
cd /etc ; git add . ; git commit -a -m 'Install base packages'
# Speed up
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils
/etc/init.d/cpufrequtils restart
cd /etc ; git add . ; git commit -a -m 'Set up cpufrequtils'
# Small user tweaks
echo :syntax on > ~/.vimrc
echo :syntax on > /home/jebba/.vimrc
chown jebba:jebba /home/jebba/.vimrc
echo export EDITOR=vi >> /root/.bashrc
# XXX Passwordless sudo XXX Ya, probably remove
sed -i -e 's/%sudo\tALL=(ALL:ALL) ALL/%sudo ALL=(ALL) NOPASSWD: ALL/g' /etc/sudoers
adduser jebba sudo
cd /etc ; git add . ; git commit -a -m 'Set up passwordless sudo'
# SSH config XXX sed cruft
sed -i \
-e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' \
-e 's/\#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' \
-e 's/\#PasswordAuthentication yes/PasswordAuthentication no/g' \
-e 's/\#X11Forwarding yes/X11Forwarding no/g' \
/etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
echo 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr' >> /etc/ssh/sshd_config
# Need to update/fix for Debian Buster (testing/10). This line breaks Buster:
#echo 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com' >> /etc/ssh/sshd_config
# XXX Add admins as only allowed ssh users
# XXX add user for ansbile
echo "AllowUsers jebba root" >> /etc/ssh/sshd_config
cd /etc ; git add . ; git commit -a -m 'Set up sshd'
systemctl restart sshd
# Startup XXX disable unneeded.
for i in rsync exim4 saned
do echo $i
/usr/sbin/update-rc.d $i disable
done
# XXX KILL THIS, listening on public port (firewalled, but still):
# tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 296/systemd-resolve
cd /etc ; git add . ; git commit -a -m 'Turn off junk on boot'
# GRUB
sed -i -e 's/^GRUB_TIMEOUT=5/GRUB_TIMEOUT=4/g' /etc/default/grub
sed -i -e 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cd /etc ; git add . ; git commit -a -m 'GRUB tweaks'
# Fix network to come up on boot
sed -i -e 's/allow-hotplug/auto/g' /etc/network/interfaces
cd /etc ; git add . ; git commit -a -m 'Auto start network'
# XXX not sure why this is getting installed:
apt-get -y autoremove
apt-get -y remove os-prober
# Proxmox
#cat > /etc/apt/sources.list.d/pve-enterprise.list<<EOF
##deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
#EOF
cat > /etc/apt/sources.list.d/pve-no-subscription.list<<EOF
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
EOF
# Add Proxmox enterprise key XXX Add key
#cat > /etc/apt/auth.conf<<EOF
#machine enterprise.proxmox.com
# login pve2s-0000000000
# password 00000000000000000000000000000000
#EOF
# XXX crufty add proxmox apt key
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
apt-get -y \
install \
ksm-control-daemon \
omping \
proxmox-ve
cd /etc ; git add . ; git commit -a -m 'Install Proxmox'
apt clean
exit 0
# Run this on workstation:
# ssh -N -C -L 8201:localhost:8006 hk1
# firefox https://localhost:8201
# Login as root user via PAM
# Set up Enterprise Key, if used
#
#
cd /etc ; git add . ; git commit -a -m 'Initial Proxmox configuration'
#
#
# XXX Set up vmbr0 via web interface.
#
# Netwok
# hk1 (host) --> System --> Network
# Fix subnet mask, IP in web gui.
# Create --> Linux Bridge:
# vmbr0
# XXX best way for this server? No subnet.
#
# Set up ethernet ports
# XXX check name Disable enp2s0 (Autostart no)
# set up vmbr0 to the main IP, gateway, etc.
# Create Linux Bridge in web interface
# vmbr0
#XXX THIS ISN'T CORRECT IP
# 174.128.229.130/27
# 255.255.255.224
# Autostart
# VLAN Aware
# Bridge: enp2s0
# Comment Main bridge
#
# Set up 10.2.2.0 and 10.99.99.0 networks statically
# on secondary ethernet interfaces
# Reboot! hk1 (host) --> Restart
# Configure Corosync
# Set up hosts
# XXX MAKE SURE NEW NODES GET ADDED TO EXISTING SERVER /etc/hosts
echo "10.3.3.1 hk1-coro" >> /etc/hosts
echo "10.3.3.2 hk2-coro" >> /etc/hosts
echo "10.3.3.3 hk3-coro" >> /etc/hosts
echo "10.88.88.1 hk2-fs" >> /etc/hosts
echo "10.88.88.2 hk2-fs" >> /etc/hosts
echo "10.88.88.3 hk3-fs" >> /etc/hosts
# Test cluster ping
for i in hk1-coro hk2-coro hk3-coro
do ping -q -c1 $i
done
# Test ssh
for i in hk1-coro hk2-coro hk3-coro
do ssh $i hostname
done
# ssh via IP
for i in 10.2.2.3
do ssh $i hostname
done
# Note this is needed on at least one of the SharkTech servers or
# you get bad UDP checksums
# Also set to correct ethernet device
# XXX CHECK
ethtool -K enp3s0 gso off
ethtool --offload enp3s0 rx off tx off
ethtool -K enp4s0 gso off
ethtool --offload enp4s0 rx off tx off
# Run this on just one node, hk1, to get the cluster started
pvecm create hkfork --bindnet0_addr 10.2.2.1 --ring0_addr hk1-coro
# Run this on hk3
#pvecm add 10.2.2.1 --ring0_addr hk3-coro
pvecm status
pvecm nodes
# rebootz ?
# After Cluster is Configured
# ===========================
# Data Center --> Permissions --> Users
# Add user with Realm Proxmox VE authentication server.
# Give user root permissions: Datacenter --> Permissions --> Add --> User permission.
# Path: / User: j Role: Administrator
# XXX Or create admin group, add perms to that...
# Permissions --> Authentication. Set Proxmox VE authentication server to default.
# Storage
# Datacenter --> Storage --> Edit local. Enable all content (add VZDump)
#
# DNS
# hk1 (host) --> System --> DNS
# Add servers:
# 208.67.222.222 208.67.220.220 37.235.1.174
#

329
source/resources/apps/forksand-nodes-bootstrap/forksand-hk2-bootstrap
Unescape View File

@ -1,329 +0,0 @@
#!/bin/bash
# forksand-bootstrap-hk2
# GPLv3+
# This script does some initial setup and config
# Sets up Proxmox.
# Log script
exec > >(tee /root/bootstrap-hk2.log) 2>/root/bootstrap-hk2.err
set -x
# Set locale
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
update-locale
# XXX Set timezone
ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# Set up git for tracking. XXX Ansible... XXX
apt-get -y install git sudo
cd /etc
git init
chmod og-rwx /etc/.git
cat > /etc/.gitignore <<EOF
prelink.cache
*.swp
ld.so.cache
adjtime
blkid.tab
blkid.tab.old
mtab
resolv.conf
asound.state
mtab.fuselock
aliases.db
EOF
git config --global user.name "debian"
git config --global user.email git@localhost
cd /etc ; git add . ; git commit -a -m 'Set up new Debian Stretch hk2 server.'
# SET UP APT
#
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.kernel.org/debian/ stretch-backports main
deb http://mirrors.kernel.org/debian/ stretch main
deb http://mirrors.kernel.org/debian/ stretch-updates main
deb http://security.debian.org/ stretch/updates main
EOF
# Make apt use IPv4:
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
git add /etc/apt/apt.conf.d/99force-ipv4
git commit -m "Force APT to use IPv4, not IPv6." /etc/apt/apt.conf.d/99force-ipv4
cd /etc ; git add . ; git commit -a -m 'Set up apt.'
# UPGRADE SERVER
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
cd /etc ; git add . ; git commit -a -m 'Update base install'
apt-get -y --download-only install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confnew" \
install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
cd /etc ; git add . ; git commit -a -m 'Install base packages'
# Speed up
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils
/etc/init.d/cpufrequtils restart
cd /etc ; git add . ; git commit -a -m 'Set up cpufrequtils'
# Small user tweaks
echo :syntax on > ~/.vimrc
echo :syntax on > /home/jebba/.vimrc
chown jebba:jebba /home/jebba/.vimrc
echo export EDITOR=vi >> /root/.bashrc
# XXX Passwordless sudo XXX Ya, probably remove
sed -i -e 's/%sudo\tALL=(ALL:ALL) ALL/%sudo ALL=(ALL) NOPASSWD: ALL/g' /etc/sudoers
adduser jebba sudo
cd /etc ; git add . ; git commit -a -m 'Set up passwordless sudo'
# SSH config XXX sed cruft
sed -i \
-e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' \
-e 's/\#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' \
-e 's/\#PasswordAuthentication yes/PasswordAuthentication no/g' \
-e 's/\#X11Forwarding yes/X11Forwarding no/g' \
/etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
echo 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr' >> /etc/ssh/sshd_config
# Need to update/fix for Debian Buster (testing/10). This line breaks Buster:
#echo 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com' >> /etc/ssh/sshd_config
# XXX Add admins as only allowed ssh users
# XXX add user for ansbile
echo "AllowUsers jebba root" >> /etc/ssh/sshd_config
cd /etc ; git add . ; git commit -a -m 'Set up sshd'
systemctl restart sshd
# Startup XXX disable unneeded.
for i in rsync exim4 saned
do echo $i
/usr/sbin/update-rc.d $i disable
done
# XXX KILL THIS, listening on public port (firewalled, but still):
# tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 296/systemd-resolve
cd /etc ; git add . ; git commit -a -m 'Turn off junk on boot'
# GRUB
sed -i -e 's/^GRUB_TIMEOUT=5/GRUB_TIMEOUT=4/g' /etc/default/grub
sed -i -e 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cd /etc ; git add . ; git commit -a -m 'GRUB tweaks'
# Fix network to come up on boot
sed -i -e 's/allow-hotplug/auto/g' /etc/network/interfaces
cd /etc ; git add . ; git commit -a -m 'Auto start network'
# XXX not sure why this is getting installed:
apt-get -y autoremove
apt-get -y remove os-prober
# Proxmox
#cat > /etc/apt/sources.list.d/pve-enterprise.list<<EOF
##deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
#EOF
cat > /etc/apt/sources.list.d/pve-no-subscription.list<<EOF
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
EOF
# Add Proxmox enterprise key XXX Add key
#cat > /etc/apt/auth.conf<<EOF
#machine enterprise.proxmox.com
# login pve2s-0000000000
# password 00000000000000000000000000000000
#EOF
# XXX crufty add proxmox apt key
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
apt-get -y \
install \
ksm-control-daemon \
omping \
proxmox-ve
cd /etc ; git add . ; git commit -a -m 'Install Proxmox'
apt clean
exit 0
# Run this on workstation:
# ssh -N -C -L 8202:localhost:8006 hk2
# firefox https://localhost:8202
# Login as root user via PAM
# Set up Enterprise Key, if used
#
#
cd /etc ; git add . ; git commit -a -m 'Initial Proxmox configuration'
#
#
# XXX Set up vmbr0 via web interface.
#
# Netwok
# hk2 (host) --> System --> Network
# Fix subnet mask, IP in web gui.
# Create --> Linux Bridge:
# vmbr0
# XXX best way for this server? No subnet.
#
# Set up ethernet ports
# XXX check name Disable enp2s0 (Autostart no)
# set up vmbr0 to the main IP, gateway, etc.
# Create Linux Bridge in web interface
# vmbr0
#XXX THIS ISN'T CORRECT IP
# 174.128.229.130/27
# 255.255.255.224
# Autostart
# VLAN Aware
# Bridge: enp2s0
# Comment Main bridge
#
# Set up 10.2.2.0 and 10.99.99.0 networks statically
# on secondary ethernet interfaces
# Reboot! hk2 (host) --> Restart
# Configure Corosync
# Set up hosts
# XXX MAKE SURE NEW NODES GET ADDED TO EXISTING SERVER /etc/hosts
echo "10.3.3.1 hk1-coro" >> /etc/hosts
echo "10.3.3.2 hk2-coro" >> /etc/hosts
echo "10.3.3.3 hk3-coro" >> /etc/hosts
echo "10.88.88.1 hk2-fs" >> /etc/hosts
echo "10.88.88.2 hk2-fs" >> /etc/hosts
echo "10.88.88.3 hk3-fs" >> /etc/hosts
# Test cluster ping
for i in hk1-coro hk2-coro hk3-coro
do ping -q -c1 $i
done
# Test ssh
for i in hk1-coro hk2-coro hk3-coro
do ssh $i hostname
done
# ssh via IP
for i in 10.2.2.3
do ssh $i hostname
done
# Note this is needed on at least one of the SharkTech servers or
# you get bad UDP checksums
# Also set to correct ethernet device
# XXX CHECK
ethtool -K enp3s0 gso off
ethtool --offload enp3s0 rx off tx off
ethtool -K enp4s0 gso off
ethtool --offload enp4s0 rx off tx off
# Run this on just one node, hk1, to get the cluster started
#pvecm create hkfork --bindnet0_addr 10.2.2.1 --ring0_addr hk1-coro
# Run this on hk2
pvecm add 10.2.2.1 --ring0_addr hk1-coro
pvecm status
pvecm nodes
# rebootz ?
# After Cluster is Configured
# ===========================
# Data Center --> Permissions --> Users
# Add user with Realm Proxmox VE authentication server.
# Give user root permissions: Datacenter --> Permissions --> Add --> User permission.
# Path: / User: j Role: Administrator
# XXX Or create admin group, add perms to that...
# Permissions --> Authentication. Set Proxmox VE authentication server to default.
# Storage
# Datacenter --> Storage --> Edit local. Enable all content (add VZDump)
#
# DNS
# hk2 (host) --> System --> DNS
# Add servers:
# 208.67.222.222 208.67.220.220 37.235.1.174
#

329
source/resources/apps/forksand-nodes-bootstrap/forksand-hk3-bootstrap
Unescape View File

@ -1,329 +0,0 @@
#!/bin/bash
# forksand-bootstrap-hk3
# GPLv3+
# This script does some initial setup and config
# Sets up Proxmox.
# Log script
exec > >(tee /root/bootstrap-hk3.log) 2>/root/bootstrap-hk3.err
set -x
# Set locale
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
update-locale
# XXX Set timezone
ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# Set up git for tracking. XXX Ansible... XXX
apt-get -y install git sudo
cd /etc
git init
chmod og-rwx /etc/.git
cat > /etc/.gitignore <<EOF
prelink.cache
*.swp
ld.so.cache
adjtime
blkid.tab
blkid.tab.old
mtab
resolv.conf
asound.state
mtab.fuselock
aliases.db
EOF
git config --global user.name "debian"
git config --global user.email git@localhost
cd /etc ; git add . ; git commit -a -m 'Set up new Debian Stretch hk3 server.'
# SET UP APT
#
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.kernel.org/debian/ stretch-backports main
deb http://mirrors.kernel.org/debian/ stretch main
deb http://mirrors.kernel.org/debian/ stretch-updates main
deb http://security.debian.org/ stretch/updates main
EOF
# Make apt use IPv4:
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
git add /etc/apt/apt.conf.d/99force-ipv4
git commit -m "Force APT to use IPv4, not IPv6." /etc/apt/apt.conf.d/99force-ipv4
cd /etc ; git add . ; git commit -a -m 'Set up apt.'
# UPGRADE SERVER
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
cd /etc ; git add . ; git commit -a -m 'Update base install'
apt-get -y --download-only install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confnew" \
install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
postfix \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
cd /etc ; git add . ; git commit -a -m 'Install base packages'
# Speed up
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils
/etc/init.d/cpufrequtils restart
cd /etc ; git add . ; git commit -a -m 'Set up cpufrequtils'
# Small user tweaks
echo :syntax on > ~/.vimrc
echo :syntax on > /home/jebba/.vimrc
chown jebba:jebba /home/jebba/.vimrc
echo export EDITOR=vi >> /root/.bashrc
# XXX Passwordless sudo XXX Ya, probably remove
sed -i -e 's/%sudo\tALL=(ALL:ALL) ALL/%sudo ALL=(ALL) NOPASSWD: ALL/g' /etc/sudoers
adduser jebba sudo
cd /etc ; git add . ; git commit -a -m 'Set up passwordless sudo'
# SSH config XXX sed cruft
sed -i \
-e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' \
-e 's/\#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' \
-e 's/\#PasswordAuthentication yes/PasswordAuthentication no/g' \
-e 's/\#X11Forwarding yes/X11Forwarding no/g' \
/etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
echo 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr' >> /etc/ssh/sshd_config
# Need to update/fix for Debian Buster (testing/10). This line breaks Buster:
#echo 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com' >> /etc/ssh/sshd_config
# XXX Add admins as only allowed ssh users
# XXX add user for ansbile
echo "AllowUsers jebba root" >> /etc/ssh/sshd_config
cd /etc ; git add . ; git commit -a -m 'Set up sshd'
systemctl restart sshd
# Startup XXX disable unneeded.
for i in rsync exim4 saned
do echo $i
/usr/sbin/update-rc.d $i disable
done
# XXX KILL THIS, listening on public port (firewalled, but still):
# tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 296/systemd-resolve
cd /etc ; git add . ; git commit -a -m 'Turn off junk on boot'
# GRUB
sed -i -e 's/^GRUB_TIMEOUT=5/GRUB_TIMEOUT=4/g' /etc/default/grub
sed -i -e 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cd /etc ; git add . ; git commit -a -m 'GRUB tweaks'
# Fix network to come up on boot
sed -i -e 's/allow-hotplug/auto/g' /etc/network/interfaces
cd /etc ; git add . ; git commit -a -m 'Auto start network'
# XXX not sure why this is getting installed:
apt-get -y autoremove
apt-get -y remove os-prober
# Proxmox
#cat > /etc/apt/sources.list.d/pve-enterprise.list<<EOF
##deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
#EOF
cat > /etc/apt/sources.list.d/pve-no-subscription.list<<EOF
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
EOF
# Add Proxmox enterprise key XXX Add key
#cat > /etc/apt/auth.conf<<EOF
#machine enterprise.proxmox.com
# login pve2s-0000000000
# password 00000000000000000000000000000000
#EOF
# XXX crufty add proxmox apt key
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
apt-get -y \
install \
ksm-control-daemon \
omping \
proxmox-ve
cd /etc ; git add . ; git commit -a -m 'Install Proxmox'
apt clean
exit 0
# Run this on workstation:
# ssh -N -C -L 8203:localhost:8006 hk3
# firefox https://localhost:8203
# Login as root user via PAM
# Set up Enterprise Key, if used
#
#
cd /etc ; git add . ; git commit -a -m 'Initial Proxmox configuration'
#
#
# XXX Set up vmbr0 via web interface.
#
# Netwok
# hk3 (host) --> System --> Network
# Fix subnet mask, IP in web gui.
# Create --> Linux Bridge:
# vmbr0
# XXX best way for this server? No subnet.
#
# Set up ethernet ports
# XXX check name Disable enp2s0 (Autostart no)
# set up vmbr0 to the main IP, gateway, etc.
# Create Linux Bridge in web interface
# vmbr0
#XXX THIS ISN'T CORRECT IP
# 174.128.229.130/27
# 255.255.255.224
# Autostart
# VLAN Aware
# Bridge: enp2s0
# Comment Main bridge
#
# Set up 10.2.2.0 and 10.99.99.0 networks statically
# on secondary ethernet interfaces
# Reboot! hk3 (host) --> Restart
# Configure Corosync
# Set up hosts
# XXX MAKE SURE NEW NODES GET ADDED TO EXISTING SERVER /etc/hosts
echo "10.3.3.1 hk1-coro" >> /etc/hosts
echo "10.3.3.2 hk2-coro" >> /etc/hosts
echo "10.3.3.3 hk3-coro" >> /etc/hosts
echo "10.88.88.1 hk2-fs" >> /etc/hosts
echo "10.88.88.2 hk2-fs" >> /etc/hosts
echo "10.88.88.3 hk3-fs" >> /etc/hosts
# Test cluster ping
for i in hk1-coro hk2-coro hk3-coro
do ping -q -c1 $i
done
# Test ssh
for i in hk1-coro hk2-coro hk3-coro
do ssh $i hostname
done
# ssh via IP
for i in 10.2.2.3
do ssh $i hostname
done
# Note this is needed on at least one of the SharkTech servers or
# you get bad UDP checksums
# Also set to correct ethernet device
# XXX CHECK
ethtool -K enp3s0 gso off
ethtool --offload enp3s0 rx off tx off
ethtool -K enp4s0 gso off
ethtool --offload enp4s0 rx off tx off
# Run this on just one node, hk3, to get the cluster started
#pvecm create hkfork --bindnet0_addr 10.2.2.3 --ring0_addr hk3-coro
# Run this on hk3
pvecm add 10.2.2.1 --ring0_addr hk3-coro
pvecm status
pvecm nodes
# rebootz ?
# After Cluster is Configured
# ===========================
# Data Center --> Permissions --> Users
# Add user with Realm Proxmox VE authentication server.
# Give user root permissions: Datacenter --> Permissions --> Add --> User permission.
# Path: / User: j Role: Administrator
# XXX Or create admin group, add perms to that...
# Permissions --> Authentication. Set Proxmox VE authentication server to default.
# Storage
# Datacenter --> Storage --> Edit local. Enable all content (add VZDump)
#
# DNS
# hk3 (host) --> System --> DNS
# Add servers:
# 208.67.222.222 208.67.220.220 37.235.1.174
#

375
source/resources/apps/forksand-nodes-bootstrap/forksand-the-bootstrap
Unescape View File

@ -1,375 +0,0 @@
#!/bin/bash
# forksand-bootstrap-the
# GPLv3+
# This script does some initial setup and config
# Sets up Proxmox.
# IPv6 is left enabled.
# Firewalling is done through Proxmox.
# Edit below to add Proxmox Enterprise Key. XXX broken, use community repo.
# XXX set up hostname
# XXX set network to auto not hotplug XXX
# Log script
exec > >(tee /root/bootstrap-the.log) 2>/root/bootstrap-the.err
set -x
# Set locale
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
update-locale
# XXX Set timezone
ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# Set up git for tracking. XXX Ansible... XXX
echo 'Acquire::http::Proxy "http://192.168.110.72:3142";' > /etc/apt/apt.conf
apt-get -y install git sudo
cd /etc
git init
chmod og-rwx /etc/.git
cat > /etc/.gitignore <<EOF
prelink.cache
*.swp
ld.so.cache
adjtime
blkid.tab
blkid.tab.old
mtab
resolv.conf
asound.state
mtab.fuselock
aliases.db
EOF
git config --global user.name "debian"
git config --global user.email git@localhost
cd /etc ; git add . ; git commit -a -m 'Set up new Debian Stretch the server.'
# SET UP APT
#
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.kernel.org/debian/ stretch-backports main
deb http://mirrors.kernel.org/debian/ stretch main
deb http://mirrors.kernel.org/debian/ stretch-updates main
deb http://security.debian.org/ stretch/updates main
EOF
# Make apt use IPv4:
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
git add /etc/apt/apt.conf.d/99force-ipv4
git commit -m "Force APT to use IPv4, not IPv6." /etc/apt/apt.conf.d/99force-ipv4
cd /etc ; git add . ; git commit -a -m 'Set up apt.'
# UPGRADE SERVER
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
cd /etc ; git add . ; git commit -a -m 'Update base install'
# ZFS tools
modprobe zfs
apt-get -y --download-only install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
python3 \
rsync \
tcpdump \
telnet \
traceroute \
vim \
vim-scripts \
zfsutils-linux
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confnew" \
install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
python3 \
rsync \
tcpdump \
telnet \
traceroute \
vim \
vim-scripts \
zfsutils-linux
cd /etc ; git add . ; git commit -a -m 'Install base packages'
# Speed up
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils
/etc/init.d/cpufrequtils restart
cd /etc ; git add . ; git commit -a -m 'Set up cpufrequtils'
# Small user tweaks
echo :syntax on > ~/.vimrc
echo :syntax on > /home/jebba/.vimrc
chown jebba:jebba /home/jebba/.vimrc
echo export EDITOR=vi >> /root/.bashrc
# XXX Passwordless sudo XXX Ya, probably remove
sed -i -e 's/%sudo\tALL=(ALL:ALL) ALL/%sudo ALL=(ALL) NOPASSWD: ALL/g' /etc/sudoers
adduser jebba sudo
cd /etc ; git add . ; git commit -a -m 'Set up passwordless sudo'
# SSH config XXX sed cruft
sed -i \
-e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' \
-e 's/\#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' \
-e 's/\#PasswordAuthentication yes/PasswordAuthentication no/g' \
-e 's/\#X11Forwarding yes/X11Forwarding no/g' \
/etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
echo 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr' >> /etc/ssh/sshd_config
# Need to update/fix for Debian Buster (testing/10). This line breaks Buster:
#echo 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com' >> /etc/ssh/sshd_config
# XXX Add admins as only allowed ssh users
# XXX add user for ansbile
echo "AllowUsers jebba root" >> /etc/ssh/sshd_config
cd /etc ; git add . ; git commit -a -m 'Set up sshd'
systemctl restart sshd
# Startup XXX disable unneeded.
for i in rsync exim4 saned
do echo $i
/usr/sbin/update-rc.d $i disable
done
# XXX KILL THIS, listening on public port (firewalled, but still):
# tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 296/systemd-resolve
cd /etc ; git add . ; git commit -a -m 'Turn off junk on boot'
# GRUB
sed -i -e 's/^GRUB_TIMEOUT=5/GRUB_TIMEOUT=4/g' /etc/default/grub
sed -i -e 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cd /etc ; git add . ; git commit -a -m 'GRUB tweaks'
# Fix network to come up on boot
sed -i -e 's/allow-hotplug/auto/g' /etc/network/interfaces
cd /etc ; git add . ; git commit -a -m 'Auto start network'
# XXX not sure why this is getting installed:
apt-get -y autoremove
# Proxmox
#cat > /etc/apt/sources.list.d/pve-enterprise.list<<EOF
##deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
#EOF
cat > /etc/apt/sources.list.d/pve-no-subscription.list<<EOF
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
EOF
# Add Proxmox enterprise key XXX Add key
#cat > /etc/apt/auth.conf<<EOF
#machine enterprise.proxmox.com
# login pve2s-0000000000
# password 00000000000000000000000000000000
#EOF
# XXX crufty add proxmox apt key
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
apt-get -y \
install \
ksm-control-daemon \
omping \
proxmox-ve
cd /etc ; git add . ; git commit -a -m 'Install Proxmox'
apt clean
exit 0
cd /etc ; git add . ; git commit -a -m 'Initial Proxmox configuration'
#
# XXX use postfix not exim4
#
# Create --> Linux Bridge:
# vmbr0
# rebootz
#
# Set up templates
# Cluster Corosync
exit 0
echo "10.8.8.88 truck-coro" >> /etc/hosts
echo "10.8.8.90 swutch-coro" >> /etc/hosts
echo "10.8.8.87 wall-coro" >> /etc/hosts
echo "10.8.8.66 the-coro" >> /etc/hosts
echo "10.99.99.88 truck-fs" >> /etc/hosts
echo "10.99.99.90 swutch-fs" >> /etc/hosts
echo "10.99.99.87 wall-fs" >> /etc/hosts
echo "10.99.99.66 the-fs" >> /etc/hosts
# Test cluster ping
for i in truck-coro swutch-coro wall-coro the-coro
do ping -q -c1 $i
done
# more stuff
apt remove os-prober
# Disable enp3s0 (Autostart no)
#
# set up vmbr0 to the main IP, gateway, etc.
# Create Linux Bridge in web interface
# vmbr0
# 192.168.110.66
# 255.255.255.0
# Gateway 192.168.110.252
# Autostart
# VLAN Aware
# Bridge: enp3s0f1
# Comment Main bridge
# Set up corosync ethernet interfaces
# 10.8.8.66
# 255.255.255.0
# Autostart
# VLAN Aware
# Bridge enx000acd31ac3d
# Comment the-coro
# Set up ceph ethernet interfaces
# 10.99.99.66
# 255.255.255.0
# Autostart
# VLAN Aware
# Bridge enx000acd31ac3e
# Comment fs-coro
# rebooootz
# Add the to /etc/hosts on other servers:
10.8.8.66 the-coro
10.99.99.66 the-fs
# Add the the ssh key to ONE node
# Add truck, wall, swutch ssh keys to the
# Test flood multicast on private interface
omping -c 10000 -i 0.001 -F -q swutch-coro truck-coro the-coro wall-coro
# Ten minute test:
omping -c 600 -i 1 -q swutch-coro truck-coro wall-coro the-coro
# Set up ssh as root to/from all nodes
# Best way to do this ... XXX
echo "fookey" >> /root/.ssh/authorized_keys
# test SSH
/etc/init.d/ssh restart
for i in the wall truck swutch ;do ssh $i hostname ;done
for i in the-coro wall-coro truck-coro swutch-coro ;do ssh $i hostname ;done
for i in the-fs wall-fs truck-fs swutch-fs ;do ssh $i hostname ;done
# Run on the:
pvecm add 10.8.8.88 --ring0_addr the-coro
# If `tcpdump -vvv -i enp10s0` show bad udp checksums, run this:
# XXX ok on the, wall, swutch, truck
ethtool -K enp10s0 gso off
ethtool --offload enp10s0 rx off tx off
# Run on all nodes:
pveceph install --version luminous
# Then run on remaining nodes, the:
pveceph createmon
# On all nodes:
pveceph createmgr
# internal drives
# Create a GPT disklabel with fdisk
fdisk /dev/nvme0n1
# g
# w
pveceph createosd /dev/nvme0n1
# Create a GPT disklabel with fdisk
fdisk /dev/sda
# g
# w
pveceph createosd /dev/sda
#===================== XXX best way? XXX ====================
# XXX maybe not needed ?
# XXX actually, remove this and do no auth since it is private network.
mkdir /etc/pve/priv/ceph
cp -p /etc/pve/priv/ceph.client.admin.keyring /etc/pve/priv/ceph/my-ceph-storage.keyring
# Edit on just one node (shared on all)
vim /etc/pve/storage.cfg
# Do this instead of my-ceph-storage.keyring
# Edit on one node:
vim /etc/pve/ceph.conf
auth cluster required = none
auth service required = none
auth client required = none
# restart stuff
systemctl stop ceph\*.service ceph\*.target
mkdir /etc/pve/priv/ceph/old
mv /etc/pve/priv/ceph/*keyring /etc/pve/priv/ceph/old/
#===================== XXX best way? XXX ====================

393
source/resources/apps/forksand-nodes-bootstrap/forksand-truck-bootstrap
Unescape View File

@ -1,393 +0,0 @@
#!/bin/bash
# forksand-bootstrap-truck
# GPLv3+
# This script does some initial setup and config
# Sets up Proxmox.
# IPv6 is left enabled.
# Firewalling is done through Proxmox.
# Edit below to add Proxmox Enterprise Key. XXX broken, use community repo.
# XXX set up hostname
# XXX set network to auto not hotplug XXX
# Log script
exec > >(tee /root/bootstrap-truck.log) 2>/root/bootstrap-truck.err
set -x
# Set locale
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen
update-locale
# XXX Set timezone
ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# Set up git for tracking. XXX Ansible... XXX
echo 'Acquire::http::Proxy "http://192.168.110.72:3142";' > /etc/apt/apt.conf
apt-get -y install git sudo
cd /etc
git init
chmod og-rwx /etc/.git
cat > /etc/.gitignore <<EOF
prelink.cache
*.swp
ld.so.cache
adjtime
blkid.tab
blkid.tab.old
mtab
resolv.conf
asound.state
mtab.fuselock
aliases.db
EOF
git config --global user.name "debian"
git config --global user.email git@localhost
cd /etc ; git add . ; git commit -a -m 'Set up new Debian Stretch truck server.'
# SET UP APT
#
cat > /etc/apt/sources.list <<EOF
deb http://mirrors.kernel.org/debian/ stretch-backports main
deb http://mirrors.kernel.org/debian/ stretch main
deb http://mirrors.kernel.org/debian/ stretch-updates main
deb http://security.debian.org/ stretch/updates main
EOF
# Make apt use IPv4:
echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
git add /etc/apt/apt.conf.d/99force-ipv4
git commit -m "Force APT to use IPv4, not IPv6." /etc/apt/apt.conf.d/99force-ipv4
cd /etc ; git add . ; git commit -a -m 'Set up apt.'
# UPGRADE SERVER
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
cd /etc ; git add . ; git commit -a -m 'Update base install'
apt-get -y --download-only install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confnew" \
install \
--no-install-recommends \
apt-transport-https \
bzip2 \
ca-certificates \
colordiff \
cpufrequtils \
curl \
debian-archive-keyring \
exuberant-ctags \
git \
host \
less \
locales \
lsb-release \
man-db \
manpages \
molly-guard \
net-tools \
ntp \
openssh-server \
python3 \
rsync \
telnet \
traceroute \
vim \
vim-scripts
cd /etc ; git add . ; git commit -a -m 'Install base packages'
# Speed up
echo 'GOVERNOR="performance"' > /etc/default/cpufrequtils
/etc/init.d/cpufrequtils restart
cd /etc ; git add . ; git commit -a -m 'Set up cpufrequtils'
# Small user tweaks
echo :syntax on > ~/.vimrc
echo :syntax on > /home/jebba/.vimrc
chown jebba:jebba /home/jebba/.vimrc
echo export EDITOR=vi >> /root/.bashrc
# XXX Passwordless sudo XXX Ya, probably remove
sed -i -e 's/%sudo\tALL=(ALL:ALL) ALL/%sudo ALL=(ALL) NOPASSWD: ALL/g' /etc/sudoers
adduser jebba sudo
cd /etc ; git add . ; git commit -a -m 'Set up passwordless sudo'
# SSH config XXX sed cruft
sed -i \
-e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' \
-e 's/\#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' \
-e 's/\#PasswordAuthentication yes/PasswordAuthentication no/g' \
-e 's/\#X11Forwarding yes/X11Forwarding no/g' \
/etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' >> /etc/ssh/sshd_config
echo 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr' >> /etc/ssh/sshd_config
# Need to update/fix for Debian Buster (testing/10). This line breaks Buster:
#echo 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com' >> /etc/ssh/sshd_config
# XXX Add admins as only allowed ssh users
# XXX add user for ansbile
echo "AllowUsers jebba root" >> /etc/ssh/sshd_config
cd /etc ; git add . ; git commit -a -m 'Set up sshd'
systemctl restart sshd
# Startup XXX disable unneeded.
for i in rsync exim4 saned
do echo $i
/usr/sbin/update-rc.d $i disable
done
# XXX KILL THIS, listening on public port (firewalled, but still):
# tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 296/systemd-resolve
cd /etc ; git add . ; git commit -a -m 'Turn off junk on boot'
# GRUB
sed -i -e 's/^GRUB_TIMEOUT=5/GRUB_TIMEOUT=4/g' /etc/default/grub
sed -i -e 's/^#GRUB_TERMINAL=console/GRUB_TERMINAL=console/g' /etc/default/grub
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
update-grub
cd /etc ; git add . ; git commit -a -m 'GRUB tweaks'
# Fix network to come up on boot
sed -i -e 's/allow-hotplug/auto/g' /etc/network/interfaces
cd /etc ; git add . ; git commit -a -m 'Auto start network'
# XXX not sure why this is getting installed:
apt-get -y autoremove
# Proxmox
#cat > /etc/apt/sources.list.d/pve-enterprise.list<<EOF
##deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
#EOF
cat > /etc/apt/sources.list.d/pve-no-subscription.list<<EOF
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription
EOF
# Add Proxmox enterprise key XXX Add key
#cat > /etc/apt/auth.conf<<EOF
#machine enterprise.proxmox.com
# login pve2s-0000000000
# password 00000000000000000000000000000000
#EOF
# XXX crufty add proxmox apt key
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get -y dist-upgrade --download-only
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
apt-get -y \
install \
ksm-control-daemon \
proxmox-ve
cd /etc ; git add . ; git commit -a -m 'Install Proxmox'
apt clean
exit 0
# Run this on workstation:
# ssh -N -C -L 8008:localhost:8006 truck
# firefox https://localhost:8008
# Login as root user via PAM
# Set up Enterprise Key, if used
# Data Center --> Permissions --> Users
# Add user with Realm Proxmox VE authentication server.
# Give user root permissions: Datacenter --> Permissions --> Add --> User permission.
# Path: / User: j Role: Administrator
# XXX Or create admin group, add perms to that...
# Permissions --> Authentication. Set Proxmox VE authentication server to default.
#
# Enable firewall.
# Datacenter --> truck (host) --> Firewall --> Add.
# Open up for SSH and SSH alt port.
# Enable firewall for datacenter:
# Datacenter --> Firewall --> Options --> Firewall --> Yes
# Enable firewall for truck:
# Open up for SSH and SSH alt port.
# REJECT everything coming in. (then DROP)
# Reorder to ACCEPT SSH at top
#
cd /etc ; git add . ; git commit -a -m 'Initial Proxmox configuration'
#
# Reboot! truck (host) --> Restart
#
# XXX
# Datacenter --> Firewall --> Add.
# REJECT any in
#
# Storage
# Datacenter --> Storage --> Edit local. Enable all content (add VZDump)
#
# XXX postfix
#
# DNS
# truck (host) --> System --> DNS
# Add servers:
# 208.67.222.222 208.67.220.220 37.235.1.174
#
# Netwok
# truck (host) --> System --> Network
# Fix subnet mask, IP in web gui.
# Create --> Linux Bridge:
# vmbr0
# XXX best way for this server? No subnet.
#
# rebootz
#
# Set up templates
# XXX TOTAL MEH XXX
# add this to the workstation:
# 127.0.0.1 localhost truck-tun
# Run:
# ssh -N -C -L 8020:localhost:8006 truck
# Then use URLs
# https://truck-tun:8020
# Or you can only be logged into one at a time.
# XXX find better workaround
# Cluster Corosync
exit 0
echo "10.8.8.88 truck-coro" >> /etc/hosts
echo "10.8.8.90 swutch-coro" >> /etc/hosts
echo "10.8.8.87 wall-coro" >> /etc/hosts
echo "10.111.111.88 truck-fs" >> /etc/hosts
echo "10.111.111.90 swutch-fs" >> /etc/hosts
echo "10.111.111.87 wall-fs" >> /etc/hosts
# Test cluster ping
for i in truck-coro swutch-coro wall-coro
do ping -q -c1 $i
done
# more stuff
apt install postfix
apt remove os-prober
# Disable enp3s0 (Autostart no)
# set up vmbr0 to the main IP, gateway, etc.
# Create Linux Bridge in web interface
# vmbr0
# 192.168.55.88
# 255.255.255.0
# Autostart
# VLAN Aware
# Bridge: enp3s0
# Comment Main bridge
# Test flood multicast on private interface
omping -c 10000 -i 0.001 -F -q swutch-coro truck-coro wall-coro
# Ten minute test:
omping -c 600 -i 1 -q swutch-coro truck-coro wall-coro
# Set up ssh as root to/from all nodes
# Best way to do this ... XXX
echo "fookey" >> /root/.ssh/authorized_keys
for i in swutch-coro truck-coro wall-coro
do ssh $i hostname
done
# Run just on truck:
pvecm create red --bindnet0_addr 10.8.8.88 --ring0_addr truck-coro
# Run on wall:
pvecm add 10.8.8.88 --ring0_addr wall-coro
# Run on swutch:
pvecm add 10.8.8.88 --ring0_addr swutch-coro
# If `tcpdump -vvv -i enp10s0` show bad udp checksums, run this:
# XXX ok on truck, wall, swutch
ethtool -K enp10s0 gso off
ethtool --offload enp10s0 rx off tx off
# Setup 10.99.99.0/24 addresses for Ceph on enp16s0
# Run on all nodes:
pveceph install --version luminous
# Run just on one node (truck):
pveceph init --network 10.99.99.0/24
pveceph createmon
# Then run on remaining nodes (or via GUI)
pveceph createmon
# On all nodes:
pveceph createmr
# XXX missing ZFS tools
apt install zfsutils-linux
modprobe zfs
# Add USB drive to swutch and run on it:
# Create a GPT disklabel with fdisk
fdisk /dev/sdb
# g
# w
pveceph createosd /dev/sdb
# XXX actually, remove this and do no auth since it is private network.
mkdir /etc/pve/priv/ceph
cp -p /etc/pve/priv/ceph.client.admin.keyring /etc/pve/priv/ceph/my-ceph-storage.keyring
# Edit on just one node (shared on all)
vim /etc/pve/storage.cfg
# Do this instead of my-ceph-storage.keyring
# Edit on one node:
vim /etc/pve/ceph.conf
auth cluster required = none
auth service required = none
auth client required = none
# restart stuff
systemctl stop ceph\*.service ceph\*.target
mkdir /etc/pve/priv/ceph/old
mv /etc/pve/priv/ceph/*keyring /etc/pve/priv/ceph/old/

11
source/resources/apps/sunstone/etc/one/sunstone-logos.yaml
Unescape View File

@ -1,11 +0,0 @@
# You can add custom logos here, or disable any of the default ones commenting
# out its line
- { 'name': "Arch Linux", 'path': "images/logos/arch.png"}
- { 'name': "CentOS", 'path': "images/logos/centos.png"}
- { 'name': "Debian", 'path': "images/logos/debian.png"}
- { 'name': "Fedora", 'path': "images/logos/fedora.png"}
- { 'name': "Linux", 'path': "images/logos/linux.png"}
- { 'name': "Redhat", 'path': "images/logos/redhat.png"}
- { 'name': "Ubuntu", 'path': "images/logos/ubuntu.png"}
#- { 'name': "Windows XP/2003", 'path': "images/logos/windowsxp.png"}
#- { 'name': "Windows 8", 'path': "images/logos/windows8.png"}

18
source/resources/apps/sunstone/etc/one/sunstone-views.yaml
Unescape View File

@ -1,18 +0,0 @@
---
logo: images/opennebula-5.0.png
groups:
oneadmin:
- admin
- admin_vcenter
- groupadmin
- groupadmin_vcenter
- user
- cloud
- cloud_vcenter
default:
- cloud
default_groupadmin:
- groupadmin
- cloud
labels_groups:
default:

2
source/resources/make-sources-list.sh
Unescape View File

@ -14,7 +14,7 @@ CODEDIR="$rootPath/source/resources"
cd "$CODEDIR" || exit
TEXOUT="$rootPath/source/Source-gen.tex"
# Build a grep exclude command that has file extensions to not include.
EXCLUDE="\./\.git \.csv$ \.eps \.git$ \.gz$ \.jpg$ \.ods$ \.ods\#$ \.png$ \.pdf$ \.swp$ \.tmp$ \.xml$ \.aux$ \.fuse_hidden*$ \.glo$ \.gls$ \.idx$ \.ilg$ \.ind$ \.lof$ \.log$ \.lol$ _minted-*$ \.old$ \.out$ \.swp$ \.toc$ \.zip$ \.*GPLv3*$ LICENSE$ README.md$ \.tar$ \.tar\.bz2$ \.gitignore make-sources-list\.sh$ Thumbs\.db$"
EXCLUDE="\./\.git \.csv$ \.eps \.git$ \.gz$ \.jpg$ \.ods$ \.ods\#$ \.png$ \.pdf$ \.swp$ \.tmp$ \.xml$ \.aux$ \.fuse_hidden.*$ \.glo$ \.gls$ \.idx$ \.ilg$ \.ind$ \.lof$ \.log$ \.lol$ _minted-.*$ \.old$ \.out$ \.swp$ \.toc$ \.zip$ \..*GPLv3.*$ LICENSE$ README.md$ \.tar$ \.tar\.bz2$ \.gitignore make-sources-list\.sh$ Thumbs\.db$ \.DS_Store$ \.git.*$"
EXCLUDEGREP="grep -v -i "
for i in $EXCLUDE
do EXCLUDEGREP="$EXCLUDEGREP -e $i"

Write Preview
Loading…
Cancel
Save