Proxmox PVE 6.x 7.x 安裝 LSI Storage Authority

安裝
p=$PWD;cd /tmp;

wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.014.010.000_LSA_Linux-x64.zip -qO - |busybox unzip -;

cd x64;chmod a+x *.sh;yes |./install_deb.sh -s;
systemctl enable LsiSASH;systemctl restart LsiSASH;
cd $p;

移除
dpkg -r lsistorageauthority
dpkg -P lsistorageauthority

舊版本

https://docs.broadcom.com/docs-and-downloads/008.005.012.000_LSA_Linux.zip

https://docs.broadcom.com/docs-and-downloads/008.006.010.000_LSA_Linux.zip

https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.013.010.000_LSA_Linux-x64.zip

https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.011.006.000_LSA_Linux-x64.zip

修改登入帳號權限

編輯  /opt/lsi/LSIStorageAuthority/conf/LSA.conf 內容

# User Groups who can have a FULL (or) Admin ACCESS to LSA (Example:Administrators)

full_access_groups = lsi

# User Groups who can have a Read-Only (or) Non-Admin ACCESS to LSA (Example:Authenticated Users )

readonly_access_groups = users

Debian apt update NO_PUBKEY 43607F0DC2F8238C

apt install -y gpg

Proxmox PVE 6 + LXC Debian 10 + Glusterfs server 7 安裝筆記

echo "deb http://ftp.tw.debian.org/debian buster main" > /etc/apt/sources.list.d/debian.list;
apt-get update;apt-get upgrade;
apt-get install -y gpg;

wget -O - https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub | apt-key add -;
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/Debian/buster/amd64/apt buster main > /etc/apt/sources.list.d/gluster.list;

apt-get update;apt install glusterfs-server=7.0-1;

CentOS7 安裝 Docker ce

yum update
yum remove -y docker docker-client docker-client-latest docker-common docker-latest  docker-latest-logrotate  docker-logrotate  docker-engine

yum install -y sudo yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update
yum install -y docker-ce

Bering-uClibc 6.x 安裝 Openvpn Cleint

1.新增模組 tun /etc/modules

2.安裝 套件 
openvpnz.lrp openssl.lrp

3.編輯 /etc/openvpn/client.conf  內容如下
client
dev tap
proto tcp
remote 10.0.0.1 443
resolv-retry infinite
nobind
persist-key
persist-tun

ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/client.crt
key /etc/easyrsa/keys/client.key

remote-cert-tls server
tls-auth /etc/easyrsa/keys/ta.key 1
cipher AES-256-CBC
verb 3


4.由 openvpn server 端複製以下檔案
/etc/easyrsa/keys/ca.crt
/etc/easyrsa/keys/client.crt
/etc/easyrsa/keys/client.key
/etc/easyrsa/keys/ta.key

5.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn             ipv4

編輯 /etc/shorewall/interfaces  加入
vpn             tap0

編輯
/etc/shorewall/policy
/etc/shorewall/rules

編輯 /etc/shorewall/snat 加入
;MASQUERADE      10.8.0.0/24     eth0
;MASQUERADE      10.8.0.0/24     eth1

Bering-uClibc 6.x 安裝 Openvpn Server

1.新增模組 tun /etc/modules

2.安裝相關套件及軟體
openvpnz.lrp easyrsa.lrp openssl.lrp

wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key-server -O /usr/bin/build-key-server

wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key -O /usr/bin/build-key

3.編輯 /etc/easyrsa/vars

4.產生 CA
. /etc/easyrsa/vars
cd /etc/easyrsa
./clean-all
build-ca
build-dh

5.產生 Server 及 client 金鑰
build-key-server server
build-key client
openvpn --genkey --secret ta.key

6.設定 /etc/openvpn/server.conf 內容如下
port 443
proto tcp
dev tap
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/server.crt
dh /etc/easyrsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3

;route 10.72.198.0 255.255.255.0 10.8.0.2

7.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn             ipv4

編輯 /etc/shorewall/interfaces  加入
vpn             tap0

編輯
/etc/shorewall/policy
/etc/shorewall/rules

編輯 /etc/shorewall/snat 加入
;MASQUERADE      10.8.0.0/24     eth0
;MASQUERADE      10.8.0.0/24     eth1

Linux software raid 修復筆記

用於 mdadm --assemble --scan 已無法取得正確 raid 組態
md0 : inactive sdb[5](S)


1.檢測取得硬碟上 raid 資訊，確認硬碟裝置
mdadm --examine /dev/sdb

2.停用 raid 裝置
mdadm --stop /dev/md0

3.重建raid 組態
mdadm --assemble --force /dev/md0 /dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sdbe

4.mdadm --assemble --scan

Glusterfs disperse volume 建置參考

disperse-data brick 需為 4倍數，才能有比較好效能

4 + 1 =5
4 + 2 =6
4 + 3 =7
8 + 1 =9
8 + 2 =10
8 + 3 =11
8 + 4 =12