- Joined
- May 14, 2004
- Messages
- 27,060 (3.71/day)
Processor | Ryzen 7 5700X |
---|---|
Memory | 48 GB |
Video Card(s) | RTX 4080 |
Storage | 2x HDD RAID 1, 3x M.2 NVMe |
Display(s) | 30" 2560x1600 + 19" 1280x1024 |
Software | Windows 10 64-bit |
Dumping them here, in case some random internet person finds them via Google:
This is for CentOS 7 + Docker + GlusterFS + Pacemaker, we are running all our other services inside Docker containers that are managed via Pacemaker
This is for CentOS 7 + Docker + GlusterFS + Pacemaker, we are running all our other services inside Docker containers that are managed via Pacemaker
Code:
centos.mirror.constant.com/7/os/x86_64/
yum -y remove audit iprutils i*firmware libertas-*-firmware
rpm -e alsa-tools-firmware alsa-firmware aic94xx-firmware fxload
rpm -e postfix
rpm -i http://mirror.de.leaseweb.net/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
yum -y update
yum -y install chrony tar telnet mc nano wget psmisc sysstat iftop iotop screen bind-utils net-tools xfsprogs traceroute tcpdump rsync mysql bash-completion php-cli iptraf hdparm strace
yum -y install docker kvm qemu-kvm libvirt virt-clone pacemaker pcs
systemctl enable docker
echo DOCKER_OPTS="-r=false" > /etc/sysconfig/docker
sed -i -e"s/SELINUX=enforcing$/SELINUX=disabled/" /etc/selinux/config
echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf
echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf
echo "net.netfilter.nf_conntrack_max=10000000" >> /etc/sysctl.conf
echo "net.netfilter.nf_conntrack_tcp_timeout_established=7875" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog=65535" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range=1024 65535" >> /etc/sysctl.conf
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
dd if=/dev/zero of=/swapfile bs=1M count=1024
chmod 600 /swapfile
mkswap /swapfile
swapon -a
echo "password" | passwd --stdin hacluster
yum -y install iptables-services
cat <<EOF > /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Always allow internal traffic
-A INPUT -i br0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
# Docker images
-A INPUT -i br1 -m conntrack --ctstate NEW -d tpuadsrv-vip-ext -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -i br1 -m conntrack --ctstate NEW -d tpuwww-vip-ext -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -i br1 -m conntrack --ctstate NEW -d tpucdn-vip-ext -m tcp -p tcp --dport 80 -j ACCEPT
# This host
-A INPUT -i br1 -m conntrack --ctstate NEW -d 108.61.17.98 -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -i br1 -j REJECT --reject-with icmp-host-prohibited
# Need ACCEPT for virtual interfaces
-A INPUT -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
systemctl enable iptables
yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1"
yum -y install exim
perl -i -pe 'BEGIN{undef $/;} s/(daemon_smtp_ports =)/local_interfaces = 127.0.0.1.25\n$1/smg' /etc/exim/exim.conf
perl -i -pe 'BEGIN{undef $/;} s/(begin routers\s+).*?(begin)/$1tpumail:\n driver = manualroute\n transport = remote_msa\n route_list = * mail.techpowerup.com\n\n$2/smg' /etc/exim/exim.conf
perl -i -pe 'BEGIN{undef $/;} s/(begin authenticators\s+)(.*?begin)/$1tpumail_login:\n driver = plaintext\n public_name = LOGIN\n hide client_send = : servers\@techpowerup.com : password\n\n$2/smg' /etc/exim/exim.conf
chmod 600 /etc/exim/exim.conf
nano /etc/default/grub
remove rhgb quiet
add consoleblank=0 net.ifnames=0
grub2-mkconfig -o /boot/grub2/grub.cfg
yum -y autoremove NetworkManager
yum -y install rsyslog
cat <<END > /etc/rsyslog.conf
\$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
\$ModLoad imjournal # provides access to the systemd journal
\$ModLoad imklog # provides kernel logging support (previously done by rklogd)
\$WorkDirectory /var/lib/rsyslog
\$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
\$OmitLocalLogging on
\$IMJournalStateFile imjournal.state
\$ActionQueueFileName fwdRule1 # unique name prefix for spool files
\$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
\$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
\$ActionQueueType LinkedList # run asynchronously
\$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@logserver-vip
END
systemctl start rsyslog
systemctl enable rsyslog
mkdir -p /var/log/journal
systemctl enable dnsmasq
systemctl start dnsmasq
# setup network interfaces
# reboot
# remove old kernel
scp 10.0.2.0:/root/.ssh/authorized_keys ~/.ssh/authorized_keys
scp 10.0.2.0:/root/.ssh/id_rsa ~/.ssh/id_rsa
scp 10.0.2.0:/root/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub
scp 10.0.2.0:/etc/hosts /etc/hosts
rm -rf /etc/audit/ /etc/firewalld/ /etc/NetworkManager/ /var/lib/NetworkManager/ /var/log/audit/ /var/log/messages /var/log/maillog /var/lib/postfix/ /var/spool/postfix/
scp node2:/etc/corosync/authkey /etc/corosync/authkey
scp node2:/etc/corosync/corosync.conf /etc/corosync/corosync.conf
systemctl enable corosync pacemaker pcsd
systemctl restart corosync pacemaker pcsd
pcs cluster auth
pcs cluster setup cluster node1 node2
cd /etc/yum.repos.d/
wget http://download.gluster.org/pub/gluster/glusterfs/LATEST/CentOS/glusterfs-epel.repo
yum -y install glusterfs-server attr
systemctl enable glusterd
systemctl start glusterd
## replace glusterfs node
on other node: grep node3 /var/lib/glusterd/peers/*
echo UUID=1d4bbd3c-85e2-4661-b41d-4db27ad7633b>/var/lib/glusterd/glusterd.info
systemctl stop glusterd
gluster peer status
gluster peer probe node1
gluster volume sync node1
systemctl restart glusterfsd
## new node
mkfs.xfs /dev/sdb1
mkdir /mnt/ssd
echo "/dev/sdb1 /mnt/ssd xfs noatime,discard 1 2" >> /etc/fstab
mount -a
mkfs.xfs -i size=512 /dev/sda3
mkdir /mnt/sda3
echo "/dev/sda3 /mnt/sda3 xfs defaults 1 2" >> /etc/fstab
mount -a
mkdir /mnt/brick/gv0
mkdir /storage
echo "localhost:/gv0 /storage glusterfs defaults,_netdev 0 0" >> /etc/fstab
mount -a
/bin/cp /storage/dockerfiles/docker-enter /usr/local/sbin
gluster volume create gv0 replica 3 node1:/mnt/sda3/gv0 node2:/mnt/sda3/gv0 node3:/mnt/sda3/gv0
gluster volume start gv0
setfattr -x trusted.glusterfs.volume-id /mnt/sda3/gv0
setfattr -x trusted.gfid /mnt/sda3/gv0
rm -rf /mnt/sda3/gv0/.glusterfs
pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip= 108.61.17.99 cidr_netmask=32 op monitor interval=30s
pcs resource create ocf:heartbeat:IPaddr2 ip= 108.61.17.99 cidr_netmask=32 op monitor interval=30s
Last edited: