| LIC topology: IBM PCs |
|---|
- introduction
- hardware and network
- OS
- applications
- packages
- /etc/network/interfaces
- /etc/udev/rules.d/70-persistent-net.rules
- /etc/resolv.conf
- /etc/hosts
- /etc/iptables.up.rules
- /etc/network/if-pre-up.d/iptables
- /etc/apt/sources.list
- /etc/apt/apt.conf.d/10periodic
- /etc/nut/ups.conf
- /etc/nut/upsd.conf
- /etc/nut/upsd.users
- /etc/nut/upsmon.conf
- /etc/bacula/bacula-dir.conf
- /etc/bacula/bacula-fd.conf
- /etc/bacula/bacula-sd.conf
- /etc/bacula/bconsole.conf
- /etc/nagios3/conf.d/hostgroups_nagios2.cfg
- /etc/nagios3/conf.d/services_nagios2.cfg
- /etc/exim4/update-exim4.conf.conf
- /etc/exim4/passwd.client
- /home/issalarg/.ssh/authorized_keys
- /etc/fstab
- /etc/aliases
- /etc/default/mysql-mmm-agent
- /etc/mysql-mmm/mmm_common.conf
- /etc/mysql-mmm/mmm_mon.conf
- /etc/mysql-mmm/mmm_mon_log.conf
introduction
A computer in the internet DMZ that acts as a firewall. Things specific to this host are listed below. The list is grouped by . infrastructure layer.
Every host name in the LIC has five characters like this one.
| LIC topology: ifw03 | ||
|---|---|---|
| PCs | switches | ethernet interfaces |
hardware
I buy PC things. Specifically, a Dell OptiPlex GX260. Wikipedia (http://en.wikipedia.org/wiki/Dell_OptiPlex) has this summary.
- Model: GX270
- Chipset: Intel 865G
- CPU: Pentium 4 or Celeron
- FSB: 400/533/800 MHz Socket 478
- RAM type: DDR, 2 SFF board and 4 other boards 333/400
- RAM speed: PC2700/PC3200
- Chassis: SFF, SD, SMT
- Comments: SATA+PATA Intel graphics or dedicated 8x AGP card. The GX270 made from Apr 2003 to Mar 2004 came under fire in 2005 for having faulty Nichicon electrolytic capacitors. When they fail, these capacitors are easily recognised by an X mark across the top and a bloated or split appearance.
- USB: USB 2.0 x8
ifw03:~# lshw
ifw03
description: Desktop Computer
product: OptiPlex GX270
vendor: Dell Computer Corporation
serial: HC9ST0J
width: 32 bits
capabilities: smbios-2.3 dmi-2.3 smp-1.4 smp
configuration: administrator_password=enabled boot=normal chassis=desktop cpus=1 power-on_password=enabled uuid=44454C4C-4300-1039-8053-C8C04F54304A
*-core
description: Motherboard
product: 0U1324
vendor: Dell Computer Corp.
physical id: 0
version: A00
serial: ..CN1374038B088B.
*-firmware
description: BIOS
vendor: Dell Computer Corporation
physical id: 0
version: A07 (06/26/2006)
size: 64KiB
capacity: 448KiB
capabilities: pci pnp apm upgrade shadowing escd cdboot bootselect edd int13floppytoshiba int5printscreen int9keyboard int14serial int17printer acpi usb agp ls120boot biosbootspecification netboot
*-cpu
description: CPU
product: Intel(R) Pentium(R) 4 CPU 2.40GHz
vendor: Intel Corp.
physical id: 400
bus info: cpu@0
version: 15.2.9
slot: Microprocessor
size: 2400MHz
capacity: 3600MHz
width: 32 bits
clock: 533MHz
capabilities: boot fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up pebs bts cid xtpr
configuration: id=0
*-cache:0
description: L1 cache
physical id: 700
size: 8KiB
capacity: 16KiB
capabilities: internal write-back data
*-cache:1
description: L2 cache
physical id: 701
size: 512KiB
capacity: 512KiB
capabilities: internal varies unified
*-memory
description: System Memory
physical id: 1000
slot: System board or motherboard
size: 512MiB
*-bank:0
description: DIMM SDRAM Synchronous 333 MHz (3.0 ns)
physical id: 0
slot: DIMM_1
size: 256MiB
width: 64 bits
clock: 333MHz (3.0ns)
*-bank:1
description: DIMM SDRAM Synchronous 333 MHz (3.0 ns)
physical id: 1
slot: DIMM_2
size: 256MiB
width: 64 bits
clock: 333MHz (3.0ns)
*-bank:2
description: DIMM SDRAM Synchronous 333 MHz (3.0 ns) [empty]
physical id: 2
slot: DIMM_3
width: 64 bits
clock: 333MHz (3.0ns)
*-bank:3
description: DIMM SDRAM Synchronous 333 MHz (3.0 ns) [empty]
physical id: 3
slot: DIMM_4
width: 64 bits
clock: 333MHz (3.0ns)
*-pci
description: Host bridge
product: 82865G/PE/P DRAM Controller/Host-Hub Interface
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 02
width: 32 bits
clock: 33MHz
configuration: driver=agpgart-intel module=intel_agp
*-display UNCLAIMED
description: VGA compatible controller
product: 82865G Integrated Graphics Controller
vendor: Intel Corporation
physical id: 2
bus info: pci@0000:00:02.0
version: 02
width: 32 bits
clock: 33MHz
capabilities: pm vga_controller bus_master cap_list
configuration: latency=0
*-usb:0
description: USB Controller
product: 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #1
vendor: Intel Corporation
physical id: 1d
bus info: pci@0000:00:1d.0
version: 02
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@1
logical name: usb1
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-usb:1
description: USB Controller
product: 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #2
vendor: Intel Corporation
physical id: 1d.1
bus info: pci@0000:00:1d.1
version: 02
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@2
logical name: usb2
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-usb:2
description: USB Controller
product: 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #3
vendor: Intel Corporation
physical id: 1d.2
bus info: pci@0000:00:1d.2
version: 02
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@3
logical name: usb3
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-usb:3
description: USB Controller
product: 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #4
vendor: Intel Corporation
physical id: 1d.3
bus info: pci@0000:00:1d.3
version: 02
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@4
logical name: usb4
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-usb:4
description: USB Controller
product: 82801EB/ER (ICH5/ICH5R) USB2 EHCI Controller
vendor: Intel Corporation
physical id: 1d.7
bus info: pci@0000:00:1d.7
version: 02
width: 32 bits
clock: 33MHz
capabilities: pm debug ehci bus_master cap_list
configuration: driver=ehci_hcd latency=0 module=ehci_hcd
*-usbhost
product: EHCI Host Controller
vendor: Linux 2.6.26-2-686 ehci_hcd
physical id: 1
bus info: usb@5
logical name: usb5
version: 2.06
capabilities: usb-2.00
configuration: driver=hub slots=8 speed=480.0MB/s
*-pci
description: PCI bridge
product: 82801 PCI Bridge
vendor: Intel Corporation
physical id: 1e
bus info: pci@0000:00:1e.0
version: c2
width: 32 bits
clock: 33MHz
capabilities: pci normal_decode bus_master
*-network:0 DISABLED
description: Ethernet interface
product: RTL-8139/8139C/8139C+
vendor: Realtek Semiconductor Co., Ltd.
physical id: 7
bus info: pci@0000:01:07.0
logical name: eth2
version: 10
serial: 00:0e:2e:cb:ac:e0
size: 10MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=8139too driverversion=0.9.28 duplex=half latency=64 link=no maxlatency=64 mingnt=32 module=8139too multicast=yes port=MII speed=10MB/s
*-network:1
description: Ethernet interface
product: RTL-8169 Gigabit Ethernet
vendor: Realtek Semiconductor Co., Ltd.
physical id: 8
bus info: pci@0000:01:08.0
logical name: eth1
version: 10
serial: 00:e0:4c:89:35:de
size: 1GB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.2LK-NAPI duplex=full ip=192.168.80.1 latency=64 link=yes maxlatency=64 mingnt=32 module=r8169 multicast=yes port=twisted pair speed=1GB/s
*-network:2
description: Ethernet interface
product: 82540EM Gigabit Ethernet Controller
vendor: Intel Corporation
physical id: c
bus info: pci@0000:01:0c.0
logical name: eth0
version: 02
serial: 00:0b:db:c8:65:61
size: 100MB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm pcix msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.20-k2-NAPI duplex=full firmware=N/A ip=200.0.0.66 latency=64 link=yes mingnt=255 module=e1000 multicast=yes port=twisted pair speed=100MB/s
*-isa
description: ISA bridge
product: 82801EB/ER (ICH5/ICH5R) LPC Interface Bridge
vendor: Intel Corporation
physical id: 1f
bus info: pci@0000:00:1f.0
version: 02
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-ide:0
description: IDE interface
product: 82801EB/ER (ICH5/ICH5R) IDE Controller
vendor: Intel Corporation
physical id: 1f.1
bus info: pci@0000:00:1f.1
version: 02
width: 32 bits
clock: 33MHz
capabilities: ide bus_master
configuration: driver=PIIX_IDE latency=0 module=piix
*-ide:0
description: IDE Channel 0
physical id: 0
bus info: ide@0
logical name: ide0
clock: 33MHz
*-disk
description: ATA Disk
product: ST320011A
vendor: Seagate
physical id: 0
bus info: ide@0.0
logical name: /dev/hda
version: 3.75
serial: 3HT4YK5P
size: 18GiB (20GB)
capacity: 18GiB (20GB)
capabilities: ata dma lba iordy smart security pm partitioned partitioned:dos
configuration: mode=udma5 signature=fb51107f smart=on
*-volume:0
description: EXT3 volume
vendor: Linux
physical id: 1
bus info: ide@0.0,1
logical name: /dev/hda1
logical name: /
version: 1.0
serial: e379ad54-bd22-482b-b09e-addf83e7abd4
size: 17GiB
capacity: 17GiB
capabilities: primary bootable journaled extended_attributes large_files huge_files recover ext3 ext2 initialized
configuration: created=2010-10-04 14:51:06 filesystem=ext3 modified=2011-01-07 07:37:57 mount.fstype=ext3 mount.options=rw,errors=remount-ro,data=ordered mounted=2011-01-07 07:37:57 state=mounted
*-volume:1
description: Extended partition
physical id: 2
bus info: ide@0.0,2
logical name: /dev/hda2
size: 839MiB
capacity: 839MiB
capabilities: primary extended partitioned partitioned:extended
*-logicalvolume
description: Linux swap / Solaris partition
physical id: 5
logical name: /dev/hda5
capacity: 839MiB
capabilities: nofs
*-ide:1
description: IDE Channel 1
physical id: 1
bus info: ide@1
logical name: ide1
clock: 33MHz
*-cdrom
description: IDE CD-ROM
product: SAMSUNG CD-ROM SC-148C
physical id: 0
bus info: ide@1.0
logical name: /dev/hdc
version: B105
capabilities: packet atapi cdrom removable nonmagnetic dma lba iordy audio
configuration: status=nodisc
*-ide:1
description: IDE interface
product: 82801EB (ICH5) SATA Controller
vendor: Intel Corporation
physical id: 1f.2
bus info: pci@0000:00:1f.2
version: 02
width: 32 bits
clock: 66MHz
capabilities: ide bus_master
configuration: driver=ata_piix latency=0 module=ata_piix
*-serial
description: SMBus
product: 82801EB/ER (ICH5/ICH5R) SMBus Controller
vendor: Intel Corporation
physical id: 1f.3
bus info: pci@0000:00:1f.3
version: 02
width: 32 bits
clock: 33MHz
configuration: driver=i801_smbus latency=0 module=i2c_i801
*-multimedia
description: Multimedia audio controller
product: 82801EB/ER (ICH5/ICH5R) AC'97 Audio Controller
vendor: Intel Corporation
physical id: 1f.5
bus info: pci@0000:00:1f.5
version: 02
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list
configuration: driver=Intel ICH latency=0 module=snd_intel8x0
ifw03:~#
network cables
There is only one network cable colour - grey.
Two network cables connect ifw03 to the networks. One goes to the LIC (Larg's Internet Cluster).
- One grey cable connects this computer to the Internet, via the home network.
- Another grey cable carries administration traffic to the LIC, via ces03.
network interfaces
I buy ethernet things and add NICs (Network Interface Cards), like I did for xcl01.
| LIC table: ifw03 network interfaces | ||||
|---|---|---|---|---|
| computer | interface | description | IP address | netmask |
| ifw03 | eth0 | Internet (xcl01) | 200.0.0.66 | 255.255.255.224 |
| ifw03 | eth1 | adm01 network | 192.168.80.1 | 255.255.248.0 |
OS
All the IBM PCs (Personal Computers) in the LIC (Larg's Internet Cluster) run the Debian distribution.
applications
Almost all the applications in the LIC (Larg's Internet Cluster) are from the Debian distribution.
packages
I want to remove Gnome NetworkManager on xcl01.
apt-get remove network-manager
I install packages to make testing easier.
apt-get install lynx minicom screen sysv-rc-conf tcpdump
I install packages to provide services.
apt-get install apt-cacher-ng cacti heartbeat ifenslave ipvsadm \
ldirectord nagios3 ntp nut openssh-server setserial
I install perl modules for MySQL MMM.
apt-get install \
liblog-log4perl-perl libmailtools-perl liblog-dispatch-perl \
iproute libnet-arp-perl libproc-daemon-perl libalgorithm-diff-perl \
libdbi-perl libdbd-mysql-perl
I install MySQL MMM.
dpkg -i mysql-mmm-common_2.2.1-1_all.deb mysql-mmm-monitor_2.2.1-1_all.deb
/etc/network/interfaces
I follow this procedure for a different host: add static IP addresses to ifw01. I do not use the values on that page. I use this configuration instead.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # # Internet # see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/na... # auto eth0 iface eth0 inet static address 200.0.0.66 netmask 255.255.255.224 gateway 200.0.0.65 # # adm01 network # see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/in... # auto eth1 iface eth1 inet static address 192.168.80.1 netmask 255.255.248.0 #
/etc/udev/rules.d/70-persistent-net.rules
I follow this procedure for a different host: match interfaces with labels on ifw01. I do not use the values on that page. I use this configuration instead.
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0b:db:c8:65:61", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x10ec:0x8169 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:e0:4c:89:35:de", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
# PCI device 0x10ec:0x8139 (8139too)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:2e:cb:ac:e0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
/etc/resolv.conf
domain planetlarg.com search planetlarg.com nameserver 192.168.80.7
/etc/hosts
127.0.0.1 ifw03 localhost.localdomain localhost 127.0.1.1 ifw03.planetlarg.com ifw03 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
/etc/iptables.up.rules
# # see # http://cluster.planetlarg.com/car-size-cluster-build/prepare-firewall-if... # Generated by iptables-save v1.4.2 on Thu Nov 18 14:46:38 2010 # *filter :INPUT DROP [4223:350069] :FORWARD DROP [0:0] :OUTPUT ACCEPT [17737:6392044] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,80,443,3142 -j ACCEPT # # bacula -A INPUT -p tcp -m state --state NEW -m multiport --dports 9101,9102,9103 -j ACCEPT # # ping -A INPUT -s 200.0.0.65/32 -p icmp -j ACCEPT -A INPUT -s 192.168.0.0/16 -p icmp -j ACCEPT COMMIT # Completed on Thu Nov 18 14:46:38 2010
/etc/network/if-pre-up.d/iptables
This script is used to make the iptables rules permanent.
#!/bin/bash /sbin/iptables-restore < /etc/iptables.up.rules
/etc/apt/sources.list
The non-free folder is where I get firmware for my ethernet cards.
# # clean install # # deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main #deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main deb http://ftp.uk.debian.org/debian/ squeeze main non-free deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free deb http://security.debian.org/ squeeze/updates main non-free deb-src http://security.debian.org/ squeeze/updates main non-free deb http://ftp.uk.debian.org/debian/ squeeze-updates main non-free deb-src http://ftp.uk.debian.org/debian/ squeeze-updates main non-free
/etc/apt/apt.conf.d/10periodic
I add unattended updates to xcl01.
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "5"; APT::Periodic::Unattended-Upgrade "1";
/etc/nut/ups.conf
I follow this procedure for a different host: add the NUT (Network UPS Tools) application to ifw01. I do not use the values on that page. I use this configuration instead.
...
# my config
[ifw03]
driver = apcsmart
port = /dev/ttyS0
desc = "my server"
#
/etc/nut/upsd.conf
I follow this procedure for a different host: add the NUT (Network UPS Tools) application to ifw01. I do not use the values on that page. I use this configuration instead.
... # # my configuration # # LISTEN 192.168.80.1 3493 #
/etc/nut/upsd.users
I follow this procedure for a different host: add the NUT (Network UPS Tools) application to ifw01. I do not use the values on that page. I use this configuration instead.
...
#
# my configuration
#
[admin]
password = mypass
actions = SET
instcmds = ALL
#
[monmaster]
password = Pa55w0rd1
upsmon master
#
[monuser]
password = Pa55w0rd2
upsmon slave
#
/etc/nut/upsmon.conf
I follow this procedure for a different host: add the NUT (Network UPS Tools) application to ifw01. I do not use the values on that page. I use this configuration instead.
... # # my configuration # MONITOR ifw03@192.168.80.1 1 monmaster Pa55w0rd1 master # ...
/etc/bacula/bacula-dir.conf
I add bacula, a backup application.
This is a new undocumented version.
# #--------- # The Bacula Director service is the program that supervises # all the backup, restore, verify and archive operations. # http://www.bacula.org/5.0.x-manuals/en/main/main/What_is_Bacula.html # # director configuration sections are: # # 1 director - global settings # 2 catalog - index of backed up files, in a SQL database # 3 messages - notification e-mails # 4 job - each client to back up # 5 fileset - files to back up and files to avoid # 6 schedule - when to run, kind of backup # 7 client - what to back up from # 8 storage - device to back up to # 9 pool - collection of volumes - tapes or disk files # 10 console - restricted access for desktop tray-monitor #--------- # 1 director - global settings # Director { # define myself Name = ifw03-dir DIRport = 9101 QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 1 Password = "Pa55w0rd-for-dir" Messages = Daemon DirAddress = ifw03-adm01.planetlarg.com } # #--------- # 2 catalog - index of backed up files, in a SQL database # # The Catalog is used to store summary information about the Jobs, # Clients, and Files that were backed up and on what Volumes. # # Generic catalog service Catalog { Name = MyCatalog # Uncomment the following line if you want the dbi driver # dbdriver = "dbi:sqlite3"; dbaddress = 127.0.0.1; dbport = dbname = "bacula"; dbuser = ""; dbpassword = "" } # #--------- # 3 messages - notification e-mails # # Reasonable message delivery -- send most everything to email address # and to the console Messages { Name = Standard # # NOTE! If you send to two email or more email addresses, you will need # to replace the %r in the from field (-f part) with a single valid # email address in both the mailcommand and the operatorcommand. # What this does is, it sets the email address that emails would display # in the FROM field, which is by default the same email as they're being # sent to. However, if you send email to more than one address, then # you'll have to set the FROM address manually, to a single address. # for example, a 'no-reply@mydomain.com', is better since that tends to # tell (most) people that its coming from an automated source. # mailcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r" operatorcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r" mail = root@localhost = all, !skipped operator = root@localhost = mount console = all, !skipped, !saved # # WARNING! the following will create a file that you must cycle from # time to time as it will grow indefinitely. However, it will # also keep all your messages if they scroll off the console. # append = "/var/log/bacula/log" = all, !skipped catalog = all } # # Message delivery for daemon messages (no job). Messages { Name = Daemon mailcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r" mail = root@localhost = all, !skipped console = all, !skipped, !saved append = "/var/log/bacula/log" = all, !skipped } # #--------- # 4 job - each client to back up # # # A Bacula Job defines the work that Bacula must perform to # backup or restore a particular # Client. # JobDefs { Name = DefaultJob Type = Backup FileSet = "Full Set" Schedule = "WeeklyCycle" Storage = File Messages = Standard Pool = Default Full Backup Pool = Full-Pool Incremental Backup Pool = Inc-Pool Differential Backup Pool = Diff-Pool # With a bootstrap file, Bacula can restore your system without a Catalog. Write Bootstrap = "/var/lib/bacula/%c.bsr" Priority = 10 } # # back up ifw03 # Job { Name = Backupifw03 Client = ifw03-fd JobDefs = "DefaultJob" } # # back up ifw01 # Job { Name = Backupifw01 Client = ifw01-fd JobDefs = "DefaultJob" } # # Backup the catalog database (after the nightly save) # Job { Name = "BackupCatalog" Type = Backup Client = ifw03-fd FileSet="Catalog" Schedule = "WeeklyCycleAfterBackup" Storage = File Messages = Standard Pool = Default # This creates an ASCII copy of the catalog # Arguments to make_catalog_backup.pl are: # make_catalog_backup.pl <catalog-name> RunBeforeJob = "/etc/bacula/scripts/make_catalog_backup.pl MyCatalog" # This deletes the copy of the catalog RunAfterJob = "/etc/bacula/scripts/delete_catalog_backup" Write Bootstrap = "/var/lib/bacula/%n.bsr" Priority = 11 # run after main backup } # # Restore Standard template, to be changed by Console program # Job { Name = "RestoreFiles" Type = Restore Client = ifw03-fd FileSet="Full Set" Storage = File Pool = Default Messages = Standard Where = /tmp/bacula-restores } # #--------- # 5 fileset - files to back up and files to avoid # # Put your list of files here, preceded by 'File =', one per line # or include an external list with: # # File = <file-name # # Note: / backs up everything on the root partition. # if you have other partitions such as /usr or /home # you will probably want to add them too. # # snog, marry, avoid FileSet { Name = "Full Set" Include { Options { signature = MD5 } File = / } Exclude { File = /dev File = /lib File = /media File = /proc File = /sys File = /tmp File = /var/lib File = /var/backups File = /.journal File = /.fsck } } # # This is the backup of the catalog # FileSet { Name = "Catalog" Include { Options { signature = MD5 } File = "/var/lib/bacula/bacula.sql" } } # #--------- # 6 schedule - when to run, kind of backup # # http://www.bacula.org/5.0.x-manuals/en/main/main/Configuring_Director.ht... # When to do the backups, # * full backup on first sunday of the month, # * differential (i.e. incremental since full) every other sunday, # * incremental backups other days # Schedule { Name = "WeeklyCycle" Run = Level=Full 1st sun at 22:05 Run = Level=Differential 2nd-5th sun at 22:05 Run = Level=Incremental mon-sat at 22:05 } # # This schedule does the catalog. It starts after the WeeklyCycle Schedule { Name = "WeeklyCycleAfterBackup" Run = Level=Full sun-sat at 22:10 } # #--------- # 7 client - what to back up from # Client (File Services) to backup # # file director on ifw03 # Client { Name = ifw03-fd Address = ifw03-adm01.planetlarg.com FDPort = 9102 Catalog = MyCatalog Password = "Pa55w0rd-for-fd" File Retention = 60 days Job Retention = 6 months AutoPrune = yes # Prune expired Jobs/Files } # # file director on ifw01 # Client { Name = ifw01-fd Address = ifw01-adm01.planetlarg.com FDPort = 9102 Catalog = MyCatalog Password = "Pa55w0rd-for-fd" File Retention = 60 days Job Retention = 6 months AutoPrune = yes # Prune expired Jobs/Files } # #--------- # 8 storage - device to back up to # # Definition of file storage device # Storage { Name = File # Do not use "localhost" here Address = ifw03-adm01.planetlarg.com SDPort = 9103 Password = "Pa55w0rd-for-sd" Device = FileStorage Media Type = File } # #--------- # 9 pool - collection of volumes - tapes or disk files # # http://www.bacula.org/5.0.x-manuals/en/main/main/Configuring_Director.ht... # Default pool definition # Pool { Name = Default Pool Type = Backup Recycle = yes # Bacula can automatically recycle Volumes AutoPrune = yes # Prune expired volumes Volume Retention = 365 days # one year Maximum Volume Jobs = 5 Label Format = default- Maximum Volumes = 15 } # # Scratch pool definition # Pool { Name = Scratch Pool Type = Backup } # # http://www.bacula.org/5.0.x-manuals/en/main/main/Automated_Disk_Backup.h... # Back up everything. # Pool { Name = Full-Pool Pool Type = Backup Recycle = yes # automatically recycle Volumes AutoPrune = yes # Prune expired volumes Volume Retention = 6 months # set "Maximum Volume Jobs" to # the number of clients x a month's worth of backups (1) Maximum Volume Jobs = 2 Label Format = Full- Maximum Volumes = 9 } # # Copy files that have changed since the last backup. # Pool { Name = Inc-Pool Pool Type = Backup Recycle = yes # automatically recycle Volumes AutoPrune = yes # Prune expired volumes Volume Retention = 20 days # set "Maximum Volume Jobs" to # the number of clients x a week's worth of backups (6) Maximum Volume Jobs = 12 Label Format = Inc- Maximum Volumes = 7 } # # Copy files that have changed since the last full backup. # Pool { Name = Diff-Pool Pool Type = Backup Recycle = yes AutoPrune = yes Volume Retention = 40 days # set "Maximum Volume Jobs" to # the number of clients x a week of backups (1) Maximum Volume Jobs = 2 Label Format = Diff- Maximum Volumes = 10 } # #--------- # # 10 console - restricted access for desktop tray-monitor # # Restricted console used by tray-monitor to get the status of the director # Console { Name = ifw03-mon Password = "Pa55w0rd-for-mon" CommandACL = status, .status } # #---------
/etc/bacula/bacula-fd.conf
I add bacula, a backup application.
This is a new undocumented version.
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 5.0.2 (28 April 2010) -- debian squeeze/sid
#
# There is not much to change here except perhaps the
# File daemon Name to
#
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = ifw03-dir
Password = "Pa55w0rd-for-fd"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = ifw03-mon
Password = "Pa55w0rd-for-mon"
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = ifw03-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/bacula
Maximum Concurrent Jobs = 20
FDAddress = ifw03-adm01.planetlarg.com
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = ifw03-dir = all, !skipped, !restored
}
/etc/bacula/bacula-sd.conf
I add bacula, a backup application.
# #--------- # the Storage daemon's configuration file # based in part on # http://www.bacula.org/5.0.x-manuals/en/main/main/Automated_Disk_Backup.html # #--------- # # listening process # Storage { # definition of myself Name = ifw03-sd SDPort = 9103 # Director's port WorkingDirectory = "/var/lib/bacula" Pid Directory = "/var/run/bacula" Maximum Concurrent Jobs = 20 SDAddress = ifw03-adm01.planetlarg.com } # #--------- # # List Directors who are permitted to contact Storage daemon # Director { Name = ifw03-dir Password = "Pa55w0rd-for-sd" } # # Restricted Director, used by tray-monitor to get the # status of the storage daemon # Director { Name = ifw03-mon Password = "Pa55w0rd-for-mon" Monitor = yes } # #--------- # # Devices supported by this Storage daemon # # Note, for a list of additional Device templates please # see the directory/examples/devices # Or follow the following link: # http://bacula.svn.sourceforge.net/viewvc/bacula/trunk/bacula/examples/de... # # # To connect, the Director's bacula-dir.conf must have the # same Name and MediaType. # Device { Name = FileStorage Media Type = File Archive Device = /var/backups/bacula/ LabelMedia = yes; # lets Bacula label unlabeled media Random Access = Yes; AutomaticMount = yes; # when device opened, read it RemovableMedia = no; AlwaysOpen = no; } # #--------- # # messages # # Send all messages to the Director, # mount messages also are sent to the email address # Messages { Name = Standard director = bacula-dir = all } # #---------
/etc/bacula/bconsole.conf
I add bacula, a backup application.
#
# Bacula User Agent (or Console) Configuration File
#
Director {
Name = localhost-dir
DIRport = 9101
address = ifw03-adm01.planetlarg.com
Password = "Pa55w0rd-for-director"
}
/etc/nagios3/conf.d/hostgroups_nagios2.cfg
# Some generic hostgroup definitions
# A simple wildcard hostgroup
define hostgroup {
hostgroup_name all
alias All Servers
members *
}
# A list of your Debian GNU/Linux servers
define hostgroup {
hostgroup_name debian-servers
alias Debian GNU/Linux Servers
members *
}
# A list of your web servers
define hostgroup {
hostgroup_name http-servers
alias HTTP servers
members *
}
# A list of your ssh-accessible servers
define hostgroup {
hostgroup_name ssh-servers
alias SSH servers
members *
}
# nagios doesn't like monitoring hosts without services, so this is
# a group for devices that have no other "services" monitorable
# (like routers w/out snmp for example)
define hostgroup {
hostgroup_name ping-servers
alias Pingable servers
members gateway
}
#
# remote hosts
# all the hosts I check with NRPE
define hostgroup {
hostgroup_name nrpe-hosts
alias remote hosts running NRPE
members ifw01,ifw02,ics01,ics02,ics03
}
/etc/nagios3/conf.d/services_nagios2.cfg
# check that web services are running
define service {
hostgroup_name http-servers
service_description HTTP
check_command check_http
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
# check that ssh services are running
define service {
hostgroup_name ssh-servers
service_description SSH
check_command check_ssh
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
# check that ping-only hosts are up
define service {
hostgroup_name ping-servers
service_description PING
check_command check_ping!100.0,20%!500.0,60%
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
#----------
# NRPE checks
#
# count users on remote hosts
define service {
hostgroup_name nrpe-hosts
service_description Current Users
check_command check_nrpe_1arg!check_users
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
#
# check load on remote hosts
define service {
hostgroup_name nrpe-hosts
service_description Current Load
check_command check_nrpe_1arg!check_load
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
#
# how full is the root partition on remote hosts
define service {
hostgroup_name nrpe-hosts
service_description Disk Space
check_command check_nrpe_1arg!check_hda1
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
#
# AAAAAGH! Zombies in the supermarket!
define service {
hostgroup_name nrpe-hosts
service_description Zombie Processes
check_command check_nrpe_1arg!check_zombie_procs
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
#
# count processes on remote hosts
define service {
hostgroup_name nrpe-hosts
service_description Total Processes
check_command check_nrpe_1arg!check_total_procs
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
/etc/exim4/update-exim4.conf.conf
I configure exim4, an e-mail application
# /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='smarthost' dc_other_hostnames='ifw03.planetlarg.com' dc_local_interfaces='127.0.0.1;192.168.80.1' dc_readhost='planetlarg.com' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='192.168.0.0/16' dc_smarthost='smtp.myisp.co.uk' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool'
/etc/exim4/passwd.client
I configure exim4, an e-mail application
# password file used when the local exim is authenticating to a remote # host as a client. # # see exim4_passwd_client(5) for more documentation # # Example: ### target.mail.server.example:login:password smtp.myisp.co.uk:myusername:myPa55w0rd
/etc/fstab
An undocumented part of add bacula, a backup application
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # / was on /dev/sda1 during installation UUID=55f55191-2b32-4269-9137-49b23c491fa3 / ext3 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=be286cc6-f1a4-4251-b7ff-ad84b402c066 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 # # removable disk UUID=c85e5264-29db-4e7e-9cfa-3a5f399a8da6 /var/backups/bacula ext3 defaults 0 2
/home/issalarg/.ssh/authorized_keys
I use public key authentication for SSH.
# # not really my key from xcl01 # ssh-rsa ABcdB3NEAAAABIwAAAQYf0IgVazrDZV5hZMKbSGKoEDYifqEb7fRAg8FwRLn/VAXVBD8OPPZuQlld/0SYLucKgW9yu82QcnhgQj+ymDehZQu+gGRCnLK17ZzYfe6hyQgvdRBnS/6jumUPRrwBCxfOz3YpPYQXW3xoD6DF7Ma7QW1sldIyCpxsy70ehunW5h4WEC8p7S+rIrw6FGU8wAHR+w== issalarg@xcl01
/etc/aliases
... root: issalarg issalarg: idc@planetlarg.net
/etc/mysql-mmm/mmm_common.conf
active_master_role writer
<host default>
cluster_interface bond0
pid_path /var/run/mmm_agentd.pid
bin_path /usr/lib/mysql-mmm/
replication_user replication
replication_password replication_password
agent_user mmm_agent
agent_password agent_password
</host>
<host db1>
ip 192.168.80.2
mode master
peer db2
</host>
<host db2>
ip 192.168.80.3
mode master
peer db1
</host>
<host db3>
ip 192.168.80.4
mode slave
</host>
<role writer>
hosts db1, db2
ips 192.168.1.2
mode exclusive
</role>
<role reader>
hosts db1, db2, db3
ips 192.168.1.3, 192.168.1.4, 192.168.1.5
mode balanced
</role>
/etc/mysql-mmm/mmm_mon.conf
include mmm_common.confip 127.0.0.1 pid_path /var/run/mmm_mond.pid bin_path /usr/lib/mysql-mmm/ status_path /var/lib/misc/mmm_mond.status ping_ips 192.168.80.1, 192.168.80.2, 192.168.80.3 monitor_user mmm_monitor monitor_password monitor_password debug 0
/etc/mysql-mmm/mmm_mon_log.conf
# This config based on code from # http://mysql-mmm.org/mysql-mmm.html # log4perl module explained at # http://search.cpan.org/dist/Log-Log4perl/lib/Log/Log4perl.pm # #--------- # Set the logging level and also where to write messages. # # These write messages to a file. #log4perl.logger = INFO, LogFile log4perl.logger = DEBUG, LogFile # # This writes messages to file and console. #log4perl.logger = DEBUG, ScreenLog, LogFile #--------- # # logfile definitions log4perl.appender.LogFile = Log::Log4perl::Appender::File log4perl.appender.LogFile.filename = /var/log/mysql-mmm/mmm_mond.log log4perl.appender.LogFile.recreate = 1 log4perl.appender.LogFile.layout = PatternLayout log4perl.appender.LogFile.layout.ConversionPattern = %d %5p %m%n # # screenlog definitions log4perl.appender.ScreenLog = Log::Log4perl::Appender::Screen log4perl.appender.ScreenLog.stderr = 0 log4perl.appender.ScreenLog.layout = PatternLayout log4perl.appender.ScreenLog.layout.ConversionPattern = %d %5p %m%n
