Notizen zur LB2 M 300
Bind9 Config Dateien sind ganz unten aufgelistet
A1: Docker Host
Festplattte Vorbereiten
- Verbindung via SSH von LP1 auf LS1 (192.168.70.21)
ssh vmadmin@192.168.70.21
# Ordner für externe Disks vorbereiten mkdir -p /data/docker mkdir -p /data/www
# disks auflisten lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 8G 0 disk ├─sda1 8:1 0 1M 0 part └─sda2 8:2 0 8G 0 part / sdb 8:16 0 8G 0 disk sr0 11:0 1 368K 0 rom
- sda1 = ?
- sda2 = Root Disk
- sdb = Docker Disk
- sr0 = ?
# Disk sdb Partitionieren sudo fdisk /dev/sdb # >n = neue Partition # >p = Primary partion # > Alles andere bei default werten lassen # Output lsblk ist jetzt sdb 8:16 0 8G 0 disk └─sdb1 8:17 0 8G 0 part
# Partition formatieren sudo mkfs.ext4 /dev/sdb1 # Output mke2fs 1.46.5 (30-Dec-2021) Discarding device blocks: done Creating filesystem with 2096896 4k blocks and 524288 inodes Filesystem UUID: 04273961-35c5-40a2-acfd-acd6c4cd1ad1 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 Allocating group tables: done Writing inode tables: done Creating journal (16384 blocks): done Writing superblocks and filesystem accounting information: done
# Disk Mounten sudo blkid # Output /dev/sdb1: UUID="04273961-35c5-40a2-acfd-acd6c4cd1ad1" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="199eee41-01" # in fstab mounten sudo nano /etc/fstab # Folgendes einfügen UUID=04273961-35c5-40a2-acfd-acd6c4cd1ad1 /data/docker ext4 defaults 0 0 # Disk mounten systemctl daemon-reload sudo mount -a # Mountpoint Testen lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 63.4M 1 loop /snap/core20/1974 loop1 7:1 0 63.9M 1 loop /snap/core20/2318 loop2 7:2 0 53.3M 1 loop /snap/snapd/19457 loop3 7:3 0 38.8M 1 loop /snap/snapd/21759 sda 8:0 0 8G 0 disk ├─sda1 8:1 0 1M 0 part └─sda2 8:2 0 8G 0 part / sdb 8:16 0 8G 0 disk └─sdb1 8:17 0 8G 0 part /data/docker sr0 11:0 1 368K 0 rom
Docker Installieren
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Docker Testen sudo docker run hello-world
Docker Test Skript ausführen
docker info Client: Docker Engine - Community Version: 26.1.4 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.14.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.27.1 Path: /usr/libexec/docker/cli-plugins/docker-compose Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 1 Server Version: 26.1.4 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: runc io.containerd.runc.v2 Default Runtime: runc Init Binary: docker-init containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957 runc version: v1.1.12-0-g51d5e94 init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 5.15.0-72-generic Operating System: Ubuntu 22.04.4 LTS OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 1.93GiB Name: vmLS1.lb2.m300.smartlearn.ch ID: cf3570a6-4923-4cd4-99ea-4bab6aa053ae Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES df Filesystem 1K-blocks Used Available Use% Mounted on tmpfs 202340 1128 201212 1% /run /dev/sda2 8170952 2961948 4815376 39% / tmpfs 1011688 0 1011688 0% /dev/shm tmpfs 5120 0 5120 0% /run/lock tmpfs 202336 4 202332 1% /run/user/1000 /dev/sdb1 8153564 24 7717780 1% /data/docker cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda2 during curtin installation /dev/disk/by-uuid/7860ac43-69f7-45bf-bebd-e37600691499 / ext4 defaults 0 1 # Docker Data UUID=04273961-35c5-40a2-acfd-acd6c4cd1ad1 /data/docker ext4 defaults 0 0 ls -laR /data |head -n 50 /data: total 12 drwxr-xr-x 3 root root 4096 Jun 11 11:04 . drwxr-xr-x 20 root root 4096 Jun 11 11:04 .. drwxr-xr-x 3 root root 4096 Jun 11 11:00 docker /data/docker: total 24 drwxr-xr-x 3 root root 4096 Jun 11 11:00 . drwxr-xr-x 3 root root 4096 Jun 11 11:04 .. drwx------ 2 root root 16384 Jun 11 11:00 lost+found /data/docker/lost+found: total 20 drwx------ 2 root root 16384 Jun 11 11:00 . drwxr-xr-x 3 root root 4096 Jun 11 11:00 .. ls -laR /var/lib/docker |head -n 50 /var/lib/docker: total 52 drwx--x--- 12 root root 4096 Jun 11 11:08 . drwxr-xr-x 42 root root 4096 Jun 11 11:08 .. drwx--x--x 4 root root 4096 Jun 11 11:08 buildkit drwx--x--- 3 root root 4096 Jun 11 11:09 containers -rw------- 1 root root 36 Jun 11 11:08 engine-id drwx------ 3 root root 4096 Jun 11 11:08 image drwxr-x--- 3 root root 4096 Jun 11 11:08 network drwx--x--- 6 root root 4096 Jun 11 11:09 overlay2 drwx------ 4 root root 4096 Jun 11 11:08 plugins drwx------ 2 root root 4096 Jun 11 11:08 runtimes drwx------ 2 root root 4096 Jun 11 11:08 swarm drwx------ 2 root root 4096 Jun 11 11:09 tmp drwx-----x 2 root root 4096 Jun 11 11:08 volumes /var/lib/docker/buildkit: total 112 drwx--x--x 4 root root 4096 Jun 11 11:08 . drwx--x--- 12 root root 4096 Jun 11 11:08 .. -rw------- 1 root root 32768 Jun 11 11:08 cache.db -rw-r--r-- 1 root root 16384 Jun 11 11:08 containerdmeta.db drwxr-xr-x 3 root root 4096 Jun 11 11:08 content drwx--x--x 2 root root 4096 Jun 11 11:08 executor -rw------- 1 root root 32768 Jun 11 11:08 history.db -rw------- 1 root root 16384 Jun 11 11:08 metadata_v2.db -rw------- 1 root root 16384 Jun 11 11:08 snapshots.db /var/lib/docker/buildkit/content: total 12 drwxr-xr-x 3 root root 4096 Jun 11 11:08 . drwx--x--x 4 root root 4096 Jun 11 11:08 .. drwxr-xr-x 2 root root 4096 Jun 11 11:08 ingest /var/lib/docker/buildkit/content/ingest: total 8 drwxr-xr-x 2 root root 4096 Jun 11 11:08 . drwxr-xr-x 3 root root 4096 Jun 11 11:08 .. /var/lib/docker/buildkit/executor: total 8 drwx--x--x 2 root root 4096 Jun 11 11:08 . drwx--x--x 4 root root 4096 Jun 11 11:08 .. /var/lib/docker/containers: total 12 drwx--x--- 3 root root 4096 Jun 11 11:09 . drwx--x--- 12 root root 4096 Jun 11 11:08 .. drwx--x--- 4 root root 4096 Jun 11 11:09 04c92bcae4eccfb1ac57d1da261e3f442d9577119a63547c29a0ec411e2df806
A2: DNS-Server
Task
- DNS auf vmLS1
- Zone "lb2.m300.smartlearn.ch" erstellen
- Einträge zu Zone hinzufügen
- Firewall: 192.168.70.1 (DMZ), 192.168.150.1 (LAN)
- vmLS1: 192.168.70.21
- Reverse Zone für "192.168.70.0/24"
- PTR Record für Jede IP Adresse:
- Firewall: 192.168.70.1
- vmLS1: 192.168.70.21
- DNS Server auf LP1 und LS1 konfigurieren
- Interne und externe DNS Auflösung Testen
- Konfig mit
testen_dnsBefehl Testen- Für Test Skript env Variable
$dnsipupdaten - -->
echo 'export dnsip="192.168.70.21"' > ~/.bashrc && source ~/.bashrc
- Für Test Skript env Variable
- Config Dateien abgeben:
named.conf.localnamed.conf.options- Zonen Datei von
lb2.m300.smartlearn.ch
Installation und Konfiguration DNS
ssh verbindung besteht noch zu vmLS1
# Bind9 Installieren sudo apt update sudo apt install bind9 bind9utils bind9-doc -y
# Forward Zone sudo nano /etc/bind/db.lb2.m300.smartlearn.ch # Inhalt $TTL 604800 @ IN SOA ns.lb2.m300.smartlearn.ch. root.lb2.m300.smartlearn.ch. ( 2024010101 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.lb2.m300.smartlearn.ch. ns IN A 192.168.70.21 www IN A 192.168.70.21 vmls1 IN A 192.168.70.21 applikation IN A 192.168.70.21 vmlf1 IN A 192.168.70.1
# Zonenbeschreibung sudo nano /etc/bind/named.conf.local # Inhalt zone "lb2.m300.smartlearn.ch" { type master; file "/etc/bind/db.lb2.m300.smartlearn.ch"; };
# DNS Restart & Testen sudo systemctl restart bind9 dig @localhost firewall-dmz.lb2.m300.smartlearn.ch dig @localhost firewall-lan.lb2.m300.smartlearn.ch dig @localhost vmls1.lb2.m300.smartlearn.ch
# Reverse Zone sudo nano /etc/bind/db.192.168.70 # Inhalt $TTL 604800 @ IN SOA ns.lb2.m300.smartlearn.ch. root.lb2.m300.smartlearn.ch. ( 2024010101 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.lb2.m300.smartlearn.ch. 1 IN PTR vmlf1.lb2.m300.smartlearn.ch. 21 IN PTR vmls1.lb2.m300.smartlearn.ch. 22 IN PTR vmws1.lb2.m300.smartlearn.ch.
# Zonenbeschreibung sudo nano /etc/bind/named.conf.local # Inhalt zone "lb2.m300.smartlearn.ch" { type master; file "/etc/bind/db.lb2.m300.smartlearn.ch"; }; zone "70.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.70"; };
# DNS Restart & Testen sudo systemctl restart bind9 dig @localhost -x 192.168.70.1 dig @localhost -x 192.168.70.21
# Externe Auflösung aktivieren sudo nano /etc/bind/named.conf.options # Inhalt options { directory "/var/cache/bind"; // Forwarders to public DNS servers forwarders { 1.1.1.1; 1.1.0.1; }; // Allow recursive queries allow-recursion { any; }; // If you want to restrict recursive queries to your internal network only: // allow-recursion { 192.168.0.0/16; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
# DNS Restart & Testen sudo systemctl restart bind9 dig @localhost google.com
DNS auf Server und Client Konfigurieren
# Server sudo nano /etc/netplan/00-eth0.yaml # Inhalt network: version: 2 renderer: networkd ethernets: eth0: addresses: [ 192.168.70.21/24 ] dhcp4: false routes: - to: default via: 192.168.70.1 nameservers: addresses: [ 192.168.70.21 ] search: [ lb2.m300.smartlearn.ch ] # Änderungen übernehmen sudo netplan apply
# Client sudo nano /etc/netplan/00-eth0.yaml # Inhalt network: version: 2 renderer: NetworkManager ethernets: eth0: dhcp4: yes routes: - to: default via: 192.168.150.1 nameservers: addresses: [ 192.168.70.21 ] search: [ lb2.m300.smartlearn.ch ] # Änderungen übernehmen sudo netplan apply # resolf.conf noch diese Zeile nameserver 192.168.70.21
DNS Konfig von vmLP1 aus Testen
# $> testen_dns nslookup vmlf1.lb2.m300.smartlearn.ch 192.168.70.21 Server: 192.168.70.21 Address: 192.168.70.21#53 Name: vmlf1.lb2.m300.smartlearn.ch Address: 192.168.70.1 nslookup www.lb2.m300.smartlearn.ch 192.168.70.21 Server: 192.168.70.21 Address: 192.168.70.21#53 Name: www.lb2.m300.smartlearn.ch Address: 192.168.70.21 nslookup applikation.lb2.m300.smartlearn.ch 192.168.70.21 Server: 192.168.70.21 Address: 192.168.70.21#53 Name: applikation.lb2.m300.smartlearn.ch Address: 192.168.70.21 nslookup 192.168.70.22 192.168.70.21 22.70.168.192.in-addr.arpa name = vmws1.lb2.m300.smartlearn.ch. nslookup www.gibb.ch 192.168.70.21 Server: 192.168.70.21 Address: 192.168.70.21#53 Non-authoritative answer: Name: www.gibb.ch Address: 194.124.129.15 nslookup vmls1.lb2.m300.smartlearn.ch Server: 192.168.70.21 Address: 192.168.70.21#53 Name: vmls1.lb2.m300.smartlearn.ch Address: 192.168.70.21 nslookup www Server: 192.168.70.21 Address: 192.168.70.21#53 ** server can't find www: NXDOMAIN
A3: Applikation - Wordpress
- Wordpress auf dem Server
Apps installieren und Wordpress vorbereiten
sudo apt update sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql cd /tmp wget https://wordpress.org/latest.tar.gz tar -xzvf latest.tar.gz sudo mv /tmp/wordpress/* /var/www/html/ sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php sudo chown -R www-data:www-data /var/www/html/
Mysql db vorbereiten
sudo mysql_secure_installation
sudo mysql -u root -p CREATE DATABASE wordpress; CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpressuser'@'localhost'; FLUSH PRIVILEGES; EXIT;
WP Konfig anpassen
sudo nano /var/www/html/wp-config.php
define('DB_NAME', 'wordpress'); define('DB_USER', 'wordpressuser'); define('DB_PASSWORD', 'password'); define('DB_HOST', 'localhost');
Apache vorbereiten
sudo systemctl restart apache2 sudo nano /etc/apache2/sites-available/applikation.lb2.m300.smartlearn.ch.conf
conf
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/
ServerName applikation.lb2.m300.smartlearn.ch
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Webseite aktivieren
sudo a2ensite applikation.lb2.m300.smartlearn.ch.conf sudo a2enmod rewrite sudo systemctl restart apache2
A4: Web Inhalt
Task:
- HTTP-Dienst auf vmLS1 installieren
- Download Link für Webseite: https://smartlearn.gibb.ch/media/e8a8e4d47dd0cc3a6796ab.gz
- Entpacken mit
tar -xvzf www.lb2.ch.tar.gz
- Entpacken mit
- Folgende URl für Web Dienst: http://www.lb2.m300.smartlearn.ch
- Apache Site-Konfigurationsdatei soll den Namen "www.lb2.conf" haben
- Zweite Hardisk formatieren und unter /data/www mounten
- Lösung Dokumentieren und Screenshot einfügen
Disk Formatieren
# Disk sdc Partitionieren sudo fdisk /dev/sdc # >n = neue Partition # >p = Primary partion # > Alles andere bei default werten lassen # Output lsblk ist jetzt sda 8:16 0 8G 0 disk └─sda1 8:17 0 8G 0 part # Partition formatieren und Mounten sudo mkfs.ext4 /dev/sda1 sudo nano /etc/fstab # Inhalt UUID=825c1d3f-6846-4429-959d-4e29f5ff3873 /data/www ext4 defaults 0 0 systemctl daemon-reload sudo mount -a
Webseite
- Auf vmLS1
cd /tmp wget https://smartlearn.gibb.ch/media/e8a8e4d47dd0cc3a6796ab.gz tar -xvzf e8a8e4d47dd0cc3a6796ab.gz mv /tmp/www/* /data/www/
Apache
sudo nano /etc/apache2/sites-available/www.lb2.conf
conf
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName www.lb2.m300.smartlearn.ch
DocumentRoot /data/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Aktivieren
sudo a2ensite www.lb2.conf sudo systemctl restart apache2
Zusatz: Option C - login mit ssh keys
# auf lp1 ssh-keygen ssh-copy-id vmadmin@192.168.70.21 # testen mit touch test scp test vmadmin@192.168.70.21
Test Skripts
Testen Docker
- /usr/local/bin/testen_docker
#!/bin/bash bold=$(tput bold) normal=$(tput sgr0) echo -e "${bold}docker info${normal}" docker info echo -e "${bold}docker ps${normal}" docker ps echo -e "${bold}df${normal}" df echo -e "${bold}cat /etc/fstab${normal}" cat /etc/fstab echo -e "${bold}ls -laR /data |head -n 50${normal}" ls -laR /data |head -n 50 echo -e "${bold}ls -laR /var/lib/docker |head -n 50${normal}" ls -laR /var/lib/docker |head -n 50
Testen DNS
- /usr/local/bin/testen_dns
#!/bin/bash bold=$(tput bold) normal=$(tput sgr0) echo -e "${bold}nslookup vmlf1.lb2.m300.smartlearn.ch 192.168.70.21${normal}" nslookup vmlf1.lb2.m300.smartlearn.ch 192.168.70.21 echo -e "${bold}nslookup www.lb2.m300.smartlearn.ch 192.168.70.21${normal}" nslookup www.lb2.m300.smartlearn.ch 192.168.70.21 echo -e "${bold}nslookup applikation.lb2.m300.smartlearn.ch 192.168.70.21${normal}" nslookup applikation.lb2.m300.smartlearn.ch 192.168.70.21 echo -e "${bold}nslookup 192.168.70.22 192.168.70.21${normal}" nslookup 192.168.70.22 192.168.70.21 echo -e "${bold}nslookup www.gibb.ch 192.168.70.21${normal}" nslookup www.gibb.ch 192.168.70.21 echo -e "${bold}nslookup vmls1.lb2.m300.smartlearn.ch${normal}" nslookup vmls1.lb2.m300.smartlearn.ch echo -e "${bold}nslookup www${normal}" nslookup www
Bind9 Konfigurationsdateien
Forward Zone db.lb2.m300.smartlearn.ch
#/etc/bind/db.lb2.m300.smartlearn.ch
$TTL 604800
@ IN SOA ns.lb2.m300.smartlearn.ch. root.lb2.m300.smartlearn.ch. (
2024010101 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.lb2.m300.smartlearn.ch.
ns IN A 192.168.70.21
www IN A 192.168.70.21
vmls1 IN A 192.168.70.21
applikation IN A 192.168.70.21
vmlf1 IN A 192.168.70.1
Reverse Zone db.192.168.70
#/etc/bind/db.192.168.70
TTL 604800
@ IN SOA ns.lb2.m300.smartlearn.ch. root.lb2.m300.smartlearn.ch. (
2024010101 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.lb2.m300.smartlearn.ch.
1 IN PTR vmlf1.lb2.m300.smartlearn.ch.
21 IN PTR vmls1.lb2.m300.smartlearn.ch.
22 IN PTR vmws1.lb2.m300.smartlearn.ch.
Bind9 Konfiguration named.conf.local
#/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "lb2.m300.smartlearn.ch" {
type master;
file "/etc/bind/db.lb2.m300.smartlearn.ch";
};
zone "70.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.70";
};
Bind9 Optionen named.conf.options
#/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// Forwarders to public DNS servers
forwarders {
1.1.1.1;
1.1.0.1;
};
// Allow recursive queries
allow-recursion { any; };
// If you want to restrict recursive queries to your internal network only:
// allow-recursion { 192.168.0.0/16; };
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};