Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
tech:hypervisor-01 [16/02/2021 19:14] – [Topologie] LibertAdmin | tech:hypervisor-01 [06/11/2023 15:04] (Version actuelle) – [Routage et filtrage avec iptables] LibertAdmin | ||
---|---|---|---|
Ligne 20: | Ligne 20: | ||
* plusieurs machines virtuelles KVM/QEMU pour les services, pilotées par libvirt, sur 192.168.10.0/ | * plusieurs machines virtuelles KVM/QEMU pour les services, pilotées par libvirt, sur 192.168.10.0/ | ||
* [[tech: | * [[tech: | ||
- | * [[tech: | + | * [[tech: |
- | * [[tech: | + | |
- | * [[tech: | + | * [[tech: |
- | * [[tech: | + | |
- | * [[tech: | + | |
- | * [[tech: | + | * [[tech: |
+ | |||
+ | Toutes les requêtes venant d' | ||
+ | |||
+ | ===== Configuration ===== | ||
+ | ==== Système d' | ||
+ | * Debian stable (Debian 12 « Bookworm ») | ||
+ | * Debian oldstable pour le serveur web-01 (Debian 11 « Bullseye ») | ||
+ | |||
+ | ==== Adressage IP ==== | ||
+ | Hetzner offre une IP publique. Nous avons modifié l' | ||
+ | |||
+ | L' | ||
+ | |||
+ | L' | ||
+ | |||
+ | < | ||
+ | root@hypervisor-01 ~ # cat / | ||
+ | ### Hetzner Online GmbH installimage | ||
+ | |||
+ | source / | ||
+ | |||
+ | auto lo | ||
+ | iface lo inet loopback | ||
+ | iface lo inet6 loopback | ||
+ | |||
+ | auto br0 | ||
+ | iface br0 inet static | ||
+ | bridge_ports enp0s31f6 | ||
+ | bridge_hw enp0s31f6 | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | bridge_maxwait 0 | ||
+ | address | ||
+ | netmask | ||
+ | gateway | ||
+ | pre-up / | ||
+ | |||
+ | iface br0 inet6 static | ||
+ | bridge_ports enp0s31f6 | ||
+ | bridge_hw enp0s31f6 | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | bridge_maxwait 0 | ||
+ | address 2a01: | ||
+ | netmask 64 | ||
+ | gateway fe80::1 | ||
+ | |||
+ | # Management | ||
+ | auto br1 | ||
+ | iface br1 inet static | ||
+ | bridge_ports none | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | address XXX | ||
+ | netmask 255.255.255.0 | ||
+ | |||
+ | iface br1 inet6 static | ||
+ | bridge_ports none | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | address XXX | ||
+ | netmask 120 | ||
+ | |||
+ | # VM-LAN | ||
+ | auto br2 | ||
+ | iface br2 inet static | ||
+ | bridge_ports none | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | address 192.168.10.1 | ||
+ | netmask 255.255.255.0 | ||
+ | |||
+ | iface br2 inet6 static | ||
+ | bridge_ports none | ||
+ | bridge_fd 0 | ||
+ | bridge_stp off | ||
+ | address 2a01: | ||
+ | netmask 120 | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Routage et filtrage avec iptables ==== | ||
+ | |||
+ | Nous avons dû ensuite router et rediriger tout ça avec iptables afin de communiquer depuis l' | ||
+ | |||
+ | Le paquet '' | ||
+ | Le port SSH a été masqué. | ||
+ | |||
+ | Il est bien sûr extrêmement important de sécuriser SSH : interdire le login root avec mot de passe, utiliser de bons algorithmes de chiffrement, | ||
+ | |||
+ | Les règles concernant le réseau d' | ||
+ | |||
+ | Pour IPv4, dans ''/ | ||
+ | |||
+ | <code bash> | ||
+ | *nat | ||
+ | # Router le trafic Web vers le serveur web : | ||
+ | -A PREROUTING -d 159.69.59.13/ | ||
+ | # Router le mail envoi/ | ||
+ | -A PREROUTING -d 159.69.59.13/ | ||
+ | # Router le 8484 pour Zabbix vers le serveur monitoring : | ||
+ | -A PREROUTING -d 159.69.59.13/ | ||
+ | # Ne pas appliquer le masquerading sur le broadcast/ | ||
+ | -A POSTROUTING -s 192.168.10.0/ | ||
+ | -A POSTROUTING -s 192.168.10.0/ | ||
+ | # Masquerading sur tous les ports dans le sens sortant (VM -> Internet) | ||
+ | -A POSTROUTING -s 192.168.10.0/ | ||
+ | -A POSTROUTING -s 192.168.10.0/ | ||
+ | -A POSTROUTING -s 192.168.10.0/ | ||
+ | COMMIT | ||
+ | *filter | ||
+ | # Accepter le trafic basique : ICMP, boucle locale et connexions établies, en entrée : | ||
+ | -A INPUT -m conntrack --ctstate RELATED, | ||
+ | -A INPUT -i lo -j ACCEPT | ||
+ | -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT | ||
+ | # Accepter le SSH : | ||
+ | -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW --dport 22 -j ACCEPT | ||
+ | -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW --dport 1984 -j ACCEPT | ||
+ | # Accepter les connexions pour le mail : | ||
+ | -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW -m multiport --dports 587,993,25 -j ACCEPT | ||
+ | # Accepter le tunnel SSH vers le serveur web-01 sur le port 52365 : | ||
+ | -A INPUT -p tcp -m tcp -m conntrack --ctstate NEW --dport 52365 -j ACCEPT | ||
+ | # Accepter les requêtes DNS (port 53) depuis les VM : | ||
+ | -A INPUT -i br2 -p udp -m udp -m multiport --dports 53 -j ACCEPT | ||
+ | -A INPUT -i br2 -p tcp -m tcp -m multiport --dports 53 -j ACCEPT | ||
+ | # Bloquer les requêtes rpcbind/ | ||
+ | -A INPUT -i br2 -p tcp -m multiport --dport 2049 -j ACCEPT | ||
+ | -A INPUT -i br2 -p tcp -m multiport --dport 111 -j ACCEPT | ||
+ | -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT | ||
+ | -A INPUT -p udp --dport 111 -j DROP | ||
+ | -A INPUT -p tcp --dport 111 -j DROP | ||
+ | # Accepter les requêtes Zabbix passives (port 10050) depuis les VM : | ||
+ | -A INPUT -i br2 -p tcp -m tcp -m multiport --dports 10050 -j ACCEPT | ||
+ | # On refuse les trop nombreux ping : | ||
+ | -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -m limit --limit 1/s --limit-burst 1 -j ACCEPT | ||
+ | -A INPUT -p icmp -j DROP | ||
+ | # On refuse tout le reste : | ||
+ | -A INPUT -m conntrack --ctstate INVALID -j DROP | ||
+ | -A INPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset | ||
+ | -A INPUT -j REJECT --reject-with icmp-port-unreachable | ||
+ | # Accepter les connexions établies sur le LAN : | ||
+ | -A FORWARD -d 192.168.10.0/ | ||
+ | # Accepter le trafic sortant depuis le LAN : | ||
+ | -A FORWARD -s 192.168.10.0/ | ||
+ | # Accepter le trafic interne entre les VM : | ||
+ | -A FORWARD -i br2 -o br2 -j ACCEPT | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour le Web vers le serveur web : | ||
+ | -A FORWARD -d 192.168.10.5/ | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour le mail vers le serveur mail : | ||
+ | -A FORWARD -d 192.168.10.7/ | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour le monitoring vers le serveur de monitoring : | ||
+ | -A FORWARD -d 192.168.10.250/ | ||
+ | # On bloque TOUT le trafic en provenance de Meta/ | ||
+ | -A INPUT -s 102.132.96.0/ | ||
+ | -A INPUT -s 103.4.96.0/ | ||
+ | -A INPUT -s 129.134.0.0/ | ||
+ | -A INPUT -s 129.134.160.0/ | ||
+ | -A INPUT -s 129.134.25.0/ | ||
+ | -A INPUT -s 129.134.26.0/ | ||
+ | -A INPUT -s 129.134.27.0/ | ||
+ | -A INPUT -s 129.134.28.0/ | ||
+ | -A INPUT -s 129.134.29.0/ | ||
+ | -A INPUT -s 129.134.30.0/ | ||
+ | -A INPUT -s 129.134.31.0/ | ||
+ | -A INPUT -s 139.223.200.130/ | ||
+ | -A INPUT -s 157.240.0.0/ | ||
+ | -A INPUT -s 157.240.192.0/ | ||
+ | -A INPUT -s 157.240.195.0/ | ||
+ | -A INPUT -s 157.240.196.0/ | ||
+ | -A INPUT -s 157.240.197.0/ | ||
+ | -A INPUT -s 157.240.198.0/ | ||
+ | -A INPUT -s 157.240.199.0/ | ||
+ | -A INPUT -s 157.240.200.0/ | ||
+ | -A INPUT -s 157.240.201.0/ | ||
+ | -A INPUT -s 157.240.202.0/ | ||
+ | -A INPUT -s 157.240.203.0/ | ||
+ | -A INPUT -s 157.240.204.0/ | ||
+ | -A INPUT -s 157.240.205.0/ | ||
+ | -A INPUT -s 157.240.207.0/ | ||
+ | -A INPUT -s 157.240.208.0/ | ||
+ | -A INPUT -s 157.240.209.0/ | ||
+ | -A INPUT -s 157.240.210.0/ | ||
+ | -A INPUT -s 157.240.211.0/ | ||
+ | -A INPUT -s 157.240.212.0/ | ||
+ | -A INPUT -s 157.240.214.0/ | ||
+ | -A INPUT -s 157.240.215.0/ | ||
+ | -A INPUT -s 157.240.216.0/ | ||
+ | -A INPUT -s 157.240.217.0/ | ||
+ | -A INPUT -s 157.240.218.0/ | ||
+ | -A INPUT -s 157.240.22.0/ | ||
+ | -A INPUT -s 157.240.221.0/ | ||
+ | -A INPUT -s 157.240.222.0/ | ||
+ | -A INPUT -s 157.240.223.0/ | ||
+ | -A INPUT -s 157.240.224.0/ | ||
+ | -A INPUT -s 157.240.225.0/ | ||
+ | -A INPUT -s 157.240.226.0/ | ||
+ | -A INPUT -s 157.240.227.0/ | ||
+ | -A INPUT -s 157.240.228.0/ | ||
+ | -A INPUT -s 157.240.229.0/ | ||
+ | -A INPUT -s 157.240.23.0/ | ||
+ | -A INPUT -s 157.240.231.0/ | ||
+ | -A INPUT -s 157.240.232.0/ | ||
+ | -A INPUT -s 157.240.233.0/ | ||
+ | -A INPUT -s 157.240.234.0/ | ||
+ | -A INPUT -s 157.240.235.0/ | ||
+ | -A INPUT -s 157.240.236.0/ | ||
+ | -A INPUT -s 157.240.237.0/ | ||
+ | -A INPUT -s 157.240.238.0/ | ||
+ | -A INPUT -s 157.240.239.0/ | ||
+ | -A INPUT -s 157.240.240.0/ | ||
+ | -A INPUT -s 157.240.24.0/ | ||
+ | -A INPUT -s 157.240.241.0/ | ||
+ | -A INPUT -s 157.240.242.0/ | ||
+ | -A INPUT -s 157.240.243.0/ | ||
+ | -A INPUT -s 157.240.244.0/ | ||
+ | -A INPUT -s 157.240.245.0/ | ||
+ | -A INPUT -s 157.240.247.0/ | ||
+ | -A INPUT -s 157.240.249.0/ | ||
+ | -A INPUT -s 157.240.250.0/ | ||
+ | -A INPUT -s 157.240.25.0/ | ||
+ | -A INPUT -s 157.240.251.0/ | ||
+ | -A INPUT -s 157.240.252.0/ | ||
+ | -A INPUT -s 157.240.253.0/ | ||
+ | -A INPUT -s 157.240.254.0/ | ||
+ | -A INPUT -s 157.240.26.0/ | ||
+ | -A INPUT -s 157.240.27.0/ | ||
+ | -A INPUT -s 157.240.28.0/ | ||
+ | -A INPUT -s 157.240.29.0/ | ||
+ | -A INPUT -s 157.240.30.0/ | ||
+ | -A INPUT -s 157.240.3.0/ | ||
+ | -A INPUT -s 157.240.31.0/ | ||
+ | -A INPUT -s 157.240.5.0/ | ||
+ | -A INPUT -s 157.240.6.0/ | ||
+ | -A INPUT -s 157.240.7.0/ | ||
+ | -A INPUT -s 157.240.8.0/ | ||
+ | -A INPUT -s 157.240.9.0/ | ||
+ | -A INPUT -s 162.254.207.51/ | ||
+ | -A INPUT -s 162.255.119.207/ | ||
+ | -A INPUT -s 172.67.135.213/ | ||
+ | -A INPUT -s 173.252.64.0/ | ||
+ | -A INPUT -s 179.60.192.0/ | ||
+ | -A INPUT -s 185.199.108.153/ | ||
+ | -A INPUT -s 185.199.111.153/ | ||
+ | -A INPUT -s 185.60.216.0/ | ||
+ | -A INPUT -s 198.54.117.211/ | ||
+ | -A INPUT -s 204.15.20.0/ | ||
+ | -A INPUT -s 27.124.125.189/ | ||
+ | -A INPUT -s 31.13.24.0/ | ||
+ | -A INPUT -s 31.13.64.0/ | ||
+ | -A INPUT -s 34.117.168.233/ | ||
+ | -A INPUT -s 37.9.175.187/ | ||
+ | -A INPUT -s 45.130.41.7/ | ||
+ | -A INPUT -s 45.64.40.0/ | ||
+ | -A INPUT -s 45.91.92.164/ | ||
+ | -A INPUT -s 54.81.116.232/ | ||
+ | -A INPUT -s 61.9.242.43/ | ||
+ | -A INPUT -s 64.225.91.73/ | ||
+ | -A INPUT -s 66.220.144.0/ | ||
+ | -A INPUT -s 69.171.224.0/ | ||
+ | -A INPUT -s 74.119.76.0/ | ||
+ | -A INPUT -s 89.223.68.248/ | ||
+ | # Rejeter tout le reste : | ||
+ | -A FORWARD -i br2 -j REJECT --reject-with icmp-port-unreachable | ||
+ | -A FORWARD -o br2 -j REJECT --reject-with icmp-port-unreachable | ||
+ | COMMIT | ||
+ | </ | ||
+ | |||
+ | Pour IPv6, dans ''/ | ||
+ | |||
+ | <code bash> | ||
+ | # Accepter le trafic basique : ICMP, boucle locale et connexions établies, en entrée : | ||
+ | -A INPUT -m conntrack --ctstate RELATED, | ||
+ | -A INPUT -i lo -j ACCEPT | ||
+ | -A INPUT ! -i lo -d ::1/128 -j REJECT | ||
+ | # Accepter le SSH : | ||
+ | -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW --dport 22 -j ACCEPT | ||
+ | -A INPUT -p tcp -m tcp --syn -m conntrack --ctstate NEW --dport 1984 -j ACCEPT | ||
+ | # Accepter le tunnel SSH vers le serveur web-01 sur le port 52365 : | ||
+ | -A INPUT -p tcp -m tcp -m conntrack --ctstate NEW --dport 52365 -j ACCEPT | ||
+ | # Accepter les requêtes DNS (port 53) depuis les VM : | ||
+ | -A INPUT -i br2 -p udp -m udp -m multiport --dports 53 -j ACCEPT | ||
+ | -A INPUT -i br2 -p tcp -m tcp -m multiport --dports 53 -j ACCEPT | ||
+ | # Bloquer les requêtes rpcbind/ | ||
+ | -A INPUT -i br2 -p tcp -m multiport --dport 2049 -j ACCEPT | ||
+ | -A INPUT -i br2 -p tcp -m multiport --dport 111 -j ACCEPT | ||
+ | -A INPUT -p tcp -s :: | ||
+ | -A INPUT -p udp --dport 111 -j DROP | ||
+ | -A INPUT -p tcp --dport 111 -j DROP | ||
+ | # Accepter les requêtes Zabbix passives (port 10050) depuis les VM : | ||
+ | -A INPUT -i br2 -p tcp -m tcp -m multiport --dports 10050 -j ACCEPT | ||
+ | # On accepte l' | ||
+ | -A INPUT -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type neighbour-advertisement -m hl --hl-eq 255 -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type neighbour-solicitation -m hl --hl-eq 255 -j ACCEPT | ||
+ | # On refuse les trop nombreux ping : | ||
+ | -A INPUT -p icmpv6 --icmpv6-type echo-request -m conntrack --ctstate NEW -m limit --limit 1/s --limit-burst 1 -j ACCEPT | ||
+ | -A INPUT -p icmpv6 --icmpv6-type echo-request -j DROP | ||
+ | # On refuse tout le reste en entrée : | ||
+ | -A INPUT -m conntrack --ctstate INVALID -j DROP | ||
+ | -A INPUT -j REJECT | ||
+ | # Accepter les connexions établies sur le LAN : | ||
+ | -A FORWARD -d 2a01: | ||
+ | # Accepter le trafic sortant depuis le LAN : | ||
+ | -A FORWARD -s 2a01: | ||
+ | # Accepter le trafic interne entre les VM : | ||
+ | -A FORWARD -i br2 -o br2 -j ACCEPT | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour le Web vers le serveur web : | ||
+ | -A FORWARD -d 2a01: | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour le mail vers le serveur mail : | ||
+ | -A FORWARD -d 2a01: | ||
+ | # Accepter les paquets redirigés vers des ports particuliers pour Zabbix tcp 8484 vers le serveur monitoring : | ||
+ | -A FORWARD -d 2a01: | ||
+ | # On bloque TOUT le trafic en provenance de Meta/ | ||
+ | -A INPUT -s 2620: | ||
+ | -A INPUT -s 2620: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2a03: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | -A INPUT -s 2c0f: | ||
+ | # Rejeter tout le reste : | ||
+ | -A FORWARD -i br2 -j REJECT | ||
+ | -A FORWARD -o br2 -j REJECT | ||
+ | COMMIT | ||
+ | </ | ||
+ | ==== Paquets installés ==== | ||
+ | |||
+ | Pour virtualiser, | ||
+ | La liste des paquets : | ||
+ | |||
+ | < | ||
+ | # dpkg -l | grep ' | ||
+ | acl | ||
+ | acpid | ||
+ | adduser | ||
+ | adwaita-icon-theme | ||
+ | amd64-microcode | ||
+ | apt | ||
+ | aptitude | ||
+ | aptitude-common | ||
+ | apt-utils | ||
+ | at | ||
+ | at-spi2-common | ||
+ | base-files | ||
+ | base-passwd | ||
+ | bash | ||
+ | bash-completion | ||
+ | bind9-dnsutils | ||
+ | bind9-host | ||
+ | bind9-libs: | ||
+ | binutils | ||
+ | binutils-common: | ||
+ | binutils-x86-64-linux-gnu | ||
+ | bridge-utils | ||
+ | bsdextrautils | ||
+ | bsdutils | ||
+ | btrfs-progs | ||
+ | busybox | ||
+ | bzip2 | ||
+ | ca-certificates | ||
+ | console-setup | ||
+ | console-setup-linux | ||
+ | coreutils | ||
+ | cpio | ||
+ | cpp | ||
+ | cpp-10 | ||
+ | cpp-12 | ||
+ | cron | ||
+ | cron-daemon-common | ||
+ | cryptsetup | ||
+ | cryptsetup-bin | ||
+ | cryptsetup-initramfs | ||
+ | curl | ||
+ | dash | ||
+ | dbus | ||
+ | dbus-bin | ||
+ | dbus-daemon | ||
+ | dbus-session-bus-common | ||
+ | dbus-system-bus-common | ||
+ | dbus-user-session | ||
+ | dconf-gsettings-backend: | ||
+ | dconf-service | ||
+ | debconf | ||
+ | debconf-i18n | ||
+ | debian-archive-keyring | ||
+ | debianutils | ||
+ | diffutils | ||
+ | discover | ||
+ | discover-data | ||
+ | distro-info-data | ||
+ | dkms | ||
+ | dmeventd | ||
+ | dmidecode | ||
+ | dmsetup | ||
+ | dnsmasq | ||
+ | dnsmasq-base | ||
+ | dnsutils | ||
+ | dosfstools | ||
+ | dpkg | ||
+ | dpkg-dev | ||
+ | e2fsprogs | ||
+ | efibootmgr | ||
+ | ethtool | ||
+ | fail2ban | ||
+ | fdisk | ||
+ | file | ||
+ | findutils | ||
+ | firmware-bnx2x | ||
+ | fontconfig | ||
+ | fontconfig-config | ||
+ | fonts-dejavu-core | ||
+ | gcc | ||
+ | gcc-10 | ||
+ | gcc-10-base: | ||
+ | gcc-11-base: | ||
+ | gcc-12 | ||
+ | gcc-12-base: | ||
+ | gcc-9-base: | ||
+ | gdisk | ||
+ | gettext-base | ||
+ | gpgv | ||
+ | grep | ||
+ | groff-base | ||
+ | grub2-common | ||
+ | grub-common | ||
+ | grub-efi-amd64 | ||
+ | grub-efi-amd64-bin | ||
+ | grub-pc-bin | ||
+ | gtk-update-icon-cache | ||
+ | gzip | ||
+ | hicolor-icon-theme | ||
+ | hostname | ||
+ | htop | ||
+ | iftop | ||
+ | ifupdown | ||
+ | inetutils-telnet | ||
+ | init | ||
+ | initramfs-tools | ||
+ | initramfs-tools-core | ||
+ | init-system-helpers | ||
+ | intel-microcode | ||
+ | iotop | ||
+ | ipcalc-ng | ||
+ | iproute2 | ||
+ | iptables | ||
+ | iptables-persistent | ||
+ | iputils-ping | ||
+ | ipxe-qemu | ||
+ | isc-dhcp-client | ||
+ | isc-dhcp-common | ||
+ | iso-codes | ||
+ | iucode-tool | ||
+ | kbd | ||
+ | keyboard-configuration | ||
+ | keyutils | ||
+ | klibc-utils | ||
+ | kmod | ||
+ | laptop-detect | ||
+ | less | ||
+ | libacl1: | ||
+ | libaio1: | ||
+ | libapparmor1: | ||
+ | libapt-pkg6.0: | ||
+ | libargon2-1: | ||
+ | libasan6: | ||
+ | libasan8: | ||
+ | libasound2: | ||
+ | libasound2-data | ||
+ | libasyncns0: | ||
+ | libatk1.0-0: | ||
+ | libatk-bridge2.0-0: | ||
+ | libatomic1: | ||
+ | libatspi2.0-0: | ||
+ | libattr1: | ||
+ | libaudit1: | ||
+ | libaudit-common | ||
+ | libavahi-client3: | ||
+ | libavahi-common3: | ||
+ | libavahi-common-data: | ||
+ | libbinutils: | ||
+ | libblkid1: | ||
+ | libboost-iostreams1.74.0: | ||
+ | libbpf0: | ||
+ | libbpf1: | ||
+ | libbrlapi0.8: | ||
+ | libbrotli1: | ||
+ | libbsd0: | ||
+ | libbz2-1.0: | ||
+ | libc6: | ||
+ | libc6-dev: | ||
+ | libcacard0: | ||
+ | libcairo2: | ||
+ | libcairo-gobject2: | ||
+ | libcap2: | ||
+ | libcap2-bin | ||
+ | libcap-ng0: | ||
+ | libcapstone4: | ||
+ | libc-bin | ||
+ | libcbor0.8: | ||
+ | libcc1-0: | ||
+ | libc-dev-bin | ||
+ | libc-l10n | ||
+ | libcolord2: | ||
+ | libcom-err2: | ||
+ | libcrypt1: | ||
+ | libcrypt-dev: | ||
+ | libcryptsetup12: | ||
+ | libctf0: | ||
+ | libctf-nobfd0: | ||
+ | libcups2: | ||
+ | libcurl3-gnutls: | ||
+ | libcurl4: | ||
+ | libcwidget4: | ||
+ | libdatrie1: | ||
+ | libdaxctl1: | ||
+ | libdb5.3: | ||
+ | libdbus-1-3: | ||
+ | libdconf1: | ||
+ | libdebconfclient0: | ||
+ | libdecor-0-0: | ||
+ | libdeflate0: | ||
+ | libdevmapper1.02.1: | ||
+ | libdevmapper-event1.02.1: | ||
+ | libdiscover2 | ||
+ | libdns-export1110 | ||
+ | libdpkg-perl | ||
+ | libdrm2: | ||
+ | libdrm-amdgpu1: | ||
+ | libdrm-common | ||
+ | libdrm-intel1: | ||
+ | libdrm-nouveau2: | ||
+ | libdrm-radeon1: | ||
+ | libduktape207: | ||
+ | libdw1: | ||
+ | libedit2: | ||
+ | libefiboot1: | ||
+ | libefivar1: | ||
+ | libelf1: | ||
+ | libepoxy0: | ||
+ | libestr0: | ||
+ | libevent-core-2.1-7: | ||
+ | libexecs0: | ||
+ | libexpat1: | ||
+ | libext2fs2: | ||
+ | libfastjson4: | ||
+ | libfdisk1: | ||
+ | libfdt1: | ||
+ | libffi7: | ||
+ | libffi8: | ||
+ | libfido2-1: | ||
+ | libfile-find-rule-perl | ||
+ | libflac12: | ||
+ | libfontconfig1: | ||
+ | libfreetype6: | ||
+ | libfribidi0: | ||
+ | libfstrm0: | ||
+ | libfuse2: | ||
+ | libfuse3-3: | ||
+ | libgbm1: | ||
+ | libgcc-10-dev: | ||
+ | libgcc-12-dev: | ||
+ | libgcc-s1: | ||
+ | libgcrypt20: | ||
+ | libgdbm6: | ||
+ | libgdbm-compat4: | ||
+ | libgdk-pixbuf-2.0-0: | ||
+ | libgdk-pixbuf2.0-common | ||
+ | libgl1: | ||
+ | libgl1-mesa-dri: | ||
+ | libglapi-mesa: | ||
+ | libglib2.0-0: | ||
+ | libglvnd0: | ||
+ | libglx0: | ||
+ | libglx-mesa0: | ||
+ | libgmp10: | ||
+ | libgnutls30: | ||
+ | libgomp1: | ||
+ | libgpg-error0: | ||
+ | libgpm2: | ||
+ | libgprofng0: | ||
+ | libgraphite2-3: | ||
+ | libgssapi-krb5-2: | ||
+ | libgstreamer1.0-0: | ||
+ | libgstreamer-plugins-base1.0-0: | ||
+ | libgtk-3-0: | ||
+ | libgtk-3-common | ||
+ | libharfbuzz0b: | ||
+ | libhogweed6: | ||
+ | libibverbs1: | ||
+ | libicu72: | ||
+ | libidn2-0: | ||
+ | libinih1: | ||
+ | libip4tc2: | ||
+ | libip6tc2: | ||
+ | libisc-export1105: | ||
+ | libisl23: | ||
+ | libitm1: | ||
+ | libjack-jackd2-0: | ||
+ | libjansson4: | ||
+ | libjbig0: | ||
+ | libjemalloc2: | ||
+ | libjpeg62-turbo: | ||
+ | libjson-c5: | ||
+ | libk5crypto3: | ||
+ | libkeyutils1: | ||
+ | libklibc: | ||
+ | libkmod2: | ||
+ | libkrb5-3: | ||
+ | libkrb5support0: | ||
+ | liblcms2-2: | ||
+ | libldap-2.5-0: | ||
+ | libldap-common | ||
+ | liblerc4: | ||
+ | libllvm15: | ||
+ | liblmdb0: | ||
+ | liblocale-gettext-perl | ||
+ | liblockfile-bin | ||
+ | liblognorm5: | ||
+ | liblsan0: | ||
+ | liblvm2cmd2.03: | ||
+ | liblz4-1: | ||
+ | liblzma5: | ||
+ | liblzo2-2: | ||
+ | libmagic1: | ||
+ | libmagic-mgc | ||
+ | libmaxminddb0: | ||
+ | libmd0: | ||
+ | libmnl0: | ||
+ | libmount1: | ||
+ | libmp3lame0: | ||
+ | libmpc3: | ||
+ | libmpfr6: | ||
+ | libmpg123-0: | ||
+ | libncurses6: | ||
+ | libncursesw6: | ||
+ | libndctl6: | ||
+ | libnetfilter-conntrack3: | ||
+ | libnettle8: | ||
+ | libnewt0.52: | ||
+ | libnfnetlink0: | ||
+ | libnfsidmap1: | ||
+ | libnftables1: | ||
+ | libnftnl11: | ||
+ | libnghttp2-14: | ||
+ | libnl-3-200: | ||
+ | libnl-genl-3-200: | ||
+ | libnl-route-3-200: | ||
+ | libnsl2: | ||
+ | libnsl-dev: | ||
+ | libnspr4: | ||
+ | libnss3: | ||
+ | libnss-systemd: | ||
+ | libnuma1: | ||
+ | libnumber-compare-perl | ||
+ | libnvpair3linux | ||
+ | libogg0: | ||
+ | libopus0: | ||
+ | liborc-0.4-0: | ||
+ | libp11-kit0: | ||
+ | libpam0g: | ||
+ | libpam-modules: | ||
+ | libpam-modules-bin | ||
+ | libpam-runtime | ||
+ | libpam-systemd: | ||
+ | libpango-1.0-0: | ||
+ | libpangocairo-1.0-0: | ||
+ | libpangoft2-1.0-0: | ||
+ | libparted2: | ||
+ | libpcap0.8: | ||
+ | libpci3: | ||
+ | libpciaccess0: | ||
+ | libpcre2-8-0: | ||
+ | libpcre3: | ||
+ | libpcsclite1: | ||
+ | libperl5.36: | ||
+ | libpipeline1: | ||
+ | libpixman-1-0: | ||
+ | libpmem1: | ||
+ | libpng16-16: | ||
+ | libpolkit-agent-1-0: | ||
+ | libpolkit-gobject-1-0: | ||
+ | libpopt0: | ||
+ | libproc2-0: | ||
+ | libprocps8: | ||
+ | libprotobuf-c1: | ||
+ | libpsl5: | ||
+ | libpulse0: | ||
+ | libpython3.11-minimal: | ||
+ | libpython3.11-stdlib: | ||
+ | libpython3-stdlib: | ||
+ | libquadmath0: | ||
+ | librdmacm1: | ||
+ | libreadline8: | ||
+ | librtmp1: | ||
+ | libsamplerate0: | ||
+ | libsasl2-2: | ||
+ | libsasl2-modules: | ||
+ | libsasl2-modules-db: | ||
+ | libsdl2-2.0-0: | ||
+ | libseccomp2: | ||
+ | libselinux1: | ||
+ | libsemanage2: | ||
+ | libsemanage-common | ||
+ | libsensors5: | ||
+ | libsensors-config | ||
+ | libsepol1: | ||
+ | libsepol2: | ||
+ | libsigc++-2.0-0v5: | ||
+ | libslang2: | ||
+ | libslirp0: | ||
+ | libsmartcols1: | ||
+ | libsndfile1: | ||
+ | libsndio7.0: | ||
+ | libsodium23: | ||
+ | libspice-server1: | ||
+ | libsqlite3-0: | ||
+ | libss2: | ||
+ | libssh2-1: | ||
+ | libssh-4: | ||
+ | libssl1.1: | ||
+ | libssl3: | ||
+ | libstdc++6: | ||
+ | libsystemd0: | ||
+ | libsystemd-shared: | ||
+ | libtasn1-6: | ||
+ | libtext-charwidth-perl: | ||
+ | libtext-glob-perl | ||
+ | libtext-iconv-perl: | ||
+ | libtext-wrapi18n-perl | ||
+ | libthai0: | ||
+ | libthai-data | ||
+ | libtiff6: | ||
+ | libtinfo6: | ||
+ | libtirpc3: | ||
+ | libtirpc-common | ||
+ | libtirpc-dev: | ||
+ | libtsan0: | ||
+ | libtsan2: | ||
+ | libubsan1: | ||
+ | libuchardet0: | ||
+ | libudev1: | ||
+ | libunistring2: | ||
+ | libunwind8: | ||
+ | liburcu8: | ||
+ | liburing2: | ||
+ | libusb-1.0-0: | ||
+ | libusbredirparser1: | ||
+ | libuuid1: | ||
+ | libuutil3linux | ||
+ | libuv1: | ||
+ | libva2: | ||
+ | libva-drm2: | ||
+ | libvdeplug2: | ||
+ | libvirglrenderer1: | ||
+ | libvirt0: | ||
+ | libvirt-clients | ||
+ | libvirt-daemon | ||
+ | libvirt-daemon-config-network | ||
+ | libvirt-daemon-config-nwfilter | ||
+ | libvirt-daemon-driver-qemu | ||
+ | libvirt-daemon-system | ||
+ | libvirt-daemon-system-systemd | ||
+ | libvorbis0a: | ||
+ | libvorbisenc2: | ||
+ | libvte-2.91-0: | ||
+ | libvte-2.91-common | ||
+ | libvulkan1: | ||
+ | libwayland-client0: | ||
+ | libwayland-cursor0: | ||
+ | libwayland-egl1: | ||
+ | libwayland-server0: | ||
+ | libwebp7: | ||
+ | libwrap0: | ||
+ | libx11-6: | ||
+ | libx11-data | ||
+ | libx11-xcb1: | ||
+ | libxapian30: | ||
+ | libxau6: | ||
+ | libxcb1: | ||
+ | libxcb-dri2-0: | ||
+ | libxcb-dri3-0: | ||
+ | libxcb-glx0: | ||
+ | libxcb-present0: | ||
+ | libxcb-randr0: | ||
+ | libxcb-render0: | ||
+ | libxcb-shm0: | ||
+ | libxcb-sync1: | ||
+ | libxcb-xfixes0: | ||
+ | libxcomposite1: | ||
+ | libxcursor1: | ||
+ | libxdamage1: | ||
+ | libxdmcp6: | ||
+ | libxext6: | ||
+ | libxfixes3: | ||
+ | libxi6: | ||
+ | libxinerama1: | ||
+ | libxkbcommon0: | ||
+ | libxml2: | ||
+ | libxrandr2: | ||
+ | libxrender1: | ||
+ | libxshmfence1: | ||
+ | libxss1: | ||
+ | libxtables12: | ||
+ | libxxf86vm1: | ||
+ | libxxhash0: | ||
+ | libyajl2: | ||
+ | libz3-4: | ||
+ | libzfs4linux | ||
+ | libzpool5linux | ||
+ | libzstd1: | ||
+ | linux-base | ||
+ | linux-compiler-gcc-10-x86 | ||
+ | linux-compiler-gcc-12-x86 | ||
+ | linux-headers-5.10.0-15-amd64 | ||
+ | linux-headers-5.10.0-15-common | ||
+ | linux-headers-5.10.0-16-amd64 | ||
+ | linux-headers-5.10.0-16-common | ||
+ | linux-headers-5.10.0-17-amd64 | ||
+ | linux-headers-5.10.0-17-common | ||
+ | linux-headers-5.10.0-18-amd64 | ||
+ | linux-headers-5.10.0-18-common | ||
+ | linux-headers-5.10.0-19-amd64 | ||
+ | linux-headers-5.10.0-19-common | ||
+ | linux-headers-5.10.0-25-amd64 | ||
+ | linux-headers-5.10.0-25-common | ||
+ | linux-headers-6.1.0-12-amd64 | ||
+ | linux-headers-6.1.0-12-common | ||
+ | linux-headers-amd64 | ||
+ | linux-image-5.10.0-25-amd64 | ||
+ | linux-image-6.1.0-12-amd64 | ||
+ | linux-image-amd64 | ||
+ | linux-kbuild-5.10 | ||
+ | linux-kbuild-6.1 | ||
+ | linux-libc-dev: | ||
+ | lm-sensors | ||
+ | locales | ||
+ | login | ||
+ | logrotate | ||
+ | logsave | ||
+ | lsb-base | ||
+ | lsb-release | ||
+ | lsof | ||
+ | lvm2 | ||
+ | mailcap | ||
+ | make | ||
+ | man-db | ||
+ | manpages | ||
+ | mawk | ||
+ | mbuffer | ||
+ | mdadm | ||
+ | media-types | ||
+ | mime-support | ||
+ | mokutil | ||
+ | mount | ||
+ | mtr-tiny | ||
+ | nano | ||
+ | ncurses-base | ||
+ | ncurses-bin | ||
+ | ncurses-term | ||
+ | netbase | ||
+ | netcat-traditional | ||
+ | netfilter-persistent | ||
+ | net-tools | ||
+ | nfs-common | ||
+ | nfs-kernel-server | ||
+ | nftables | ||
+ | openssh-client | ||
+ | openssh-server | ||
+ | openssh-sftp-server | ||
+ | openssl | ||
+ | passwd | ||
+ | patch | ||
+ | pci.ids | ||
+ | pciutils | ||
+ | perl | ||
+ | perl-base | ||
+ | perl-modules-5.36 | ||
+ | pkexec | ||
+ | policykit-1 | ||
+ | polkitd | ||
+ | procps | ||
+ | publicsuffix | ||
+ | python3 | ||
+ | python3.11 | ||
+ | python3.11-minimal | ||
+ | python3-apt | ||
+ | python3-certifi | ||
+ | python3-chardet | ||
+ | python3-charset-normalizer | ||
+ | python3-debian | ||
+ | python3-debianbts | ||
+ | python3-distutils | ||
+ | python3-httplib2 | ||
+ | python3-idna | ||
+ | python3-lib2to3 | ||
+ | python3-minimal | ||
+ | python3-pkg-resources | ||
+ | python3-pycurl | ||
+ | python3-pyparsing | ||
+ | python3-pysimplesoap | ||
+ | python3-reportbug | ||
+ | python3-requests | ||
+ | python3-six | ||
+ | python3-urllib3 | ||
+ | python-apt-common | ||
+ | python-is-python3 | ||
+ | qemu-system-common | ||
+ | qemu-system-data | ||
+ | qemu-system-gui | ||
+ | qemu-system-x86 | ||
+ | qemu-utils | ||
+ | readline-common | ||
+ | reportbug | ||
+ | rpcbind | ||
+ | rpcsvc-proto | ||
+ | rsync | ||
+ | rsyslog | ||
+ | runit-helper | ||
+ | seabios | ||
+ | sed | ||
+ | sensible-utils | ||
+ | sgml-base | ||
+ | shared-mime-info | ||
+ | shim-helpers-amd64-signed | ||
+ | shim-signed: | ||
+ | shim-signed-common | ||
+ | shim-unsigned | ||
+ | smartmontools | ||
+ | spl-dkms | ||
+ | sudo | ||
+ | sysstat | ||
+ | systemd | ||
+ | systemd-container | ||
+ | systemd-sysv | ||
+ | systemd-timesyncd | ||
+ | sysvinit-utils | ||
+ | tar | ||
+ | task-english | ||
+ | tasksel | ||
+ | tasksel-data | ||
+ | task-ssh-server | ||
+ | tcpdump | ||
+ | traceroute | ||
+ | tree | ||
+ | tzdata | ||
+ | ucf | ||
+ | udev | ||
+ | usrmerge | ||
+ | util-linux | ||
+ | util-linux-extra | ||
+ | util-linux-locales | ||
+ | vim | ||
+ | vim-common | ||
+ | vim-runtime | ||
+ | vim-tiny | ||
+ | wget | ||
+ | whiptail | ||
+ | x11-common | ||
+ | xfsprogs | ||
+ | xkb-data | ||
+ | xml-core | ||
+ | xxd | ||
+ | xz-utils | ||
+ | zabbix-agent2 | ||
+ | zfs-dkms | ||
+ | zfsutils-linux | ||
+ | zlib1g: | ||
+ | znapzend | ||
+ | zstd | ||
+ | </ | ||
+ | ==== Stockage ZFS ==== | ||
+ | |||
+ | Un « pool » sur les 2 gros disques mécaniques a été créé en miroir (RAID1). Si vous vous demandez pourquoi nous n' | ||
+ | |||
+ | Nous avons décidé d' | ||
+ | |||
+ | <code bash> | ||
+ | echo 4294967296 >> / | ||
+ | </ | ||
+ | |||
+ | <code bash> | ||
+ | root@hypervisor-01 ~ # cat / | ||
+ | options zfs zfs_arc_max=4294967296 | ||
+ | </ | ||
+ | |||
+ | Nous avons ensuite créé un « pool » avec les numéros de série des disques (qu'on trouve dans ''/ | ||
+ | |||
+ | <code bash> | ||
+ | # zpool status -v | ||
+ | pool: zdata | ||
+ | | ||
+ | scan: scrub repaired 0B in 05:42:22 with 0 errors on Sun Aug 14 06:06:23 2022 | ||
+ | config: | ||
+ | |||
+ | NAME STATE READ WRITE CKSUM | ||
+ | zdata | ||
+ | mirror-0 | ||
+ | ata-ST4000NM0245-1Z2107_ZC17DQEF | ||
+ | ata-ST4000NM0245-1Z2107_ZC17EN25 | ||
+ | |||
+ | errors: No known data errors | ||
+ | </ | ||
+ | |||
+ | <code bash> | ||
+ | # zfs list | ||
+ | NAME USED AVAIL | ||
+ | zdata 2.11T 1.40T 120K /zdata | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | zdata/ | ||
+ | </ | ||
+ | |||
+ | Nous n' | ||
+ | |||
+ | < | ||
+ | # cat / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Il ne restait plus qu'à créer nos VM tranquillement avec '' | ||
+ | |||
+ | ==== Sauvegardes ==== | ||
+ | Toujours sauvegarder ! | ||
+ | |||
+ | Concernant les bases de données MySQL et PostgreSQL, nous utilisons les outils natifs '' | ||
+ | |||
+ | Nous utilisons ZFS pour snapshoter et répliquer toutes les données stockées sur 3 sites géographiques différents, | ||
+ | |||
+ | Nous utilisons [[https:// | ||
+ | |||
+ | Sur la machine de production hypervisor-01 à Falkenstein en Allemagne, nous avons une rétention glissante de snapshots ZFS : | ||
+ | |||
+ | * horaire de 24 heures | ||
+ | * journalière d'une semaine | ||
+ | |||
+ | Sur le serveur de backup backup-01 à Helsinki, nous avons une réplication avec une rétention glissante de snapshots ZFS : | ||
+ | |||
+ | * horaire de 24 heures | ||
+ | * journalière d'une semaine | ||
+ | * hebdomadaire sur deux mois | ||
+ | |||
+ | Nous avons en sus mis en place une réplication des snapshots ZFS en France, dans le Tarn au domicile de l' | ||
+ | |||
+ | Les donnés sont donc techniquement répliquées 5 fois (6 disques sur 3 sites géographiques différents). | ||
+ | |||
+ | Voici les commandes invoquées pour la mise en place des snapshots et de la réplication dans le sens production => backup avec [[https:// | ||
+ | |||
+ | <code bash> | ||
+ | wget https:// | ||
+ | mv znapzend_0.21.1-1_amd64.deb /tmp/ | ||
+ | apt install / | ||
+ | apt install mbuffer | ||
+ | </ | ||
+ | |||
+ | <code bash> | ||
+ | for f in audio_data cloud_data cryptpad_data mail_data mobilizon_data mysql_data pleroma_data postgresql_data prod-01 video_data; do \ | ||
+ | znapzendzetup create --recursive --mbuffer=/ | ||
+ | --tsformat=' | ||
+ | SRC ' | ||
+ | DST:a ' | ||
+ | root@backup-01: | ||
+ | |||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | *** backup plan: zdata/ | ||
+ | dst_a = root@backup-01: | ||
+ | dst_a_plan = 1day=> | ||
+ | | ||
+ | | ||
+ | mbuffer_size = 1G | ||
+ | | ||
+ | pre_znap_cmd = off | ||
+ | | ||
+ | src = zdata/ | ||
+ | src_plan = 1day=> | ||
+ | tsformat = %Y%m%d-%H%M%S | ||
+ | zend_delay = 28800 | ||
+ | |||
+ | Do you want to save this backup set [y/N]? y | ||
+ | NOTE: if you have modified your configuration, | ||
+ | (pkill -HUP znapzend) to your znapzend daemon for it to notice the change. | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
- | Toutes les requêtes venant d' |