Wiki Comminges Haut Débit

Outils pour utilisateurs

Outils du site

Piste: Futur chd-stg2
technique:referentiel:chd-stg2-ng

Table des matières

Futur chd-stg2

  • netinstall Debian 9 amd64
  • Français / France
  • hostname : chd-stg2.chd.sx
  • Une seule partition sda1 de la taille du disque virtuel, options discard,noatime, label=chd-stg2-rootfs
  • tasksel : utilitaires usuels, serveur ssh, pas d'env graphique
  • user root et rescue

Configuration initiale

/root/.ssh/authorized_keys
[...]
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 console=ttyS0,115200n8 console=tty1 systemd.journald.forward_to_console=1 systemd.journald.max_level_console=warning"
GRUB_TERMINAL=console
chmod -x /etc/grub.d/{05_debian_theme,20_linux_xen,30_os-prober,30_uefi-firmware,40_custom,41_custom}
update-grub
 
apt install all-knowing-dns apache2 arping bind9 binutils borgbackup dnsutils fail2ban git gt5 htop iftop iotop iperf iperf3 libapache2-mod-php mtr-tiny nmap ntp nullmailer psmisc rsync screen strace sudo sysstat tcpdump tree unzip vim
/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback
	# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
	up sysctl -w net.ipv6.conf.all.accept_ra_pinfo=0
	up sysctl -w net.ipv6.conf.all.accept_redirects=0
	up sysctl -w net.ipv6.conf.all.router_solicitations=0
	up sysctl -w net.ipv6.conf.all.accept_dad=0
 
# The primary network interface
auto eth0
# Public adresses
iface eth0 inet static
	address 185.131.40.2
	netmask 255.255.255.0
	gateway 185.131.40.1
	# accept_dad=0 après que l'interface soit conifugrée en v4 mais avant
	# qu'elle soit configurée en v6 (ça marche pas si on met ça en pre-up
	# dans la section inet6)
	up sysctl -w net.ipv6.conf.$IFACE.accept_dad=0
	# Allumer le firewall avant d econfigurer les IP publiques
	up iptables-restore < /etc/network/iptables.conf
	up ip6tables-restore < /etc/network/ip6tables.conf
 
iface eth0 inet6 static
	address 2a03:a0a0::2
	netmask 64
	up ip -6 r r default via fe80::31 dev $IFACE src 2a03:a0a0::2
 
# Admin network overlay
iface eth0 inet static
	address 172.16.0.253
	netmask 255.255.0.0
 
# ns3 all-knowing-dns - reverse DNS IPv6
iface eth0 inet static
	address 185.131.40.3
	netmask 255.255.255.0
 
iface eth0 inet6 static
	address 2a03:a0a0::3
	netmask 64
/etc/network/ip6tables.conf
# Generated by ip6tables-save v1.6.0 on Sun Apr 22 17:12:21 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Accepter tout le traffic local, tous les paquets ICMP et les connexions déjà établies
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p ipv6-icmp -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Accepter tous les paquets depuis les IP d'admin (en overlay sur le L2 public en aval de stg)
-A INPUT -s fe80::/16 -i eth0 -j ACCEPT
# Accepter SSH depuis partout
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Accepter les requêtes DNS depuis partout
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
# Accepter les requêtes web depuis partout
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
# Accepter le serveur Munin
#-A INPUT -s XXX -i eth0 -p tcp -m tcp --dport 4949 -j ACCEPT
# Accepter les connexions à AirControl 2 depuis certaines IP (pas open sur le net car pas secure)
#-A INPUT -s XXX -i eth0 -p tcp -m multiport --dports 443,9081 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ipt6input: " --log-level 7
COMMIT
# Completed on Sun Apr 22 17:12:21 2018
/etc/network/iptables.conf
# Generated by iptables-save v1.6.0 on Sun Apr 22 16:55:29 2018
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Accepter tout le traffic local, tous les paquets ICMP et les connexions déjà établies
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Accepter tous les paquets depuis les IP d'admin (en overlay sur le L2 public en aval de stg)
-A INPUT -s 172.16.0.0/12 -i eth0 -j ACCEPT
# Accepter SSH depuis partout
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Accepter les requêtes DNS depuis partout
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
# Accepter les requêtes web depuis partout
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
# Accepter le serveur Munin
-A INPUT -s 185.61.116.41/32 -i eth0 -p tcp -m tcp --dport 4949 -j ACCEPT
# Accepter les connexions à AirControl 2 depuis certaines IP (pas open sur le net car pas secure)
# 185.131.40.0/23	Adhérents CHD
# 86.71.33.140		aDSL lpouzenc
# 62.212.116.203	aDSL nerim cyril
# 109.190.62.22		aDSL ovh cyril
# 185.61.116.37		sortie vpn prosoluce
-A INPUT -s 185.131.40.0/23,86.71.33.140,62.212.116.203,109.190.62.22,185.61.116.37 -i eth0 -p tcp -m multiport --dports 443,9081 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "ipt4input: " --log-level 7
COMMIT
# Completed on Sun Apr 22 16:55:29 2018
reboot
 
apt install munin-node
rm /etc/munin/plugins/ntp_*
rm /etc/munin/plugins/swap
# renommer les if_enp3 en if_eth0 si besoin
ln -s /usr/share/munin/plugins/bind9 /etc/munin/plugins/bind9
ln -s /usr/share/munin/plugins/tcp  /etc/munin/plugins
/etc/munin/munin-node.conf
allow ^185\.61\.116\.41$
/etc/munin/plugin-conf.d/local
[bind9]
group bind
service munin-node restart
 
apt autoremove --purge aspell os-prober doc-debian doc-debian-fr debian-faq ispell laptop-detect wamerican wfrench xauth 
 
mkdir -p /var/log/{bind9,remote} /var/cache/build-openwrt{,-dev}/build
/etc/fstab
none	/var/log/bind9	tmpfs	uid=bind,gid=bind,mode=0750,size=30m	0	0
none	/var/cache/build-openwrt/build		tmpfs	uid=33,gid=33,mode=0750,size=512M00
none	/var/cache/build-openwrt-dev/build	tmpfs	uid=33,gid=33,mode=0750,size=512M00
/	/mnt/rootfs	ext4	bind			0	0
# Attention à l'ordre, le mount --bind doit être à la fin
/etc/rsyslog.d/remote.conf
module(load="imudp")
input(type="imudp" port="514" ruleset="rs_remote")
template(name="t_remote_logfile" type="string" string="/var/log/remote/%fromhost-ip%.log")
ruleset(name="rs_remote") {
    action(type="omfile" dynaFile="t_remote_logfile" dynaFileCacheSize="400")
}
mount -a
service rsyslog restart
/etc/bind/named.conf.local
//
// Do any local configuration here
//
 
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
 
// Set up an ACL named "bogusnets" that will block
// RFC1918 space and some reserved space, which is
// commonly used in spoofing attacks.
acl bogus-nets {
    0.0.0.0/8;  192.0.2.0/24; 224.0.0.0/3;
    10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
};
 
logging {
	channel query {
		file "/var/log/bind9/query.log" versions 2 size 10m;
		print-time yes;
		severity info;
	};
	category queries { query; };
};
 
zone "40.131.185.in-addr.arpa" {
	type master;
	file "/etc/bind/db.185.131.40";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "41.131.185.in-addr.arpa" {
	type master;
	file "/etc/bind/db.185.131.41";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "commingeshautdebit.fr" {
	type master;
	file "/etc/bind/db.commingeshautdebit.fr";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "ipv4.commingeshautdebit.fr" {
	type master;
	file "/etc/bind/db.ipv4.commingeshautdebit.fr";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa" {
	type master;
	file "/etc/bind/db.2a03:a0a0::";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "1.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa" {
	type master;
	file "/etc/bind/db.2a03:a0a0:1::";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa.upstream" {
	type master;
	file "/etc/bind/db.2a03:a0a0::upstream";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
 
zone "1.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa.upstream" {
	type master;
	file "/etc/bind/db.2a03:a0a0:1::upstream";
	allow-update { none; };
	allow-transfer { 185.61.116.41; }; # ns1
};
/etc/bind/named.conf.options
options {
	directory "/var/cache/bind";
 
	// TODO configurer proprement DNSSEC
	dnssec-enable no;
	dnssec-validation no;
 
	auth-nxdomain no;    # conform to RFC1035
	listen-on { 185.131.40.2; };
	listen-on-v6 { 2a03:a0a0::2; };
	blackhole { bogus-nets; };
};
/etc/bind/db.185.131.40
;
; 185.131.40.0/24
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2018040901	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
 
; IPv4 rDNS - infra
1	IN	PTR	chd-stg1.chd.sx.
2	IN	PTR	ns2.commingeshautdebit.fr.
3	IN	PTR	ns3.commingeshautdebit.fr.
; [...]
 
; IPv4 rDNS - adhérents
33	IN	PTR	40-33.ipv4.commingeshautdebit.fr.
;[...]
254	IN	PTR	40-254.ipv4.commingeshautdebit.fr.
/etc/bind/db.185.131.41
;
; 185.131.40.0/24
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011201	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
; IPv4 rDNS - adhérents
1	IN	PTR	41-1.ipv4.commingeshautdebit.fr.
;[...]
254	IN	PTR	41-254.ipv4.commingeshautdebit.fr.
/etc/bind/db.2a03:a0a0::
;
; 2a03:a0a0::/48
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011201	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
 
; IPv6 rDNS delegation to all-knowing-dns
0	IN	NS	ns3.commingeshautdebit.fr.
1	IN	NS	ns3.commingeshautdebit.fr.
2	IN	NS	ns3.commingeshautdebit.fr.
3	IN	NS	ns3.commingeshautdebit.fr.
4	IN	NS	ns3.commingeshautdebit.fr.
5	IN	NS	ns3.commingeshautdebit.fr.
6	IN	NS	ns3.commingeshautdebit.fr.
7	IN	NS	ns3.commingeshautdebit.fr.
8	IN	NS	ns3.commingeshautdebit.fr.
9	IN	NS	ns3.commingeshautdebit.fr.
a	IN	NS	ns3.commingeshautdebit.fr.
b	IN	NS	ns3.commingeshautdebit.fr.
c	IN	NS	ns3.commingeshautdebit.fr.
d	IN	NS	ns3.commingeshautdebit.fr.
e	IN	NS	ns3.commingeshautdebit.fr.
f	IN	NS	ns3.commingeshautdebit.fr.
/etc/bind/db.2a03:a0a0:1::
; idem /etc/bind/db.2a03:a0a0::
/etc/bind/db.2a03:a0a0::upstream
;
; 2a03:a0a0::/48 - all-knowing-dns upstream zone for custom entries
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011203	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
 
; IPv6 PTR entries (0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa.upstream.)
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    chd-stg1.chd.sx.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    ns2.commingeshautdebit.fr.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    ns3.commingeshautdebit.fr.
/etc/bind/db.2a03:a0a0:1::upstream
;
; 2a03:a0a0::/48 - all-knowing-dns upstream zone for custom entries
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011201	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
 
; IPv6 PTR entries (1.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa.upstream.)
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0    IN    PTR    this-is-an-example.commingeshautdebit.fr.
/etc/bind/db.commingeshautdebit.fr
;
; ipv4.commingeshautdebit.fr
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011203	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
; Serveurs DNS de cette zone
ns1	IN	A	185.61.116.41
ns2	IN	A	185.131.40.2
ns2	IN	AAAA	2a03:a0a0::2
 
; Redirect vers all-knowing-dns sur chd2 pour les reverse IPv6
ns3	IN	A	185.131.40.3
ns3	IN	AAAA	2a03:a0a0::3
ipv6	IN	NS	ns3.commingeshautdebit.fr.
 
; Redirection pour site web commingeshautdebit.net
@	IN	A	185.61.116.41
www	IN	A	185.61.116.41
/etc/bind/db.ipv4.commingeshautdebit.fr
;
; ipv4.commingeshautdebit.fr
;
$TTL	86400
@	IN	SOA	ns2.commingeshautdebit.fr.	dnsmaster.commingeshautdebit.fr. (
	2017011201	; Serial
	3h		; Refresh
	15m		; Retry
	1w		; Expire
	3h		; Negative Cache TTL
	)
 
;
; domain name servers
;
@	IN	NS	ns1.commingeshautdebit.fr.
@	IN	NS	ns2.commingeshautdebit.fr.
 
 
; IPv4 DNS - adhérents
40-33	IN	A	185.131.40.33
;[...]
41-254	IN	A	185.131.41.254
/etc/all-knowing-dns.conf
# Configuration file for AllKnowingDNS v1.3
listen 185.131.40.3
listen 2a03:a0a0::3
 
# CHD IPv6 #1
network 2a03:a0a0::/48
	resolves to 0000%DIGITS%.ipv6.commingeshautdebit.fr
	with upstream 2a03:a0a0::2
 
# CHD IPv6 #2
network 2a03:a0a0:1::/48
	resolves to 0001%DIGITS%.ipv6.commingeshautdebit.fr
	with upstream 2a03:a0a0::2
/etc/resolv.conf
search chd.sx
nameserver 185.131.40.1
service all-knowing-dns restart
service bind9 restart
ls /var/log/bind9/query.log
 
# Requêtes d'essai :
$ dig +short 0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa. SOA
ns2.chd.sx. dnsmaster.chd.sx. 2016121101 10800 900 604800 10800
$ dig +short 0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa. NS
ns1.chd.sx. # bind slave
ns2.chd.sx. # bind master
$ dig +short 0.0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa. NS
ns3.chd.sx. # all-knowing-dns
 
$ dig +short 40.131.185.in-addr.arpa. SOA
ns2.chd.sx. dnsmaster.chd.sx. 2016121101 10800 900 604800 10800
$ dig +short 41.131.185.in-addr.arpa. SOA
ns2.chd.sx. dnsmaster.chd.sx. 2016121101 10800 900 604800 10800
$ dig +short 40.131.185.in-addr.arpa. NS
ns2.chd.sx.
ns1.chd.sx.
 
$ dig +short -x 2a03:a0a0::1
chd-stg1.chd.sx.
$ dig +short -x 2a03:a0a0::2
chd-stg2.chd.sx.
$ dig +short -x 2a03:a0a0::3
ipv6-000000000000000000000003.chd.sx.
$ dig +short -x 2a03:a0a0:0:8001:2f5:f0ff:fe40:71fe
ipv6-0000800102f5f0fffe4071fe.chd.sx.
 
$ dig +short -x 185.131.40.1
chd-stg1.chd.sx.
$ dig +short -x 185.131.40.2
chd-stg2.chd.sx.
$ dig +short -x 185.131.40.3
chd-stg2.chd.sx.
$ dig +short -x 185.131.40.4
$ dig +short -x 185.131.40.11
$ dig +short -x 185.131.40.33
ipv4-40-33.chd.sx.
$ dig +short -x 185.131.40.34
ipv4-40-34.chd.sx.
$ dig +short -x 185.131.40.254
ipv4-40-254.chd.sx.
$ dig +short -x 185.131.41.1
ipv4-41-1.chd.sx.
$ dig +short -x 185.131.41.2
ipv4-41-2.chd.sx.
$ dig +short -x 185.131.41.254
ipv4-41-254.chd.sx.
/etc/systemd/system/getty@tty1.service.d/noclear.conf
[Service]
TTYVTDisallocate=no
/etc/motd
      _         _           _        ____  
  ___| |__   __| |      ___| |_ __ _|___ \ 
 / __| '_ \ / _` |_____/ __| __/ _` | __) |
| (__| | | | (_| |_____\__ \ || (_| |/ __/ 
 \___|_| |_|\__,_|     |___/\__\__, |_____|
                               |___/       
 
                                           chd-stg2.chd.sx
/root/.bashrc
# You may uncomment the following lines if you want `ls' to be colorized:
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'
#
# Some more alias to avoid making mistakes:
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
 
export HISTIGNORE=' *'
 
systemctl is-system-running --quiet || systemctl --state=failed;
/root/.vimrc
syn on
/etc/fail2ban/
├── action.d
│   └── route.conf
├── fail2ban.conf
├── fail2ban.d
├── filter.d
│   ├── common.conf
│   ├── pam-generic.conf
│   └── sshd.conf
├── jail.conf
├── jail.d
│   ├── customisation.local
│   └── defaults-debian.conf
├── paths-common.conf
├── paths-debian.conf
└── paths-opensuse.conf
# idem config chd-stg1
/etc/cron.d/aircontrol2
# cron-jobs for aircontrol 2
MAILTO=root
 
0 2 28 * *	root if [ -x /opt/Ubiquiti/AirControl2/cleanDB ]; then cd /opt/Ubiquiti/AirControl2; ./cleanDB -e 300 -t 300 -s 30 -v > /dev/null; echo "VACUUM FULL;" | sudo -u postgres psql ac2; fi

Installation d’AirControl 2

AirControl 2 nécéssite une JVM >= 1.8 : 

apt install default-jre

Téléchargement et lancement du script d’installation : 

cd /opt
wget https://dl.ubnt.com/aircontrol2/aircontrol-v2.1-180316-1259-unix64.bin
chmod +x aircontrol-v2.1-180316-1259-unix64.bin
./aircontrol-v2.1-180316-1259-unix64.bin

Éléments de configuration :

  • Cocher Server ; décocher Client
  • Installer PostgreSQL
  • Port du serveur AirControl : 9081
  • Nom de la base : ac2 (default)
  • Port de la base : 5432 (default)
  • Compte super-utilisateur : admin / *
  • Compte invité : ubnt / *

Une fois le serveur démarré utiliser le client AirContorl 2 pour continuer la configuration (via le compte “admin”) :

  • Control panel > Server settings
    • ServerName : chd-stg2
    • IP list (comma separated) : 172.16.0.253,185.131.40.2,2a03:a0a0::2
    • HTTPS port 443
    • Check for Beta/RC/GA airControl Update : décoché
  • Control Panel > Firmwares
    • Upload XM/XW/AF5 et WA
/opt/Ubiquiti/AirControl2/pgsql/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local   all             all                                     ident
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
/root/ac2-database.sh
#!/bin/sh
sudo -u postgres /opt/Ubiquiti/AirControl2/pgsql/bin/pg_dump ac2 | /root/pg-COPY-line-count.pl
/root/pg-COPY-line-count.pl
#!/usr/bin/env perl
 
use strict;
use warnings;
 
my $t='(header)';
my $l=0;
my $c=0;
 
while (<STDIN>) {
	if ( $_ =~ /^COPY (.*) FROM stdin;$/ ) {
		$a = int(($c / $l) + 0.5);
		print "$t : $l lines (average : $a chars)\n";
		$t=$1;
		$l=0;
		$c=0;
	} else {
		$l=$l+1;
		$c=$c+length($_);
	}
}
$a = int(($c / $l) + 0.5);
print "$t : $l lines (average : $a chars)\n";
/root/.netrc
machine priv.chd.sx login api password XXXXXXXXXXX
/etc/cron.daily/etat_reseau
#!/bin/sh
wget -O /var/www/html/etat_reseau/index.html https://priv.chd.sx/api/gen_etat_reseau.php
cd /root
mkdir git
cd git
git clone root@chd.sx:/var/git/chd_gestion
git clone root@chd.sx:/var/git/chd_openwrt

OpenWRT / LEDE / mise à jour routeur

cd ~/git/chd_openwrt/maj
cp config.default.php config.php
vim config.php 
 
ln -s /root/git/chd_openwrt/build-openwrt.sh /usr/local/bin/
ln -s /root/git/chd_openwrt/build-openwrt-dev.sh  /usr/local/bin/
 
chown www-data: /var/cache/build-openwrt*
apt install git-core build-essential libssl-dev libncurses5-dev zlib1g-dev unzip gawk subversion manpages-dev-

TODO

documenter le contenu de /var/www/html non git'é
configurer munin/multiping
netconsole config
backup borg
mailer + mail alert (smartmontools/logcheck ?)
technique/referentiel/chd-stg2-ng.txt · Dernière modification: 2018/05/12 12:22 par admin

Outils de la page

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki