aufgaben-verzeichnisse umbenannt:
Bei Aufgabe 3 geht es wieder bei 1 los. Deswegen habe ich jetzt überall eine 2 davor gehangen.
This commit is contained in:
parent
24eba4d551
commit
d54efc0358
@ -1,6 +0,0 @@
|
||||
Description='LAN Interface'
|
||||
Interface=enp1s0
|
||||
Connection=ethernet
|
||||
IP=static
|
||||
Address=('10.20.0.101/24')
|
||||
Gateway='10.20.0.1'
|
@ -1,17 +0,0 @@
|
||||
Description='LAN Interface'
|
||||
Interface=eth1
|
||||
Connection=ethernet
|
||||
IP=static
|
||||
Address=('10.20.0.1/24')
|
||||
#Routes=('192.168.0.0/24 via 192.168.1.2')
|
||||
#Gateway='141.76.90.1'
|
||||
#DNS=('8.8.8.8')
|
||||
|
||||
## For IPv6 autoconfiguration
|
||||
#IP6=stateless
|
||||
|
||||
## For IPv6 static address configuration
|
||||
#IP6=static
|
||||
#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
|
||||
#Routes6=('abcd::1234')
|
||||
#Gateway6='1234:0:123::abcd'
|
@ -1,17 +0,0 @@
|
||||
Description='A basic static ethernet connection'
|
||||
Interface=eth0
|
||||
Connection=ethernet
|
||||
IP=static
|
||||
Address=('141.76.90.104/24')
|
||||
#Routes=('192.168.0.0/24 via 192.168.1.2')
|
||||
Gateway='141.76.90.1'
|
||||
DNS=('8.8.8.8')
|
||||
|
||||
## For IPv6 autoconfiguration
|
||||
#IP6=stateless
|
||||
|
||||
## For IPv6 static address configuration
|
||||
#IP6=static
|
||||
#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
|
||||
#Routes6=('abcd::1234')
|
||||
#Gateway6='1234:0:123::abcd'
|
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# check for arguments
|
||||
if [[ $# -ne 1 || -z "$1" ]]; then
|
||||
echo "USAGE: $0 username" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
userdel -r "$1"
|
@ -1,58 +0,0 @@
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
|
||||
# allow established connections
|
||||
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
# allow traffic from private LAN
|
||||
-A INPUT -i eth1 -j ACCEPT
|
||||
-A FORWARD -i eth1 -j ACCEPT
|
||||
|
||||
# allow icmp
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
|
||||
# allow loopback
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
|
||||
# uni subnets
|
||||
:uni - [0:0]
|
||||
-A INPUT -s 141.30.0.0/16 -j uni
|
||||
-A INPUT -s 141.76.0.0/16 -j uni
|
||||
|
||||
# reject unknown traffic with nice errors
|
||||
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
|
||||
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
|
||||
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# internal traffic
|
||||
#
|
||||
|
||||
:internal - [0:0]
|
||||
-A uni -j internal
|
||||
-A internal -p tcp --dport 22 -j ACCEPT
|
||||
-A internal -p tcp --dport 80 -j ACCEPT
|
||||
-A internal -p tcp --dport 443 -j ACCEPT
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# public traffic
|
||||
|
||||
:public - [0:0]
|
||||
-A INPUT -j public
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
|
||||
COMMIT
|
||||
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
|
||||
# masquerading
|
||||
-A POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
COMMIT
|
@ -1,48 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# check for root
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check for arguments
|
||||
if [[ $# -ne 1 ]]; then
|
||||
echo "USAGE: $0 username" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check if user already exists
|
||||
if ! id "$1" &> /dev/null; then
|
||||
echo "Adding user..."
|
||||
useradd --base-dir /home --create-home "$1"
|
||||
fi
|
||||
|
||||
# check if SSH key for user already exists
|
||||
if [[ ! -f "/home/$1/.ssh/id_ecdsa" ]]; then
|
||||
echo "Generating SSH key for user..."
|
||||
sudo --user "$1" ssh-keygen -t ecdsa -N "" -b 521 -f "/home/$1/.ssh/id_ecdsa" > /dev/null
|
||||
fi
|
||||
|
||||
# check if SSH key is already added to list of authorized keys
|
||||
sudo -u "$1" touch /home/$1/.ssh/authorized_keys
|
||||
if ! grep -q "`cat /home/$1/.ssh/id_ecdsa.pub`" /home/$1/.ssh/authorized_keys; then
|
||||
echo "Adding SSH key to list of authorized keys for user..."
|
||||
cat "/home/$1/.ssh/id_ecdsa.pub" | sudo --user "$1" tee "/home/$1/.ssh/authorized_keys" > /dev/null
|
||||
fi
|
||||
|
||||
export DIR="`mktemp -d`"
|
||||
trap "cd /; rm -rf $DIR" EXIT
|
||||
cd "$DIR"
|
||||
export GIT_AUTHOR_NAME=$SUDO_USER
|
||||
git clone "git@zotac0:gitolite-admin" "$DIR" > /dev/null
|
||||
|
||||
# check if SSH key is already registered with git
|
||||
if [[ ! -f "$DIR/keydir/$1@$HOSTNAME.pub" ]]; then
|
||||
echo "Adding SSH key to git..."
|
||||
cp "/home/$1/.ssh/id_ecdsa.pub" "$DIR/keydir/$1@$HOSTNAME.pub"
|
||||
git add "$DIR/keydir/$1@$HOSTNAME.pub"
|
||||
git commit --all --message="User \"$1\" added" > /dev/null
|
||||
git push > /dev/null
|
||||
fi
|
@ -1,130 +0,0 @@
|
||||
# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
# possible, but leave them commented. Uncommented options override the
|
||||
# default value.
|
||||
|
||||
#Port 22
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
# The default requires explicit activation of protocol 1
|
||||
#Protocol 2
|
||||
|
||||
# HostKey for protocol version 1
|
||||
#HostKey /etc/ssh/ssh_host_key
|
||||
# HostKeys for protocol version 2
|
||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
||||
#HostKey /etc/ssh/ssh_host_dsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
|
||||
# Lifetime and size of ephemeral version 1 server key
|
||||
#KeyRegenerationInterval 1h
|
||||
#ServerKeyBits 1024
|
||||
|
||||
# Ciphers and keying
|
||||
#RekeyLimit default none
|
||||
|
||||
# Logging
|
||||
# obsoletes QuietMode and FascistLogging
|
||||
#SyslogFacility AUTH
|
||||
#LogLevel INFO
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
PermitRootLogin no
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
|
||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
#AuthorizedPrincipalsFile none
|
||||
|
||||
#AuthorizedKeysCommand none
|
||||
#AuthorizedKeysCommandUser nobody
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
# similar for protocol version 2
|
||||
#HostbasedAuthentication no
|
||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
||||
# RhostsRSAAuthentication and HostbasedAuthentication
|
||||
#IgnoreUserKnownHosts no
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
PasswordAuthentication no
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
#KerberosGetAFSToken no
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
#GSSAPICleanupCredentials yes
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
#GatewayPorts no
|
||||
#X11Forwarding no
|
||||
#X11DisplayOffset 10
|
||||
#X11UseLocalhost yes
|
||||
PrintMotd no # pam does that
|
||||
#PrintLastLog yes
|
||||
#TCPKeepAlive yes
|
||||
#UseLogin no
|
||||
UsePrivilegeSeparation sandbox # Default for new installations.
|
||||
#PermitUserEnvironment no
|
||||
#Compression delayed
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS yes
|
||||
#PidFile /run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
#VersionAddendum none
|
||||
|
||||
# no default banner path
|
||||
#Banner /etc/motd
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
# AllowTcpForwarding no
|
||||
# ForceCommand cvs server
|
@ -1,20 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
if [ -x /usr/bin/etckeeper ] && [ -e /etc/etckeeper/etckeeper.conf ]; then
|
||||
. /etc/etckeeper/etckeeper.conf
|
||||
if [ "$AVOID_DAILY_AUTOCOMMITS" != "1" ]; then
|
||||
# avoid autocommit if an install run is in progress
|
||||
lockfile=/var/cache/etckeeper/packagelist.pre-install
|
||||
if [ -e "$lockfile" ] && [ -n "$(find "$lockfile" -mtime +1)" ];
|
||||
then
|
||||
rm -f "$lockfile" # stale
|
||||
fi
|
||||
if [ ! -e "$lockfile" ]; then
|
||||
AVOID_SPECIAL_FILE_WARNING=1
|
||||
export AVOID_SPECIAL_FILE_WARNING
|
||||
if etckeeper unclean; then
|
||||
etckeeper commit "daily autocommit" >/dev/null
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
@ -1,7 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
cd /var/log
|
||||
find . -iname \*.log | xargs git add
|
||||
git commit --all --message "daily autocommit"
|
||||
git push --force origin master:logs
|
@ -1,42 +0,0 @@
|
||||
# The VCS to use.
|
||||
#VCS="hg"
|
||||
VCS="git"
|
||||
#VCS="bzr"
|
||||
#VCS="darcs"
|
||||
|
||||
# Options passed to git commit when run by etckeeper.
|
||||
GIT_COMMIT_OPTIONS=""
|
||||
|
||||
# Options passed to hg commit when run by etckeeper.
|
||||
HG_COMMIT_OPTIONS=""
|
||||
|
||||
# Options passed to bzr commit when run by etckeeper.
|
||||
BZR_COMMIT_OPTIONS=""
|
||||
|
||||
# Options passed to darcs record when run by etckeeper.
|
||||
DARCS_COMMIT_OPTIONS="-a"
|
||||
|
||||
# Uncomment to avoid etckeeper committing existing changes
|
||||
# to /etc automatically once per day.
|
||||
#AVOID_DAILY_AUTOCOMMITS=1
|
||||
|
||||
# Uncomment the following to avoid special file warning
|
||||
# (the option is enabled automatically by cronjob regardless).
|
||||
#AVOID_SPECIAL_FILE_WARNING=1
|
||||
|
||||
# Uncomment to avoid etckeeper committing existing changes to
|
||||
# /etc before installation. It will cancel the installation,
|
||||
# so you can commit the changes by hand.
|
||||
#AVOID_COMMIT_BEFORE_INSTALL=1
|
||||
|
||||
# The high-level package manager that's being used.
|
||||
# (apt, pacman-g2, yum, zypper etc)
|
||||
HIGHLEVEL_PACKAGE_MANAGER=yaourt
|
||||
|
||||
# The low-level package manager that's being used.
|
||||
# (dpkg, rpm, pacman, pacman-g2, etc)
|
||||
LOWLEVEL_PACKAGE_MANAGER=pacman
|
||||
|
||||
# To push each commit to a remote, put the name of the remote here.
|
||||
# (eg, "origin" for git).
|
||||
PUSH_REMOTE="origin"
|
@ -1 +0,0 @@
|
||||
Subproject commit 3643f6f3f70143cdfa3b0206f87f202fa59b0e93
|
@ -1,33 +0,0 @@
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# See journald.conf(5) for details
|
||||
|
||||
[Journal]
|
||||
#Storage=auto
|
||||
#Compress=yes
|
||||
#Seal=yes
|
||||
#SplitMode=login
|
||||
#SyncIntervalSec=5m
|
||||
#RateLimitInterval=30s
|
||||
#RateLimitBurst=1000
|
||||
#SystemMaxUse=
|
||||
#SystemKeepFree=
|
||||
#SystemMaxFileSize=
|
||||
#RuntimeMaxUse=
|
||||
#RuntimeKeepFree=
|
||||
#RuntimeMaxFileSize=
|
||||
#MaxRetentionSec=
|
||||
#MaxFileSec=1month
|
||||
ForwardToSyslog=yes
|
||||
#ForwardToKMsg=no
|
||||
#ForwardToConsole=no
|
||||
#TTYPath=/dev/console
|
||||
#MaxLevelStore=debug
|
||||
#MaxLevelSyslog=debug
|
||||
#MaxLevelKMsg=notice
|
||||
#MaxLevelConsole=info
|
@ -1,14 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ "$1" != -S && "$1" != -S*u && "$1" != -U ]]; then
|
||||
/usr/bin/pacman "$@"
|
||||
exit $?
|
||||
fi
|
||||
|
||||
[[ $EUID -eq 0 ]] && etckeeper pre-install
|
||||
|
||||
/usr/bin/pacman "$@"
|
||||
EXIT_CODE=$?
|
||||
|
||||
[[ $EUID -eq 0 ]] && etckeeper post-install
|
||||
exit $EXIT_CODE
|
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
sudo etckeeper pre-install
|
||||
|
||||
/usr/bin/yaourt "$@"
|
||||
EXIT_CODE=$?
|
||||
|
||||
sudo etckeeper post-install
|
||||
exit $EXIT_CODE
|
@ -1,2 +0,0 @@
|
||||
zotac0 headnode
|
||||
zotac[1-4] computenode
|
@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
PDSH_RCMD_TYPE="`cat /etc/pdsh/rcmd_default`" /usr/bin/pdsh $@
|
@ -1 +0,0 @@
|
||||
ssh
|
@ -1,64 +0,0 @@
|
||||
#
|
||||
# Example config-file for munin-node
|
||||
#
|
||||
|
||||
log_level 4
|
||||
log_file /var/log/munin/munin-node.log
|
||||
pid_file /run/munin/munin-node.pid
|
||||
|
||||
background 1
|
||||
setsid 1
|
||||
|
||||
user root
|
||||
group root
|
||||
|
||||
# This is the timeout for the whole transaction.
|
||||
# Units are in sec. Default is 15 min
|
||||
#
|
||||
# global_timeout 900
|
||||
|
||||
# This is the timeout for each plugin.
|
||||
# Units are in sec. Default is 1 min
|
||||
#
|
||||
# timeout 60
|
||||
|
||||
# Regexps for files to ignore
|
||||
ignore_file [\#~]$
|
||||
ignore_file DEADJOE$
|
||||
ignore_file \.bak$
|
||||
ignore_file %$
|
||||
ignore_file \.dpkg-(tmp|new|old|dist)$
|
||||
ignore_file \.rpm(save|new)$
|
||||
ignore_file \.pod$
|
||||
|
||||
# Set this if the client doesn't report the correct hostname when
|
||||
# telnetting to localhost, port 4949
|
||||
#
|
||||
#host_name myhostname
|
||||
|
||||
# A list of addresses that are allowed to connect. This must be a
|
||||
# regular expression, since Net::Server does not understand CIDR-style
|
||||
# network notation unless the perl module Net::CIDR is installed. You
|
||||
# may repeat the allow line as many times as you'd like
|
||||
|
||||
allow ^127\.0\.0\.1$
|
||||
allow ^10\.42\.0
|
||||
allow ^::1$
|
||||
|
||||
# If you have installed the Net::CIDR perl module, you can use one or more
|
||||
# cidr_allow and cidr_deny address/mask patterns. A connecting client must
|
||||
# match any cidr_allow, and not match any cidr_deny. Note that a netmask
|
||||
# *must* be provided, even if it's /32
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# cidr_allow 127.0.0.1/32
|
||||
# cidr_allow 192.0.2.0/24
|
||||
# cidr_deny 192.0.2.42/32
|
||||
|
||||
# Which address to bind to;
|
||||
host *
|
||||
# host 127.0.0.1
|
||||
|
||||
# And which port
|
||||
port 4949
|
@ -1,149 +0,0 @@
|
||||
# Example configuration file for Munin, generated by 'make build'
|
||||
|
||||
# The next three variables specifies where the location of the RRD
|
||||
# databases, the HTML output, logs and the lock/pid files. They all
|
||||
# must be writable by the user running munin-cron. They are all
|
||||
# defaulted to the values you see here.
|
||||
#
|
||||
#dbdir /var/lib/munin
|
||||
htmldir /usr/share/munin/www
|
||||
#logdir /var/log/munin
|
||||
#rundir /run/munin
|
||||
|
||||
# Where to look for the HTML templates
|
||||
#
|
||||
#tmpldir /etc/munin/templates
|
||||
|
||||
# Where to look for the static www files
|
||||
#
|
||||
#staticdir /etc/munin/static
|
||||
|
||||
# temporary cgi files are here. note that it has to be writable by
|
||||
# the cgi user (usually nobody or httpd).
|
||||
#
|
||||
# cgitmpdir /var/lib/munin/cgi-tmp
|
||||
|
||||
# (Exactly one) directory to include all files from.
|
||||
includedir /etc/munin/munin-conf.d
|
||||
|
||||
# You can choose the time reference for "DERIVE" like graphs, and show
|
||||
# "per minute", "per hour" values instead of the default "per second"
|
||||
#
|
||||
#graph_period second
|
||||
|
||||
# Graphics files are generated either via cron or by a CGI process.
|
||||
# See http://munin-monitoring.org/wiki/CgiHowto2 for more
|
||||
# documentation.
|
||||
# Since 2.0, munin-graph has been rewritten to use the cgi code.
|
||||
# It is single threaded *by design* now.
|
||||
#
|
||||
graph_strategy cgi
|
||||
|
||||
# munin-cgi-graph is invoked by the web server up to very many times at the
|
||||
# same time. This is not optimal since it results in high CPU and memory
|
||||
# consumption to the degree that the system can thrash. Again the default is
|
||||
# 6. Most likely the optimal number for max_cgi_graph_jobs is the same as
|
||||
# max_graph_jobs.
|
||||
#
|
||||
#munin_cgi_graph_jobs 6
|
||||
|
||||
# If the automatic CGI url is wrong for your system override it here:
|
||||
#
|
||||
#cgiurl_graph /munin-cgi/munin-cgi-graph
|
||||
|
||||
# max_size_x and max_size_y are the max size of images in pixel.
|
||||
# Default is 4000. Do not make it too large otherwise RRD might use all
|
||||
# RAM to generate the images.
|
||||
#
|
||||
#max_size_x 4000
|
||||
#max_size_y 4000
|
||||
|
||||
# HTML files are normally generated by munin-html, no matter if the
|
||||
# files are used or not. You can change this to on-demand generation
|
||||
# by following the instructions in http://munin-monitoring.org/wiki/CgiHowto2
|
||||
#
|
||||
# Notes:
|
||||
# - moving to CGI for HTML means you cannot have graph generated by cron.
|
||||
# - cgi html has some bugs, mostly you still have to launch munin-html by hand
|
||||
#
|
||||
html_strategy cgi
|
||||
|
||||
# munin-update runs in parallel.
|
||||
#
|
||||
# The default max number of processes is 16, and is probably ok for you.
|
||||
#
|
||||
# If set too high, it might hit some process/ram/filedesc limits.
|
||||
# If set too low, munin-update might take more than 5 min.
|
||||
#
|
||||
# If you want munin-update to not be parallel set it to 0.
|
||||
#
|
||||
#max_processes 16
|
||||
|
||||
# RRD updates are per default, performed directly on the rrd files.
|
||||
# To reduce IO and enable the use of the rrdcached, uncomment it and set it to
|
||||
# the location of the socket that rrdcached uses.
|
||||
#
|
||||
#rrdcached_socket /var/run/rrdcached.sock
|
||||
|
||||
# Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime
|
||||
# something changes (OK -> WARNING, CRITICAL -> OK, etc)
|
||||
#contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm
|
||||
#contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm
|
||||
#
|
||||
# For those with Nagios, the following might come in handy. In addition,
|
||||
# the services must be defined in the Nagios server as well.
|
||||
#contact.nagios.command /usr/bin/send_nsca nagios.host.comm -c /etc/nsca.conf
|
||||
|
||||
# a simple host tree
|
||||
[zotac0]
|
||||
address 127.0.0.1
|
||||
use_node_name yes
|
||||
|
||||
[zotac1]
|
||||
address 10.20.0.101
|
||||
use_node_name yes
|
||||
|
||||
#
|
||||
# A more complex example of a host tree
|
||||
#
|
||||
## First our "normal" host.
|
||||
# [fii.foo.com]
|
||||
# address foo
|
||||
#
|
||||
## Then our other host...
|
||||
# [fay.foo.com]
|
||||
# address fay
|
||||
#
|
||||
## IPv6 host. note that the ip adress has to be in brackets
|
||||
# [ip6.foo.com]
|
||||
# address [2001::1234:1]
|
||||
#
|
||||
## Then we want totals...
|
||||
# [foo.com;Totals] #Force it into the "foo.com"-domain...
|
||||
# update no # Turn off data-fetching for this "host".
|
||||
#
|
||||
# # The graph "load1". We want to see the loads of both machines...
|
||||
# # "fii=fii.foo.com:load.load" means "label=machine:graph.field"
|
||||
# load1.graph_title Loads side by side
|
||||
# load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load
|
||||
#
|
||||
# # The graph "load2". Now we want them stacked on top of each other.
|
||||
# load2.graph_title Loads on top of each other
|
||||
# load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load
|
||||
# load2.dummy_field.draw AREA # We want area instead the default LINE2.
|
||||
# load2.dummy_field.label dummy # This is needed. Silly, really.
|
||||
#
|
||||
# # The graph "load3". Now we want them summarised into one field
|
||||
# load3.graph_title Loads summarised
|
||||
# load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load
|
||||
# load3.combined_loads.label Combined loads # Must be set, as this is
|
||||
# # not a dummy field!
|
||||
#
|
||||
## ...and on a side note, I want them listen in another order (default is
|
||||
## alphabetically)
|
||||
#
|
||||
# # Since [foo.com] would be interpreted as a host in the domain "com", we
|
||||
# # specify that this is a domain by adding a semicolon.
|
||||
# [foo.com;]
|
||||
# node_order Totals fii.foo.com fay.foo.com
|
||||
#
|
@ -1,25 +0,0 @@
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
@ -1,24 +0,0 @@
|
||||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
@ -1,80 +0,0 @@
|
||||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
|
||||
user http;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
#pid logs/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
gzip on;
|
||||
gzip_static on;
|
||||
gzip_http_version 1.0;
|
||||
gzip_comp_level 2;
|
||||
gzip_vary on;
|
||||
gzip_disable "msie6";
|
||||
gzip_min_length 1100;
|
||||
gzip_buffers 4 8k;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
gzip_types
|
||||
# text/html is always compressed by HttpGzipModule
|
||||
text/css
|
||||
text/javascript
|
||||
text/xml
|
||||
text/plain
|
||||
text/x-component
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/rss+xml
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
|
||||
server_tokens off;
|
||||
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA;
|
||||
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||
|
||||
upstream backend {
|
||||
server unix:/run/php-fpm/php-fpm.sock;
|
||||
}
|
||||
include sites/*.conf;
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
#listen [::]:443 ssl;
|
||||
#listen 443 ssl;
|
||||
|
||||
root /srv/http/lctp;
|
||||
|
||||
location ^~ /munin-cgi/munin-cgi-graph/ {
|
||||
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location /munin/static/ {
|
||||
alias /etc/munin/static/;
|
||||
expires modified +1w;
|
||||
}
|
||||
|
||||
location /munin/ {
|
||||
fastcgi_split_path_info ^(/munin)(.*);
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_pass unix:/var/run/munin/fcgi-html.sock;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
@ -16,7 +16,7 @@ Nun kann die eigentliche Konfiguration per git heruntergeladen werden:
|
||||
|
||||
Wir legten in dieser Konfiguration das Repository {\tt lctp} an und gaben allen
|
||||
Benutzern Zugriff darauf. Die gitolite-Konfiguration befindet sich als
|
||||
Git-Submodule im Verzeichnis {\tt aufgabe4/gitolite-admin}.
|
||||
Git-Submodule im Verzeichnis {\tt aufgabe2.4/gitolite-admin}.
|
||||
Das lctp-Repository wiederum lässt sich mit folgendem Befehl clonen:
|
||||
|
||||
\shellcmd{git clone git@141.76.90.104:lctp.git lctp-gruppe4}
|
||||
@ -40,22 +40,29 @@ im {\tt lctp}-Repository einzubinden:
|
||||
|
||||
Anders als bei anderen Paketmanagern wie {\tt apt} auf Debian, existieren in {\tt pacman} (\ref{sec:pacman})
|
||||
keine Hooks.
|
||||
Um dennoch nach Systemaktualisierungen oder Paketinstallationen automatisch die neue Konfiguration zu commiten haben wir jeweils einen \href{https://gist.github.com/Mic92/7250403}{Wrapper-Script} für {\tt pacman} und {\tt yaourt} geschrieben und diese {\tt /usr/local/bin} abgelegt. Da in der Shell {\tt /usr/local/bin} für gewöhnlich eine höhere Priorität hat als {\tt /usr/bin} werden Programme in diesem Verzeichnis vorrangig ausgeführt. (Die Wrapper befinden sich in \emph{aufgabe4/yaourt} sowie in \emph{aufgabe4/pacman}).
|
||||
Um dennoch nach Systemaktualisierungen oder Paketinstallationen automatisch die
|
||||
neue Konfiguration zu commiten haben wir jeweils einen
|
||||
\href{https://gist.github.com/Mic92/7250403}{Wrapper-Script} für {\tt pacman}
|
||||
und {\tt yaourt} geschrieben und diese {\tt /usr/local/bin} abgelegt. Da in der
|
||||
Shell {\tt /usr/local/bin} für gewöhnlich eine höhere Priorität hat als {\tt
|
||||
/usr/bin} werden Programme in diesem Verzeichnis vorrangig ausgeführt. (Die
|
||||
Wrapper befinden sich in \emph{aufgabe2.4/yaourt} sowie in \emph{aufgabe2.4/pacman}).
|
||||
Darüber hinaus haben wir das Shell-Script für tägliche automatische Commits,
|
||||
welches im
|
||||
\href{https://github.com/joeyh/etckeeper/blob/master/debian/cron.daily}{Git-Repository}
|
||||
(Stand 07.11.2013)
|
||||
von {\tt etckeeper} liegt, als cronjob installiert (siehe
|
||||
\emph{aufgabe4/cron.daily/etckeeper}).
|
||||
\emph{aufgabe2.4/cron.daily/etckeeper}).
|
||||
|
||||
\subsubsection{Logs in git}
|
||||
|
||||
Arch Linux setzt in der Standard-Installation {\tt journald} als Logging-Daemon ein. Dieses benutzt im Unterschied zu herkömmlichen Syslog-Varianten ein Binärformat zum Speichern.
|
||||
Dieses Dateiformat eignet sich aus offensichtlichen Gründen nicht um mithilfe
|
||||
von git verwaltet zu werden. Deswegen haben wir zusätzlich {\tt syslog-ng}
|
||||
installiert und {\tt journald} so konfiguriert, das dieses ebenfalls in das syslog schreibt (siehe \emph{aufgabe4/journald.conf}).
|
||||
installiert und {\tt journald} so konfiguriert, das dieses ebenfalls in das
|
||||
syslog schreibt (siehe \emph{aufgabe2.4/journald.conf}).
|
||||
Für tägliche commits haben wir hierfür das Shell-Script {\tt git-commit-log}
|
||||
nach {\tt /etc/cron.daily/} installiert (siehe
|
||||
\emph{aufgabe4/cron.daily/git-commit-log}). Dieses pusht die Log-Dateien in das
|
||||
\emph{aufgabe2.4/cron.daily/git-commit-log}). Dieses pusht die Log-Dateien in das
|
||||
logs-Repository. Es ist als Submodule im Verzeichnis {\tt logs} im
|
||||
lctp-Repository eingebunden.
|
||||
|
@ -9,9 +9,9 @@ vorhanden, deshalb haben wir es über das AUR (siehe \ref{sec:aur}) installiert.
|
||||
\subsubsection{Gruppenverwaltung}
|
||||
Zur Verwaltung mehrerer Rechner in Gruppen (in unserem Fall Headnode und
|
||||
Computenodes) greift {\tt pdsh} auf die Gruppenbeschreibungsdatei {\tt
|
||||
/etc/genders} (siehe \emph{aufgabe5/genders}) zurück. Dort können mehrere Hosts
|
||||
/etc/genders} (siehe \emph{aufgabe2.5/genders}) zurück. Dort können mehrere Hosts
|
||||
in verschiedene Gruppen eingeteilt werden.
|
||||
Um zu gewährleisten, dass pdsh den richtigen Befehl beim Verbinden benutzt, muss
|
||||
die Umgebungsvariable {\tt PDS\_RCMD\_TYPE} auf den Wert {\tt ssh} gesetzt sein. Dies
|
||||
lösten wir durch ein Wrapper-Script in {\tt /usr/local/bin}, das die
|
||||
genannte Umgebungsvariable setzt (siehe \emph{aufgabe5/pdsh}).
|
||||
genannte Umgebungsvariable setzt (siehe \emph{aufgabe2.5/pdsh}).
|
||||
|
@ -5,7 +5,7 @@ Wir haben uns für {\tt OpenSSH} als SSH-Server entschieden. Diesen haben wir mi
|
||||
|
||||
\shellcmd{pacman -S openssh}
|
||||
|
||||
Desweiteren wurden in {\tt /etc/ssh/sshd\_config} (siehe \emph{aufgabe3/sshd\_config}) folgende Zeilen verändert, um den ''root-Account'' zu deaktivieren und den passwortlosen Zugriff zu aktivieren:
|
||||
Desweiteren wurden in {\tt /etc/ssh/sshd\_config} (siehe \emph{aufgabe2.3/sshd\_config}) folgende Zeilen verändert, um den ''root-Account'' zu deaktivieren und den passwortlosen Zugriff zu aktivieren:
|
||||
|
||||
\begin{lstlisting}
|
||||
PermitRootLogin no
|
||||
@ -15,7 +15,9 @@ ChallengeResponseAuthentication no
|
||||
|
||||
\subsubsection{iptables}
|
||||
|
||||
Um den Zugriff auf das universitätsinterne Netz zu beschränken wurde ein Filter-Chain {\tt uni} zur {\tt iptables.rules} unter {\tt /etc/iptables} (siehe \emph{aufgabe3/iptables.rules}) hinzugefügt, der nur IP-Adressen aus den Bereichen 141.30.0.0/16 und 141.76.0.0/16 akzeptiert und die Zugriffe auf Port 22, 80 und 443 beschränkt.
|
||||
Um den Zugriff auf das universitätsinterne Netz zu beschränken wurde ein
|
||||
Filter-Chain {\tt uni} zur {\tt iptables.rules} unter {\tt /etc/iptables} (siehe
|
||||
\emph{aufgabe2.3/iptables.rules}) hinzugefügt, der nur IP-Adressen aus den Bereichen 141.30.0.0/16 und 141.76.0.0/16 akzeptiert und die Zugriffe auf Port 22, 80 und 443 beschränkt.
|
||||
|
||||
\subsubsection{Absicherung für externen Zugriff}
|
||||
|
||||
@ -23,4 +25,5 @@ Um den Zugriff aus einem externen Netz abzusichern, könnte man z.B. den externe
|
||||
|
||||
\subsubsection{Automatisierung für neue Nutzer}
|
||||
|
||||
Das automatisierte Hinzufügen neuer Nutzer haben wir über ein Script {\tt newuser} (siehe \emph{aufgabe3/newuser}) gelöst. Dieses Script legt einen neuen Benutzer an, erstellt sein Home-Verzeichnis, generiert ein neues Public-Private-Key-Paar für SSH und trägt den eigenen Public-Key in die {\tt authorized\_keys} sowie für den Zugriff auf das git-Repository ein.
|
||||
Das automatisierte Hinzufügen neuer Nutzer haben wir über ein Script {\tt
|
||||
newuser} (siehe \emph{aufgabe2.3/newuser}) gelöst. Dieses Script legt einen neuen Benutzer an, erstellt sein Home-Verzeichnis, generiert ein neues Public-Private-Key-Paar für SSH und trägt den eigenen Public-Key in die {\tt authorized\_keys} sowie für den Zugriff auf das git-Repository ein.
|
||||
|
@ -26,9 +26,17 @@ Nach dem erfolgreichen Reboot haben wir dann das Netzwerk auf eine statische IP-
|
||||
|
||||
\subsubsection{Netzwerk-Konfiguration}
|
||||
|
||||
Auf dem Headnode bzw. Computenode haben wir mit {\tt netctl} die beiden Netzwerk-Interfaces {\tt eth0} und {\tt eth1} bzw. {\tt enp1s0} auf eine statische IP-Adresse (wie im Cluster-Layout angegeben) konfiguriert (siehe \emph{aufgabe2/headnode/network} und \emph{aufgabe2/headnode/internal} bzw. \emph{aufgabe2/computenode/internal}).
|
||||
Auf dem Headnode bzw. Computenode haben wir mit {\tt netctl} die beiden
|
||||
Netzwerk-Interfaces {\tt eth0} und {\tt eth1} bzw. {\tt enp1s0} auf eine
|
||||
statische IP-Adresse (wie im Cluster-Layout angegeben) konfiguriert (siehe
|
||||
\emph{aufgabe2.2/headnode/network} und \emph{aufgabe2.2/headnode/internal} bzw.
|
||||
\emph{aufgabe2.2/computenode/internal}).
|
||||
|
||||
Auf dem Headnode mussten wir noch mittels {\tt iptables} das {\tt MASQUERADE}-Target in der {\tt POSTROUTING}-Chain in der {\tt nat}-Tabelle auf dem {\tt eth0}-Interface setzen (siehe \emph{aufgabe3/iptables.rules}) und mit {\tt sysctl} (\emph{/etc/sysctl.d}) die Option {\tt net.ipv4.ip\_forward = 1} (siehe \emph{aufgabe2/10-ip-forward-conf}) freischalten, damit die Computenodes auch auf das Internet zugreifen können (Paketinstallationen, Updates, etc.).
|
||||
Auf dem Headnode mussten wir noch mittels {\tt iptables} das {\tt
|
||||
MASQUERADE}-Target in der {\tt POSTROUTING}-Chain in der {\tt nat}-Tabelle auf
|
||||
dem {\tt eth0}-Interface setzen (siehe \emph{aufgabe2.3/iptables.rules}) und mit
|
||||
{\tt sysctl} (\emph{/etc/sysctl.d}) die Option {\tt net.ipv4.ip\_forward = 1}
|
||||
(siehe \emph{aufgabe2.2/10-ip-forward-conf}) freischalten, damit die Computenodes auch auf das Internet zugreifen können (Paketinstallationen, Updates, etc.).
|
||||
|
||||
\input{abschnitte/bs-ssh}
|
||||
|
||||
@ -36,4 +44,4 @@ Auf dem Headnode mussten wir noch mittels {\tt iptables} das {\tt MASQUERADE}-Ta
|
||||
|
||||
\input{abschnitte/bs-pdsh}
|
||||
|
||||
\pagebreak
|
||||
\pagebreak
|
||||
|
@ -24,7 +24,7 @@ Für das Webfrontend richteten wir darüber hinaus den Webserver {\tt nginx} ein
|
||||
|
||||
Dieser kommuniziert über fastcgi mit Munin um die Graphen
|
||||
generieren zu lassen. Die nötige Konfiguration befindet sich in {\tt
|
||||
aufgabe5/nginx}. Die fastcgi-Prozesse von Munin starteten wir mit folgenden
|
||||
aufgabe2.5/nginx}. Die fastcgi-Prozesse von Munin starteten wir mit folgenden
|
||||
Befehl:
|
||||
|
||||
\shellcmd{systemctl enable munin-graph.socket munin-html.socket}
|
||||
@ -32,7 +32,7 @@ Befehl:
|
||||
\shellcmd{systemctl start munin-graph.socket munin-html.socket}
|
||||
|
||||
Die ab zu fragenden Nodes werden in die {\tt munin.conf} eingetragen ({\tt
|
||||
aufgabe6/munin.conf}).
|
||||
aufgabe2.6/munin.conf}).
|
||||
Da die Anzahl unserer Nodes verhältnismäßig klein ist, haben wir uns für die
|
||||
Aktualisierung der Leistungsdaten via {\tt munin-cron} entschieden:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user