From c53b6616f89d67d31e34f667151bfa5afa7ae8a5 Mon Sep 17 00:00:00 2001 From: Sharad Ahlawat Date: Thu, 11 Jun 2020 12:02:40 -0700 Subject: [PATCH] updates Jun 11 --- configs/etc/ctl.conf | 12 +++++------ configs/etc/rc.conf | 36 +++++++++++++++++++++++++++++++-- configs/pxe/ctl.conf | 12 +++++------ configs/pxe/iscsi.conf.13 | 2 +- configs/pxe/iscsi.conf.17 | 7 ------- configs/pxe/iscsi.conf.18 | 7 ------- configs/pxe/rc.conf | 20 ++++++++++++++++++ configs/pxe/resolv.conf | 3 +-- jails/config/ibm/create_tuns.sh | 14 ------------- jails/config/vm/create_taps.sh | 5 +++++ jails/config/vm/r-windows.sh | 22 ++++++++++---------- jails/config/vm/startvms.sh | 11 +++++++--- jails/jails-restore-httpd.sh | 13 +++++++++--- jails/jails-update-pkgs.sh | 14 ++++++++----- 14 files changed, 111 insertions(+), 67 deletions(-) delete mode 100644 configs/pxe/iscsi.conf.17 delete mode 100644 configs/pxe/iscsi.conf.18 delete mode 100755 jails/config/ibm/create_tuns.sh diff --git a/configs/etc/ctl.conf b/configs/etc/ctl.conf index 22ba50a..23af5bb 100644 --- a/configs/etc/ctl.conf +++ b/configs/etc/ctl.conf @@ -4,32 +4,32 @@ portal-group pg0 { listen [::] } -target iqn.nas.ahlawat.com:lab13 { +target iqn.nas.ahlawat.com:f11 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab13 + path /dev/zvol/ship/raw/FreeBSD11 size 128G } } -target iqn.nas.ahlawat.com:lab17 { +target iqn.nas.ahlawat.com:f12 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab17 + path /dev/zvol/ship/raw/FreeBSD12 size 128G } } -target iqn.nas.ahlawat.com:lab18 { +target iqn.nas.ahlawat.com:f13 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab18 + path /dev/zvol/ship/raw/FreeBSD13 size 128G } } diff --git a/configs/etc/rc.conf b/configs/etc/rc.conf index 8f617c6..4e1af89 100644 --- a/configs/etc/rc.conf +++ b/configs/etc/rc.conf @@ -1,6 +1,6 @@ zfs_enable="YES" -kld_list="nmdm vmm ipfw" +kld_list="nmdm vmm ipfw ipdivert linux64" # Do not mark to autodetach otherwise ZFS gets very unhappy. geli_autodetach="NO" @@ -24,7 +24,7 @@ nut_enable="YES" #dbus_enable="YES" -firewall_enable="NO" +firewall_enable="YES" firewall_type="open" firewall_logging="YES" firewall_logif="YES" @@ -56,6 +56,16 @@ ifconfig_bridge2="addm lagg0.2 up" ifconfig_bridge5="addm lagg0.5 up" ifconfig_bridge9="addm lagg0.9 up" +# adding IP to bridges does not work +#ifconfig_bridge1="inet 192.168.0.10/24" +#ifconfig_bridge1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv" +#ifconfig_bridge2="inet 192.168.1.10/24" +#ifconfig_bridge2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv" +#ifconfig_bridge5="inet 192.168.2.10/24" +#ifconfig_bridge5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv" +#ifconfig_bridge9="inet 192.168.200.10/24" +#ifconfig_bridge9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv" + defaultrouter="192.168.0.5" ipv6_defaultrouter="2603:3024:3f6:e1::5" # interfaces @@ -83,3 +93,25 @@ devfs_system_ruleset="usbrules" node_exporter_enable="YES" node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*" gstat_exporter_enable="YES" + +# modify hard disk cam queues +cam_tag_enable="YES" + +# debian jail +linux_enable="YES" + +nfs_server_enable="YES" +nfsv4_server_enable="YES" +nfsuserd_enable="YES" + +mountd_enable="YES" +mountd_flags="-r" + +rpcbind_enable="YES" +rpc_lockd_enable="YES" +rpc_statd_enable="YES" + +tftpd_enable="YES" +tftpd_flags="-s /mnt/ship/pxe" + +ctld_enable="YES" diff --git a/configs/pxe/ctl.conf b/configs/pxe/ctl.conf index 22ba50a..23af5bb 100644 --- a/configs/pxe/ctl.conf +++ b/configs/pxe/ctl.conf @@ -4,32 +4,32 @@ portal-group pg0 { listen [::] } -target iqn.nas.ahlawat.com:lab13 { +target iqn.nas.ahlawat.com:f11 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab13 + path /dev/zvol/ship/raw/FreeBSD11 size 128G } } -target iqn.nas.ahlawat.com:lab17 { +target iqn.nas.ahlawat.com:f12 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab17 + path /dev/zvol/ship/raw/FreeBSD12 size 128G } } -target iqn.nas.ahlawat.com:lab18 { +target iqn.nas.ahlawat.com:f13 { # auth-group no-authentication portal-group pg0 chap user secretsecret lun 0 { - path /dev/zvol/ship/raw/lab18 + path /dev/zvol/ship/raw/FreeBSD13 size 128G } } diff --git a/configs/pxe/iscsi.conf.13 b/configs/pxe/iscsi.conf.13 index f2d208e..f4daee9 100644 --- a/configs/pxe/iscsi.conf.13 +++ b/configs/pxe/iscsi.conf.13 @@ -1,6 +1,6 @@ t0 { TargetAddress = 192.168.0.10 - TargetName = iqn.nas.ahlawat.com:lab13 + TargetName = iqn.nas.ahlawat.com:f13 AuthMethod = CHAP chapIName = user chapSecret = secretsecret diff --git a/configs/pxe/iscsi.conf.17 b/configs/pxe/iscsi.conf.17 deleted file mode 100644 index b304b9d..0000000 --- a/configs/pxe/iscsi.conf.17 +++ /dev/null @@ -1,7 +0,0 @@ -t0 { - TargetAddress = 192.168.0.10 - TargetName = iqn.nas.ahlawat.com:lab17 - AuthMethod = CHAP - chapIName = user - chapSecret = secretsecret -} diff --git a/configs/pxe/iscsi.conf.18 b/configs/pxe/iscsi.conf.18 deleted file mode 100644 index c339b3f..0000000 --- a/configs/pxe/iscsi.conf.18 +++ /dev/null @@ -1,7 +0,0 @@ -t0 { - TargetAddress = 192.168.0.10 - TargetName = iqn.nas.ahlawat.com:lab18 - AuthMethod = CHAP - chapIName = user - chapSecret = secretsecret -} diff --git a/configs/pxe/rc.conf b/configs/pxe/rc.conf index 1fa850e..8170905 100644 --- a/configs/pxe/rc.conf +++ b/configs/pxe/rc.conf @@ -1,6 +1,26 @@ +cloned_interfaces_sticky="YES" +cloned_interfaces="bridge1 bridge2 bridge11 bridge12" +ifconfig_bridge1="ether random addm bge0 up" +ifconfig_bridge2="ether random addm bge1 up" +ifconfig_bridge11="ether random addm bnxt0 up" +#ifconfig_bridge12="ether random addm bnxt1 up" +ifconfig_bnxt0="up" +ifconfig_bnxt1="up" +# +#on lab17: +#ifconfig_bnxt0="inet 10.0.11.17/24 up" +#ifconfig_bnxt1="inet 10.0.12.17/24 up" +# +#on lab18: +#ifconfig_bnxt0="inet 10.0.11.18/24 up" +#ifconfig_bnxt1="inet 10.0.12.18/24 up" + +rpcbind_enable="YES" rpc_lockd_enable="YES" rpc_statd_enable="YES" + sshd_enable="YES" + iscsid_enable="YES" iscsictl_enable="YES" iscsictl_flags="-Aa" diff --git a/configs/pxe/resolv.conf b/configs/pxe/resolv.conf index d340533..f2c5c76 100644 --- a/configs/pxe/resolv.conf +++ b/configs/pxe/resolv.conf @@ -1,8 +1,7 @@ # Generated by resolvconf -search ahlawat.com +search diyit.org nameserver 192.168.0.5 nameserver 2603:3024:3f6:e1::5 nameserver 2603:3024:3f6:e2::5 nameserver 2603:3024:3f6:e5::5 nameserver 2603:3024:3f6:e9::5 - diff --git a/jails/config/ibm/create_tuns.sh b/jails/config/ibm/create_tuns.sh deleted file mode 100755 index ac37b16..0000000 --- a/jails/config/ibm/create_tuns.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2018-2020, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -ifconfig tun181 create -#ifconfig bridge1 addm tap181 up -#ifconfig tap181 up -#ifconfig tap181 inet6 auto_linklocal diff --git a/jails/config/vm/create_taps.sh b/jails/config/vm/create_taps.sh index 94c50e7..a3a5ff2 100755 --- a/jails/config/vm/create_taps.sh +++ b/jails/config/vm/create_taps.sh @@ -28,6 +28,11 @@ ifconfig bridge1 addm tap84 up ifconfig tap84 up ifconfig tap84 inet6 auto_linklocal +ifconfig tap85 create +ifconfig bridge1 addm tap85 up +ifconfig tap85 up +ifconfig tap85 inet6 auto_linklocal + ifconfig tap90 create ifconfig bridge1 addm tap90 up ifconfig tap90 up diff --git a/jails/config/vm/r-windows.sh b/jails/config/vm/r-windows.sh index 53b6042..0cecb3e 100755 --- a/jails/config/vm/r-windows.sh +++ b/jails/config/vm/r-windows.sh @@ -18,12 +18,12 @@ do bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \ -s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \ --s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \ --s 6,ahci-hd,/dev/zvol/ship/raw/windows_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5981,w=1600,h=900 \ +-s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \ +-s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \ +-s 6,ahci-hd,/dev/zvol/ship/raw/r-windows_data,sectorsize=512 \ +-s 29,fbuf,tcp=0.0.0.0:5985,w=1600,h=900 \ -s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm81A \ +-s 31,lpc -l com1,/dev/nmdm85A \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ r-windows @@ -53,14 +53,14 @@ exit $? # bhyvectl --get-all --vm=r-windows -# cu -l /dev/nmdm81B +# cu -l /dev/nmdm85B # (This uses cu() so press ~+Ctrl-D to exit) #on base system: #zfs create -V 32G -o refreservation=none ship/raw/r-windows -#zfs create -V 128G -o refreservation=none ship/raw/r-windows_data +#zfs create -V 256G -o refreservation=none ship/raw/r-windows_data # on boot -#ifconfig tap81 create -#ifconfig bridge1 addm tap81 up -#ifconfig tap81 up -#ifconfig tap81 inet6 auto_linklocal +#ifconfig tap85 create +#ifconfig bridge1 addm tap85 up +#ifconfig tap85 up +#ifconfig tap85 inet6 auto_linklocal diff --git a/jails/config/vm/startvms.sh b/jails/config/vm/startvms.sh index f1f4252..b8e59b1 100755 --- a/jails/config/vm/startvms.sh +++ b/jails/config/vm/startvms.sh @@ -18,10 +18,10 @@ tmux new-session -d -s $session -n freepbx tmux selectp -t 1 tmux send-keys "cd /mnt/config;./pbx.sh" C-m -# create a new window r-windows -tmux new-window -t $session:1 -n r-windows +# create a new window windows +tmux new-window -t $session:1 -n windows tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./r-windows.sh" C-m +tmux send-keys "cd /mnt/config;./windows.sh" C-m # create a new window ubuntu tmux new-window -t $session:2 -n ubuntu @@ -38,6 +38,11 @@ tmux new-window -t $session:4 -n w2019 tmux selectp -t 1 tmux send-keys "cd /mnt/config;./w2019.sh" C-m +# create a new window r-windows +tmux new-window -t $session:5 -n r-windows +tmux selectp -t 1 +tmux send-keys "cd /mnt/config;./r-windows.sh" C-m + # return to main window tmux select-window -t $session:0 tmux selectp -t 1 diff --git a/jails/jails-restore-httpd.sh b/jails/jails-restore-httpd.sh index 5301aa2..1508893 100755 --- a/jails/jails-restore-httpd.sh +++ b/jails/jails-restore-httpd.sh @@ -12,7 +12,8 @@ web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit ldap-mgr r-ldap-mg for i in ${web_jails[@]}; do - echo "## checking $i JAIL configs after Apache and/or PHP updates ##" + echo "" + echo "## checking $i JAIL configs after Apache and/or PHP updates ##" iocage exec $i "diff /usr/local/etc/apache24/httpd.conf /mnt/config/httpd.conf" iocage exec $i "diff /usr/local/etc/php.ini /mnt/config/php.ini" if [[ "$i" != "ldap-mgr" && "$i" != "r-ldap-mgr" ]]; then @@ -21,14 +22,20 @@ do echo "####" done +echo "" +echo "check in output above if php.ini or php-fpm also need to be restored" + +echo "" read -p "Return/Enter to restore httpd.conf files, ctrl-c to abort? " RESP for i in ${web_jails[@]}; do + echo "" echo "restoring httpd.conf in web_jail $i after Apache update" iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf" iocage exec $i "service apache24 restart" done -echo "check in output above if php.ini or php-fpm need to be restored" -echo "check pkgp jail nginx instance is running" +echo "" +echo "checking pkgp jail nginx instance is running" +iocage exec nginx "service nginx staus" service nginx status diff --git a/jails/jails-update-pkgs.sh b/jails/jails-update-pkgs.sh index 9491467..f697e98 100755 --- a/jails/jails-update-pkgs.sh +++ b/jails/jails-update-pkgs.sh @@ -66,6 +66,10 @@ for i in `iocage list -h | cut -f 2`; do echo "## $i JAIL ##" + if [ $i == "pkgp" ] || [ $i == "debian"]; then + continue; + fi + iocage exec $i "pkg update" if [[ "$i" == "ldap" || "$i" == "r-ldap" ]]; then @@ -92,17 +96,17 @@ do done echo "NOTES:" - +echo "" echo "update base system by running:" echo "pkg update" echo "pkg autoremove -y" echo "pkg upgrade -y" echo "pkg clean -ay" - +echo "" echo "iocage stop ALL" echo "iocage start ALL" - -echo "hub check for index.html and adminer version" - +echo "" +echo "check hub for index.html and adminer version" +echo "" echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\"" echo "iocage exec cert \"cp -r /root/.acme.sh /mnt/certs\""