updates Jun 11

This commit is contained in:
Sharad Ahlawat 2020-06-11 12:02:40 -07:00
parent b5674dda38
commit c53b6616f8
14 changed files with 111 additions and 67 deletions

View File

@ -4,32 +4,32 @@ portal-group pg0 {
listen [::] listen [::]
} }
target iqn.nas.ahlawat.com:lab13 { target iqn.nas.ahlawat.com:f11 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab13 path /dev/zvol/ship/raw/FreeBSD11
size 128G size 128G
} }
} }
target iqn.nas.ahlawat.com:lab17 { target iqn.nas.ahlawat.com:f12 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab17 path /dev/zvol/ship/raw/FreeBSD12
size 128G size 128G
} }
} }
target iqn.nas.ahlawat.com:lab18 { target iqn.nas.ahlawat.com:f13 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab18 path /dev/zvol/ship/raw/FreeBSD13
size 128G size 128G
} }
} }

View File

@ -1,6 +1,6 @@
zfs_enable="YES" zfs_enable="YES"
kld_list="nmdm vmm ipfw" kld_list="nmdm vmm ipfw ipdivert linux64"
# Do not mark to autodetach otherwise ZFS gets very unhappy. # Do not mark to autodetach otherwise ZFS gets very unhappy.
geli_autodetach="NO" geli_autodetach="NO"
@ -24,7 +24,7 @@ nut_enable="YES"
#dbus_enable="YES" #dbus_enable="YES"
firewall_enable="NO" firewall_enable="YES"
firewall_type="open" firewall_type="open"
firewall_logging="YES" firewall_logging="YES"
firewall_logif="YES" firewall_logif="YES"
@ -56,6 +56,16 @@ ifconfig_bridge2="addm lagg0.2 up"
ifconfig_bridge5="addm lagg0.5 up" ifconfig_bridge5="addm lagg0.5 up"
ifconfig_bridge9="addm lagg0.9 up" ifconfig_bridge9="addm lagg0.9 up"
# adding IP to bridges does not work
#ifconfig_bridge1="inet 192.168.0.10/24"
#ifconfig_bridge1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
#ifconfig_bridge2="inet 192.168.1.10/24"
#ifconfig_bridge2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
#ifconfig_bridge5="inet 192.168.2.10/24"
#ifconfig_bridge5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
#ifconfig_bridge9="inet 192.168.200.10/24"
#ifconfig_bridge9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
defaultrouter="192.168.0.5" defaultrouter="192.168.0.5"
ipv6_defaultrouter="2603:3024:3f6:e1::5" ipv6_defaultrouter="2603:3024:3f6:e1::5"
# interfaces # interfaces
@ -83,3 +93,25 @@ devfs_system_ruleset="usbrules"
node_exporter_enable="YES" node_exporter_enable="YES"
node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*" node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*"
gstat_exporter_enable="YES" gstat_exporter_enable="YES"
# modify hard disk cam queues
cam_tag_enable="YES"
# debian jail
linux_enable="YES"
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"
mountd_enable="YES"
mountd_flags="-r"
rpcbind_enable="YES"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
tftpd_enable="YES"
tftpd_flags="-s /mnt/ship/pxe"
ctld_enable="YES"

View File

@ -4,32 +4,32 @@ portal-group pg0 {
listen [::] listen [::]
} }
target iqn.nas.ahlawat.com:lab13 { target iqn.nas.ahlawat.com:f11 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab13 path /dev/zvol/ship/raw/FreeBSD11
size 128G size 128G
} }
} }
target iqn.nas.ahlawat.com:lab17 { target iqn.nas.ahlawat.com:f12 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab17 path /dev/zvol/ship/raw/FreeBSD12
size 128G size 128G
} }
} }
target iqn.nas.ahlawat.com:lab18 { target iqn.nas.ahlawat.com:f13 {
# auth-group no-authentication # auth-group no-authentication
portal-group pg0 portal-group pg0
chap user secretsecret chap user secretsecret
lun 0 { lun 0 {
path /dev/zvol/ship/raw/lab18 path /dev/zvol/ship/raw/FreeBSD13
size 128G size 128G
} }
} }

View File

@ -1,6 +1,6 @@
t0 { t0 {
TargetAddress = 192.168.0.10 TargetAddress = 192.168.0.10
TargetName = iqn.nas.ahlawat.com:lab13 TargetName = iqn.nas.ahlawat.com:f13
AuthMethod = CHAP AuthMethod = CHAP
chapIName = user chapIName = user
chapSecret = secretsecret chapSecret = secretsecret

View File

@ -1,7 +0,0 @@
t0 {
TargetAddress = 192.168.0.10
TargetName = iqn.nas.ahlawat.com:lab17
AuthMethod = CHAP
chapIName = user
chapSecret = secretsecret
}

View File

@ -1,7 +0,0 @@
t0 {
TargetAddress = 192.168.0.10
TargetName = iqn.nas.ahlawat.com:lab18
AuthMethod = CHAP
chapIName = user
chapSecret = secretsecret
}

View File

@ -1,6 +1,26 @@
cloned_interfaces_sticky="YES"
cloned_interfaces="bridge1 bridge2 bridge11 bridge12"
ifconfig_bridge1="ether random addm bge0 up"
ifconfig_bridge2="ether random addm bge1 up"
ifconfig_bridge11="ether random addm bnxt0 up"
#ifconfig_bridge12="ether random addm bnxt1 up"
ifconfig_bnxt0="up"
ifconfig_bnxt1="up"
#
#on lab17:
#ifconfig_bnxt0="inet 10.0.11.17/24 up"
#ifconfig_bnxt1="inet 10.0.12.17/24 up"
#
#on lab18:
#ifconfig_bnxt0="inet 10.0.11.18/24 up"
#ifconfig_bnxt1="inet 10.0.12.18/24 up"
rpcbind_enable="YES"
rpc_lockd_enable="YES" rpc_lockd_enable="YES"
rpc_statd_enable="YES" rpc_statd_enable="YES"
sshd_enable="YES" sshd_enable="YES"
iscsid_enable="YES" iscsid_enable="YES"
iscsictl_enable="YES" iscsictl_enable="YES"
iscsictl_flags="-Aa" iscsictl_flags="-Aa"

View File

@ -1,8 +1,7 @@
# Generated by resolvconf # Generated by resolvconf
search ahlawat.com search diyit.org
nameserver 192.168.0.5 nameserver 192.168.0.5
nameserver 2603:3024:3f6:e1::5 nameserver 2603:3024:3f6:e1::5
nameserver 2603:3024:3f6:e2::5 nameserver 2603:3024:3f6:e2::5
nameserver 2603:3024:3f6:e5::5 nameserver 2603:3024:3f6:e5::5
nameserver 2603:3024:3f6:e9::5 nameserver 2603:3024:3f6:e9::5

View File

@ -1,14 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2018-2020, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#
ifconfig tun181 create
#ifconfig bridge1 addm tap181 up
#ifconfig tap181 up
#ifconfig tap181 inet6 auto_linklocal

View File

@ -28,6 +28,11 @@ ifconfig bridge1 addm tap84 up
ifconfig tap84 up ifconfig tap84 up
ifconfig tap84 inet6 auto_linklocal ifconfig tap84 inet6 auto_linklocal
ifconfig tap85 create
ifconfig bridge1 addm tap85 up
ifconfig tap85 up
ifconfig tap85 inet6 auto_linklocal
ifconfig tap90 create ifconfig tap90 create
ifconfig bridge1 addm tap90 up ifconfig bridge1 addm tap90 up
ifconfig tap90 up ifconfig tap90 up

View File

@ -18,12 +18,12 @@ do
bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \ bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \
-s 0,hostbridge \ -s 0,hostbridge \
-s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \ -s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \
-s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \ -s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \
-s 6,ahci-hd,/dev/zvol/ship/raw/windows_data,sectorsize=512 \ -s 6,ahci-hd,/dev/zvol/ship/raw/r-windows_data,sectorsize=512 \
-s 29,fbuf,tcp=0.0.0.0:5981,w=1600,h=900 \ -s 29,fbuf,tcp=0.0.0.0:5985,w=1600,h=900 \
-s 30,xhci,tablet \ -s 30,xhci,tablet \
-s 31,lpc -l com1,/dev/nmdm81A \ -s 31,lpc -l com1,/dev/nmdm85A \
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
r-windows r-windows
@ -53,14 +53,14 @@ exit $?
# bhyvectl --get-all --vm=r-windows # bhyvectl --get-all --vm=r-windows
# cu -l /dev/nmdm81B # cu -l /dev/nmdm85B
# (This uses cu() so press ~+Ctrl-D to exit) # (This uses cu() so press ~+Ctrl-D to exit)
#on base system: #on base system:
#zfs create -V 32G -o refreservation=none ship/raw/r-windows #zfs create -V 32G -o refreservation=none ship/raw/r-windows
#zfs create -V 128G -o refreservation=none ship/raw/r-windows_data #zfs create -V 256G -o refreservation=none ship/raw/r-windows_data
# on boot # on boot
#ifconfig tap81 create #ifconfig tap85 create
#ifconfig bridge1 addm tap81 up #ifconfig bridge1 addm tap85 up
#ifconfig tap81 up #ifconfig tap85 up
#ifconfig tap81 inet6 auto_linklocal #ifconfig tap85 inet6 auto_linklocal

View File

@ -18,10 +18,10 @@ tmux new-session -d -s $session -n freepbx
tmux selectp -t 1 tmux selectp -t 1
tmux send-keys "cd /mnt/config;./pbx.sh" C-m tmux send-keys "cd /mnt/config;./pbx.sh" C-m
# create a new window r-windows # create a new window windows
tmux new-window -t $session:1 -n r-windows tmux new-window -t $session:1 -n windows
tmux selectp -t 1 tmux selectp -t 1
tmux send-keys "cd /mnt/config;./r-windows.sh" C-m tmux send-keys "cd /mnt/config;./windows.sh" C-m
# create a new window ubuntu # create a new window ubuntu
tmux new-window -t $session:2 -n ubuntu tmux new-window -t $session:2 -n ubuntu
@ -38,6 +38,11 @@ tmux new-window -t $session:4 -n w2019
tmux selectp -t 1 tmux selectp -t 1
tmux send-keys "cd /mnt/config;./w2019.sh" C-m tmux send-keys "cd /mnt/config;./w2019.sh" C-m
# create a new window r-windows
tmux new-window -t $session:5 -n r-windows
tmux selectp -t 1
tmux send-keys "cd /mnt/config;./r-windows.sh" C-m
# return to main window # return to main window
tmux select-window -t $session:0 tmux select-window -t $session:0
tmux selectp -t 1 tmux selectp -t 1

View File

@ -12,6 +12,7 @@ web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit ldap-mgr r-ldap-mg
for i in ${web_jails[@]}; for i in ${web_jails[@]};
do do
echo ""
echo "## checking $i JAIL configs after Apache and/or PHP updates ##" echo "## checking $i JAIL configs after Apache and/or PHP updates ##"
iocage exec $i "diff /usr/local/etc/apache24/httpd.conf /mnt/config/httpd.conf" iocage exec $i "diff /usr/local/etc/apache24/httpd.conf /mnt/config/httpd.conf"
iocage exec $i "diff /usr/local/etc/php.ini /mnt/config/php.ini" iocage exec $i "diff /usr/local/etc/php.ini /mnt/config/php.ini"
@ -21,14 +22,20 @@ do
echo "####" echo "####"
done done
echo ""
echo "check in output above if php.ini or php-fpm also need to be restored"
echo ""
read -p "Return/Enter to restore httpd.conf files, ctrl-c to abort? " RESP read -p "Return/Enter to restore httpd.conf files, ctrl-c to abort? " RESP
for i in ${web_jails[@]}; for i in ${web_jails[@]};
do do
echo ""
echo "restoring httpd.conf in web_jail $i after Apache update" echo "restoring httpd.conf in web_jail $i after Apache update"
iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf" iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf"
iocage exec $i "service apache24 restart" iocage exec $i "service apache24 restart"
done done
echo "check in output above if php.ini or php-fpm need to be restored" echo ""
echo "check pkgp jail nginx instance is running" echo "checking pkgp jail nginx instance is running"
iocage exec nginx "service nginx staus" service nginx status

View File

@ -66,6 +66,10 @@ for i in `iocage list -h | cut -f 2`;
do do
echo "## $i JAIL ##" echo "## $i JAIL ##"
if [ $i == "pkgp" ] || [ $i == "debian"]; then
continue;
fi
iocage exec $i "pkg update" iocage exec $i "pkg update"
if [[ "$i" == "ldap" || "$i" == "r-ldap" ]]; then if [[ "$i" == "ldap" || "$i" == "r-ldap" ]]; then
@ -92,17 +96,17 @@ do
done done
echo "NOTES:" echo "NOTES:"
echo ""
echo "update base system by running:" echo "update base system by running:"
echo "pkg update" echo "pkg update"
echo "pkg autoremove -y" echo "pkg autoremove -y"
echo "pkg upgrade -y" echo "pkg upgrade -y"
echo "pkg clean -ay" echo "pkg clean -ay"
echo ""
echo "iocage stop ALL" echo "iocage stop ALL"
echo "iocage start ALL" echo "iocage start ALL"
echo ""
echo "hub check for index.html and adminer version" echo "check hub for index.html and adminer version"
echo ""
echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\"" echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\""
echo "iocage exec cert \"cp -r /root/.acme.sh /mnt/certs\"" echo "iocage exec cert \"cp -r /root/.acme.sh /mnt/certs\""