Compare commits
9 Commits
f0270a56ec
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| ff7644a32a | |||
| 5dff08c44d | |||
| 5aff69a05a | |||
| 9dc73bf077 | |||
| cf2b702eb5 | |||
| 23d03f8ba0 | |||
| 5ed8b36c28 | |||
| 3cd5d20de6 | |||
| 2685f7bb11 |
@ -1,7 +1,6 @@
|
|||||||
# kaz-vagrant
|
# kaz-vagrant
|
||||||
|
|
||||||
[Kaz](https://kaz.bzh/) est un CHATONS du Morbihan. Nous proposons ici un moyen de le répliquer dans une VM. Il y a des éléments de configuration à définir avant d'initialiser ce simulateur.
|
[Kaz](https://kaz.bzh/) est un CHATONS du Morbihan. Nous proposons ici un moyen de le répliquer dans une VM. Il y a des éléments de configuration à définir avant d'initialiser ce simulateur.
|
||||||
|
|
||||||
Le principe est de faire fonctionner un simulateur de notre CHATONS dans une VirtualBox pour mettre au point nos différents services.
|
Le principe est de faire fonctionner un simulateur de notre CHATONS dans une VirtualBox pour mettre au point nos différents services.
|
||||||
|
|
||||||
Nous utilisons :
|
Nous utilisons :
|
||||||
@ -46,6 +45,8 @@ Les utilisateurs créés sont
|
|||||||
* debian/debian
|
* debian/debian
|
||||||
* root/root.
|
* root/root.
|
||||||
|
|
||||||
|
Se connecter en root/root
|
||||||
|
|
||||||
Lors du démarrage de la VM, il faut lancer SNSTER :
|
Lors du démarrage de la VM, il faut lancer SNSTER :
|
||||||
```bash
|
```bash
|
||||||
cd /root/snster-kaz
|
cd /root/snster-kaz
|
||||||
@ -75,6 +76,8 @@ Vous pouvez alors (toutes les commandes snster doivent être exécutées dans `/
|
|||||||
* `/kaz` [VM] correspond à `/kaz` [hoster-a-kaz1]
|
* `/kaz` [VM] correspond à `/kaz` [hoster-a-kaz1]
|
||||||
* Il est probablement pratique d'installer son environnement de développement sur la VM, avec ses clés SSH et son éditeur favori.
|
* Il est probablement pratique d'installer son environnement de développement sur la VM, avec ses clés SSH et son éditeur favori.
|
||||||
|
|
||||||
|
Dans Vagrantfile, existent des répertoires partagés entre le host et le VM mais pour qu'ils soient visibles depuis la VM, il faut démarrer la VM non pas avec VirtualBox mais avec Vagrant up.
|
||||||
|
|
||||||
Il y a un aperçu de l'état des services avec l'url https://kaz.sns/status/allServices.html
|
Il y a un aperçu de l'état des services avec l'url https://kaz.sns/status/allServices.html
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
20
Vagrantfile
vendored
20
Vagrantfile
vendored
@ -2,32 +2,14 @@
|
|||||||
# -*- mode: ruby -*-
|
# -*- mode: ruby -*-
|
||||||
# vi: set ft=ruby :
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
unless Vagrant.has_plugin?("vagrant-disksize")
|
|
||||||
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'"
|
|
||||||
end
|
|
||||||
|
|
||||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||||
# configures the configuration version (we support older styles for
|
# configures the configuration version (we support older styles for
|
||||||
# backwards compatibility). Please don't change it unless you know what
|
# backwards compatibility). Please don't change it unless you know what
|
||||||
# you're doing.
|
# you're doing.
|
||||||
Vagrant.configure("2") do |config|
|
Vagrant.configure("2") do |config|
|
||||||
|
|
||||||
required_plugins = %w( vagrant-disksize )
|
config.vm.box = "debian/bookworm64"
|
||||||
_retry = false
|
|
||||||
required_plugins.each do |plugin|
|
|
||||||
unless Vagrant.has_plugin? plugin
|
|
||||||
system "vagrant plugin install #{plugin}"
|
|
||||||
_retry=true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if (_retry)
|
|
||||||
exec "vagrant " + ARGV.join(' ')
|
|
||||||
end
|
|
||||||
|
|
||||||
config.vm.box = "debian/bullseye64"
|
|
||||||
config.vm.hostname = 'kaz-vm'
|
config.vm.hostname = 'kaz-vm'
|
||||||
config.disksize.size = '50GB'
|
|
||||||
|
|
||||||
config.vm.provider "virtualbox" do |vb|
|
config.vm.provider "virtualbox" do |vb|
|
||||||
vb.memory = "4096"
|
vb.memory = "4096"
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
proxy
|
#proxy
|
||||||
#traefik
|
traefik
|
||||||
|
|||||||
@ -24,7 +24,7 @@ export DebugLog="${OUTPUT_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-"
|
|||||||
|
|
||||||
# copie des sources
|
# copie des sources
|
||||||
cd /
|
cd /
|
||||||
git clone https://git.kaz.bzh/KAZ/kaz.git
|
git clone https://git.kaz.bzh/KAZ/KazV2.git kaz
|
||||||
(cd /kaz ; git checkout "${KAZBRANCH}" )
|
(cd /kaz ; git checkout "${KAZBRANCH}" )
|
||||||
|
|
||||||
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env
|
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env
|
||||||
|
|||||||
@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
|||||||
DIR=`dirname $0`
|
DIR=`dirname $0`
|
||||||
cd `dirname $0`
|
cd `dirname $0`
|
||||||
|
|
||||||
# disable systemd-resolved which conflicts with nsd
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||||
systemctl stop systemd-resolved
|
then
|
||||||
|
# disable systemd-resolved which conflicts with nsd
|
||||||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
|
systemctl stop systemd-resolved
|
||||||
|
fi
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get update
|
DEBIAN_FRONTEND=noninteractive apt-get update
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
||||||
|
|||||||
@ -24,7 +24,7 @@ export DebugLog="${OUTPUT_DIR}/log/log-kaz-$(date +%y-%m-%d-%T)-"
|
|||||||
|
|
||||||
# copie des sources
|
# copie des sources
|
||||||
cd /
|
cd /
|
||||||
git clone https://git.kaz.bzh/KAZ/kaz.git
|
git clone https://git.kaz.bzh/KAZ/KazV2.git kaz
|
||||||
(cd /kaz ; git checkout "${KAZBRANCH}" )
|
(cd /kaz ; git checkout "${KAZBRANCH}" )
|
||||||
|
|
||||||
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env
|
cp "${DIR}/kaz-config/dockers.env" /kaz/config/dockers.env
|
||||||
|
|||||||
@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
|||||||
DIR=`dirname $0`
|
DIR=`dirname $0`
|
||||||
cd `dirname $0`
|
cd `dirname $0`
|
||||||
|
|
||||||
# disable systemd-resolved which conflicts with nsd
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||||
systemctl stop systemd-resolved
|
then
|
||||||
|
# disable systemd-resolved which conflicts with nsd
|
||||||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
|
systemctl stop systemd-resolved
|
||||||
|
fi
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get update
|
DEBIAN_FRONTEND=noninteractive apt-get update
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
|
||||||
|
|||||||
@ -7,13 +7,17 @@ cd `dirname $0`
|
|||||||
|
|
||||||
# Email's mail account email@isp-a.sns
|
# Email's mail account email@isp-a.sns
|
||||||
useradd -m -s "/bin/bash" -p `mkpasswd --method=sha-512 email` email || true
|
useradd -m -s "/bin/bash" -p `mkpasswd --method=sha-512 email` email || true
|
||||||
addgroup email mail
|
adduser email mail
|
||||||
#mkdir /home/hacker/mail
|
#mkdir /home/hacker/mail
|
||||||
#touch /home/hacker/mail/Drafts /home/hacker/mail/Queue /home/hacker/mail/Sent /home/hacker/mail/Trash
|
#touch /home/hacker/mail/Drafts /home/hacker/mail/Queue /home/hacker/mail/Sent /home/hacker/mail/Trash
|
||||||
|
|
||||||
# disable systemd-resolved which conflicts with nsd
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||||
systemctl stop systemd-resolved
|
then
|
||||||
|
# disable systemd-resolved which conflicts with nsd
|
||||||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
|
systemctl stop systemd-resolved
|
||||||
|
fi
|
||||||
|
|
||||||
# manage isp-a.sns zone
|
# manage isp-a.sns zone
|
||||||
apt-get update
|
apt-get update
|
||||||
|
|||||||
@ -7,14 +7,14 @@ header:
|
|||||||
config:
|
config:
|
||||||
prefix: kaz
|
prefix: kaz
|
||||||
nat-bridge: lxcbr0
|
nat-bridge: lxcbr0
|
||||||
default-master: bullseye
|
default-master: bookworm
|
||||||
|
|
||||||
masters:
|
masters:
|
||||||
bullseye:
|
bookworm:
|
||||||
backend: lxc
|
backend: lxc
|
||||||
template: debian
|
template: debian
|
||||||
parameters:
|
parameters:
|
||||||
release: bullseye
|
release: bookworm
|
||||||
arch: amd64
|
arch: amd64
|
||||||
family: debian
|
family: debian
|
||||||
|
|
||||||
@ -23,9 +23,8 @@ masters:
|
|||||||
template: download
|
template: download
|
||||||
parameters:
|
parameters:
|
||||||
dist: alpine
|
dist: alpine
|
||||||
release: 3.14
|
release: 3.21
|
||||||
arch: amd64
|
arch: amd64
|
||||||
no-validate: true
|
|
||||||
family: alpine
|
family: alpine
|
||||||
|
|
||||||
disabled-groups:
|
disabled-groups:
|
||||||
|
|||||||
@ -5,9 +5,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
|||||||
DIR=`dirname $0`
|
DIR=`dirname $0`
|
||||||
cd `dirname $0`
|
cd `dirname $0`
|
||||||
|
|
||||||
# disable systemd-resolved which conflicts with nsd
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||||
systemctl stop systemd-resolved
|
then
|
||||||
|
# disable systemd-resolved which conflicts with nsd
|
||||||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
|
systemctl stop systemd-resolved
|
||||||
|
fi
|
||||||
|
|
||||||
# manage mica.sns zone
|
# manage mica.sns zone
|
||||||
apt-get update
|
apt-get update
|
||||||
|
|||||||
@ -6,9 +6,13 @@ if [ -z $SNSTERGUARD ] ; then exit 1; fi
|
|||||||
DIR=`dirname $0`
|
DIR=`dirname $0`
|
||||||
cd `dirname $0`
|
cd `dirname $0`
|
||||||
|
|
||||||
# disable systemd-resolved which conflicts with nsd
|
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
|
||||||
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
|
||||||
systemctl stop systemd-resolved
|
then
|
||||||
|
# disable systemd-resolved which conflicts with nsd
|
||||||
|
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
|
||||||
|
systemctl stop systemd-resolved
|
||||||
|
fi
|
||||||
|
|
||||||
apt-get update
|
apt-get update
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
|
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
|
||||||
|
|||||||
@ -20,8 +20,8 @@ touch /etc/network/keepdhcp
|
|||||||
|
|
||||||
# Force lxc bridged interface metric (else, it grows to 200+interface_index, which can be large with successive stop/start)
|
# Force lxc bridged interface metric (else, it grows to 200+interface_index, which can be large with successive stop/start)
|
||||||
# This metric must be lower than the one exported by BGP for the default route (static part below)
|
# This metric must be lower than the one exported by BGP for the default route (static part below)
|
||||||
mkdir /etc/udhcpc
|
mkdir -p /etc/udhcpc
|
||||||
echo "IF_METRIC=200" > /etc/udhcpc/udhcpc.conf
|
echo "IF_METRIC=200" >> /etc/udhcpc/udhcpc.conf
|
||||||
|
|
||||||
|
|
||||||
# customize bird config (BGP)
|
# customize bird config (BGP)
|
||||||
@ -38,3 +38,5 @@ protocol static {
|
|||||||
# Add dnsmasq for external dns
|
# Add dnsmasq for external dns
|
||||||
apk add dnsmasq
|
apk add dnsmasq
|
||||||
rc-update add dnsmasq
|
rc-update add dnsmasq
|
||||||
|
# dnsmasq listen on eth1
|
||||||
|
echo "interface=eth1" >> /etc/dnsmasq.conf
|
||||||
|
|||||||
@ -177,7 +177,7 @@ auth:
|
|||||||
git clone https://framagit.org/flesueur/snster.git
|
git clone https://framagit.org/flesueur/snster.git
|
||||||
cd snster
|
cd snster
|
||||||
# git checkout tags/v1.1.0
|
# git checkout tags/v1.1.0
|
||||||
git checkout fe59ef1f
|
git checkout 34b7c57cb7480cb4b3a84d14a1a46b60d0eb5967
|
||||||
./install.sh
|
./install.sh
|
||||||
|
|
||||||
# BTRFS avec hotfix sale de SNSTER
|
# BTRFS avec hotfix sale de SNSTER
|
||||||
@ -187,7 +187,7 @@ auth:
|
|||||||
mkfs.btrfs -f /root/btrfs.img
|
mkfs.btrfs -f /root/btrfs.img
|
||||||
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
||||||
mount /var/lib/lxc
|
mount /var/lib/lxc
|
||||||
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
|
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.11/dist-packages/backends/LxcBackend.py
|
||||||
|
|
||||||
# SNSTER KAZ
|
# SNSTER KAZ
|
||||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||||
@ -202,7 +202,7 @@ auth:
|
|||||||
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
|
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
|
||||||
ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod
|
ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod
|
||||||
ln -s /var/lib/lxc/kaz-hoster-b-kaz2/rootfs/ /kaz2-prod
|
ln -s /var/lib/lxc/kaz-hoster-b-kaz2/rootfs/ /kaz2-prod
|
||||||
ln -s /kaz-prod/kaz /kaz
|
ln -s /kaz-prod1/kaz /kaz
|
||||||
|
|
||||||
# On met le KAZGUARD pour la mise au point
|
# On met le KAZGUARD pour la mise au point
|
||||||
echo "export KAZGUARD='true'" >> /root/.bashrc
|
echo "export KAZGUARD='true'" >> /root/.bashrc
|
||||||
|
|||||||
Reference in New Issue
Block a user