Avr 14

Virtualisation avec Libvirt / Qemu sur un serveur Gandi IaaS

Virtualisation avec Libvirt / Qemu sur un serveur Gandi IaaS.

Procédure

1/ Création d’un serveur Gandi.

Localisation : Paris, France
Coeur : 4
RAM :  	4096 Mo
Système : Ubuntu 16.04 64 bits LTS (HVM)
Disque système :  20 Go

2/ Connexion au serveur.

[~] ➔ ssh admin@95.142.162.206
...
admin@95.142.162.206's password: 
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-lowlatency x86_64)
...
admin@server01virt:~$

3/ Mise-à-jour de la distribution.

admin@server01q:~$ su
root@server01virt:/home/admin# apt-get update && apt-get upgrade

4/ Installation des paquets de base.

root@server01virt:/home/admin# apt-get install mc screen htop vim links

5/ Remplacement des dépôts Gandi par les dépôts officiels Ubuntu.

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-backports.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-backports main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-proposed.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-proposed main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-security.list

Remplacer tout par :

deb [arch=amd64] http://security.ubuntu.com/ubuntu xenial-security main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-updates.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-updates main universe

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial main universe

Lien :
http://askubuntu.com/questions/835731/cant-install-php-mbstring-on-ubuntu-16-04-1-lts/836033

6/ Mise-à-jour de la distribution.

root@server01virt:/home/admin# apt-get update && apt-get upgrade

7/ Installation des paquets pour la virtualisation.

root@server01virt:/home/admin# apt-get --no-install-recommends install qemu-kvm libvirt-bin virtinst qemu

8/ Création d’un disque virtuel.

root@server01virt:/home/admin# qemu-img create vhda.raw 5G
Formatting 'vhda.raw', fmt=raw size=5368709120

9/ Création d’une machine virtuelle Ubuntu.

root@server01virt:/home/admin# virt-install --name VM01 --memory 2048 --disk vhda.raw --network default --graphics vnc,password=Mot2Passe --location http://us.archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/
WARNING  KVM acceleration not available, using 'qemu'
WARNING  Unable to connect to graphical console: virt-viewer not installed. Please install the 'virt-viewer' package.
WARNING  No console to launch for the guest, defaulting to --wait -1

Starting install...
Retrieving file linux...                                                                                                                                                                                                | 6.7 MB  00:00:00     
Retrieving file initrd.gz...                                                                                                                                                                                            |  36 MB  00:00:01     
Creating domain...                                                                                                                                                                                                      |    0 B  00:00:00     
Domain installation still in progress. Waiting for installation to complete.

10/ A partir de la machine hôte, connexion localhost en ssh pour VNC.

[~] ➔ ssh admin@95.142.162.206 -L 5900:localhost:5900
admin@95.142.162.206's password: 
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-21-lowlatency x86_64)
...
admin@server01virt:~$ 

11/ A partir de la machine hôte, visualisation de la machine virtuelle avec VNC pour l’installation.

[~] ➔ vncviewer localhost:0

VNC Viewer Free Edition 4.1.1 for X - built Jul 31 2015 19:05:51
Copyright (C) 2002-2005 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.

Thu Apr 13 21:58:37 2017
 CConn:       connected to host localhost port 5900
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
Password: 
Thu Apr 13 21:58:43 2017
 TXImage:     Using default colormap and visual, TrueColor, depth 24.
 CConn:       Using pixel format depth 6 (8bpp) rgb222
 CConn:       Using ZRLE encoding

12/ Après l’installation de la machine virtuelle, démarrage de la machine virtuelle.

root@server01virt:/home/admin# virsh start VM01
Domain VM01 started

13/ Liste des machines virtuelles.

root@server01virt:/home/admin# virsh net-list      
setlocale: No such file or directory
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     yes           yes

14/ Visualisation de la machine virtuelle.

[~] ➔ vncviewer localhost:0

VNC Viewer Free Edition 4.1.1 for X - built Jul 31 2015 19:05:51
Copyright (C) 2002-2005 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.

Fri Apr 14 10:08:33 2017
 CConn:       connected to host localhost port 5900
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
Password: 
Fri Apr 14 10:08:36 2017
 TXImage:     Using default colormap and visual, TrueColor, depth 24.
 CConn:       Using pixel format depth 6 (8bpp) rgb222
 CConn:       Using ZRLE encoding

15/ Information sur réseau.

root@server01virt:/home/admin# virsh net-info default
setlocale: No such file or directory
Name:           default
UUID:           ce51274e-d060-43b1-bf9c-040cd30ebb59
Active:         yes
Persistent:     yes
Autostart:      yes
Bridge:         virbr0

16/ Information sur le réseau au format XML.

root@server01virt:/home/admin# virsh net-dumpxml default
setlocale: No such file or directory
<network connections='1'>
  <name>default</name>
  <uuid>ce51274e-d060-43b1-bf9c-040cd30ebb59</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:96:1c:85'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
    </dhcp>
  </ip>
</network>

17/ Liste des machines virtuelles.

root@server01virt:/home/admin# virsh list
setlocale: No such file or directory
 Id    Name                           State
----------------------------------------------------
 1     VM01                           running

18/ Affichage de la configuration VNC.

root@server01virt:/home/admin# virsh dumpxml VM01 | grep vnc
setlocale: No such file or directory
    <graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1'>

19/ Liste de la configuration réseau de la VM.

root@server01virt:/home/admin# virsh net-dhcp-leases default
 Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
-------------------------------------------------------------------------------------------------------------------
 2017-04-14 10:45:00  52:54:00:90:64:dc  ipv4      192.168.122.10/24         ubuntu          -

20/ Connexion en ssh sur la VM.

root@server01virt:/home/admin# ssh util01@192.168.122.10
util01@192.168.122.10's password: 
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-72-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.


util01@ubuntu:~$ 

21/ Arrêter la machine virtuelle.

root@server01virt:/home/admin# virsh shutdown VM01
Domain VM01 is being shutdown

22/ Liste de toutes machines virtuelles.

root@server01virt:/home/admin# virsh list --all
setlocale: No such file or directory
 Id    Name                           State
----------------------------------------------------
 -     VM01                           shut off

23/ Supprimer une machine virtuelle.

root@server01virt:/home/admin# virsh undefine VM01
setlocale: No such file or directory
Domain VM01 has been undefined

24/ Liens.

https://www.cyberciti.biz/faq/how-to-install-kvm-on-ubuntu-linux-14-04/
https://www.maccagnoni.eu/2016/09/kvm-virtualisation-serveur/
https://docs.fedoraproject.org/en-US/Fedora/18/html/Virtualization_Administration_Guide/ch15s06.html

Avr 11

Installation de Qemu sur un serveur Gandi IaaS

Installation de Qemu sur un serveur Gandi IaaS.

1/ Création d’un serveur Gandi.

Distribution : Ubuntu 16.04

2/ Connexion au serveur.

[~/ATRIER] ➔ ssh admin@46.226.160.168

3/ Mise-à-jour de la distribution.

admin@server01q:~$ su
root@server01q:/home/admin# apt-get update 
root@server01q:/home/admin# apt-get upgrade

4/ Remplacement des dépôts Gandi par les dépôts officiels Ubuntu.

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-backports.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-backports main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-proposed.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-proposed main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-security.list

Remplacer tout par :

deb [arch=amd64] http://security.ubuntu.com/ubuntu xenial-security main

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial-updates.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial-updates main universe

Ouvrir :

/etc/apt/sources.list.d/multistrap-ubuntu-xenial.list

Remplacer tout par :

deb [arch=amd64] http://en.archive.ubuntu.com/ubuntu/ xenial main universe

5/ Mise-à-jour de la distribution.

root@server01q:/home/admin# apt-get update 
root@server01q:/home/admin# apt-get upgrade
root@server01q:/home/admin# exit

6/ Installation de Qemu.

admin@server01q:~$ sudo  apt-get install qemu

7/ Téléchargement de la distribution Debian 64 bits.

admin@server01q:~$ wget http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.7.1-amd64-CD-1.iso

8/ Création d’un disque dur virtuel.

admin@server01q:~$ qemu-img create vhda.raw 5G
Formatting 'vhda.raw', fmt=raw size=5368709120

9/ Lancement de Qemu.

admin@server01q:~$ qemu-system-x86_64 -hda vhda.raw -cdrom debian-8.7.1-amd64-CD-1.iso -boot d -m 512 -vnc 46.226.160.168:1 -usbdevice tablet -daemonize -no-reboot -k fr

10/ Vérification :

admin@server01q:~$ ps -aux | grep qemu
admin      787  4.6  3.3 1643824 68756 ?       Sl   20:30   0:01 qemu-system-x86_64 -hda vhda.raw -cdrom debian-8.7.1-amd64-CD-1.iso -boot d -m 512 -vnc 46.226.160.168:1 -usbdevice tablet -daemonize -no-reboot -k fr

11/ A partir de l’ordinateur local.

[~] ➔ vncviewer 46.226.160.168:1

12/ Lancement de Qemu.

admin@server01q:~$ screen
admin@server01q:~$ qemu-system-x86_64 -hda vhda.raw -m 1024 -smp 2 -vnc 46.226.160.168:1 -usbdevice tablet -daemonize -no-reboot -k fr

13/ A partir de l’ordinateur, connexion sur la machine virtuel Debian sous Qemu.

[~] ➔ vncviewer 46.226.160.168:1

Avr 10

Interconnexion de machine virtuelle sous Qemu sur une machine physique

Interconnexion de machine virtuelle sous Qemu sur une machine physique.

1/ Scripts ‘réseau’.

– Activation du réseau :

Ouvrir :

1_activateNetwork.sh

Ajouter :

#!/bin/sh

sudo ip addr flush dev eth0
sudo ip link set eth0 up

sudo ip link add name br0 type bridge
sudo ip link set eth0 master br0
sudo ip addr add 192.168.1.3/24 dev br0
sudo ip link set br0 up
sudo ip route add default via 192.168.1.1

sudo ip tuntap add tap0 mode tap
sudo ip link set tap0 up
sudo ip link set tap0 master br0

sudo ip tuntap add tap1 mode tap
sudo ip link set tap1 up
sudo ip link set tap1 master br0

sudo ip tuntap add tap2 mode tap
sudo ip link set tap2 up
sudo ip link set tap2 master br0

sudo ip tuntap add tap3 mode tap
sudo ip link set tap3 up
sudo ip link set tap3 master br0

sudo brctl show

– Désactivation du réseau :

Ouvrir :

6_desactiveNetwork.sh

Ajouter :

#!/bin/sh

sudo ip link set dev tap0 down
sudo ip link delete tap0

sudo ip link set dev tap1 down
sudo ip link delete tap1

sudo ip link set dev tap2 down
sudo ip link delete tap2

sudo ip link set dev tap3 down
sudo ip link delete tap3


sudo ip link set br0 down
sudo ip link delete br0
sudo ip addr add 192.168.1.3/24 dev eth0
sudo ip link set eth0 up
sudo ip route add default via 192.168.1.1

2/ Scripts ‘machine virtuelle’.

– Lancement de la machine virtuelle n°1 :

Ouvrir :

4_station01.sh

Ajouter :

#/bin/sh

qemu-system-i386 -enable-kvm -k fr -m 1024 -sdl -vga std -hda station01/vhda.img \
-net nic,macaddr=`source genmac.sh` -net tap,ifname=tap0,script=no \
-no-quit

– Lancement de la machine virtuelle n°2 :

Ouvrir :

4_station02.sh

Ajouter :

#/bin/sh

qemu-system-i386 -enable-kvm -k fr -m 1024 -sdl -vga std -hda station02/vhda.img \
-net nic,macaddr=`source genmac.sh` -net tap,ifname=tap1,script=no \
-no-quit

2/ Autres scripts.

– Génération d’une adresse MAC :

Ouvrir :

genmac.sh

Ajouter :

#!/bin/sh

printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))

3/ Test.

3/ Lien.

Qemu : Aucune connexion à internet pour l’hôte : https://forum.ubuntu-fr.org/viewtopic.php?id=2007864

Avr 05

Installation d’une instance Mastodon

Installation d’une instance Mastodon.

Avec l’aide de Valère : https://hostux.social/about

Serveur Gandi

Localisation : Bissen, Luxembourg
Coeurs : 2
Ram : 2 Go
Disque système : 10 Go
Système d'exploitation : Debian 8 64 bits (HVM)
Nom du disque système : sysdisk01mas
Nom (Hostname) : server01mas
Identifiant administrateur : admin

Sommaire

1/ Connexion au serveur Gandi
2/ Mise-à-jour du système
3/ Installation des paquets de base
4/ Création de l’utilisateur ‘mastodon
5/ Installation des dépendances
6/ Installation de Redis
7/ Installation de PostgreSql
8/ Installation de Rbenv
9/ Installation de Mastodon
10/ Installation du serveur Nginx
11/ Gestion des tâches planifiées
12/ Administration
13/ Liens

Procédure

1/ Connexion au serveur Gandi.

[~] ➔ ssh admin@185.26.166.73
...
admin@185.26.166.73's password: 
...
[-----------------------------------------]
  Gandi - Welcome to your new OS image.
...
[-----------------------------------------]
admin@server01mas:~$ 

2/ Mise-à-jour du système.

– Connexion en root :

admin@server01mas:~$ su 
Password: 
root@server01mas:/home/admin# 

– Mise-à-jour des dépôts et mise-à-jour des paquets :

root@server01mas:/home/admin# apt-get update && apt-get upgrade

3/ Installation des paquets de base.

root@server01mas:/home/admin# apt-get install mc screen htop wget links vim curl git-core

4/ Création de l’utilisateur ‘mastodon‘.

root@server01mas:/home/admin# adduser mastodon

5/ Installation des dépendances.

– Installation de Nodejs :

root@server01mas:/home/admin# curl -sL https://deb.nodesource.com/setup_4.x |  bash -
root@server01mas:/home/admin# apt-get install nodejs

– Installation des dépendances :

root@server01mas:/home/admin# apt-get install imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev

– Installation de module Nodejs :

root@server01mas:/home/admin# npm install -g yarn

6/ Installation de Redis.

root@server01mas:/home/admin# apt-get install redis-server redis-tools

7/ Installation de PostgreSql.

– Installation des paquets :

root@server01mas:/home/admin# apt-get install postgresql postgresql-contrib

– Configuration de la base de données et de l’utilisateur :

root@server01mas:/home/admin# su - postgres
postgres@server01mas:~$ psql
psql (9.4.10)
...
postgres=# CREATE USER mastodon CREATEDB;
CREATE ROLE
postgres=# \q
postgres@server01mas:~$ exit
logout
root@server01mas:/home/admin# 

8/ Installation de Rbenv.

– Installation des prérequis :

root@server01mas:/home/admin# apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

Lien :
https://github.com/rbenv/ruby-build/wiki#suggested-build-environment

– Utilisateur ‘mastodon‘ :

root@server01mas:/home/admin# su mastodon
mastodon@server01mas:/home/admin$ cd
mastodon@server01mas:~$ 

– Installation de rbenv :

mastodon@server01mas:~$ git clone https://github.com/rbenv/rbenv.git ~/.rbenv
mastodon@server01mas:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
mastodon@server01mas:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
mastodon@server01mas:~$ echo 'eval "$(rbenv init -)"' >> ~/.bashrc
mastodon@server01mas:~$ ~/.rbenv/bin/rbenv init

– Vérification :

mastodon@server01mas:~$ source ~/.bash_profile 
mastodon@server01mas:~$ type rbenv
rbenv is /home/mastodon/.rbenv/bin/rbenv
mastodon@server01mas:~$ source ~/.bashrc
mastodon@server01mas:~$ type rbenv
rbenv is a function
rbenv () 
{ 
    local command;
    command="$1";
    if [ "$#" -gt 0 ]; then
        shift;
    fi;
    case "$command" in 
        rehash | shell)
            eval "$(rbenv "sh-$command" "$@")"
        ;;
        *)
            command rbenv "$command" "$@"
        ;;
    esac
}

Liens :
https://github.com/rbenv/rbenv#installation
https://www.digitalocean.com/community/tutorials/how-to-install-ruby-on-rails-with-rbenv-on-debian-8

– Installation de rbenv-build :

mastodon@server01mas:~$ git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

– Installation de Ruby :

mastodon@server01mas:~$ rbenv install 2.3.1
mastodon@server01mas:~$ rbenv global 2.3.1
mastodon@server01mas:~$ ruby -v
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]

9/ Installation de Mastodon.

– Configuration :

mastodon@server01mas:~$ echo "gem: --no-document" > ~/.gemrc

– Téléchargement de Mastodon :

mastodon@server01mas:~$ git clone https://github.com/Gargron/mastodon.git live
mastodon@server01mas:~$ cd live/

– Installation de bundler :

mastodon@server01mas:~/live$ gem install bundler
Fetching: bundler-1.14.6.gem (100%)
Successfully installed bundler-1.14.6
1 gem installed

– Installation des dépendences gem :

mastodon@server01mas:~/live$ bundle install --deployment --without development test
mastodon@server01mas:~/live$ yarn install

– Configuration du serveur :

mastodon@server01mas:~/live$ cp .env.production.sample .env.production

Ouvrir :

.env.production

Chercher :

# Service dependencies
REDIS_HOST=redis
REDIS_PORT=6379
DB_HOST=db
DB_USER=postgres
DB_NAME=postgres
DB_PASS=
DB_PORT=5432

# Federation
LOCAL_DOMAIN=example.com
LOCAL_HTTPS=true

Remplacer par :

# Service dependencies
REDIS_HOST=localhost
REDIS_PORT=6379
DB_HOST=/var/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon_production
DB_PASS=
DB_PORT=5432

# Federation
LOCAL_DOMAIN=minimes.hacklab.science
LOCAL_HTTPS=true

– Configuration du serveur de mail Gandi :

Chercher :

# E-mail configuration
SMTP_SERVER=
SMTP_PORT=
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=

Remplacer par :

SMTP_SERVER=mail.gandi.net
SMTP_PORT=587
SMTP_LOGIN=contact@hacklab-bidouilleur.fr
SMTP_PASSWORD=Mot2P@$$e
SMTP_FROM_ADDRESS=contact@hacklab-bidouilleur.fr

– Génération du secret :

mastodon@server01mas:~/live$ bundle exec rake secret
fe814ad09733f3d25acc0b43bb93bdb9d45e1f2a41754432af3d193576f54740c8d88418ea8d8FAKE3ab281844747fc2f7c8d585059ef82dd1f7d84bff51e8
mastodon@server01mas:~/live$ bundle exec rake secret
01a02a0ca068f65455f7dfd86de0f768cc8524c474e8278c865a45cd48cda19a48f73e7ee2f4FAKE4ea04d90496e745069bf0fcde399d8dc864910057496fb52
mastodon@server01mas:~/live$ bundle exec rake secret
fff3bf9df413c3c7d4c63c5d2969c39e099c4d4e91f3bc681e565c3457f90c8a6389a92ce1c7f9FAKE0a6dd2d72d4f1638b9b1004fd331a887559cb82893ac

Ouvrir :

.env.production

Chercher :

PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

Remplacer par :

PAPERCLIP_SECRET=fe814ad09733f3d25acc0b43bb93bdb9d45e1f2a41754432af3d193576f54740c8d88418ea8d8FAKE3ab281844747fc2f7c8d585059ef82dd1f7d84bff51e8
SECRET_KEY_BASE=01a02a0ca068f65455f7dfd86de0f768cc8524c474e8278c865a45cd48cda19a48f73e7ee2f4FAKE4ea04d90496e745069bf0fcde399d8dc864910057496fb52
OTP_SECRET=fff3bf9df413c3c7d4c63c5d2969c39e099c4d4e91f3bc681e565c3457f90c8a6389a92ce1c7f9FAKE0a6dd2d72d4f1638b9b1004fd331a887559cb82893ac

– Installation :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rails db:setup

– Pré-compilation des CSS et des JS :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rails assets:precompile

– Configuration de systemd :

mastodon@server01mas:~/live$ exit
exit
root@server01mas:/home/admin# 

Ouvrir :

/etc/systemd/system/mastodon-web.service

Ajouter :

[Unit]
Description=mastodon-web
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

Ouvrir :

/etc/systemd/system/mastodon-sidekiq.service

Ajouter :

[Unit]
Description=mastodon-sidekiq
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="DB_POOL=5"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

Ouvrir :

/etc/systemd/system/mastodon-streaming.service

Ajouter :

[Unit]
Description=mastodon-streaming
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="NODE_ENV=production"
Environment="PORT=4000"
ExecStart=/usr/bin/npm run start
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

– Activation des services :

root@server01mas:/home/admin# screen
root@server01mas:/home/admin# systemctl enable /etc/systemd/system/mastodon-*.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-sidekiq.service to /etc/systemd/system/mastodon-sidekiq.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-streaming.service to /etc/systemd/system/mastodon-streaming.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-web.service to /etc/systemd/system/mastodon-web.service.

– Lancement des services :

root@server01mas:/home/admin# systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

– Rédemarrage des services après modification du fichier de configuration :

root@server01mas:/home/admin# systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

– Status des services :

root@server01mas:/home/admin# systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
● mastodon-web.service - mastodon-web
   Loaded: loaded (/etc/systemd/system/mastodon-web.service; enabled)
   Active: active (running) since Tue 2017-04-04 20:20:43 CEST; 15h ago
...
● mastodon-sidekiq.service - mastodon-sidekiq
...
Apr 04 20:20:43 server01mas systemd[1]: Started mastodon-sidekiq.
Apr 04 20:20:48 server01mas bundle[779]: 2017-04-04T18:20:48.057Z 779 TID-ovnjsa58w INFO: Booting Sidekiq 4.2.7 with...=>nil}
...
● mastodon-streaming.service - mastodon-streaming
...
 Main PID: 738 (npm)
   CGroup: /system.slice/mastodon-streaming.service
           ├─738 npm
           ├─806 sh -c babel-node ./streaming/index.js --presets es2015,stage-2
           ├─808 node /home/mastodon/live/node_modules/.bin/babel-node ./streaming/index.js --presets es2015,stage-2
           └─815 /usr/bin/nodejs /home/mastodon/live/node_modules/babel-cli/lib/_babel-node ./streaming/index.js --presets...
...
Apr 04 20:20:46 server01mas npm[738]: info Starting streaming API server on port 4000
Hint: Some lines were ellipsized, use -l to show in full.

10/ Installation du serveur Nginx.

– Installation de Nginx :

Ouvrir :

/etc/apt/sources.list.d/nginx.list

Ajouter à la fin :

deb http://nginx.org/packages/debian/ jessie nginx

Action :

# apt-get update
# apt-get install nginx

– Installation du reverse proxy Nginx :

Ouvrir :

/etc/nginx/conf.d/minimes.hacklab.science.conf

Ajouter :

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

server {
	listen 80;
	#listen [::]:80;	
	server_name minimes.hacklab.science;
	return 301 https://minimes.hacklab.science$request_uri;
}


server {
	listen 443 ssl http2;
	#listen [::]:443 ssl http2;
	server_name minimes.hacklab.science;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/minimes.hacklab.science/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/minimes.hacklab.science/privkey.pem;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	
	ssl_session_timeout 1d;
    	ssl_session_cache shared:SSL:50m;
    	ssl_session_tickets off;
	
	ssl_protocols TLSv1.2;
 	ssl_ciphers EECDH+AESGCM:EECDH+AES;
 	ssl_prefer_server_ciphers on;

	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;
	ssl_stapling on;
	ssl_stapling_verify on;

 	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Frame-Options SAMEORIGIN;


	keepalive_timeout    70;
	sendfile             on;
	client_max_body_size 0;

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


	root /home/mastodon/live/public;


	location / {
		try_files $uri @proxy;
	}

	location @proxy {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;

		proxy_pass_header Server;

		proxy_pass http://127.0.0.1:3000;
		proxy_buffering off;
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;

		tcp_nodelay on;
	}

	location /api/v1/streaming {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;

		proxy_pass http://127.0.0.1:4000;
		proxy_buffering off;
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;

		tcp_nodelay on;
	}

	error_page 500 501 502 503 504 /500.html;
}

– Installation de Let’s Encrypt :

Ouvrir :

/etc/apt/sources.list

Ajouter à la fin :

deb http://httpredir.debian.org/debian jessie-backports main

Action :

# apt-get  update
# apt-get  install -t jessie-backports letsencrypt

– Arrêter le serveur Nginx :

root@server01mas:/home/admin# service nginx stop

– Génération du certificat Let’s Encrypt :

root@server01mas:/home/admin# letsencrypt certonly -d minimes.hacklab.science --agree-tos -m lesanglierdesardennes@gmail.com --rsa-key-size 4096 --standalone

– Génération de dhparam :

root@server01mas:/home/admin# openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

– Démarrage de Nginx :

root@server01mas:/home/admin# service nginx start

– Test :

https://minimes.hacklab.science/

– Après l’enregistrement, page d’accueil :

11/ Gestion des tâches planifiées.

root@server01mas:/home/admin# crontab -e -u mastodon

Ajouter à la fin :

@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:media:clear
@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:push:refresh
@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:feeds:clear

12/ Administration.

– Activation d’un administrateur :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rake mastodon:make_admin USERNAME=Satanik666
...
Congrats! Satanik666 is now an admin. \o/
Navigate to https://minimes.hacklab.science/admin/settings to get started

– Test :

Page d’administration :
https://minimes.hacklab.science/admin/settings

– Lien :

https://github.com/tootsuite/mastodon/blob/master/docs/Running-Mastodon/Administration-guide.md

13/ Liens.

https://github.com/tootsuite/mastodon/blob/master/docs/Running-Mastodon/Production-guide.md
https://angristan.fr/installer-instance-mastodon-debian-8/

Mar 28

Emulation de la souris avec les touches du clavier sous Lubuntu

Emulation de la souris avec les touches du clavier sous Lubuntu.

Activation/Désactivation :

– Commande Linux :

setxkbmap -option keypad:pointerkeys

– Combinaison de touche :

[Ctrl] + [Alt] + [NumLock]

Déplacement de la souris :

[8] = Haut
[2] = Bas
[4] = Gauche
[6] = Droit
[5] = Clique

Articles plus anciens «

« Articles plus récents