clonezilla備份

 16:07 Tony 最近行政電腦原系統是以uefi+gpt的方式安裝，重灌為mbr後要用clonezilla備份時出現ocr-live-general的錯誤訊息。

16:07 Tony 有遇到此問題的夥伴，可以進入命令列輸入sudo -i取得root權限後

16:08 Tony 再輸入sgdisk -z /dev/你的硬碟代號，應該是nvme開頭的

16:08 Tony 硬碟代號可以cat clonezilla.log檔得知

其實clonezilla硬碟小變大或大變小都可做到，但大變小建議老手才嘗試，至於小變大很簡單，請在範本機中安裝MiniTool Partition Wizard --home版軟體就可隨心所欲處理硬碟。

提高廣播封包的限制， 

https://dreamtails.pixnet.net/blog/post/31356534-enable-loop-detection-broadcast-suppression-on-hp-1920-24g-o

G Suite 大量上傳使用者~ .阿欣部落. ~ - 華龍部落格

移除 Cluster 的方式

 

移除 Cluster 的方式

• https://pve.proxmox.com/wiki/Cluster_Manager

  pvecm nodes
  systemctl stop pve-cluster
  systemctl stop corosync
  pmxcfs -l
  rm /etc/pve/corosync.conf
  rm -rf /etc/corosync/*
  killall pmxcfs
  systemctl start pve-cluster

移除 cluster 內的一個 node

• Exp. pve01 方式

  pvecm nodes
  pvecm delnode pve01
  pvecm status
  rm -rf /etc/pve/nodes/pve01

• 為了避免之後設定相同 IP 或 hostname 無法順利加入 Cluster 需要進行以下程序:
  • 每個 Node 都要清除已經移除 node 的 ssh fingerprint / authorized_keys Exp. hostname : pve01

    cd .ssh
    grep pve01 *
    cd /etc/pve/priv
    grep pve01 *

    如果有出現哪個檔案還殘存這資訊, 透過 vi 編輯刪除該行即可

有主機故障, 出現 no quorum 問題的處理方式

• 因為預設 cluster 的 quorum 要兩個才能運作, 所以如果兩台的 cluster 壞了一台, 一段時間後就會出現這樣的問題, 如果想讓還正常的主機啟動 vm / ct , 可以將 quorum 的限制改成 1 , 然後重起 clusrter 服務即可, 手動解決方式如下:

  pvecm expected 1
  service pve-cluster restart

• 參考網址 - http://blog.pulipuli.info/2014/08/proxmox-ve-fix-proxmox-ve-cluster-not.html

更改 hostname 方式

• 參考 - https://pvecli.xuan2host.com/proxmox-host-name-change/

更改主機 IP 方式

• 參考 - pve-42-cluster-修改方式

1. Web UI 更改 IP : System→Network→ 選定介面卡 → Edit
2. 更改 /etc/hosts 內的 IP
3. 關閉 cluster 服務

   service pve-cluster stop

4. 修改 /etc/pve/corosync.conf 內 node ip 與 totem 內的 ip
5. 重新開機

proxmox 6.2

 proxmox 6.2

1. 先更新

apt-get  update -y 
apt-get  upgrade -y 
apt-get  dist-upgrade -y


2. 更新 apt 來源

PVE 6

1. /etc/apt/sources.list

   deb http://ftp.tw.debian.org/debian buster main contrib
    
   deb http://ftp.tw.debian.org/debian buster-updates main contrib
    
   deb http://download.proxmox.com/debian/pve buster pve-no-subscription
    
   # security updates
   deb http://security.debian.org buster/updates main contrib

2. /etc/apt/sources.list.d/pve-enterprise.list

   #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise

https://www.ichiayi.com/wiki/tech/pvetips

1.rsyncd --centos 8

 server 端的設定很簡單，只有兩個檔要寫入

1. /etc/rsyncd.conf
2. /etc/rsyncd.secrets

client 檔的設定更簡單

1. /root/rsyncd.secrets

-------------------------------------

server 端

dnf -y install rsync

dnf -y install rsync rsync-daemon

vim  /etc/rsyncd.conf

pid file = /var/run/rsyncd.pid

log file = /var/log/rsyncd.log

max connections = 4

# log transfer results or not

transfer logging = yes

# any name you like

[163.17.209.237]

# target directory to copy

path = /163.17.209.237

# hosts you allow to access

#hosts allow = 163.17.209.10

#hosts deny = *

list = true

uid = root

gid = root

#read only = false

read only = no

auth users = etc1

secrets file = /etc/r.p

ignore errors

nknublock-scratch

nknublock
桌面/工具/nknublock/右鍵/以系統管理員執行/

帳號：cyl62@wcjs.tc.edu.tw

密碼：11111111

作業1： http://www.wcjs.tc.edu.tw/wuchi/index.php/component/k2/item/4809-04-1-%E8%B2%93%E7%8B%97%E8%B3%BD%E8%B7%91


作業2：
http://www.wcjs.tc.edu.tw/wuchi/index.php/component/k2/item/4791-3-1-%E9%A6%AC%E5%85%92%E8%B7%91%E6%AD%A5

3.nknublock介紹
https://www.fablab.nknu.edu.tw/Register_Edu.aspx

4.作業
http://www.wcjs.tc.edu.tw/wuchi/index.php/component/k2/item/6167-c714-%E9%81%BF%E9%9A%9C%E8%BB%8A

5.放作業處

Firewalld : IP Masquerade

Firewalld : IP Masquerade 2019/09/27

This is configration example of IP Masquerading with Firewalld. This exmaple is based on the environment like follows. -------------+------------- Gateway|192.168.0.1 | External | ens8|192.168.0.30 +------------+------------+ | | | dlp.srv.world | | | +------------+------------+ ens2|10.0.0.30 Internal | |

[1]	Change zones for interfaces.

# show current setting [root@dlp ~]#  firewall-cmd --get-active-zone public interfaces: ens2 ens8 # change zone [root@dlp ~]#  nmcli connection modify ens2 connection.zone internal [root@dlp ~]#  nmcli connection modify ens8 connection.zone external [root@dlp ~]#  firewall-cmd --get-active-zone external interfaces: ens8 internal interfaces: ens2

[2]	Set IP Masquerading on External zone.

# set IP Masquerading [root@dlp ~]#  firewall-cmd --zone=external --add-masquerade --permanent success [root@dlp ~]#  firewall-cmd --reload success # show setting [root@dlp ~]#  firewall-cmd --zone=external --query-masquerade yes # [ip_forward] is enabled automatically if masquerading is enabled [root@dlp ~]#  cat /proc/sys/net/ipv4/ip_forward 1

[3]	For example, Configure that incoming packets come to 22 port of External zone are forwarded to local 1234 port. (if set permanently, add [--permanent] option)

[root@dlp ~]#  firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=1234 success [root@dlp ~]#  firewall-cmd --list-all --zone=external external (active) target: default icmp-block-inversion: no interfaces: ens8 sources: services: ssh ports: protocols: masquerade: yes forward-ports: port=22:proto=tcp:toport=1234:toaddr= source-ports: icmp-blocks: rich rules:

[4]	For example, Configure that incoming packets come to 22 port of External zone are forwarded to another Host [192.168.0.31] of 22 port.-

[root@dlp ~]#  firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=22:toaddr=192.168.0.31 success [root@dlp ~]#  firewall-cmd --list-all --zone=external external (active) target: default icmp-block-inversion: no interfaces: ens8 sources: services: ssh ports: protocols: masquerade: yes forward-ports: port=22:proto=tcp:toport=22:toaddr=192.168.0.31 source-ports: icmp-blocks: rich rules:

[5]	For exmaple, Configure that outgoing packets through the Server from Internal network [10.0.0.0/24] are allowed and forwarded to External side.

# set masquerading to internal zone [root@dlp ~]#  firewall-cmd --zone=internal --add-masquerade --permanent success [root@dlp ~]#  firewall-cmd --reload success [root@dlp ~]#  firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ens8 -j MASQUERADE [root@dlp ~]#  firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens2 -o ens8 -j ACCEPT [root@dlp ~]#  firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens8 -o ens2 -m state --state RELATED,ESTABLISHED -j ACCEPT

2.rsyncd --centos 7

yum install rsync -y
systemctl start rsyncd
systemctl status rsyncd
systemctl enable rsyncd
firewall-cmd --permanent --zone=public --add-service=rsyncd

server 端的設定很簡單，只有兩個檔要寫入
1. /etc/rsyncd.conf
2. /etc/rsyncd.secrets

client 檔的設定更簡單

1. /root/rsyncd.secrets

root@b2d:~# cat /root/rsyncd.secrets
123456 #就只要存在密碼即可
然後下一個指令，讓 client 吐資料給 server 就行了，B2D 已經把指令寫成一個 shell，定排程去執行，如下

root@b2d:~# cat /root/bk-b2d.sh
#! /bin/sh

# IP 為遠端備份主機的 IP
# 格式:
# rsync 選項 密碼檔 欲備份的檔案目錄之絕對路徑 帳號@主機IP::備份區段
# 用例:
# /usr/bin/rsync -avHS --numeric-ids --password-file=/root/rsyncd.secrets /var/www my_backup@192.168.1.186::mybk
# 若要增加備份目錄, 請自行複製新增一列來修改要備份的檔案目錄即可
#------------------------------------------------------------

/usr/bin/rsync -avHS --numeric-ids --password-file=/root/rsyncd.secrets /etc my_backup@127.0.0.1::mybk
/usr/bin/rsync -avHS --numeric-ids --password-file=/root/rsyncd.secrets /home my_backup@127.0.0.1::mybk
/usr/bin/rsync -avHS --numeric-ids --password-file=/root/rsyncd.secrets /var my_backup@127.0.0.1::mybk


vim /etc/rsyncd.conf

#####################################
uid = root
gid = wheel
use chroot = yes
max connections = 4
syslog facility = local5

[w1]
path = /home/_backup
comment = backup_www
ignore errors
secrets file = /usr/local/etc/rsync/rsync.passwd
auth users = www
read only = no

[163.17.209.248]
path = /163.17.209.248
comment = backup_www
ignore errors
secrets file = /etc/r.p
auth users = etc1
read only = no

[homelia]
path = /home/lia
auth users = home
secrets file = /etc/r.p
read only = no
comment = backup_www
ignore errors

[html]
path = /var/www/html
auth users = html
secrets file = /etc/r.p
read only = no
comment = backup_www
ignore errors

[www]
path = /var/www
auth users = www
secrets file = /etc/r.p
read only = no
comment = backup_www

ignore errors

#####################################

systemctl restart rsyncd.service
firewall-cmd --permanent --zone=public --add-service=rsyncd
vim /etc/r.p

#######################################
home:home
mail:mail
public:public
mysql:mysql
html:html
ftp:ftp
etc1:etc1
etc6:etc6
www:www
lib:lib
#######################################

#####/etc/r.p##############
chown root.root /etc/r.p
chmod 600 /etc/r.p
############################################
mkdir /163.17.209.1
mkdir /163.17.209.5
mkdir /public
mkdir /home/teacher
mkdir /home/office
###################

mkdir /163.17.209.242
systemctl restart rsyncd.service
firewall-cmd --permanent --zone=public --add-service=rsyncd
firewall-cmd --reload
reboot

將本地端的檔案傳到rsync server

rsync -avlHpogDtS --delete --password-file=/etc/rsync.etc1.pwd /etc etc1@163.17.209.236::163.17.209.242
/usr/bin/rsync -avHpogDtS --delete --password-file=/etc/rsync.home.pwd /home/lia/sfs3 home@163.17.209.236::homelia
/usr/bin/rsync -avHpogDtS --delete --password-file=/etc/rsync.html.pwd /var/www/html/sfs3 html@163.17.209.236::html