nano /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.0.3 netmask 255.255.255.248 gateway 10.0.0.1 auto eth1 iface eth1 inet static address 10.10.0.3 netmask 255.255.255.248 mtu 9000 auto vmbr0 iface vmbr0 inet static address 10.20.10.3 netmask 255.255.255.248 ovs_type OVSBridge post-up ovs-vsctl add-port vmbr0 gre0 -- set interface gre0 type=gre options:remote_ip='10.10.0.4' auto vmbr1 iface vmbr1 inet manual ovs_type OVSBridge post-up ovs-vsctl add-port vmbr1 gre1 -- set interface gre1 type=gre options:remote_ip='10.10.0.4' post-up ip link set dev vmbr1 up
net.ipv4.ip_forward=1
nano /etc/hosts
rm /etc/apt/sources.list.d/pve-enterprise.list
echo 'deb http://download.proxmox.com/debian jessie pve-no-subscription' > /etc/apt/sources.list.d/pve-no-subscription.list
apt install glusterfs-server iptables-persistent cron-apt safe-rm molly-guard sshguard systemctl enable sshguard systemctl enable netfilter-persistent
nano /etc/iptables/rules.v4
# Generated by iptables-save v1.4.21 on *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on # Generated by iptables-save v1.4.21 on *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :sshguard - [0:0] :TCP-FORWARD - [0:0] :UDP-FORWARD - [0:0] :TCP - [0:0] :UDP - [0:0] :LOG-IN - [0:0] :LOG-FW - [0:0] -A LOG-IN -m limit --limit 2/min -j LOG --log-prefix "[LOG-IN] " -A LOG-IN -p udp -j REJECT --reject-with icmp-port-unreachable -A LOG-IN -p tcp -j REJECT --reject-with tcp-reset -A LOG-IN -j REJECT --reject-with icmp-proto-unreachable -A LOG-FW -m limit --limit 2/min -j LOG --log-prefix "[LOG-FW] " -A LOG-FW -p udp -j REJECT --reject-with icmp-port-unreachable -A LOG-FW -p tcp -j REJECT --reject-with tcp-reset -A LOG-FW -j REJECT --reject-with icmp-proto-unreachable -A INPUT -j sshguard -A FORWARD -j sshguard -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A FORWARD -i lo -j ACCEPT -A INPUT -s 10.10.0.0/29 -d 10.10.0.0/29 -i eth1 -j ACCEPT -A INPUT -s 10.10.0.0/29 -d 239.192.217.120 -i eth1 -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j REJECT -A FORWARD -m conntrack --ctstate INVALID -j REJECT -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -i vmbr0 -o vmbr0 -j ACCEPT -A FORWARD -s 192.168.100.0/24 -i vmbr0 -o eth0 -j ACCEPT -A FORWARD -s 172.16.42.0/24 -i vmbr0 -o eth0 -j ACCEPT -A FORWARD -d 172.16.42.0/24 -o vmbr0 -i eth0 -j ACCEPT -A INPUT -p udp -m conntrack --ctstate NEW -j UDP -A FORWARD -p udp -m conntrack --ctstate NEW -j UDP-FORWARD -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP-FORWARD -A TCP -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -j LOG-IN -A FORWARD -j LOG-FW COMMIT # Completed on # Generated by iptables-save v1.4.21 on *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on
cfdisk /dev/sdb mkfs.xfs -i size=512 /dev/sdb1 mkdir -p /data echo '/dev/sdb1 /data xfs defaults 1 2' >> /etc/fstab mount -a && mount systemctl enable glusterfs-server systemctl start glusterfs-server mkdir /data/vm-data gluster volume create vm-data kush:/data/vm-data gluster volume start vm-data mkdir /data/vm-vpn gluster volume create vm-vpn kush:/data/vm-vpn gluster volume start vm-vpn
Add node glusterfs (ne pas crer les volume sur amnesia)
gluster peer probe amnesia gluster volume add-brick vm-vpn replica 2 amnesia:/data/vm-vpn gluster volume add-brick vm-data replica 2 amnesia:/data/vm-data
Creation du node proxmox :
pvecm create neutrinet pvecm add kush quorum { provider: corosync_votequorum two_node: 1 }