Home Explore Help
Sign In
lhubert
/
base-de-connaissances
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b0da58be46
Branches Tags
base-de-conn...
/
gnu-linux
/
serveurs
/
installation
/
ecaz-serveur-proxmox.md

ecaz-serveur-proxmox.md 39 KB
History Raw

% Serveur Proxmox : ecaz.aezi.fr

Présenter la procédure de démarrage en mode rescue

Nom

Ecaz: Ecaz est la quatrième planète d'Alpha Centuri B. L'un de ses produits est le « bois-brouillard », une substance végétale prisée des sculpteurs, car la seule pensée humaine parvient à le façonner. C'est une planète dissociée avant le Jihad butlérien.

Liste des planètes de Dune — Wikipédia

Matériel

Serveur OVH KS-LE-1

KS-LE-1

Centre de données

rbx (ROUBAIX)

RBX-3

42F13

VMS - Visual Monitoring System - OVHcloud

OVHcloud VMS - Realtime datacenter monitoring

Matériel

Intel Xeon E3-1245v2 32GB DDR3 1333MHz 3x 2TB HDD Soft RAID Enterprise Class 300Mbps unmetered public bandwidth

Configuration

Disques durs

Schéma de partitionnement

Boot

512Mo en RAID1

Swap

  • 3 x 11.5Go de RAM

Données en RAID

Le reste de chaque disque dur

Partitionnement

# for identifier in {a..c} ; do fdisk -l /dev/sd${identifier} ; done
Disk /dev/sda: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdb: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdc: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Taille partition boot: 536870912

Taille swap sur chaque partition: 12348030976

Taille partition stockage: 2000398934016 - 12348030976

Procédure

Partitionnement du premier disque
fdisk /dev/sda
Sur un système avec UEFI

:::warning

Bien vérifier si vous avez un système UEFI:

ls /sys/firmware/efi

Si ce fichier n'existe pas, il faut utiliser une table MBR

Source: Check if Computer Uses UEFI or Legacy BIOS [Linux & Windows]

:::

Table GPT

Création d'une partition de type gpt (recommandé ici)

Command (m for help): g
Created a new GPT disklabel (GUID: 7559B5A2-8614-2643-A902-83E81B2F0BBC).
Table MBR

Création d'une partition de type MBR (pour les firmware BIOS)

  Create a new label
   g   create a new empty GPT partition table
   G   create a new empty SGI (IRIX) partition table
   o   create a new empty DOS partition table
   s   create a new empty Sun partition table

Command (m for help): o 

Created a new DOS disklabel with disk identifier 0xf9044d6d.

TODO: à compléter

Création des partitions
Command (m for help): n
Partition number (1-128, default 1): 
First sector (2048-3907029134, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-3907029134, default 3907029134): +512M

Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.

Command (m for help): t
Selected partition 1
Partition type (type L to list all types): 29
Changed type of partition 'Linux swap' to 'Linux RAID'.


Command (m for help): n
Partition number (2-128, default 2): 
First sector (1050624-3907029134, default 1050624): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1050624-3907029134, default 3907029134): +24117248

Created a new partition 2 of type 'Linux filesystem' and of size 11.5 GiB.


Partition type (type L to list all types): 19

Command (m for help): t
Partition number (1,2, default 2): 2
Changed type of partition 'Linux filesystem' to 'Linux swap'.

Command (m for help): n
Partition number (3-128, default 3): 
First sector (25167873-3907029134, default 25169920): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (25169920-3907029134, default 3907029134): 

Created a new partition 3 of type 'Linux filesystem' and of size 1.8 TiB.

Command (m for help): t
Partition number (1-3, default 3): 
Partition type (type L to list all types): 29

Changed type of partition 'Linux filesystem' to 'Linux RAID'.
Duplication sur les autres disques

Utilisation de sfdisk pour dupliquer sur les autres partitions

sfdisk permet de facilement scripter le partitionnement

sfdisk --dump /dev/sda  > sda.dump

cat sda.dump

:::warning

La sortie ci-dessous concerne un disque GPT

:::

# sfdisk -d /dev/sda
# cat sda.dump 
label: gpt
label-id: 7559B5A2-8614-2643-A902-83E81B2F0BBC
device: /dev/sda
unit: sectors
first-lba: 2048
last-lba: 3907029134

/dev/sda1 : start=        2048, size=     1048576, type=A19D880F-05FC-4D3B-A006-743F0F84911E, uuid=3699B538-F0E4-A34B-BCCB-F61C4185D75C
/dev/sda2 : start=     1050624, size=    24117249, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=621CE8D2-A4F0-6347-8F4A-70F163ADAE1F
/dev/sda3 : start=    25169920, size=  3881859215, type=A19D880F-05FC-4D3B-A006-743F0F84911E, uuid=BD5576BF-1C28-334B-A0EE-9B012DA19F08

Duplication vers les deux autres partitions:

sfdisk /dev/sdb < sda.dump
sfdisk /dev/sdc < sda.dump

Chiffrement et configuration du RAID

Chiffrement des swap

Voir Chiffrement des swap

Exemple pour une partition:

cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sda2 cryptswapa

Pour les trois:

for identifier in {a..c} ; do cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sd${identifier}2 cryptswap${identifier} ; done

Puis:

# for identifier in {a..c} ; do mkswap /dev/mapper/cryptswap${identifier}; done
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=239af6e4-fdc8-4467-bcae-ccaa14554461
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=031019fe-d32b-46fb-98ad-c981e00c351b
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=3f6b2d2c-b07c-4b3e-b981-bf3b00928bd2

Ou en une seule fois:

for identifier in {a..c} ; do cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sd${identifier}2 cryptswap${identifier} ; mkswap /dev/mapper/cryptswap${identifier}; done

Configuration du RAID

Pour la partition de démarrage

mdadm --create --verbose /dev/md1 --level=1 --raid-devices=3 /dev/sd[a-c]1

Il demande si on est sûr:

# mdadm --create --verbose /dev/md1 --level=1 --raid-devices=3 /dev/sd[a-c]1
mdadm: Note: this array has metadata at the start and
    may not be suitable as a boot device.  If you plan to
    store '/boot' on this device please ensure that
    your boot-loader understands md/v1.x metadata, or use
    --metadata=0.90
mdadm: size set to 523264K
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md1 started.

Ensuite on formate cette partition:

mkfs.ext4 /dev/md1

Création du RAID5

mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sd[a-c]3

Chiffrement LUKS de la partition principale

Initialiser le chiffrement LUKS sur le RAID :

cryptsetup -q -s 512 -c aes-xts-plain64 luksFormat /dev/md0

# cryptsetup -q -s 512 -c aes-xts-plain64 luksFormat /dev/md0
Enter passphrase for /dev/md0:

On récupère l'UUID et on le note précieusement :

cryptsetup luksDump /dev/md0 | grep UUID | awk '{print $2}'

:::information

Cette information (UUID) sera nécessaire au moment de configurer le déchiffrement au démarrage

:::

Ouvrir le conteneur chiffré :

cryptsetup luksOpen /dev/md0 raid_crypt

Saisir la passphrase:

Enter passphrase for /dev/md0:

Initialisation de LVM

apt update && apt install -y cryptsetup lvm2 debian-keyring

Configurer LVM

Création du Physical Volume sur le conteneur LUKS :

pvcreate /dev/mapper/raid_crypt

Qui devrait indiquer:

  Physical volume "/dev/mapper/raid_crypt" successfully created.

Création du Volume Group

vgcreate vg_raid /dev/mapper/raid_crypt

Qui devrait indiquer:

  Volume group "vg_raid" successfully created

Création des volumes logiques :

lvcreate -L 100G -n lv_root vg_raid
lvcreate -l 100%FREE -n lv_data vg_raid

  Logical volume "lv_root" created.
  Logical volume "lv_data" created.

Formater et monter les volumes

Formater en ext4 :

mkfs.ext4 /dev/vg_raid/lv_root
mkfs.ext4 /dev/vg_raid/lv_data

Debootstrap

Aller sur la page Debian -- Details of package debootstrap in bookwormDebian -- Details of package debootstrap in bookworm

Récupérer l'adresse dans la section Télécharger et en cliquant sur all

COpier un des liens et l'utiliser pour télécharger sur le serveur:

wget http://ftp.fr.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.128+nmu2+deb12u2_all.deb

On l'exécute:

dpkg -i debootstrap*.deb && rm -f debootstrap*.deb

Préparation montage pour boot

Monter les volumes :

mount /dev/vg_raid/lv_root /mnt
mkdir /mnt/data
mount /dev/vg_raid/lv_data /mnt/data
mount /dev/md1 /mnt/boot

apt install -y debian-keyring
debootstrap --arch amd64 stable /mnt https://deb.debian.org/debian/

Chroot et configuration

chroot

mount -o bind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -t devpts devpts /mnt/dev/pts
mount -o bind /run /mnt/run

Exécuter la commande:

chroot /mnt /bin/bash

Autre commande:

XTERM=xterm-color LANG=C.UTF-8 chroot /mnt /bin/bash

Voir aussi: Manually installing Debian 12 (Bookworm) with fully encrypted LUKS (besides /boot) using debootstrap | Steffen’s random thoughts

Installation de ifupdown

apt install ifupdown

Configuration des interfaces réseau:

cat << EOF > /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
EOF

cat << EOF > /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1
EOF


_hostname=ecaz
_domain=aezi.fr
echo "$_hostname" > /etc/hostname

echo "127.0.1.1 $_hostname.$_domain $_hostname" >> /etc/hosts

Configuration de l'heure

echo "Europe/Paris" > /etc/timezone
dpkg-reconfigure -f noninteractive tzdata

Configuration du gestionnaire APT

cat << EOF > /etc/apt/sources.list
deb http://deb.debian.org/debian bookworm main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm main contrib non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware

# deb http://deb.debian.org/debian bookworm-backports main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware
# deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware
EOF

Désactivation de l'installation des paquest suggérés/recommandés

cat << EOF > /etc/apt/apt.conf.d/999aptsettings
APT::Install-Recommends "0";
APT::Install-Suggests "0";
EOF

Installation des paquets nécessaires

apt update && apt install -y busybox console-setup cryptsetup dropbear grub-pc initramfs-tools kbd linux-image-amd64 linux-perf locales ssh dropbear-initramfs cryptsetup-initramfs zstd lvm2

:::information

zstd est juste là pour éviter un warning lors d'update-initramfs

:::

mkdir -p /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyzZAymNeWxeDjSUzkyEJLzwGqZt+VvdmidomWL0QLb lauhub@Mac-15-Laurent.local" >> /root/.ssh/authorized_keys

mkdir -p /etc/dropbear/initramfs/ && chmod 600 /etc/dropbear/initramfs/
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyzZAymNeWxeDjSUzkyEJLzwGqZt+VvdmidomWL0QLb lauhub@Mac-15-Laurent.local" >> /etc/dropbear/initramfs/authorized_keys

sed -i.old s/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"net.ifnames=0\ biosdevname=0\ ip=:::::eth0:dhcp\"/g /etc/default/grub

Voir: debian - GRUB_CMDLINE_LINUX_DEFAULT vs GRUB_CMDLINE_LINUX - Unix & Linux Stack Exchange

Dropbear configuration

LUKS encryption: Enable remote ssh unlocking - iotechonline

On va configurer Dropbear en éditant le fichier /etc/dropbear/initramfs/dropbear.conf

On y place les options suivantes:

DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60"

:::information

Mais on pourrait ajouter -c /usr/bin/cryptroot-unlock

comme indiqué ici: Unlocking a LUKS-encrypted partition via ssh on Debian 12 Bookworm

:::

Édition:

nano /etc/initramfs-tools/initramfs.conf

Changer:

BUSYBOX=auto

En :

BUSYBOX=y

Ajouter:

DEVICE=eth0

crypttab

Modifier /etc/crypttab

Et y placer l'UUID notée précédemment en utilisant le label raid_crypt défini plus haut:

raid_crypt UUID=203c6910-a804-4a08-8218-b92dc9381905 none luks

Édition du fichier /etc/fstab

Éditer /etc/fstab et y placer les UUID correspondant respectivement à / et /boot:

  1. celui donné par le volume LVM root (/dev/mapper/root):
blkid | grep lv_root
/dev/mapper/vg_raid-lv_root: UUID="xxxxxxxxxxxxxxxxxxxxxxxxxxxx" BLOCK_SIZE="4096" TYPE="ext4"
  1. celui donné par le volume RAID1:
blkid | grep md1
/dev/md1: UUID="yyyyyyyyyyyyyyyyyyyyyyyyyyyy" BLOCK_SIZE="1024" TYPE="ext4"

UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxx / ext4 defaults,relatime 0 1
UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyy /boot ext4 defaults,relatime 0 2

Installation de mdadm dans le nouveau système

Il faut installer le paquet mdadm et/ou le reconfigurer:

apt install mdadm

Ou:

dpkg-reconfigure mdadm

Ceci va regénérer le fichier /etc/mdadm/mdadm.conf

Installation de grub

On installe grub sur les trois disques de sorte qu'ils puissent tous booter:

for identifier in {a..c} ; do grub-install /dev/sd${identifier} ; done

Les trois sorties devraient donner:

Installing for i386-pc platform.
Installation finished. No error reported.

Mise à jour de l'initramfs

update-grub && update-initramfs -u -k all

Normalement il ne devrai pas y avoir de Warning (sauf pour gzip éventuellement)

Clé SSH pour root

Ceci c'est pour éviter de se retrouver coincé si l'utilisateur principal n'arrive pas à se connecter (pour des questions de permissions/propriété sur son dossier .ssh, erreur courante si on oublie ce détail):

echo "ssh-ed25519 AAAAyourED25519publicKeyTextHere comment_about_the_key" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

Création de l'utilisateur

adduser lauhub

Mettre un mot de passe fort !!!

apt install sudo
adduser lauhub sudo

Ajout du fichier authorized_keys:

echo "ssh-ed25519 AAAAyourED25519publicKeyTextHere comment_about_the_key" >> /home/lauhub/.ssh/authorized_keys

chmod 600 /home/lauhub/.ssh/authorized_keys
chmod 700 /home/lauhub/.ssh
chown -R lauhub:lauhub /home/lauhub

Fin de l'installation

exit

Puis:

umount /mnt/dev/pts
umount /mnt/{boot,dev,proc,sys,run}
umount /mnt/data
umount /mnt
cryptsetup luksClose raid_crypt

Dépannage en cas de non démarrage

Remontage

cryptsetup luksOpen /dev/sda2 root

Saisir passphrase:

mount mount /dev/vg_raid/lv_root /mnt
mount /dev/vg_raid/lv_data /mnt/data
mount /dev/md1 /mnt/boot
mount -o bind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
chroot /mnt /bin/bash

Post installation

Désactivation de dropbear

Ceci pour éviter qu'il ne soit en conflit avec openssh-server:

systemctl disable dropbear

Installation des paquets

apt install man manpages sudo dbus dbus-user-session systemd libsystemd-dev libsystemd0

COnfiguration

sudo dpkg-reconfigure tzdata
tasksel install standard
````

```bash
$ sudo ufw allow ssh
Rules updated
Rules updated (v6)
lauhub@ecaz:~$ sudo ufw allow http
Rules updated
Rules updated (v6)
lauhub@ecaz:~$ sudo ufw allow https
Rules updated
Rules updated (v6)

Verrouillage de cryptroot-unlock dans dropbear

On vérifie que le fichier /usr/bin/cryptroot-unlock est bien présent dans le fichier initramfs

Par exemple (adapter le nom du initrd):

# lsinitramfs /boot/initrd.img-6.1.0-30-amd64 | grep cryptroot
...
usr/bin/cryptroot-unlock

La dernière ligne montre que ce fichier existe bien.

On peut donc ajouter -c /usr/bin/cryptroot-unlock dans /etc/dropbear/initramfs/dropbear.conf :

DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60 -c /usr/bin/cryptroot-unlock"

Puis on update l'initramfs et on reboote pour tester:

update-initramfs -u -k all

Autres

Gérer les locales

dpkg-reconfigure locales

Fingerprint du serveur

# ssh-keyscan localhost 2> /dev/null | ssh-keygen -l -f -
256 SHA256:kRU92vV61Pwx+A3Vsj/qW5nnOZrNzcnRTR21JiyRoYc localhost (ECDSA)
256 SHA256:dx3SHsBKaScxp8tr8CWB/9PGBX+V1GnMLPSQxiAiqDw localhost (ED25519)
3072 SHA256:jzYg1XEI63CIs8Y8bdVWQzB2FJHLNl95XMWpksKZ8VA localhost (RSA)

Fingerprint dropbear

# dropbearkey -y -f /etc/dropbear/dropbear_ecdsa_host_key
Public key portion is:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDjX6nBrFFgAArq0Q7mew5lPWczswjfgtWySaYfjetOnRYSmHzB4vLosmToCBX6uJxmThKtcMkAmATRl9jzEKic= root@rescue-customer-eu
Fingerprint: SHA256:vVNjmNthQRiVWgt+GsARWCg4Er2zXpswyARdDphJO0Q
# dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key 
Public key portion is:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICThqIP4UA4sD9eXUXfsihQOlFclk4WGxZs7b8okDrJE root@rescue-customer-eu
Fingerprint: SHA256:OfKnch1/6/bLv0s4GRkQ8RNiMEQJp2I4XfJr3YqYKFI
# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key 
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUDlNRIjVvfmzgxuUnIROA9kVHgscTTQ55N0hUX31S1IcsP/A7bU4ZLFknL3rW0BtVGMIu9qagQW5+p8QnnOenG6EAL/tZvYnOKRRS4fCbiDMISpeillyZSXv/SDKiTyoxAel10B9m94vQDowM7nyTpeL3Kw8cCew6/hniIWTVJV94PdTundJX97ZwxkE3kNsFMz4bCKmLm2D1IlMRTdOBibMYbgwgWzH4LuSMJPsqMh/GWiuE1LXpM6dfG4zKt0hEFs7MQdailiFpKM30Gq8QzBlOwO+yMMAIK38A+znA0TkJbXwbOXIiqG2y+/tKjJmlveVOrf/OMADQfc4dui3t root@rescue-customer-eu
Fingerprint: SHA256:wPwMGdA3zaQVdx5VOY+QIpHRd68ME+z8lcwwSSq930E

En mode rescue

Le name server de ecaz: nameserver 213.186.33.99

interface réseau / DHCP

# cat /etc/network/interfaces.d/55-rescue 
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
accept_ra 0

# cat /etc/network/interfaces.d/60-rescue-ipv6 
iface eth0 inet6 static
    address 2001:41d0:2:b647::1/128
    gateway 2001:41d0:0002:b6ff:ff:ff:ff:ff

Remplacer une table GPT en MBR

:::information

Nécessaire si install-grub indique ce genre d'erreur

# grub-install /dev/sda
Installing for i386-pc platform.
grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
grub-install: error: embedding is not possible, but this is required for RAID and LVM install.

:::

Pour convertir une partition GPT en MBR:

Lancer gdisk:

gdisk /dev/sdX

Utiliser r (recovery and transformation) puis g pour transformer GPT en MBR:

Found valid GPT with protective MBR; using GPT.

Command (? for help): r

Recovery/transformation command (? for help): g

Vérifier avec p puis écrire la table avec w (en confirmant la modification ensuite) :

MBR command (? for help): p

** NOTE: Partition numbers do NOT indicate final primary/logical status,
** unlike in most MBR partitioning tools!

** Extended partitions are not displayed, but will be generated as required.

Disk size is 3907029168 sectors (1.8 TiB)
MBR disk identifier: 0x00000000
MBR partitions:

                                                   Can Be   Can Be
Number  Boot  Start Sector   End Sector   Status   Logical  Primary   Code
   1                  2048      1050623   primary     Y        Y      0xFD
   2               1050624     25167872   primary              Y      0x82
   3              25169920   3907029134   primary     Y        Y      0xFD

MBR command (? for help): w

Confirmer:

Converted 3 partitions. Finalize and exit? (Y/N): y

Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.

Recommencer pour les deux autres disques sdb et sdc

À ce niveau il semble utile de démonter toutes les partitions ete de fermer le volume chiffré avant de faire le partprobe

:::warning

Il est possible que les UUID changent !!! Bien vérifier !

:::

Ensuite, on remonte tout et on chroot à nouveau

Aide du recovery de gdisk

# gdisk /dev/sda
GPT fdisk (gdisk) version 1.0.3

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help): r

Recovery/transformation command (? for help): ?
b	use backup GPT header (rebuilding main)
c	load backup partition table from disk (rebuilding main)
d	use main GPT header (rebuilding backup)
e	load main partition table from disk (rebuilding backup)
f	load MBR and build fresh GPT from it
g	convert GPT into MBR and exit
h	make hybrid MBR
i	show detailed information on a partition
l	load partition data from a backup file
m	return to main menu
o	print protective MBR data
p	print the partition table
q	quit without saving changes
t	transform BSD disklabel partition
v	verify disk
w	write table to disk and exit
x	extra functionality (experts only)
?	print this menu

Source: Converting between GPT and MBR hard drive without losing data - Super User

Références

raid_logiciel [Wiki ubuntu-fr]

Fichiers de configuration

Première installation 20250125

/etc/mdadm/mdadm.conf

:::information

mdadm --detail --scan >>  /etc/mdadm/mdadm.conf

:::

# mdadm.conf
#
# !NB! Run update-initramfs -u after updating this file.
# !NB! This will ensure that initramfs has an uptodate copy.
#
# Please refer to mdadm.conf(5) for information about this file.
#

# by default (built-in), scan all partitions (/proc/partitions) and all
# containers for MD superblocks. alternatively, specify devices to scan, using
# wildcards if desired.
#DEVICE partitions containers

# automatically tag new arrays as belonging to the local system
HOMEHOST <system>

# instruct the monitoring daemon where to send mail alerts
MAILADDR root

# definitions of existing MD arrays
# This configuration was auto-generated on Sat, 25 Jan 2025 00:00:23 +0000 by mkconf
ARRAY /dev/md1 metadata=1.2 name=rescue-customer-eu:1 UUID=002796eb:8cba5b52:335ca63b:ec14cf91
ARRAY /dev/md0 metadata=1.2 name=rescue-customer-eu:0 UUID=ba46c22d:137098a7:4876ebc9:18bf0148

/etc/fstab

UUID=b890c459-64a5-4db7-b526-3e677be8cdb9 / ext4 defaults,relatime 0 1
UUID=7e4d9e7d-970a-4aaf-a9fc-f365033348ed /boot ext4 defaults,relatime 0 2

/etc/crypttab

# <target name>	<source device>		<key file>	<options>
raid_crypt UUID=5e99eca6-5db2-4f4b-bea8-6c6dff404406 none luks

/etc/default/grub

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet ip=:::::eno1:dhcp"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 ip=:::::eth0:dhcp"
#GRUB_DEVICE_UUID=7e4d9e7d-970a-4aaf-a9fc-f365033348ed

# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
#GRUB_DISABLE_OS_PROBER=false

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

/etc/dropbear/initramfs/dropbear.conf

# Configuration options for the dropbear-initramfs boot scripts.
# Variable assignment follow shell semantics and escaping/quoting rules.
# You must run update-initramfs(8) to effect changes to this file (like
# for other files in the '/etc/dropbear/initramfs' directory).

#
# Command line options to pass to dropbear(8)
#
#DROPBEAR_OPTIONS=""
DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60"

#
# On local (non-NFS) mounts, interfaces matching this pattern are
# brought down before exiting the ramdisk to avoid dirty network
# configuration in the normal kernel.
# The special value 'none' keeps all interfaces up and preserves routing
# tables and addresses.
#
#IFDOWN="*"

#
# On local (non-NFS) mounts, the network stack and dropbear are started
# asynchronously at init-premount stage.  This value specifies the
# maximum number of seconds to wait (while the network/dropbear are
# being configured) at init-bottom stage before terminating dropbear and
# bringing the network down.
# If the timeout is too short, and if the boot process is not blocking
# on user input supplied via SSHd (ie no remote unlocking), then the
# initrd might pivot to init(1) too early, thereby causing a race
# condition between network configuration from initramfs vs from the
# normal system.
#
#DROPBEAR_SHUTDOWN_TIMEOUT=60

Weebographie