ecaz-serveur-proxmox.md 39 KB
% Serveur Proxmox : ecaz.aezi.fr
Présenter la procédure de démarrage en mode rescue
Nom
Ecaz: Ecaz est la quatrième planète d'Alpha Centuri B. L'un de ses produits est le « bois-brouillard », une substance végétale prisée des sculpteurs, car la seule pensée humaine parvient à le façonner. C'est une planète dissociée avant le Jihad butlérien.
Liste des planètes de Dune — Wikipédia
Matériel
Serveur OVH KS-LE-1
KS-LE-1
Centre de données
rbx (ROUBAIX)
RBX-3
42F13
VMS - Visual Monitoring System - OVHcloud
OVHcloud VMS - Realtime datacenter monitoring
Matériel
Intel Xeon E3-1245v2 32GB DDR3 1333MHz 3x 2TB HDD Soft RAID Enterprise Class 300Mbps unmetered public bandwidth
Configuration
Disques durs
Schéma de partitionnement
Boot
512Mo en RAID1
Swap
- 3 x 11.5Go de RAM
Données en RAID
Le reste de chaque disque dur
Partitionnement
# for identifier in {a..c} ; do fdisk -l /dev/sd${identifier} ; done
Disk /dev/sda: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdb: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdc: 1.8 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: HGST HUS724020AL
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Taille partition boot: 536870912
Taille swap sur chaque partition: 12348030976
Taille partition stockage: 2000398934016 - 12348030976
Procédure
Partitionnement du premier disque
fdisk /dev/sda
Sur un système avec UEFI
:::warning
Bien vérifier si vous avez un système UEFI:
ls /sys/firmware/efi
Si ce fichier n'existe pas, il faut utiliser une table MBR
Source: Check if Computer Uses UEFI or Legacy BIOS [Linux & Windows]
:::
Table GPT
Création d'une partition de type gpt (recommandé ici)
Command (m for help): g
Created a new GPT disklabel (GUID: 7559B5A2-8614-2643-A902-83E81B2F0BBC).
Table MBR
Création d'une partition de type MBR (pour les firmware BIOS)
Create a new label
g create a new empty GPT partition table
G create a new empty SGI (IRIX) partition table
o create a new empty DOS partition table
s create a new empty Sun partition table
Command (m for help): o
Created a new DOS disklabel with disk identifier 0xf9044d6d.
TODO: à compléter
Création des partitions
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-3907029134, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-3907029134, default 3907029134): +512M
Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
Command (m for help): t
Selected partition 1
Partition type (type L to list all types): 29
Changed type of partition 'Linux swap' to 'Linux RAID'.
Command (m for help): n
Partition number (2-128, default 2):
First sector (1050624-3907029134, default 1050624):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1050624-3907029134, default 3907029134): +24117248
Created a new partition 2 of type 'Linux filesystem' and of size 11.5 GiB.
Partition type (type L to list all types): 19
Command (m for help): t
Partition number (1,2, default 2): 2
Changed type of partition 'Linux filesystem' to 'Linux swap'.
Command (m for help): n
Partition number (3-128, default 3):
First sector (25167873-3907029134, default 25169920):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (25169920-3907029134, default 3907029134):
Created a new partition 3 of type 'Linux filesystem' and of size 1.8 TiB.
Command (m for help): t
Partition number (1-3, default 3):
Partition type (type L to list all types): 29
Changed type of partition 'Linux filesystem' to 'Linux RAID'.
Duplication sur les autres disques
Utilisation de sfdisk pour dupliquer sur les autres partitions
sfdisk permet de facilement scripter le partitionnement
sfdisk --dump /dev/sda > sda.dump
cat sda.dump
:::warning
La sortie ci-dessous concerne un disque GPT
:::
# sfdisk -d /dev/sda
# cat sda.dump
label: gpt
label-id: 7559B5A2-8614-2643-A902-83E81B2F0BBC
device: /dev/sda
unit: sectors
first-lba: 2048
last-lba: 3907029134
/dev/sda1 : start= 2048, size= 1048576, type=A19D880F-05FC-4D3B-A006-743F0F84911E, uuid=3699B538-F0E4-A34B-BCCB-F61C4185D75C
/dev/sda2 : start= 1050624, size= 24117249, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F, uuid=621CE8D2-A4F0-6347-8F4A-70F163ADAE1F
/dev/sda3 : start= 25169920, size= 3881859215, type=A19D880F-05FC-4D3B-A006-743F0F84911E, uuid=BD5576BF-1C28-334B-A0EE-9B012DA19F08
Duplication vers les deux autres partitions:
sfdisk /dev/sdb < sda.dump
sfdisk /dev/sdc < sda.dump
Chiffrement et configuration du RAID
Chiffrement des swap
Voir Chiffrement des swap
Exemple pour une partition:
cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sda2 cryptswapa
Pour les trois:
for identifier in {a..c} ; do cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sd${identifier}2 cryptswap${identifier} ; done
Puis:
# for identifier in {a..c} ; do mkswap /dev/mapper/cryptswap${identifier}; done
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=239af6e4-fdc8-4467-bcae-ccaa14554461
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=031019fe-d32b-46fb-98ad-c981e00c351b
Setting up swapspace version 1, size = 11.5 GiB (12348026880 bytes)
no label, UUID=3f6b2d2c-b07c-4b3e-b981-bf3b00928bd2
Ou en une seule fois:
for identifier in {a..c} ; do cryptsetup open --type plain --cipher aes-xts-plain64 --key-file /dev/urandom /dev/sd${identifier}2 cryptswap${identifier} ; mkswap /dev/mapper/cryptswap${identifier}; done
Configuration du RAID
Pour la partition de démarrage
mdadm --create --verbose /dev/md1 --level=1 --raid-devices=3 /dev/sd[a-c]1
Il demande si on est sûr:
# mdadm --create --verbose /dev/md1 --level=1 --raid-devices=3 /dev/sd[a-c]1
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
mdadm: size set to 523264K
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md1 started.
Ensuite on formate cette partition:
mkfs.ext4 /dev/md1
Création du RAID5
mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sd[a-c]3
Chiffrement LUKS de la partition principale
Initialiser le chiffrement LUKS sur le RAID :
cryptsetup -q -s 512 -c aes-xts-plain64 luksFormat /dev/md0
# cryptsetup -q -s 512 -c aes-xts-plain64 luksFormat /dev/md0
Enter passphrase for /dev/md0:
On récupère l'UUID et on le note précieusement :
cryptsetup luksDump /dev/md0 | grep UUID | awk '{print $2}'
:::information
Cette information (UUID) sera nécessaire au moment de configurer le déchiffrement au démarrage
:::
Ouvrir le conteneur chiffré :
cryptsetup luksOpen /dev/md0 raid_crypt
Saisir la passphrase:
Enter passphrase for /dev/md0:
Initialisation de LVM
apt update && apt install -y cryptsetup lvm2 debian-keyring
Configurer LVM
Création du Physical Volume sur le conteneur LUKS :
pvcreate /dev/mapper/raid_crypt
Qui devrait indiquer:
Physical volume "/dev/mapper/raid_crypt" successfully created.
Création du Volume Group
vgcreate vg_raid /dev/mapper/raid_crypt
Qui devrait indiquer:
Volume group "vg_raid" successfully created
Création des volumes logiques :
lvcreate -L 100G -n lv_root vg_raid
lvcreate -l 100%FREE -n lv_data vg_raid
Logical volume "lv_root" created.
Logical volume "lv_data" created.
Formater et monter les volumes
Formater en ext4 :
mkfs.ext4 /dev/vg_raid/lv_root
mkfs.ext4 /dev/vg_raid/lv_data
Debootstrap
Aller sur la page Debian -- Details of package debootstrap in bookwormDebian -- Details of package debootstrap in bookworm
Récupérer l'adresse dans la section Télécharger et en cliquant sur all
COpier un des liens et l'utiliser pour télécharger sur le serveur:
wget http://ftp.fr.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.128+nmu2+deb12u2_all.deb
On l'exécute:
dpkg -i debootstrap*.deb && rm -f debootstrap*.deb
Préparation montage pour boot
Monter les volumes :
mount /dev/vg_raid/lv_root /mnt
mkdir /mnt/data
mount /dev/vg_raid/lv_data /mnt/data
mount /dev/md1 /mnt/boot
apt install -y debian-keyring
debootstrap --arch amd64 stable /mnt https://deb.debian.org/debian/
Chroot et configuration
chroot
mount -o bind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -t devpts devpts /mnt/dev/pts
mount -o bind /run /mnt/run
Exécuter la commande:
chroot /mnt /bin/bash
Autre commande:
XTERM=xterm-color LANG=C.UTF-8 chroot /mnt /bin/bash
Installation de ifupdown
apt install ifupdown
Configuration des interfaces réseau:
cat << EOF > /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
EOF
cat << EOF > /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1
EOF
_hostname=ecaz
_domain=aezi.fr
echo "$_hostname" > /etc/hostname
echo "127.0.1.1 $_hostname.$_domain $_hostname" >> /etc/hosts
Configuration de l'heure
echo "Europe/Paris" > /etc/timezone
dpkg-reconfigure -f noninteractive tzdata
Configuration du gestionnaire APT
cat << EOF > /etc/apt/sources.list
deb http://deb.debian.org/debian bookworm main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm main contrib non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware
# deb http://deb.debian.org/debian bookworm-backports main contrib non-free-firmware
# deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware
# deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware
EOF
Désactivation de l'installation des paquest suggérés/recommandés
cat << EOF > /etc/apt/apt.conf.d/999aptsettings
APT::Install-Recommends "0";
APT::Install-Suggests "0";
EOF
Installation des paquets nécessaires
apt update && apt install -y busybox console-setup cryptsetup dropbear grub-pc initramfs-tools kbd linux-image-amd64 linux-perf locales ssh dropbear-initramfs cryptsetup-initramfs zstd lvm2
:::information
zstd est juste là pour éviter un warning lors d'update-initramfs
:::
mkdir -p /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyzZAymNeWxeDjSUzkyEJLzwGqZt+VvdmidomWL0QLb lauhub@Mac-15-Laurent.local" >> /root/.ssh/authorized_keys
mkdir -p /etc/dropbear/initramfs/ && chmod 600 /etc/dropbear/initramfs/
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyzZAymNeWxeDjSUzkyEJLzwGqZt+VvdmidomWL0QLb lauhub@Mac-15-Laurent.local" >> /etc/dropbear/initramfs/authorized_keys
sed -i.old s/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"net.ifnames=0\ biosdevname=0\ ip=:::::eth0:dhcp\"/g /etc/default/grub
Voir: debian - GRUB_CMDLINE_LINUX_DEFAULT vs GRUB_CMDLINE_LINUX - Unix & Linux Stack Exchange
Dropbear configuration
LUKS encryption: Enable remote ssh unlocking - iotechonline
On va configurer Dropbear en éditant le fichier /etc/dropbear/initramfs/dropbear.conf
On y place les options suivantes:
DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60"
:::information
Mais on pourrait ajouter -c /usr/bin/cryptroot-unlock
comme indiqué ici: Unlocking a LUKS-encrypted partition via ssh on Debian 12 Bookworm
:::
Édition:
nano /etc/initramfs-tools/initramfs.conf
Changer:
BUSYBOX=auto
En :
BUSYBOX=y
Ajouter:
DEVICE=eth0
crypttab
Modifier /etc/crypttab
Et y placer l'UUID notée précédemment en utilisant le label raid_crypt défini plus haut:
raid_crypt UUID=203c6910-a804-4a08-8218-b92dc9381905 none luks
Édition du fichier /etc/fstab
Éditer /etc/fstab et y placer les UUID correspondant respectivement à / et /boot:
- celui donné par le volume LVM root (
/dev/mapper/root):
blkid | grep lv_root
/dev/mapper/vg_raid-lv_root: UUID="xxxxxxxxxxxxxxxxxxxxxxxxxxxx" BLOCK_SIZE="4096" TYPE="ext4"
- celui donné par le volume RAID1:
blkid | grep md1
/dev/md1: UUID="yyyyyyyyyyyyyyyyyyyyyyyyyyyy" BLOCK_SIZE="1024" TYPE="ext4"
UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxx / ext4 defaults,relatime 0 1
UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyy /boot ext4 defaults,relatime 0 2
Installation de mdadm dans le nouveau système
Il faut installer le paquet mdadm et/ou le reconfigurer:
apt install mdadm
Ou:
dpkg-reconfigure mdadm
Ceci va regénérer le fichier /etc/mdadm/mdadm.conf
Installation de grub
On installe grub sur les trois disques de sorte qu'ils puissent tous booter:
for identifier in {a..c} ; do grub-install /dev/sd${identifier} ; done
Les trois sorties devraient donner:
Installing for i386-pc platform.
Installation finished. No error reported.
Mise à jour de l'initramfs
update-grub && update-initramfs -u -k all
Normalement il ne devrai pas y avoir de Warning (sauf pour gzip éventuellement)
Clé SSH pour root
Ceci c'est pour éviter de se retrouver coincé si l'utilisateur principal n'arrive pas à se connecter (pour des questions de permissions/propriété sur son dossier .ssh, erreur courante si on oublie ce détail):
echo "ssh-ed25519 AAAAyourED25519publicKeyTextHere comment_about_the_key" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
Création de l'utilisateur
adduser lauhub
Mettre un mot de passe fort !!!
apt install sudo
adduser lauhub sudo
Ajout du fichier authorized_keys:
echo "ssh-ed25519 AAAAyourED25519publicKeyTextHere comment_about_the_key" >> /home/lauhub/.ssh/authorized_keys
chmod 600 /home/lauhub/.ssh/authorized_keys
chmod 700 /home/lauhub/.ssh
chown -R lauhub:lauhub /home/lauhub
Fin de l'installation
exit
Puis:
umount /mnt/dev/pts
umount /mnt/{boot,dev,proc,sys,run}
umount /mnt/data
umount /mnt
cryptsetup luksClose raid_crypt
Dépannage en cas de non démarrage
Remontage
cryptsetup luksOpen /dev/sda2 root
Saisir passphrase:
mount mount /dev/vg_raid/lv_root /mnt
mount /dev/vg_raid/lv_data /mnt/data
mount /dev/md1 /mnt/boot
mount -o bind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
chroot /mnt /bin/bash
Post installation
Désactivation de dropbear
Ceci pour éviter qu'il ne soit en conflit avec openssh-server:
systemctl disable dropbear
Installation des paquets
apt install man manpages sudo dbus dbus-user-session systemd libsystemd-dev libsystemd0
COnfiguration
sudo dpkg-reconfigure tzdata
tasksel install standard
````
```bash
$ sudo ufw allow ssh
Rules updated
Rules updated (v6)
lauhub@ecaz:~$ sudo ufw allow http
Rules updated
Rules updated (v6)
lauhub@ecaz:~$ sudo ufw allow https
Rules updated
Rules updated (v6)
Verrouillage de cryptroot-unlock dans dropbear
On vérifie que le fichier /usr/bin/cryptroot-unlock est bien présent dans le fichier initramfs
Par exemple (adapter le nom du initrd):
# lsinitramfs /boot/initrd.img-6.1.0-30-amd64 | grep cryptroot
...
usr/bin/cryptroot-unlock
La dernière ligne montre que ce fichier existe bien.
On peut donc ajouter -c /usr/bin/cryptroot-unlock dans /etc/dropbear/initramfs/dropbear.conf :
DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60 -c /usr/bin/cryptroot-unlock"
Puis on update l'initramfs et on reboote pour tester:
update-initramfs -u -k all
Autres
Gérer les locales
dpkg-reconfigure locales
Fingerprint du serveur
# ssh-keyscan localhost 2> /dev/null | ssh-keygen -l -f -
256 SHA256:kRU92vV61Pwx+A3Vsj/qW5nnOZrNzcnRTR21JiyRoYc localhost (ECDSA)
256 SHA256:dx3SHsBKaScxp8tr8CWB/9PGBX+V1GnMLPSQxiAiqDw localhost (ED25519)
3072 SHA256:jzYg1XEI63CIs8Y8bdVWQzB2FJHLNl95XMWpksKZ8VA localhost (RSA)
Fingerprint dropbear
# dropbearkey -y -f /etc/dropbear/dropbear_ecdsa_host_key
Public key portion is:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDjX6nBrFFgAArq0Q7mew5lPWczswjfgtWySaYfjetOnRYSmHzB4vLosmToCBX6uJxmThKtcMkAmATRl9jzEKic= root@rescue-customer-eu
Fingerprint: SHA256:vVNjmNthQRiVWgt+GsARWCg4Er2zXpswyARdDphJO0Q
# dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key
Public key portion is:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICThqIP4UA4sD9eXUXfsihQOlFclk4WGxZs7b8okDrJE root@rescue-customer-eu
Fingerprint: SHA256:OfKnch1/6/bLv0s4GRkQ8RNiMEQJp2I4XfJr3YqYKFI
# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUDlNRIjVvfmzgxuUnIROA9kVHgscTTQ55N0hUX31S1IcsP/A7bU4ZLFknL3rW0BtVGMIu9qagQW5+p8QnnOenG6EAL/tZvYnOKRRS4fCbiDMISpeillyZSXv/SDKiTyoxAel10B9m94vQDowM7nyTpeL3Kw8cCew6/hniIWTVJV94PdTundJX97ZwxkE3kNsFMz4bCKmLm2D1IlMRTdOBibMYbgwgWzH4LuSMJPsqMh/GWiuE1LXpM6dfG4zKt0hEFs7MQdailiFpKM30Gq8QzBlOwO+yMMAIK38A+znA0TkJbXwbOXIiqG2y+/tKjJmlveVOrf/OMADQfc4dui3t root@rescue-customer-eu
Fingerprint: SHA256:wPwMGdA3zaQVdx5VOY+QIpHRd68ME+z8lcwwSSq930E
En mode rescue
Le name server de ecaz: nameserver 213.186.33.99
interface réseau / DHCP
# cat /etc/network/interfaces.d/55-rescue
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
accept_ra 0
# cat /etc/network/interfaces.d/60-rescue-ipv6
iface eth0 inet6 static
address 2001:41d0:2:b647::1/128
gateway 2001:41d0:0002:b6ff:ff:ff:ff:ff
Remplacer une table GPT en MBR
:::information
Nécessaire si install-grub indique ce genre d'erreur
# grub-install /dev/sda
Installing for i386-pc platform.
grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
grub-install: error: embedding is not possible, but this is required for RAID and LVM install.
:::
Pour convertir une partition GPT en MBR:
Lancer gdisk:
gdisk /dev/sdX
Utiliser r (recovery and transformation) puis g pour transformer GPT en MBR:
Found valid GPT with protective MBR; using GPT.
Command (? for help): r
Recovery/transformation command (? for help): g
Vérifier avec p puis écrire la table avec w (en confirmant la modification ensuite) :
MBR command (? for help): p
** NOTE: Partition numbers do NOT indicate final primary/logical status,
** unlike in most MBR partitioning tools!
** Extended partitions are not displayed, but will be generated as required.
Disk size is 3907029168 sectors (1.8 TiB)
MBR disk identifier: 0x00000000
MBR partitions:
Can Be Can Be
Number Boot Start Sector End Sector Status Logical Primary Code
1 2048 1050623 primary Y Y 0xFD
2 1050624 25167872 primary Y 0x82
3 25169920 3907029134 primary Y Y 0xFD
MBR command (? for help): w
Confirmer:
Converted 3 partitions. Finalize and exit? (Y/N): y
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Recommencer pour les deux autres disques sdb et sdc
À ce niveau il semble utile de démonter toutes les partitions ete de fermer le volume chiffré avant de faire le partprobe
:::warning
Il est possible que les UUID changent !!! Bien vérifier !
:::
Ensuite, on remonte tout et on chroot à nouveau
Aide du recovery de gdisk
# gdisk /dev/sda
GPT fdisk (gdisk) version 1.0.3
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): r
Recovery/transformation command (? for help): ?
b use backup GPT header (rebuilding main)
c load backup partition table from disk (rebuilding main)
d use main GPT header (rebuilding backup)
e load main partition table from disk (rebuilding backup)
f load MBR and build fresh GPT from it
g convert GPT into MBR and exit
h make hybrid MBR
i show detailed information on a partition
l load partition data from a backup file
m return to main menu
o print protective MBR data
p print the partition table
q quit without saving changes
t transform BSD disklabel partition
v verify disk
w write table to disk and exit
x extra functionality (experts only)
? print this menu
Source: Converting between GPT and MBR hard drive without losing data - Super User
Références
raid_logiciel [Wiki ubuntu-fr]
Fichiers de configuration
Première installation 20250125
/etc/mdadm/mdadm.conf
:::information
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
:::
# mdadm.conf
#
# !NB! Run update-initramfs -u after updating this file.
# !NB! This will ensure that initramfs has an uptodate copy.
#
# Please refer to mdadm.conf(5) for information about this file.
#
# by default (built-in), scan all partitions (/proc/partitions) and all
# containers for MD superblocks. alternatively, specify devices to scan, using
# wildcards if desired.
#DEVICE partitions containers
# automatically tag new arrays as belonging to the local system
HOMEHOST <system>
# instruct the monitoring daemon where to send mail alerts
MAILADDR root
# definitions of existing MD arrays
# This configuration was auto-generated on Sat, 25 Jan 2025 00:00:23 +0000 by mkconf
ARRAY /dev/md1 metadata=1.2 name=rescue-customer-eu:1 UUID=002796eb:8cba5b52:335ca63b:ec14cf91
ARRAY /dev/md0 metadata=1.2 name=rescue-customer-eu:0 UUID=ba46c22d:137098a7:4876ebc9:18bf0148
/etc/fstab
UUID=b890c459-64a5-4db7-b526-3e677be8cdb9 / ext4 defaults,relatime 0 1
UUID=7e4d9e7d-970a-4aaf-a9fc-f365033348ed /boot ext4 defaults,relatime 0 2
/etc/crypttab
# <target name> <source device> <key file> <options>
raid_crypt UUID=5e99eca6-5db2-4f4b-bea8-6c6dff404406 none luks
/etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
# info -f grub -n 'Simple configuration'
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet ip=:::::eno1:dhcp"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 ip=:::::eth0:dhcp"
#GRUB_DEVICE_UUID=7e4d9e7d-970a-4aaf-a9fc-f365033348ed
# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
#GRUB_DISABLE_OS_PROBER=false
# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
# Uncomment to disable graphical terminal
#GRUB_TERMINAL=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"
# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"
/etc/dropbear/initramfs/dropbear.conf
# Configuration options for the dropbear-initramfs boot scripts.
# Variable assignment follow shell semantics and escaping/quoting rules.
# You must run update-initramfs(8) to effect changes to this file (like
# for other files in the '/etc/dropbear/initramfs' directory).
#
# Command line options to pass to dropbear(8)
#
#DROPBEAR_OPTIONS=""
DROPBEAR_OPTIONS="-F -E -p 64357 -s -j -k -I 60"
#
# On local (non-NFS) mounts, interfaces matching this pattern are
# brought down before exiting the ramdisk to avoid dirty network
# configuration in the normal kernel.
# The special value 'none' keeps all interfaces up and preserves routing
# tables and addresses.
#
#IFDOWN="*"
#
# On local (non-NFS) mounts, the network stack and dropbear are started
# asynchronously at init-premount stage. This value specifies the
# maximum number of seconds to wait (while the network/dropbear are
# being configured) at init-bottom stage before terminating dropbear and
# bringing the network down.
# If the timeout is too short, and if the boot process is not blocking
# on user input supplied via SSHd (ie no remote unlocking), then the
# initrd might pivot to init(1) too early, thereby causing a race
# condition between network configuration from initramfs vs from the
# normal system.
#
#DROPBEAR_SHUTDOWN_TIMEOUT=60
Weebographie
- Linux Partitioning Recommendations | Average Linux User
- Utiliser LVM pour la swap
- 11.2.2. Creating an LVM2 Logical Volume for Swap | Red Hat Product Documentation
- partitioning - How can I modify the size of swap with LVM partitions? - Ask Ubuntu
- proxmox partition scheme - Lilo
- How to hard drive partitioning | Page 2 | Proxmox Support Forum
- Partitionnement du disque du serveur Proxmox – Manon Biaudelle. Administration systèmes et réseaux
- Proxmox : partitionner un disque - RDR-IT
- proxmox debian zfs or ext4 - Recherche Google
- Best practices question (Ext4/zfs/raw/qcow2) | Proxmox Support Forum
- ZFS and EXT4 mixed? | Proxmox Support Forum
- ZFS or something else? | Proxmox Support Forum
- [SOLVED] - Good Practice for Disks Setup | Proxmox Support Forum
- luks | Proxmox Support Forum
- [TUTORIAL] - Adding Full Disk Encryption to Proxmox | Proxmox Support Forum
- Install Proxmox VE on Debian 12 Bookworm - Proxmox VE
- Installing Proxmox VE
- Encrypting Proxmox VE (Best Methods) | Proxmox Support Forum
- [SOLVED] How to remove an MDADM Raid Array, Once and For All!
- Using multiple swap partitions in a specific order on Linux | www.bentasker.co.uk
- Architecture de services avec Proxmox sur un serveur kimsufi - Vincent Dillenschneider
- Cette application vous empêche d'utiliser les réseaux sociaux tant que vous n'êtes pas sorti marcher un peu | korii.
- lvcreate with max size available
- Manually installing Debian 12 (Bookworm) with fully encrypted LUKS (besides /boot) using debootstrap | Steffen’s random thoughts
- linux - How to wait for mdadm RAID array's resync process to fully complete? - Stack Overflow
- mdadm(8): manage MD devices aka Software RAID - Linux man page
- Re: restarting a debootstrap install ...
- windows server 2008 - How long does a RAID-5 array of 4x1TB disks take to format ad synchronize? - Server Fault
- windows - Is it safe to transfer files to a raid 5 array while it is re-synching? - Super User
- LUKS encryption: Enable remote ssh unlocking - iotechonline
- How to fix the missing keymaps in Debian and Ubuntu (localectl: Failed to read list of keymaps)
- "cryptsetup: WARNING: target" "not found in /etc/crypttab" raid - Recherche Google
- Manually installing Debian 11 (Bullseye) with fully encrypted LUKS (besides /boot) using debootstrap | Steffen’s random thoughts
- updates - Ubuntu 20.04 kernel upgrade -> encrypted Volume group cannot be found + crypttab empty - Ask Ubuntu
- ubuntu - /etc/crypttab not updating in initramfs - Unix & Linux Stack Exchange
- SOLVED encrypted devices naming in fstab and crypttab - Debian User Forums
- cryptsetup - Why my encrypted LVM volume (LUKS device) won't mount at boot time? - Unix & Linux Stack Exchange
- debian - Luks, ssh unlock, Strange behaviour, Invalid authorized_keys file - Unix & Linux Stack Exchange
- Unlocking a LUKS-encrypted partition via ssh on Debian 12 Bookworm
- Remote Unlocking LUKS Drive at Boot | Proxmox Support Forum
- dns - How to advertise hostname to router (via DHCP) in initramfs with dropbear? - Unix & Linux Stack Exchange
- "bookworm" dropbear initramfs - Lilo
- Linux kernel parameters: what is the difference of net.ifnames=0 and biosdevname=0 - Unix & Linux Stack Exchange
- debian - How to enable "Predictable Network Interface Names"? - Unix & Linux Stack Exchange
- raid - Getting debug output from a debian initramfs - Server Fault
- Chapter 3. The system initialization
- docs/maintainer-notes.md · debian/latest · Debian kernel team / initramfs-tools · GitLab
- initramfs - Debian Wiki
- Debian: Unlock LUKS root partition remotely by SSH using dropbear – arminpech.de
- grub-install mdadm - Lilo
- debian - How do I make grub install on a software-raid disk? - Server Fault
- grub2 - Required GRUB modules for booting on mdadm RAID1 - Unix & Linux Stack Exchange
- grub2 - Simple mdadm RAID 1 setup for booting degraded and reverting upgrades? - Unix & Linux Stack Exchange
- linux - How to correctly install GRUB on a soft RAID 1? - Unix & Linux Stack Exchange
- grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible. - Lilo
- partitioning - grub2-install: "this GPT partition label contains no BIOS Boot Partition" - Super User
- ssh-keyscan remote host - Lilo
- arguments - How can I force ssh to accept a new host fingerprint from the command line? - Stack Overflow
- How to unlock LUKS disk encryption remotely via SSH
- ubuntu - Display public keys + fingerprints of Dropbear SSH server - Server Fault
- Check if Computer Uses UEFI or Legacy BIOS [Linux & Windows]
- initramfs log /boot - Recherche Google
- boot - How to debug initramfs scripts? - Ask Ubuntu
- Converting between GPT and MBR hard drive without losing data - Super User
- sudo shutdown -r now Failed to connect to bus: No such file or directory - Recherche Google
- server - How to debug: Failed to connect to bus: No such file or directory (systemctl --user status)? - Ask Ubuntu
- docker - Failed to connect to bus: No such file or directory - Stack Overflow
- 16.04 - I can't use the shutdown command because the system "Failes to Connect to bus: No such file or directory" - Ask Ubuntu
- macos - Keyboard preferences are lost after each restart - Ask Different
- finalize debootstrap debian - Lilo