Server/haruka: Unterschied zwischen den Versionen
Aus Opennet
(Die Seite wurde neu angelegt: „Haruka ist ein Opennet Server. === Technische Daten === {| {{Prettytable}} !width="110" align="left"| '''Name''' !align="left"| haruka |- |'''Hardware'''…“) |
(→Besonderheiten) |
||
| (48 dazwischenliegende Versionen von einem Benutzer werden nicht angezeigt) | |||
| Zeile 11: | Zeile 11: | ||
|- | |- | ||
|'''Betriebsystem''' | |'''Betriebsystem''' | ||
| − | | | + | |[[MikroTik CHR]] |
|- | |- | ||
|'''Anbindung''' | |'''Anbindung''' | ||
| Zeile 17: | Zeile 17: | ||
|- | |- | ||
| '''IP / DNS''' | | '''IP / DNS''' | ||
| − | | 192.168. | + | | 192.168.5.23 - haruka.on (Opennet IPv4, ether1) <br/> fd32:d8d3:87da::10:16 - haruka.on (Opennet IPv6, ether1) <br/> 46.4.100.206 - haruka.opennet-initiative.de (WAN IPv4, ether2) <br/> 2a01:4f8:140:9250::206 - haruka.opennet-initiative.de (WAN IPv6, ether2) |
|- | |- | ||
| '''Ausstattung''' | | '''Ausstattung''' | ||
| − | | | + | | 256 MB RAM (virtuell) <br/> 512 MB (/) |
|- | |- | ||
| '''Dienste''' | | '''Dienste''' | ||
| − | | | + | | Dienste der Funkamateure Rostock (DARC e.V.) |
|- | |- | ||
| '''Backup''' | | '''Backup''' | ||
| − | | | + | | (kein Backup derzeit) |
|} | |} | ||
=== Verantwortlichkeiten === | === Verantwortlichkeiten === | ||
* Zugang/Hosting: siehe [[Server/akito]] | * Zugang/Hosting: siehe [[Server/akito]] | ||
| − | * Administration: | + | * Administration: Christoph Kottke, Mathias Mahnke |
=== Dienste === | === Dienste === | ||
| − | * | + | * Amateurfunk Router/VPN: https://hamnetdb.net/?q=dm0hro |
=== Status === | === Status === | ||
| − | * | + | * RouterOS WebFig: https://haruka.on |
| − | + | ||
=== Besonderheiten === | === Besonderheiten === | ||
| − | * keine | + | * eth1 MAC ist "00:50:56:00:b0:f5", wurde von Hetzner zugewiesen |
| + | * Kein OLSRv1 Betrieb, daher IPv4 HNA via [[AP2.230]] | ||
| + | * Kein OLSRv2 Betrieb, daher keine IPv6 Mesh Erreichbarkeit | ||
| + | * Erstinstallation: | ||
| + | lvcreate --name haruka-root --size 512M lvm-akito | ||
| + | dd if=chr-6.49.7.img of=/dev/lvm-akito/haruka-root bs=1M | ||
| + | virt-install --connect qemu:///system -n "haruka" --memory=2048 --vcpus=1 \ | ||
| + | --import --disk "path=/dev/lvm-akito/haruka-root,format=raw,bus=sata" \ | ||
| + | --graphics vnc,keymap=de --serial pty --noautoconsole \ | ||
| + | --os-type generic --network=bridge:br-wan,model=e1000,mac=00:50:56:00:b0:f5 --hvm | ||
| + | ... | ||
| + | virsh autostart haruka | ||
| + | virsh start haruka | ||
| + | ssh -L 5906:localhost:5906 <virt-server> | ||
| + | vncviewer rdp://localhost:5906 | ||
| + | ... | ||
| + | > ip address add address=192.168.5.23 network=192.168.2.230 interface=ether1 | ||
| + | > ip route add dst-address=192.168.0.0/16 gateway=192.168.2.230 | ||
| + | > ip dns set servers=192.168.2.230 | ||
| + | > ip address add address=46.4.100.206 netmask=255.255.255.192 interface=ether2 | ||
| + | > ip route add dst-address=0.0.0.0/0 gateway=46.4.100.225 | ||
| + | > ip dhcp-client remove ether1 | ||
| + | > ip ssh set strong-crypto=yes | ||
| + | > ip neighbor discovery-settings set discover-interface-list=none | ||
| + | > system identity set name=haruka | ||
| + | > system note set show-at-login=yes note= | ||
| + | _ | ||
| + | ___ _ __ ___ _ __ _ __ ___| |_ | ||
| + | / _ \| '_ \ / _ \ '_ \| '_ \ / _ \ __| | ||
| + | | (_) | |_) | __/ | | | | | | __/ |_ | ||
| + | \___/| .__/ \___|_| |_|_| |_|\___|\__| | ||
| + | |_| | ||
| + | Willkommen auf haruka! | ||
| + | > system ntp client set server-dns-names=pool.ntp.org | ||
| + | > system clock set time-zone-name=Europe/Berlin | ||
| + | > tool bandwidth-server set enabled=no | ||
| + | > certificate add name=haruka-CA common-name=haruka-CA key-usage=key-cert-sign,crl-sign | ||
| + | > certificate add name=haruka common-name=haruka.on key-usage=key-encipherment,tls-server | ||
| + | > certificate sign haruka-CA | ||
| + | > certificate sign haruka ca=haruka-CA | ||
| + | > ip service set 4 certificate=haruka # www-ssl | ||
| + | > ip service set 7 certificate=haruka # api-ssl | ||
| + | > ip service set 0 address=192.168.0.0/16 # telnet | ||
| + | > ip service set 1 address=192.168.0.0/16 # ftp | ||
| + | > ip service set 2 address=192.168.0.0/16 # www | ||
| + | > ip service set 3 address=192.168.0.0/16 # ssh | ||
| + | > ip service set 4 address=192.168.0.0/16 # www-ssl | ||
| + | > ip service set 5 address=192.168.0.0/16 # api | ||
| + | > ip service set 6 address=192.168.0.0/16 # winbox | ||
| + | > ip service set 7 address=192.168.0.0/16 # api-ssl | ||
| + | > ip service set 0 disabled=yes # telnet | ||
| + | > ip service set 1 disabled=yes # ftp | ||
| + | > ip service set 2 disabled=yes # www | ||
| + | > ip service set 4 disabled=no # www-ssl | ||
| + | > ip service set 5 disabled=yes # api | ||
| + | > ip service set 6 disabled=yes # winbox | ||
| + | > system package enable ipv6 | ||
| + | > system reboot | ||
| + | > ipv6 address add address=fd32:d8d3:87da::10:16/64 interface=ether1 | ||
| + | > ipv6 address add address=2a01:4f8:140:9250::206/64 interface=ether2 | ||
| + | > ipv6 route add dst-address=::/0 gateway=fe80::1%ether2 | ||
| + | > system backup save | ||
__NOTOC__ | __NOTOC__ | ||
[[Category:Server]] | [[Category:Server]] | ||
Aktuelle Version vom 2. November 2022, 06:27 Uhr
Haruka ist ein Opennet Server.
[Bearbeiten] Technische Daten
| Name | haruka |
|---|---|
| Hardware | Virtualisiert, KVM VM (Server/akito) |
| Betriebsystem | MikroTik CHR |
| Anbindung | siehe Server/akito |
| IP / DNS | 192.168.5.23 - haruka.on (Opennet IPv4, ether1) fd32:d8d3:87da::10:16 - haruka.on (Opennet IPv6, ether1) 46.4.100.206 - haruka.opennet-initiative.de (WAN IPv4, ether2) 2a01:4f8:140:9250::206 - haruka.opennet-initiative.de (WAN IPv6, ether2) |
| Ausstattung | 256 MB RAM (virtuell) 512 MB (/) |
| Dienste | Dienste der Funkamateure Rostock (DARC e.V.) |
| Backup | (kein Backup derzeit) |
[Bearbeiten] Verantwortlichkeiten
- Zugang/Hosting: siehe Server/akito
- Administration: Christoph Kottke, Mathias Mahnke
[Bearbeiten] Dienste
- Amateurfunk Router/VPN: https://hamnetdb.net/?q=dm0hro
[Bearbeiten] Status
- RouterOS WebFig: https://haruka.on
[Bearbeiten] Besonderheiten
- eth1 MAC ist "00:50:56:00:b0:f5", wurde von Hetzner zugewiesen
- Kein OLSRv1 Betrieb, daher IPv4 HNA via AP2.230
- Kein OLSRv2 Betrieb, daher keine IPv6 Mesh Erreichbarkeit
- Erstinstallation:
lvcreate --name haruka-root --size 512M lvm-akito
dd if=chr-6.49.7.img of=/dev/lvm-akito/haruka-root bs=1M
virt-install --connect qemu:///system -n "haruka" --memory=2048 --vcpus=1 \
--import --disk "path=/dev/lvm-akito/haruka-root,format=raw,bus=sata" \
--graphics vnc,keymap=de --serial pty --noautoconsole \
--os-type generic --network=bridge:br-wan,model=e1000,mac=00:50:56:00:b0:f5 --hvm
...
virsh autostart haruka
virsh start haruka
ssh -L 5906:localhost:5906 <virt-server>
vncviewer rdp://localhost:5906
...
> ip address add address=192.168.5.23 network=192.168.2.230 interface=ether1
> ip route add dst-address=192.168.0.0/16 gateway=192.168.2.230
> ip dns set servers=192.168.2.230
> ip address add address=46.4.100.206 netmask=255.255.255.192 interface=ether2
> ip route add dst-address=0.0.0.0/0 gateway=46.4.100.225
> ip dhcp-client remove ether1
> ip ssh set strong-crypto=yes
> ip neighbor discovery-settings set discover-interface-list=none
> system identity set name=haruka
> system note set show-at-login=yes note=
_
___ _ __ ___ _ __ _ __ ___| |_
/ _ \| '_ \ / _ \ '_ \| '_ \ / _ \ __|
| (_) | |_) | __/ | | | | | | __/ |_
\___/| .__/ \___|_| |_|_| |_|\___|\__|
|_|
Willkommen auf haruka!
> system ntp client set server-dns-names=pool.ntp.org
> system clock set time-zone-name=Europe/Berlin
> tool bandwidth-server set enabled=no
> certificate add name=haruka-CA common-name=haruka-CA key-usage=key-cert-sign,crl-sign
> certificate add name=haruka common-name=haruka.on key-usage=key-encipherment,tls-server
> certificate sign haruka-CA
> certificate sign haruka ca=haruka-CA
> ip service set 4 certificate=haruka # www-ssl
> ip service set 7 certificate=haruka # api-ssl
> ip service set 0 address=192.168.0.0/16 # telnet
> ip service set 1 address=192.168.0.0/16 # ftp
> ip service set 2 address=192.168.0.0/16 # www
> ip service set 3 address=192.168.0.0/16 # ssh
> ip service set 4 address=192.168.0.0/16 # www-ssl
> ip service set 5 address=192.168.0.0/16 # api
> ip service set 6 address=192.168.0.0/16 # winbox
> ip service set 7 address=192.168.0.0/16 # api-ssl
> ip service set 0 disabled=yes # telnet
> ip service set 1 disabled=yes # ftp
> ip service set 2 disabled=yes # www
> ip service set 4 disabled=no # www-ssl
> ip service set 5 disabled=yes # api
> ip service set 6 disabled=yes # winbox
> system package enable ipv6
> system reboot
> ipv6 address add address=fd32:d8d3:87da::10:16/64 interface=ether1
> ipv6 address add address=2a01:4f8:140:9250::206/64 interface=ether2
> ipv6 route add dst-address=::/0 gateway=fe80::1%ether2
> system backup save
