====== Serveur de backup Proxmox ======
===== Généralités =====
Un système Debian accompagné de [[https://www.proxmox.com/en/proxmox-backup-server|Proxmox Backup Server]] a été installé sur le serveur ''greentarget'' (''10.10.10.41''). //Proxmox Backup Server// (//PBS//) permet de sauvegarder efficacement et simplement les VM d'un cluster //Proxmox PVE//. Il est aussi possible d'utiliser ''proxmox-backup-client'' depuis une machine, indépendamment d'un cluster PVE. PBS s'il travaille primairement sur un ou plusieurs //datastores// locaux, PBS permet aussi d'exporter les sauvegardes sur plusieurs //remotes//.
===== Accès =====
==== SSH ====
La machine est accessible en SSH. Exemple de configuration :
Host greentarget.faimaison.net greentarget
# dilettante.faimaison.net ou fresk.faimaison.net, camber.faimaison.net
ProxyJump dilettante.faimaison.net
Hostname 10.10.10.41
==== GUI HTTPS ====
Le service pbs écoute sur https://10.10.10.41:8007/ ; il faut utiliser une redirection SSH ou un proxy SOCKS.
Exemple de forward de port SSH :
shannon ~$ ssh -L 8007:10.10.10.41:8007 dilettante.faimaison.net
Le service PBS sera accessible sur https://127.0.0.1:8007/
Comptes SSH configurés :
* tonio
* jca
* gilou
Mot de passe root dans le dépôt adminsys.git/passwords, lisible via keyringer, chemin ''noyau/greentarget.faimaison.net/root''
==== IPMI ====
Accessible via l'IP ''10.10.10.37''
jca@dilettante:~$ ipmitool -I lanplus -H 10.10.10.37 -C0 -U "$user" -P "$password" chassis status
Get HPM.x Capabilities request failed, compcode = d4
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : always-on
Last Power Event :
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
Sleep Button Disable : allowed
Diag Button Disable : allowed
Reset Button Disable : allowed
Power Button Disable : allowed
Sleep Button Disabled: false
Diag Button Disabled : false
Reset Button Disabled: false
Power Button Disabled: false
jca@dilettante:~$
# TODO Commencer une session IPMI interactive (console BIOS + GRUB + getty)
jca@dilettante:~$ ipmitool -I lanplus -H 10.10.10.37 -C0 -U "$user" -P "$password" sol activate
===== Stockage =====
==== Système ====
2 disques ''/dev/sd[ab]'' de 200GB en RAID 1, grub installé sur les deux disques.
Disques partitionnés.
Volumes RAID :
* ''/dev/md1'' (''/dev/sda1'' et ''/dev/sdb1'', 1GB) ext2 monté sur /boot
* ''/dev/md2'' (''/dev/sda3'' et ''/dev/sdb3'', 171GB) ext4 monté sur /
==== Stockage ====
10 disques de 2TB en RAID 6
Disques non partitionnés
Volume RAID :
* ''/dev/md0'' (''/dev/sd[cdefghijkl]'', 14,55 TB) chiffré avec LUKS
==== Chiffrement ====
Volume LUKS à déchiffrer au redémarrage de la machine.
Mot de passe stocké dans keyringer (dépôt git adminsys).
shannon ~$ cat .keyringer/config
fma-machines='/home/jca/fma/adminsys.git/passwords/machines'
shannon ~$ keyringer fma-machines pass noyau/greentarget.faimaison.net/luks-backups-volume
shannon ~$
Déverrouillage et montage des backups
jca@greentarget:~$ sudo cryptsetup luksOpen /dev/md0 vg_backups_pv1
#
jca@greentarget:~$ sudo mount /backups/pbs
jca@greentarget:~$
===== Dump de conf de Tonio =====
/etc/network/interfaces
/etc/apt/sources.list
vi /etc/apt/sources.list.d/pbs-enterprise.list
105 apt-get install proxmox-backup-server
112 proxmox-backup-manager user list
113 proxmox-backup-manager user create tonio@pam
114 proxmox-backup-manager user list
116 vi /etc/proxmox-backup/acl.cfg
117 proxmox-backup-manager acl list
118 proxmox-backup-manager acl update / Admin --auth-id tonio@pam*
119 proxmox-backup-manager acl update / Admin --auth-id tonio@pam
188 mdadm --create --verbose /dev/md0 --level=6 --raid-devices=10 /dev/sd{a,b,c,d,e,f,g,h,i,j}
190 cat /proc/mdstat
191 mdadm --detail /dev/md0
219 proxmox-backup-manager disk list
220 proxmox-backup-manager disk fs create store1 --disk md0 --filesystem ext4 --add-datastore true
222 mkdir /backup
223 mkfs.ext4 /dev/md0
224 mount /dev/md0 /backup/
225 df
226 proxmox-backup-manager datastore create greentargetds /backup
227 pvesm add pbs greentargetds --server 10.10.21.24 --datastore greentargetds
229 proxmox-backup-manager remote list
230 proxmox-backup-manager cert info |grep Fingerprint
root@greentarget:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
/dev/mapper/greentarget--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sdk1 during installation
UUID=06fde6d3-f3e4-4d5d-b60a-6d05d6c4242a /boot ext2 defaults 0 2
/dev/mapper/greentarget--vg-home /home ext4 defaults 0 2
/dev/mapper/greentarget--vg-tmp /tmp ext4 defaults 0 2
/dev/mapper/greentarget--vg-var /var ext4 defaults 0 2
/dev/mapper/greentarget--vg-swap_1 none swap sw 0 0
/dev/md0 /backup ext4 defaults 0 2
root@greentarget:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp7s0f0
iface enp7s0f0 inet static
address 10.10.10.41/24
gateway 10.10.10.6
allow-hotplug enp7s0f1
iface enp7s0f1 inet static
address 10.10.21.41/24
root@greentarget:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb https://deb.debian.org/debian-security bullseye-security main contrib
deb-src https://deb.debian.org/debian-security bullseye-security main contrib
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main
# PBS pbs-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
root@greentarget:~# cat /etc/apt/sources.list.d/pbs-enterprise.list
#deb https://enterprise.proxmox.com/debian/pbs bullseye pbs-enterprise
root@greentarget:~# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid6 sdj[9] sdi[8] sdh[7] sdg[6] sdf[5] sde[4] sdd[3] sdc[2] sdb[1] sda[0]
15627059200 blocks super 1.2 level 6, 512k chunk, algorithm 2 [10/10] [UUUUUUUUUU]
bitmap: 0/15 pages [0KB], 65536KB chunk
unused devices:
root@greentarget:~# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Thu Mar 3 20:59:32 2022
Raid Level : raid6
Array Size : 15627059200 (14903.13 GiB 16002.11 GB)
Used Dev Size : 1953382400 (1862.89 GiB 2000.26 GB)
Raid Devices : 10
Total Devices : 10
Persistence : Superblock is persistent
Intent Bitmap : Internal
Update Time : Tue Mar 8 03:02:33 2022
State : clean
Active Devices : 10
Working Devices : 10
Failed Devices : 0
Spare Devices : 0
Layout : left-symmetric
Chunk Size : 512K
Consistency Policy : bitmap
Name : greentarget:0 (local to host greentarget)
UUID : 6e1800c4:cf5b0b78:957d0584:0e824df9
Events : 6660
Number Major Minor RaidDevice State
0 8 0 0 active sync /dev/sda
1 8 16 1 active sync /dev/sdb
2 8 32 2 active sync /dev/sdc
3 8 48 3 active sync /dev/sdd
4 8 64 4 active sync /dev/sde
5 8 80 5 active sync /dev/sdf
6 8 96 6 active sync /dev/sdg
7 8 112 7 active sync /dev/sdh
8 8 128 8 active sync /dev/sdi
9 8 144 9 active sync /dev/sdj