Table des matières
Ceci est une ancienne révision du document !
Serveur de backup Proxmox
Un système Debian accompagné de proxmox backup server a été installé sur la machine greentarget (10.10.10.41).
Accès
La machine est accessible en SSH. Exemple de configuration :
Host greentarget.faimaison.net greentarget # dilettante.faimaison.net ou fresk.faimaison.net, camber.faimaison.net ProxyJump dilettante.faimaison.net Hostname 10.10.10.41
Le service pbs écoute sur https://10.10.10.41:8007/ ; il faut utiliser une redirection SSH ou un proxy SOCKS. Exemple de forward de port SSH :
shannon ~$ ssh -L 8007:10.10.10.41:8007 dilettante.faimaison.net
Le service PBS sera accessible sur https://127.0.0.1:8007/
Comptes SSH configurés :
- tonio
- jca
- gilou
Stockage
Système
2 disques /dev/sd[ab]
de 200GB en RAID 1, grub installé sur les deux disques.
Disques partitionnés.
Volumes RAID :
/dev/md1
(/dev/sda1
et/dev/sdb1
, 1GB) ext2 monté sur /boot/dev/md2
(/dev/sda3
et/dev/sdb3
, 171GB) ext4 monté sur /
Stockage
10 disques de 2TB en RAID 6
Disques non partitionnés
Volume RAID :
/dev/md0
(/dev/sd[cdefghijkl]
, 14,55 TB) chiffré avec LUKS
Chiffrement
Volume LUKS à déchiffrer au redémarrage de la machine. Mot de passe stocké dans keyringer (déôt git adminsys).
shannon ~$ cat .keyringer/config fma-machines='/home/jca/fma/adminsys.git/passwords/machines' shannon ~$ keyringer fma-machines pass noyau/greentarget.faimaison.net/luks-backups-volume # <mot de passe> shannon ~$ ssh greentarget jca@greentarget:~$ sudo cryptsetup luksOpen /dev/md0 vg_backups_pv1 # <déchiffrement> jca@greentarget:~$ sudo mount /backups/pbs jca@greentarget:~$
Dump de conf de Tonio
/etc/network/interfaces /etc/apt/sources.list vi /etc/apt/sources.list.d/pbs-enterprise.list 105 apt-get install proxmox-backup-server 112 proxmox-backup-manager user list 113 proxmox-backup-manager user create tonio@pam 114 proxmox-backup-manager user list 116 vi /etc/proxmox-backup/acl.cfg 117 proxmox-backup-manager acl list 118 proxmox-backup-manager acl update / Admin --auth-id tonio@pam* 119 proxmox-backup-manager acl update / Admin --auth-id tonio@pam 188 mdadm --create --verbose /dev/md0 --level=6 --raid-devices=10 /dev/sd{a,b,c,d,e,f,g,h,i,j} 190 cat /proc/mdstat 191 mdadm --detail /dev/md0 219 proxmox-backup-manager disk list 220 proxmox-backup-manager disk fs create store1 --disk md0 --filesystem ext4 --add-datastore true 222 mkdir /backup 223 mkfs.ext4 /dev/md0 224 mount /dev/md0 /backup/ 225 df 226 proxmox-backup-manager datastore create greentargetds /backup 227 pvesm add pbs greentargetds --server 10.10.21.24 --datastore greentargetds 229 proxmox-backup-manager remote list 230 proxmox-backup-manager cert info |grep Fingerprint root@greentarget:~# cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/greentarget--vg-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/sdk1 during installation UUID=06fde6d3-f3e4-4d5d-b60a-6d05d6c4242a /boot ext2 defaults 0 2 /dev/mapper/greentarget--vg-home /home ext4 defaults 0 2 /dev/mapper/greentarget--vg-tmp /tmp ext4 defaults 0 2 /dev/mapper/greentarget--vg-var /var ext4 defaults 0 2 /dev/mapper/greentarget--vg-swap_1 none swap sw 0 0 /dev/md0 /backup ext4 defaults 0 2 root@greentarget:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug enp7s0f0 iface enp7s0f0 inet static address 10.10.10.41/24 gateway 10.10.10.6 allow-hotplug enp7s0f1 iface enp7s0f1 inet static address 10.10.21.41/24 root@greentarget:~# cat /etc/apt/sources.list deb http://deb.debian.org/debian bullseye main deb-src http://deb.debian.org/debian bullseye main deb https://deb.debian.org/debian-security bullseye-security main contrib deb-src https://deb.debian.org/debian-security bullseye-security main contrib deb http://deb.debian.org/debian bullseye-updates main deb-src http://deb.debian.org/debian bullseye-updates main # PBS pbs-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription root@greentarget:~# cat /etc/apt/sources.list.d/pbs-enterprise.list #deb https://enterprise.proxmox.com/debian/pbs bullseye pbs-enterprise root@greentarget:~# cat /proc/mdstat Personalities : [raid6] [raid5] [raid4] md0 : active raid6 sdj[9] sdi[8] sdh[7] sdg[6] sdf[5] sde[4] sdd[3] sdc[2] sdb[1] sda[0] 15627059200 blocks super 1.2 level 6, 512k chunk, algorithm 2 [10/10] [UUUUUUUUUU] bitmap: 0/15 pages [0KB], 65536KB chunk unused devices: <none> root@greentarget:~# mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Thu Mar 3 20:59:32 2022 Raid Level : raid6 Array Size : 15627059200 (14903.13 GiB 16002.11 GB) Used Dev Size : 1953382400 (1862.89 GiB 2000.26 GB) Raid Devices : 10 Total Devices : 10 Persistence : Superblock is persistent Intent Bitmap : Internal Update Time : Tue Mar 8 03:02:33 2022 State : clean Active Devices : 10 Working Devices : 10 Failed Devices : 0 Spare Devices : 0 Layout : left-symmetric Chunk Size : 512K Consistency Policy : bitmap Name : greentarget:0 (local to host greentarget) UUID : 6e1800c4:cf5b0b78:957d0584:0e824df9 Events : 6660 Number Major Minor RaidDevice State 0 8 0 0 active sync /dev/sda 1 8 16 1 active sync /dev/sdb 2 8 32 2 active sync /dev/sdc 3 8 48 3 active sync /dev/sdd 4 8 64 4 active sync /dev/sde 5 8 80 5 active sync /dev/sdf 6 8 96 6 active sync /dev/sdg 7 8 112 7 active sync /dev/sdh 8 8 128 8 active sync /dev/sdi 9 8 144 9 active sync /dev/sdj