Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
content:serverbasics [2024/04/20 11:33] – [Raided EFI-BOOT] Danielcontent:serverbasics [2025/02/11 07:43] (aktuell) – [Which Usecase] Daniel
Zeile 1: Zeile 1:
-====== Linux: Basic Server Configuration ======+====== Linux: Advanced SoHo- Server Configuration ====== 
 + 
 +Welcome to my **Advanced Server Setup- Documentation**. 
 + 
 +In these chapters, i will explain how to setup and configure a full featured Active Domain- Network with Kerberos Single-Sign-On and Domain Integration of Linux Clients on a rootless containerized Docker- Installation including Nextcloud as personal Cloud to store all your Data and PIM locally and safe. That way you get a fully managed, Cloud enabled Homeoffice Network at low costs and much space for your personal data on your own pc. 
 + 
 + 
 +===== Current State ===== 
 + 
 +This Document is currently under developement and chapters are not final right now. This will change in the Future. 
 + 
 +===== Usecase ===== 
 + 
 +This is not a slim Setup - so if you only have old hardware or you are trying to figure out on yoru small office-pc, this may not work as well as you need it. 
 + 
 +You should have at least 
 + 
 +  * Large Harddrives: If you have maybe 1.5 TB of Data all togehter, you will need: 
 +      * 3 TB of space on your working directory / raid5 = 3 Harddrives, each 1 TB at least 
 +      * 6 TB of space on your backup / raid5 = 3 Harddrives, each 2 TB at least 
 +      * about maybe 100GB for the system / raid1 = 2 Harddrives 
 +      * about maybe 100GB for the databases / raid1 = 2 Harddrives 
 +      * maybe two extra drives for external backups, each 6 TB (you can also store that in the internet, but you will need a large space there too) 
 +  * A Server, that has relyable, quite fast internet in Download and Upload rates - while Upload may be more Importen 
 +  * The Server should be reachable all the time 
 + 
 + 
 +===== How to Start ===== 
 + 
 +First, read this Page, get the Hardware and install the system. You should understand the Hardwaresetup and the installation of Linux and Raid- Systems first (as decribend beneath). 
 + 
 +Then, go on whith [[.:serverbasics:network-dyndns|DynDNS- Setup]] to make your PC reachable from the net. 
 + 
 +Next, setup docker as decribed in the Chapter. When you have portainer running, you can go like this: 
 + 
 +  - Nextcloud-AIO 
 +  - FreeIPA 
 +  - Authentik 
 + 
 +Then glue them together with SSO, SPNEGO and Nextcloud-SSO. Then you should have understood everything, you can now play around on your own.
  
-These setting here are an advice to think about when setting up a new linux- machine (here on an opensuse distrubution, which i really like). 
  
 ===== Subpages ===== ===== Subpages =====
  
 <catlist content:serverbasics -nohead -noNSInBold -sortAscending -sortByTitle -noAddPageButton -maxDepth:1> <catlist content:serverbasics -nohead -noNSInBold -sortAscending -sortByTitle -noAddPageButton -maxDepth:1>
 +
 +===== Basic System =====
 +
 +As Hardware, you should have at least:
 +
 +  * a single standard Desktop- PC with 4 or more Cores
 +  * equipped with at least 16 GB of RAM and
 +  * for failure of Discs a swappable mounting Rack to contain at least 5 Discs (should not have Raid as Hardware, as Software Raid in Linux is much more efficient!)
 +  * Additional at least one external Disk, you may use to copy your Backups to and store them on a different physikal location
  
 ===== Mountpoints ===== ===== Mountpoints =====
Zeile 42: Zeile 89:
 ==== Raided EFI-BOOT ==== ==== Raided EFI-BOOT ====
  
-Nowadays, UEFI is always the best choice to boot. UEFI- Boot is quite straight forward: You first take some device, make it gpt- partitioned, create a partition (i would at least take 500 MB today, better 1GB in size), format that partition with FAT32 and mark the partition as efi-boot via the partition flag. Thats all. After some OS installed to that partition in a UEFI- way, the bios can load those files and start the OS.+Nowadays, UEFI is always the best choice to boot. UEFI- Boot is quite straight forward: You first take some device, make it gpt- partitioned, create a partition (i would at least take 500 MB today, better 1GB in size), format that partition with FAT32 and mark the partition as efi-boot via the partition flag. Thats usually all for a small office system. After some OS installed to that partition in a UEFI- way, the bios can load those files and start the OS.
  
-Unfortunatelly, the designers of UEFI forgot, that if your not using hardware- raid (which i don't recommend, as your losing the ability to switch harddisks between your hardware), there is no standard way to raid the partition as FAT32 is not suitable for that while it would overwrite the parts in the partition, that are needed by MD Raid1 to store its metadata.+But: Unfortunatelly, the designers of UEFI forgot, that if your not using hardware- raid (which i don't recommend, as your losing the ability to switch harddisks between your hardware), there is no standard way to raid the partition as FAT32 is not suitable for that while it would overwrite the parts in the partition, that are needed by MD Raid1 to store its metadata.
  
 Fortunatelly the designers of OSS software- raid were smarter: They found a way to work around that: They made a special Version of MD Metadata called V1.0 which will store its Metadata at the end of the partition - so it will not interfere with FAT32. For FAT32 it can work as usual and for MD-Tools it will be able to detect the devices as Raid1. Fortunatelly the designers of OSS software- raid were smarter: They found a way to work around that: They made a special Version of MD Metadata called V1.0 which will store its Metadata at the end of the partition - so it will not interfere with FAT32. For FAT32 it can work as usual and for MD-Tools it will be able to detect the devices as Raid1.
Zeile 61: Zeile 108:
 You than install your Linux Bootmanager / EFIBOOT to that md- Device. If its not found in the beginning of the installation, scan for raid- devices or just create it while installing with the line above. You than install your Linux Bootmanager / EFIBOOT to that md- Device. If its not found in the beginning of the installation, scan for raid- devices or just create it while installing with the line above.
  
 +=== Recover faulty Disc ===
 +
 +If some Raid- Disc becomes faulty, it will show up like this (its for raid5, but raid1 will look alkie):
 +
 +<code>
 +obel1x:~ # mdadm -D /dev/md126
 +/dev/md126:
 +          Version : 1.0
 +    Creation Time : Fri Apr 10 11:44:19 2020
 +       Raid Level : raid5
 +       Array Size : 1460286976 (1392.64 GiB 1495.33 GB)
 +    Used Dev Size : 730143488 (696.32 GiB 747.67 GB)
 +     Raid Devices : 3
 +    Total Devices : 2
 +      Persistence : Superblock is persistent
 +
 +    Intent Bitmap : Internal
 +
 +      Update Time : Sat Oct 26 14:26:37 2024
 +            State : clean, degraded
 +   Active Devices : 2
 +  Working Devices : 2
 +   Failed Devices : 0
 +    Spare Devices : 0
 +
 +           Layout : left-symmetric
 +       Chunk Size : 128K
 +
 +Consistency Policy : bitmap
 +
 +             Name : any:slowstorage
 +             UUID : 6542dc7c:a8f93b36:15f90ca1:54d03417
 +           Events : 285411
 +
 +   Number   Major   Minor   RaidDevice State
 +      0              5        0      active sync   /dev/sda5
 +      1             21        1      active sync   /dev/sdb5
 +      -              0        2      removed
 +
 +</code>
 +
 +Maybe instead of removed you can see some entry like faulty instead of removed - this is, when the array had just failed.
 +
 +To add a new device, you need an empty partiotion with at least the expected size (here 696 GB would be enough):
 +
 +<code>
 +obel1x:~ # fdisk -l /dev/sdc
 +Disk /dev/sdc: 698.64 GiB, 750156374016 bytes, 1465149168 sectors
 +Disk model: WDC WD7500AAVS-0
 +Units: sectors of 1 * 512 = 512 bytes
 +Sector size (logical/physical): 512 bytes / 512 bytes
 +I/O size (minimum/optimal): 512 bytes / 512 bytes
 +Disklabel type: gpt
 +Disk identifier: 699DC7F4-D344-4447-8C5B-1F98E017A12B
 +
 +Device     Start        End    Sectors   Size Type
 +/dev/sdc1   2048 1465149134 1465147087 698.6G Linux RAID
 +
 +</code>
 +
 +That Partition should have the Type Linx Raid. If you don't have that, create it with partition- tool of kde or what you want.
 +
 +Now you can simply add the device to the raid and it will begin to work:
 +
 +<code>
 +obel1x:~ # mdadm /dev/md126 --add /dev/sdc1
 +mdadm: re-added /dev/sdc1
 +
 +obel1x:~ # mdadm -D /dev/md126
 +/dev/md126:
 +          Version : 1.0
 +    Creation Time : Fri Apr 10 11:44:19 2020
 +       Raid Level : raid5
 +       Array Size : 1460286976 (1392.64 GiB 1495.33 GB)
 +    Used Dev Size : 730143488 (696.32 GiB 747.67 GB)
 +     Raid Devices : 3
 +    Total Devices : 3
 +      Persistence : Superblock is persistent
 +
 +    Intent Bitmap : Internal
 +
 +      Update Time : Sat Oct 26 14:34:57 2024
 +            State : clean, degraded, recovering
 +   Active Devices : 2
 +  Working Devices : 3
 +   Failed Devices : 0
 +    Spare Devices : 1
 +
 +           Layout : left-symmetric
 +       Chunk Size : 128K
 +
 +Consistency Policy : bitmap
 +
 +   Rebuild Status : 1% complete
 +
 +             Name : any:slowstorage
 +             UUID : 6542dc7c:a8f93b36:15f90ca1:54d03417
 +           Events : 285497
 +
 +   Number   Major   Minor   RaidDevice State
 +      0              5        0      active sync   /dev/sda5
 +      1             21        1      active sync   /dev/sdb5
 +      3             33        2      spare rebuilding   /dev/sdc1
 +
 +</code>
  
 ==== LVM ==== ==== LVM ====
Zeile 170: Zeile 322:
 ==== Filesystem ==== ==== Filesystem ====
  
-Brtfs is the way to go everywhere. There are some disadvanteges while it is still in developement and sometime a bit oversized for homeoffice, but no other filesystem is that good in general usage. Only use other Filesystems, if there are reasons for - e.g. when exchanging files with another windows on that pc.+Brtfs is the way to go everywhere where you need big data and flexibility. There are some disadvanteges while it is still in developement and sometimes it is a bit oversized for homeoffice, but no other filesystem is that good in general usage. Only use other Filesystems, if there are reasons for - e.g. when exchanging files with another windows on that pc
 + 
 +And there is one Reason: Docker - at the current time of writing this (20.04.2024) you should NOT USE BTRFS with Docker. More is explained later.
  
 ==== Mountoptions ==== ==== Mountoptions ====
Zeile 301: Zeile 455:
 By default the umask is 0002 or 0022. Those values are substracted from 0777, which would mean full access for everyone. You can check out the docs in the net how they work. I won't explain here, cause there is a big problem with umask: The value can only be changed on process level or user or systemwide. This means you cannot set them per directory - which would be intentional to the user. By default the umask is 0002 or 0022. Those values are substracted from 0777, which would mean full access for everyone. You can check out the docs in the net how they work. I won't explain here, cause there is a big problem with umask: The value can only be changed on process level or user or systemwide. This means you cannot set them per directory - which would be intentional to the user.
  
-So forget about umask.+So you should maybe think of setting a better umask than 022 - which would make all users of you group have read access to you files to lets say 077. Or - even better don't use the group "users", but make a group with the same name as the user per User itself. Than you can have umask 007. 
 + 
 +On my system the umask can be defined in the file ''/etc/login.defs'' 
 + 
 +But to go on directory- permissions: forget about umask.
  
 ==== FACLs ==== ==== FACLs ====
  • content/serverbasics.1713612784.txt.gz
  • Zuletzt geändert: 2024/04/20 11:33
  • von Daniel