Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- content:serverbasics [2023/12/21 05:34] – [FACL: handle execute-bit with files and directories] Daniel
+++ content:serverbasics [2024/04/20 10:00] – alte Version wiederhergestellt (2024/01/08 18:59) Daniel
@@ Zeile 11: / Zeile 11: @@
 By default openSuSE will set some conservative mountoptions, that are save, but not best choice for homeoffice use and maybe could also improve company servers. Here are some proposals to think about.
-==== Raided EFIBOOT ====
+Basically i would recommend to use UEFI only in Bios and GPT- Partitiontable on at least two Harddrives. The Linux- Root- System AND the EFI- Partitions should be mirrored (raid1) for failsafe and mak it possible to have the system booting from ONE disk (which is not possible with raid5).
-There are some problems when raiding the efi-boot. I would suggest to use:
+The Data (like Home and program data) can have raid5 with 3 or more disks.
+Always use LVM, as this has many benefits. On OpenSuSE btrfs is the best Filesystem if you disable Quotas on datapartitions.
+==== Raided EFI-BOOT ====
+Nowadays, UEFI is always the best choice to boot. UEFI- Boot is quite straight forward: You first take some device, make it gpt- partitioned, create a partition (i would at least take 500 MB today, better 1GB in size), format that partition with FAT32 and mark the partition as efi-boot via the partition flag. Thats all. After some OS installed to that partition in a UEFI- way, the bios can load those files and start the OS.
+Unfortunatelly, the designers of UEFI forgot, that if your not using hardware- raid (which i don't recommend, as your losing the ability to switch harddisks between your hardware), there is no standard way to raid the partition as FAT32 is not suitable for that (way too old filesystem).
+Fortunatelly the designers of OSS software- raid were smarter: They found a way to work around that.
+So I would suggest to use two disks both partioned with gpt and same sized efi-partitions and before creating the FAT32 filesystem do software raid on it. E.g.:
 <code>
@@ Zeile 21: / Zeile 33: @@
 The important part is metadata=1.0 - this format has especially designed to fit the needs of raid1 of fat/efi- systems.
+You than install your Linux to that md- Device. If its not found in the beginning of the installation, scan for raid- devices or just create it while installing.
 ==== LVM ====
@@ Zeile 73: / Zeile 87: @@
 <code>
-# lvs -o+devices
+# lvs -P -a -o +devices
-LV     VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert Devices
+  LV                  VG       Attr       LSize    Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert Devices
-  home   system -wi-ao----  78.63g                                                     /dev/sdb2(8013)
+  lvbackup            vgdata   rwi-a-r---    4.40t                                    100.00           lvbackup_rimage_0(0),lvbackup_rimage_1(0),lvbackup_rimage_2(0)
-  root   system -wi-ao----  97.89g                                                     /dev/sda4(0)
+  [lvbackup_rimage_0] vgdata   iwi-aor---    2.20t                                                     /dev/sde1(377061)
-  shared system -wi-ao---- 786.64g                                                     /dev/sdb2(130893)
+  [lvbackup_rimage_1] vgdata   iwi-aor---    2.20t                                                     /dev/sda1(377061)
+  [lvbackup_rimage_2] vgdata   iwi-aor---    2.20t                                                     /dev/sdd1(377061)
+  [lvbackup_rmeta_0]  vgdata   ewi-aor---    4.00m                                                     /dev/sde1(377060)
+  [lvbackup_rmeta_1]  vgdata   ewi-aor---    4.00m                                                     /dev/sda1(377060)
+  [lvbackup_rmeta_2]  vgdata   ewi-aor---    4.00m                                                     /dev/sdd1(377060)
+  lvdata              vgdata   rwi-aor--- 1007.30g                                    100.00           lvdata_rimage_0(0),lvdata_rimage_1(0),lvdata_rimage_2(0)
+  [lvdata_rimage_0]   vgdata   iwi-aor---  503.65g                                                     /dev/sde1(1)
+  [lvdata_rimage_1]   vgdata   iwi-aor---  503.65g                                                     /dev/sda1(1)
+  [lvdata_rimage_2]   vgdata   iwi-aor---  503.65g                                                     /dev/sdd1(1)
+  [lvdata_rmeta_0]    vgdata   ewi-aor---    4.00m                                                     /dev/sde1(0)
+  [lvdata_rmeta_1]    vgdata   ewi-aor---    4.00m                                                     /dev/sda1(0)
+  [lvdata_rmeta_2]    vgdata   ewi-aor---    4.00m                                                     /dev/sdd1(0)
+  lvdocker            vgdata   rwi-aor---    1.89t                                    100.00           lvdocker_rimage_0(0),lvdocker_rimage_1(0),lvdocker_rimage_2(0)
+  [lvdocker_rimage_0] vgdata   iwi-aor---  969.23g                                                     /dev/sde1(128936)
+  [lvdocker_rimage_1] vgdata   iwi-aor---  969.23g                                                     /dev/sda1(128936)
+  [lvdocker_rimage_2] vgdata   iwi-aor---  969.23g                                                     /dev/sdd1(128936)
+  [lvdocker_rmeta_0]  vgdata   ewi-aor---    4.00m                                                     /dev/sde1(128935)
+  [lvdocker_rmeta_1]  vgdata   ewi-aor---    4.00m                                                     /dev/sda1(128935)
+  [lvdocker_rmeta_2]  vgdata   ewi-aor---    4.00m                                                     /dev/sdd1(128935)
+  lvhome              vgsystem rwi-aor---   94.93g                                    100.00           lvhome_rimage_0(0),lvhome_rimage_1(0)
+  [lvhome_rimage_0]   vgsystem iwi-aor---   94.93g                                                     /dev/sdc2(166910)
+  [lvhome_rimage_1]   vgsystem iwi-aor---   94.93g                                                     /dev/sdb2(166910)
+  [lvhome_rmeta_0]    vgsystem ewi-aor---    4.00m                                                     /dev/sdc2(166909)
+  [lvhome_rmeta_1]    vgsystem ewi-aor---    4.00m                                                     /dev/sdb2(166909)
+  lvroot              vgsystem rwi-aor---   97.52g                                    100.00           lvroot_rimage_0(0),lvroot_rimage_1(0)
+  [lvroot_rimage_0]   vgsystem iwi-aor---   97.52g                                                     /dev/sdc2(1)
+  [lvroot_rimage_1]   vgsystem iwi-aor---   97.52g                                                     /dev/sdb2(1)
+  [lvroot_rmeta_0]    vgsystem ewi-aor---    4.00m                                                     /dev/sdc2(0)
+  [lvroot_rmeta_1]    vgsystem ewi-aor---    4.00m                                                     /dev/sdb2(0)
 </code>
@@ Zeile 348: / Zeile 390: @@
 That means you can only set the defaults per user or per group and only files or directories at once.
 === FACL: use in batch and recursively ===
@@ Zeile 354: / Zeile 395: @@
 FACLs do also have good ways to be used for whole directories, chek out:
-''setfacl'' has a //recursive// option (''-R'') just like ''chmod'':
+''setfacl''  has a //recursive//  option (''-R'') just like ''chmod'':
 -R, –recursive Apply operations to all files and directories recursively. This option cannot be mixed with `–restore'.
@@ Zeile 360: / Zeile 401: @@
 === FACL: handle execute-bit with files and directories ===
-…it also allows for the use of the capital-x ''X'' **permission**, which means: execute only if the file is a directory or already has execute permission for some user (X)
+…it also allows for the use of the capital-x ''X''  **permission**, which means: execute only if the file is a directory or already has execute permission for some user (X)
 so doing the following should work:
@@ Zeile 371: / Zeile 412: @@
 ''setfacl -R -m **d**:u:colleague:rwX .''
 ==== Last words ====