centos 7 cluster
martedì, 29 Agosto 2017
Procedura di setup Centos 7:
yum install epel-release.noarch yum install net-tools yum install psmisc yum install httpd yum install perl yum install perl-Digest-MD5 rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm yum install -y kmod-drbd84 drbd84-utils crm_verify -L -V /bin/systemctl start pacemaker.service crmadmin configure property stonith-enabled=false service corosync restart service pacemaker restart yum install nmap yum install open-vm-tools service vmtoolsd start systemctl enable vmtoolsd yum install acpid yum install unzip yum install mod_ssl.x86_64
Configurazione cluster unicast:
logging { fileline: off to_logfile: yes logfile: /var/log/cluster/corosync.log to_stderr: no debug: off timestamp: on to_syslog: yes logger_subsys { subsys: QUORUM debug: off } } totem { version: 2 token: 3000 secauth: on rrp_mode: active interface { member { memberaddr: 172.31.252.41 } member { memberaddr: 172.31.252.42 } ringnumber: 0 bindnetaddr: 172.31.252.0 mcastport: 694 ttl: 1 } transport: udpu } quorum { provider: corosync_votequorum expected_votes: 2 } </code> Configurazione Apache come reverse proxy: <code> <VirtualHost *:80> ServerName webmail.xxxx.it Redirect / https://webmail.xxxx.it/ # ProxyRequests Off # <Proxy *> # Order deny,allow # Allow from all # </Proxy> # ProxyPass / http://XX.XX.XX.XX/ # ProxyPassReverse / http://XX.XX.XX.XX/ </VirtualHost> <VirtualHost *:443> ServerName webmail.xxxx.it RewriteEngine on ProxyPass / http://XX.XX.XX.XX/ retry=0 ttl=120 timeout=120 ProxyPassReverse / http://XX.XX.XX.XX/ <IfModule mod_ssl.c> SSLEngine On SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" #SSLSessionCache shmcb:/run/httpd/sslcache(512000) #SSLSessionCacheTimeout 300 #128bit #SSLProtocol ALL -SSLv2 #SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS # 40 bit #SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!SSLv2:!LOW SSLCertificateFile /etc/httpd/ssl/2017/STAR_xxxx_it.crt SSLCertificateChainFile /etc/httpd/ssl/2017/COMODORSADomainValidationSecureServerCA.crt SSLCertificateKeyFile /etc/httpd/ssl/2017/xxxx.it.key ErrorDocument 403 http://www.xxxx.it/ ErrorDocument 404 http://www.xxxx.it/ </IfModule> ProxyRequests on ProxyVia on AddOutputFilterByType SUBSTITUTE text/html </VirtualHost>
Configurazione di sicurezza vari servizi:
https://cipherli.st/
- Pubblicato il Cluster, Sistemistica, Tips & Tricks
Non ci sono commenti