Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
freifunk:server:web [2020-10-02 18:53] – [Dienste] kwasir | freifunk:server:web [2021-02-11 19:00] (aktuell) – [Dienste] kwasir | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Administration web====== | ||
+ | Alles die Administration von [[freifunk: | ||
+ | Es ist das Paket [[http:// | ||
+ | |||
+ | sudo etckeeper commit | ||
+ | |||
+ | und kurz eine Commit Message eingeben. Das Repository ist ausschließlich lokal vorhanden und wird nicht nach draußen gepusht! | ||
+ | |||
+ | ===== Administratoren ===== | ||
+ | (aka Nutzer mit sudo Rechten) | ||
+ | * [[user: | ||
+ | * nold | ||
+ | * kwasir | ||
+ | |||
+ | ===== Setup ===== | ||
+ | |||
+ | ==== Netzwerk ==== | ||
+ | |||
+ | === Docker-Netzwerk doc0 === | ||
+ | |||
+ | docker network create --driver=bridge --ipv6 --subnet=fda9: | ||
+ | |||
+ | |||
+ | ===== Installierte Dienste ===== | ||
+ | * Docker | ||
+ | * Grafana | ||
+ | * Prometheus | ||
+ | * MariaDB Backend Wordpress | ||
+ | * Wordpress | ||
+ | * InfluxDB | ||
+ | * Yanic | ||
+ | * DNS | ||
+ | * Node Exporter | ||
+ | * Meshviewer Server | ||
+ | ===== Dienste ===== | ||
+ | ==== Dienste ==== | ||
+ | |||
+ | |||
+ | ^Query Location | ||
+ | |http:// | ||
+ | |http:// | ||
+ | ==== Yanic Konfiguration ==== | ||
+ | Yanic dient der erfassung der Nodes im Batman und Babel Netz | ||
+ | Auf jeden Gateways läuft eine Yanic Instanz die Ihre information zur WEB schickt | ||
+ | Hier läuft der zentrale Yanic Service der die Daten für den meshviewer bereitstellt. | ||
+ | {{ : | ||
+ | |||
+ | Der Zentrale Yanic legt seine Daten einmal as JSON für den Meshviewer ab und zusätzich in einer influxDB | ||
+ | ==== Docker Compose 4 all Service ==== | ||
+ | |||
+ | Compose File um alle Services für Freifunk zu starten. | ||
+ | * ListenpunktGrafana | ||
+ | * Prometheus | ||
+ | * InfluxDB | ||
+ | * Yanic | ||
+ | * Meshviewer Server | ||
+ | |||
+ | |||
+ | Location /opt/ | ||
+ | |||
+ | File docker-compose.yaml | ||
+ | |||
+ | Config File unter /opt/... | ||
+ | |||
+ | < | ||
+ | version: ' | ||
+ | |||
+ | volumes: | ||
+ | prometheus-storage: | ||
+ | external: true | ||
+ | grafana-storage: | ||
+ | external: true | ||
+ | networks: | ||
+ | front-tier: | ||
+ | back-tier: | ||
+ | |||
+ | services: | ||
+ | |||
+ | prometheus: | ||
+ | image: prom/ | ||
+ | container_name: | ||
+ | volumes: | ||
+ | - / | ||
+ | - prometheus-storage:/ | ||
+ | ports: | ||
+ | - 9090:9090 | ||
+ | restart: unless-stopped | ||
+ | networks: | ||
+ | - back-tier | ||
+ | |||
+ | grafana: | ||
+ | image: grafana/ | ||
+ | container_name: | ||
+ | depends_on: | ||
+ | - prometheus | ||
+ | - influxdb | ||
+ | ports: | ||
+ | - 3000:3000 | ||
+ | environment: | ||
+ | - GF_INSTALL_PLUGINS: | ||
+ | volumes: | ||
+ | - grafana-storage:/ | ||
+ | - / | ||
+ | restart: unless-stopped | ||
+ | networks: | ||
+ | - front-tier | ||
+ | - back-tier | ||
+ | |||
+ | yanic: | ||
+ | image: ffmd/ | ||
+ | depends_on: | ||
+ | - influxdb | ||
+ | network_mode: | ||
+ | restart: unless-stopped | ||
+ | container_name: | ||
+ | volumes: | ||
+ | - / | ||
+ | |||
+ | meshviewer: | ||
+ | image: ffmd/ | ||
+ | container_name: | ||
+ | restart: unless-stopped | ||
+ | depends_on: | ||
+ | - yanic | ||
+ | ports: | ||
+ | - 8010:80 | ||
+ | environment: | ||
+ | MeshviewerRepo: | ||
+ | LoopHookCMD: | ||
+ | networks: | ||
+ | - back-tier | ||
+ | - front-tier | ||
+ | influxdb: | ||
+ | | ||
+ | INFLUXDB_ADMIN_USER: | ||
+ | INFLUXDB_ADMIN_PASSWORD: | ||
+ | INFLUXDB_USER: | ||
+ | INFLUXDB_USER_PASSWORD: | ||
+ | INFLUXDB_DB: | ||
+ | INFLUXDB_READ_USER: | ||
+ | INFLUXDB_READ_USER_PASSWORD: | ||
+ | | ||
+ | | ||
+ | | ||
+ | - / | ||
+ | - / | ||
+ | | ||
+ | | ||
+ | - back-tier | ||
+ | - front-tier | ||
+ | | ||
+ | - " | ||
+ | </ | ||
+ | |||
+ | ==== Meshviewer ==== | ||
+ | |||
+ | < | ||
+ | siehe Compose | ||
+ | </ | ||
+ | ==== Grafana ==== | ||
+ | === Install === | ||
+ | | ||
+ | | ||
+ | |||
+ | === RUN === | ||
+ | Siehe compose | ||
+ | |||
+ | ==== Prometheus ==== | ||
+ | === Install === | ||
+ | | ||
+ | | ||
+ | === Config === | ||
+ | |||
+ | === Start === | ||
+ | Sieh Compose | ||
+ | ==== DNS ==== | ||
+ | |||
+ | Der DNS verwaltet die Zone ffmd., für das Docker-Netz. Es ist außerdem eine Weiterleitung auf ns1.netz39.de eingerichtet, | ||
+ | |||
+ | Setup des Docker-Containers: | ||
+ | |||
+ | docker run -d --restart always --ip6 fda9: | ||
+ | |||
+ | * Das Image wird auf Docker Hub verwaltet: [[https:// | ||
+ | * Docker-Image auf Github: [[https:// | ||
+ | * Konfiguration auf Github: [[https:// | ||
+ | |||
+ | Test-Aufruf: | ||
+ | |||
+ | dig @fda9: | ||
+ | | ||
+ | Diese Firewall-Konfiguration mit ip6tables sorgt dafür, dass Aufrufe an fda9: | ||
+ | |||
+ | ip6tables -t nat -A PREROUTING | ||
+ | ip6tables -t nat -A OUTPUT -d fda9: | ||
+ | ip6tables -A ufw6-before-forward -p udp --dport 53 -d fda9: | ||
+ | ip6tables -A ufw6-before-forward -p tcp --dport 53 -d fda9: | ||
+ | |||
+ | Anschließend funktioniert folgender Test-Aufruf: | ||
+ | |||
+ | dig @fda9: | ||
+ | |||
+ | Für die Auflösung der Unicast-Adresse müssen Routen angelegt werden, z.B.: | ||
+ | ip -6 r a fda9: | ||
+ | | ||
+ | Bearbeitet in [[https:// | ||
+ | ==== Node Exporter ==== | ||
+ | === Install === | ||
+ | |||
+ | curl -s https:// | ||
+ | | grep browser_download_url \ | ||
+ | | grep linux-amd64 \ | ||
+ | | cut -d '"' | ||
+ | | wget -qi - | ||
+ | tar xzf node_exporter-0.18.1.linux-amd64.tar.gz | ||
+ | cd node_exporter-0.18.1.linux-amd64/ | ||
+ | sudo cp node_exporter / | ||
+ | === Config === | ||
+ | |||
+ | sudo nano / | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | --collector.cpu \ | ||
+ | --collector.diskstats \ | ||
+ | --collector.filesystem \ | ||
+ | --collector.loadavg \ | ||
+ | --collector.meminfo \ | ||
+ | --collector.filefd \ | ||
+ | --collector.netdev \ | ||
+ | --collector.stat \ | ||
+ | --collector.netstat \ | ||
+ | --collector.systemd \ | ||
+ | --collector.uname \ | ||
+ | --collector.vmstat \ | ||
+ | --collector.time \ | ||
+ | --collector.mdadm \ | ||
+ | --collector.zfs \ | ||
+ | --collector.tcpstat \ | ||
+ | --collector.bonding \ | ||
+ | --collector.hwmon \ | ||
+ | --collector.arp \ | ||
+ | --web.listen-address=: | ||
+ | --web.telemetry-path="/ | ||
+ | | ||
+ | | ||
+ | |||
+ | === Engage === | ||
+ | sudo systemctl daemon-reload | ||
+ | sudo systemctl enable node_exporter.service | ||
+ | sudo systemctl start node_exporter.service | ||
+ | |||
+ | ==== Wordpress md.freifunk.net ==== | ||
+ | |||
+ | tbd | ||
+ | |||
+ | Docker-Container: | ||
+ | * ffmd_wordpress | ||
+ | * ffmd_mariadb | ||
+ | === Migration === | ||
+ | |||
+ | == Backup Config == | ||
+ | Archiv vom gesamten WP Content | ||
+ | < | ||
+ | tar -czf / | ||
+ | </ | ||
+ | Datenbank dump | ||
+ | < | ||
+ | mysqldump --databases website -u website -p > / | ||
+ | </ | ||
+ | |||
+ | Übertragen der Daten auf den neuen Sever | ||
+ | => | ||
+ | Wordpress SQL Dump in das Verzeichnis initdb.d | ||
+ | < | ||
+ | mkdir -pv / | ||
+ | cd / | ||
+ | </ | ||
+ | |||
+ | Wordpress Content in das Verzeichnis srv entpacken | ||
+ | < | ||
+ | mkdir -pv / | ||
+ | |||
+ | </ | ||
+ | |||
+ | Docker-compose in ''/ | ||
+ | |||
+ | === docker_compose.yaml === | ||
+ | < | ||
+ | version: ' | ||
+ | |||
+ | networks: | ||
+ | frontend: | ||
+ | backend: | ||
+ | |||
+ | services: | ||
+ | wordpress_db: | ||
+ | image: mariadb: | ||
+ | container_name: | ||
+ | volumes: | ||
+ | - ./ | ||
+ | - ./ | ||
+ | restart: unless-stopped | ||
+ | networks: | ||
+ | - backend | ||
+ | environment: | ||
+ | MYSQL_ROOT_PASSWORD: | ||
+ | MYSQL_DATABASE: | ||
+ | MYSQL_USER: **user** | ||
+ | MYSQL_PASSWORD: | ||
+ | wordpress: | ||
+ | depends_on: | ||
+ | - wordpress_db | ||
+ | image: wordpress: | ||
+ | restart: unless-stopped | ||
+ | container_name: | ||
+ | networks: | ||
+ | - backend | ||
+ | - frontend | ||
+ | ports: | ||
+ | - " | ||
+ | environment: | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | links: | ||
+ | - wordpress_db: | ||
+ | volumes: | ||
+ | - ./ | ||
+ | </ | ||
+ | |||
+ | starten der | ||
+ | < | ||
+ | docker-compose up -d | ||
+ | </ | ||
+ | |||
+ | Apache / Ngingx Config erstellen | ||
+ | ---- | ||
+ | apache config | ||
+ | < | ||
+ | VirtualHost *:80> | ||
+ | ServerAdmin kontakt@md.freifunk.net | ||
+ | ServerName web.md.freifunk.net | ||
+ | ServerAlias web.md.freifunk.net | ||
+ | ErrorLog / | ||
+ | CustomLog / | ||
+ | |||
+ | Redirect / https:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | ServerAdmin kontakt@md.freifunk.net | ||
+ | ServerName web.md.freifunk.net | ||
+ | ServerAlias web.md.freifunk.net | ||
+ | ErrorLog / | ||
+ | CustomLog / | ||
+ | |||
+ | SSLEngine on | ||
+ | SetEnvIf User-Agent " | ||
+ | SSLCertificateFile ** | ||
+ | SSLCertificateKeyFile ** | ||
+ | SSLCertificateChainFile ** | ||
+ | |||
+ | |||
+ | Redirect / https:// | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | ===== Changelog ===== | ||
+ | * bind-ffmd als Ipv6-Docker-Container aufgesetzt, siehe [[https:// | ||
+ | * Update auf Debian 10.4 --- // | ||
+ | * md.freifunk.net wird jetzt vom Wordpress-Container auf diesem Host ausgeliefert | ||
+ | * Updaze auf Debian 10.8 ---// |