This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
User:StefanLangenmaier/Poor man's Cluster/Host: Difference between revisions
m (A3li moved page User:Cornflakes/Poor man's Cluster/Host to User:StefanLangenmaier/Poor man's Cluster/Host: Automatically moved page while renaming the user "Cornflakes" to "StefanLangenmaier") |
No edit summary |
||
| Line 12: | Line 12: | ||
* sshd | * sshd | ||
* dmcrypt | * dmcrypt | ||
=== [[Kexec]] === | |||
With btrfs we can already do root filesystem snapshots which can be used to roll back any updates to the system. There is one missing point - the active kernel. To have a safe way to try a kernel update and to roll back in case of error we're going to use kexec. | |||
With kexec we can load a kernel that will replace the current kernel without doing a full hardware reboot. The running system will restart but only to start with the selected kernel. This way we can test any kernel and in case of a problem we do a hardware reboot and the known working kernel will loaded as usual. | |||
You can find example of how to work with kexec on the [[Kdump]] page, as of kernel 4.3 I had problems specifying the command line. (If the command line was specified the new kernel hung on the restart.) My workaround is to compile the whole command line directly into the kernel. This way the execution is as simple as the following to try out safely a new kernel: | |||
<pre> | |||
$ mount /boot | |||
$ kexec -l /boot/zImage-with-cmdline-builtin | |||
$ umount /boot | |||
$ kexec -e | |||
</pre> | |||
=== [[Dm-crypt]] === | === [[Dm-crypt]] === | ||
Revision as of 03:05, 8 December 2015
Host
As a host Gentoo with the following features will be used:
- lxc/docker
- btrfs
- kexec
- dd-client (dyndns)
- ntp-client
- iptables
- libvirtd
- sshd
- dmcrypt
Kexec
With btrfs we can already do root filesystem snapshots which can be used to roll back any updates to the system. There is one missing point - the active kernel. To have a safe way to try a kernel update and to roll back in case of error we're going to use kexec.
With kexec we can load a kernel that will replace the current kernel without doing a full hardware reboot. The running system will restart but only to start with the selected kernel. This way we can test any kernel and in case of a problem we do a hardware reboot and the known working kernel will loaded as usual.
You can find example of how to work with kexec on the Kdump page, as of kernel 4.3 I had problems specifying the command line. (If the command line was specified the new kernel hung on the restart.) My workaround is to compile the whole command line directly into the kernel. This way the execution is as simple as the following to try out safely a new kernel:
$ mount /boot $ kexec -l /boot/zImage-with-cmdline-builtin $ umount /boot $ kexec -e
Dm-crypt
SSHD
Only certificate based login
iptables
libvirtd creates the nat network for the containers. To forward an external port to lxc container behind a nat network.
#once for each port that should be forwarded iptables -I FORWARD -d 192.168.122.71/32 -p tcp -m state --state NEW -m tcp --dport 9091 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9091 -j DNAT --to 192.168.122.71:9091