海运的博客

pve减少对ssd硬盘的写入量

发布时间:July 28, 2022 // 分类: // No Comments

禁用pve-ha-crm和pve-ha-lrm服务:

systemctl stop pve-ha-lrm.service pve-ha-crm.service
systemctl disable pve-ha-lrm.service pve-ha-crm.service

修改/etc/default/rrdcached:

#添加
WRITE_TIMEOUT=3600
FLUSH_TIMEOUT=7200
#注释此行
##JOURNAL_PATH=/var/lib/rrdcached/journal/

修改/etc/init.d/rrdcached变量RRDCACHED_OPTIONS处添加:

${FLUSH_TIMEOUT:+-f ${FLUSH_TIMEOUT}} \

重启rrdcached:

systemctl daemon-reload 
systemctl restart rrdcached.service 

https://forum.proxmox.com/threads/reducing-rrdcached-writes.64473/
https://pastebin.com/437dN33v
https://forum.proxmox.com/threads/pmxcfs-writing-to-disk-all-the-time.35828/

PVE/postfix配置smtp发送邮件

发布时间:December 9, 2021 // 分类: // No Comments

安装认证模块:

apt install libsasl2-modules
#如需pcre匹配安装
#apt install postfix-pcre

修改/etc/postfix/main.cf添加:

myhostname=pve.lan
#配置文件内有relayhost要先注释,465端口是SMTPS,587端口是STARTTLS
relayhost = smtp.qq.com:465

#此参数被smtp_tls_security_level取代
#smtp_use_tls = yes
#使用SMTPS非STARTTLS加密方式
smtp_tls_wrappermode = yes
#加密级别
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

#本地用户替换为smtp认证用户,smtp_generic_maps和sender_canonical_maps都可以
smtp_generic_maps = hash:/etc/postfix/generic
#sender_canonical_maps = hash:/etc/postfix/sender_canonical
#使用pcre匹配本机用户
#sender_canonical_maps = pcre:/etc/postfix/sender_pcre_canonical
#header检查并替换发送者名称
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks

sender_canonical或generic映射本机用户到smtp账号:

cat /etc/postfix/generic
#本机所有用户,注意pve.lan为主配置文件myhostname
@pve.lan support@haiyun.me
#下面2个等效
root support@haiyun.me
root@pve.lan support@haiyun.me

正则映射:

cat /etc/postfix/sender_pcre_canonical
#匹配所有hostname和所有用户
/.*/ support@haiyun.me

smtp账号密码:

cat /etc/postfix/sasl_passwd
smtp.qq.com support@haiyun.me:password

生成hash数据库,pcre不用生成:

postmap /etc/postfix/sasl_passwd
postmap /etc/postfix/generic
postmap /etc/postfix/sender_canonical

替换发件人姓名:

cat /etc/postfix/smtp_header_checks 
/^From:.*/ REPLACE From: 重要通知 <support@haiyun.me>

发送邮件测试:

apt install bsd-mailx
echo "www.haiyun.me" |mail -s test support@haiyun.me
echo "test" | /usr/bin/pvemailforward

将其它用户邮件转发到root用户:

cat /etc/aliases
postmaster: root
nobody: root
#也可使用~/.forward 
#root: support@haiyun.me
postalias /etc/aliases

将root用户邮件转发到外部邮箱:

cat ~/.forward 
support@haiyun.me

参考:
https://serverfault.com/questions/717719/how-can-i-strip-or-rewrite-the-senders-name-of-a-from-address-when-using-postfi
https://forum.proxmox.com/threads/get-postfix-to-send-notifications-email-externally.59940/

PVE/Linux安装nut管理apc BK650M2-CH ups自动关机

发布时间:December 9, 2021 // 分类: // 7 Comments

先查看usb是否识别ups:

lsusb
Bus 001 Device 054: ID 051d:0002 American Power Conversion Uninterruptible Power Supply

安装:

apt install nut-server nut-client

配置nut运行为服务器模式,可控制多台电脑。

/etc/nut/nut.conf 
MODE=netserver

设置nut和ups连接方式,修改此配置后需重新启动upsdrvctl start生效。

/etc/nut/ups.conf
[myups]
       driver = usbhid-ups
       port = auto
       desc = "APC UPS"
       #忽略低电量和低运行时间,有的断电后会马上关机
       ignorelb
       #重写ups返回的低电量和低运行时间值,可用于控制停电时关机时间,满足一个关机,-1为禁用此项
       override.battery.charge.low = 99
       override.battery.runtime.low = -1
       #可以都设置为-1禁用ups低电量自动关机,使用下面的脚本自定义关机

连接ups,nut-server启动时自动加载,usb拔出后需手工启动。

upsdrvctl start

设置nut server监听ip和端口:

/etc/nut/upsd.conf 
LISTEN 0.0.0.0 3493

设置客户端连接验证密码:

/etc/nut/upsd.users
#管理员可set更改ups内变量参数,master可设置FSD关机标签,slave收到通知后关机
[admin]
    password = 123456
    actions = SET FSD
    instcmds = ALL
    upsmon master
[user1]
    password = 123456
    actions = FSD
    #instcmds = ALL
    upsmon master
#别的电脑连接使用此用户
[user2]
    password = 123456
    #actions = SET
    #instcmds = ALL
    upsmon slave

设置upsmon客户端连接nut server监控ups状态,当断电后执行关机等操作:

/etc/nut/upsmon.conf 
MONITOR myups@localhost 1 user1 123456 master

upsmon默认监控断电且ups电量过低时执行关机,可自定义关机:

upsmon.conf 
NOTIFYCMD /sbin/upssched
#当使用电池来电时syslog并执行上面的命令
NOTIFYFLAG ONBATT SYSLOG+EXEC
NOTIFYFLAG ONLINE SYSLOG+EXEC

upssched自定义操作:

/etc/nut/upssched.conf 
CMDSCRIPT /usr/local/bin/upssched
#此目录nut要可写
PIPEFN /run/nut/upssched.pipe
LOCKFN /run/nut/upssched.lock
#断电10秒后执行上面脚本并发送power-off参数
AT ONBATT * START-TIMER power-off 10
#来电后取消上面定时
AT ONLINE * CANCEL-TIMER power-off

关机脚本,要添加可执行权限:

/usr/local/bin/upssched
#! /bin/sh

case $1 in
  power-off)
    /sbin/upsmon -c fsd
    ;;
  *)
    logger -t upssched "Unrecognized command: $1"
    ;;
esac

启动并查看ups信息:

systemctl restart nut-server.service 
systemctl restart nut-client.service 
upsc myups

配置nut-cgi web管理界面:

apt install nut-cgi --no-install-recommends fcgiwrap nginx

nut-cgi连接nut-server配置:

/etc/nut/hosts.conf
MONITOR myups@localhost 1 user1 123456 master

nginx配置文件:

server {
  listen     89;
  charset utf-8;
 
  location /{
    alias /usr/share/nut/www/;
    try_files $uri $uri/ /index.html;
  }
 
  location /cgi-bin/nut/ {
    gzip off;
    alias /usr/lib/cgi-bin/nut/;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME /usr/lib/$fastcgi_script_name;
    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
  }
  access_log off;
}

nut web界面效果:
2021-12-10_080005.jpg

参考:
https://loganmarchione.com/2017/02/raspberry-pi-ups-monitor-with-nginx-web-monitoring/
https://srackham.wordpress.com/2013/02/27/configuring-nut-for-the-eaton-3s-ups-on-ubuntu-linux/
https://alainlam.cn/?p=56
https://untitled.pw/hardware-iot/2767.html
https://www.wangchucheng.com/zh/posts/setting-up-ups-with-nut-on-linux/
https://forums.contribs.org/index.php?topic=44443.0

PVE/KVM安装windows遇到的问题

发布时间:December 8, 2021 // 分类: // No Comments

由于windows不包含VirtIO驱动,PVE默认使用ide硬盘很卡,在新建虚拟机时将硬盘ide调整为scsi,额外新建一个cd驱动器挂载virtio-win iso,然后在windows安装界面加载挂载的驱动,windows7最新可用版本为virtio-win-0.1.173
2021-12-07_170730.jpg
windows7安装完成后设备管理器有一未识别设备,下载windows6.x-hypervintegrationservices-x64管理员运行powershell安装。

Dism /online /Add-Package /PackagePath:C:\windows6.x-hypervintegrationservices-x64.cab

参考:
https://forum.proxmox.com/threads/unknown-device-in-win7-vm.49698/
https://forum.proxmox.com/threads/windows-7-and-virtio-drivers-no-signed-drivers-found-for-0-1-185-and-0-1-190-or-bsod-with-0-1-189.79708/
https://pve.proxmox.com/wiki/Paravirtualized_Block_Drivers_for_Windows
https://pve.proxmox.com/wiki/Windows_7_guest_best_practices
https://pve.proxmox.com/wiki/Windows_VirtIO_Drivers

Proxmox LXC挂载目录及权限设置

发布时间:November 26, 2021 // 分类: // No Comments

LXC挂载目录,默认为无特权容器,容器内要读写挂载的文件要映射服务器用户并为容器内用户设置相应权限。

mp0: /data/e,mp=/data/e
mp1: /data/f,mp=/data/f

PVE运行LXC以root身份启动,查看root的从属用户起始id为100000,数量65536个。

grep root /etc/subgid /etc/subuid
/etc/subgid:root:100000:65536
/etc/subuid:root:100000:65536

映射从属用户到lxc容器:

cat /etc/pve/lxc/100.conf 
#容器内root(id=0)映射为服务器id 100000,递增65536个,即容器内用户id 0-65535对应服务器100000-165535
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536

注意容器内nobody id为65534,没映射到会连接不上ssh,提示错误:

fatal: setgroups: Invalid argument [preauth]

如果将挂载目录让容器内root可读写的话在服务器内将所有者更改为id 100000。

chown -R 100000:100000 /data/e
#也可使用用户名
useradd -u 100000 -M -s -s /usr/sbin/nologin lxc-root 
chown -R lxc-root:lxc-root /data/e

映射实体用户,服务器和容器内有相同ID的用户。

cat /etc/subuid /etc/subgid
root:1000:1
root:1000:1
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1

参考:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

分类
最新文章
最近回复
  • 海运: 关闭服务器
  • 海风: override.battery.charge.low以及override.battery.r...
  • koldjf: 不能过滤
  • 杰迪武士: 此文甚好甚强巨,依照此文在树莓派2 + Rasbian上部署成功 感谢博主美文共赏
  • 海运: ups不知有没选项可设置此参数,不过你可以在另外一台电脑上安装nut客户端自动关机。
  • kgami: 想请教一下,设置了的电脑自动关机之后,几秒后UPS怎么也跟着关机了,导致另外一台电脑没关机就断...
  • 海运: 写的很详细了啊,/etc/nut/hosts.conf用以nut-cgi连接nut服务器参数,...
  • ryan: 请问下nginx配置好了,怎么和这个nut链接呢?最后可视化管理这块能给个详细一点的教程么?谢谢。
  • 1: /etc/config/fstab配置文件 https://openwrt.org/zh/do...
  • 听雨看雪: 找了好久,终于找到UP主,给出的正确解决方案,太感谢了,困扰大半年的问题,重装了N道PVE系统...