Archives pour l'étiquette Etch

Voici.fr preuve par l’image de l’intérêt de l’optimisation web cache et des performance des reverses proxys

Suite à mes articles sur la configuration eZ publish pour l’utilisation des caches web, sur l’optimisation des reverse proxy squid j’ai tenté de faire la démonstration de l’intérêt de l’ optimisation web cache et des performance des reverses proxys. Je vais apporter quelques preuve de plus dans cet article.

Tenir les versions des logiciels à jours

L’optimisation de ces web cache et la performance des reverses proxys passe tout simplement pas la mise à jour régulière du système et des logiciels. Dans l’exemple ci dessous le gains de performance est flagrant entre une configuration Debian Sarge avec Squid 2.5 et une configuration Debian Etch avec Squid 2.6. Au mois d’octobre 2008 le taux d’utilisation du cpu par le système à chuté, un goulot d’étranglement à été supprimé.

Squid de Sarge a Etch

Soigner la configuration eZ et apache pour squid

Suite à la mort de Michael Jackson Gala.fr et principalement Voici.fr ont connu un très fort pic de charge. Durant cette épisode d’audience intense nous avons poussé en production différente optimisation que nous avions précédemment préparé. Ces optimisations porte sur la configuration de eZ Publish 4 et de Apache pour l’utilisation des caches web. L’effet principale étant obtenue en allongeant le temps de rétentions des images et en instaurant la compression pour les fichiers css et javascript.

Squid Modif conf

Affiner la configuration système des serveurs squid

Une configuration optimum des squid passe également par une adaptation du système à leur mission de reverse proxy tel que nous l’avons réalisé récemment. Le résultat est la et guère discutable pour un charge CPU légèrement supérieur nous desservons plus de client et stockons plus d’objet ce qui conduit à une plus faible sollicitation des frontaux.

Squid.Cpu.Utilisation.png
Squid.Number.Of.Client.png
Squid.Nombre.Objet.Cache.png

[Debian] Utiliser un système mixte Stable / Oldstable ou Stable / Testing

Vous souhaiter utiliser un système Debian mixte qui combinerais des paquets Stable / Oldstable ou Stable / Testing. ? Personnellement je souhaitais installer une version récente de Fail2ban sur un serveur tournant avec une Debian Etch[1]. Pour des raisons de maintenance pas question de faire une installation depuis les sources. J’ai donc souhaité installer le paquet Fail2ban de Debian Lenny [2] sur cette Debian Etch.

APT::Default-Release

Pour ceci il est nécessaire de configurer Apt pour définir votre version principale de Debian. Ceci passe par l’ajout d’un paramètre dans l’arborescence de configuration de APT.

Créé un fichier 01Default-Release. Préfix en 01 pour qu’il soit charger dans les premiers

vi etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #7a0874; font-weight: bold;">&#93;</span> <span style="color: #7a0874; font-weight: bold;">cd</span> apt.conf.d<span style="color: #000000; font-weight: bold;">/</span>01Default-Release

Ajouter l’instruction suivante dans le fichier 01Default-Release pour que la version principale de Debian reste en Oldstable / Etch

APT::Default-Release <span style="color: #ff0000;">&quot;oldstable&quot;</span>;

Dans la branche /etc/apt/apt.conf.d/ vous avez maintenant les fichiers suivant

<span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #7a0874; font-weight: bold;">&#93;</span> <span style="color: #7a0874; font-weight: bold;">cd</span> apt.conf.d<span style="color: #000000; font-weight: bold;">/</span> <span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #000000; font-weight: bold;">/</span>apt.conf.d<span style="color: #7a0874; font-weight: bold;">&#93;</span> <span style="color: #c20cb9; font-weight: bold;">ls</span> -l total <span style="color: #000000;">16</span> -rw-r--r-- <span style="color: #000000;">1</span> root root  <span style="color: #000000;">40</span> <span style="color: #000000;">2007</span><span style="color: #000000;">-04</span><span style="color: #000000;">-10</span> <span style="color: #000000;">11</span>:<span style="color: #000000;">45</span> 00trustcdrom -rw-r--r-- <span style="color: #000000;">1</span> root root  <span style="color: #000000;">34</span> <span style="color: #000000;">2009</span><span style="color: #000000;">-09</span><span style="color: #000000;">-16</span> <span style="color: #000000;">11</span>:<span style="color: #000000;">25</span> 01Default-Release -rw-r--r-- <span style="color: #000000;">1</span> root root <span style="color: #000000;">182</span> <span style="color: #000000;">2009</span><span style="color: #000000;">-09</span><span style="color: #000000;">-16</span> <span style="color: #000000;">11</span>:<span style="color: #000000;">21</span> 70debconf

Reste à modifier le source.list de apt en ajoutant le dépot main de lenny en plus de celuis de etch.

deb <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net<span style="color: #000000; font-weight: bold;">/</span>debian<span style="color: #000000; font-weight: bold;">/</span> etch main deb-src <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net<span style="color: #000000; font-weight: bold;">/</span>debian<span style="color: #000000; font-weight: bold;">/</span> etch main &nbsp; deb http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org<span style="color: #000000; font-weight: bold;">/</span> etch<span style="color: #000000; font-weight: bold;">/</span>updates main deb-src http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org<span style="color: #000000; font-weight: bold;">/</span> etch<span style="color: #000000; font-weight: bold;">/</span>updates main &nbsp; deb <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net<span style="color: #000000; font-weight: bold;">/</span>debian<span style="color: #000000; font-weight: bold;">/</span> lenny main contrib non-<span style="color: #c20cb9; font-weight: bold;">free</span>

Une mise à jour des paquets disponible s’impose avec un apt-get update.

<span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #7a0874; font-weight: bold;">&#93;</span> apt-get update Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch Release.gpg Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny Release.gpg Réception de : <span style="color: #000000;">1</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch Release <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">67</span>,8kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> Réception de : <span style="color: #000000;">2</span> http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates Release.gpg <span style="color: #7a0874; font-weight: bold;">&#91;</span>835B<span style="color: #7a0874; font-weight: bold;">&#93;</span> Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates Release Réception de : <span style="color: #000000;">3</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny Release <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">73</span>,6kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> Réception de : <span style="color: #000000;">4</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">5</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources Réception de : <span style="color: #000000;">6</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">7</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">8</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages Ign http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Packages Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Sources 141ko réceptionnés en 0s <span style="color: #7a0874; font-weight: bold;">&#40;</span>1380ko<span style="color: #000000; font-weight: bold;">/</span>s<span style="color: #7a0874; font-weight: bold;">&#41;</span> Lecture des listes de paquets... Erreur <span style="color: #000000; font-weight: bold;">!</span> E: Dynamic MMap ran out of room E: Erreur apparue lors <span style="color: #c20cb9; font-weight: bold;">du</span> traitement de tcptraceroute <span style="color: #7a0874; font-weight: bold;">&#40;</span>NewVersion2<span style="color: #7a0874; font-weight: bold;">&#41;</span> E: Problem with MergeList <span style="color: #000000; font-weight: bold;">/</span>var<span style="color: #000000; font-weight: bold;">/</span>lib<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #000000; font-weight: bold;">/</span>lists<span style="color: #000000; font-weight: bold;">/</span>mir1.ovh.net_debian_dists_lenny_main_binary-i386_Packages E: Les listes de paquets ou le fichier « status » ne peuvent être analysés ou lus.

APT::Cache-Limit

ZUT !
le message d’erreur final indique un manque d’espace de cache. Nous allons donc configuré apt et luis augmenter son espace de travail. Pour cela on autre comme précédemment un fichier dans l’arborescence de configuration de APT.

vi etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #7a0874; font-weight: bold;">&#93;</span> <span style="color: #7a0874; font-weight: bold;">cd</span> apt.conf.d<span style="color: #000000; font-weight: bold;">/</span>02Cache-Limit

On ajoute le paramètre Cache-Limit sur l’exemple suivant

APT::Cache-Limit <span style="color: #000000;">20000000</span>;<span style="color: #ff0000;">&quot;;</span>

La mise à jour des paquets disponible s’impose toujours avec un apt-get update.

<span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 ~<span style="color: #7a0874; font-weight: bold;">&#93;</span> apt-get update Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch Release.gpg Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny Release.gpg Réception de : <span style="color: #000000;">1</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch Release <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">67</span>,8kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> Réception de : <span style="color: #000000;">2</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny Release <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">73</span>,6kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> Réception de : <span style="color: #000000;">3</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">4</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">5</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">6</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Réception de : <span style="color: #000000;">7</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Packages Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net etch<span style="color: #000000; font-weight: bold;">/</span>main Sources Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main Packages Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>contrib Packages Atteint <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>non-<span style="color: #c20cb9; font-weight: bold;">free</span> Packages Réception de : <span style="color: #000000;">8</span> http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates Release.gpg <span style="color: #7a0874; font-weight: bold;">&#91;</span>835B<span style="color: #7a0874; font-weight: bold;">&#93;</span> Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates Release Ign http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Packages<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Ign http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Sources<span style="color: #000000; font-weight: bold;">/</span>DiffIndex Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Packages Atteint http:<span style="color: #000000; font-weight: bold;">//</span>security.debian.org etch<span style="color: #000000; font-weight: bold;">/</span>updates<span style="color: #000000; font-weight: bold;">/</span>main Sources 141ko réceptionnés en 0s <span style="color: #7a0874; font-weight: bold;">&#40;</span>546ko<span style="color: #000000; font-weight: bold;">/</span>s<span style="color: #7a0874; font-weight: bold;">&#41;</span> Lecture des listes de paquets... Fait <span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 ~<span style="color: #7a0874; font-weight: bold;">&#93;</span>

apt-get install -t stable

Par de soucis cette fois
Dans la foulé on installe la version de fail2ban provenant du déport Debian stable avec la commande suivante qui précise par le -t la version à utiliser.

apt-get <span style="color: #c20cb9; font-weight: bold;">install</span> -t stable fail2ban

En vrais cela donne

<span style="color: #7a0874; font-weight: bold;">&#91;</span>root<span style="color: #000000; font-weight: bold;">@</span>dweb2 <span style="color: #000000; font-weight: bold;">/</span>tmp<span style="color: #7a0874; font-weight: bold;">&#93;</span> apt-get <span style="color: #c20cb9; font-weight: bold;">install</span> -t stable fail2ban Lecture des listes de paquets... Fait Construction de l<span style="color: #ff0000;">'arbre des dépendances... Fait Les paquets supplémentaires suivants seront installés :   python-central Paquets suggérés :   python-gamin Les paquets suivants seront mis à jour :   fail2ban python-central 2 mis à jour, 0 nouvellement installés, 0 à enlever et 307 non mis à jour. Il est nécessaire de prendre 127ko dans les archives. Après dépaquetage, 188ko d'</span>espace disque supplémentaires seront utilisés. Souhaitez-vous continuer <span style="color: #7a0874; font-weight: bold;">&#91;</span>O<span style="color: #000000; font-weight: bold;">/</span>n<span style="color: #7a0874; font-weight: bold;">&#93;</span> ? o Réception de : <span style="color: #000000;">1</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main python-central <span style="color: #000000;">0.6</span><span style="color: #000000;">.8</span> <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">40</span>,4kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> Réception de : <span style="color: #000000;">2</span> <span style="color: #c20cb9; font-weight: bold;">ftp</span>:<span style="color: #000000; font-weight: bold;">//</span>mir1.ovh.net lenny<span style="color: #000000; font-weight: bold;">/</span>main fail2ban <span style="color: #000000;">0.8</span><span style="color: #000000;">.3</span>-2sid1 <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #000000;">86</span>,2kB<span style="color: #7a0874; font-weight: bold;">&#93;</span> 127ko réceptionnés en 0s <span style="color: #7a0874; font-weight: bold;">&#40;</span>486ko<span style="color: #000000; font-weight: bold;">/</span>s<span style="color: #7a0874; font-weight: bold;">&#41;</span> <span style="color: #7a0874; font-weight: bold;">&#40;</span>Lecture de la base de données... <span style="color: #000000;">32770</span> fichiers et répertoires déjà <span style="color: #c20cb9; font-weight: bold;">install</span>és.<span style="color: #7a0874; font-weight: bold;">&#41;</span> Préparation <span style="color: #c20cb9; font-weight: bold;">du</span> remplacement de python-central <span style="color: #000000;">0.5</span><span style="color: #000000;">.12</span> <span style="color: #7a0874; font-weight: bold;">&#40;</span>en utilisant ...<span style="color: #000000; font-weight: bold;">/</span>python-central_0<span style="color: #000000;">.6</span>.8_all.deb<span style="color: #7a0874; font-weight: bold;">&#41;</span> ... Dépaquetage de la mise à jour de python-central ... Préparation <span style="color: #c20cb9; font-weight: bold;">du</span> remplacement de fail2ban <span style="color: #000000;">0.7</span><span style="color: #000000;">.5</span>-2etch1 <span style="color: #7a0874; font-weight: bold;">&#40;</span>en utilisant ...<span style="color: #000000; font-weight: bold;">/</span>fail2ban_0<span style="color: #000000;">.8</span><span style="color: #000000;">.3</span>-2sid1_all.deb<span style="color: #7a0874; font-weight: bold;">&#41;</span> ... Dépaquetage de la mise à jour de fail2ban ... Paramétrage de python-central <span style="color: #7a0874; font-weight: bold;">&#40;</span><span style="color: #000000;">0.6</span><span style="color: #000000;">.8</span><span style="color: #7a0874; font-weight: bold;">&#41;</span> ... &nbsp; Paramétrage de fail2ban <span style="color: #7a0874; font-weight: bold;">&#40;</span><span style="color: #000000;">0.8</span><span style="color: #000000;">.3</span>-2sid1<span style="color: #7a0874; font-weight: bold;">&#41;</span> ...

Voila tout baigne, fail2ban est installé depuis le depot lenny.

A lire également chez d’autre

Notes

[1] Version Oldstable depuis le 14 février 2009

[2] la version stable courante depuis le 14 février 2009

Xen : Créer une machine virtuel sur debian etch

Support Physique a la machine virtuel

Il y à trois support physique à un DomU : Un fichier image, une partition LVM, une Partition Physique

  1. Un fichier image est ce est le plus rapide à configuré. La contre partie sont de pauvre performance I/O. La taille du fichier image représentant le disque du serveur virtuel est modifiable mais au prix de quelque manipulation laborieuse. Par contre un fichier image est facilement manipulable, copiable, déplacèable
  2. LVM est ce qui est le plus largement utilisé en production. Les partitions peuvent être re-tailler à volonté, facilement, sans (trop) d’intéruption de service. C’est l’idéal pour constituer un hébergement xen. Les performances I/O sont bien meilleur de fait comparé à un fichier image. Par contre en cas de soucis cela ce déplace bien moins facilelement qu’un fichier image.
  3. La partition physique est ce qu’il y à de mieux pour les performances IO. Mais c’est difficilement administrable et pas vraiment flexible.

Disque virtuel dans un fichier image.

C’est mon choix de production, la partition sur la quelle je stock ces fichiers images étant sur un SAN j’ai limité le soucis des I/O tout en ayant la possibilité de transférer mes machine virtuel sur une autre serveur d’hebergement facilement et rapidement.

<span style="color: #c20cb9; font-weight: bold;">mkdir</span> -p <span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span> <span style="color: #c20cb9; font-weight: bold;">dd</span> <span style="color: #007800;">if=</span><span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>zero <span style="color: #007800;">of=</span><span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span>diskimage.img <span style="color: #007800;">bs=</span>1024k <span style="color: #007800;">count=</span><span style="color: #000000;">5000</span> <span style="color: #c20cb9; font-weight: bold;">dd</span> <span style="color: #007800;">if=</span><span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>zero <span style="color: #007800;">of=</span><span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span>swapimage.img <span style="color: #007800;">bs=</span>1024k <span style="color: #007800;">count=</span><span style="color: #000000;">512</span> &nbsp; mkfs.ext3 <span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span>diskimage.img mkswap <span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span>swapimage.img &nbsp; <span style="color: #c20cb9; font-weight: bold;">mount</span> -o loop <span style="color: #000000; font-weight: bold;">/</span>xens<span style="color: #000000; font-weight: bold;">/</span>burkesys<span style="color: #000000; font-weight: bold;">/</span>diskimage.img <span style="color: #000000; font-weight: bold;">/</span>mnt

Disque Virtuel dans une volume LVM

lvcreate -n twister --<span style="color: #c20cb9; font-weight: bold;">size</span> 2g main-vol2 lvcreate -n twisterswp --<span style="color: #c20cb9; font-weight: bold;">size</span> 512m main-vol2 &nbsp; mkfs.ext3 <span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>main-vol2<span style="color: #000000; font-weight: bold;">/</span>twister mkswap <span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>main-vol2<span style="color: #000000; font-weight: bold;">/</span>twisterswp &nbsp; <span style="color: #c20cb9; font-weight: bold;">mount</span> -o loop <span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>main-vol2<span style="color: #000000; font-weight: bold;">/</span>twister <span style="color: #000000; font-weight: bold;">/</span>mnt

Un nouvel OS avec Debootstrap

Créé avec Debootstrap un nouveau système sur le disque virtuel

debootstrap --<span style="color: #c20cb9; font-weight: bold;">arch</span> i386 sarge <span style="color: #000000; font-weight: bold;">/</span>mnt http:<span style="color: #000000; font-weight: bold;">//</span><span style="color: #c20cb9; font-weight: bold;">ftp</span>.de.debian.org<span style="color: #000000; font-weight: bold;">/</span>debian<span style="color: #000000; font-weight: bold;">/</span> &nbsp; <span style="color: #c20cb9; font-weight: bold;">mv</span> <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>lib<span style="color: #000000; font-weight: bold;">/</span>tls <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>lib<span style="color: #000000; font-weight: bold;">/</span>tls.disabled &nbsp; <span style="color: #c20cb9; font-weight: bold;">cp</span> <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #000000; font-weight: bold;">/</span>sources.list <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #000000; font-weight: bold;">/</span> vi <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>apt<span style="color: #000000; font-weight: bold;">/</span>sources.list &nbsp; <span style="color: #c20cb9; font-weight: bold;">cp</span> -a <span style="color: #000000; font-weight: bold;">/</span>lib<span style="color: #000000; font-weight: bold;">/</span>modules<span style="color: #000000; font-weight: bold;">/</span><span style="color: #000000;">2.6</span><span style="color: #000000;">.16</span><span style="color: #000000;">-1</span>-xen-k7<span style="color: #000000; font-weight: bold;">/</span> <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>lib<span style="color: #000000; font-weight: bold;">/</span>modules<span style="color: #000000; font-weight: bold;">/</span> &nbsp; <span style="color: #c20cb9; font-weight: bold;">cp</span> <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>resolve.conf <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span> &nbsp; <span style="color: #c20cb9; font-weight: bold;">cp</span> <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>network<span style="color: #000000; font-weight: bold;">/</span>interfaces <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>network<span style="color: #000000; font-weight: bold;">/</span> vi <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>network<span style="color: #000000; font-weight: bold;">/</span>interfaces &nbsp; <span style="color: #808080; font-style: italic;">#To use Specific IP address - edit the /mnt/etc/network/interfaces manually.</span> <span style="color: #808080; font-style: italic;">#To use DHCP, edit and include the following:</span> <span style="color: #808080; font-style: italic;"># The loopback network interface</span> auto lo iface lo inet loopback <span style="color: #808080; font-style: italic;"># The primary network interface</span> auto eth0 iface eth0 inet dhcp &nbsp; vi <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span><span style="color: #c20cb9; font-weight: bold;">hostname</span> &nbsp; vi <span style="color: #000000; font-weight: bold;">/</span>mnt<span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>fstab proc <span style="color: #000000; font-weight: bold;">/</span>proc proc defaults <span style="color: #000000;">0</span> <span style="color: #000000;">0</span> <span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>sda1 <span style="color: #000000; font-weight: bold;">/</span> ext3 defaults,<span style="color: #007800;">errors=</span>remount-ro <span style="color: #000000;">0</span> <span style="color: #000000;">1</span> <span style="color: #000000; font-weight: bold;">/</span>dev<span style="color: #000000; font-weight: bold;">/</span>sda2 none swap sw <span style="color: #000000;">0</span> <span style="color: #000000;">0</span>

Configurer le serveur virtuel domU

<span style="color: #c20cb9; font-weight: bold;">umount</span> <span style="color: #000000; font-weight: bold;">/</span>mnt &nbsp; vi <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>xen<span style="color: #000000; font-weight: bold;">/</span>burkesys kernel = <span style="color: #ff0000;">&quot;/boot/vmlinuz-2.6.16-1-xen-k7&quot;</span> ramdisk = <span style="color: #ff0000;">&quot;/boot/initrd.img-2.6.16-1-xen-k7&quot;</span> memory = <span style="color: #000000;">192</span> name = <span style="color: #ff0000;">&quot;burkesys&quot;</span> vif = <span style="color: #7a0874; font-weight: bold;">&#91;</span><span style="color: #ff0000;">'bridge=xenbr0'</span><span style="color: #7a0874; font-weight: bold;">&#93;</span> <span style="color: #808080; font-style: italic;">#File Based:# disk = ['file:/xens/burkesys/diskimage.img,sda1,w','file:/xens/burkesys/swapimage.img,sda2,w']</span> <span style="color: #808080; font-style: italic;">#LVM Based:# disk = ['phy:/dev/main-vol2/twister,sda1,w', 'phy:/dev/main-vol2/twister,sda2,w']</span> <span style="color: #808080; font-style: italic;">#DHCP - remove the ip, gateway and netmask lines, and include:# dhcp = &quot;dhcp&quot;</span> ip = <span style="color: #ff0000;">&quot;ip add&quot;</span> gateway = <span style="color: #ff0000;">&quot;ip add&quot;</span> netmask = <span style="color: #ff0000;">&quot;255.255.0.0&quot;</span> root = <span style="color: #ff0000;">&quot;/dev/sda1 ro&quot;</span> extra = <span style="color: #ff0000;">'4'</span> &nbsp; <span style="color: #c20cb9; font-weight: bold;">ln</span> -s <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>xen<span style="color: #000000; font-weight: bold;">/</span>burkesys <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>xen<span style="color: #000000; font-weight: bold;">/</span>auto<span style="color: #000000; font-weight: bold;">/</span>burkesys <span style="color: #000000; font-weight: bold;">//</span><span style="color: #c20cb9; font-weight: bold;">link</span> <span style="color: #000000; font-weight: bold;">in</span> the config <span style="color: #c20cb9; font-weight: bold;">file</span> so that the Virtal Machine starts on Bootup of Dom0

Lancer et mettre à jour le serveur virtuel DomU

xm create burkesys -c

Vous allez voir votre serveur virtuel booter. Logger vous en suite et faire une mise à jour.

<span style="color: #c20cb9; font-weight: bold;">passwd</span> &nbsp; apt-get update apt-get upgrade

Xen : Installer un serveur d’hébergement xen sur Debian Etch

Lexique Xen

Dénomination a connaître et savoir pour comprendre.

  • dom0 = Serveur hébergeur
  • domU = Serveur hébergé

Nécessaire

Une installation serveur debian etch minimal, rien d’autre.

Préparation

Si vous avez une installation précédente de Xen sauvegarder la avant tout.

<span style="color: #c20cb9; font-weight: bold;">cp</span> -R <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>xen <span style="color: #000000; font-weight: bold;">/</span>root<span style="color: #000000; font-weight: bold;">/</span> <span style="color: #c20cb9; font-weight: bold;">cp</span> -R <span style="color: #000000; font-weight: bold;">/</span>boot <span style="color: #000000; font-weight: bold;">/</span>root<span style="color: #000000; font-weight: bold;">/</span>

Bon maintenant on dé-installe les versions précédente de xen Si vous utiliser une ancienne version de Xen vous pouvez supprimer le logiciel et le noyau sur le dom0 sans soucis semble t’il

dpkg -l <span style="color: #000000; font-weight: bold;">|</span> <span style="color: #c20cb9; font-weight: bold;">grep</span> -i xen apt-get remove xen-tools etc.

Installation des paquets xen

Installer les paquets suivant :

apt-get <span style="color: #c20cb9; font-weight: bold;">install</span> linux-image<span style="color: #000000;">-2.6</span>-xen<span style="color: #000000;">-686</span> xen-hypervisor<span style="color: #000000;">-3.0</span><span style="color: #000000;">.3</span><span style="color: #000000;">-1</span>-i386-pae xen-tools bridge-utils libc6-xen sysfsutils

Note : L’hypervisor PAE n’est pas nécéssaire car les paquets Debian ne fournissent que des binaires avec support PAE activé. Si vous voulez tester sur votre portable à base de Pentium-M (sans support PAE), vous n’avez plus qu’à installer votre propre noyau, car les paquets Debian ne fonctionneront pas (compilés en mode PAE uniquement ;

  • erreurs PAE mode mismatch in Xen (xen=no Dom0=yes)
  • Cannot execute a PAE-enabled kernel on a PAE-less CPU.

Utiliser grep pae /proc/cpuinfo pour voir si votre processeur gère PAE. C’est à se demander pourquoi une version de l’hyperviseur en mode non-PAE est disponible

Grub & Reboot

Vérifier /boot/grub/menu.lst pour voir si le kernel xen à bien été pris en compte pour le prochain reboot Après le reboot, vérifier que xen fonctionne et est actif. Pour ceci utilisez les commandes « xm list », « xm top ». Vérifier également le réseau avec la commande « ifconfig« , vous devez trouver deux nouvelles interfaces réseau : peth0 et vif0.0.

Network Bridge

Configurer dom0 correctement pour utiliser un bridge réseau. Pour ceci éditer le fichier /etc/xen/xend-config.sxp et vérifier qu’il présente les instructions suivantes :

vi <span style="color: #000000; font-weight: bold;">/</span>etc<span style="color: #000000; font-weight: bold;">/</span>xen<span style="color: #000000; font-weight: bold;">/</span>xend-config.sxp <span style="color: #808080; font-style: italic;">#xend-relocation-server yes</span> <span style="color: #7a0874; font-weight: bold;">&#40;</span>vif-script vif-bridge<span style="color: #7a0874; font-weight: bold;">&#41;</span> <span style="color: #7a0874; font-weight: bold;">&#40;</span>dom0-min-mem <span style="color: #000000;">128</span><span style="color: #7a0874; font-weight: bold;">&#41;</span> <span style="color: #808080; font-style: italic;">#(network-script network-dummy)</span> <span style="color: #808080; font-style: italic;">#(xend-relocation-hosts-allow '^localhost$')</span> <span style="color: #7a0874; font-weight: bold;">&#40;</span>network-script network-bridge<span style="color: #7a0874; font-weight: bold;">&#41;</span>

Voila c’est fini

Il vous reste à :

  • Créé, configuré et lancer des machines virtuel
  • Appliquer quelques astuces

Java sur Debian Sarge et Etch

Installation de JDK SUN

Pour les fans d’Ubuntu, je leurs conseille de lire cette documentation sur doc.ubuntu-fr.org

La première étape consiste à configurer APT(Advanced Packaging Tool ) éditer le fichier de configuration /etc/apt/sources.list et ajouter les lignes suivant :


deb http://ftp.debian.org/debian/ unstable non-free
deb-src http://ftp.debian.org/debian/ unstable non-free

Une fois APT configuré, executez apt-get update pour mettre à jour la liste des logiciels disponible sur les dépôts qu’on vient d’ajouter. Maintenant on est prés pour installer JDK de Sun, lancez la commande :


apt-get -t unstable install sun-java5-jdk

Pour tester si l’installation, entrez la commande :


java -version

Normalement elle doit retourner quelque chose du genre :


java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
Java HotSpot(TM) Client VM (build 1.5.0_12-b04, mixed mode, sharing)