mirror of
https://github.com/GeekOops/doc.git
synced 2024-05-20 05:12:21 +00:00
Add php-fpm, pureftpd and next role
This commit is contained in:
parent
f9bff7ecb3
commit
0cf8e7737b
|
@ -25,4 +25,5 @@ disablePathToLower = true
|
|||
geekdocRepo = "https://github.com/GeekOops/doc"
|
||||
geekdocSearch = true
|
||||
geekdocSearchShowParent = true
|
||||
geekdocImageLazyLoading = true
|
||||
geekdocAnchor = true
|
||||
geekdocAnchorCopy = true
|
||||
|
|
35
geekoops/content/posts/20210326-next/index.md
Normal file
35
geekoops/content/posts/20210326-next/index.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
title: "Ansible NEXT server"
|
||||
author: "phoenix"
|
||||
date: 2021-03-26T09:54:20+01:00
|
||||
---
|
||||
The [geekoops-next](https://github.com/GeekOops/geekoops-next) ansible role makes it easy to setup your own PXE boot server. It configures `dnsmasq` to run a DHCP and TFTP server, from which your PXE clients can boot from. You can turn the DNS functionality of `dnsmasq` off, so that it is possible to run this PXE server next to another DNS server on the same host.
|
||||
|
||||
This role also extracts a minimum `syslinux` installation into your tftp directory. So, after deploying this role, your clients should be able to boot from this PXE server, but it appears empty.
|
||||
|
||||
![Boot sequence demo](/img/boot-sequence.gif)
|
||||
|
||||
Currently this role only supports legacy boot.
|
||||
|
||||
## Example
|
||||
|
||||
The following playbook installs this PXE boot server on `jellyfish`. However we want to use another dhcp server for handing out the leases, so that we configure `dnsmasq` to act as proxy. This is useful if you want to run your PXE server alongside another DHCP server, like for example in a network configuration where your Fritzbox takes care of the DHCP. Our example is in a `libvirt` environment, so we let the default `libvirt` DHCP server (192.168.122.1) handle dhcp:
|
||||
|
||||
- hosts: jellyfish
|
||||
roles:
|
||||
- role: geekoops-next
|
||||
vars:
|
||||
config_firewall: true
|
||||
firewall_zone: "public"
|
||||
dhcp_range: "192.168.122.1,proxy,255.255.255.0"
|
||||
prompt: "My awesome network boot server"
|
||||
|
||||
### Testing
|
||||
|
||||
If `jellyfish` runs as virtual machine in your default `libvirt` domain, you can now create a new virtual machine that boots from the network.
|
||||
|
||||
![Virt-manager demo](/img/configure-client.gif)
|
||||
|
||||
In `virt-manager`, create a new Virtual machine, with "Manual Boot". Use any Linux system, even "Generic OS" just works fine. We don't need a disk for booting, so that one can be deselected. Now, if you boot the machine, you will see the boot menu from the PXE server
|
||||
|
||||
![Boot screen](/img/BootScreen.png)
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title: "Php-fpm"
|
||||
title: "Ansible php-fpm"
|
||||
author: "phoenix"
|
||||
date: 2021-03-26T09:42:03+01:00
|
||||
---
|
||||
|
|
49
geekoops/content/posts/20210326-pureftpd.md
Normal file
49
geekoops/content/posts/20210326-pureftpd.md
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
title: "Ansible PureFTPd"
|
||||
author: "phoenix"
|
||||
date: 2021-03-26T09:49:33+01:00
|
||||
---
|
||||
The [geekoops-pureftpd role](https://github.com/GeekOops/geekoops-pureftpd) is a configurable ansible role for setting up a `PureFTPd` ftp server. I choose `PureFTPd` because it appears to be more secure than `ProFTPd`. In comparison to `vsftp`, one server program can run both IPv4 and IPv6.
|
||||
|
||||
This role works on openSUSE Leap.
|
||||
|
||||
## Role Variables
|
||||
|
||||
`PureFTPd` is a highly configurable ansible role. See the following list of possible variables, but you probably don't need much of them.
|
||||
|
||||
| Value | Description | Default |
|
||||
|-------|-------------|---------|
|
||||
| `config_firewall` | Apply firewall rules | `false` |
|
||||
| `firewall_zone` | Firewall zone where ftp will be allowed | public |
|
||||
| `MaxClientsNumber` | Maximum number of anonymous clients | 10 |
|
||||
| `MaxClientsPerIP` | Maximum clients per IP address | 3 |
|
||||
| `AnonymousOnly` | Forbid user login | yes |
|
||||
| `NoAnonymous` | Disallow anonymous | no |
|
||||
| `PAMAuthentication` | Allow PAM authentication | no |
|
||||
| `MaxIdleTime` | Maximum idle time in minutes before disconnecting | 5 |
|
||||
| `MaxLoad` | Disallow anonymous download if system load is above this value | 4 |
|
||||
| `PassivePortMin` | Passive port range - lower bound | 30000 |
|
||||
| `PassivePortMax` | Passive port range - upper bound | 30100 |
|
||||
| `ForcePassiveIP` | Use this IP for passive mode, useful if `PureFTPd` is behind a NAT | `""` (disabled) |
|
||||
| `Bind` | Bind address and port (e.g. `127.0.0.1,21`) | `""` (disabled) |
|
||||
| `Bandwidth` | Max bandwidth for all users in KB/s | `""` (disabled) |
|
||||
| `TrustedIP` | Allow login only from this IP | `""` (disabled) |
|
||||
| `MaxUserSessions` | Maximum number of open session per user | 3 |
|
||||
| `MaxAnonSessions` | Maximum number of open anonymous sessions | 20 |
|
||||
| `IPV4Only` | Bind to IPv4 only. By default we bind to IPv4 and IPv6 | no |
|
||||
| `IPV6Only` | Bind to IPv6 only. By default we bind to IPv4 and IPv6 | no |
|
||||
|
||||
# Example
|
||||
|
||||
With this example playbook we setup a `PureFTPd` server that allows only anonymous access. Because we have only some resources, we allow up to 100 session in parallel.
|
||||
|
||||
- hosts: jellyfish
|
||||
user: root
|
||||
roles:
|
||||
- role: geekoops-pureftp
|
||||
vars:
|
||||
config_firewall: true
|
||||
AnonymousOnly: yes
|
||||
PassivePortMin: 30000
|
||||
PassivePortMax: 31000
|
||||
MaxAnonSessions: 100
|
BIN
geekoops/static/img/BootScreen.png
Normal file
BIN
geekoops/static/img/BootScreen.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 87 KiB |
BIN
geekoops/static/img/boot-sequence.gif
Normal file
BIN
geekoops/static/img/boot-sequence.gif
Normal file
Binary file not shown.
After Width: | Height: | Size: 154 KiB |
BIN
geekoops/static/img/configure-client.gif
Normal file
BIN
geekoops/static/img/configure-client.gif
Normal file
Binary file not shown.
After Width: | Height: | Size: 327 KiB |
Binary file not shown.
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 29 KiB |
Loading…
Reference in a new issue