Hamburg/Nextcloud

Aus wiki.freifunk.net
Zur Navigation springen Zur Suche springen

Work In Progress

Betriebssystem

Wir sind der sehr guten Anleitung Debian Buster Root on ZFS gefolgt.

Installationsablauf:

echo deb http://deb.debian.org/debian buster contrib >> /etc/apt/sources.list
echo deb http://deb.debian.org/debian buster-backports main contrib >> /etc/apt/sources.list
apt update
apt install --yes debootstrap gdisk dkms dpkg-dev linux-headers-$(uname -r)
apt install --yes -t buster-backports --no-install-recommends zfs-dkms
modprobe zfs
apt install --yes -t buster-backports zfsutils-linux

DISK=/dev/disk/by-id/ata-WDC_WD10EFRX-68PJCN0_WD-WCC4J1076848 

for d in sda sdb sdc sdd; do sgdisk --zap-all /dev/$d; done
for d in sda sdb sdc sdd; do sgdisk -n2:1M:+512M -t2:EF00 /dev/$d; done
for d in sda sdb sdc sdd; do sgdisk -n3:0:+1G    -t3:BF01 /dev/$d; done
for d in sda sdb sdc sdd; do sgdisk -n4:0:+32G   -t4:BF01 /dev/$d; done

zpool create -o ashift=12 -d \
    -o feature@async_destroy=enabled \
    -o feature@bookmarks=enabled \
    -o feature@embedded_data=enabled \
    -o feature@empty_bpobj=enabled \
    -o feature@enabled_txg=enabled \
    -o feature@extensible_dataset=enabled \
    -o feature@filesystem_limits=enabled \
    -o feature@hole_birth=enabled \
    -o feature@large_blocks=enabled \
    -o feature@lz4_compress=enabled \
    -o feature@spacemap_histogram=enabled \
    -o feature@userobj_accounting=enabled \
    -o feature@zpool_checkpoint=enabled \
    -o feature@spacemap_v2=enabled \
    -o feature@project_quota=enabled \
    -o feature@resilver_defer=enabled \
    -o feature@allocation_classes=enabled \
    -O acltype=posixacl -O canmount=off -O compression=lz4 -O devices=off \
    -O normalization=formD -O relatime=on -O xattr=sa \
    -O mountpoint=/ -R /mnt bpool mirror /dev/disk/by-id/ata-*-part3

zpool create -o ashift=12 \
    -O acltype=posixacl -O canmount=off -O compression=lz4 \
    -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa \
    -O mountpoint=/ -R /mnt rpool mirror /dev/disk/by-id/ata-*-part4

zfs create -o canmount=off -o mountpoint=none rpool/ROOT
zfs create -o canmount=off -o mountpoint=none bpool/BOOT

zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/debian
zfs mount rpool/ROOT/debian
zfs create -o canmount=noauto -o mountpoint=/boot bpool/BOOT/debian
zfs mount bpool/BOOT/debian

zfs create                                 rpool/home
zfs create -o mountpoint=/root             rpool/home/root
zfs create -o canmount=off                 rpool/var
zfs create -o canmount=off                 rpool/var/lib
zfs create                                 rpool/var/log
zfs create                                 rpool/var/spool

zfs create -o com.sun:auto-snapshot=false  rpool/var/cache
zfs create -o com.sun:auto-snapshot=false  rpool/var/tmp
chmod 1777 /mnt/var/tmp

zfs create -o com.sun:auto-snapshot=false  rpool/tmp
chmod 1777 /mnt/tmp

debootstrap buster /mnt
zfs set devices=off rpool

echo speicher > /mnt/etc/hostname
vi /mnt/etc/hosts
###
127.0.1.1	speicher speicher.hamburg.freifunk.net
###

cat > /mnt/etc/network/interfaces.d/enp1s0
###
auto enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 auto 
###

cat > /mnt/etc/apt/sources.list
###
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free

deb http://deb.debian.org/debian buster-backports main contrib non-free
deb-src http://deb.debian.org/debian buster-backports main contrib non-free
###

cat > /mnt/etc/apt/preferences.d/90_zfs
###
Package: libnvpair1linux libuutil1linux libzfs2linux libzfslinux-dev libzpool2linux python3-pyzfs pyzfs-doc spl spl-dkms zfs-dkms zfs-dracut zfs-initramfs zfs-test zfsutils-linux zfsutils-linux-dev zfs-zed
Pin: release n=buster-backports
Pin-Priority: 990
###

mount --rbind /dev  /mnt/dev
mount --rbind /proc /mnt/proc
mount --rbind /sys  /mnt/sys
chroot /mnt /usr/bin/env DISK=$DISK bash --login
ln -s /proc/self/mounts /etc/mtab

apt update
apt install --yes locales
dpkg-reconfigure locales
dpkg-reconfigure tzdata
apt install --yes dpkg-dev linux-headers-amd64 linux-image-amd64
apt install --yes zfs-initramfs

apt install dosfstools
mkdosfs -F 32 -s 1 -n EFI ${DISK}-part2
mkdir /boot/efi
echo PARTUUID=$(blkid -s PARTUUID -o value ${DISK}-part2) \
    /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab
mount /boot/efi

apt install --yes grub-efi-amd64 shim-signed
passwd

cat > /etc/systemd/system/zfs-import-bpool.service
###
[Unit]
DefaultDependencies=no
Before=zfs-import-scan.service
Before=zfs-import-cache.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zpool import -N -o cachefile=none bpool

[Install]
WantedBy=zfs-import.target
###
systemctl enable zfs-import-bpool.service

cp /usr/share/systemd/tmp.mount /etc/systemd/system/
systemctl enable tmp.mount

apt install --yes popularity-contest console-setup
apt install firmware-realtek
update-initramfs -u -k all

vi /etc/default/grub
###
Set: GRUB_CMDLINE_LINUX="root=ZFS=rpool/ROOT/debian"
Remove quiet from: GRUB_CMDLINE_LINUX_DEFAULT
Uncomment: GRUB_TERMINAL=console
###

grub-probe /boot
update-grub
grub-install --target=x86_64-efi --efi-directory=/boot/efi \
    --bootloader-id=debian --recheck --no-floppy
ls /boot/grub/*/zfs.mod

umount /boot/efi
zfs set mountpoint=legacy bpool/BOOT/debian
echo bpool/BOOT/debian /boot zfs \
    nodev,relatime,x-systemd.requires=zfs-import-bpool.service 0 0 >> /etc/fstab

mkdir /etc/zfs/zfs-list.cache
touch /etc/zfs/zfs-list.cache/rpool
ln -s /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d
zed -F &
cat /etc/zfs/zfs-list.cache/rpool
fg
^C
sed -Ei "s|/mnt/?|/|" /etc/zfs/zfs-list.cache/rpool

zfs snapshot bpool/BOOT/debian@install
zfs snapshot rpool/ROOT/debian@install

exit
mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | xargs -i{} umount -lf {}
zpool export -a

Nach dem Neustart wurde noch die /boot/efi Partition wie unter First Boot beschrieben gespiegelt und die Schritte unter Full Software Installation ausgeführt.

In der /etc/fstab wurde die Zeile für /boot/efi wie folgt geändert:

/dev/sda2 /boot/efi vfat nofail,x-systemd.requires=boot.mount 0 1

Um den Zpool data automatisch zu importieren wurde noch zfs-import-data.service angelegt und aktiviert:

root@speicher:~# systemctl cat zfs-import-data.service
# /etc/systemd/system/zfs-import-data.service
[Unit]
DefaultDependencies=no
Before=zfs-import-scan.service
Before=zfs-import-cache.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/zpool import data

[Install]
WantedBy=zfs-import.target

Applikation

nginx wurde per Ansible installiert.

Die relevanten Informationen in der Nextcloud-Installationsanleitung verteilen sich auf viele Unterseiten, also sorgfältig durchlesen. Ein leicht zu übersehender Unterschied zu anderen Webapplikationen ist, daß der Nextcloud-Installer Admin-Zugang zur Datenbank erwartet und den Datenbank-Benutzer für Nextcloud selbst anlegt!

apt install mariadb-client mariadb-server
mysql
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GEHEIM';

vi /etc/mysql/mariadb.conf.d/90-nextcloud.cnf
###
[mysqld]
transaction_isolation = READ-COMMITTED
binlog_format = ROW
innodb_buffer_pool_size = 1G
innodb_io_capacity = 4000
###

systemctl restart mariadb

for m in fpm bz2 curl gd intl mbstring mysql xml zip; do apt install --yes php7.3-$m; done
apt install --yes php-apcu php-imagick

vi /etc/php/7.3/fpm/pool.d/www.conf
###
clear_env = no

pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18
###

vi /etc/php/7.3/fpm/php.ini
###
memory_limit = 512M
post_max_size = 110M
upload_max_filesize = 100M

opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
###

systemctl reload php7.3-fpm

sudo -u www-data php occ maintenance:install --database mysql --database-name nextcloud --database-user root --database-pass GEHEIM --admin-user admin --admin-pass GEHEIM --data-dir /var/lib/nextcloud

vi /var/www/nextcloud/config/config.php
###
  'memcache.local' => '\OC\Memcache\APCu',
###

vi /etc/php/7.3/fpm/cli.ini
###
apc.enable_cli = 1
###

systemctl reload php7.3-fpm

vi /var/www/nextcloud/config/config.php
###
  'loglevel' => 3,
  'appcodechecker' => true,
  'activity_expire_days' => 30,
###

vi /etc/logrotate.d/nextcloud
###
/var/lib/nextcloud/*.log {
    rotate 7
    daily
    missingok
}
###

Updates

Updates von Nextcloud sollten aufgrund des noch nicht behobenen Netzwerkproblems im Fux-Turm per Kommandozeilenupdate in einer screen-Session installiert werden.