Wednesday, 22 May 2013

GEOM ELI FULL DISK ENCRYPTION



Boot up with FreeBSD Live CD. Start bsdinstall.

When installation reaches partitioning, select ‘shell’.


Partitioning

# gpart create  –s gpt ada0

1 .Create Boot Block

# gpart add –t freebsd-boot –s 64k ada0
# gpart bootcode  –b /boot/pmbr  –p /boot/gptboot  –i 1 ada0

2 .Create and format Boot partition

# gpart add –t freebsd-ufs –s 256m ada0
# newfs /dev/ada0p2

3. Create and initialize encrypted partition

# gpart add –t freebsd-ufs ada0
# geli init –bl 256 /dev/ada0p3                       (Pass phrase will be prompted.)
# geli attach /dev/ada0p3                   (Pass phrase will be prompted. Device /dev/ada0p3.eli will be created.)
# newfs /dev/ada0p3.eli

4. Mount file systems to /mnt

# mount /dev/ada0p3.eli /mnt
# mkdir /mnt/boot2
# mount /dev/ada0p2 /mnt/boot2

5. Continue Installation

# exit

Once the installation ends, enter into a ‘shell’ to make final changes.


Final Changes

1. Move /boot to /boot2/

# mv /mnt/boot  /mnt/boot2/.


2. Edit loader.conf

# vi /boot2/boot/loader.conf

Add the following lines.

geom_eli_load=”YES”
vfs.root.mountfrom=”ufs:/dev/ada0p3.eli”

3. Edit fstab

Add the following lines

/dev/ada0p2                /boot2              ufs       rw,noatime      1          1
/dev/ada0p3.eli                        /                       ufs       rw,noatime      1          1

TWO NODE PACEMAKER FAIL SAFE CLUSTER WITH FLOATING IP ADDRESS (CentOS 6.3)



On both the nodes

1. Install Pacemaker

yum install pacemaker


2. Create configuration files for COROSYNC

cp /etc/corosync/corosync.conf.example    /etc/corosync/corosync.conf


vi /etc/corosync/service.d/pcmk

service {
        name: pacemaker
        ver: 1
}


3. Install CRMSH

wget -P /etc/yum.repos.d/ http://download.opensuse.org/repositories/network:/ha-clustering/CentOS_CentOS-6/network:ha-clustering.repo

yum install crmsh


4. Start Services

service corosync start

service pacemaker start

chkconfig corosync on

chkconfig pacemaker on





On Primary Node


1. Configure Pacemaker using CRM

crm configure property stonith-enabled=false

crm configure primitive ClusterIP ocf:heartbeat:IPaddr2 params ip=192.168.124.110 cidr_netmask=24 op monitor interval=30s

crm configure primitive postfix ocf:heartbeat:postfix op monitor interval=60s depth="0" timeout="20s"

crm configure property no-quorum-policy=ignore

crm configure rsc_defaults resource-stickiness=100

crm configure order postfix-after-ip mandatory: ClusterIP postfix

crm configure colocation postfixWithIP INFINITY: postfix ClusterIP



The status of the cluster nodes can be checked using the following commands :

crm status

crm resource show