Update and install tuned:
apt-get update apt-get install tuned tuned-gtk tuned-utils tuned-utils-systemtap reboot
List of useful tuned commands:
tuned-adm active tuned-adm list tuned-adm recommend tuned-adm verify tuned
Recommended for performance:
tuned-adm profile latency-performance
1. As root, edit the sshd_config file in /etc/ssh/sshd_config:
nano /etc/ssh/sshd_config
2. Add a line in the Authentication section of the file that says
PermitRootLogin yes
3. Save the updated /etc/ssh/sshd_config file
4. Restart the SSH server:
service sshd restart
To make hp z420 workstation headless boot (run workstation without a video card) Need to have Windows OS installed to run HP BIOS Configuration Utility (BCU) because in bios settings this option is hidden.
Download HP BIOS Configuration Utility (BCU) or here
Installation
Run the BCU SoftPaq to install its contents to the folder \HP\BIOS
Configuration Utility\, where is the Program Files folder on the target
system (For example, C:\PROGRAM FILES). The resulting files at the target folder include:
● BIOSConfigUtility.exe
● BIOSConfigUtility64.exe
● HPQPswd.exe
● HPQPswd64.exe
● BCUsignature32.dll
● BCUsignature64.dll
● Internet shortcut to BIOS Configuration Utility User Guide.pdf
Command-line parameters
BiosConfigUtility.exe /setvalue:"Headless Mode","Enable"
It can show some errors but it should work fine. Now take out your GPU and try to start the workstation. Now it should not keep beeping and boot without issues.
1. Installation
First step is to install Network UPS Tools package :
Terminal
# apt-get install nut
2. Connect your UPS
Once your UPS is powered and connected to a USB port of your server, it should be detected :
Terminal
# lsusb | grep UPS
Bus 004 Device 010: ID 0463:ffff MGE UPS Systems UPS
We can notice that UPS is from MGE, former name of Eaton.
This command has given us the Vendor ID and Device ID of your USB connected UPS.
Vendor ID : 0463
Device ID : ffff
These important values will be used later in the installation procedure.
3. Configuration
Its now time to declare the Eaton UPS to nut daemon.
As the UPS is connected via USB, we wil use the USB driver.
This is done by adding a new section to /etc/nut/ups.conf to declare your UPS.
/etc/nut/ups.conf
...
[eaton]
driver = usbhid-ups
port = auto
desc = "Eaton 3S 550"
4. Start USB driver
Now that your UPS is declared to nut, it’s time to start the USB UPS driver upsdrvctl :
Terminal
# upsdrvctl start
Network UPS Tools – UPS driver controller 2.6.4
Network UPS Tools – Generic HID driver 0.37 (2.6.4)
USB communication driver 0.32
Can’t claim USB device [0463:ffff]: could not detach kernel driver from interface 0: Operation not permitted
Driver failed to start (exit status=1)
This doesn’t look good.
Error comes from the fact that nut daemon is running as nut user, which is not allowed to access USB interface (accessible only by root).
The best way to allow nut user to access the UPS USB device, is to declare a new udev rules.
The udev rule will use the Vendor ID and Device ID of your USB UPS.
Il will allow accounts from nut group to access the USB device with 660 permission rather than 666, since that should be sufficient and more secure.
To declare the rule, you just have to create /etc/udev/rules.d/90-nut-ups.rules :
/etc/udev/rules.d/90-nut-ups.rules
# Eaton 3S 550
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0463", ATTR{idProduct}=="ffff", MODE="0660", GROUP="nut"
You now need to restart udev for the rule to become operational :
Terminal
# service udev restart
You need to disconnect and reconnect the USB cable to remount it with the new udev rule.
You should now be able to start upsdrvctl UPS driver without error.
Terminal
# upsdrvctl start
Network UPS Tools – UPS driver controller 2.6.4
Network UPS Tools – Generic HID driver 0.37 (2.6.4)
USB communication driver 0.32
Using subdriver: MGE HID 1.31
5. Configure NUT mode
nut can run in different mode according to your configuration :
none (default)
standalone
netserver
netclient
We must configure nut in standalone mode as it will address a local only configuration, with 1 UPS protecting the local system. This will start the 3 nut layers (driver, upsd and upsmon).
This standalone mode is declared in /etc/nut/nut.conf :
/etc/nut/nut.conf
...
MODE=standalone
Next step is to configure upsd and upsmon :
upsd communicates with the UPS driver that we just started
upsmon communicates with upsd and actually shuts down the machine in the event of a power failure.
Why this extra level of indirection ?
Just because multiple instances of upsmon can be started on different machines and communicate with a single uspd in charge of the physical UPS device.
6. Configure UPS daemon
As upsd will be used locally on the server, we will configure it to listen on localhost and default port 3493. Configuration will be done for IPv4 and IPv6.
Edit or create configuration file /etc/nut/upsd.conf :
/etc/nut/upsd.conf
...
# LISTEN
This local user is declared in /etc/nut/upsd.users :
/etc/nut/upsd.users
[upsmonitor]
password = YOUR_PASSWORD
upsmon master
Replace YOUR_PASSWORD with a real password.
7. Configure UPS monitor
Once user has been declared in upsd, it should be declared to upsmon.
This declaration is done thru /etc/nut/upsmon.conf :
/etc/nut/upsmon.conf
# Commands for shutdown on power loss
MONITOR [email protected] 1 upsmonitor YOUR_PASSWORD master
POWERDOWNFLAG /etc/killpower
SHUTDOWNCMD "/sbin/shutdown -h now"
eaton is the name you’ve given to your UPS in /etc/nut/ups.conf and YOUR_PASSWORD with the password you set in /etc/nut/upsd.users.
If you want, you can also change the shutdown command that will be used when the UPS battery will go below a minimum level.
8. Secure configuration
Since these UPS configuration files contain sensitive data (you can shutdown the server …), we should fix the permissions to allow only root user and nut group to access them.
Terminal
# chown root:nut /etc/nut/*
# chmod 640 /etc/nut/*
9. Test connection
Everything should now be in place to test your UPS connectivity.
To test it, you just need to start upsd daemon and to inquire your UPS status with upsc client.
Terminal
# upsd
Network UPS Tools upsd 2.6.4
fopen /var/run/nut/upsd.pid: No such file or directory
listening on ::1 port 3493
listening on 127.0.0.1 port 3493
Connected to UPS [eaton]: usbhid-ups-eaton
# upsc [email protected]
battery.charge: 89
battery.charge.low: 20
…
Now that service is running, you can reboot your debian computer.
After next reboot, service nut-server should have been started.
You should be able to access your UPS data.
Terminal
# upsc [email protected]
battery.charge: 89
battery.charge.low: 10
…
As soon as your UPS charge will go under 10%, a shutdown signal will be issued to your server.
nano /etc/network/interfaces.d/50-cloud-init
auto lo
iface lo inet loopback
dns-nameservers 213.186.33.99auto eth0
iface eth0 inet dhcp
mtu 1500auto eth0:1
iface eth0:1 inet static
address x.x.x.x
netmask 255.255.255.255auto eth0:2
iface eth0:2 inet static
address x.x.x.x
netmask 255.255.255.255auto eth0:3
iface eth0:3 inet static
address x.x.x.x
netmask 255.255.255.255
Automatically power cycle the Raspberry Pi once it gets stuck.
1) Enable the hardware watchdog on your Pi and reboot
sudo su
echo 'dtparam=watchdog=on' >> /boot/config.txt
reboot2) Install the watchdog system service
sudo apt-get update
sudo apt-get install watchdog
3) Configure the watchdog service
sudo su
echo 'watchdog-device = /dev/watchdog' >> /etc/watchdog.conf
echo 'watchdog-timeout = 15' >> /etc/watchdog.conf
echo 'max-load-1 = 24' >> /etc/watchdog.conf
4) Enable the service
sudo systemctl enable watchdog
sudo systemctl start watchdog
sudo systemctl status watchdogNow next time your Raspberry Pi freezes, the hardware watchdog will restart it automatically after 15 seconds.
If you want to test this you can try running a fork bomb on your shell:
sudo bash -c ':(){ :|:& };:'!!!Running this code will render your Raspberry Pi unaccessible until it’s reset by the watchdog.!!!
Jei norite greitai pasiekti daugelio įrenginių failus, jums reikia sinchronizavimo. Tai atviro kodo kelių platformų failų sinchronizavimo sprendimas, kuris gali veikti lokaliai arba internetu. Ši platforma turi „Linux“, „Windows“ ir „macOS“ klientus. Taip pat turi „Android“ programą, skirtą sinchronizuoti iš ir į išmaniuosius telefonus.
2. Pridedame Syncthing prie apt šaltinių
echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
2. Pridedame PGP raktą
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
3. Paleidžiam atnaujinimą
sudo apt update
4. Paleidžiam Syncthing instaliavimą
sudo apt install syncthing
5. Įgalinam Syncthing kaip servisą
sudo systemctl enable [email protected]
6. Paleidžiam Syncthing su komanda
sudo service [email protected] start
7. Pasitikrinam ar viskas sėkmingai pasileido:
[email protected]:~/# service [email protected] status
● [email protected] - Syncthing - Open Source Continuous File Synchronization for root
Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
Active: active (running) since Sat 2021-05-08 18:13:49 EEST; 7h ago
Docs: man:syncthing(1)
Main PID: 27578 (syncthing)
Tasks: 48 (limit: 4915)
Memory: 11.9G
CGroup: /system.slice/system-syncthing.slice/[email protected]
├─27578 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
└─27586 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
Kaip matome, viskas pasileido sėkmingai. Dabar patį Syncthing WEB UI galite pasiekti adresu http://127.0.0.1:8384
Atkreipkite dėmesį į paleidimo eilutę „service [email protected] start“ kur yra username, ten nurodome kokiu useriu paleidinėsime daemoną, patartina nenaudoti root userio dėl saugumo sumetimų. Po pirmo paleidimo, atitinkamo userio /home/useris/.config/syncthing direktorijoje susikuria visi konfigūraciniai failai. Pagal nutylėjimą pasiekti web ui dabar pavyks tik iš lokalaus kompiuterio. Norint pasiekti web ui nuotoliniu būdu reikės pakeisti config.xml faile vieną nustatymą:
iš <address>127.0.0.1:8384</address> į <address>0.0.0.0:8384</address>
Klientus ir kitus reikiamus failus rasite: https://syncthing.net/downloads/
Gero naudojimo 🙂
adduser user – Sukuriam userį
usermod -d /home/some/dir user – Nustato numatytą user home direktoriją
groupadd group – Sukuriam grupę
usermod -a -G group user Pridedam user į grupę
chown -R user:group /home/some/dir – Suteikiam user ir grupei access.
arba
chgrp -R group /home/some/dir
ir uždedam failų teises, kad juos leistų atidaryti/redaguoti ir išsaugoti
chmod -R 775 /home/some/dir
ether1 – WAN
ether5 – LAN 5 port
apt-get install iptables-persistent
After that, run next commands every time you want save iptables changes permanently:netfilter-persistent savenetfilter-persistent reload