Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- server:dwb [2024/05/22 13:27] – [Netzwerkkonfiguration] walbaum
+++ server:dwb [2025/10/23 10:51] (aktuell) – [Externe Verbindungseinstellungen für Endbenutzer (z.B. über DiversityCollection / Client): smns.diversityworkbench.de Port 7878] schuhmann
@@ Zeile 1: / Zeile 1: @@
+====== Externe Verbindungseinstellungen für Endbenutzer (z.B. über DiversityCollection / Client): smns.diversityworkbench.de Port 7878 ======
+Download der Clients: https://www.diversityworkbench.de/manual/dwb_latest/modules/index.html
 ====== DWB im SMNS ======
-  ; OS : Linux Debian 12
+; ; OS : : Linux Debian 12 ; ; Hostname : : lserver-dwb01 ; ; IP DMZ : : 172.31.13.31 ; ; User : : dwbdebby ; ; Passwort : : <decrypt>U2FsdGVkX18LX4h/SQIKwZiSgSlkAeYHqb8K04oLOPNUb25lXhHeawJHgS1bBrLK</decrypt>
-  ; Hostname : lserver-dwb01
-  ; User : dwbdebby
+===== Systemsetup =====
-  ; Passwort : <decrypt>U2FsdGVkX18LX4h/SQIKwZiSgSlkAeYHqb8K04oLOPNUb25lXhHeawJHgS1bBrLK</decrypt>
+Zwei redundante Server (Komponenten doppelt aufgeführt):\\
+{{:server:dwb-hardware.png}}
 ===== Festplatte/Partitionierung =====
-Installation Debian auf 8TB (7,7) NVMe nvme0n1, Bilder liegen in /var/log/installer/.\\
+Installation Ubuntu auf 8TB (7,7) NVMe nvme0n1, Bilder liegen in /var/log/installer/.\\
 LVM (Logical Volume Manager) mit Verschlüsselung.\\
 \\
@@ Zeile 201: / Zeile 206: @@
   mssql-network:
     driver: bridge
 </code>
@@ Zeile 304: / Zeile 310: @@
 </code>
-enp129s0f1np1 ist eine eigene LWL-Netzwerkkarte. :FIXIT:
+enp129s0f1np1 ist eine eigene LWL-Netzwerkkarte. FIXME
 <WRAP round box 100% center>
 <code>
 #Bypass an der DMZ vorbei
@@ Zeile 320: / Zeile 327: @@
     gateway 172.31.13.254
     dns-nameservers 172.31.13.254
 </code>
 </WRAP>
@@ Zeile 327: / Zeile 336: @@
 <code>
 systemctl restart networking
 </code>
-Netzwerkinterface aktivieren:
+Ein Netzwerkinterface aktivieren:
 <code>
 ip link set dev eno2np1 up
 </code>
 IP hinzufügen:
 <code>
 ip address add 172.31.13.31/24 dev enp129s0f1np1
 </code>
 IP entfernen:
 <code>
 ip address del 172.31.13.31/24 dev enp129s0f1np1
 </code>
@@ Zeile 349: / Zeile 364: @@
 <code>
 ip addr show
 </code>
 <WRAP center round box 100%>
 <code>
 : lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
@@ Zeile 359: / Zeile 376: @@
     inet6 ::1/128 scope host noprefixroute
        valid_lft forever preferred_lft forever
-: enp194s0f0np0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+: enp129s0f0np0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
-    link/ether 14:23:f2:9a:0d:50 brd ff:ff:ff:ff:ff:ff
+    link/ether 00:62:0b:f5:23:00 brd ff:ff:ff:ff:ff:ff
-: enp194s0f1np1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+: enp129s0f1np1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
-    link/ether 14:23:f2:9a:0d:51 brd ff:ff:ff:ff:ff:ff
+    link/ether 00:62:0b:f5:23:01 brd ff:ff:ff:ff:ff:ff
-: eno1np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
+    inet 172.31.13.31/24 brd 172.31.13.255 scope global enp129s0f1np1
+       valid_lft forever preferred_lft forever
+    inet6 fe80::262:bff:fef5:2301/64 scope link
+       valid_lft forever preferred_lft forever
+: enp129s0f2np2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+    link/ether 00:62:0b:f5:23:02 brd ff:ff:ff:ff:ff:ff
+: enp129s0f3np3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+    link/ether 00:62:0b:f5:23:03 brd ff:ff:ff:ff:ff:ff
+: eno1np0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
     link/ether 3c:ec:ef:9f:a5:46 brd ff:ff:ff:ff:ff:ff
     altname enp71s0f0np0
@@ Zeile 370: / Zeile 395: @@
     inet6 fe80::3eec:efff:fe9f:a546/64 scope link
        valid_lft forever preferred_lft forever
-: eno2np1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
+: eno2np1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
     link/ether 3c:ec:ef:9f:a5:47 brd ff:ff:ff:ff:ff:ff
     altname enp71s0f1np1
-    inet 172.31.14.32/24 brd 172.31.14.255 scope global eno2np1
+: enxbe3af2b6059f: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
-       valid_lft forever preferred_lft forever
-    inet6 fe80::3eec:efff:fe9f:a547/64 scope link
-       valid_lft forever preferred_lft forever
-: enxbe3af2b6059f: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
     link/ether be:3a:f2:b6:05:9f brd ff:ff:ff:ff:ff:ff
-: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
+: br-b3f2654f0e35: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
-    link/ether 02:42:0e:79:27:cb brd ff:ff:ff:ff:ff:ff
+    link/ether 02:42:34:20:08:f1 brd ff:ff:ff:ff:ff:ff
-    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
-       valid_lft forever preferred_lft forever
-    inet6 fe80::42:eff:fe79:27cb/64 scope link
-       valid_lft forever preferred_lft forever
-: br-b3f2654f0e35: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
-    link/ether 02:42:0b:7c:e1:7b brd ff:ff:ff:ff:ff:ff
     inet 172.20.0.1/16 brd 172.20.255.255 scope global br-b3f2654f0e35
        valid_lft forever preferred_lft forever
-: br-b96e9731af96: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
-    link/ether 02:42:b2:89:d9:9c brd ff:ff:ff:ff:ff:ff
+    link/ether 02:42:af:43:39:7c brd ff:ff:ff:ff:ff:ff
-    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-b96e9731af96
+    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
        valid_lft forever preferred_lft forever
-    inet6 fe80::42:b2ff:fe89:d99c/64 scope link
+: br-e51ea62201df: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+    link/ether 02:42:1d:2e:24:af brd ff:ff:ff:ff:ff:ff
+    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-e51ea62201df
        valid_lft forever preferred_lft forever
-: veth005fc44@if54: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-b96e9731af96 state UP group default
+    inet6 fe80::42:1dff:fe2e:24af/64 scope link
-    link/ether 56:06:5b:dc:5f:28 brd ff:ff:ff:ff:ff:ff link-netnsid 0
-    inet6 fe80::5406:5bff:fedc:5f28/64 scope link
        valid_lft forever preferred_lft forever
-: eno2np1.3113@eno2np1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+: vethb157218@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-e51ea62201df state UP group default
-    link/ether 3c:ec:ef:9f:a5:47 brd ff:ff:ff:ff:ff:ff
+    link/ether 66:6e:cc:b4:cf:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
-    inet 172.31.13.31/24 scope global eno2np1.3113
+    inet6 fe80::646e:ccff:feb4:cfee/64 scope link
-       valid_lft forever preferred_lft forever
-    inet6 fe80::3eec:efff:fe9f:a547/64 scope link
        valid_lft forever preferred_lft forever
 </code>
 </WRAP>
 ==== Firewallregeln ====
-<code>sudo iptables -S</code>
+<code>
+sudo iptables -S
+</code>
 <WRAP center round box 100%>
 <code>
--P INPUT ACCEPT
+*filter
--P FORWARD DROP
+:INPUT ACCEPT [597730509:430440880807]
--P OUTPUT ACCEPT
+:FORWARD DROP [245:12128]
--N DOCKER
+:OUTPUT ACCEPT [175230482:78194972432]
--N DOCKER-ISOLATION-STAGE-1
+:DOCKER - [0:0]
--N DOCKER-ISOLATION-STAGE-2
+:DOCKER-ISOLATION-STAGE-1 - [0:0]
--N DOCKER-USER
+:DOCKER-ISOLATION-STAGE-2 - [0:0]
--N f2b-sshd
+:DOCKER-USER - [0:0]
+:f2b-sshd - [0:0]
+-A INPUT -p tcp -m tcp --dport 7878 -j LOG --log-prefix "[netfilter] "
 -A INPUT -s 45.134.26.0/24 -j DROP
 -A INPUT -p tcp -m multiport --dports 666 -j f2b-sshd
 -A INPUT -i eno2np1 -p tcp -m tcp --dport 3030 -j ACCEPT
--A INPUT -i eno2np1 -p tcp -m tcp --dport 5432 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 7878 -j ACCEPT
--A INPUT -i eno2np1 -p tcp -m tcp --dport 7879 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 9175 -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "Allow Prometheus Node Exporter scraping" -j ACCEPT
--A INPUT -i eno2np1 -p tcp -m tcp --dport 7878 -j ACCEPT
+-A INPUT -s 108.181.2.0/24 -j DROP
--A INPUT -i eno2np1 -p tcp -m tcp --dport 9175 -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "Allow Prometheus Node Exporter scraping" -j ACCEPT
+-A INPUT -s 108.181.24.0/24 -j DROP
+-A INPUT -s 108.181.3.0/24 -j DROP
+-A INPUT -s 185.11.61.0/24 -j DROP
+-A INPUT -s 188.127.242.0/24 -j DROP
+-A INPUT -s 193.143.1.0/24 -j DROP
+-A INPUT -s 198.144.158.0/24 -j DROP
+-A INPUT -s 198.144.159.0/24 -j DROP
+-A INPUT -s 199.167.138.0/24 -j DROP
+-A INPUT -s 199.19.95.0/24 -j DROP
+-A INPUT -s 208.87.242.0/24 -j DROP
+-A INPUT -s 45.134.26.0/24 -j DROP
+-A INPUT -s 45.135.232.0/24 -j DROP
+-A INPUT -s 45.140.17.0/24 -j DROP
+-A INPUT -s 45.148.121.0/24 -j DROP
+-A INPUT -s 45.93.201.0/24 -j DROP
+-A INPUT -s 80.66.76.0/24 -j DROP
+-A INPUT -s 80.66.88.0/24 -j DROP
+-A INPUT -s 85.209.11.0/24 -j DROP
+-A INPUT -s 87.251.67.0/24 -j DROP
+-A INPUT -s 87.251.75.0/24 -j DROP
+-A INPUT -s 89.248.165.0/24 -j DROP
+-A INPUT -s 185.242.162.125/32 -j DROP
+-A INPUT -s 193.143.1.36/32 -j DROP
+-A INPUT -s 45.140.17.52/32 -j DROP
+-A INPUT -s 45.130.145.28/32 -j DROP
+-A FORWARD -p tcp -m tcp --dport 7878 -j LOG --log-prefix "[netfilter] "
 -A FORWARD -j DOCKER-USER
 -A FORWARD -j DOCKER-ISOLATION-STAGE-1
--A FORWARD -o br-b96e9731af96 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-e51ea62201df -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -o br-b96e9731af96 -j DOCKER
+-A FORWARD -o br-e51ea62201df -j DOCKER
--A FORWARD -i br-b96e9731af96 ! -o br-b96e9731af96 -j ACCEPT
+-A FORWARD -i br-e51ea62201df ! -o br-e51ea62201df -j ACCEPT
--A FORWARD -i br-b96e9731af96 -o br-b96e9731af96 -j ACCEPT
+-A FORWARD -i br-e51ea62201df -o br-e51ea62201df -j ACCEPT
 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -o docker0 -j DOCKER
 -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
 -A FORWARD -i docker0 -o docker0 -j ACCEPT
+-A FORWARD -o br-b96e9731af96 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-b96e9731af96 -j DOCKER
+-A FORWARD -i br-b96e9731af96 ! -o br-b96e9731af96 -j ACCEPT
+-A FORWARD -i br-b96e9731af96 -o br-b96e9731af96 -j ACCEPT
 -A FORWARD -o br-b3f2654f0e35 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -o br-b3f2654f0e35 -j DOCKER
@@ Zeile 447: / Zeile 497: @@
 -A FORWARD -i br-182c22c80515 ! -o br-182c22c80515 -j ACCEPT
 -A FORWARD -i br-182c22c80515 -o br-182c22c80515 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 7878 -j LOG --log-prefix "[netfilter] "
 -A OUTPUT -p tcp -m tcp --sport 3030 -m state --state ESTABLISHED -j ACCEPT
 -A OUTPUT -p tcp -m tcp --sport 7878 -m state --state ESTABLISHED -j ACCEPT
@@ Zeile 452: / Zeile 503: @@
 -A OUTPUT -p tcp -m tcp --sport 7879 -m state --state ESTABLISHED -j ACCEPT
 -A OUTPUT -p tcp -m tcp --sport 9175 -m conntrack --ctstate ESTABLISHED -m comment --comment "Allow outgoing responses for Prometheus Node Exporter" -j ACCEPT
--A DOCKER -d 172.18.0.2/32 ! -i br-b96e9731af96 -o br-b96e9731af96 -p tcp -m tcp --dport 1433 -j ACCEPT
+-A DOCKER -d 172.18.0.2/32 ! -i br-e51ea62201df -o br-e51ea62201df -p tcp -m tcp --dport 1433 -j ACCEPT
--A DOCKER-ISOLATION-STAGE-1 -i br-b96e9731af96 ! -o br-b96e9731af96 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-e51ea62201df ! -o br-e51ea62201df -j DOCKER-ISOLATION-STAGE-2
 -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
 -A DOCKER-ISOLATION-STAGE-1 -i br-b3f2654f0e35 ! -o br-b3f2654f0e35 -j DOCKER-ISOLATION-STAGE-2
 -A DOCKER-ISOLATION-STAGE-1 -j RETURN
--A DOCKER-ISOLATION-STAGE-2 -o br-b96e9731af96 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-e51ea62201df -j DROP
 -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
 -A DOCKER-ISOLATION-STAGE-2 -o br-b3f2654f0e35 -j DROP
@@ Zeile 463: / Zeile 514: @@
 -A DOCKER-USER -j RETURN
 -A f2b-sshd -j RETURN
-\\
-*nat\\
+*nat
-:PREROUTING ACCEPT [864689:102993021]\\
+:PREROUTING ACCEPT [4717263:449324127]
-:INPUT ACCEPT [860617:102471719]\\
+:INPUT ACCEPT [10647614:782359454]
-:OUTPUT ACCEPT [25936:1637619]\\
+:OUTPUT ACCEPT [6379770:383273186]
-:POSTROUTING ACCEPT [222708:13401142]\\
+:POSTROUTING ACCEPT [4549362:269602758]
-:DOCKER - [0:0]\\
+:DOCKER - [0:0]
--A PREROUTING -m addrtype –dst-type LOCAL -j DOCKER\\
+-A PREROUTING -p tcp -m tcp --dport 7879 -m comment --comment "Make Diversity Workbench SQL Server accessible from outside" -j DNAT --to-destination 172.32.23.31:5433
-**-A PREROUTING -p tcp -m tcp –dport 7878 -m comment –comment "Make Diversity Workbench SQL Server accessible from outside" -j DNAT –to-destination 172.32.23.31:5432** \\
+-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-**-A PREROUTING -p tcp -m tcp –dport 7879 -m comment –comment "Make Diversity Workbench SQL Server accessible from outside" -j DNAT –to-destination 172.32.23.31:5433**\\
+-A PREROUTING -p tcp -m tcp --dport 7878 -m comment --comment "Make Diversity Workbench SQL Server accessible from outside" -j DNAT --to-destination 172.31.13.31:5432
--A OUTPUT ! -d 127.0.0.0/8 -m addrtype –dst-type LOCAL -j DOCKER\\
+-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
--A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE\\
+-A POSTROUTING -s 172.18.0.0/16 ! -o br-e51ea62201df -j MASQUERADE
--A POSTROUTING -s 172.18.0.0/16 ! -o br-182c22c80515 -j MASQUERADE\\
+-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-**-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp –dport 1433 -j MASQUERADE**\\
+-A POSTROUTING -s 172.18.0.0/16 ! -o br-b96e9731af96 -j MASQUERADE
--A DOCKER -i docker0 -j RETURN\\
+-A POSTROUTING -s 172.20.0.0/16 ! -o br-b3f2654f0e35 -j MASQUERADE
--A DOCKER -i br-182c22c80515 -j RETURN\\
+-A POSTROUTING -s 172.18.0.0/16 ! -o br-182c22c80515 -j MASQUERADE
-**-A DOCKER ! -i br-182c22c80515 -p tcp -m tcp –dport 5432 -j DNAT –to-destination 172.18.0.2:1433**\\
+-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 1433 -j MASQUERADE
+-A DOCKER -i br-e51ea62201df -j RETURN
+-A DOCKER -i docker0 -j RETURN
+-A DOCKER -i br-b3f2654f0e35 -j RETURN
+-A DOCKER ! -i br-e51ea62201df -p tcp -m tcp --dport 5432 -j DNAT --to-destination 172.18.0.2:1433
 </code>
 </WRAP>
@@ Zeile 486: / Zeile 543: @@
 Regel hinzufügen, z.B.:
 <code>
 iptables -A INPUT -i eno2np1 -p tcp --dport 7878 -j ACCEPT
 </code>
 Speicherbar machen:
 <code>
 sudo apt-get update
 sudo apt-get install iptables-persistent
 </code>
 Backup Existing Rules:
 <code>
-sudo iptables-save > ~/iptables_backup.txt
+sudo iptables-save> ~/iptables_backup.txt
+</code>
+Mehr dazu: [[https://wiki.ubuntuusers.de/iptables/|https://wiki.ubuntuusers.de/iptables/]]\\
+=== IP Blacklist aus München ===
+<code>
+sudo iptables -A INPUT -s 108.181.2.0/24 -j DROP
+sudo iptables -A INPUT -s 108.181.24.0/24 -j DROP
+sudo iptables -A INPUT -s 108.181.3.0/24 -j DROP
+sudo iptables -A INPUT -s 185.11.61.0/24 -j DROP
+sudo iptables -A INPUT -s 188.127.242.0/24 -j DROP
+sudo iptables -A INPUT -s 193.143.1.0/24 -j DROP
+sudo iptables -A INPUT -s 198.144.158.0/24 -j DROP
+sudo iptables -A INPUT -s 198.144.159.0/24 -j DROP
+sudo iptables -A INPUT -s 199.167.138.0/24 -j DROP
+sudo iptables -A INPUT -s 199.19.95.0/24 -j DROP
+sudo iptables -A INPUT -s 208.87.242.0/24 -j DROP
+sudo iptables -A INPUT -s 45.134.26.0/24 -j DROP
+sudo iptables -A INPUT -s 45.135.232.0/24 -j DROP
+sudo iptables -A INPUT -s 45.140.17.0/24 -j DROP
+sudo iptables -A INPUT -s 45.148.121.0/24 -j DROP
+sudo iptables -A INPUT -s 45.93.201.0/24 -j DROP
+sudo iptables -A INPUT -s 80.66.76.0/24 -j DROP
+sudo iptables -A INPUT -s 80.66.88.0/24 -j DROP
+sudo iptables -A INPUT -s 85.209.11.0/24 -j DROP
+sudo iptables -A INPUT -s 87.251.67.0/24 -j DROP
+sudo iptables -A INPUT -s 87.251.75.0/24 -j DROP
+sudo iptables -A INPUT -s 89.248.165.0/24 -j DROP
+sudo iptables -A INPUT -s 185.242.162.125 -j DROP
+sudo iptables -A INPUT -s 193.143.1.36 -j DROP
+sudo iptables -A INPUT -s 45.140.17.52 -j DROP
+sudo iptables -A INPUT -s 45.130.145.28 -j DROP
 </code>
-Mehr dazu: https://wiki.ubuntuusers.de/iptables/
+===== fail2ban - läuft noch nicht richtig =====
-===== fail2ban =====
 <code>
@@ Zeile 570: / Zeile 665: @@
 </code>
-===== Backups einspielen =====
+===== Backups in die DWB einspielen =====
 Backups auf den Server kopieren:
@@ Zeile 678: / Zeile 773: @@
 In /opt/dwb-backup läuft backup_script.sh und erstellt jede Nacht um 0:00 Uhr ein Komplettabbild der Datenbank in /mnt/mssql_data/backup/full/, jede volle Stunde zwischen 7:00 und 18:00 Uhr ein inkrementelles Abbild in /mnt/mssql_data/backup/diff/. Für dieses Skript müssen auf dem Server mssql-tools installiert werden!
 <code>
 #!/bin/bash
@@ Zeile 693: / Zeile 789: @@
     IGNORE_DB="tempdb model"
-    DB_LIST=$(sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
+    DB_LIST=$(sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
     for db in $DB_LIST
     do
@@ Zeile 706: / Zeile 802: @@
         if [ "$skipdb" = "-1" ]; then
             SQL_FILE="${db}_full_${NOW}"
-            sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/full/${SQL_FILE}.bak' WITH NAME='Full backup of ${db}',INIT,COMPRESSION,CHECKSUM,FORMAT"
+            sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/full/${SQL_FILE}.bak' WITH NAME='Full backup of ${db}',INIT,COMPRESSION,CHECKSUM,FORMAT"
             if [ $? -eq 0 ]
             then
-                printf "${SQL_FILE}.bak written" >> $LOG_FILE
+                printf "${SQL_FILE}.bak written">> $LOG_FILE
                 chmod g+r "${BACKUP_PATH_HOST}/full/${SQL_FILE}.bak"
             else
-                printf "WARNING: An error occured while attempting to write {$db}" >> $LOG_FILE
+                printf "WARNING: An error occured while attempting to write {$db}">> $LOG_FILE
             fi
         fi
@@ Zeile 726: / Zeile 822: @@
     IGNORE_DB="tempdb master model"
-    DB_LIST=$(sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
+    DB_LIST=$(sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -h -1 -Q 'SET NOCOUNT ON;SELECT name FROM sys.databases;')
     for db in $DB_LIST
     do
@@ Zeile 739: / Zeile 835: @@
         if [ "$skipdb" = "-1" ]; then
             SQL_FILE="${db}_diff_${NOW}"
-            sqlcmd -S 172.32.23.31,5432 -U BackupAdmin -P '}Cg5+~W7Hyye&6T%uy' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/diff/${SQL_FILE}.bak' WITH NAME='diff backup of ${db}',DIFFERENTIAL"
+            sqlcmd -S 172.31.13.31,5432 -U BackupAdmin -P 'StrongPassword!123' -Q "BACKUP DATABASE [${db}] TO DISK=N'${BACKUP_PATH}/diff/${SQL_FILE}.bak' WITH NAME='diff backup of ${db}',DIFFERENTIAL"
             if [ $? -eq 0 ]
             then
-                printf "${db}.bak written" >> $LOG_FILE
+                printf "${db}.bak written">> $LOG_FILE
                 chmod g+r "${BACKUP_PATH_HOST}/diff/${SQL_FILE}.bak"
             else
-                printf "WARNING: An error occured while attempting to write ${SQL_FILE}" >> $LOG_FILE
+                printf "WARNING: An error occured while attempting to write ${SQL_FILE}">> $LOG_FILE
             fi
         fi
@@ Zeile 752: / Zeile 848: @@
     rm "${BACKUP_PATH_HOST}/diff/.in_process"
 }
 if [ "$1" = "full"  ]; then
     LOG_FILE="${BACKUP_PATH_HOST}/full/backup-db_${NOW}.log"
-    printf "Start full backup of MSSQL Server lserver-dwb01: $(date "+%F %T")" > $LOG_FILE
+    printf "Start full backup of MSSQL Server lserver-dwb01: $(date "+%F %T")"> $LOG_FILE
     sqlserver_dwb_full
-    printf "Finish backup utility: $(date "+%F %T")\n\n" >> "$LOG_FILE"
+    printf "Finish backup utility: $(date "+%F %T")\n\n">> "$LOG_FILE"
 fi
 if [ "$1" = "diff"  ]; then
     LOG_FILE="${BACKUP_PATH_HOST}/diff/backup-db_`date "+%u"`.log"
-    echo "Start differential backup of MSSQL Server lserver-dwb01: $(date "+%F %T")" >> $LOG_FILE
+    echo "Start differential backup of MSSQL Server lserver-dwb01: $(date "+%F %T")">> $LOG_FILE
     sqlserver_dwb_diff
-    printf "Finish backup utility: $(date "+%F %T")\n\n" >> "$LOG_FILE"
+    printf "Finish backup utility: $(date "+%F %T")\n\n">> "$LOG_FILE"
 fi
 </code>
 Crontab (crontab -e) mit PATH, sonst ist 'sqlcmd' nicht bekannt:
 <code>
 PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/mssql-tools/bin
-0 * * * /opt/dwb-backup/backup_script.sh full > /var/log/backup_script_full.log 2>&1
+0 * * * /opt/dwb-backup/backup_script.sh full> /var/log/backup_script_full.log 2>&1
-7-18 * * * /opt/dwb-backup/backup_script.sh diff > /var/log/backup_script_diff.log 2>&1
+7-18 * * * /opt/dwb-backup/backup_script.sh diff> /var/log/backup_script_diff.log 2>&1
 </code>
 ===== Prometheus Daten =====
-Die Healthdaten des Servers werden via [[server:nodeex|Node Exporter]] an [[server:prometheus|Prometheus]] auf Hetzner freigegeben.
+Die Healthdaten des Servers werden via [[:server:nodeex|Node Exporter]] an [[:server:prometheus|Prometheus]] auf Hetzner freigegeben.

Werkzeuge

Navigationsmenüs und Suche

Seitenstatus

Seiten-Werkzeuge

Metainformationen zur Seite

Unterschiede