Linux

Preparation I used three VM nodes for this home lab project with 8 Cores 8GB Memory and 20GB for the root disk with Jumbo Frame in ClusterNet interface with operating systems Rocky Linux 8.10. Node Hostname vCPU Memory RootDisk PublicNet ClusterNet btnlab01ceph01 8 Core 8GB 20GB 10.78.78.221 10.79.79.221 btnlab01ceph02 8 Core 8GB 20GB 10.78.78.222 10.79.79.222 btnlab01ceph03 8 Core 8GB 20GB 10.78.78.223 10.79.79.223 Then I added 4 hard drives each with a capacity of 50GB used for OSDs. ...

Installing Packages Dependencies dnf install -y keepalived Keepalived Configuration Keepalived state reference MASTER-MASTER (if down, back to top priority) MASTER-BACKUP (if down, back to MASTER) BACKUP-BACKUP (if down, respect to node with MASTER state) Routers with priority 101 will become MASTER and Routers with priority 100 will become BACKUP. Configure First Node cat <<EOF | tee /etc/keepalived/keepalived.conf global_defs { router_id JumpServer enable_script_security vrrp_check_unicast_src } vrrp_track_process track_openvpn { process openvpn weight 2 } vrrp_instance VIP { state MASTER interface eth1 virtual_router_id 69 priority 101 advert_int 1 nopreempt authentication { auth_type PASS auth_pass Pa\$\$w0rd } unicast_src_ip 10.79.80.1 unicast_peer { 10.79.80.2 } virtual_ipaddress { 103.150.80.130/28 dev eth0 10.79.80.254/24 dev eth1 } virtual_routes { 0.0.0.0/0 via 103.150.80.142 dev eth0 metric 100 } static_routes { 0.0.0.0/0 via 10.79.80.251 dev eth1 metric 101 } track_process { track_openvpn } } EOF Restart service and set to run while system boot ...

Installing package dependencies dnf install -y epel-release dnf install -y openvpn openssl easy-rsa policycoreutils-python-utils Creating and Setting Up an OpenVPN Server Certificates Set of environment variable for easy_rsa cat <<EOF | tee vars set_var EASYRSA_ALGO ec set_var EASYRSA_CURVE prime256v1 set_var EASYRSA_CA_EXPIRE 3650 set_var EASYRSA_CERT_EXPIRE 3650 set_var EASYRSA_CRL_DAYS 3650 EOF Then execute ./easyresa init-pki Create certificate authority (CA) and sever certificate. SERVER_CN=jumpserver SERVER_NAME=jumpserver ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass ./easyrsa --batch build-server-full "$SERVER_NAME" nopass ./easyrsa gen-crl ...