Wiki » History » Revision 9
Revision 8 (Redmine Admin, 02/13/2026 12:27 PM) → Revision 9/11 (Redmine Admin, 02/13/2026 12:29 PM)
初期設定
curl https://download.argon40.com/argon-eeprom.sh | bash
これはubuntsuでは無効
1。MVMEの設定最適化
これを行わないとハングアップする可能性がある
2.
EEPROM更新
sudo rpi-eeprom-update
sudo rpi-eeprom-update -a
sudo reboot
sudo apt install rpi-eeprom
sudo rpi-eeprom-update
sudo rpi-eeprom-update -a
sudo reboot
ブート順序確認
vcgencmd bootloader_config
sudo -E rpi-eeprom-config --edit
[all]
BOOT_UART=1
BOOT_ORDER=0xf416
PCIE_PROBE=1
NET_INSTALL_AT_POWER_ON=0
にする
② NVMe が認識されているか確認
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 42.9M 1 loop /snap/snapd/24787
loop1 7:1 0 41.6M 1 loop /snap/snapd/25939
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/firmware
└─nvme0n1p2 259:2 0 476.4G 0 part /
lspci | grep -i nvme
0000:01:00.0 Non-Volatile memory controller: MAXIO Technology (Hangzhou) Ltd. NVMe SSD Controller MAP1202 (DRAM-less) (rev 01)
③ Ubuntu 側の最適化
sudo nano /etc/fstab
LABEL=writable / ext4 defaults 0 1
LABEL=system-boot /boot/firmware vfat defaults 0 1
変更する
LABEL=writable / ext4 defaults,noatime,commit=60 0 1
LABEL=system-boot /boot/firmware vfat defaults,noatime 0 0
書いた後
sudo update-initramfs -u
sudo reboot
再起動後確認
mount | grep ' / '
で下記表示
/dev/nvme0n1p2 on / type ext4 (rw,noatime,commit=60)
I/O scheduler
cat /sys/block/nvme0n1/queue/scheduler
下記表示
[none] mq-deadline
swap(zram推奨)
sudo apt install zram-tools
確認:
swapon --show
表示
NAME TYPE SIZE USED PRIO
/dev/zram0 partition 256M 0B 100
✔ initramfs 更新忘れ注意
fstab 変更後:
sudo update-initramfs -u
電源不足チェック
vcgencmd get_throttled
下記表示でOK
throttled=0x0
NVMEの状態確認
① NVMe が正しく認識されているか
lsblk
下記表示
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 42.9M 1 loop /snap/snapd/24787
loop1 7:1 0 41.6M 1 loop /snap/snapd/25939
zram0 252:0 0 256M 0 disk [SWAP]
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /boot/firmware
└─nvme0n1p2 259:2 0 476.4G 0 part /
lsblk -f
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
loop0
squash 4.0 0 100% /snap/snapd/24787
loop1
squash 4.0 0 100% /snap/snapd/25939
zram0
[SWAP]
nvme0n1
├─nvme0n1p1
│ vfat FAT32 system-boot 8AA8-96C7 321.7M 36% /boot/firmware
└─nvme0n1p2
ext4 1.0 writable 9276ecfd-6dd5-4e22-9a91-2afafd0a53a3 447.5G 1% /
② PCIe / NVMe として認識されているか
lspci | grep -i nvme
0000:01:00.0 Non-Volatile memory controller: MAXIO Technology (Hangzhou) Ltd. NVMe SSD Controller MAP1202 (DRAM-less) (rev 01)
③ SMART(健康状態)確認【重要】
sudo apt install nvme-cli
SMARTログ
sudo nvme smart-log /dev/nvme0
Smart Log for NVME device:nvme0 namespace-id:ffffffff
critical_warning : 0
temperature : 35 °C (308 K)
available_spare : 100%
available_spare_threshold : 10%
percentage_used : 0%
endurance group critical warning summary: 0
Data Units Read : 15606 (7.99 GB)
Data Units Written : 23998 (12.29 GB)
host_read_commands : 352766
host_write_commands : 327655
controller_busy_time : 0
power_cycles : 10
power_on_hours : 0
unsafe_shutdowns : 2
media_errors : 0
num_err_log_entries : 0
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Temperature Sensor 1 : 35 °C (308 K)
Temperature Sensor 2 : 39 °C (312 K)
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 0
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
⑦ I/O 状態(詰まり確認)
iostat -xm 1
① 最低限の日本語化(文字が読めるようにする)
sudo apt update
sudo apt install language-pack-ja
locale
LANG=C.UTF-8
LANGUAGE=
LC_CTYPE="C.UTF-8"
LC_NUMERIC="C.UTF-8"
LC_TIME="C.UTF-8"
LC_COLLATE="C.UTF-8"
LC_MONETARY="C.UTF-8"
LC_MESSAGES="C.UTF-8"
LC_PAPER="C.UTF-8"
LC_NAME="C.UTF-8"
LC_ADDRESS="C.UTF-8"
LC_TELEPHONE="C.UTF-8"
LC_MEASUREMENT="C.UTF-8"
LC_IDENTIFICATION="C.UTF-8"
LC_ALL=
sudo update-locale LANG=ja_JP.UTF-8
② 日本語フォントの導入(最重要)
sudo apt install \
fonts-noto-cjk \
fonts-ipafont \
fonts-ipaexfont
フォント確認
sudo apt install fontconfig
postgre16インストール
sudo apt update
sudo apt install curl ca-certificates -y
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgsql.asc
echo "deb http://apt.postgresql.org/pub/repos/apt noble-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list
sudo apt update
sudo apt install postgresql-16 -y
sudo systemctl start postgresql
sudo systemctl status postgresql
postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; prese>
Active: active (exited) since Thu 2026-01-22 15:16:50 JST; 53s ago
Main PID: 3003 (code=exited, status=0/SUCCESS)
CPU: 1ms
1月 22 15:16:50 TOYAMADC1 systemd[1]: Starting postgresql.service - PostgreSQL>
1月 22 15:16:50 TOYAMADC1 systemd[1]: Finished postgresql.service - PostgreSQL>
lines 1-8/8 (END)
sudo -u postgres psql
CREATE USER toyamadc toyamadcadmin WITH PASSWORD 'AsahiToyama';
CREATE DATABASE toyamadc_db OWNER toyamadc ENCODING 'UTF8';
GRANT ALL PRIVILEGES ON DATABASE toyamadc_db TO toyamadc;
\q
sudo ufw allow 5432/tcp
sudo nano /etc/postgresql/16/main/postgresql.conf
listen_addresses = '*'
sudo nano /etc/postgresql/16/main/pg_hba.conf
host all all 0.0.0.0/0 md5
sudo systemctl restart postgresql
NGINXインストール
NGINXインストール
sudo apt update
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl status nginx
⭐【NGINX の設定ファイル位置】
内容 パス
メイン設定 /etc/nginx/nginx.conf
サイト設定 /etc/nginx/sites-available/
有効化されている設定 /etc/nginx/sites-enabled/
ZABIX7.0 LTSインストール
sudo -s
wget https://repo.zabbix.com/zabbix/7.0/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_latest_7.0+ubuntu24.04_all.deb
dpkg -i zabbix-release_latest_7.0+ubuntu24.04_all.deb
apt update
apt install zabbix-server-pgsql zabbix-frontend-php php8.3-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent
sudo -u postgres createuser --pwprompt zabbix
password:asahitoyama
sudo -u postgres createdb -O zabbix zabbix
zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix
sudo nano /etc/zabbix/zabbix_server.conf
DBPassword=asahitoyama
sudo nano /etc/zabbix/nginx.conf
listen 8080;
server_name toyamadc.com;
systemctl restart zabbix-server zabbix-agent nginx php8.3-fpm
systemctl enable zabbix-server zabbix-agent nginx php8.3-fpm
sudo nano /etc/nginx/sites-available/zabbix
server {
listen 80;
server_name _;
root /usr/share/zabbix;
index index.php;
location = /favicon.ico {
log_not_found off;
}
location / {
# ここが 404 の原因になりやすい → index.php にフォールバック
try_files $uri $uri/ /index.php?$query_string;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /\.ht {
deny all;
}
location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location /vendor {
deny all;
return 404;
}
# PHP 実行部分(ソケットは /run/php 下に合わせる)
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/zabbix.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
#ZABBIXを起動して確認
http://XXX.XXX.XXX.XXX:8080
User Admin
Password Zabbix
Kea DHCP → IP配布
Bind DNS → DDNS
FreeRADIUS → 802.1X / VLAN制御
Step-CA → 証明書発行
#DHCP
sudo apt update
sudo apt install kea-dhcp4-server kea-ctrl-agent kea-common -y
#VLAN定義
sudo nano /etc/netplan/00-installer-config.yaml
network:
version: 2
ethernets:
eth0:
dhcp4: no
vlans:
vlan1: { id: 1, link: eth0, addresses: [172.16.1.250/24] }
vlan100: { id: 100, link: eth0, addresses: [192.168.10.250/24] }
vlan2: { id: 2, link: eth0, addresses: [172.16.2.250/24] }
vlan3: { id: 3, link: eth0, addresses: [172.16.3.250/24] }
vlan4: { id: 4, link: eth0, addresses: [172.16.4.250/24] }
vlan5: { id: 5, link: eth0, addresses: [172.16.5.250/24] }
vlan6: { id: 6, link: eth0, addresses: [172.16.6.250/24] }
vlan7: { id: 7, link: eth0, addresses: [172.16.7.250/24] }
vlan8: { id: 8, link: eth0, addresses: [172.16.8.250/24] }
vlan9: { id: 9, link: eth0, addresses: [172.16.9.250/24] }
vlan10: { id: 10, link: eth0, addresses: [172.16.10.250/24] }
vlan11: { id: 11, link: eth0, addresses: [172.16.11.250/24] }
vlan186: { id: 186, link: eth0, addresses: [192.168.186.250/24] }
DHCPサーバ接続ポート:
格納
TRUNK
allowed vlan 1,2,3,4,5,6,7,8,9,10,11,100m,186
sudo nano /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [
"vlan1","vlan100","vlan2","vlan3","vlan4",
"vlan5","vlan6","vlan7","vlan8","vlan9",
"vlan10","vlan11","vlan186"
]
},
"subnet4": [
{"subnet": "172.16.1.0/24", "interface": "vlan1",
"pools":[{"pool":"172.16.1.200-172.16.1.250"}],
"option-data":[{"name":"routers","data":"172.16.1.1"}],
"reservations": [
{
"hw-address": "f4:d5:80:24:a7:36",
"ip-address": "172.16.2.10",
"hostname": "SWX2310-ToyamaDC"
},
{
"hw-address": "f4:d5:80:17:dc:d6",
"ip-address": "172.16.2.14",
"hostname": "SWX2310P-1T-1"
},
{
"hw-address": "f4:d5:80:24:a9:3c",
"ip-address": "172.16.2.10",
"hostname": "SWX2310_Office"
},
{
"hw-address": "f4:d5:80:32:99:80",
"ip-address": "172.16.2.20",
"hostname": "WO0101"
},
{
"hw-addess": "f4:d5:80:32:a1:d8",
"ip-address": "172.16.2.21",
"hostname": "WO0102"
}
]
},
{ "subnet": "192.168.10.0/24","interface":"vlan100",
"pools":[{"pool":"192.168.10.100-192.168.10.200"}],
"option-data":[{"name":"routers","data":"192.168.10.1"}] },
{ "subnet": "172.16.2.0/24", "interface":"vlan2",
"pools":[{"pool":"172.16.2.2-172.16.2.100"}],
"option-data":[{"name":"routers","data":"172.16.2.1"}] },
{ "subnet": "172.16.3.0/24", "interface":"vlan3",
"pools":[{"pool":"172.16.3.2-172.16.3.50"}],
"option-data":[{"name":"routers","data":"172.16.3.1"}] },
{ "subnet": "172.16.4.0/24", "interface":"vlan4",
"pools":[{"pool":"172.16.4.2-172.16.4.50"}],
"option-data":[{"name":"routers","data":"172.16.4.1"}] },
{ "subnet": "172.16.5.0/24", "interface":"vlan5",
"pools":[{"pool":"172.16.5.2-172.16.5.100"}],
"option-data":[{"name":"routers","data":"172.16.5.1"}] }
{ "subnet": "172.16.6.0/24", "interface":"vlan6",
"pools":[{"pool":"172.16.6.2-172.16.6.100"}],
"option-data":[{"name":"routers","data":"172.16.6.1"}] },
{ "subnet": "172.16.7.0/24", "interface":"vlan7",
"pools":[{"pool":"172.16.7.2-172.16.7.50"}],
"option-data":[{"name":"routers","data":"172.16.7.1"}] },
{ "subnet": "172.16.8.0/24", "interface":"vlan8",
"pools":[{"pool":"172.16.8.2-172.16.8.50"}],
"option-data":[{"name":"routers","data":"172.16.8.1"}] },
{ "subnet": "172.16.9.0/24", "interface":"vlan9",
"pools":[{"pool":"172.16.9.2-172.16.9.100"}],
"option-data":[{"name":"routers","data":"172.16.9.1"}]
{ "subnet": "172.16.10.0/24", "interface":"vlan10",
"pools":[{"pool":"172.16.10.2-172.16.10.50"}],
"option-data":[{"name":"routers","data":"172.16.7.1"}] },
{ "subnet": "172.16.11.0/24", "interface":"vlan11",
"pools":[{"pool":"172.16.11.2-172.16.11.50"}],
"option-data":[{"name":"routers","data":"172.16.8.1"}] },
{ "subnet": "192.168.186.0/24", "interface":"vlan186",
"pools":[{"pool":"192.168.186.2-192.168.186.100"}],
"option-data":[{"name":"routers","data":"192.168.186.1"}]
]
}
}
書き込み後、下記コマンド
sudo systemctl restart kea-dhcp4-server
#DNS(BIND9)インストール
sudo apt update
sudo apt install bind9 bind9-utils bind9-dnsutils -y
systemctl status bind9
sudo nano /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
listen-on { 127.0.0.1; 172.16.1.10; };
forwarders {
8.8.8.8;
1.1.1.1;
};
dnssec-validation auto;
};
Django インストール
sudo apt update
sudo apt install python3-pip python3-venv python3-dev -y
mkdir ~/toyamadc
cd toyamadc
python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install django
python -m django --version
django-admin startproject config .
sudo apt install libpq-dev -y
pip install psycopg2-binary
cd config
nano settings.py
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'toyamadc_db',
'USER': 'toyamadcadmin',
'PASSWORD': 'asahitoyama',
'HOST': '127.0.0.1',
'PORT': '5432',
}
}
cd ..
python manage.py migrate
python manage.py createsuperuser
Username (leave blank to use 'toyamadc'):
Email address: admin@asahilogisatics.co.jp
Password: asahitoyama
Password (again):
Superuser created successfully.
pip install gunicorn
sudo nano /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon for Django
After=network.target
[Service]
User=toyamadc
Group=www-data
WorkingDirectory=/home/toyamadc
ExecStart=/home/toyamadc/.venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/gunicorn.sock config.wsgi:application
[Install]
WantedBy=multi-user.target
sudo nano /etc/nginx/sites-available/django
server {
listen 80 default_server;
server_name _;
# ==========================
# 1. Django (ルート "/")
# ==========================
location /static/ {
alias /home/toyamadc/static/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
# ==========================
# 2. Zabbix ("/zabbix" 以下)
# ==========================
# /zabbix/ → /usr/share/zabbix/index.php
location /zabbix {
root /usr/share;
index index.php;
}
# PHP 実行部分
location ~ ^/zabbix/.+\.php$ {
root /usr/share;
fastcgi_pass unix:/run/php/zabbix.sock;
include fastcgi_params;
# ここがポイント:root と SCRIPT_FILENAME を揃える
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
# 触らせたくないもの
location ~ ^/zabbix/(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location ~ ^/zabbix/vendor/ {
deny all;
return 404;
}
location ~ /\.ht {
deny all;
}
}
sudo ln -s /etc/nginx/sites-available/django /etc/nginx/sites-enabled/
sudo nginx -t
.ssh/config
Host toyama-django
HostName 192.168.200.111
User toyamadc
IdentityFile /Users/mizunuma/.ssh/id_ed25519
IdentitiesOnly yes
PreferredAuthentications publickey
swap増加sudo rm /swapfile
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo nano /etc/fstab
/swapfile none swap sw 0 0
sudo swapoff -a
radiusインストール
sudo apt update
sudo apt upgrade -y
sudo apt install freeradius freeradius-utils -y
sudo systemctl enable freeradius
sudo systemctl start freeradius
sudo systemctl status freeradius
証明書作成->
sudo apt update
sudo apt install isc-dhcp-server -y
sudo nano /etc/default/isc-dhcp-server
NTERFACESv4="eth0"
INTERFACESv6=""
sudo nano /etc/dhcp/dhcpd.conf
option domain-name "local";
option domain-name-servers 8.8.8.8, 1.1.1.1;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
}
sudo nano /etc/netplan/00-installer-config.yaml
network:
version: 2
ethernets:
eth0:
addresses: [192.168.10.1/24]
gateway4: 192.168.10.1
nameservers:
addresses: [8.8.8.8,1.1.1.1]
sudo netplan apply
DHCP サーバを起動
sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server
状態確認:
sudo systemctl status isc-dhcp-server
エラーチェック
sudo journalctl -u isc-dhcp-server -f