The Lab Bench

1. Physical Layer & Host OS

Hardware selection · Linux foundation · Power redundancy

Localization starts with commodity server hardware, refurbished enterprise gear, or Supermicro builds. All components must be field-serviceable.

Minimum hardware specification

Compute

Dell R730 / Supermicro

Dual Xeon E5-26xx v4, 128-256GB RAM. Hot-swap PSU, redundant fans.

Storage

ZFS or MDRAID

Mirrored vdevs or RAID10. NVMe cache optional. SLOG for sync writes.

Power

Online UPS ≥3kVA

Dual input feeds + generator or secondary circuit. Runtime 15-30min minimum.

Operating system

Rocky Linux 9 / AlmaLinux 9

RHEL-compatible, stable kernel, predictable lifecycle. No forced upgrades.

dnf install -y epel-release vim htop tcpdump firewalld

SSH hardening: key-only auth, non-standard port (optional), fail2ban on public interfaces.

2. Core Network Services

DHCP · DNS · Local resolution

Autonomous addressing and name resolution are prerequisites for any localized facility.

DHCP (ISC Kea / dhcpd)

IPv4 address pools, static reservations for infrastructure hosts. Option to push local DNS servers.

dnf install dhcp-server

DNS (Unbound / Bind9)

Recursive resolver + local authoritative zones. Response Policy Zones (RPZ) for filtering.

dnf install unbound bind-utils

3. Service Deployment

Web · Database · File sharing · Identity · Virtualization

Web & app

nginx or Apache httpd – static assets, reverse proxy.
PHP-FPM / gunicorn for dynamic content.

Database

MariaDB 10.11+ or PostgreSQL 15+. Configure binary log / WAL archiving to separate storage.

File sharing

Samba (SMB3) + NFSv4 with Kerberos optional. Exports to Linux/Windows clients.

Identity

OpenLDAP or 389DS. Centralized POSIX accounts, sudo rules. SSSD integration.

Containers

Podman (rootless) with systemd integration. Quadlet for declarative containers.

Virtualization

KVM + libvirt. Full VM isolation, backup via virsh or guest agent.

podman run -d --name nginx --restart always -p 8080:80 nginx

4. Redundancy & Failover

VRRP · Replication · Backup strategy

Active/passive failover with keepalived

VRRP instance for VIP failover. Health tracking on critical services. Minimum two nodes per tier.

dnf install keepalived

Configuration: primary state MASTER, priority 101; backup priority 100. Virtual IP shared.

Data replication

ZFS send/recv for filesystems. DRBD for block-level sync (active/passive). Database native replication (MariaDB Galera or PostgreSQL streaming).

Lab note: Test failover monthly. Document recovery procedures in /root/DR.txt. Keep offline backups (Borg / restic) on cold storage.

5. Build Order

Incremental deployment · Validation stages

Implementation sequence

1. Base OS installation (Rocky/Alma) — disk encryption optional, separate /boot.
2. Configure management network, SSH, local NTP, firewall baseline.
3. Deploy DNS and DHCP, test resolution from a client.
4. Set up storage pool (ZFS) and share via NFS/Samba.
5. Deploy LDAP, integrate PAM/SSSD.
6. Add application services (nginx, MariaDB, etc.) on bare metal or in VMs.
7. Configure second node, replicate data, deploy keepalived.
8. Enable monitoring (Prometheus + node_exporter) and log aggregation (rsyslog).

# stage verification example
dig @10.0.0.2 local.zone +short
smbclient -L //10.0.0.20 -N
curl -I http://10.0.0.30/health

Document every service: port, protocol, dependencies, backup procedure. Store configs in a local Git repository.

6. Monitoring & Maintenance

Metrics · Logs · Weekly tasks

Metrics

Prometheus + node_exporter

CPU, memory, disk I/O, network errors, temperature.

Weekly tasks

smartctl short test · ZFS scrub

Check disk health, update certificates (acme.sh), review logs.

zpool status -x
smartctl -a /dev/sda | grep -i "media_errors"
journalctl -p err -b

LOCALIZED DATACENTER