Difference between revisions of "Infrastructure:Sysadmin Handbook"
imported>Pew |
imported>Pew |
||
Line 116: | Line 116: | ||
== Other stuff == | == Other stuff == | ||
+ | |||
+ | [[Category:Infrastructure]] | ||
+ | [[Category:Howtos]] |
Revision as of 02:28, 2 January 2018
This page describes how to build the infrastructure from scratch, as well manage it in general.
Contents
Networking
Router
Configure /etc/network/interfaces:
# v6 iface $EXTERNAL_IF inet6 auto iface $INTERNAL_IF inet6 static address $INTERNAL_IPv6 netmask 128 # Enable internal network to access router's external v6 address pre-up ip route add $EXTERNAL_IPv6 via $INTERNAL_IPv6 # Enable NDP Proxying so internal boxes get SLAAC pre-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding pre-up echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra # VTLUUG Private Network v4 iface $INTERNAL_IF inet static address $INTERNAL_IPv4 netmask 255.255.255.0 # Additional IPs iface $EXTERNAL_IF inet static address $EXTERNAL_IPv4 gateway 128.173.88.1 broadcast 128.173.91.255 netmask 255.255.252.0 # Nat Settings # TODO this probably doesn't work pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP # Enable ARP Proxying so internal v4 address are accessible pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp pre-up echo 1 > /proc/sys/net/ipv4/ip_forward # Route internal v4 addresses ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF
Next, set up NDP proxying Configure /etc/ndppd.conf: (May not already exist)
# Rather than only listenting on each individual IPv6 address, we # simply forward all soliciations. The main advantage is that we # don't have to add any additional routing rules if a new internal # device is added. route-ttl 30000 address-ttl 30000 # External interface to listen on proxy $EXTERNAL_IF { router yes timeout 500 autowire no keepalive yes retries 3 promiscuous no ttl 30000 # Prefix to listen on rule ::0/ { # TODO might change prefix # Internal interface to forward everything to iface $INTERNAL_IF autovia no } }
Now start and enable ndppd.service.
Everything Else not run under oVirt
Debian
Configure /etc/network/interfaces:
# v6 iface $INTERFACE inet6 auto auto $INTERFACE iface $INTERFACE inet static address $INTERNAL_IPv4 gateway 10.99.0.1 netmask 255.255.255.0 # Additional IPs - Only do this if this box has an external IP iface $INTERFACE inet static address $EXTERNAL_IPv4 gateway 128.173.88.1 netmask 255.255.252.0
Centos
Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE:
ONBOOT="yes" NM_CONTROLLED="no" BOOTPROTO="static" IPADDR0="$INTERNAL_IPv4" GATEWAY0="10.99.0.1" NETMASK0="255.255.255.0" # Addition IPs - Only do this if this box has an external IP IPADDR1="$EXTERNAL_IPv4" GATEWAY1="128.173.88.1" NETMASK1="255.255.252.0"