Difference between revisions of "Infrastructure:Sysadmin Handbook"
imported>Pew (Redirected page to Sysadmin Handbook) |
imported>Pew |
||
| Line 1: | Line 1: | ||
| − | + | This page describes how to build the infrastructure from scratch, as well manage it in general. | |
| + | |||
| + | |||
| + | == Networking == | ||
| + | * Set up physical boxes based on the [[Infrastructure:Diagram|Diagram]] | ||
| + | * Determine the ip addresses based on [[Infrastructure:Network|Network]] | ||
| + | === Router === | ||
| + | Configure /etc/network/interfaces: | ||
| + | |||
| + | <nowiki> | ||
| + | # v6 | ||
| + | iface $EXTERNAL_IF inet6 auto | ||
| + | iface $INTERNAL_IF inet6 static | ||
| + | address $INTERNAL_IPv6 | ||
| + | netmask 128 | ||
| + | # Enable internal network to access router's external v6 address | ||
| + | pre-up ip route add $EXTERNAL_IPv6 via $INTERNAL_IPv6 | ||
| + | # Enable NDP Proxying so internal boxes get SLAAC | ||
| + | pre-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding | ||
| + | pre-up echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra | ||
| + | |||
| + | # VTLUUG Private Network v4 | ||
| + | iface $INTERNAL_IF inet static | ||
| + | address $INTERNAL_IPv4 | ||
| + | netmask 255.255.255.0 | ||
| + | |||
| + | # Additional IPs | ||
| + | iface $EXTERNAL_IF inet static | ||
| + | address $EXTERNAL_IPv4 | ||
| + | gateway 128.173.88.1 | ||
| + | broadcast 128.173.91.255 | ||
| + | netmask 255.255.252.0 | ||
| + | # Nat Settings | ||
| + | # TODO this probably doesn't work | ||
| + | pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP | ||
| + | # Enable ARP Proxying so internal v4 address are accessible | ||
| + | pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp | ||
| + | pre-up echo 1 > /proc/sys/net/ipv4/ip_forward | ||
| + | # Route internal v4 addresses | ||
| + | ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF | ||
| + | </nowiki> | ||
| + | |||
| + | Next, set up NDP proxying | ||
| + | Configure /etc/ndppd.conf: (May not already exist) | ||
| + | |||
| + | |||
| + | <nowiki> | ||
| + | # Rather than only listenting on each individual IPv6 address, we | ||
| + | # simply forward all soliciations. The main advantage is that we | ||
| + | # don't have to add any additional routing rules if a new internal | ||
| + | # device is added. | ||
| + | route-ttl 30000 | ||
| + | address-ttl 30000 | ||
| + | |||
| + | # External interface to listen on | ||
| + | proxy $EXTERNAL_IF { | ||
| + | router yes | ||
| + | timeout 500 | ||
| + | autowire no | ||
| + | keepalive yes | ||
| + | retries 3 | ||
| + | promiscuous no | ||
| + | ttl 30000 | ||
| + | |||
| + | # Prefix to listen on | ||
| + | rule ::0/ { # TODO might change prefix | ||
| + | # Internal interface to forward everything to | ||
| + | iface $INTERNAL_IF | ||
| + | autovia no | ||
| + | } | ||
| + | } | ||
| + | </nowiki> | ||
| + | |||
| + | Now start '''and''' enable ndppd.service. | ||
| + | |||
| + | === Everything Else not run under oVirt === | ||
| + | ==== Debian ==== | ||
| + | Configure /etc/network/interfaces: | ||
| + | |||
| + | <nowiki> | ||
| + | # v6 | ||
| + | iface $INTERFACE inet6 auto | ||
| + | auto $INTERFACE | ||
| + | iface $INTERFACE inet static | ||
| + | address $INTERNAL_IPv4 | ||
| + | gateway 10.99.0.1 | ||
| + | netmask 255.255.255.0 | ||
| + | |||
| + | # Additional IPs - Only do this if this box has an external IP | ||
| + | iface $INTERFACE inet static | ||
| + | address $EXTERNAL_IPv4 | ||
| + | gateway 128.173.88.1 | ||
| + | netmask 255.255.252.0 | ||
| + | </nowiki> | ||
| + | |||
| + | ==== Centos ==== | ||
| + | Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE: | ||
| + | |||
| + | <nowiki> | ||
| + | ONBOOT="yes" | ||
| + | NM_CONTROLLED="no" | ||
| + | BOOTPROTO="static" | ||
| + | IPADDR0="$INTERNAL_IPv4" | ||
| + | GATEWAY0="10.99.0.1" | ||
| + | NETMASK0="255.255.255.0" | ||
| + | # Addition IPs - Only do this if this box has an external IP | ||
| + | IPADDR1="$EXTERNAL_IPv4" | ||
| + | GATEWAY1="128.173.88.1" | ||
| + | NETMASK1="255.255.252.0" | ||
| + | </nowiki> | ||
| + | |||
| + | == Other stuff == | ||
Revision as of 02:27, 2 January 2018
This page describes how to build the infrastructure from scratch, as well manage it in general.
Contents
Networking
Router
Configure /etc/network/interfaces:
# v6
iface $EXTERNAL_IF inet6 auto
iface $INTERNAL_IF inet6 static
address $INTERNAL_IPv6
netmask 128
# Enable internal network to access router's external v6 address
pre-up ip route add $EXTERNAL_IPv6 via $INTERNAL_IPv6
# Enable NDP Proxying so internal boxes get SLAAC
pre-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
pre-up echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra
# VTLUUG Private Network v4
iface $INTERNAL_IF inet static
address $INTERNAL_IPv4
netmask 255.255.255.0
# Additional IPs
iface $EXTERNAL_IF inet static
address $EXTERNAL_IPv4
gateway 128.173.88.1
broadcast 128.173.91.255
netmask 255.255.252.0
# Nat Settings
# TODO this probably doesn't work
pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP
# Enable ARP Proxying so internal v4 address are accessible
pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
# Route internal v4 addresses
ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF
Next, set up NDP proxying Configure /etc/ndppd.conf: (May not already exist)
# Rather than only listenting on each individual IPv6 address, we
# simply forward all soliciations. The main advantage is that we
# don't have to add any additional routing rules if a new internal
# device is added.
route-ttl 30000
address-ttl 30000
# External interface to listen on
proxy $EXTERNAL_IF {
router yes
timeout 500
autowire no
keepalive yes
retries 3
promiscuous no
ttl 30000
# Prefix to listen on
rule ::0/ { # TODO might change prefix
# Internal interface to forward everything to
iface $INTERNAL_IF
autovia no
}
}
Now start and enable ndppd.service.
Everything Else not run under oVirt
Debian
Configure /etc/network/interfaces:
# v6
iface $INTERFACE inet6 auto
auto $INTERFACE
iface $INTERFACE inet static
address $INTERNAL_IPv4
gateway 10.99.0.1
netmask 255.255.255.0
# Additional IPs - Only do this if this box has an external IP
iface $INTERFACE inet static
address $EXTERNAL_IPv4
gateway 128.173.88.1
netmask 255.255.252.0
Centos
Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE:
ONBOOT="yes" NM_CONTROLLED="no" BOOTPROTO="static" IPADDR0="$INTERNAL_IPv4" GATEWAY0="10.99.0.1" NETMASK0="255.255.255.0" # Addition IPs - Only do this if this box has an external IP IPADDR1="$EXTERNAL_IPv4" GATEWAY1="128.173.88.1" NETMASK1="255.255.252.0"
