Difference between revisions of "Infrastructure:Sysadmin Handbook"
(→Adding a User VM) |
(gitolite -> gitea) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This page describes how to manage the infra. See [https://vtluug.github.io/rtfm.txt rtfm.txt] for a guide to build it from scratch. | This page describes how to manage the infra. See [https://vtluug.github.io/rtfm.txt rtfm.txt] for a guide to build it from scratch. | ||
− | This covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the service is critical or not. | + | This covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the service is critical or not. |
== Networks == | == Networks == | ||
Line 8: | Line 8: | ||
We ''should'' have the following networks in place: | We ''should'' have the following networks in place: | ||
− | * [[Infrastructure:Meltdown|meltdown]] br0 on eno1 <--> enp4s0 on [[Infrastructure:Joey|joey]]. This is the main LUUG network. | + | * [[Infrastructure:Meltdown|meltdown]] and [[Infrastructure:Spectre|spectre]] br0 on eno1 <--> enp4s0 on [[Infrastructure:Joey|joey]]. This is the main LUUG network. |
** 10.98.0.0/16 for VTLUUG NAT | ** 10.98.0.0/16 for VTLUUG NAT | ||
** IPv6 via prefix delegation on 607:b400:6:cc80/64 | ** IPv6 via prefix delegation on 607:b400:6:cc80/64 | ||
Line 29: | Line 29: | ||
* Clone <code>https://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide. | * Clone <code>https://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide. | ||
* Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide. | * Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide. | ||
− | * Have access to | + | * Have access to [https://git.vtluug.org/officers/vtluug-admin officers/vtluug-admin] on [https://git.vtluug.org gitea]. |
* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]]. | * Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]]. | ||
* Put your SSH key on [[Infrastructure:Meltdown|meltdown]] | * Put your SSH key on [[Infrastructure:Meltdown|meltdown]] | ||
Line 52: | Line 52: | ||
=== Testing === | === Testing === | ||
− | The new host should be accessible by papatux on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it | + | The new host should be accessible by papatux on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct. |
== Adding a User VM == | == Adding a User VM == | ||
Line 61: | Line 61: | ||
* Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide. | * Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide. | ||
* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]]. | * Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]]. | ||
− | * Have root on [[Infrastructure: | + | * Have root on [[Infrastructure:Spectre|spectre]] |
* Put your SSH key on [[Infrastructure:Spectre|spectre]] | * Put your SSH key on [[Infrastructure:Spectre|spectre]] | ||
Line 87: | Line 87: | ||
[[Category:Infrastructure]] | [[Category:Infrastructure]] | ||
[[Category:Howtos]] | [[Category:Howtos]] | ||
− | [[Category:Needs | + | [[Category:Needs restoration]] |
Latest revision as of 08:36, 26 October 2024
This page describes how to manage the infra. See rtfm.txt for a guide to build it from scratch.
This covers setup of a VM on meltdown or spectre depending on if the service is critical or not.
Contents
Networks
Further information: Network
We should have the following networks in place:
- meltdown and spectre br0 on eno1 <--> enp4s0 on joey. This is the main LUUG network.
- 10.98.0.0/16 for VTLUUG NAT
- IPv6 via prefix delegation on 607:b400:6:cc80/64
- Global IPv4s via ARP proxying (See https://github.com/vtluug/scripts). Gateway is 128.173.88.1/22.
- Static hosts are on 10.98.0.0/24, and DHCP is enabled on 10.98.1.0/24. This is mainly just useful for organization and quickly finding new hosts or other hosts on the network.
- Static host IPs are assigned via static DHCP leases for IPv4.
- Since we can't do this with IPv6, physical host IPs are determined upon first boot and VMs are assigned a specific MAC to pre-determine the SLAAC IP.
- "Internet" (a CNS portal) <--> enp2s0 on joey. LUUG only has one of these, and port security is probably enabled.
DNS/DHCP:
- All DNS entries for services run by VTLUUG are hosted on Gandi. Ask an officer if you want to change something.
- jkh and Roddy own ece.vt.edu. DNS updates don't happen. echarlie can add IPv6-only records if needed to wuvt.vt.edu so we have PTRs.
- joey runs DHCP via dnsmasq on enp4s0 (that is, 10.98.0.0/16). To change anything, modify it on https://github.com/vtluug/scripts first then pull that into root's homedir on joey. Please don't just update it on a machine without pushing your updates.
- By default, hosts are accessible via SSH on ports 22 and 2222.
Adding a VTLUUG Service VM
VMs in this category are deployed to meltdown
Prerequisites:
- Clone
https://github.com/vtluug/scripts
. This is referred to as 'SCRIPTS' in this guide. - Clone
https://github.com/vtluug/ansible
and install ansible. This repo is referred to as 'ANSIBLE' in this guide. - Have access to officers/vtluug-admin on gitea.
- Understand the Network and Infrastructure.
- Put your SSH key on meltdown
Configure the network
- Decide on a MAC address for the host and add it to
SCRIPTS/router/lan/local_hosts
- Add an entry to
SCRIPTS/router/lan/dnsmasq.conf
for static DHCP leases. - If a new IP in 128.173.88.1/22 is being added, also add it to
SCRIPTS/router/proxy/arp_proxy.sh
Note: It is not recommended that you do the following steps if nobody is on campus in case something breaks.
Pull the latest changes to /root/scripts
, update the configuration files, and restart the services:
- Dnsmasq configuration is at
/etc/dnsmasq.conf
- ARP Proxy configuration is in
/usr/local/bin
Add the VM configuration to ansible
Edit ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml
and add a new entry, following the existing format.
Note: if there are any entries in this file that are not present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped.
Run ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K -e @VTLUUG_ADMIN_REPO/accounts.yml
, using the correct vtluug-admin repo path.
Testing
The new host should be accessible by papatux on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct.
Adding a User VM
VMs in this category are deployed to spectre
Prerequisites:
- Clone
https://github.com/vtluug/scripts
. This is referred to as 'SCRIPTS' in this guide. - Clone
https://github.com/vtluug/ansible
and install ansible. This repo is referred to as 'ANSIBLE' in this guide. - Understand the Network and Infrastructure.
- Have root on spectre
- Put your SSH key on spectre
Configure the network
- Decide on a MAC address for the host and add it to
SCRIPTS/router/lan/local_hosts
- Add an entry to
SCRIPTS/router/lan/dnsmasq.conf
for static DHCP leases. (If applicable; you might not care for a test/temp VM).
Note: It is not recommended that you do the following steps if nobody is on campus in case something breaks.
Pull the latest changes to /root/scripts
, update the configuration files, and restart the services:
- Dnsmasq configuration is at
/etc/dnsmasq.conf
Add the VM configuration to ansible
Edit ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml
and add a new entry under new_vms_spectre
, following the existing format.
Note: if there are any entries in this file that are not present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped.
Run ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K
, using the correct vtluug-admin repo path.
Important: A random root password is set during VM creation and printed to stdout. Record this!
Testing
The new host should be accessible by root on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct.