imported>Mhazinsk |
(Tag: Redirect target changed) |
| (8 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| − | This covers setup of a Debian 9 VM on cyberdelia. This is current as of 2017-08-19.
| + | #REDIRECT [[Infrastructure:Sysadmin Handbook]] |
| − | | |
| − | == Networks ==
| |
| − | We ''should'' have the following networks in place:
| |
| − | | |
| − | * Cyberdelia br0 on eth4 <--> eth1 on temp88191. This is the main LUUG network.
| |
| − | ** 10.0.0.1/22 for VTLUUG NAT
| |
| − | ** IPv6 via NDP proxying
| |
| − | ** Global IPv4s via ARP proxying (edit /root/scripts/router/ipv4/Nat and edit $Inside_Hosts). Gateway is 128.173.88.1/22.
| |
| − | * Internal VM network (10.99.0.1/24). This is useful for sharing NFS insecurely, but be aware it only works on cyberdelia. If we get more VM hosts, they won't be able to use it without network reconfiguration.
| |
| − | * "Internet" (a CNS portal) <--> eth0 on temp88191. LUUG only has one of these, and port security is enabled.
| |
| − | | |
| − | Most of our hosts consist of a "LUUG network" eth0 as the default route and a
| |
| − | | |
| − | | |
| − | DNS/DHCP:
| |
| − | * I think echarlie manages vtluug.org DNS?
| |
| − | * jkh and Roddy own ece.vt.edu. DNS updates take time to perform
| |
| − | * temp88191 runs DHCP and dnsmasq on eth1 (that is, 10.0.0.1/22). Edit /etc/dnsmasq.conf, add your static entries, and restart dnsmasq.
| |
| − | | |
| − | == Auth ==
| |
| − | * <code>apt-get -y install sssd-ldap nscd</code>
| |
| − | * <code>vim /etc/sssd/sssd.conf</code>
| |
| − | <pre>
| |
| − | [sssd]
| |
| − | config_file_version = 2
| |
| − | services = nss, pam
| |
| − | domains = LDAP
| |
| − | debug_level = 5
| |
| − | | |
| − | [nss] | |
| − | filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
| |
| − | homedir_substring = /home
| |
| − | | |
| − | [domain/LDAP] | |
| − | id_provider = ldap
| |
| − | auth_provider = ldap
| |
| − | ldap_search_base = dc=vtluug,dc=org
| |
| − | ldap_tls_reqcert = allow
| |
| − | ldap_uri = ldaps://razor.vtluug.org
| |
| − | </pre>
| |
| − | | |
| − | == Storage ==
| |
| − | * <code>apt-get -y install nfs-common</code>
| |
| − | * <code>vim /etc/idmap.conf</code>
| |
| − | <pre>
| |
| − | [General]
| |
| − | | |
| − | Verbosity = 0
| |
| − | Pipefs-Directory = /run/rpc_pipefs
| |
| − | # set your own domain here, if it differs from FQDN minus hostname
| |
| − | # Domain = localdomain
| |
| − | Domain = vtluug.org
| |
| − | | |
| − | [Mapping]
| |
| − | | |
| − | Nobody-User = nobody
| |
| − | Nobody-Group = nogroup
| |
| − | </pre>
| |
| − | * <code>vim /etc/fstab</code>
| |
| − | <pre>
| |
| − | 10.99.0.1:/tank/nfs/home /home nfs soft,auto,nodev 0 0
| |
| − | 10.99.0.1:/tank/nfs/share /tank/nfs/share nfs soft,auto,nodev,nosuid 0 0
| |
| − | 10.99.0.1:/tank/nfs/scratch /tank/nfs/scratch nfs soft,auto,nodev,nosuid 0 0
| |
| − | 10.99.0.1:/tank/nfs/files /tank/nfs/files nfs soft,auto,nodev,nosuid 0 0
| |
| − | </pre>
| |
| − | * <code>mkdir -p /tank/nfs/{share,scratch,files}</code>
| |
| − | * <code>systemctl restart sssd</code>
| |
| − | * <code>mount -a</code>
| |
| − | | |
| − | == Testing ==
| |
| − | To verify that this worked: <code>su</code> to your user, <code>cd</code>, and you should be able to modify your files.
| |
