Difference between revisions of "Infrastructure:Sysadmin Handbook"
imported>Pew |
imported>Pew |
||
| Line 1: | Line 1: | ||
| + | '''Refer to [[Infrastructure:Host Deployment Guide]] until we fix the wiki deletion issue''' | ||
| + | |||
This page describes how to build the infrastructure from scratch, as well manage it in general. | This page describes how to build the infrastructure from scratch, as well manage it in general. | ||
Revision as of 07:19, 2 January 2018
Refer to Infrastructure:Host Deployment Guide until we fix the wiki deletion issue
This page describes how to build the infrastructure from scratch, as well manage it in general.
Contents
Networking
Router
Configure /etc/network/interfaces:
# v6
iface $EXTERNAL_IF inet6 auto
iface $INTERNAL_IF inet6 static
address $INTERNAL_IPv6
netmask 128
# Enable internal network to access router's external v6 address
pre-up ip route add $EXTERNAL_IPv6 via $INTERNAL_IPv6
# Enable NDP Proxying so internal boxes get SLAAC
pre-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
pre-up echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra
# VTLUUG Private Network v4
iface $INTERNAL_IF inet static
address $INTERNAL_IPv4
netmask 255.255.255.0
# Additional IPs
iface $EXTERNAL_IF inet static
address $EXTERNAL_IPv4
gateway 128.173.88.1
broadcast 128.173.91.255
netmask 255.255.252.0
# Nat Settings
# TODO this probably doesn't work
pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP
# Enable ARP Proxying so internal v4 address are accessible
pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
# Route internal v4 addresses
ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF
ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF
Next, set up NDP proxying Configure /etc/ndppd.conf: (May not already exist)
# Rather than only listenting on each individual IPv6 address, we
# simply forward all soliciations. The main advantage is that we
# don't have to add any additional routing rules if a new internal
# device is added.
route-ttl 30000
address-ttl 30000
# External interface to listen on
proxy $EXTERNAL_IF {
router yes
timeout 500
autowire no
keepalive yes
retries 3
promiscuous no
ttl 30000
# Prefix to listen on
rule ::0/ { # TODO might change prefix
# Internal interface to forward everything to
iface $INTERNAL_IF
autovia no
}
}
Now start and enable ndppd.service.
Everything Else not run under oVirt
Debian
Configure /etc/network/interfaces:
# v6
iface $INTERFACE inet6 auto
auto $INTERFACE
iface $INTERFACE inet static
address $INTERNAL_IPv4
gateway 10.99.0.1
netmask 255.255.255.0
# Additional IPs - Only do this if this box has an external IP
iface $INTERFACE inet static
address $EXTERNAL_IPv4
gateway 128.173.88.1
netmask 255.255.252.0
Centos
Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE:
ONBOOT="yes" NM_CONTROLLED="no" BOOTPROTO="static" IPADDR0="$INTERNAL_IPv4" GATEWAY0="10.99.0.1" NETMASK0="255.255.255.0" # Addition IPs - Only do this if this box has an external IP IPADDR1="$EXTERNAL_IPv4" GATEWAY1="128.173.88.1" NETMASK1="255.255.252.0"
