'''Refer This page describes how to manage the infra. See [[Infrastructurehttps:Host Deployment Guide//vtluug.github.io/rtfm.txt rtfm.txt]] until we fix the wiki deletion issue'''for a guide to build it from scratch.
This page describes how is NOT up to build the infrastructure from scratch, date as well manage it in generalof 2019.
This covers setup of a Debian 9 VM on cyberdelia. This is current as of 2017-08-19.
== Networking Networks ==* Set up physical boxes based on We ''should'' have the [[Infrastructure:Diagram|Diagram]]* Determine the ip addresses based on [[Infrastructure:Network|Network]]=== Router ===Configure /etc/network/interfacesfollowing networks in place:
* Cyberdelia br0 on eth4 <nowiki-->eth1 on temp88191. This is the main LUUG network.# v6iface $EXTERNAL_IF inet6 autoiface $INTERNAL_IF inet6 static** 10.0.0.1/22 for VTLUUG NAT (echarlie thinks we should only use a /24) address $INTERNAL_IPv6 netmask 128 # Enable internal network to access router's external v6 address pre-up ip route add $EXTERNAL_IPv6 ** IPv6 via $INTERNAL_IPv6 # Enable NDP Proxying so internal boxes get SLAAC pre-up echo 1 > proxying (static hosts configured in /procroot/sysscripts/netrouter/ipv6/conf/all/forwardingsetup_ipv6.sh, but things should work without) pre-up echo 2 > ** Global IPv4s via ARP proxying (edit /procroot/sysscripts/netrouter/ipv6ipv4/confNat and edit $Inside_Hosts). Gateway is 128.173.88.1/all22.* Internal VM network (10.99.0.1/accept_ra24). This is useful for sharing NFS insecurely, but be aware it only works on cyberdelia. If we get more VM hosts, they won't be able to use it without network reconfiguration. Several hosts also use this for LDAP* "Internet" (a CNS portal) <--> eth0 on temp88191. LUUG only has one of these, and port security is probably enabled.
# VTLUUG Private Network v4iface $INTERNAL_IF inet static address $INTERNAL_IPv4 netmask 255Most of our hosts consist of a "LUUG network" eth0 as the default route and an internal network for eth1.255.255.0
# Additional IPsDNS/DHCP:iface $EXTERNAL_IF inet static address $EXTERNAL_IPv4 gateway 128* I think echarlie manages vtluug.173org DNS? (It's on namecheap.88.1we should unfuck this) broadcast 128* jkh and Roddy own ece.173vt.91edu.255 netmask 255DNS updates don't happen. echarlie can add IPv6-only records if needed to wuvt.255vt.252edu so we have PTRs.0 # Nat Settings # TODO this probably doesn't work pre-up tc action nat egress * temp88191 runs DHCP and dnsmasq on eth1 (that is, 10.990.0.0/24 $EXTERNAL_IP # Enable ARP Proxying so internal v4 address are accessible pre-up echo 1 > /proc22). Edit /sys/net/ipv4etc/dnsmasq.conf/all/proxy_arp pre-up echo 1 > /proc/sys/net/ipv4/ip_forward # Route internal v4 addresses ip route , add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF</nowiki>your static entries, and restart dnsmasq.
Next, set up NDP proxying== Auth ==* <code>apt-get -y install sssd-ldap nscd</code>Configure * <code>vim /etc/ndppdsssd/sssd.conf: (May not already exist)</code><pre>[sssd]config_file_version = 2services = nss, pamdomains = LDAPdebug_level = 5
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
homedir_substring = /home
<nowiki>[domain/LDAP]id_provider = ldapauth_provider = ldap# Rather than only listenting on each individual IPv6 addressldap_search_base = dc=vtluug, we dc=orgldap_tls_reqcert = allow# simply forward all soliciationsldap_uri = ldaps://razor. The main advantage is that we# don't have to add any additional routing rules if a new internal# device is addedvtluug.orgroute-ttl 30000address-ttl 30000</pre>
# External interface to listen on== Storage ==proxy $EXTERNAL_IF {* <code>apt-get -y install nfs-common</code> router yes* <code>vim /etc/idmap.conf</code> timeout 500 <pre> autowire no keepalive yes retries 3 promiscuous no ttl 30000[General]
# Prefix to listen onVerbosity = 0 rule ::0Pipefs-Directory = /run/ { rpc_pipefs# TODO might change prefixset your own domain here, if it differs from FQDN minus hostname # Internal interface to forward everything to iface $INTERNAL_IFDomain = localdomain autovia no }}</nowiki>Domain = vtluug.org
Now start '''and''' enable ndppd.service.[Mapping]
Nobody-User =nobodyNobody-Group == Everything Else not run under oVirt ===nogroup==== Debian ====</pre>Configure * <code>vim /etc/networkfstab</code><pre>10.99.0.1:/tank/nfs/home /interfaceshome nfs soft,auto,nodev 0 010.99.0.1:/tank/nfs/share /tank/nfs/share nfs soft,auto,nodev,nosuid 0 010.99.0.1:/tank/nfs/scratch /tank/nfs/scratch nfs soft,auto,nodev,nosuid 0 010.99.0.1:/tank/nfs/files /tank/nfs/files nfs soft,auto,nodev,nosuid 0 0</pre>* <code>mkdir -p /tank/nfs/{share,scratch,files}</code>* <code>systemctl restart sssd</code>* <code>mount -a</code>
== Testing ==To verify that this worked: <code>su</code> to your user, <code>cd<nowiki/code># v6iface $INTERFACE inet6 autoauto $INTERFACEiface $INTERFACE inet static address $INTERNAL_IPv4 gateway 10.99.0.1 netmask 255.255.255, and you should be able to modify your files.0
# Additional IPs - Only do this if this box has an external IP
iface $INTERFACE inet static
address $EXTERNAL_IPv4
gateway 128.173.88.1
netmask 255.255.252.0
</nowiki>
==== Centos ====
Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE:
<nowiki>
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR0="$INTERNAL_IPv4"
GATEWAY0="10.99.0.1"
NETMASK0="255.255.255.0"
# Addition IPs - Only do this if this box has an external IP
IPADDR1="$EXTERNAL_IPv4"
GATEWAY1="128.173.88.1"
NETMASK1="255.255.252.0"
</nowiki>
== Other stuff ==
[[Category:Infrastructure]]
[[Category:Howtos]]
[[Category:Needs restorationRestoration]]
