'''Refer This page describes how to manage the infra. See [[Infrastructurehttps:Host Deployment Guide//vtluug.github.io/rtfm.txt rtfm.txt]] until we fix the wiki deletion issue'''for a guide to build it from scratch.
This page describes how to build covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the infrastructure from scratch, as well manage it in generalservice is critical or not.
== Networks ==
''Further information: [[Infrastructure:Network|Network]]
== Networking ==* Set up physical boxes based on We ''should'' have the [[Infrastructure:Diagram|Diagram]]* Determine the ip addresses based on [[Infrastructure:Network|Network]]=== Router ===Configure /etc/network/interfacesfollowing networks in place:
* [[Infrastructure:Meltdown|meltdown]] and [[Infrastructure:Spectre|spectre]] br0 on eno1 <nowiki-->enp4s0 on [[Infrastructure:Joey|joey]]. This is the main LUUG network.# v6** 10.98.0.0/16 for VTLUUG NATiface $EXTERNAL_IF inet6 autoiface $INTERNAL_IF inet6 static address $INTERNAL_IPv6 netmask 128** IPv6 via prefix delegation on 607:b400:6:cc80/64 # Enable internal network to access router's external v6 address pre-up ip route add $EXTERNAL_IPv6 ** Global IPv4s via $INTERNAL_IPv6 # Enable NDP Proxying so internal boxes get SLAAC pre-up echo 1 > ARP proxying (See https:/proc/sysgithub.com/netvtluug/ipv6scripts). Gateway is 128.173.88.1/conf22.* Static hosts are on 10.98.0.0/all24, and DHCP is enabled on 10.98.1.0/forwarding24. This is mainly just useful for organization and quickly finding new hosts or other hosts on the network.** Static host IPs are assigned via static DHCP leases for IPv4. ** Since we can't do this with IPv6, physical host IPs are determined upon first boot and VMs are assigned a specific MAC to pre-up echo 2 determine the SLAAC IP.* "Internet" (a CNS portal) <--> /proc/sys/net/ipv6/conf/all/accept_raenp2s0 on [[Infrastructure:Joey|joey]]. LUUG only has one of these, and port security is probably enabled.
# '''DNS/DHCP:'''* All DNS entries for services run by VTLUUG Private Network v4are hosted on [https://gandi.net Gandi]. Ask an officer if you want to change something.iface $INTERNAL_IF inet static* jkh and Roddy own ece.vt.edu. DNS updates don't happen. echarlie can add IPv6-only records if needed to wuvt.vt.edu so we have PTRs. address $INTERNAL_IPv4 netmask 255* [[Infrastructure:Joey|joey]] runs DHCP via dnsmasq on enp4s0 (that is, 10.25598.2550.0/16). To change anything, modify it on https://github.com/vtluug/scripts first then pull that into root's homedir on [[Infrastructure:Joey|joey]]. Please don't just update it on a machine without pushing your updates.* By default, hosts are accessible via SSH on ports 22 and 2222.
# Additional IPs== Adding a VTLUUG Service VM ==iface $EXTERNAL_IF inet static address $EXTERNAL_IPv4 gateway 128.173.88.1 broadcast 128.173.91.255 netmask 255.255.252.0 # Nat Settings # TODO ''VMs in this probably doesncategory are deployed to [[Infrastructure:Meltdown|meltdown]]''t work pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP # Enable ARP Proxying so internal v4 address are accessible pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp pre-up echo 1 > /proc/sys/net/ipv4/ip_forward # Route internal v4 addresses ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF</nowiki>
Next, set up NDP proxyingPrerequisites:* Clone <code>https://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide.Configure * Clone <code>https:/etc/ndppdgithub.confcom/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide.* Have access to the vtluug-admin repo on gitolite.* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]].* Put your SSH key on [[Infrastructure: (May not already exist)Meltdown|meltdown]]
=== Configure the network ===
* Decide on a MAC address for the host and add it to <code>SCRIPTS/router/lan/local_hosts</code>
* Add an entry to <code>SCRIPTS/router/lan/dnsmasq.conf</code> for static DHCP leases.
* If a new IP in 128.173.88.1/22 is being added, also add it to <code>SCRIPTS/router/proxy/arp_proxy.sh</code>
<nowiki># Rather than only listenting on each individual IPv6 address, we # simply forward all soliciations. The main advantage '''Note:''' It is '''not''' recommended that we# don't have to add any additional routing rules you do the following steps if a new internal# device nobody is addedon campus in case something breaks.route-ttl 30000address-ttl 30000
# External interface Pull the latest changes to listen on<code>/root/scripts</code>, update the configuration files, and restart the services:proxy $EXTERNAL_IF {* Dnsmasq configuration is at <code>/etc/dnsmasq.conf</code> router yes timeout 500 autowire no keepalive yes retries 3 promiscuous no ttl 30000* ARP Proxy configuration is in <code>/usr/local/bin</code>
# Prefix === Add the VM configuration to listen onansible === rule ::0Edit <code>ANSIBLE_PATH/roles/ { # TODO might change prefix # Internal interface to forward everything to iface $INTERNAL_IF autovia no }}deploy-vms/defaults/main.yml</nowikicode>and add a new entry, following the existing format.
Now start '''andNote:''' enable ndppdif there are any entries in this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created.serviceExisting hosts are skipped.
=== Everything Else not run under oVirt ======= Debian ====Configure Run <code>ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K -e @VTLUUG_ADMIN_REPO/etcaccounts.yml</network/interfaces:code>, using the correct vtluug-admin repo path.
<nowiki>=== Testing ===# v6iface $INTERFACE inet6 autoauto $INTERFACEiface $INTERFACE inet static address $INTERNAL_IPv4 gateway The new host should be accessible by papatux on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.99.098.1 netmask 255.2550/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct.255.0
# Additional IPs - Only do this if == Adding a User VM ==''VMs in this box has an external IPiface $INTERFACE inet static address $EXTERNAL_IPv4 gateway 128.173.88.1 netmask 255.255.252.0</nowiki>category are deployed to [[Infrastructure:Spectre|spectre]]''
==== Centos ====Prerequisites:Configure * Clone <code>https://etcgithub.com/sysconfigvtluug/network-scripts</code>. This is referred to as 'SCRIPTS' in this guide.* Clone <code>https://ifcfg-$INTERFACEgithub.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide.* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]].* Have root on [[Infrastructure:Spectre|spectre]]* Put your SSH key on [[Infrastructure:Spectre|spectre]]
<nowiki>ONBOOT="yes"NM_CONTROLLED="no"BOOTPROTO="static"IPADDR0Configure the network =="$INTERNAL_IPv4"GATEWAY0="10.99.0.1"NETMASK0="255.255.255.0"* Decide on a MAC address for the host and add it to <code>SCRIPTS/router/lan/local_hosts</code># Addition IPs - Only do this if this box has * Add an external IPIPADDR1="$EXTERNAL_IPv4"GATEWAY1="128.173.88.1"NETMASK1="255entry to <code>SCRIPTS/router/lan/dnsmasq.255.252.0"conf</nowikicode>for static DHCP leases. (If applicable; you might not care for a test/temp VM).
'''Note:''' It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks. Pull the latest changes to <code>/root/scripts</code>, update the configuration files, and restart the services:* Dnsmasq configuration is at <code>/etc/dnsmasq.conf</code> == Other stuff =Add the VM configuration to ansible ===Edit <code>ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml</code> and add a new entry under <code>new_vms_spectre</code>, following the existing format. '''Note:''' if there are any entries in this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped. Run <code>ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K</code>, using the correct vtluug-admin repo path. '''Important:''' A random root password is set during VM creation and printed to stdout. Record this! === Testing ===The new host should be accessible by root on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct.
[[Category:Infrastructure]]
[[Category:Howtos]]
[[Category:Needs restoration]]
