Changes

This covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the service is NOT up to date as of 2019critical or not.

* Cyberdelia [[Infrastructure:Meltdown|meltdown]] and [[Infrastructure:Spectre|spectre]] br0 on eth4 eno1 <--> eth1 enp4s0 on temp88191[[Infrastructure:Joey|joey]]. This is the main LUUG network.** 10.98.0.0.1/22 16 for VTLUUG NAT (echarlie thinks we should only use a /24)** IPv6 via NDP proxying (static hosts configured in /root/scripts/router/ipv6prefix delegation on 607:b400:6:cc80/setup_ipv6.sh, but things should work without)64** Global IPv4s via ARP proxying (edit See https:/root/scriptsgithub.com/routervtluug/ipv4/Nat and edit $Inside_Hostsscripts). Gateway is 128.173.88.1/22.* Internal VM network (Static hosts are on 10.9998.0.0/24, and DHCP is enabled on 10.98.1.0/24). This is mainly just useful for sharing NFS insecurely, but be aware it only works organization and quickly finding new hosts or other hosts on cyberdeliathe network.** Static host IPs are assigned via static DHCP leases for IPv4. If ** Since we get more VM hosts, they woncan't be able do this with IPv6, physical host IPs are determined upon first boot and VMs are assigned a specific MAC to use it without network reconfigurationpre-determine the SLAAC IP. Several hosts also use this for LDAP* "Internet" (a CNS portal) <--> eth0 enp2s0 on temp88191[[Infrastructure:Joey|joey]]. LUUG only has one of these, and port security is probably enabled. '''DNS/DHCP:'''* All DNS entries for services run by VTLUUG are hosted on [https://gandi.net Gandi]. Ask an officer if you want to change something.* jkh and Roddy own ece.vt.edu. DNS updates don't happen. echarlie can add IPv6-only records if needed to wuvt.vt.edu so we have PTRs.* [[Infrastructure:Joey|joey]] runs DHCP via dnsmasq on enp4s0 (that is, 10.98.0.0/16). To change anything, modify it on https://github.com/vtluug/scripts first then pull that into root's homedir on [[Infrastructure:Joey|joey]]. Please don't just update it on a machine without pushing your updates.* By default, hosts are accessible via SSH on ports 22 and 2222.

Most of our hosts consist of == Adding a "LUUG network" eth0 as the default route and an internal network for eth1.VTLUUG Service VM ==''VMs in this category are deployed to [[Infrastructure:Meltdown|meltdown]]''

DNS/DHCPPrerequisites:* I think echarlie manages Clone <code>https://github.com/vtluug/scripts</code>.org DNS? (ItThis is referred to as 'SCRIPTS's on namecheapin this guide. we should unfuck this)* jkh Clone <code>https://github.com/vtluug/ansible</code> and Roddy own eceinstall ansible.vtThis repo is referred to as 'ANSIBLE' in this guide.edu* Have access to the vtluug-admin repo on gitolite. DNS updates don't happen* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]]. echarlie can * Put your SSH key on [[Infrastructure:Meltdown|meltdown]] === Configure the network ===* Decide on a MAC address for the host and add IPv6-only records if needed it to <code>SCRIPTS/router/lan/local_hosts</code>* Add an entry to wuvt<code>SCRIPTS/router/lan/dnsmasq.vt.edu so we have PTRsconf</code> for static DHCP leases.* temp88191 runs DHCP and dnsmasq on eth1 (that is, 10If a new IP in 128.0173.088.1/22)is being added, also add it to <code>SCRIPTS/router/proxy/arp_proxy.sh</code> '''Note:''' It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks. Edit  Pull the latest changes to <code>/root/scripts</code>, update the configuration files, and restart the services:* Dnsmasq configuration is at <code>/etc/dnsmasq.conf</code>* ARP Proxy configuration is in <code>/usr/local/bin</code> === Add the VM configuration to ansible ===Edit <code>ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml</code> and add a new entry, add your static following the existing format. '''Note:''' if there are any entriesin this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped. Run <code>ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K -e @VTLUUG_ADMIN_REPO/accounts.yml</code>, using the correct vtluug-admin repo path. === Testing ===The new host should be accessible by papatux on via SSH port 2222 (and restart dnsmasq22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct. == Adding a User VM ==''VMs in this category are deployed to [[Infrastructure:Spectre|spectre]]''

== Auth ==Prerequisites:* Clone <code>apt-get -y install sssd-ldap nscdhttps://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide.* Clone <code>vim https:/etc/sssdgithub.com/sssd.confvtluug/ansible</code>and install ansible. This repo is referred to as 'ANSIBLE' in this guide.<pre>* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]].* Have root on [[sssdInfrastructure:Spectre|spectre]]config_file_version = 2services = nss, pamdomains = LDAPdebug_level = 5* Put your SSH key on [[Infrastructure:Spectre|spectre]]

[nss]=== Configure the network ===filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd* Decide on a MAC address for the host and add it to <code>SCRIPTS/router/lan/local_hosts</code>homedir_substring = * Add an entry to <code>SCRIPTS/router/lan/dnsmasq.conf</code> for static DHCP leases. (If applicable; you might not care for a test/hometemp VM).

[domain/LDAP]id_provider = ldapauth_provider = ldapldap_search_base = dc=vtluug,dc=orgldap_tls_reqcert = allowldap_uri = ldaps'''Note://razor''' It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks.vtluug.org</pre>

== Storage ==* Pull the latest changes to <code>apt-get -y install nfs-common/root/scripts</code>, update the configuration files, and restart the services:* Dnsmasq configuration is at <code>vim /etc/idmapdnsmasq.conf</code><pre>[General]

Verbosity = 0== Add the VM configuration to ansible ===PipefsEdit <code>ANSIBLE_PATH/roles/deploy-Directory = vms/defaults/main.yml</runcode> and add a new entry under <code>new_vms_spectre</rpc_pipefs# set your own domain herecode>, if it differs from FQDN minus hostname# Domain = localdomainDomain = vtluugfollowing the existing format.org

Nobody-User = nobodyNobody-Group = nogroup</pre>* Run <code>vim /etc/fstab</code><pre>10ansible-playbook -v deploy.99yml -i hosts.0.1:/tank/nfs/home /home nfs soft,auto,nodev 0 010.99.0.1:/tank/nfs/share /tank/nfs/share nfs soft,auto,nodev,nosuid 0 010.99.0.1:/tank/nfs/scratch /tank/nfs/scratch nfs soft,auto,nodev,nosuid 0 010.99.0.1:/tank/nfs/files /tank/nfs/files nfs soft,auto,nodev,nosuid 0 0cfg -u papatux -k -K</pre>* <code>mkdir -p /tank/nfs/{share,scratch,files}</code>* <code>systemctl restart sssd</code>* <code>mount using the correct vtluug-a</code>admin repo path.

== Testing ==To verify that this worked'''Important: <code>su</code> to your user, <code>cd</code>, ''' A random root password is set during VM creation and you should be able printed to modify your filesstdout.Record this!

[[Category:Needs Restorationrestoration]]