14
edits
Changes
no edit summary
This page describes how to manage the infra. See [https://vtluug.github.io/rtfm.txt rtfm.txt] for a guide to build it from scratch.
This covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the service is critical or not. (This guide uses [[Infrastructure:Meltdown|meltdown]] for examples)
== Networks ==
We ''should'' have the following networks in place:
* [[Infrastructure:Meltdown|meltdown]] and [[Infrastructure:Spectre|spectre]] br0 on eno1 <--> enp4s0 on [[Infrastructure:Joey|joey]]. This is the main LUUG network.
** 10.98.0.0/16 for VTLUUG NAT
** IPv6 via prefix delegation on 607:b400:6:cc80/64
* "Internet" (a CNS portal) <--> enp2s0 on [[Infrastructure:Joey|joey]]. LUUG only has one of these, and port security is probably enabled.
'''DNS/DHCP:'''
* All DNS entries for services run by VTLUUG are hosted on [https://gandi.net Gandi]. Ask an officer if you want to change something.
* jkh and Roddy own ece.vt.edu. DNS updates don't happen. echarlie can add IPv6-only records if needed to wuvt.vt.edu so we have PTRs.
* Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide.
* Have access to the vtluug-admin repo on gitolite.
* Understand the VTLUUG network [[Infrastructure:Network|Network]] and how things work in general[[Infrastructure]].
* Put your SSH key on [[Infrastructure:Meltdown|meltdown]]
* If a new IP in 128.173.88.1/22 is being added, also add it to <code>SCRIPTS/router/proxy/arp_proxy.sh</code>
'''Note:''': It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks.
Pull the latest changes to <code>/root/scripts</code>, update the configuration files, and restart the services:
Edit <code>ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml</code> and add a new entry, following the existing format.
'''Note:''': if there are any entries in this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped.
Run <code>ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K -e @VTLUUG_ADMIN_REPO/accounts.yml</code>, using the correct vtluug-admin repo path.
=== Testing ===
The new host should be accessible by papatux on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it correctly received had any issues getting a static DHCP lease and if the MAC is correct.
== Adding a User VM ==
''VMs in this category are deployed to [[Infrastructure:Spectre|spectre]]''
Prerequisites:
* Clone <code>https://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide.
* Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide.
* Understand the [[Infrastructure:Network|Network]] and [[Infrastructure]].
* Have root on [[Infrastructure:Spectre|spectre]]
* Put your SSH key on [[Infrastructure:Spectre|spectre]]
=== Configure the network ===
* Decide on a MAC address for the host and add it to <code>SCRIPTS/router/lan/local_hosts</code>
* Add an entry to <code>SCRIPTS/router/lan/dnsmasq.conf</code> for static DHCP leases. (If applicable; you might not care for a test/temp VM).
'''Note:''' It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks.
Pull the latest changes to <code>/root/scripts</code>, update the configuration files, and restart the services:
* Dnsmasq configuration is at <code>/etc/dnsmasq.conf</code>
=== Add the VM configuration to ansible ===
Edit <code>ANSIBLE_PATH/roles/deploy-vms/defaults/main.yml</code> and add a new entry under <code>new_vms_spectre</code>, following the existing format.
'''Note:''' if there are any entries in this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped.
Run <code>ansible-playbook -v deploy.yml -i hosts.cfg -u papatux -k -K</code>, using the correct vtluug-admin repo path.
'''Important:''' A random root password is set during VM creation and printed to stdout. Record this!
=== Testing ===
The new host should be accessible by root on via SSH port 2222 (and 22) over IPv6 and IPv4 from the internal network. Check 10.98.1.0/24 to see if it had any issues getting a static DHCP lease and if the MAC is correct.
[[Category:Infrastructure]]
[[Category:Howtos]]
[[Category:Needs Restorationrestoration]]
