Changes

This covers setup of a VM on [[Infrastructure:Meltdown|meltdown]] or [[Infrastructure:Spectre|spectre]] depending on if the service is NOT up to date as of 2019critical or not.(This guide uses [[Infrastructure:Meltdown|meltdown]] for examples)

* Cyberdelia [[Infrastructure:Meltdown|meltdown]] br0 on eth4 eno1 <--> eth1 enp4s0 on temp88191[[Infrastructure:Joey|joey]]. This is the main LUUG network.** 10.98.0.0.1/22 16 for VTLUUG NAT (echarlie thinks we should only use a /24)** IPv6 via NDP proxying (static hosts configured in prefix delegation on 607:b400:6:cc80/root/scripts/router/ipv6/setup_ipv6.sh, but things should work without)64** Global IPv4s via ARP proxying (edit See https:/root/scriptsgithub.com/routervtluug/ipv4/Nat and edit $Inside_Hostsscripts). Gateway is 128.173.88.1/22.* Internal VM network (Static hosts are on 10.9998.0.0/24, and DHCP is enabled on 10.98.1.0/24). This is mainly just useful for sharing NFS insecurely, but be aware it only works organization and quickly finding new hosts or other hosts on cyberdeliathe network. If ** Static host IPs are assigned via static DHCP leases for IPv4.** Since we get more VM hosts, they woncan't be able do this with IPv6, physical host IPs are determined upon first boot and VMs are assigned a specific MAC to use it without network reconfigurationpre-determine the SLAAC IP. Several hosts also use this for LDAP* "Internet" (a CNS portal) <--> eth0 enp2s0 on temp88191[[Infrastructure:Joey|joey]]. LUUG only has one of these, and port security is probably enabled. Most of our hosts consist of a "LUUG network" eth0 as the default route and an internal network for eth1.

* I think echarlie manages vtluug.org All DNS? (It's entries for services run by VTLUUG are hosted on namecheap[https://gandi.net Gandi]. Ask an officer if you want to change something. we should unfuck this)

* temp88191 [[Infrastructure:Joey|joey]] runs DHCP and via dnsmasq on eth1 enp4s0 (that is, 10.98.0.0/16). To change anything, modify it on https://github.1com/vtluug/scripts first then pull that into root's homedir on [[Infrastructure:Joey|joey]]. Please don't just update it on a machine without pushing your updates.* By default, hosts are accessible via SSH on ports 22)and 2222. == Adding a VTLUUG Service VM ==''VMs in this category are deployed to [[Infrastructure:Meltdown|meltdown]]'' Prerequisites:* Clone <code>https://github.com/vtluug/scripts</code>. This is referred to as 'SCRIPTS' in this guide.* Clone <code>https://github.com/vtluug/ansible</code> and install ansible. This repo is referred to as 'ANSIBLE' in this guide.* Have access to the vtluug-admin repo on gitolite.* Understand the VTLUUG network and how things work in general. Edit * Put your SSH key on [[Infrastructure:Meltdown|meltdown]] === Configure the network ===* Decide on a MAC address for the host and add it to <code>SCRIPTS/etcrouter/lan/local_hosts</code>* Add an entry to <code>SCRIPTS/router/lan/dnsmasq.conf</code> for static DHCP leases.* If a new IP in 128.173.88.1/22 is being added, also add your static entries, and restart dnsmasqit to <code>SCRIPTS/router/proxy/arp_proxy.sh</code>

== Auth ==* <code>apt-get -y install sssd-ldap nscd</code>* <code>vim /etc/sssd/sssd'''Note''': It is '''not''' recommended that you do the following steps if nobody is on campus in case something breaks.conf</code><pre>[sssd]config_file_version = 2services = nss, pamdomains = LDAPdebug_level = 5

[nss]filter_users = Pull the latest changes to <code>/root/scripts</code>,ldapupdate the configuration files,named,avahi,haldaemon,dbus,radiusd,news,nscdand restart the services:* Dnsmasq configuration is at <code>/etc/dnsmasq.conf</code>homedir_substring = * ARP Proxy configuration is in <code>/usr/local/bin</homecode>

[domain/LDAP]id_provider = ldapauth_provider = ldapldap_search_base = dcAdd the VM configuration to ansible =vtluug,dc=orgldap_tls_reqcert = allowldap_uri = ldaps:Edit <code>ANSIBLE_PATH/roles/deploy-vms/defaults/razormain.vtluug.orgyml</precode>and add a new entry, following the existing format.

== Storage ==* <code>apt-get -y install nfs-common</code>* <code>vim /etc/idmap'''Note''': if there are any entries in this file that are '''not''' present on the VM host, they will also be created. Comment out entries that shouldn't be created. Existing hosts are skipped.conf</code><pre>[General]

Verbosity = 0PipefsRun <code>ansible-Directory = playbook -v deploy.yml -i hosts.cfg -u papatux -k -K -e @VTLUUG_ADMIN_REPO/runaccounts.yml</rpc_pipefs# set your own domain herecode>, if it differs from FQDN minus hostname# Domain = localdomainDomain = using the correct vtluug-admin repo path.org

== Testing Adding a User VM ==To verify that ''VMs in this workedcategory are deployed to [[Infrastructure: <code>su</code> to your user, <code>cd</code>, and you should be able to modify your files.Spectre|spectre]]''