Infrastructure:Sysadmin Handbook

From the Linux and Unix Users Group at Virginia Teck Wiki
Revision as of 08:34, 2 January 2018 by imported>Pew
Jump to: navigation, search

Refer to Infrastructure:Host Deployment Guide until we fix the wiki deletion issue

This page describes how to build the infrastructure from scratch, as well manage it in general.


Networking

  • Set up physical boxes based on the Diagram
  • Determine the ip addresses based on Network

Router

Configure /etc/network/interfaces:

# v6
iface $EXTERNAL_IF inet6 auto
iface $INTERNAL_IF inet6 static
    address $INTERNAL_IPv6
    netmask 128
    # Enable internal network to access router's external v6 address
    pre-up ip route add $EXTERNAL_IPv6 via $INTERNAL_IPv6
    # Enable NDP Proxying so internal boxes get SLAAC
    pre-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
    pre-up echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra

# VTLUUG Private Network v4
iface $INTERNAL_IF inet static
    address $INTERNAL_IPv4
    netmask 255.255.255.0

# Additional IPs
iface $EXTERNAL_IF inet static
    address $EXTERNAL_IPv4
    gateway 128.173.88.1
    broadcast 128.173.91.255
    netmask 255.255.252.0
    # Nat Settings
    # TODO this probably doesn't work
    pre-up tc action nat egress 10.99.0.0/24 $EXTERNAL_IP
    # Enable ARP Proxying so internal v4 address are accessible
    pre-up echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
    pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
    # Route internal v4 addresses
    ip route add $JOEY_EXTERNAL_IPv4/24 dev $INTERNAL_IF
    ip route add $CRASHANDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
    ip route add $SCZI_EXTERNAL_IPv4/24 dev $INTERNAL_IF
    ip route add $ACIDBURN_EXTERNAL_IPv4/24 dev $INTERNAL_IF
    ip route add $ZEROCOOL_EXTERNAL_IPv4/24 dev $INTERNAL_IF
    ip route add $MIRROR_EXTERNAL_IPv4/24 dev $INTERNAL_IF

Next, set up NDP proxying Configure /etc/ndppd.conf: (May not already exist)


# Rather than only listenting on each individual IPv6 address, we 
#  simply forward all soliciations. The main advantage is that we
#  don't have to add any additional routing rules if a new internal
#  device is added.
route-ttl 30000
address-ttl 30000

# External interface to listen on
proxy $EXTERNAL_IF {
    router yes
    timeout 500   
    autowire no
    keepalive yes
    retries 3
    promiscuous no
    ttl 30000

    # Prefix to listen on
    rule ::0/ { # TODO might change prefix
        # Internal interface to forward everything to
        iface $INTERNAL_IF
        autovia no
    }
}

Now start and enable ndppd.service.

Everything Else not run under oVirt

Debian

Configure /etc/network/interfaces:

# v6
iface $INTERFACE inet6 auto
auto $INTERFACE
iface $INTERFACE inet static
    address $INTERNAL_IPv4
    gateway 10.99.0.1
    netmask 255.255.255.0

# Additional IPs - Only do this if this box has an external IP
iface $INTERFACE inet static
    address $EXTERNAL_IPv4
    gateway 128.173.88.1
    netmask 255.255.252.0

Centos

Configure /etc/sysconfig/network-scripts/ifcfg-$INTERFACE:

ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR0="$INTERNAL_IPv4"
GATEWAY0="10.99.0.1"
NETMASK0="255.255.255.0"
# Addition IPs - Only do this if this box has an external IP
IPADDR1="$EXTERNAL_IPv4"
GATEWAY1="128.173.88.1"
NETMASK1="255.255.252.0"

Other stuff