Changes

Changes

2,902 bytes added , 2 years ago

no edit summary

Line 1: Line 1: −

This is intended to be a reference for setting up a VM or Server for ~~AllStatLink~~.

[[Category: Infrastructure]]

[[Category: How to]]

{{Notice | This document reflects the current Infrastructure as of 2021-01-17}}

This is intended to be a reference for setting up a VM or Server for PTTLink.

= Server Overview =

Line 34: Line 37:

All servers require this software

−

~~<code>~~apt-get install ntp python vim screen ipsec-tools strongswan fail2ban snmp haveged libacl1-dev python3-dev libssl-dev gcc g++ fio pbzip2 </~~code~~>

apt-get install ntp ntpdate python vim screen ipsec-tools strongswan fail2ban snmp haveged libacl1-dev python3-dev libssl-dev gcc g++ fio pbzip2 ncdu

=== Configuration ===

There are two types of configuration presented below:

*No Netplan config - removes netplan and swtiches back to ifupdown

*Netplan config - keeps netplan

As new versions of Ubuntu are released, it is very possible that netplan will become the only officially supported means to configure networking. Keeping that in mind, all efforts should be made to configure Ubuntu 20+ servers using netlpan with a fallback to the no netplan config as the last resort.

==== No Netplan Config ====

You can remove this and go back to ''ifupdown'' as follows.

First you need to disable the resolved service:

sudo systemctl disable systemd-resolved.service

sudo systemctl stop systemd-resolved

rm /etc/resolv.conf

sudo touch /etc/cloud/cloud-init.disabled

sudo apt-get purge cloud-init

echo "nameserver 1.1.1.1" > /etc/resolv.conf

apt-get install ifupdown

Reconfigure network services

systemctl unmask networking

systemctl enable networking

systemctl restart networking

−

~~=== Mandatory Configs ===~~

systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online

systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online

systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online

apt-get --assume-yes purge nplan netplan.io

Network Config

* The network should be configured to use /etc/network/interfaces, and add DNS and the firewall to it and search in the allstarlink.org domain

−

# The primary network interface

−

auto eth0

−

iface eth0 inet static

iface eth0 inet6 static

−

address 44.103.0.49

address 9805:0900:0340:1000::2600/64

−

netmask 255.255.255.0

autoconf 0

−

network 44.103.0.0

accept_ra 2

−

broadcast 44.103.0.255

iface eth0 inet static

−

gateway 44.103.0.1

address 44.103.0.49

−

dns-nameservers 44.103.0.4 1.1.1.1

netmask 255.255.255.0

−

dns-search allstarlink.org

network 44.103.0.0

−

up /etc/network/firewall.sh

broadcast 44.103.0.255

gateway 44.103.0.1

dns-nameservers 44.103.0.4 1.1.1.1

dns-search allstarlink.org

up /etc/network/firewall.sh

==== Netplan config ====

Configure the network using /etc/netplan files. You should remove any existing files and create a new one called 01-netcfg.yaml with the following:

network:

version: 2

rendered: networkd

ethernets:

eth0:

addresses:

- 44.98.254.1/24

gateway4: 44.98.254.1

nameservers:

search: [allstarlink.org]

addresses: [1.1.1.1]

*Once done run the following and test to make sure the IP address is reachable. Follow the on-screen instructions:

netplan try

Refer to [https://netplan.io/examples/ Netplan configuration examples] for more examples on how to configure networking using netplan

==== Persistent Interface Names ====

To ensure that interface names are persistent (e.g., ethX) you can choose using either UDEV or Grub.

The Grub method tends to be easier and less prone to locking yourself out of a VM due to an interface naming conflict at reboot.

====== UDEV method ======

* There is typically only one network interface, and it will be named dynamically. We must setup this using udev to be persistent

Line 59: Line 126:

Now take this HWaddr and put it in the config file

echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:73:86:06", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth0"' >/etc/udev/rules.d/70-persistent-net.rules

====== Grub method ======

* Edit the '''''/etc/default/grub''''' file:

vim /etc/default/grub

* Look for "GRUB_CMDLINE_LINUX" and add the following "net.ifnames=0 biosdevname=0"

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

* Generate new grub config file

sudo grub-mkconfig -o /boot/grub/grub.cfg

==== Other config items ====

* configure screen to use the scroll back buffer

Line 76: Line 155:

Then select #3 vim.basic

−

* setup a firewall ~~as /etc/network/firewall.sh~~ and chmod +x it. You'll need to edit this based on the machine. ~~Note the stuff~~ in ~~tampa uses a~~ firewall ~~on the HV too~~.

* setup a firewall and chmod +x it. You'll need to edit this based on the machine.

**For netplan place this file in '''''/etc/networkd-dispatcher/routable.d/50-ifup-hooks'''''

**For ifupdown place this file in '''''/etc/network/firewall.sh'''''

#!/bin/bash

Line 264: Line 346:

* IPSEC is active <code>ipsec status</code>?

* Does Screen work in an xterm with scroll back?

−

* Is the time set via ntp <code>~~ntpdate~~</code> and is the timezone set to UTC?

* Is the time set via ntp <code>ntptime</code> and is the timezone set to UTC?

* Is fail2ban working? Make a couple test connections and see if the IP is null routed <code>ip route show</code>

Line 274: Line 356:

Please ensure it's being watched in librenms by asking on the admin list or in the slack.

−

~~[[Category: Infrastructure]]~~

Kg7qin

ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors

1,714

edits

Retrieved from "http://wiki.pttlink.org/wiki/Special:MobileDiff/1049...10921"

Server Provisioning (view source)

Revision as of 05:48, 24 January 2022

Navigation menu

Search