Difference between revisions of "Adding a New Machine to the Network"

From URY Wiki
Jump to navigation Jump to search
Line 7: Line 7:
 
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
 
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
 
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
 
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
 +
* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]]
 +
* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]?
  
 
=== Registering with LAN DB ===
 
=== Registering with LAN DB ===
Line 40: Line 42:
 
(Your Signoff Here)
 
(Your Signoff Here)
  
==== SAMBA NOTES ====
+
=== Single Sign On with Samba ===
This needs to be more formally documented, but first, follow:
+
==== FreeBSD ====
http://www.whitneytechnologies.com/?p=119
+
* Follow the following guide: http://www.whitneytechnologies.com/?p=119
 
+
* Change the home directory path configuration from above to just be /home/%U (no domain in the path)
Then also edit /etc/pam.d/system to have
+
* Edit /etc/pam.d/system to have
 +
<code>
 
auth            sufficient      /usr/local/lib/pam_winbind.so
 
auth            sufficient      /usr/local/lib/pam_winbind.so
 +
</code>
 +
* Edit sudoers to use <code>%domain\x20admins ALL=(ALL) ALL</code>
 +
* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
  
sudoers should use "%domain\x20admins ALL=(ALL) ALL"
+
==== Debian ====
 
+
We haven't tried this with Debian yet. We should try this with Debian.
If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
 
 
 
<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>
 
 
 
===== Internal access =====
 
 
 
==== Proxy ====
 
 
 
Note: This is no longer necessary. We previously did not have port 80 open externally but do now.
 
 
 
**/etc/profile** and **/etc/bash.bashrc**
 
  export http_proxy=http://wwwcache.york.ac.uk:8080
 
  export ftp_proxy=http://wwwcache.york.ac.uk:8080
 
 
 
you can run the command below to append to both files
 
 
 
  echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc
 
 
 
==== DNS ====
 
**/etc/hostname**
 
  <non-FQDN-name-just-the-machine-local-name>
 
 
 
**/etc/resolv.conf**
 
  nameserver 10.0.0.4
 
  domain ury.york.ac.uk
 
  search ury.york.ac.uk
 
 
 
Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**
 
 
 
==== DHCP ====
 
 
 
Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**
 
 
 
===== External access =====
 
For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:
 
  
- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:
 
  
-- The server's hostname
+
=== Static IP Configuration ===
 
+
/etc/network/interfaces:
-- The server's MAC address
 
 
 
-- The server's operating system and version (e.g. Debian Squeeze)
 
 
 
-- The server's location - This is V/URY <3840>
 
 
 
- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.
 
 
<code>
 
<code>
# The loopback network interface
 
auto lo
 
iface lo inet loopback
 
 
# The primary network interface, URY Internal
 
auto eth0
 
allow-hotplug eth0
 
 
iface eth0 inet static
 
iface eth0 inet static
    address 10.0.0.--
+
        address 144.32.64.xxx
    netmask 255.255.255.0
+
        netmask 255.255.255.224
    network 10.0.0.0
+
        network 144.32.64.160
    broadcast 10.0.0.255
+
        broadcast 144.32.64.191
    dns-nameservers 10.0.0.4
+
        gateway 144.32.64.161
    dns-search ury.york.ac.uk
+
        dns-search york.ac.uk
 
+
        mtu 1500
#External 108 Vanbrugh Subnet
+
</code>
iface vlan108 inet static
+
<code>
    address 144.32.---.---
+
/etc/resolv.conf:
    netmask 255.255.254.0
+
domain ury.york.ac.uk york.ac.uk
    network 144.32.---.---
+
nameserver 144.32.64.164
    broadcast 144.32.---.---
+
nameserver 144.32.128.242
    gateway 144.32.108.76
+
nameserver 144.32.128.243
    dns-nameservers 144.32.128.243
 
    dns-search york.ac.uk
 
    mtu 1500
 
    vlan_raw_device eth0
 
 
</code>
 
</code>
Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.
 
 
===== Links =====
 
 
[[computing:mainpage|Back to Computing Home]]
 

Revision as of 06:17, 10 December 2013

Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.


Checklist

  • Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
  • Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
  • Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
  • Have you informed IT Services that the new device exists? See #Registering with LAN DB
  • Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in #Static IP Configuration
  • If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per #Single Sign On with Samba?

Registering with LAN DB

Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Service database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:

Hi,

Could I have a new device added to the LAN Database as follows please:


Object name: (DNS prefix, e.g. uryserver3)

Machine type: Unsupported Office PC

Operating System: (OS and Version e.g. FreeBSD 10.0)

Department/contact: Students Union / (Your Name)

Location: V/URY

Interface type: Ethernet

MAC address: (The MAC address)

Attachment Point: ury

IP address: 144.32.64.xxx (or 10.64.160.xxx)

Gateway: 144.32.64.161 (or 10.64.160.xxx)


(Your Signoff Here)

Single Sign On with Samba

FreeBSD

auth sufficient /usr/local/lib/pam_winbind.so

Debian

We haven't tried this with Debian yet. We should try this with Debian.


Static IP Configuration

/etc/network/interfaces: iface eth0 inet static

       address 144.32.64.xxx
       netmask 255.255.255.224
       network 144.32.64.160
       broadcast 144.32.64.191
       gateway 144.32.64.161
       dns-search york.ac.uk
       mtu 1500

/etc/resolv.conf: domain ury.york.ac.uk york.ac.uk nameserver 144.32.64.164 nameserver 144.32.128.242 nameserver 144.32.128.243