Difference between revisions of "Adding a New Machine to the Network"

From URY Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
  
== Checklist ==
+
== Pre-Install Checklist ==
* Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
+
* Has the device been PA Tested recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
 
* Is the device earmarked to go into the [[Server Cupboard]]? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
 
* Is the device earmarked to go into the [[Server Cupboard]]? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
 
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
 
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
 
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
 
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
 +
* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]]
 +
* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]?
 +
* If this device is to have trunked networking, or something other than/in addition to VLAN653 untagged, have you configured the switch appropriately and updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEZOd2YtenEzT1RvNUdpaDFrYWpGM1E&usp=drive_web)?
  
=== Registering with LAN DB ===
+
== Physical Install - Server Cupboard ==
Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Service database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:
+
When installing or removing rack-mount equipment from the Server Cupboard, it is usually necessary to remove the wooden front panel. You must have three technical team members with you when doing this, and a good couple of hours when it isn't raining (you'll need to move the Outside Broadcast equipment.... outside).
  
Hi,
+
'''Do not attempt to access the rear of the rack if you are anything other than exceedingly slim. This will end badly.'''
 
Could I have a new device added to the LAN Database as follows please:
 
  
 +
First, make sure you have cleared space in the stores walkway for the panel to be kept whilst it is removed. This involves placing everything currently there into the vinyl section of stores or outside. Then, switch off the fans (located above a thermostat at the rear of the cupboard) and disconnect their power cables.
  
+
This panel is held on with a series of wood screws that need to be removed. You can then begin to gently push the panel out at the bottom from the inside. Once this has given somewhat, you should be able to push the whole thing forward an inch or so out of the frame.
Object name: (DNS prefix, e.g. uryserver3)
 
  
Machine type: Unsupported Office PC
+
You now need to slide the panel '''away''' from the wall dividing technical storage from music in order to free the section that fits around the ducting.
  
Operating System: (OS and Version e.g. FreeBSD 10.0)
+
'''''You might find yourself panicing that small pieces of material have fallen loose and are now in your hair. This is NOT asbestos, just some poorly placed polystyrene.'''''
  
Department/contact: Students Union / (Your Name)
+
Once that is free, you can then life the panel up from the bottom, sliding it out further. As you do this, rotate it 90 degrees, and it will rest happily against the wall. You now have front access to the rack.
  
Location: V/URY
+
* Ensure the new device is powered from the UPS, either directly from the sockets on its rear or through the 16A PDU at the back of the shelf in the middle. This is more for power smoothing than redundancy - until we got this unit we lost around one server per term due to surges and brownouts.
 +
* Ensure the new device is connected to the KVM, located below the shelf in the middle of the rack.
 +
* If the rackmount equipment requires any screwing into the rack, there is a large tub of identical M4 bolts. If this supply has run out, acquire more from IT Services - they ironically have thousands of this same screw as it comes with HP Switches but is slightly different to the style they have standardised on.
 +
* Ensure that cabling is managed down the side of the rear of the rack, network on one side, power on the other.
 +
* Power up the device. Ensure that APC PowerChute is installed on it and the UPS has been configured to trigger a remote shutdown at the appropriate time during a power outage.
 +
* IMPORTANT: Update the Server Rack diagram documentation, including the A3 printed on in stores, and the system startup/shutdown procedure.
  
Interface type: Ethernet
+
Once you're done, don't forget to reinstall the wooden panel in front of the rack.
  
MAC address: (The MAC address)
+
== Registering with LAN DB ==
 +
Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Services database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:
  
Attachment Point: ury
+
  Hi,
 +
  Could I have a new device added to the LAN Database as follows please:
 +
 
 +
  Object name: (DNS prefix, e.g. uryserver3)
 +
  Machine type: Unsupported Office PC
 +
  Operating System: (OS and Version e.g. FreeBSD 10.0)
 +
  Department/contact: Students Union / (Your Name)
 +
  Location: V/URY
 +
  Interface type: Ethernet
 +
  MAC address: (The MAC address)
 +
  Attachment Point: ury
 +
  IP address: 144.32.64.xxx (or 10.64.160.xxx)
 +
  Gateway: 144.32.64.161 (or 10.64.160.xxx)
 +
 
 +
  (Your Signoff Here)
  
IP address: 144.32.64.xxx (or 10.64.160.xxx)
+
== Single Sign On with Samba ==
 
+
=== FreeBSD ===
Gateway: 144.32.64.161 (or 10.64.160.xxx)
+
* Follow the following guide: http://www.whitneytechnologies.com/?p=119
 
+
* Change the home directory path configuration from above to just be /home/%U (no domain in the path)
 
+
* Edit /etc/pam.d/system to have
(Your Signoff Here)
+
<code>
 
 
==== SAMBA NOTES ====
 
This needs to be more formally documented, but first, follow:
 
http://www.whitneytechnologies.com/?p=119
 
 
 
Then also edit /etc/pam.d/system to have
 
 
auth            sufficient      /usr/local/lib/pam_winbind.so
 
auth            sufficient      /usr/local/lib/pam_winbind.so
 +
</code>
 +
* Edit sudoers to use <code>%domain\x20admins ALL=(ALL) ALL</code>
 +
* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
  
sudoers should use "%domain\x20admins ALL=(ALL) ALL"
+
=== Debian ===
 +
We haven't tried this with Debian yet. We should try this with Debian.
  
If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
 
  
<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>
+
== Static IP Configuration ==
 +
/etc/network/interfaces:
  
===== Internal access =====
+
<code>
 +
  iface eth0 inet static
 +
        address 144.32.64.xxx
 +
        netmask 255.255.255.224
 +
        network 144.32.64.160
 +
        broadcast 144.32.64.191
 +
        gateway 144.32.64.161
 +
        dns-search york.ac.uk
 +
        mtu 1500
 +
</code>
  
==== Proxy ====
+
/etc/resolv.conf:
  
Note: This is no longer necessary. We previously did not have port 80 open externally but do now.
 
 
**/etc/profile** and **/etc/bash.bashrc**
 
  export http_proxy=http://wwwcache.york.ac.uk:8080
 
  export ftp_proxy=http://wwwcache.york.ac.uk:8080
 
 
you can run the command below to append to both files
 
 
  echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc
 
 
==== DNS ====
 
**/etc/hostname**
 
  <non-FQDN-name-just-the-machine-local-name>
 
 
**/etc/resolv.conf**
 
  nameserver 10.0.0.4
 
  domain ury.york.ac.uk
 
  search ury.york.ac.uk
 
 
 
Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**
 
 
==== DHCP ====
 
 
Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**
 
 
===== External access =====
 
For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:
 
 
- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:
 
 
-- The server's hostname
 
 
-- The server's MAC address
 
 
-- The server's operating system and version (e.g. Debian Squeeze)
 
 
-- The server's location - This is V/URY <3840>
 
 
- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.
 
 
<code>
 
<code>
# The loopback network interface
+
  domain ury.york.ac.uk york.ac.uk
auto lo
+
  nameserver 144.32.64.164
iface lo inet loopback
+
  nameserver 144.32.128.242
 
+
  nameserver 144.32.128.243
# The primary network interface, URY Internal
 
auto eth0
 
allow-hotplug eth0
 
iface eth0 inet static
 
    address 10.0.0.--
 
    netmask 255.255.255.0
 
    network 10.0.0.0
 
    broadcast 10.0.0.255
 
    dns-nameservers 10.0.0.4
 
    dns-search ury.york.ac.uk
 
 
 
#External 108 Vanbrugh Subnet
 
iface vlan108 inet static
 
    address 144.32.---.---
 
    netmask 255.255.254.0
 
    network 144.32.---.---
 
    broadcast 144.32.---.---
 
    gateway 144.32.108.76
 
    dns-nameservers 144.32.128.243
 
    dns-search york.ac.uk
 
    mtu 1500
 
    vlan_raw_device eth0
 
 
</code>
 
</code>
Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.
 
 
===== Links =====
 
  
[[computing:mainpage|Back to Computing Home]]
+
[[Category:Technical How-Tos]]

Latest revision as of 11:55, 18 December 2013

Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.


Pre-Install Checklist

  • Has the device been PA Tested recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
  • Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
  • Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
  • Have you informed IT Services that the new device exists? See #Registering with LAN DB
  • Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in #Static IP Configuration
  • If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per #Single Sign On with Samba?
  • If this device is to have trunked networking, or something other than/in addition to VLAN653 untagged, have you configured the switch appropriately and updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEZOd2YtenEzT1RvNUdpaDFrYWpGM1E&usp=drive_web)?

Physical Install - Server Cupboard

When installing or removing rack-mount equipment from the Server Cupboard, it is usually necessary to remove the wooden front panel. You must have three technical team members with you when doing this, and a good couple of hours when it isn't raining (you'll need to move the Outside Broadcast equipment.... outside).

Do not attempt to access the rear of the rack if you are anything other than exceedingly slim. This will end badly.

First, make sure you have cleared space in the stores walkway for the panel to be kept whilst it is removed. This involves placing everything currently there into the vinyl section of stores or outside. Then, switch off the fans (located above a thermostat at the rear of the cupboard) and disconnect their power cables.

This panel is held on with a series of wood screws that need to be removed. You can then begin to gently push the panel out at the bottom from the inside. Once this has given somewhat, you should be able to push the whole thing forward an inch or so out of the frame.

You now need to slide the panel away from the wall dividing technical storage from music in order to free the section that fits around the ducting.

You might find yourself panicing that small pieces of material have fallen loose and are now in your hair. This is NOT asbestos, just some poorly placed polystyrene.

Once that is free, you can then life the panel up from the bottom, sliding it out further. As you do this, rotate it 90 degrees, and it will rest happily against the wall. You now have front access to the rack.

  • Ensure the new device is powered from the UPS, either directly from the sockets on its rear or through the 16A PDU at the back of the shelf in the middle. This is more for power smoothing than redundancy - until we got this unit we lost around one server per term due to surges and brownouts.
  • Ensure the new device is connected to the KVM, located below the shelf in the middle of the rack.
  • If the rackmount equipment requires any screwing into the rack, there is a large tub of identical M4 bolts. If this supply has run out, acquire more from IT Services - they ironically have thousands of this same screw as it comes with HP Switches but is slightly different to the style they have standardised on.
  • Ensure that cabling is managed down the side of the rear of the rack, network on one side, power on the other.
  • Power up the device. Ensure that APC PowerChute is installed on it and the UPS has been configured to trigger a remote shutdown at the appropriate time during a power outage.
  • IMPORTANT: Update the Server Rack diagram documentation, including the A3 printed on in stores, and the system startup/shutdown procedure.

Once you're done, don't forget to reinstall the wooden panel in front of the rack.

Registering with LAN DB

Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Services database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following: 

 Hi,
 Could I have a new device added to the LAN Database as follows please:
 
 Object name: (DNS prefix, e.g. uryserver3)
 Machine type: Unsupported Office PC
 Operating System: (OS and Version e.g. FreeBSD 10.0)
 Department/contact: Students Union / (Your Name)
 Location: V/URY
 Interface type: Ethernet
 MAC address: (The MAC address)
 Attachment Point: ury
 IP address: 144.32.64.xxx (or 10.64.160.xxx)
 Gateway: 144.32.64.161 (or 10.64.160.xxx)
 
 (Your Signoff Here)

Single Sign On with Samba

FreeBSD

auth sufficient /usr/local/lib/pam_winbind.so

Debian

We haven't tried this with Debian yet. We should try this with Debian.


Static IP Configuration

/etc/network/interfaces: 

 iface eth0 inet static
       address 144.32.64.xxx
       netmask 255.255.255.224
       network 144.32.64.160
       broadcast 144.32.64.191
       gateway 144.32.64.161
       dns-search york.ac.uk
       mtu 1500

/etc/resolv.conf: 

 domain ury.york.ac.uk york.ac.uk
 nameserver 144.32.64.164
 nameserver 144.32.128.242
 nameserver 144.32.128.243

Retrieved from ‘https://ury.org.uk/wiki/mediawiki/index.php?title=Adding_a_New_Machine_to_the_Network&oldid=282