Difference between revisions of "Adding a New Machine to the Network"
(4 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
− | == Checklist == | + | == Pre-Install Checklist == |
− | * Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year). | + | * Has the device been PA Tested recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year). |
* Is the device earmarked to go into the [[Server Cupboard]]? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers). | * Is the device earmarked to go into the [[Server Cupboard]]? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers). | ||
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)? | * Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)? | ||
Line 9: | Line 9: | ||
* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]] | * Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]] | ||
* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]? | * If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]? | ||
+ | * If this device is to have trunked networking, or something other than/in addition to VLAN653 untagged, have you configured the switch appropriately and updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEZOd2YtenEzT1RvNUdpaDFrYWpGM1E&usp=drive_web)? | ||
− | == | + | == Physical Install - Server Cupboard == |
− | + | When installing or removing rack-mount equipment from the Server Cupboard, it is usually necessary to remove the wooden front panel. You must have three technical team members with you when doing this, and a good couple of hours when it isn't raining (you'll need to move the Outside Broadcast equipment.... outside). | |
− | + | '''Do not attempt to access the rear of the rack if you are anything other than exceedingly slim. This will end badly.''' | |
− | |||
− | |||
− | + | First, make sure you have cleared space in the stores walkway for the panel to be kept whilst it is removed. This involves placing everything currently there into the vinyl section of stores or outside. Then, switch off the fans (located above a thermostat at the rear of the cupboard) and disconnect their power cables. | |
− | + | ||
− | + | This panel is held on with a series of wood screws that need to be removed. You can then begin to gently push the panel out at the bottom from the inside. Once this has given somewhat, you should be able to push the whole thing forward an inch or so out of the frame. | |
− | + | ||
− | + | You now need to slide the panel '''away''' from the wall dividing technical storage from music in order to free the section that fits around the ducting. | |
− | + | ||
− | + | '''''You might find yourself panicing that small pieces of material have fallen loose and are now in your hair. This is NOT asbestos, just some poorly placed polystyrene.''''' | |
− | + | ||
− | + | Once that is free, you can then life the panel up from the bottom, sliding it out further. As you do this, rotate it 90 degrees, and it will rest happily against the wall. You now have front access to the rack. | |
− | + | ||
− | + | * Ensure the new device is powered from the UPS, either directly from the sockets on its rear or through the 16A PDU at the back of the shelf in the middle. This is more for power smoothing than redundancy - until we got this unit we lost around one server per term due to surges and brownouts. | |
− | + | * Ensure the new device is connected to the KVM, located below the shelf in the middle of the rack. | |
+ | * If the rackmount equipment requires any screwing into the rack, there is a large tub of identical M4 bolts. If this supply has run out, acquire more from IT Services - they ironically have thousands of this same screw as it comes with HP Switches but is slightly different to the style they have standardised on. | ||
+ | * Ensure that cabling is managed down the side of the rear of the rack, network on one side, power on the other. | ||
+ | * Power up the device. Ensure that APC PowerChute is installed on it and the UPS has been configured to trigger a remote shutdown at the appropriate time during a power outage. | ||
+ | * IMPORTANT: Update the Server Rack diagram documentation, including the A3 printed on in stores, and the system startup/shutdown procedure. | ||
+ | |||
+ | Once you're done, don't forget to reinstall the wooden panel in front of the rack. | ||
+ | |||
+ | == Registering with LAN DB == | ||
+ | Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Services database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following: | ||
− | (Your Signoff Here) | + | Hi, |
+ | Could I have a new device added to the LAN Database as follows please: | ||
+ | |||
+ | Object name: (DNS prefix, e.g. uryserver3) | ||
+ | Machine type: Unsupported Office PC | ||
+ | Operating System: (OS and Version e.g. FreeBSD 10.0) | ||
+ | Department/contact: Students Union / (Your Name) | ||
+ | Location: V/URY | ||
+ | Interface type: Ethernet | ||
+ | MAC address: (The MAC address) | ||
+ | Attachment Point: ury | ||
+ | IP address: 144.32.64.xxx (or 10.64.160.xxx) | ||
+ | Gateway: 144.32.64.161 (or 10.64.160.xxx) | ||
+ | |||
+ | (Your Signoff Here) | ||
− | + | == Single Sign On with Samba == | |
− | + | === FreeBSD === | |
* Follow the following guide: http://www.whitneytechnologies.com/?p=119 | * Follow the following guide: http://www.whitneytechnologies.com/?p=119 | ||
* Change the home directory path configuration from above to just be /home/%U (no domain in the path) | * Change the home directory path configuration from above to just be /home/%U (no domain in the path) | ||
Line 43: | Line 65: | ||
* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/ | * If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/ | ||
− | + | === Debian === | |
We haven't tried this with Debian yet. We should try this with Debian. | We haven't tried this with Debian yet. We should try this with Debian. | ||
− | + | == Static IP Configuration == | |
/etc/network/interfaces: | /etc/network/interfaces: | ||
<code> | <code> | ||
− | iface eth0 inet static | + | iface eth0 inet static |
address 144.32.64.xxx | address 144.32.64.xxx | ||
netmask 255.255.255.224 | netmask 255.255.255.224 | ||
Line 64: | Line 86: | ||
<code> | <code> | ||
− | domain ury.york.ac.uk york.ac.uk | + | domain ury.york.ac.uk york.ac.uk |
− | nameserver 144.32.64.164 | + | nameserver 144.32.64.164 |
− | nameserver 144.32.128.242 | + | nameserver 144.32.128.242 |
− | nameserver 144.32.128.243 | + | nameserver 144.32.128.243 |
</code> | </code> | ||
+ | |||
+ | [[Category:Technical How-Tos]] |
Latest revision as of 10:55, 18 December 2013
Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.
Pre-Install Checklist
- Has the device been PA Tested recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
- Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
- Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
- Have you informed IT Services that the new device exists? See #Registering with LAN DB
- Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in #Static IP Configuration
- If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per #Single Sign On with Samba?
- If this device is to have trunked networking, or something other than/in addition to VLAN653 untagged, have you configured the switch appropriately and updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEZOd2YtenEzT1RvNUdpaDFrYWpGM1E&usp=drive_web)?
Physical Install - Server Cupboard
When installing or removing rack-mount equipment from the Server Cupboard, it is usually necessary to remove the wooden front panel. You must have three technical team members with you when doing this, and a good couple of hours when it isn't raining (you'll need to move the Outside Broadcast equipment.... outside).
Do not attempt to access the rear of the rack if you are anything other than exceedingly slim. This will end badly.
First, make sure you have cleared space in the stores walkway for the panel to be kept whilst it is removed. This involves placing everything currently there into the vinyl section of stores or outside. Then, switch off the fans (located above a thermostat at the rear of the cupboard) and disconnect their power cables.
This panel is held on with a series of wood screws that need to be removed. You can then begin to gently push the panel out at the bottom from the inside. Once this has given somewhat, you should be able to push the whole thing forward an inch or so out of the frame.
You now need to slide the panel away from the wall dividing technical storage from music in order to free the section that fits around the ducting.
You might find yourself panicing that small pieces of material have fallen loose and are now in your hair. This is NOT asbestos, just some poorly placed polystyrene.
Once that is free, you can then life the panel up from the bottom, sliding it out further. As you do this, rotate it 90 degrees, and it will rest happily against the wall. You now have front access to the rack.
- Ensure the new device is powered from the UPS, either directly from the sockets on its rear or through the 16A PDU at the back of the shelf in the middle. This is more for power smoothing than redundancy - until we got this unit we lost around one server per term due to surges and brownouts.
- Ensure the new device is connected to the KVM, located below the shelf in the middle of the rack.
- If the rackmount equipment requires any screwing into the rack, there is a large tub of identical M4 bolts. If this supply has run out, acquire more from IT Services - they ironically have thousands of this same screw as it comes with HP Switches but is slightly different to the style they have standardised on.
- Ensure that cabling is managed down the side of the rear of the rack, network on one side, power on the other.
- Power up the device. Ensure that APC PowerChute is installed on it and the UPS has been configured to trigger a remote shutdown at the appropriate time during a power outage.
- IMPORTANT: Update the Server Rack diagram documentation, including the A3 printed on in stores, and the system startup/shutdown procedure.
Once you're done, don't forget to reinstall the wooden panel in front of the rack.
Registering with LAN DB
Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Services database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:
Hi, Could I have a new device added to the LAN Database as follows please: Object name: (DNS prefix, e.g. uryserver3) Machine type: Unsupported Office PC Operating System: (OS and Version e.g. FreeBSD 10.0) Department/contact: Students Union / (Your Name) Location: V/URY Interface type: Ethernet MAC address: (The MAC address) Attachment Point: ury IP address: 144.32.64.xxx (or 10.64.160.xxx) Gateway: 144.32.64.161 (or 10.64.160.xxx) (Your Signoff Here)
Single Sign On with Samba
FreeBSD
- Follow the following guide: http://www.whitneytechnologies.com/?p=119
- Change the home directory path configuration from above to just be /home/%U (no domain in the path)
- Edit /etc/pam.d/system to have
auth sufficient /usr/local/lib/pam_winbind.so
- Edit sudoers to use
%domain\x20admins ALL=(ALL) ALL
- If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
Debian
We haven't tried this with Debian yet. We should try this with Debian.
Static IP Configuration
/etc/network/interfaces:
iface eth0 inet static
address 144.32.64.xxx
netmask 255.255.255.224
network 144.32.64.160
broadcast 144.32.64.191
gateway 144.32.64.161
dns-search york.ac.uk
mtu 1500
/etc/resolv.conf:
domain ury.york.ac.uk york.ac.uk
nameserver 144.32.64.164
nameserver 144.32.128.242
nameserver 144.32.128.243