Difference between revisions of "Adding a New Machine to the Network"

Revision as of 07:17, 10 December 2013

Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.

Checklist

Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
Have you informed IT Services that the new device exists? See #Registering with LAN DB
Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in #Static IP Configuration
If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per #Single Sign On with Samba?

Registering with LAN DB

Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Service database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:

Hi,

Could I have a new device added to the LAN Database as follows please:

Object name: (DNS prefix, e.g. uryserver3)

Machine type: Unsupported Office PC

Operating System: (OS and Version e.g. FreeBSD 10.0)

Department/contact: Students Union / (Your Name)

Location: V/URY

Interface type: Ethernet

MAC address: (The MAC address)

Attachment Point: ury

IP address: 144.32.64.xxx (or 10.64.160.xxx)

Gateway: 144.32.64.161 (or 10.64.160.xxx)

(Your Signoff Here)

Single Sign On with Samba

FreeBSD

Follow the following guide: http://www.whitneytechnologies.com/?p=119
Change the home directory path configuration from above to just be /home/%U (no domain in the path)
Edit /etc/pam.d/system to have

auth sufficient /usr/local/lib/pam_winbind.so

Edit sudoers to use %domain\x20admins ALL=(ALL) ALL
If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/

Debian

We haven't tried this with Debian yet. We should try this with Debian.

Static IP Configuration

/etc/network/interfaces: iface eth0 inet static

       address 144.32.64.xxx
       netmask 255.255.255.224
       network 144.32.64.160
       broadcast 144.32.64.191
       gateway 144.32.64.161
       dns-search york.ac.uk
       mtu 1500

/etc/resolv.conf: domain ury.york.ac.uk york.ac.uk nameserver 144.32.64.164 nameserver 144.32.128.242 nameserver 144.32.128.243

@@ Line 7: / Line 7: @@
 * Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
 * Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
+* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]]
+* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]?
 === Registering with LAN DB ===
@@ Line 40: / Line 42: @@
 (Your Signoff Here)
-==== SAMBA NOTES ====
+=== Single Sign On with Samba ===
-This needs to be more formally documented, but first, follow:
+==== FreeBSD ====
-http://www.whitneytechnologies.com/?p=119
+* Follow the following guide: http://www.whitneytechnologies.com/?p=119
+* Change the home directory path configuration from above to just be /home/%U (no domain in the path)
-Then also edit /etc/pam.d/system to have
+* Edit /etc/pam.d/system to have
+<code>
 auth            sufficient      /usr/local/lib/pam_winbind.so
+</code>
+* Edit sudoers to use <code>%domain\x20admins ALL=(ALL) ALL</code>
+* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
-sudoers should use "%domain\x20admins ALL=(ALL) ALL"
+==== Debian ====
+We haven't tried this with Debian yet. We should try this with Debian.
-If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
-<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>
-===== Internal access =====
-==== Proxy ====
-Note: This is no longer necessary. We previously did not have port 80 open externally but do now.
-**/etc/profile** and **/etc/bash.bashrc**
-  export http_proxy=http://wwwcache.york.ac.uk:8080
-  export ftp_proxy=http://wwwcache.york.ac.uk:8080
-you can run the command below to append to both files
-  echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc
-==== DNS ====
-**/etc/hostname**
-  <non-FQDN-name-just-the-machine-local-name>
-**/etc/resolv.conf**
-  nameserver 10.0.0.4
-  domain ury.york.ac.uk
-  search ury.york.ac.uk
-Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**
-==== DHCP ====
-Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**
-===== External access =====
-For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:
-- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:
--- The server's hostname
+=== Static IP Configuration ===
+/etc/network/interfaces:
--- The server's MAC address
--- The server's operating system and version (e.g. Debian Squeeze)
--- The server's location - This is V/URY <3840>
-- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.
 <code>
-# The loopback network interface
-auto lo
-iface lo inet loopback
-# The primary network interface, URY Internal
-auto eth0
-allow-hotplug eth0
 iface eth0 inet static
-    address 10.0.0.--
+        address 144.32.64.xxx
-    netmask 255.255.255.0
+        netmask 255.255.255.224
-    network 10.0.0.0
+        network 144.32.64.160
-    broadcast 10.0.0.255
+        broadcast 144.32.64.191
-    dns-nameservers 10.0.0.4
+        gateway 144.32.64.161
-    dns-search ury.york.ac.uk
+        dns-search york.ac.uk
+        mtu 1500
-#External 108 Vanbrugh Subnet
+</code>
-iface vlan108 inet static
+<code>
-    address 144.32.---.---
+/etc/resolv.conf:
-    netmask 255.255.254.0
+domain ury.york.ac.uk york.ac.uk
-    network 144.32.---.---
+nameserver 144.32.64.164
-    broadcast 144.32.---.---
+nameserver 144.32.128.242
-    gateway 144.32.108.76
+nameserver 144.32.128.243
-    dns-nameservers 144.32.128.243
-    dns-search york.ac.uk
-    mtu 1500
-    vlan_raw_device eth0
 </code>
-Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.
-===== Links =====
-[[computing:mainpage|Back to Computing Home]]