Adding a New Machine to the Network
Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.
Checklist
- Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
- Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
- Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
- Have you informed IT Services that the new device exists? See #Registering with LAN DB
Registering with LAN DB
Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Service database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:
Hi,
Could I have a new device added to the LAN Database as follows please:
Object name: (DNS prefix, e.g. uryserver3)
Machine type: Unsupported Office PC
Operating System: (OS and Version e.g. FreeBSD 10.0)
Department/contact: Students Union / (Your Name)
Location: V/URY
Interface type: Ethernet
MAC address: (The MAC address)
Attachment Point: ury
IP address: 144.32.64.xxx (or 10.64.160.xxx)
Gateway: 144.32.64.161 (or 10.64.160.xxx)
(Your Signoff Here)
SAMBA NOTES
This needs to be more formally documented, but first, follow: http://www.whitneytechnologies.com/?p=119
Then also edit /etc/pam.d/system to have auth sufficient /usr/local/lib/pam_winbind.so
sudoers should use "%domain\x20admins ALL=(ALL) ALL"
If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>
Internal access
Proxy
Note: This is no longer necessary. We previously did not have port 80 open externally but do now.
- /etc/profile** and **/etc/bash.bashrc**
export http_proxy=http://wwwcache.york.ac.uk:8080 export ftp_proxy=http://wwwcache.york.ac.uk:8080
you can run the command below to append to both files
echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc
DNS
- /etc/hostname**
<non-FQDN-name-just-the-machine-local-name>
- /etc/resolv.conf**
nameserver 10.0.0.4 domain ury.york.ac.uk search ury.york.ac.uk
Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**
DHCP
Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**
External access
For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:
- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:
-- The server's hostname
-- The server's MAC address
-- The server's operating system and version (e.g. Debian Squeeze)
-- The server's location - This is V/URY <3840>
- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.
- The loopback network interface
auto lo
iface lo inet loopback
- The primary network interface, URY Internal
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 10.0.0.--
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
dns-nameservers 10.0.0.4
dns-search ury.york.ac.uk
- External 108 Vanbrugh Subnet
iface vlan108 inet static
address 144.32.---.---
netmask 255.255.254.0
network 144.32.---.---
broadcast 144.32.---.---
gateway 144.32.108.76
dns-nameservers 144.32.128.243
dns-search york.ac.uk
mtu 1500
vlan_raw_device eth0
Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.