Adding a New Machine to the Network

From URY Wiki
Revision as of 06:02, 10 December 2013 by Lloyd Wallis (7449) (talk | contribs)
Jump to navigation Jump to search

Sometimes, URY's Computing team will come across a need to network a new device. This could be a new server, or maybe the fabled Talkback.


Checklist

  • Has the device been recently? New equipment should be by before being placed into production (YUSU offer to do it, but are entered into a 3 year [as of 2013] exclusive contract with a company that takes weeks to respond - you can also try Computer Science Hardware support [Pete Cooper], Electronics, or one of the free PAT days the University offers at the start of the academic year).
  • Is the device earmarked to go into the Server Cupboard? If so, it must be a rack mount device. It improves airflow, accessibility and prettyness. If you don't have a suitable case, ask around the team - we have "contacts" that can "source" them for you (Read: have collections of old servers).
  • Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
  • Have you informed IT Services that the new device exists? See #Registering with LAN DB

Registering with LAN DB

Men & Mice, The LAN Database, or The Evil Central Repository of Stupid, is the central IT Service database of devices that use the campus network (excluding NAS and eduroam devices). They will set you on fire if you put a device into production without telling them it exists. Create a Footprints (using either https://footprints.york.ac.uk or emailing itsupport@york.ac.uk) that looks similar to the following:

Hi,

Could I please have the following new devices added to the LAN Database as follows please:

Object name: production Machine type: Unsupported Office PC Operating System: Windows XP Department/contact: Students Union / Lloyd Wallis Location: V/URY Interface type: Ethernet MAC address: 00:50:04:41:05:36 Attachment Point: ury IP address: 144.32.64.178 Gateway: 144.32.64.161

Object name: wallpc1 Machine type: Unsupported Office PC Operating System: Windows XP Department/contact: Students Union / Lloyd Wallis Location: V/URY Interface type: Ethernet MAC address: 00:19:d1:89:36:a9 Attachment Point: ury IP address: 144.32.64.179 Gateway: 144.32.64.161

Object name: wallpc2 Machine type: Unsupported Office PC Operating System: Windows 7 Department/contact: Students Union / Lloyd Wallis Location: V/URY Interface type: Ethernet MAC address: 00:19:d1:89:2c:79 Attachment Point: ury IP address: 144.32.64.180 Gateway: 144.32.64.161


Cheers, Lloyd

SAMBA NOTES

This needs to be more formally documented, but first, follow: http://www.whitneytechnologies.com/?p=119

Then also edit /etc/pam.d/system to have auth sufficient /usr/local/lib/pam_winbind.so

sudoers should use "%domain\x20admins ALL=(ALL) ALL"

If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/

<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>

Internal access

Proxy

Note: This is no longer necessary. We previously did not have port 80 open externally but do now.

    • /etc/profile** and **/etc/bash.bashrc**
 export http_proxy=http://wwwcache.york.ac.uk:8080
 export ftp_proxy=http://wwwcache.york.ac.uk:8080

you can run the command below to append to both files

 echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc

DNS

    • /etc/hostname**
 <non-FQDN-name-just-the-machine-local-name>
    • /etc/resolv.conf**
 nameserver 10.0.0.4
 domain ury.york.ac.uk
 search ury.york.ac.uk
 

Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**

DHCP

Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**

External access

For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:

- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:

-- The server's hostname

-- The server's MAC address

-- The server's operating system and version (e.g. Debian Squeeze)

-- The server's location - This is V/URY <3840>

- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.

  1. The loopback network interface

auto lo iface lo inet loopback

  1. The primary network interface, URY Internal

auto eth0 allow-hotplug eth0 iface eth0 inet static

   address 10.0.0.--
   netmask 255.255.255.0
   network 10.0.0.0
   broadcast 10.0.0.255
   dns-nameservers 10.0.0.4
   dns-search ury.york.ac.uk
  1. External 108 Vanbrugh Subnet

iface vlan108 inet static

   address 144.32.---.---
   netmask 255.255.254.0
   network 144.32.---.---
   broadcast 144.32.---.---
   gateway 144.32.108.76
   dns-nameservers 144.32.128.243
   dns-search york.ac.uk
   mtu 1500
   vlan_raw_device eth0

Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.

Links

Back to Computing Home