Newtorking

Network Configuration

Make the following changes on the master node and each slave node:

  • Modify /etc/sysconfig/network in order to enable networking, set the hostname, and disable the Zero Configuration Networking:
      NETWORKING=yes
      NETWORKING_IPV6=no
      HOSTNAME=[Add Hostname]
      NOZEROCONF=yes
    
  • Modify /etc/sysconfig/networking/devices/ifcfg-eth0 in order to configure the internal network interface (eth0):
      DEVICE=eth0
      TYPE=Ethernet
      ONBOOT=yes
      BOOTPROTO=static
      HWADDR=[Add MAC Address]
      IPADDR=[Add Internal IP Address]
      BROADCAST=192.168.199.255
      GATEWAY=192.168.199.1
      NETWORK=192.168.199.0
      NETMASK=255.255.255.0
      MTU=9000
    

    The MTU value enables jumbo frames and a better performance on the internal network.
  • Modify /etc/sysconfig/networking/devices/ifcfg-eth1 in order to configure the external network interface (eth1):
      DEVICE=eth1
      TYPE=Ethernet
      ONBOOT=yes
      BOOTPROTO=static
      HWADDR=[Add MAC Address]
      IPADDR=[Add External IP Address]
      BROADCAST=128.243.21.255
      GATEWAY=128.243.21.1
      NETWORK=128.243.21.0
      NETMASK=255.255.255.0
    
  • Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):
      /sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0
      /sbin/route add -net 128.243.21.0  netmask 255.255.255.0 dev eth1
      /sbin/route add default gw 128.243.21.1 dev eth1
    
  • Restart the network. Enter at the command line of the master node and each slave node:
       /sbin/service network restart
    

Firewall

The only services that the master node will accept connections for from the external interface (eth0) will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).

  • Check /etc/sysconfig/iptables on the master node for the following lines:
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    

All network traffic using the internal network interface (eth0) is trusted and considered to be secure. Thus, no firewall is needed.

  • Modify /etc/sysconfig/iptables on the master node and on each slave node. Add
       -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
    

    directly after
        -A RH-Firewall-1-INPUT -i lo -j ACCEPT 
    
  • Make the firewall start at bootup. Enter at the command line of the master node and each slave node:
       /sbin/chkconfig  --add iptables
       /sbin/chkconfig  iptables  on
    
  • Start the firewall. Enter at the command line of the master node and each slave node:
       /sbin/service iptables restart
    

Host Name Resolution

Internal Host Name Resolution

As each node consists of two network interfaces (multihomed host), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.

  • The official hostname for each (master and slave) node must be set to the internal name of the machine in /etc/sysconfig/network (e.g. for the master node):
     HOSTNAME=master01.procksi.local
    
  • Modify /etc/hosts in order to configure the host name resolution (e.g. the master node):
     127.0.0.1       master01.procksi.local  master01        localhost.localdomain   localhost
    

    and alter the line for each slave node (slave01 ... slaveXX) accordingly.
  • Modify /etc/hosts on the master node and each slave node in order to specify IP addresses and host names of the ProCKSI cluster:
      192.168.199.1   master01.procksi.local master01 m01
      192.168.199.11  slave01.procksi.local  slave01  s01
      192.168.199.12  slave02.procksi.local  slave02  s02
      192.168.199.13  slave03.procksi.local  slave03  s03
      192.168.199.14  slave04.procksi.local  slave04  s04
    
  • Modify /etc/host.conf so that local settings in /etc/hosts take precedence over DNS queries:
     order hosts,bind
    
  • Modify /etc/nsswitch.conf so that local settings in /etc/hosts take precedence over DNS queries:
     Hosts: files dns
    
  • Modify _/etc/resolve.cof’’ so that host names other then those of the ProCKSI cluster can be resolved:
     search   cs.nott.ac.uk
     nameserver   128.243.21.19
     nameserver   128.243.20.6
    

External Host Name Resolution

In order to allow other computers on the Internet to connect to ProCKSI’s master node, the following settings must be made with the provider for the URL and email forwarding.

  • The primary and secondary DNS servers must be set as follows:
      Primary     ns1.iprimus.com.au
      Secondary   ns2.iprimus.com.au 
    
  • The following changes must be made manually in Advanced DNS settings in order to allow a correct URL forwarding:
     CNAME   *.procksi.net     procksi.cs.nott.ac.uk.
     CNAME   *.procksi.org     www.procksi.net.
     CNAME   *.procksi.com     www.procksi.net.
     CNAME   *.procksi.info   www.procksi.net.
    
  • The following changes must be made manually in Advanced DNS settings in order to allow a correct email forwarding:
     MX   @.procksi.net   mailhost.planetdomain.com   10