Newtorking¶
Network Configuration¶
Make the following changes on the master node and each slave node:
- Modify /etc/sysconfig/network in order to enable networking, set the hostname, and disable the Zero Configuration Networking:
NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=[Add Hostname] NOZEROCONF=yes
- Modify /etc/sysconfig/networking/devices/ifcfg-eth0 in order to configure the internal network interface (eth0):
DEVICE=eth0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static HWADDR=[Add MAC Address] IPADDR=[Add Internal IP Address] BROADCAST=192.168.199.255 GATEWAY=192.168.199.1 NETWORK=192.168.199.0 NETMASK=255.255.255.0 MTU=9000
The MTU value enables jumbo frames and a better performance on the internal network.
- Modify /etc/sysconfig/networking/devices/ifcfg-eth1 in order to configure the external network interface (eth1):
DEVICE=eth1 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static HWADDR=[Add MAC Address] IPADDR=[Add External IP Address] BROADCAST=128.243.21.255 GATEWAY=128.243.21.1 NETWORK=128.243.21.0 NETMASK=255.255.255.0
- Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):
/sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0 /sbin/route add -net 128.243.21.0 netmask 255.255.255.0 dev eth1 /sbin/route add default gw 128.243.21.1 dev eth1
- Restart the network. Enter at the command line of the master node and each slave node:
/sbin/service network restart
Firewall¶
The only services that the master node will accept connections for from the external interface (eth0) will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).
- Check /etc/sysconfig/iptables on the master node for the following lines:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
All network traffic using the internal network interface (eth0) is trusted and considered to be secure. Thus, no firewall is needed.
- Modify /etc/sysconfig/iptables on the master node and on each slave node. Add
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
directly after-A RH-Firewall-1-INPUT -i lo -j ACCEPT
- Make the firewall start at bootup. Enter at the command line of the master node and each slave node:
/sbin/chkconfig --add iptables /sbin/chkconfig iptables on
- Start the firewall. Enter at the command line of the master node and each slave node:
/sbin/service iptables restart
Host Name Resolution¶
Internal Host Name Resolution¶
As each node consists of two network interfaces (multihomed host), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.
- The official hostname for each (master and slave) node must be set to the internal name of the machine in /etc/sysconfig/network (e.g. for the master node):
HOSTNAME=master01.procksi.local
- Modify /etc/hosts in order to configure the host name resolution (e.g. the master node):
127.0.0.1 master01.procksi.local master01 localhost.localdomain localhost
and alter the line for each slave node (slave01 ... slaveXX) accordingly.
- Modify /etc/hosts on the master node and each slave node in order to specify IP addresses and host names of the ProCKSI cluster:
192.168.199.1 master01.procksi.local master01 m01 192.168.199.11 slave01.procksi.local slave01 s01 192.168.199.12 slave02.procksi.local slave02 s02 192.168.199.13 slave03.procksi.local slave03 s03 192.168.199.14 slave04.procksi.local slave04 s04
- Modify /etc/host.conf so that local settings in /etc/hosts take precedence over DNS queries:
order hosts,bind
- Modify /etc/nsswitch.conf so that local settings in /etc/hosts take precedence over DNS queries:
Hosts: files dns
- Modify _/etc/resolve.cof’’ so that host names other then those of the ProCKSI cluster can be resolved:
search cs.nott.ac.uk nameserver 128.243.21.19 nameserver 128.243.20.6
External Host Name Resolution¶
In order to allow other computers on the Internet to connect to ProCKSI’s master node, the following settings must be made with the provider for the URL and email forwarding.
- The primary and secondary DNS servers must be set as follows:
Primary ns1.iprimus.com.au Secondary ns2.iprimus.com.au
- The following changes must be made manually in Advanced DNS settings in order to allow a correct URL forwarding:
CNAME *.procksi.net procksi.cs.nott.ac.uk. CNAME *.procksi.org www.procksi.net. CNAME *.procksi.com www.procksi.net. CNAME *.procksi.info www.procksi.net.
- The following changes must be made manually in Advanced DNS settings in order to allow a correct email forwarding:
MX @.procksi.net mailhost.planetdomain.com 10