Networking » History » Version 3

Anonymous, 09/28/2007 10:42 AM

1 1 Anonymous
= Newtorking =
2 1 Anonymous
3 1 Anonymous
== Network Configuration == 
4 1 Anonymous
Make the following changes on the master node and each slave node:
5 1 Anonymous
6 1 Anonymous
 * Modify ''/etc/sysconfig/network'' in order to enable networking, set the hostname, and disable the Zero Configuration Networking:
7 1 Anonymous
  {{{
8 1 Anonymous
  NETWORKING=yes
9 1 Anonymous
  NETWORKING_IPV6=no
10 1 Anonymous
  HOSTNAME=[Add Hostname]
11 1 Anonymous
  NOZEROCONF=yes
12 1 Anonymous
  }}}
13 1 Anonymous
14 1 Anonymous
 * Modify ''/etc/sysconfig/networking/devices/ifcfg-eth0'' in order to configure the internal network interface (''eth0''):
15 1 Anonymous
  {{{
16 1 Anonymous
  DEVICE=eth0
17 1 Anonymous
  TYPE=Ethernet
18 1 Anonymous
  ONBOOT=yes
19 1 Anonymous
  BOOTPROTO=static
20 1 Anonymous
  HWADDR=[Add MAC Address]
21 1 Anonymous
  IPADDR=[Add Internal IP Address]
22 1 Anonymous
  BROADCAST=192.168.199.255
23 3 Anonymous
  GATEWAY=192.168.199.1
24 1 Anonymous
  NETWORK=192.168.199.0
25 1 Anonymous
  NETMASK=255.255.255.0
26 1 Anonymous
  MTU=9000
27 1 Anonymous
  }}}
28 1 Anonymous
  The MTU value enables ''jumbo frames'' and a better performance on the internal network.
29 1 Anonymous
30 1 Anonymous
 * Modify ''/etc/sysconfig/networking/devices/ifcfg-eth1'' in order to configure the external network interface (''eth1''):
31 1 Anonymous
  {{{
32 1 Anonymous
  DEVICE=eth1
33 1 Anonymous
  TYPE=Ethernet
34 1 Anonymous
  ONBOOT=yes
35 1 Anonymous
  BOOTPROTO=static
36 1 Anonymous
  HWADDR=[Add MAC Address]
37 1 Anonymous
  IPADDR=[Add External IP Address]
38 1 Anonymous
  BROADCAST=128.243.21.255
39 1 Anonymous
  GATEWAY=128.243.21.1
40 1 Anonymous
  NETWORK=128.243.21.0
41 1 Anonymous
  NETMASK=255.255.255.0
42 1 Anonymous
  }}}
43 1 Anonymous
44 1 Anonymous
 * Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):
45 1 Anonymous
  {{{
46 1 Anonymous
  /sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0
47 1 Anonymous
  /sbin/route add -net 128.243.21.0  netmask 255.255.255.0 dev eth1
48 1 Anonymous
  /sbin/route add default gw 128.243.21.1 dev eth1
49 1 Anonymous
  }}}
50 1 Anonymous
51 1 Anonymous
 * Restart the network. Enter at the command line of the master node and each slave node: 
52 1 Anonymous
   {{{
53 1 Anonymous
   /sbin/service network restart
54 1 Anonymous
   }}}
55 1 Anonymous
56 1 Anonymous
57 1 Anonymous
== Firewall ==
58 1 Anonymous
The only services that the master node will accept connections for from the external interface (''eth0'') will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).
59 1 Anonymous
60 1 Anonymous
 * Check ''/etc/sysconfig/iptables'' on the master node for the following lines: 
61 1 Anonymous
{{{
62 1 Anonymous
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
63 1 Anonymous
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
64 1 Anonymous
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
65 1 Anonymous
}}}
66 1 Anonymous
67 1 Anonymous
68 1 Anonymous
All network traffic using the internal network interface (''eth0'') is trusted and considered to be secure. Thus, no firewall is needed.
69 1 Anonymous
70 1 Anonymous
 * Modify ''/etc/sysconfig/iptables'' on the master node and on each slave node. Add
71 1 Anonymous
   {{{
72 1 Anonymous
   -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
73 1 Anonymous
   }}}
74 1 Anonymous
   directly after
75 1 Anonymous
   {{{
76 1 Anonymous
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT 
77 1 Anonymous
   }}}
78 1 Anonymous
79 1 Anonymous
80 1 Anonymous
 * Make the firewall start at bootup. Enter at the command line of the master node and each slave node:
81 1 Anonymous
   {{{
82 1 Anonymous
   /sbin/chkconfig  --add iptables
83 1 Anonymous
   /sbin/chkconfig  iptables  on
84 1 Anonymous
   }}}
85 1 Anonymous
86 1 Anonymous
 * Start the firewall. Enter at the command line of the master node and each slave node: 
87 1 Anonymous
   {{{
88 1 Anonymous
   /sbin/service iptables restart
89 1 Anonymous
   }}}
90 1 Anonymous
91 1 Anonymous
92 1 Anonymous
== Host Name Resolution ==
93 1 Anonymous
94 1 Anonymous
=== Internal Host Name Resolution ===
95 1 Anonymous
As each node consists of two network interfaces (''multihomed host''), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.
96 1 Anonymous
97 1 Anonymous
 * The official hostname for each (master and slave) node must be set to the ''internal'' name of the machine in ''/etc/sysconfig/network'' (e.g. for the master node):
98 1 Anonymous
 {{{
99 1 Anonymous
 HOSTNAME=master01.procksi.local
100 1 Anonymous
 }}}
101 1 Anonymous
102 1 Anonymous
 * Modify ''/etc/hosts'' in order to configure the host name resolution (e.g. the master node):
103 1 Anonymous
 {{{
104 1 Anonymous
 127.0.0.1       master01.procksi.local  master01        localhost.localdomain   localhost
105 1 Anonymous
 }}}
106 1 Anonymous
 and alter the line for each slave node (slave01 ... slaveXX) accordingly.
107 1 Anonymous
108 1 Anonymous
 * Modify ''/etc/hosts'' on the master node and each slave node in order to specify IP addresses and host names of the ProCKSI cluster:
109 1 Anonymous
 {{{
110 2 Anonymous
  192.168.199.1   master01.procksi.local master01 m01
111 1 Anonymous
  192.168.199.11  slave01.procksi.local  slave01  s01
112 1 Anonymous
  192.168.199.12  slave02.procksi.local  slave02  s02
113 1 Anonymous
  192.168.199.13  slave03.procksi.local  slave03  s03
114 1 Anonymous
  192.168.199.14  slave04.procksi.local  slave04  s04
115 1 Anonymous
 }}}
116 1 Anonymous
117 1 Anonymous
 * Modify ''/etc/host.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
118 1 Anonymous
 {{{
119 1 Anonymous
 order hosts,bind
120 1 Anonymous
 }}}
121 1 Anonymous
122 1 Anonymous
 * Modify ''/etc/nsswitch.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
123 1 Anonymous
 {{{
124 1 Anonymous
 Hosts: files dns
125 1 Anonymous
 }}}
126 1 Anonymous
127 1 Anonymous
 * Modify ''/etc/resolve.cof’’ so that host names other then those of the ProCKSI cluster can be resolved:
128 1 Anonymous
 {{{
129 1 Anonymous
 search   cs.nott.ac.uk
130 1 Anonymous
 nameserver   128.243.21.19
131 1 Anonymous
 nameserver   128.243.20.6
132 1 Anonymous
 }}}
133 1 Anonymous
134 1 Anonymous
135 1 Anonymous
136 1 Anonymous
=== External Host Name Resolution ===
137 1 Anonymous
In order to allow other computers on the Internet to connect to ProCKSI’s master node, the following settings must be made with the provider for the URL and email forwarding.
138 1 Anonymous
139 1 Anonymous
 * The primary and secondary DNS servers must be set as follows:
140 1 Anonymous
  {{{
141 1 Anonymous
  Primary     ns1.iprimus.com.au
142 1 Anonymous
  Secondary   ns2.iprimus.com.au 
143 1 Anonymous
  }}}
144 1 Anonymous
145 1 Anonymous
 * The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct URL forwarding:
146 1 Anonymous
 {{{
147 1 Anonymous
 CNAME   *.procksi.net	 procksi.cs.nott.ac.uk.
148 1 Anonymous
 CNAME   *.procksi.org	 www.procksi.net.
149 1 Anonymous
 CNAME   *.procksi.com	 www.procksi.net.
150 1 Anonymous
 CNAME   *.procksi.info   www.procksi.net.
151 1 Anonymous
 }}}
152 1 Anonymous
153 1 Anonymous
 * The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct email forwarding:
154 1 Anonymous
 {{{
155 1 Anonymous
 MX   @.procksi.net   mailhost.planetdomain.com   10
156 1 Anonymous
 }}}