Networking » History » Version 3
Version 2 (Anonymous, 09/24/2007 11:55 AM) → Version 3/4 (Anonymous, 09/28/2007 10:42 AM)
= Newtorking =
== Network Configuration ==
Make the following changes on the master node and each slave node:
* Modify ''/etc/sysconfig/network'' in order to enable networking, set the hostname, and disable the Zero Configuration Networking:
{{{
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=[Add Hostname]
NOZEROCONF=yes
}}}
* Modify ''/etc/sysconfig/networking/devices/ifcfg-eth0'' in order to configure the internal network interface (''eth0''):
{{{
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
HWADDR=[Add MAC Address]
IPADDR=[Add Internal IP Address]
BROADCAST=192.168.199.255
GATEWAY=192.168.199.1 GATEWAY=192.168.0.1
NETWORK=192.168.199.0
NETMASK=255.255.255.0
MTU=9000
}}}
The MTU value enables ''jumbo frames'' and a better performance on the internal network.
* Modify ''/etc/sysconfig/networking/devices/ifcfg-eth1'' in order to configure the external network interface (''eth1''):
{{{
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
HWADDR=[Add MAC Address]
IPADDR=[Add External IP Address]
BROADCAST=128.243.21.255
GATEWAY=128.243.21.1
NETWORK=128.243.21.0
NETMASK=255.255.255.0
}}}
* Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):
{{{
/sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0
/sbin/route add -net 128.243.21.0 netmask 255.255.255.0 dev eth1
/sbin/route add default gw 128.243.21.1 dev eth1
}}}
* Restart the network. Enter at the command line of the master node and each slave node:
{{{
/sbin/service network restart
}}}
== Firewall ==
The only services that the master node will accept connections for from the external interface (''eth0'') will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).
* Check ''/etc/sysconfig/iptables'' on the master node for the following lines:
{{{
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
}}}
All network traffic using the internal network interface (''eth0'') is trusted and considered to be secure. Thus, no firewall is needed.
* Modify ''/etc/sysconfig/iptables'' on the master node and on each slave node. Add
{{{
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
}}}
directly after
{{{
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
}}}
* Make the firewall start at bootup. Enter at the command line of the master node and each slave node:
{{{
/sbin/chkconfig --add iptables
/sbin/chkconfig iptables on
}}}
* Start the firewall. Enter at the command line of the master node and each slave node:
{{{
/sbin/service iptables restart
}}}
== Host Name Resolution ==
=== Internal Host Name Resolution ===
As each node consists of two network interfaces (''multihomed host''), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.
* The official hostname for each (master and slave) node must be set to the ''internal'' name of the machine in ''/etc/sysconfig/network'' (e.g. for the master node):
{{{
HOSTNAME=master01.procksi.local
}}}
* Modify ''/etc/hosts'' in order to configure the host name resolution (e.g. the master node):
{{{
127.0.0.1 master01.procksi.local master01 localhost.localdomain localhost
}}}
and alter the line for each slave node (slave01 ... slaveXX) accordingly.
* Modify ''/etc/hosts'' on the master node and each slave node in order to specify IP addresses and host names of the ProCKSI cluster:
{{{
192.168.199.1 master01.procksi.local master01 m01
192.168.199.11 slave01.procksi.local slave01 s01
192.168.199.12 slave02.procksi.local slave02 s02
192.168.199.13 slave03.procksi.local slave03 s03
192.168.199.14 slave04.procksi.local slave04 s04
}}}
* Modify ''/etc/host.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
{{{
order hosts,bind
}}}
* Modify ''/etc/nsswitch.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
{{{
Hosts: files dns
}}}
* Modify ''/etc/resolve.cof’’ so that host names other then those of the ProCKSI cluster can be resolved:
{{{
search cs.nott.ac.uk
nameserver 128.243.21.19
nameserver 128.243.20.6
}}}
=== External Host Name Resolution ===
In order to allow other computers on the Internet to connect to ProCKSI’s master node, the following settings must be made with the provider for the URL and email forwarding.
* The primary and secondary DNS servers must be set as follows:
{{{
Primary ns1.iprimus.com.au
Secondary ns2.iprimus.com.au
}}}
* The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct URL forwarding:
{{{
CNAME *.procksi.net procksi.cs.nott.ac.uk.
CNAME *.procksi.org www.procksi.net.
CNAME *.procksi.com www.procksi.net.
CNAME *.procksi.info www.procksi.net.
}}}
* The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct email forwarding:
{{{
MX @.procksi.net mailhost.planetdomain.com 10
}}}
== Network Configuration ==
Make the following changes on the master node and each slave node:
* Modify ''/etc/sysconfig/network'' in order to enable networking, set the hostname, and disable the Zero Configuration Networking:
{{{
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=[Add Hostname]
NOZEROCONF=yes
}}}
* Modify ''/etc/sysconfig/networking/devices/ifcfg-eth0'' in order to configure the internal network interface (''eth0''):
{{{
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
HWADDR=[Add MAC Address]
IPADDR=[Add Internal IP Address]
BROADCAST=192.168.199.255
GATEWAY=192.168.199.1 GATEWAY=192.168.0.1
NETWORK=192.168.199.0
NETMASK=255.255.255.0
MTU=9000
}}}
The MTU value enables ''jumbo frames'' and a better performance on the internal network.
* Modify ''/etc/sysconfig/networking/devices/ifcfg-eth1'' in order to configure the external network interface (''eth1''):
{{{
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
HWADDR=[Add MAC Address]
IPADDR=[Add External IP Address]
BROADCAST=128.243.21.255
GATEWAY=128.243.21.1
NETWORK=128.243.21.0
NETMASK=255.255.255.0
}}}
* Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):
{{{
/sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0
/sbin/route add -net 128.243.21.0 netmask 255.255.255.0 dev eth1
/sbin/route add default gw 128.243.21.1 dev eth1
}}}
* Restart the network. Enter at the command line of the master node and each slave node:
{{{
/sbin/service network restart
}}}
== Firewall ==
The only services that the master node will accept connections for from the external interface (''eth0'') will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).
* Check ''/etc/sysconfig/iptables'' on the master node for the following lines:
{{{
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
}}}
All network traffic using the internal network interface (''eth0'') is trusted and considered to be secure. Thus, no firewall is needed.
* Modify ''/etc/sysconfig/iptables'' on the master node and on each slave node. Add
{{{
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
}}}
directly after
{{{
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
}}}
* Make the firewall start at bootup. Enter at the command line of the master node and each slave node:
{{{
/sbin/chkconfig --add iptables
/sbin/chkconfig iptables on
}}}
* Start the firewall. Enter at the command line of the master node and each slave node:
{{{
/sbin/service iptables restart
}}}
== Host Name Resolution ==
=== Internal Host Name Resolution ===
As each node consists of two network interfaces (''multihomed host''), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.
* The official hostname for each (master and slave) node must be set to the ''internal'' name of the machine in ''/etc/sysconfig/network'' (e.g. for the master node):
{{{
HOSTNAME=master01.procksi.local
}}}
* Modify ''/etc/hosts'' in order to configure the host name resolution (e.g. the master node):
{{{
127.0.0.1 master01.procksi.local master01 localhost.localdomain localhost
}}}
and alter the line for each slave node (slave01 ... slaveXX) accordingly.
* Modify ''/etc/hosts'' on the master node and each slave node in order to specify IP addresses and host names of the ProCKSI cluster:
{{{
192.168.199.1 master01.procksi.local master01 m01
192.168.199.11 slave01.procksi.local slave01 s01
192.168.199.12 slave02.procksi.local slave02 s02
192.168.199.13 slave03.procksi.local slave03 s03
192.168.199.14 slave04.procksi.local slave04 s04
}}}
* Modify ''/etc/host.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
{{{
order hosts,bind
}}}
* Modify ''/etc/nsswitch.conf'' so that local settings in ''/etc/hosts'' take precedence over DNS queries:
{{{
Hosts: files dns
}}}
* Modify ''/etc/resolve.cof’’ so that host names other then those of the ProCKSI cluster can be resolved:
{{{
search cs.nott.ac.uk
nameserver 128.243.21.19
nameserver 128.243.20.6
}}}
=== External Host Name Resolution ===
In order to allow other computers on the Internet to connect to ProCKSI’s master node, the following settings must be made with the provider for the URL and email forwarding.
* The primary and secondary DNS servers must be set as follows:
{{{
Primary ns1.iprimus.com.au
Secondary ns2.iprimus.com.au
}}}
* The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct URL forwarding:
{{{
CNAME *.procksi.net procksi.cs.nott.ac.uk.
CNAME *.procksi.org www.procksi.net.
CNAME *.procksi.com www.procksi.net.
CNAME *.procksi.info www.procksi.net.
}}}
* The following changes must be made manually in ''Advanced DNS settings'' in order to allow a correct email forwarding:
{{{
MX @.procksi.net mailhost.planetdomain.com 10
}}}