ProCKSI

h1. Newtorking

h2. Network Configuration

Make the following changes on the master node and each slave node:

* Modify _/etc/sysconfig/network_ in order to enable networking, set the hostname, and disable the Zero Configuration Networking:

<pre>

  NETWORKING=yes

  NETWORKING_IPV6=no

  HOSTNAME=[Add Hostname]

  NOZEROCONF=yes

</pre>

* Modify _/etc/sysconfig/networking/devices/ifcfg-eth0_ in order to configure the internal network interface (_eth0_):

<pre>

  DEVICE=eth0

  TYPE=Ethernet

  ONBOOT=yes

  BOOTPROTO=static

  HWADDR=[Add MAC Address]

  IPADDR=[Add Internal IP Address]

  BROADCAST=192.168.199.255

  GATEWAY=192.168.199.1

  NETWORK=192.168.199.0

  NETMASK=255.255.255.0

  MTU=9000

</pre>

  The MTU value enables _jumbo frames_ and a better performance on the internal network.

* Modify _/etc/sysconfig/networking/devices/ifcfg-eth1_ in order to configure the external network interface (_eth1_):

<pre>

  DEVICE=eth1

  TYPE=Ethernet

  ONBOOT=yes

  BOOTPROTO=static

  HWADDR=[Add MAC Address]

  IPADDR=[Add External IP Address]

  BROADCAST=128.243.21.255

  GATEWAY=128.243.21.1

  NETWORK=128.243.21.0

  NETMASK=255.255.255.0

</pre>

* Add a default gateway and routes to the internal and external networks to the Routing Table (if not done automatically yet):

<pre>

  /sbin/route add -net 192.168.199.0 netmask 255.255.255.0 dev eth0

  /sbin/route add -net 128.243.21.0  netmask 255.255.255.0 dev eth1

  /sbin/route add default gw 128.243.21.1 dev eth1

</pre>

* Restart the network. Enter at the command line of the master node and each slave node: 

<pre>

   /sbin/service network restart

</pre>

h2. Firewall

The only services that the master node will accept connections for from the external interface (_eth0_) will be the web server (port 80 for production and port 8080 for test) and ssh (port 22).

* Check _/etc/sysconfig/iptables_ on the master node for the following lines: 

<pre>

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

</pre>

All network traffic using the internal network interface (_eth0_) is trusted and considered to be secure. Thus, no firewall is needed.

* Modify _/etc/sysconfig/iptables_ on the master node and on each slave node. Add

<pre>

   -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT

</pre>

   directly after

<pre>

    -A RH-Firewall-1-INPUT -i lo -j ACCEPT 

</pre>

* Make the firewall start at bootup. Enter at the command line of the master node and each slave node:

<pre>

   /sbin/chkconfig  --add iptables

   /sbin/chkconfig  iptables  on

</pre>

* Start the firewall. Enter at the command line of the master node and each slave node: 

<pre>

   /sbin/service iptables restart

</pre>

h2. Host Name Resolution

h3. Internal Host Name Resolution

As each node consists of two network interfaces (_multihomed host_), the host name resolution must be configured correctly in order to prioritize the internal, trusted network for communication between different nodes.

* The official hostname for each (master and slave) node must be set to the _internal_ name of the machine in _/etc/sysconfig/network_ (e.g. for the master node):

<pre>

 HOSTNAME=master01.procksi.local

</pre>

* Modify _/etc/hosts_ in order to configure the host name resolution (e.g. the master node):

<pre>

 127.0.0.1       master01.procksi.local  master01        localhost.localdomain   localhost

</pre>

 and alter the line for each slave node (slave01 ... slaveXX) accordingly.

* Modify _/etc/hosts_ on the master node and each slave node in order to specify IP addresses and host names of the [[ProCKSI]] cluster:

<pre>

  192.168.199.1   master01.procksi.local master01 m01

  192.168.199.11  slave01.procksi.local  slave01  s01

  192.168.199.12  slave02.procksi.local  slave02  s02

  192.168.199.13  slave03.procksi.local  slave03  s03

  192.168.199.14  slave04.procksi.local  slave04  s04

</pre>

* Modify _/etc/host.conf_ so that local settings in _/etc/hosts_ take precedence over DNS queries:

<pre>

 order hosts,bind

</pre>

* Modify _/etc/nsswitch.conf_ so that local settings in _/etc/hosts_ take precedence over DNS queries:

<pre>

 Hosts: files dns

</pre>

* Modify _/etc/resolve.cof’’ so that host names other then those of the [[ProCKSI]] cluster can be resolved:

<pre>

 search   cs.nott.ac.uk

 nameserver   128.243.21.19

 nameserver   128.243.20.6

</pre>

h3. External Host Name Resolution

In order to allow other computers on the Internet to connect to [[ProCKSI]]’s master node, the following settings must be made with the provider for the URL and email forwarding.

* The primary and secondary DNS servers must be set as follows:

<pre>

  Primary     ns1.iprimus.com.au

  Secondary   ns2.iprimus.com.au 

</pre>

* The following changes must be made manually in _Advanced DNS settings_ in order to allow a correct URL forwarding:

<pre>

 CNAME   *.procksi.net	 procksi.cs.nott.ac.uk.

 CNAME   *.procksi.org	 www.procksi.net.

 CNAME   *.procksi.com	 www.procksi.net.

 CNAME   *.procksi.info   www.procksi.net.

</pre>

* The following changes must be made manually in _Advanced DNS settings_ in order to allow a correct email forwarding:

<pre>

 MX   @.procksi.net   mailhost.planetdomain.com   10

</pre>