Difference between revisions of "Cluster der kan alt/Routing NAT and NIS"

From Teknologisk videncenter
Jump to: navigation, search
(NIS)
(NAT)
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=Routning & NAT=
+
=Routing & NAT=
 
Configuring NAT (Sharing Internet)
 
Configuring NAT (Sharing Internet)
  
Line 8: Line 8:
  
 
<source lang=cli>
 
<source lang=cli>
nano /etc/sysctl.conf
+
sudo nano /etc/sysctl.conf
 
</source>
 
</source>
 
Find this:
 
Find this:
Line 23: Line 23:
  
 
==NAT==
 
==NAT==
 +
*Before starting with Nat and switch user to sudo su root
 
This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE
 
This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE
 
<source lang=cli>
 
<source lang=cli>
Line 34: Line 35:
 
Edit the file interfaces
 
Edit the file interfaces
 
<source lang=cli>
 
<source lang=cli>
nano /etc/network/interfaces
+
sudo nano /etc/network/interfaces
 
</source>
 
</source>
 
Insert these lines to the eth0 interface
 
Insert these lines to the eth0 interface
Line 54: Line 55:
  
 
Enter the hosts.allow file
 
Enter the hosts.allow file
<sorce lang=cli>
+
<source lang=cli>
nano /etc/hosts.allow
+
sudo nano /etc/hosts.allow
 
</source>
 
</source>
 
Add the following line
 
Add the following line
Line 62: Line 63:
 
</source>  
 
</source>  
 
Install NIS. You will be prompted for domain name. The domain name is not the DNS-domain name - but a unique name for the nodes and master that share the same information.
 
Install NIS. You will be prompted for domain name. The domain name is not the DNS-domain name - but a unique name for the nodes and master that share the same information.
*NOTE: It is recommended you install NIS using the VMware consol instead of SSH
+
*NOTE: It is recommended you install NIS using the VMware console instead of SSH
 
<source lang=cli>
 
<source lang=cli>
apt-get install portmap nis
+
sudo apt-get install portmap nis
 
</source>  
 
</source>  
 
Enter the nis file  
 
Enter the nis file  
 
<source lang=cli>
 
<source lang=cli>
nano /etc/default/nis
+
sudo nano /etc/default/nis
 
</source>
 
</source>
 
Set the NISSERVER line to  
 
Set the NISSERVER line to  
 
<source lang=cli>
 
<source lang=cli>
NISSERVER =master
+
NISSERVER=master
 
</source>
 
</source>
 
Enter the yp.conf file
 
Enter the yp.conf file
 
<source lang=cli>
 
<source lang=cli>
nano /etc/yp.conf  
+
sudo nano /etc/yp.conf  
 
</source>
 
</source>
 
Add the line
 
Add the line
Line 86: Line 87:
 
nano /etc/ypserv.securenets
 
nano /etc/ypserv.securenets
 
</source>
 
</source>
replace the 0.0.0.0 line
+
Replace the 0.0.0.0 line with the 255.255.255.0        10.0.0.0
<source lang=cli - insecure - og tilføj dit eget net(255.255.255.0 10.0.0.0).
+
<source lang=cli>
*genstart så yellowpages servicen for at loade det nye configuration.
+
0.0.0.0        0.0.0.0
 +
 
 +
255.255.255.0         10.0.0.0
 +
</source>
 +
Reboot the Yellowpages service so the new configuration can be loaded
 
<source lang=cli>
 
<source lang=cli>
 
service ypserv restart
 
service ypserv restart
Line 113: Line 118:
 
<source lang=cli>
 
<source lang=cli>
 
#!/bin/bash
 
#!/bin/bash
echo -e "Adding user to cluster"
+
echo -e "Adding user to cluster\n"
echo -e "======================\n"
 
 
echo -en "User login name: "
 
echo -en "User login name: "
 
read NAME
 
read NAME
Line 122: Line 126:
 
su $NAME -c "ssh-keygen"
 
su $NAME -c "ssh-keygen"
 
echo -e "Distributing keys"
 
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_keys"
+
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_key$
 
echo -e "Rebuild NIS database"
 
echo -e "Rebuild NIS database"
 
make -C /var/yp
 
make -C /var/yp
 
</source>
 
</source>
  
=Installation på klienten=
 
Installer software
 
<source lang=cli>
 
sudo apt-get install portmap nis
 
</source>
 
Kør disse kommandoer, hvor NIS_SERVER_IP = din nis server ip
 
<source lang=cli>
 
echo "portmap : <notice>NIS_SERVER_IP"</notice> >> /etc/hosts.allow
 
echo "+::::::" >> /etc/passwd
 
echo "+:::" >> /etc/group
 
echo "+::::::::" >> /etc/shadow
 
echo "Domain = Cluster" >> /etc/idmapd.conf
 
echo "ypserver <notice>NIS_SERVER_IP"</notice> >> /etc/yp.conf
 
service ypbind restart
 
service idmapd restart
 
</source>
 
Test med
 
<source lang=cli>
 
yptest
 
</source>
 
 
{{source cli}}
 
{{source cli}}

Latest revision as of 11:04, 30 October 2014

Routing & NAT

Configuring NAT (Sharing Internet)

Start Routing

For this, we do not need to install anything new. Everything is right there but is currently disabled.

First, edit sysctl.conf 

sudo nano /etc/sysctl.conf

Find this: 

net.ipv4.ip_forward=1

Uncomment it by removing the #. Now forwarding is enabled in the system kernel.

Start routing without a reboot

This will enable it without a reboot. Like restart a service 

echo 1 > /proc/sys/net/ipv4/ip_forward

NAT

  • Before starting with Nat and switch user to sudo su root

This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Save the iptable so it can be loaded correctly after a reboot/shutdown 

iptables-save > /etc/iptables.rules

Load the iptables.rules at startup

Edit the file interfaces 

sudo nano /etc/network/interfaces

Insert these lines to the eth0 interface 

pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules

Like this 

# The extended interfaces
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules

Test it out on your other client.

NIS

Enter the hosts.allow file 

sudo nano /etc/hosts.allow

Add the following line 

portmap ypserv ypbind: 10.0.0.0/255.255.255.0

Install NIS. You will be prompted for domain name. The domain name is not the DNS-domain name - but a unique name for the nodes and master that share the same information.

  • NOTE: It is recommended you install NIS using the VMware console instead of SSH
sudo apt-get install portmap nis

Enter the nis file 

sudo nano /etc/default/nis

Set the NISSERVER line to 

NISSERVER=master

Enter the yp.conf file 

sudo nano /etc/yp.conf

Add the line 

domain dka.local server 127.0.0.1

Enter the ypserv.securenets file 

nano /etc/ypserv.securenets

Replace the 0.0.0.0 line with the 255.255.255.0 10.0.0.0 

0.0.0.0         0.0.0.0

255.255.255.0         10.0.0.0

Reboot the Yellowpages service so the new configuration can be loaded 

service ypserv restart

Adding a user

Efter du har oprettet en ny bruger, adduser er det nødvendigt at genopbygge nis maps! 

root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'

Script adding user in a Cluster

The following simple script:

  • Add a user on the NIS server.
  • Add a ssh key to the users /home library.
    • In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
  • Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster\n"
echo -en "User login name: "
read NAME
adduser $NAME

echo -e "Creating keys"
su $NAME -c "ssh-keygen"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_key$
echo -e "Rebuild NIS database"
make -C /var/yp


Retrieved from "http://mars.merhot.dk/w/index.php?title=Cluster_der_kan_alt/Routing_NAT_and_NIS&oldid=28416"