Difference between revisions of "Cluster der kan alt/Routing NAT and NIS"

From Teknologisk videncenter
Jump to: navigation, search
(Start routing without a reboot)
(NAT)
Line 23: Line 23:
  
 
==NAT==
 
==NAT==
 +
This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE
 
<source lang=cli>
 
<source lang=cli>
 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
 
</source>
 
</source>
What this does is make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE. Then write:
+
Save the iptable so it can be loaded correctly after a reboot/shutdown
Just to be sure, save it.
 
 
<source lang=cli>
 
<source lang=cli>
 
iptables-save > /etc/iptables.rules
 
iptables-save > /etc/iptables.rules
 
</source>
 
</source>
Now that it’s saved we need to load the iptables.rules on starting the network:
+
===Load the iptables.rules at startup===
 
+
Edit the file interfaces
edit the file '''/etc/network/interfaces'''
+
<source lang=cli>
 +
nano /etc/network/interfaces
 +
</source>
 +
Insert these lines to the eth0 interface
 +
<source lang=cli>
 +
pre-up iptables-restore < /etc/iptables.rules
 +
post-down iptables-restore < /etc/iptables.rules
 +
</source>
 +
Like this
 
<source lang=cli>
 
<source lang=cli>
 
# The extended interfaces
 
# The extended interfaces
Line 42: Line 50:
 
</source>
 
</source>
 
Test it out on your other client.
 
Test it out on your other client.
 +
 
=Installation af master server=
 
=Installation af master server=
  

Revision as of 14:39, 4 November 2013

Routning & NAT

Configuring NAT (Sharing Internet)

Start Routing

For this, we do not need to install anything new. Everything is right there but is currently disabled.

First, edit sysctl.conf 

nano /etc/sysctl.conf

Find this: 

net.ipv4.ip_forward=1

Uncomment it by removing the #. Now forwarding is enabled in the system kernel.

Start routing without a reboot

This will enable it without a reboot. Like restart a service 

echo 1 > /proc/sys/net/ipv4/ip_forward

NAT

This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Save the iptable so it can be loaded correctly after a reboot/shutdown 

iptables-save > /etc/iptables.rules

Load the iptables.rules at startup

Edit the file interfaces 

nano /etc/network/interfaces

Insert these lines to the eth0 interface 

pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules

Like this 

# The extended interfaces
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules

Test it out on your other client.

Installation af master server

Tilføj følgende linje til /etc/hosts.allow. 

portmap ypserv ypbind: 10.0.0.0/255.255.255.0

Installer NIS. Du vil blive bedt om at indtaste domænenavnet. Domænenavnet er ikke DNS-domænenavn - men et unikt navn for klyngen af maskiner deler de samme oplysninger. 

apt-get install portmap nis
  • Ret /etc/default/nis (nano /etc/default/nis) og set NISSERVER linjen til 
NISSERVER =master
  • Ret /etc/yp.conf og tilføj en linje med:
domain dka.local server 127.0.0.1
  • Ret /etc/ypserv.securenets fjern 0.0.0.0 linjen - insecure - og tilføj dit eget net(255.255.255.0 10.0.0.0).
  • genstart så yellowpages servicen for at loade det nye configuration.
service ypserv restart

Adding a user

Efter du har oprettet en ny bruger, adduser er det nødvendigt at genopbygge nis maps! 

root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'

Script adding user in a Cluster

The following simple script:

  • Add a user on the NIS server.
  • Add a ssh key to the users /home library.
    • In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
  • Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster"
echo -e "======================\n"
echo -en "User login name: "
read NAME
adduser $NAME

echo -e "Creating keys"
su $NAME -c "ssh-keygen"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_keys"
echo -e "Rebuild NIS database"
make -C /var/yp

Installation på klienten

Installer software 

sudo apt-get install portmap nis

Kør disse kommandoer, hvor NIS_SERVER_IP = din nis server ip 

echo "portmap : <notice>NIS_SERVER_IP"</notice> >> /etc/hosts.allow
echo "+::::::" >> /etc/passwd
echo "+:::" >> /etc/group
echo "+::::::::" >> /etc/shadow
echo "Domain = Cluster" >> /etc/idmapd.conf
echo "ypserver <notice>NIS_SERVER_IP"</notice> >> /etc/yp.conf
service ypbind restart
service idmapd restart

Test med 

yptest
Retrieved from "http://mars.merhot.dk/w/index.php?title=Cluster_der_kan_alt/Routing_NAT_and_NIS&oldid=26712"