Difference between revisions of "Highbank Fedora Installation Config"

From CDOT Wiki
Jump to: navigation, search
(NAT configuration)
(NAT configuration)
Line 16: Line 16:
 
== NAT configuration ==
 
== NAT configuration ==
 
The firewall and NAT is configured with a iptables script: /root/iptables.sh
 
The firewall and NAT is configured with a iptables script: /root/iptables.sh
 +
 +
1. Stop/disable firewalld
 +
<pre>
 +
systemctl stop firewalld
 +
systemctl disable firewalld
 +
</pre>
 +
 +
2. Start/enable iptables
 +
<pre>
 +
systemctl start iptables
 +
systemctl enable iptables
 +
<pre>
 +
 +
3. Run the iptables script and save the iptables rules
 +
<pre>
 +
/root/iptables.sh
 +
iptables-save > /etc/sysconfig/iptables
 +
</pre>
  
 
<pre>
 
<pre>

Revision as of 13:35, 3 August 2013

Introduction

These are detailed instructions for setting up an F18 installation on a Calxeda Highbank box such as a Boston Viridis server. These instructions are a more detailed (and specific) version of the notes at fedora:Architectures/ARM/F18/HighBank

Assumptions

  1. Highbank box is on a private LAN 192.168.1.0/24
  2. F18 x86_64 host has two NICs - one to private LAN, one to Internet

Packages Required

  • dhcp
  • tftp-server
  • httpd

NAT configuration

The firewall and NAT is configured with a iptables script: /root/iptables.sh

1. Stop/disable firewalld

systemctl stop firewalld
systemctl disable firewalld

2. Start/enable iptables

systemctl start iptables
systemctl enable iptables
<pre>

3. Run the iptables script and save the iptables rules
<pre>
/root/iptables.sh
iptables-save > /etc/sysconfig/iptables
#!/bin/bash
echo "Setting iptables rules"
iptables -F
iptables -t nat -F
# Add loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow DNS
iptables -A INPUT -i em1 -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i p11p1 -s 192.168.1.0/24 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em1 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop whatever else may come to input
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

DHCP configuration

option domain-name-servers 142.204.1.2,142.204.43.43;

default-lease-time 86400;
max-lease-time 86400;
authoritative;
log-facility local7;

allow booting;
allow bootp;

subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers 192.168.1.254;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.1.255;
        range 192.168.1.100 192.168.1.199;
        next-server 192.168.1.254;
        host seneca0 { option host-name "seneca0";      hardware ethernet fc:2f:40:48:06:a0;    fixed-address 192.168.1.100;}
}

TFTP configuration

  1. Create /var/lib/tftpboot/pxelinux/pxelinux.cfg
  2. Create /var/lib/tftpboot/f18-highbank
  3. Place these files in /var/lib/tftpboot/f18-highbank:
  4. Change disable = yes to disable = no in /etc/xinetd.d/tftp
  5. Reload/restart xinetd (note: restart needed if there were previously no available services): systemctl restart xinetd

PXE configuration

  1. Place PXE configuration in /var/lib/tftpboot/pxelinux/pxelinux.cfg, named "01-mac" e.g., "01-fc-2f-40-48-06-a0" - repeat once for each node

PXE configuration file contents:

menu title F18 HighBank Boot Options

default Highbank-Install
prompt 1
timeout 100

label Highbank-Install
    kernel f18-highbank/vmlinuz-highbank
    initrd f18-highbank/initrd-highbank.img
    append console=ttyAMA0 ip=eth0:dhcp ks=http://192.168.1.254/f18-highbank/F18-highbank.ks rd.shell

HTTP configuration

  1. Configure httpd to serve /var/lib/tftpboot/f18-highbank as /f18-highbank by adding this text to /etc/httpd/conf.d/f18-highbank.conf:
Alias /f18-highbank "/var/lib/tftpboot/f18-highbank"

<Directory "/var/lib/tftpboot/f18-highbank">
   Options Indexes
   AllowOverride None
   Order allow,deny
   Allow from 192.168.1.0/24
   Deny from all
</Directory>

IPMI Control of the Highbank Server

Fedora includes a version of ipmitool but this does not include the Calxeda (cxoem) extensions. You can build the Calxeda version from the source:

git clone git://sources.calxeda.com/ipmitool.git
cd ipmitol
./configure
make
sudo make install

The cxmanage wrapper script can also be retrieved in a similar way:

git clone git://sources.calxeda.com/cxmanage.git
cd cxmanage
python setup.py install

Getting Console Access on the Highbank Server

You can connect to the console of a particular node on the Highbank server with:

ipmitool -I lanplus -H ipaddress -U admin -P admin sol activate

Change the IP address to address the management processor on the desired node.

Node Power Control on the Highbank Server

Turn a node on:

ipmitool -H ipaddress -U admin -P admin chassis power on

Reset a node (hard):

ipmitool -H ipaddress -U admin -P admin chassis power reset

Turn a node off:

ipmitool -H ipaddress -U admin -P admin chassis power off