User Tools

Site Tools


maintenance:general:tools:net_setup.pl

net_setup.pl

The net_setup.pl script, located in /opt/yce/system/, is used for setting up the networking environment of the CentOS/Redhat Linux system for NetYCE. It is used at the initial setup of the system or anytime a change to the networking environment is needed.

The intention of the script is to make the networking setup as smooth as possible, limiting the possibility of errors by manipulating the configurations by hand. It will not allow networking configurations that are not directly supported by the NetYCE appliance.

The net_setup script will not just setup the networking, it also creates and maintains a NetYCE networking configuration file that is used to configure NetYCE various components and daemons. It gathers information from the system and from the user to write the settings to the system and to setting files of netYCE.

Capabilities

The net_setup.pl script is intended to configure the networking of CentOS/Redhat 6.x and CentOS/Redhat 7.x systems for use in a NetYCE environment.

The net_setup supports various settings that can be categorized covering these topics and capabilities:

  • Setting 'root' and 'yce' user passwords
  • Hostname and domain name changes
  • Multiple ethernet interfaces
  • IPv4 supported on CentOS 6.x and CentOS/Redhat 7.x
  • IPv6 supported on CentOS/Redhat 7.x if enabled in kernel
  • IPv4 + IPv6 dual-stack and IPv6-only configurations
  • Configure secondary addresses (IPv4 and IPv6)
  • DNS server configuration (IPv4 and IPv6)
  • Static (fixed) or DHCP (autoconf) ip-addresses
  • Automatic detection and NetYCE reconfiguration on DHCP ip-address change (IPv4 and IPv6)
  • Default gateway interface assignment and routing configuration
  • NetYCE user and devices interface identification
  • External NAT address assignment for Network devices
  • NTP server assignment (date and time sync)

NOTES:

The net_setup script needs to be started as 'root' in order to activate its changes
In the dialog with net_setup the (default) values and the user entries are shown using the color 'green' for easy legibility. This colour provides a good contrast on both white and black terminal backgrounds.
Default values are shown between square brackets ([ and ]). An <enter> suffices to accept de default value. The use of these defaults is to permit the user to enter as few as possible values and re-use existing values where available.
At each prompt a help message is available by entering the ? as value.

'net_setup.conf'

The configured and collected networking data net_setup uses is written to: /opt/yce/etc/net_setup.conf. This configuration file is read by the NetYCE setup script yce_setup.pl which generates the dependent configuration files (e.g. for httpd, vsftpd, mysql, mojo, psmon, etc) and restarts their processes.

The net_setup script requires execution as the 'root' superuser because it will change networking files and activates the settings. When no root privileges are detected, a prompt allows a user to continue, but no changes can be activated. Changes are optionally saved in the net_setup.conf but are not activated.

Invocation

Execution of net_setup.pl is preferably done using a server console session. The activation of new network settings could result in a lost session resulting in an incomplete setup, or should the new network settings result in an unreachable server the console is the only means to correct it anyway. See the section on Network activation.

Therefore the net_setup.pl script is part of the 'root' login sequence (see below). Manual execution of the net_setup.pl script requires 'root' privileges:

-- as root:
# /opt/yce/system/net_setup.pl

-- as yce:
$ sudo /opt/yce/system/net_setup.pl

'root' login

The net_setup script is part of the 'root' login procedure to remind the user to make networking changes to the NetYCE system on initial installation. The root user is then presented with a 5 second countdown to start the net_setup process. If the user hits <enter> during the countdown the net_setup will start prompting the user, otherwise the net_setup will end.

-- NetYCE Networking setup
   Hit enter within 5 seconds to start setup .....
-- NetYCE Networking setup
   Hit enter within 5 seconds to start setup
-- Timeout, skipping setup

Setting passwords

Because of its use at the initial 'root' login, net_setup will start prompting for the 'root' and 'yce' passwords.

-- NetYCE Networking setup
   Hit enter within 5 seconds to start setup ..

NOTE:
  When prompted for input help on the question is available by entering '?'.
  Incorrect responses result in a message on the expect input.
  Just hitting <enter> will accept the existing or default value '[...]'.
  The proces can be aborted at any prompt by entering 'quit'.

   good, root privileges apply
-- System release
   identified CentOS - 7.9.2009
   using setup for Redhat V7
-- Read Network setup: '/opt/yce/etc/net_setup.conf'
-- Read NetYCE setup: '/opt/yce/etc/yce_setup.conf'
-- Setup passwords

  For the first-time setup it is mandatory to set the 'root' password. You are
  prompted now to enter the desired root password twice. This will then be the
  active 'root' password.

     enter 'root' password:                   ********
     verify 'root' password:                  ********
     password done

  For the first-time setup it is mandatory to set the 'yce' password. You are
  prompted now to enter the desired yce password twice. This will then be the
  active 'yce' password.

     enter 'yce' password:                    ********
     verify 'yce' password:                   ********
     password done

Once the passwords are set, the forced password prompts will be replaced for optional password setting prompts.

-- Setup passwords
   Set the 'root' password?                   [no]
   Set the 'yce' password?                    [no]

Change hostname

The next prompt relates to changing the hostname and the domain of the server. The hostname change will be activated at the same time as the network changes are activated.

-- Setup hostname
   Full qualified name is 'genesis.netyce.org'
   Is this full name correct?                 [yes] ?

  The displayed full-qualified-domain-name should match the hostname and domain
  of this server and must be unique. Type 'yes' to confirm it is correct or
  'no' to be prompted for a new hostname and domain.

   Is this full name correct?                 [yes] no
     Hostname?                                [genesis] netyce01
     DNS domain?                              [acme.org]
   Full qualified name is 'genesis.netyce.org'
   Is this full name correct?                 [yes]
   name change: 'genesis.netyce.org' -> 'netyce01.acme.org'
   Save this configuration?                   [yes]
   update yce_setup: 'genesis.netyce.org' -> 'netyce01.acme.org'

Interface configuration

Prior to prompting for the interface configuration settings, the existing - operational - interface settings are read from the system and presented in a concise table per ethernet interface. Non-ethernet interfaces are ignored.

The example below shows this interface summary of a system deploying two interfaces, one using fixed IP-addresses, the other DHCP. The image below is shows the use of the colour 'green' for all values as the user would experience it.

When selecting the default [yes], the user enters a set of dialog prompts for the first interface. When those are done confirmation is requested if the entries are correct and the dialog moves to the next interface. Should mistakes have been mode, the same interface is re-prompted.

The first prompt determines the basic way the interface will be setup:

   Update networking?                         [yes]
-- Setup interface 'enp0s17'
   enp0s17 use 'static' ip, 'dhcp' or 'none'? [static] ?

  Each ethernet interface can use a configuration method that is either
  'static' (a fixed address), 'dhcp' (a dynamic address), or if
  not used: 'none'. If IPv6 Autoconf is to be used, choose 'dhcp'.

   enp0s17 use 'static' ip, 'dhcp' or 'none'? [static]

When the interface is not to be disabled ('none'), the dialog for 'static' and 'dhcp' will prompt for subsequent values for its IPv4 and IPv6 setup. The 'static' variant will include prompts for IP-addresses.

A sample session where the static IPv4-address is changed. Note that the gateway address is automatically calculated from the prefix.

-- Setup interface 'enp0s17'
   enp0s17 use 'static' ip, 'dhcp' or 'none'? [static] static
   enp0s17 = FIXED-IP
   enp0s17 enable IPv4?                       [yes]
     enp0s17 IPv4-address?                    [172.17.10.25] 192.168.2.141
     enp0s17 IPv4-prefix?                     [24] 25
     enp0s17 gateway address?                 [192.168.2.129] ?

  Using the assigned ip-address and the prefix the network-address is
  determined. The first address of the network-address is usually the gateway
  address used, although any address in the subnet may be used. The default
  is calculated as indicated. Type 'none' if no gateway address is to be
  assigned (not recommended).

     enp0s17 gateway address?                 [192.168.2.129]
     enp0s17 add IPv4 secondary addresses?    [no]
   enp0s17 enable IPv6?                       [yes]

The dialog continues for the IPv6 setup and concludes with the DNS server addresses that will be used.

   enp0s17 enable IPv6?                       [yes]
     enp0s17 IPv6-address?                    [3001::25]
     enp0s17 IPv6-prefix?                     [64]
     enp0s17 gateway address?                 [3001::1]
     enp0s17 add IPv6 secondary addresses?    [no]
   enp0s17 primary-DNS address?               [2001:4860:4860::8844]
   enp0s17 secondary-DNS address?             [8.8.8.8]
   enp0s17 is this setup correct?             [yes]

The DNS servers may use IPv4 and IPv6 addresses, but when completed a validation will check if the DNS addresses can be used by the IP-versions used.

The dialog for DHCP setup is more limited. It is not possible to setup an interface where IPv4 is static and IPv6 uses dhcp or vice versa. And, although dual-stack is currently quite normal, IPv6-only configurations are supported.

-- Setup interface 'enp0s8'
   enp0s8 use 'static' ip, 'dhcp' or 'none'?  [dhcp] dhcp
   enp0s8 = DHCP
   enp0s8 enable IPv4?                        [yes]
   enp0s8 enable IPv6?                        [yes]
     enp0s8 include IPv6 autoconf?            [yes] ?

  When using IPv6 Autoconf an IPv6 address will be generated using the Router Advertisement (RA).

     enp0s8 include IPv6 autoconf?            [yes]
   enp0s8 primary DNS-server address (override dhcp)? [2001:4860:4860::8844]
   enp0s8 secondary DNS-server address (override dhcp)? [8.8.4.4] ?

  The DHCP server usually configures the DNS servers the system will use. The
  optional IPv4/v6-address entered here will override the DNS address provided
  by the DHCP. Type 'none' to accept the DHCP provided DNS.

   enp0s8 secondary DNS-server address (override dhcp)? [8.8.4.4] none
   enp0s8 is this setup correct?              [yes]

When the interface dialogs are completed, the updated interface setup summary is displayed again along with a prompt to save it in the net_update.conf settings file.

Interface roles

NetYCE can assign different roles to the various interfaces. If only one (ethernet) interface is present all roles are automatically assigned to the one interface and the dialog is skipped.

Three roles must currently assigned to the available ethernet interfaces. First there is the (default) “Gateway”. When using multiple interfaces, only one interface will be the default interface where all traffic not explicitly routed will be forwarded, usually the 'outside world', the 'internet' or the 'corporate network'.

The remaining roles are NetYCE specific. The “Users” interface identifies where the user requests are received from. This is also the interface used to for incoming API requests, the replicating databases communicate over and could be considered the NetYCE 'application interface.

The final role defines the interface to communicate with the network devices. For the incoming connections from the network devices, optional NAT addresses can be configured for IPv4 and IPv6. Most file transfers between NetYCE servers and the network devices must originate from the device and must be able to connect to the server using its address. When there is an address translation service (NAT) active, the devices must use the external addresses instead. These addresses are configured here when needed.

-- Setup default-gateway interface
   1) enp0s17
   2) enp0s8
   default-gateway interface (ipv4 and ipv6)? [2]
   enp0s8 is default-gateway interface
-- Setup user front-end interface
   1) enp0s17
   2) enp0s8
   users interface (ipv4 and ipv6)?           [1]
   enp0s17 is users interface
-- Setup network-devices interface
   1) enp0s17
   2) enp0s8
   devices interface (ipv4 and ipv6)?         [1]
   enp0s17 is devices interface
   enp0s17 optional device IPv4 transfer (NAT) address? [none] ?

  File transfers between NetYCE and devices require a connection to be
  initiated from the device to NetYCE. If the NATted address address the
  devices must use is different from the ip-address of the interface,
  specify it here. Otherwise use 'none'

   enp0s17 optional device IPv4 transfer (NAT) address? [none]
   enp0s17 optional device IPv6 transfer (NAT) address? [none]

The above session example shows a two-interface setup where one interface (enp0s17) uses fixed ip-addresses for both the user and the device communication, and a second interface (enp0s8) that uses dynamic DHCP addresses to communicate with the outside world and the internet. The latter interface is also the default gateway

An additional prompt to define NTP source for the systems real-time-clock is also included here. Optionally the 'ntpdate' utility can be set up to synchronize the clock every 10 minutes with an external NTP source. When enabled this source is prompted for.

-- Setup clock-synchronization
   Use 'ntpdate' to periodically set date and time? [yes]
     ntp server address?                      [pool.ntp.org]

When satisfied confirm on the 'save' prompt. The networking setup then continues to activate this configuration. Should the net_setup not have been invoked as root or with sudo, the network activation is skipped and only the NetYCE re-configuration is executed.

Network activation

After confirming the updated configuration, the network settings must be updated. First several networking configuration files are created or updated, including those setting the hostname and dns resolving.

-- Generating network configuration files
-- Updating interface configurations
   generate config '/etc/sysconfig/network-scripts/ifcfg-enp0s17'
   generate config '/etc/sysconfig/network-scripts/ifcfg-enp0s8'
-- Updating network config file
   generate network config '/etc/sysconfig/network'
-- Updating dns resolv config
   generate dns config '/etc/resolv.conf'
-- Updating hostname config
   generate hostname file '/etc/hostname'
   setting hostname
   generate hosts file '/etc/hosts'
   no hostname change: 'devel7a.netyce.org'
   update yce_setup: 'devel7a.netyce.org' -> 'devel7a.netyce.org'
-- Installing 'ntpdate' in crontab
-- Activating network
   Restart networking service?                [yes]

Then the network must be restarted. As a network restart could very well affect the existing network sessions (due to new address or routing), the user could find his session terminated at this point.

Although activation could have continued, the user will be unable to observe it and will timeout after a few minutes. If the session was not impacted, the user will be able to monitor the activation and the subsequent re-configuration of the NetYCE application.

-- Activating network
   Restart networking service?                [yes]
   network restart (wait...)
   completed
   no hostname change: 'devel7a.netyce.org'
   update yce_setup: 'devel7a.netyce.org' -> 'devel7a.netyce.org'

Active roles:
Gateway
 | Interface         | Boot
 |  enp0s8           |  DHCP
 | IPv4              | IPv6
 |  172.15.10.1      |  fe80::5054:ff:fe12:3500
Users
 | Interface         | Boot
 |  enp0s17          |  STATIC
 | IPv4              | IPv6
 |  172.17.10.24     |  3001::24
Devices
 | Interface         | Boot
 |  enp0s17          |  STATIC
 | IPv4              | IPv6
 |  172.17.10.24     |  3001::24
 | IPv4 nat          | IPv6 nat
 |  none             |  none

Because of this ambiguous behaviour it is advised to execute potentially session disrupting network modifications using the server console. This is also good practice as incorrect network settings might result in an unreachable server. The console is then the only means to correct the network settings.

If the session-lost issue was experienced it is recommended to re-execute the net_setup after a new communication session was established. Because the basic network is now setup properly, the entire setup procedure can be executed without interruption. Just confirm the prompts which should all reflect the earlier choices, and the system will re-activate correspondingly.

NetYCE re-activation

When the net_setup completes it will automatically execute the yce_setup.pl -r command to update the configurations of the various NetYCE components and restart its daemons. This command will use the NetYCE configuration found in /opt/yce/etc/yce_setup.conf to quickly re-generate (using the -r option) and activate this configuration using the new network settings.

When setting up a new NetYCE server, the NetYCE configuration will use defaults which will still require manual session to properly setup the application.

Please refer to the article on the yce_setup.pl tool for details on its use.

Below example output of a yce_setup session using the regenerate (-r) option. This configuration uses two NetYCE servers using master/master database replication supporting IPv4 and IPv6.

-- Generating and activating NetYCE

-- ----------------------------------------
-- Starting 'yce_setup' regenerate
-- System release
   identified CentOS - 7.9.2009
   using setup for Redhat V7
-- Connected to database at '172.17.10.24' using version '10.2.36-MariaDB-log'

Current setup:
devel7a.netyce.org (*)
  | IP-address  | IPv4             | IPv6
  |  users      |  172.17.10.24    |  3001::24
  | Database    | Primary          | Secondary
  |  id=1       |  devel7a (*)     |  devel7b
devel7b.netyce.org
  | IP-address  | IPv4             | IPv6
  |  users      |  172.17.10.25    |  3001::25
  | Database    | Primary          | Secondary
  |  id=2       |  devel7b         |  devel7a (*)
  local server is marked with (*)
-- Create configs for server 'devel7a'
-- Yce: /opt/yce/etc/devel7a_yce.conf
-- Retrieving file-transfer configurations...
     can support 'sftp'
     can support 'scp'
     can support 'ftp'
     can support 'tftp'
-- Mojo: /opt/yce/htdocs/angular/app/host.js
     mojo url set to 'https://devel7a.netyce.org:8080/'
     wiki url set to 'http://wiki.netyce.com/'
-- Yce_psmon: /opt/yce/etc/devel7a_psmon.conf
-- Crontab: /opt/yce/etc/devel7a_crontab.conf
-- Httpd: /opt/yce/etc/devel7a_httpd.conf
-- Mysql: /opt/yce/etc/devel7a_mysql.conf
     mysql version is '10.2.36'
     mysql key_buffer set to '376M'
     mysql tmpdir set to '/var/tmp'
-- Updating 'devel7a' menu-tree (C)
     Creating menus for the role(s): "frontend","database"
     Renewed the menu tree using the default
     Updating 'devel7a' encryption keys
     Updating scenario syntax highlighting file
-- Renewing NMS table permissions
-- Checking database replication
     replication local: 172.17.10.24, remote: 172.17.10.25
-- Updating config-sync setup
     located '55' config-files in '6' groups
     updated config_sync.conf has '28' entries
-- Relaunching NetYCE daemons...
-- yce_psmon: 18813
     stop: /bin/sudo /usr/bin/systemctl stop yce_psmon.service
     wait stop 'yce_psmon':
     start: /bin/sudo /usr/bin/systemctl start yce_psmon.service
     wait start 'yce_psmon': 29470
-- yce_netmon: 20081
     stop: /opt/yce/system/init/yce_netmon stop
     wait stop 'yce_netmon':
     start: /opt/yce/system/init/yce_netmon start
     wait start 'yce_netmon': 29550
-- yce_cramer:
     # ignored: /opt/yce/etc/ignore_cramer
-- yce_tftpd: 18933
     stop: /bin/sudo /opt/yce/system/init/yce_tftpd stop
     wait stop 'yce_tftpd':
     start: /bin/sudo /opt/yce/system/init/yce_tftpd start
     wait start 'yce_tftpd': 29594
-- yce_skulker:
     # ignored: /opt/yce/etc/ignore_skulker
-- yce_sched: 18956
     stop: /opt/yce/system/init/yce_sched stop
     wait stop 'yce_sched':
     start: /opt/yce/system/init/yce_sched start
     wait start 'yce_sched': 29617
-- yce_nccmd: 18976
     stop: /opt/yce/system/init/yce_nccmd stop
     wait stop 'yce_nccmd': 18976
     wait stop 'yce_nccmd':
     start: /opt/yce/system/init/yce_nccmd start
     wait start 'yce_nccmd': 29640
-- yce_ibd:
     # disabled
-- morbo:
     # disabled
-- mojo: 18985 25379 26425 28340 28564 28565 28566
     mojo hot-deploy on pid 18985
     running 'mojo': 18985 25379 26425 28340 28564 28565 28566
-- yce_xch: 19034
     stop: /opt/yce/system/init/yce_xch stop
     wait stop 'yce_xch':
     start: /opt/yce/system/init/yce_xch start
     wait start 'yce_xch': 29703

-- Completed

Dynamic (DHCP) addresses

The NetYCE application supports dynamic IP-addresses using DHCP (and autoconf for IPv6 too). This implies that the various NetYCE components must dynamically be re-configured when an IP-address is allocated or changed.

If the net_setup has interfaces configured for DHCP, the yce_setup will automatically configure and launch the yce_netmon daemon. This background process will monitor all network-address changes (of the interfaces in net_setup) and modify the net_setup and yce_setup configuration files accordingly. It then relaunches the yce_setup.pl -r to re-activate the NetYCE components.

If the DHCP server is slow to issue an IP-address, the NetYCE application might take several minutes to properly activate itself. Should the DHCP server fail to issue an address, the NetYCE application will not function.

maintenance/general/tools/net_setup.pl.txt · Last modified: 2024/07/03 12:31 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki