add first documentation draft

2022-06-26 22:48:34 +02:00 · 2022-06-26 22:48:34 +02:00 · 91222f2610
parent 4305eefc06
commit 91222f2610
1 changed files with 210 additions and 0 deletions
--- a/documentation/README.md
+++ b/documentation/README.md
@ -0,0 +1,210 @@
+Doku: EAE - Am deutschen Platz
+==============================
+
+`eae-adp.freifunk-leipzig.de`:
+* `gw-core01`
+* `sw-access01`
+* `sw-access02`
+* `hyper01`
+* `monitoring01`
+* `ap-xxxx`
+
+Hardware:
+---------
+| Typ | Manufacturer | Model | Count | Description |
+| --- | ------------ | ----- | ----- | ----------- |
+| Access Point | Aruba | AP-105 | 8x | |
+| Switch | Zyxel | GS1800-8HP | 2x | |
+| Router | Ubiquiti | EdgeRouter-X | 1x | |
+| "Server" | Lenovo | ThinkCentre ... | 1x | |
+
+Cloud:
+------
+
+| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description |
+| ------- | ---- | ---- | -------- | -------- | ---- | ----------- |
+| `eap-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access |
+
+
+Networks:
+---------
+
+| Name | VLAN | v4 Space | v6 Space | Description |
+| ---- | ---- | -------- | -------- | ----------- |
+| `mgmt` | 1 |`10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks|
+| `clients` | 2 | `10.84.2.0/22`| / | this is where the wifi clients live |
+| `GIGACUBE` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway
+
+IPAM:
+-----
+
+| IP | MAC | Device | Description |
+| -- | --- | ------ | ----------- |
+| `10.84.1.1/24`  | `78:8a:20:bd:b6:ae` | `gw-core01` | |
+| `10.84.1.10/24` | `bc:cf:4f:e3:bb:8d` | `sw-access01`| |
+| `10.84.1.11/24` | `bc:cf:4f:e3:ac:39` | `sw-access02` | |
+| `10.84.1.21/24` | | `hyper01` | |
+| `10.84.1.30/24` | `24:de:c6:cc:2b:bf` | `ap-2bbf` | |
+| `10.84.1.31/24` | `24:de:c6:c3:ac:7c` | `ap-ac7c` | |
+| `10.84.1.32/24` | `6c:f3:7f:c9:0b:99` | `ap-0b99` | |
+| `10.84.1.33/24` | `ac:a3:1e:cf:c5:d1` | `ap-c5d1` | |
+| `10.84.1.34/24` | `ac:a3:1e:cf:c4:95` | `ap-c495` | |
+| `10.84.1.35/24` | `18:64:72:cf:1a:38` | `ap-1a38` | |
+| `10.84.1.36/24` | `d8:c7:c8:c2:8f:42` | `ap-8f42` | |
+| `10.84.1.37/24` | `00:24:6c:c8:8f:39` | `ap-8f39` | |
+
+
+SSH-Hostkeys:
+-------------
+
+Configuration:
+--------------
+
+### `sw-access0{1-2}`
+
+OS:
+- `OpenWrt 21.02.3`
+- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
+- profile: `zyxel-gs1900-8hp_21.02.3`
+- commit: `31b86557add49187a2ee161465b51fe120076a3c`
+
+Config:
+1. configure `sw-access01`:
+```
+uci batch << EOF
+# configure hostname
+set system.@system[0].hostname=sw-access01
+
+# configure mgmt ip
+set network.mgmt.ipaddr=10.84.1.11
+EOF
+```
+2. configure `sw-access02`:
+```
+uci batch << EOF
+# configure hostname
+set system.@system[0].hostname=sw-access02
+
+# configure mgmt ip
+set network.mgmt.ipaddr=10.84.1.12
+EOF
+```
+3. finish config on both nodes:
+```
+# configure root password
+passwd
+
+uci batch << EOF
+# configure mgmt ip
+set network.mgmt.proto=static
+set network.mgmt.netmask=255.255.255.0
+set network.mgmt.gateway=10.84.1.1
+add_list network.mgmt.dns=10.84.1.1
+
+# create clients vlan for switch
+set network.clients_vlan=bridge-vlan
+set network.clients_vlan.device=switch
+set network.clients_vlan.vlan=2
+set network.clients_vlan.ports="lan1:t lan2:t lan3:t lan4:t lan5:t lan6:t lan7:t lan8:t"
+EOF
+
+uci commit
+/etc/init.d/system reload
+/etc/init.d/network reload
+```
+
+### `ap-xxxx`
+
+OS:
+- `OpenWrt 21.02.3`
+- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
+- profile: `aruba-ap-105_21.02.3`
+- commit: `18ced036173a23280efd3b87df06ccaa46eb9a04`
+
+1. initially configure password and ip for every ap:
+```
+passwd
+
+uci batch << EOF
+set network.mgmt.proto=static
+set network.mgmt.ipaddr=10.84.1.37
+set network.mgmt.netmask=255.255.255.0
+set network.mgmt.gateway=10.84.1.1
+add_list network.mgmt.dns=10.84.1.1
+EOF
+uci commit network
+/etc/init.d/network reload
+```
+
+2. configure network via `playbook_provision_aps.yml`
+
+### hyper01
+
+OS:
+- Proxmox VE 7.2-1
+
+Installation Questions:
+- Proxmox Virtual Environment (PVE)
+- Target Harddrive: Options
+    - Filesystem: `zfs (RAID0)`
+    - Disk Setup
+        - Harddisk 0: /dev/sda (300GB)
+    - Advanced Options:
+        - copies: 2
+- Location and Time Zone selection:
+    - Country: Germany
+    - Time zone: Europe/Berlin
+    - Keyboard Layout: German
+- Administration Password and Email Address
+    - Password: `pass EAE_Am-Deutschen-Platz/hyper01`
+    - EMail: `info@freifunk-leipzig.de`
+- Mangement Network Configuration
+    - Management Interface: `enp2s0`
+    - Hostname (FQDN): `hyper01.eae-adp.freifunk-leipzig.de`
+    - IP Address (CIDR): `10.84.1.21/24`
+    - Gateway: `10.84.1.1`
+    - DNS Server: `10.84.1.1`
+
+### eap-adp-jump01
+
+OS:
+- OpenBSD 7.1
+
+Installation:
+- with full disk encryption: https://www.openbsd.org/faq/faq14.html#softraidFDE
+- via autoinstall
+
+1. boot into OpenBSD iso
+2. type s to open the shell after booting
+```
+Welcome to the OpenBSD/amd64 7.1 installation program.
+(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
+```
+3. create encrypted drive
+```
+# cd /dev && sh MAKEDEV sd0
+# dd if=/dev/urandom of=/dev/rsd0c bs=1m
+# fdisk -iy sd0
+# disklabel -E sd0
+[...]
+> a a
+> 64
+> *
+> RAID
+> w
+> q
+# bioctl -c C -l sd0a softraid0
+[...]
+passphrase
+passphrase again
+# cd /dev && sh MAKEDEV sd1
+# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
+```
+4. execute autoinstall
+```
+# cd /
+# ftp https://git.sr.ht/~hirnpfirsich/ffl-eae-adp/blob/master/files/eae-adp-jump01.install.conf
+# install -a -f eae-adp-jump01.install.conf
+[...]
+# reboot
+```