add first documentation draft
This commit is contained in:
parent
4305eefc06
commit
91222f2610
|
@ -0,0 +1,210 @@
|
|||
Doku: EAE - Am deutschen Platz
|
||||
==============================
|
||||
|
||||
`eae-adp.freifunk-leipzig.de`:
|
||||
* `gw-core01`
|
||||
* `sw-access01`
|
||||
* `sw-access02`
|
||||
* `hyper01`
|
||||
* `monitoring01`
|
||||
* `ap-xxxx`
|
||||
|
||||
Hardware:
|
||||
---------
|
||||
| Typ | Manufacturer | Model | Count | Description |
|
||||
| --- | ------------ | ----- | ----- | ----------- |
|
||||
| Access Point | Aruba | AP-105 | 8x | |
|
||||
| Switch | Zyxel | GS1800-8HP | 2x | |
|
||||
| Router | Ubiquiti | EdgeRouter-X | 1x | |
|
||||
| "Server" | Lenovo | ThinkCentre ... | 1x | |
|
||||
|
||||
Cloud:
|
||||
------
|
||||
|
||||
| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description |
|
||||
| ------- | ---- | ---- | -------- | -------- | ---- | ----------- |
|
||||
| `eap-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access |
|
||||
|
||||
|
||||
Networks:
|
||||
---------
|
||||
|
||||
| Name | VLAN | v4 Space | v6 Space | Description |
|
||||
| ---- | ---- | -------- | -------- | ----------- |
|
||||
| `mgmt` | 1 |`10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks|
|
||||
| `clients` | 2 | `10.84.2.0/22`| / | this is where the wifi clients live |
|
||||
| `GIGACUBE` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway
|
||||
|
||||
IPAM:
|
||||
-----
|
||||
|
||||
| IP | MAC | Device | Description |
|
||||
| -- | --- | ------ | ----------- |
|
||||
| `10.84.1.1/24` | `78:8a:20:bd:b6:ae` | `gw-core01` | |
|
||||
| `10.84.1.10/24` | `bc:cf:4f:e3:bb:8d` | `sw-access01`| |
|
||||
| `10.84.1.11/24` | `bc:cf:4f:e3:ac:39` | `sw-access02` | |
|
||||
| `10.84.1.21/24` | | `hyper01` | |
|
||||
| `10.84.1.30/24` | `24:de:c6:cc:2b:bf` | `ap-2bbf` | |
|
||||
| `10.84.1.31/24` | `24:de:c6:c3:ac:7c` | `ap-ac7c` | |
|
||||
| `10.84.1.32/24` | `6c:f3:7f:c9:0b:99` | `ap-0b99` | |
|
||||
| `10.84.1.33/24` | `ac:a3:1e:cf:c5:d1` | `ap-c5d1` | |
|
||||
| `10.84.1.34/24` | `ac:a3:1e:cf:c4:95` | `ap-c495` | |
|
||||
| `10.84.1.35/24` | `18:64:72:cf:1a:38` | `ap-1a38` | |
|
||||
| `10.84.1.36/24` | `d8:c7:c8:c2:8f:42` | `ap-8f42` | |
|
||||
| `10.84.1.37/24` | `00:24:6c:c8:8f:39` | `ap-8f39` | |
|
||||
|
||||
|
||||
SSH-Hostkeys:
|
||||
-------------
|
||||
|
||||
Configuration:
|
||||
--------------
|
||||
|
||||
### `sw-access0{1-2}`
|
||||
|
||||
OS:
|
||||
- `OpenWrt 21.02.3`
|
||||
- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
|
||||
- profile: `zyxel-gs1900-8hp_21.02.3`
|
||||
- commit: `31b86557add49187a2ee161465b51fe120076a3c`
|
||||
|
||||
Config:
|
||||
1. configure `sw-access01`:
|
||||
```
|
||||
uci batch << EOF
|
||||
# configure hostname
|
||||
set system.@system[0].hostname=sw-access01
|
||||
|
||||
# configure mgmt ip
|
||||
set network.mgmt.ipaddr=10.84.1.11
|
||||
EOF
|
||||
```
|
||||
2. configure `sw-access02`:
|
||||
```
|
||||
uci batch << EOF
|
||||
# configure hostname
|
||||
set system.@system[0].hostname=sw-access02
|
||||
|
||||
# configure mgmt ip
|
||||
set network.mgmt.ipaddr=10.84.1.12
|
||||
EOF
|
||||
```
|
||||
3. finish config on both nodes:
|
||||
```
|
||||
# configure root password
|
||||
passwd
|
||||
|
||||
uci batch << EOF
|
||||
# configure mgmt ip
|
||||
set network.mgmt.proto=static
|
||||
set network.mgmt.netmask=255.255.255.0
|
||||
set network.mgmt.gateway=10.84.1.1
|
||||
add_list network.mgmt.dns=10.84.1.1
|
||||
|
||||
# create clients vlan for switch
|
||||
set network.clients_vlan=bridge-vlan
|
||||
set network.clients_vlan.device=switch
|
||||
set network.clients_vlan.vlan=2
|
||||
set network.clients_vlan.ports="lan1:t lan2:t lan3:t lan4:t lan5:t lan6:t lan7:t lan8:t"
|
||||
EOF
|
||||
|
||||
uci commit
|
||||
/etc/init.d/system reload
|
||||
/etc/init.d/network reload
|
||||
```
|
||||
|
||||
### `ap-xxxx`
|
||||
|
||||
OS:
|
||||
- `OpenWrt 21.02.3`
|
||||
- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
|
||||
- profile: `aruba-ap-105_21.02.3`
|
||||
- commit: `18ced036173a23280efd3b87df06ccaa46eb9a04`
|
||||
|
||||
1. initially configure password and ip for every ap:
|
||||
```
|
||||
passwd
|
||||
|
||||
uci batch << EOF
|
||||
set network.mgmt.proto=static
|
||||
set network.mgmt.ipaddr=10.84.1.37
|
||||
set network.mgmt.netmask=255.255.255.0
|
||||
set network.mgmt.gateway=10.84.1.1
|
||||
add_list network.mgmt.dns=10.84.1.1
|
||||
EOF
|
||||
uci commit network
|
||||
/etc/init.d/network reload
|
||||
```
|
||||
|
||||
2. configure network via `playbook_provision_aps.yml`
|
||||
|
||||
### hyper01
|
||||
|
||||
OS:
|
||||
- Proxmox VE 7.2-1
|
||||
|
||||
Installation Questions:
|
||||
- Proxmox Virtual Environment (PVE)
|
||||
- Target Harddrive: Options
|
||||
- Filesystem: `zfs (RAID0)`
|
||||
- Disk Setup
|
||||
- Harddisk 0: /dev/sda (300GB)
|
||||
- Advanced Options:
|
||||
- copies: 2
|
||||
- Location and Time Zone selection:
|
||||
- Country: Germany
|
||||
- Time zone: Europe/Berlin
|
||||
- Keyboard Layout: German
|
||||
- Administration Password and Email Address
|
||||
- Password: `pass EAE_Am-Deutschen-Platz/hyper01`
|
||||
- EMail: `info@freifunk-leipzig.de`
|
||||
- Mangement Network Configuration
|
||||
- Management Interface: `enp2s0`
|
||||
- Hostname (FQDN): `hyper01.eae-adp.freifunk-leipzig.de`
|
||||
- IP Address (CIDR): `10.84.1.21/24`
|
||||
- Gateway: `10.84.1.1`
|
||||
- DNS Server: `10.84.1.1`
|
||||
|
||||
### eap-adp-jump01
|
||||
|
||||
OS:
|
||||
- OpenBSD 7.1
|
||||
|
||||
Installation:
|
||||
- with full disk encryption: https://www.openbsd.org/faq/faq14.html#softraidFDE
|
||||
- via autoinstall
|
||||
|
||||
1. boot into OpenBSD iso
|
||||
2. type s to open the shell after booting
|
||||
```
|
||||
Welcome to the OpenBSD/amd64 7.1 installation program.
|
||||
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
|
||||
```
|
||||
3. create encrypted drive
|
||||
```
|
||||
# cd /dev && sh MAKEDEV sd0
|
||||
# dd if=/dev/urandom of=/dev/rsd0c bs=1m
|
||||
# fdisk -iy sd0
|
||||
# disklabel -E sd0
|
||||
[...]
|
||||
> a a
|
||||
> 64
|
||||
> *
|
||||
> RAID
|
||||
> w
|
||||
> q
|
||||
# bioctl -c C -l sd0a softraid0
|
||||
[...]
|
||||
passphrase
|
||||
passphrase again
|
||||
# cd /dev && sh MAKEDEV sd1
|
||||
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
|
||||
```
|
||||
4. execute autoinstall
|
||||
```
|
||||
# cd /
|
||||
# ftp https://git.sr.ht/~hirnpfirsich/ffl-eae-adp/blob/master/files/eae-adp-jump01.install.conf
|
||||
# install -a -f eae-adp-jump01.install.conf
|
||||
[...]
|
||||
# reboot
|
||||
```
|
Reference in New Issue