Freifunk-Leipzig
/
eae-am-deutschen-platz
Archived
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2024-05-11. You can view files and clone it, but cannot push or open issues or pull requests.
eae-am-deutschen-platz/documentation/README.md

6.9 KiB
Raw Blame History

Doku: EAE - Am deutschen Platz

Overview:

Layer 1 Overview of Network

IPAM / Device Overview:

Name Location MGMT IPv4 MAC Device Notes
gw-core01 Büro 10.84.1.1 78:8a:20:bd:b6:ae Ubiquiti EdgeRouterX
sw-access01 Büro 10.84.1.10 bc:cf:4f:e3:bb:8d Zyxel GS1800-8HP
sw-access02 Zelt 5 10.84.1.11 bc:cf:4f:e3:ac:39 Zyxel GS1800-8HP
hyper01 Büro 10.84.1.21 00:23:24:54:f0:fe Lenovo ThinkCentre ?
monitoring01 hyper01 10.84.1.51 16:b9:13:c3:10:5e Proxmox VM
ap-2bbf Zelt 4 10.84.1.30 24:de:c6:cc:2b:bf Aruba AP-105
ap-1a38 Zelt 5 10.84.1.35 24:de:c6:c3:ac:7c Aruba AP-105
ap-0b99 Zelt 2 10.84.1.32 6c:f3:7f:c9:0b:99 Aruba AP-105
ap-c5d1 Büro 10.84.1.33 ac:a3:1e:cf:c5:d1 Aruba AP-105
ap-c495 Zelt 3 10.84.1.34 ac:a3:1e:cf:c4:95 Aruba AP-105
ap-8f42 Zelt 1 10.84.1.36 d8:c7:c8:c2:8f:42 Aruba AP-105

Cloud VMs:

VM Name IPv4 IPv6 Location Provider Type Description Notes
eae-adp-jump01 162.55.53.85 2a01:4f8:c0c:1281::/64 Germany - Nuerenberg - DC3 Hetzner CX11 vpn and jump host for remote access kvm access: @hirnpfirsich

Networks:

Name VLAN v4 Space v6 Space Description
mgmt 1 10.84.1.0/24 / default network which is used for administrative and monitoring tasks
clients 2 10.84.2.0/22 / this is where the wifi clients live
gigacube / 192.168.8.0/24 / created by the gigacube. wan for our gateway
backbone / 10.254.254.0/30 / tunnel network between gw-core01 and eae-adp-jump01

Configuration:

sw-access0{1-2}

OS:

  • OpenWrt 21.02.3
  • custom build with garet
  • profile: zyxel-gs1900-8hp_21.02.3
  • commit: 31b86557add49187a2ee161465b51fe120076a3c

Config:

  1. configure sw-access01:
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access01

# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.11
EOF
  1. configure sw-access02:
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access02

# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.12
EOF
  1. finish config on both nodes:
# configure root password
passwd

uci batch << EOF
# configure mgmt ip
set network.mgmt.proto=static
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1

# create clients vlan for switch
set network.clients_vlan=bridge-vlan
set network.clients_vlan.device=switch
set network.clients_vlan.vlan=2
set network.clients_vlan.ports="lan1:t lan2:t lan3:t lan4:t lan5:t lan6:t lan7:t lan8:t"
EOF

uci commit
/etc/init.d/system reload
/etc/init.d/network reload
  1. install rsync (will be included in the next image!)

ap-xxxx

OS:

  • OpenWrt 21.02.3
  • custom build with garet
  • profile: aruba-ap-105_21.02.3
  • commit: 18ced036173a23280efd3b87df06ccaa46eb9a04
  1. initially configure password and ip for every ap:
passwd

uci batch << EOF
set network.mgmt.proto=static
set network.mgmt.ipaddr=10.84.1.37
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1
EOF
uci commit network
/etc/init.d/network reload
  1. configure network via playbook_provision_aps.yml

hyper01

OS:

  • Proxmox VE 7.2-1

Installation Questions:

  • Proxmox Virtual Environment (PVE)
  • Target Harddrive: Options
    • Filesystem: zfs (RAID0)
    • Disk Setup
      • Harddisk 0: /dev/sda (300GB)
    • Advanced Options:
      • copies: 2
  • Location and Time Zone selection:
    • Country: Germany
    • Time zone: Europe/Berlin
    • Keyboard Layout: German
  • Administration Password and Email Address
    • Password: pass EAE_Am-Deutschen-Platz/hyper01
    • EMail: info@freifunk-leipzig.de
  • Mangement Network Configuration
    • Management Interface: enp2s0
    • Hostname (FQDN): hyper01.eae-adp.freifunk-leipzig.de
    • IP Address (CIDR): 10.84.1.21/24
    • Gateway: 10.84.1.1
    • DNS Server: 10.84.1.1

Postinstall cleanup:

  • remove enterprise repos and activate community repo:
root@hyper01:/etc/apt# rm /etc/apt/sources.list.d/pve-enterprise.list 
root@hyper01:/etc/apt# cat > /etc/apt/sources.list.d/pve-no-subscription.list << EOF
> # PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
> EOF
root@hyper01:/etc/apt#
  • update: apt update && apt dist-upgrade -y && reboot
  • install alpine template: pveam update && pveam download local alpine-3.16-default_20220622_amd64.tar.xz
  • remove alpine template and download debian template

eap-adp-jump01

OS:

  • OpenBSD 7.1

Installation:

  1. boot into OpenBSD iso
  2. type s to open the shell after booting
Welcome to the OpenBSD/amd64 7.1 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
  1. create encrypted drive
# cd /dev && sh MAKEDEV sd0
# dd if=/dev/urandom of=/dev/rsd0c bs=1m
# fdisk -iy sd0
# disklabel -E sd0
[...]
> a a
> 64
> *
> RAID
> w
> q
# bioctl -c C -l sd0a softraid0
[...]
passphrase
passphrase again
# cd /dev && sh MAKEDEV sd1
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
  1. execute autoinstall
# cd /
# ifconfig vio0 autoconf
# ftp https://git.sr.ht/~hirnpfirsich/ffl-eae-adp/blob/master/files/eae-adp-jump01.install.conf
# install -a -f eae-adp-jump01.install.conf
[...]
# reboot
  1. install syspatches
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# reboot
  1. install python3 for ansible
eae-adp-jump01# pkg_add python3