Versions Compared

Old Version 29

changes.mady.by.user Daniel Balsiger

Saved on

compared with

New Version 30

changes.mady.by.user Daniel Balsiger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Copy the team members SSH public keys and disable SSH password auth:

    Code Block
    languagebash
    themeRDark
    cat > authorized_keys << __EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjD/+BIg4c28lHlHw464vbfUYjfDJ1sSKgrEYcMkL+qO6LagkDAWkWdelmAmpcUJlOPYjxDwmKj8Bu6/fd+WfVzk6y33YVmAFN4jAmv/87dYCNuAMr4gDWc3cU5lsNdpsPzQqGUCFfJCvldyUZeu21YZ2rkYB1+Q9VObUSaa5Z74sKNYQJi0AgnZh63cYOyqVDCwIloWd2FzC+4o04cVL3P1R+COGRq1EUUmy5LSI9rsCO59mLCt8Wm4h5OiY84nEbQVZUH3QyYw/ihmGm2qtklkbNMPOPZ7+8ZN5+of4u/7bpEiZk3FcMh7lYwi6dMyUzwv47Il633JP6GDgOxuCH Daniel Balsiger SSH
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH8lM+qleGIvXI3wgqIp73pKZwwxKfr9BDCdoVP3/zWRQ/7zpw98nvx7gqfVLlt+P2TjxHbSJqGrSECSmKFCHsYzuA+khmg/aca/IQa2FYFpUR1sT4czWQC14PiGGIoSbMukeUZvddZwZlalNZmOKjzY1Flz3w7+W+XHyFuwy6qfaIt1hIBKkqTUxECYq0O6OkdK6gzouKuAY/4AM+VvcIkdHMm9x3LCXWBAH24QzCG/IzydqXfi4FkVtmGJv2AgEMyR0seSoU3drCXvpY91WjXT8i6m7EMB739hw0V32UaqslY3qHtuNTGake5JFWJn9zYF6lZwGXpU94Bw7YjQL1 Michail Salichos SSH
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRxCsboa1ERMgiJCP2iA8Zcm2LuAOALQHIZIQEvbcwMifdeXMTawC0tDnU6qy35q+cr5W3+4HJDyBLSAKmDosZepm1a/27cRlgXK/vtkxM5UlDk+lZsF/YGXBzZvWepM4XhozzCMNfvWWxkz5SnEl/ZYfdN2H5psXReNTgBX33ax2cI+aOBZxsX2Y0FYBuqlJFT7htgblGjHLq43nL/cF9w9cXkMv+mPUQJN4wNf1HU5JBjX6sKl6Y3IIPxEVGFohu8c9tDHa8JoWxIzKZz3z9Zd8KkfTTsRtXh3MH7mMRZkVTgHHVU3NA4/psEVMJHFtXI6R/laOv8Lpytdky7tkv taapeda0@UM01183

__EOF
mkdir .ssh
chmod 0700 .ssh
cp authorized_keys .ssh # copy not move (selinux)
chmod 0600 .ssh/authorized_keys
rm -f authorized_keys
sed -e 's|^PasswordAuthentication yes|PasswordAuthentication no|' -i /etc/ssh/sshd_config
systemctl restart sshd


  • Disable NetworkManager, Firewalld and Postfix services, enable legacy networking:

    Code Block
    languagebash
    themeRDark
    systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl disable firewalld
systemctl stop  firewalld
systemctl disable postfix
systemctl stop postfix

systemctl enable network
systemctl start network


  • Create Network Interface Configuration Files in /etc/sysconfig/network-scripts/ :

    • ifcfg-bridge:

      Code Block
      languagebash
      themeRDark
      DEVICE=bride
TYPE=Bridge
MTU=1400
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no


    • ifcfg-nic1 (facing OLT):

      Code Block
      languagebash
      themeRDark
      DEVICE=nic1
TYPE=Ethernet
MTU=1400
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
BRIDGE=bridge


    • ifcfg-nic2 (in external network, facing vBNG):

      Code Block
      languagebash
      themeRDark
      DEVICE=nic2
TYPE=Ethernet
MTU=1450
ONBOOT=yes
BOOTPROTO=none
IPV6INIT=no
IPV6_AUTOCONF=no
IPADDR=172.30.0.252
PREFIX=24
DEFROUTE=yes
GATEWAY=172.30.0.1
DNS1=8.8.8.8
DNS2=8.8.4.4


  • Create VxLAN Tunnel Interface on bridge creation:

    Code Block
    languagebash
    themeRDark
    cat > /sbin/ifup-local << __EOF
#!/bin/sh
if [[ "\$1" == "bridge" ]]
then
  ip link add vxlan0 type vxlan id 88888 local 172.30.0.252 remote 172.30.0.121 dstport 4789 dev nic2
  ip li set up dev vxlan0
  ip link set master bridge dev vxlan0
fi
__EOF

chmod 755 /sbin/ifup-local
restorecon -Fv /sbin/ifup-local


Once those files are in place the configuration is reboot persistent. To have a sane state, please reboot the box once, after having created those files.