# DMZ Installation The deployment in the DMZ ist the basically the same as [internaly](basic_installation), but there are a few points to consider: - a firewall rule for puppet is needed - the commissioning can only be done in the special DMZ commissioning network Because of this commissioning network we suggest that the DMZ VM gets for commissioning two interfaces, a "front-door" to the actual network where it will finally provide its service and the "back-door" in the commissioning network. After successful setup that interface will be removed. ## Preparation - get static IP addresss for "front-door" interface - For Puppet you need to [order a firewall rule](https://psi.service-now.com/psisp?id=psi_new_sc_cat_item&sys_id=faccb8644fe58f8422b0119f0310c7f7) from your machine to `puppet01.psi.ch` using TCP port 8140. - (let) the VM be set up with to interfaces, the first one in the final network ("front-door") and the second one attached to `172.23.206.0/24` ("back-door") - get both MAC addresses - prepare the node in Sysdb/`bob` with the "back-door" MAC address - in Hiera following network configuration is suggested which keeps the "front-door" interface disabled for the start: ```yaml networking::setup: managed networking::connections: - dmz_network - commissioning_network networking::connection::dmz_network: mac_address: '00:50:56:9d:47:eb' ipv4_method: 'disabled' ipv6_method: 'disabled' networking::connection::commissioning_network: mac_address: '00:50:56:9d:c7:fe' ipv4_method: 'auto' ipv6_method: 'disabled' ``` ## Commissioning/Kickstart - commission/kickstart the node via network boot - for SSH access get assigned IP address from VMWare or Puppet facts or QIP - at the moment puppet will fail, provide the IP address to your fellow friendly Core Linux Team member to manually finish the first boot - if the configuration is fully ready, configure the "front-door" interface: ```yaml networking::setup: managed networking::connections: - dmz_network - commissioning_network networking::connection::dmz_network: mac_address: '00:50:56:9d:47:eb' ipv4_method: 'manual' ipv4_address: '192.33.120.60/24' ipv4_gateway: '192.33.120.1' ipv6_method: 'disabled' networking::connection::commissioning_network: mac_address: '00:50:56:9d:c7:fe' ipv4_method: 'auto' ipv6_method: 'disabled' ``` ## Cleanup - check if you still have management access (`ssh`) over the front door interface - remove the configuration of the "back-door" interface: ```yaml networking::setup: managed networking::connections: - dmz_network networking::connection::dmz_network: mac_address: '00:50:56:9d:47:eb' ipv4_method: 'manual' ipv4_address: '192.33.120.60/24' ipv4_gateway: '192.33.120.1' ipv6_method: 'disabled' ``` - remove the "back-door" interface from the VM