document IP change

This commit is contained in:
2022-12-22 15:07:00 +01:00
parent a4adf4a242
commit f363f30f24
2 changed files with 129 additions and 13 deletions
+17 -13
View File
@@ -64,19 +64,23 @@ Attributes
The following attributes can be set for a node:
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
| attribute name | sample value | mandatory | meaning |
+========================+==================+===========+==============================================================================+
| ``ipxe_installer`` | rhel73installer | yes | the installation entry to use at installation time via IPXE |
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
| ``network`` | static | yes | network setup of the installed system. can be ``static`` or ``dhcp`` |
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
| ``puppet_env`` | prod | yes | puppet environment |
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
| ``puppet_role`` | ``role::server`` | yes | puppet role of the node. String should start with ``role::`` |
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
| ``puppet_group`` | computing | no | defines the group for the hiera values. If not set takes the ``default`` one |
+------------------------+------------------+-----------+------------------------------------------------------------------------------+
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| attribute name | sample value | mandatory | meaning |
+========================+==================+===========+================================================================================+
| ``iface`` | ``enp225s0f0`` | no | the installation entry to use for automatic installation |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``ipxe_installer`` | ``rhel87install`` | no | the installation entry to use for automatic installation (``netboot``) |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``network`` | ``static`` | no | network setup of the installed system; can be ``static`` or ``dhcp`` (default) |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``puppet_env`` | ``preprod`` | no | puppet environment with ``prod`` as default |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``puppet_role`` | ``role::server`` | yes | puppet role of the node. String should start with ``role::`` |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``puppet_group`` | ``computing`` | no | defines the group for the hiera values. If not set takes the ``default`` one |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
| ``rootpw`` | ``$y$j9T$f...`` | no | root password hash |
+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
root password
+112
View File
@@ -0,0 +1,112 @@
# IP Address Change
An IP address change needs following steps
**I stay in the same firewall zone**
- change IP address
- restart networking or reboot
**I move out to the DMZ**
- change IP address
- change nameservers (DNS)
- change timeservers (NTP)
- change mail relay (SMTP)
- restart all these services or reboot
One day when there is Puppet available in the DMZ then Puppet will handle the later part.
## Networking Infrastructure
| Zone | Name Server (DNS) | Time Server (NTP) | Mail Relay (SMTP) |
|-----------|-------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
| default | `129.129.190.11` `129.129.230.11` | `pstime1.psi.ch` `pstime2.psi.ch` `pstime3.psi.ch` | `smtpint.psi.ch` |
| dmz/tier3 | `192.33.120.5` `192.33.121.5` | `dmzpstime1.psi.ch` `dmzpstime2.psi.ch` | `smtpdmz.psi.ch` |
| _source_ | [networking::nameservers](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L538) | [net_client::servers](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L595) | [mta::relays](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L527) |
## Select the Network Interface Device
To see what network interfaces are available, use
```
ip link show
```
(all RHEL versions)
or
```
nmcli device status
```
(starting from RHEL8)
## Edit the IP Configuration of a Network Interface
The configuration is done in the file `/etc/sysconfig/network-scripts/ifcfg-$DEVICE`.
An example configuration for a static IP address as set up by the kickstart file looks like:
```
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=129.129.187.41
PREFIX=24
GATEWAY=129.129.187.1
DNS1=129.129.190.11
DNS2=129.129.230.11
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=ens160
UUID=db60a82b-2a4c-4077-b4c1-5dd0e2476be1
DEVICE=ens160
ONBOOT=yes
```
Here you need to change the `IPADDR` and possibly the `GATEWAY` and rarely the `PREFIX`. The last two can be looked up in [QIP](https://qip.psi.ch/qip), but the usual pattern is `*.*.*.1` for the gateway and a prefix of 24.
When moving to a different zone, then you need also to adapt the DNS servers.
If you alterntively change to DHCP, then you can use this:
```
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=ens160
UUID=b5e9cf25-056d-4acb-958c-7a443300e1e1
DEVICE=ens160
ONBOOT=yes
```
This will be active after boot or
```
systemctl restart NetworkManager
```
(RHEL8) or
```
systemctl restart network.service
```
(RHEL7)
Note if you are in need of a new UUID run `uuidgen`.
## Change Time Server (NTP)
Adapt in the file `/etc/chrony.conf` the `server` list and the `initstepslew` config with the respective time servers.
```
systemctl restart chronyd.service
```
applies the changes.
## Change Server for Outgoing Mails
This depends on the software running on the system.