diff --git a/admin-guide/mgmt-tools/bob.rst b/admin-guide/mgmt-tools/bob.rst index 1e0c7a56..3022e8ec 100644 --- a/admin-guide/mgmt-tools/bob.rst +++ b/admin-guide/mgmt-tools/bob.rst @@ -64,19 +64,23 @@ Attributes The following attributes can be set for a node: -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ -| attribute name | sample value | mandatory | meaning | -+========================+==================+===========+==============================================================================+ -| ``ipxe_installer`` | rhel73installer | yes | the installation entry to use at installation time via IPXE | -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ -| ``network`` | static | yes | network setup of the installed system. can be ``static`` or ``dhcp`` | -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ -| ``puppet_env`` | prod | yes | puppet environment | -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ -| ``puppet_role`` | ``role::server`` | yes | puppet role of the node. String should start with ``role::`` | -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ -| ``puppet_group`` | computing | no | defines the group for the hiera values. If not set takes the ``default`` one | -+------------------------+------------------+-----------+------------------------------------------------------------------------------+ ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| attribute name | sample value | mandatory | meaning | ++========================+==================+===========+================================================================================+ +| ``iface`` | ``enp225s0f0`` | no | the installation entry to use for automatic installation | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``ipxe_installer`` | ``rhel87install`` | no | the installation entry to use for automatic installation (``netboot``) | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``network`` | ``static`` | no | network setup of the installed system; can be ``static`` or ``dhcp`` (default) | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``puppet_env`` | ``preprod`` | no | puppet environment with ``prod`` as default | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``puppet_role`` | ``role::server`` | yes | puppet role of the node. String should start with ``role::`` | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``puppet_group`` | ``computing`` | no | defines the group for the hiera values. If not set takes the ``default`` one | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ +| ``rootpw`` | ``$y$j9T$f...`` | no | root password hash | ++------------------------+------------------+-----------+--------------------------------------------------------------------------------+ root password diff --git a/admin-guide/operations/ip-address-change.md b/admin-guide/operations/ip-address-change.md new file mode 100644 index 00000000..a7b0bb5a --- /dev/null +++ b/admin-guide/operations/ip-address-change.md @@ -0,0 +1,112 @@ +# IP Address Change + +An IP address change needs following steps + +**I stay in the same firewall zone** +- change IP address +- restart networking or reboot + +**I move out to the DMZ** +- change IP address +- change nameservers (DNS) +- change timeservers (NTP) +- change mail relay (SMTP) +- restart all these services or reboot + +One day when there is Puppet available in the DMZ then Puppet will handle the later part. + +## Networking Infrastructure + +| Zone | Name Server (DNS) | Time Server (NTP) | Mail Relay (SMTP) | +|-----------|-------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| +| default | `129.129.190.11` `129.129.230.11` | `pstime1.psi.ch` `pstime2.psi.ch` `pstime3.psi.ch` | `smtpint.psi.ch` | +| dmz/tier3 | `192.33.120.5` `192.33.121.5` | `dmzpstime1.psi.ch` `dmzpstime2.psi.ch` | `smtpdmz.psi.ch` | +| _source_ | [networking::nameservers](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L538) | [net_client::servers](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L595) | [mta::relays](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L527) | +## Select the Network Interface Device + +To see what network interfaces are available, use + +``` +ip link show +``` +(all RHEL versions) +or +``` +nmcli device status +``` +(starting from RHEL8) + +## Edit the IP Configuration of a Network Interface + +The configuration is done in the file `/etc/sysconfig/network-scripts/ifcfg-$DEVICE`. + +An example configuration for a static IP address as set up by the kickstart file looks like: +``` +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=none +IPADDR=129.129.187.41 +PREFIX=24 +GATEWAY=129.129.187.1 +DNS1=129.129.190.11 +DNS2=129.129.230.11 +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=eui64 +NAME=ens160 +UUID=db60a82b-2a4c-4077-b4c1-5dd0e2476be1 +DEVICE=ens160 +ONBOOT=yes +``` + +Here you need to change the `IPADDR` and possibly the `GATEWAY` and rarely the `PREFIX`. The last two can be looked up in [QIP](https://qip.psi.ch/qip), but the usual pattern is `*.*.*.1` for the gateway and a prefix of 24. + +When moving to a different zone, then you need also to adapt the DNS servers. + +If you alterntively change to DHCP, then you can use this: +``` +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=dhcp +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=eui64 +NAME=ens160 +UUID=b5e9cf25-056d-4acb-958c-7a443300e1e1 +DEVICE=ens160 +ONBOOT=yes +``` + +This will be active after boot or +``` +systemctl restart NetworkManager +``` +(RHEL8) or +``` +systemctl restart network.service +``` +(RHEL7) + +Note if you are in need of a new UUID run `uuidgen`. + +## Change Time Server (NTP) +Adapt in the file `/etc/chrony.conf` the `server` list and the `initstepslew` config with the respective time servers. +``` +systemctl restart chronyd.service +``` +applies the changes. + +## Change Server for Outgoing Mails +This depends on the software running on the system. + +