diff options
Diffstat (limited to 'share/doc/HOST-SETUP.txt')
-rw-r--r-- | share/doc/HOST-SETUP.txt | 230 |
1 files changed, 0 insertions, 230 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt deleted file mode 100644 index 8cb6039..0000000 --- a/share/doc/HOST-SETUP.txt +++ /dev/null @@ -1,230 +0,0 @@ -compute-tools: Host Setup -========================= - - -1. Debian Packages -------------------- - -apt install bridge-utils ifenslave vlan - - -2. Boot Parameters ------------------- - -2.1 CGroup Memory Controller -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -In order to enable the memory controller the following boot parameter needs to be used: - - cgroup_enable=memory - - -2.2 CGroup Swap Controller -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -In order to enable the swap controller the following boot parameter needs to be used: - - swapaccount=1 - -2.3 vsyscall -~~~~~~~~~~~~ - -In order to be able to execute binaries linked to older libc versions -(<= wheezy) on newer linux versions (>= buster), add the following boot -parameter (see #881813 for more information): - - vsyscall=emulate - - -3. Networking -~~~~~~~~~~~~~ - -3.1 Configure Network Bridge -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -3.1.1 Bridge: 1 Interface, standalone, DHCP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback - -iface eno1 inet manual - -auto bridge0 -iface bridge0 inet dhcp - bridge_ports eno1 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 -EOF - - -3.1.2 Bridge: 1 Interface, standalone, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback - -iface eno1 inet manual - -auto bridge0 -iface bridge0 inet static - address 10.0.0.2 - gateway 10.0.0.1 - netmask 24 - - pre-up ip link set eno1 down - pre-up ip link set eno1 up - - bridge_ports eno1 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 -EOF - - -3.1.3 Bridge: 2 logical Interfaces, subnet, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback - -allow-hotplug eno1 -iface eno1 inet dhcp - -auto bridge0 -iface bridge0 inet static - address 10.0.0.1 - netmask 24 - - pre-up ip link add name bridge0 type bridge - post-down ip link delete bridge0 type bridge - - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 -EOF - - -3.1.4 Bridge: 3 physical Interfaces, vlan, bonding, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback - -allow-hotplug eno1 -iface eno1 inet dhcp - -iface eno2 inet manual - -iface eno3 inet manual - -auto bond0 -iface bond0 inet manual - up ip link set bond0 up - down ip link set bond0 down - - slaves eno2 eno3 - - bond-mode 4 - bond-miimon 100 - bond-downdelay 200 - bond-updelay 200 - bond-lacp-rate 1 - bond-xmit-hash-policy layer2+3 - -iface bond0.100 inet manual - vlan-raw-device bond0 - -auto bridge-100 -iface bridge-100 inet static - address 10.100.0.2 - netmask 24 - - bridge_ports bond0.100 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 -EOF - - -4. Enabling user namespace for unprivileged containers ------------------------------------------------------- - -Linux supports unprivileged containers with the user namespace. -By default the user namespace is disabled on Debian systems (see #898446). -To enable user namespace, edit the following file for a permant change: - - /etc/sysctl.d/zz-compute-tools.conf - sysctl -p - -or enable it manually with: - - echo 1 > /proc/sys/kernel/unprivileged_userns_clone - -Note that containers need to be started with the correct -configuration in /etc/compute-tools/container/config to run unpriviled -(private-users option). - - -5. Enabling container-shell ---------------------------- - -Managing privileged containers requires root privileges. In order to allow -unprivileged users to manage privileged containers without granting them -privileges or accounts, the container-shell can be used together with sudo -and a container user. - - sudo adduser --gecos "compute-tools,,," \ - --home /var/lib/open-infrastructure/container-shell \ - --shell /usr/bin/container-shell - - -6. IPv4 and IPv6 dual-stack ---------------------------- - -Examples for /etc/network/interfaces above work for IPv6 too when using correct -IPv6 addresses and netmasks. - -In order to use dual-stack, bridges must have a IPv4 address assigned -(can be a dummy one from a privacy range or 127.0.0.0/8). - -Let me repeat: dual-stack only works when you assign a primary IPv6 address -(private or public, doesn't matter) *and* add an additional IPv4 address. -Yes, the IPv4 address can be a private address, the containers can still -have a public IPv4 address. - -A complete example looks like this: - -auto bridge0 -iface bridge0 inet6 static - address 2a07:6b47:4::4:1 - netmask 48 - - up ip addr add 127.4.4.1 dev $IFACE - down ip addr del 127.4.4.1 dev $IFACE - - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 - bridge-mcquerier 1 |