summaryrefslogtreecommitdiffstats
path: root/share/doc/HOST-SETUP.txt
diff options
context:
space:
mode:
Diffstat (limited to 'share/doc/HOST-SETUP.txt')
-rw-r--r--share/doc/HOST-SETUP.txt230
1 files changed, 0 insertions, 230 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
deleted file mode 100644
index 8cb6039..0000000
--- a/share/doc/HOST-SETUP.txt
+++ /dev/null
@@ -1,230 +0,0 @@
-compute-tools: Host Setup
-=========================
-
-
-1. Debian Packages
--------------------
-
-apt install bridge-utils ifenslave vlan
-
-
-2. Boot Parameters
-------------------
-
-2.1 CGroup Memory Controller
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In order to enable the memory controller the following boot parameter needs to be used:
-
- cgroup_enable=memory
-
-
-2.2 CGroup Swap Controller
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In order to enable the swap controller the following boot parameter needs to be used:
-
- swapaccount=1
-
-2.3 vsyscall
-~~~~~~~~~~~~
-
-In order to be able to execute binaries linked to older libc versions
-(<= wheezy) on newer linux versions (>= buster), add the following boot
-parameter (see #881813 for more information):
-
- vsyscall=emulate
-
-
-3. Networking
-~~~~~~~~~~~~~
-
-3.1 Configure Network Bridge
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-3.1.1 Bridge: 1 Interface, standalone, DHCP
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-iface eno1 inet manual
-
-auto bridge0
-iface bridge0 inet dhcp
- bridge_ports eno1
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
-EOF
-
-
-3.1.2 Bridge: 1 Interface, standalone, static
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-iface eno1 inet manual
-
-auto bridge0
-iface bridge0 inet static
- address 10.0.0.2
- gateway 10.0.0.1
- netmask 24
-
- pre-up ip link set eno1 down
- pre-up ip link set eno1 up
-
- bridge_ports eno1
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
-EOF
-
-
-3.1.3 Bridge: 2 logical Interfaces, subnet, static
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-allow-hotplug eno1
-iface eno1 inet dhcp
-
-auto bridge0
-iface bridge0 inet static
- address 10.0.0.1
- netmask 24
-
- pre-up ip link add name bridge0 type bridge
- post-down ip link delete bridge0 type bridge
-
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
-EOF
-
-
-3.1.4 Bridge: 3 physical Interfaces, vlan, bonding, static
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-allow-hotplug eno1
-iface eno1 inet dhcp
-
-iface eno2 inet manual
-
-iface eno3 inet manual
-
-auto bond0
-iface bond0 inet manual
- up ip link set bond0 up
- down ip link set bond0 down
-
- slaves eno2 eno3
-
- bond-mode 4
- bond-miimon 100
- bond-downdelay 200
- bond-updelay 200
- bond-lacp-rate 1
- bond-xmit-hash-policy layer2+3
-
-iface bond0.100 inet manual
- vlan-raw-device bond0
-
-auto bridge-100
-iface bridge-100 inet static
- address 10.100.0.2
- netmask 24
-
- bridge_ports bond0.100
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
-EOF
-
-
-4. Enabling user namespace for unprivileged containers
-------------------------------------------------------
-
-Linux supports unprivileged containers with the user namespace.
-By default the user namespace is disabled on Debian systems (see #898446).
-To enable user namespace, edit the following file for a permant change:
-
- /etc/sysctl.d/zz-compute-tools.conf
- sysctl -p
-
-or enable it manually with:
-
- echo 1 > /proc/sys/kernel/unprivileged_userns_clone
-
-Note that containers need to be started with the correct
-configuration in /etc/compute-tools/container/config to run unpriviled
-(private-users option).
-
-
-5. Enabling container-shell
----------------------------
-
-Managing privileged containers requires root privileges. In order to allow
-unprivileged users to manage privileged containers without granting them
-privileges or accounts, the container-shell can be used together with sudo
-and a container user.
-
- sudo adduser --gecos "compute-tools,,," \
- --home /var/lib/open-infrastructure/container-shell \
- --shell /usr/bin/container-shell
-
-
-6. IPv4 and IPv6 dual-stack
----------------------------
-
-Examples for /etc/network/interfaces above work for IPv6 too when using correct
-IPv6 addresses and netmasks.
-
-In order to use dual-stack, bridges must have a IPv4 address assigned
-(can be a dummy one from a privacy range or 127.0.0.0/8).
-
-Let me repeat: dual-stack only works when you assign a primary IPv6 address
-(private or public, doesn't matter) *and* add an additional IPv4 address.
-Yes, the IPv4 address can be a private address, the containers can still
-have a public IPv4 address.
-
-A complete example looks like this:
-
-auto bridge0
-iface bridge0 inet6 static
- address 2a07:6b47:4::4:1
- netmask 48
-
- up ip addr add 127.4.4.1 dev $IFACE
- down ip addr del 127.4.4.1 dev $IFACE
-
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
- bridge-mcquerier 1