Serviço Experimental de CIrcuitos aPrOvisionados dinamicamente (SE-CIPÓ)

Skip to end of metadata
Go to start of metadata

Configuração da VM-NARB

Configuração básica da VM:

  • 1 Interface de rede
  • 1 Disco de 8GB
  • 512MB de memória
  • Compatível com VMWare ESX 4 ou superior
  • 1 Processador

Sistema Operacional:

  • Debian 6.0
  • Instalação: básica, em Software Selection escolhidos apenas “SSH server” e “Standard System Utilities”.
  • Disco configurado como para utilizador todo o disco, de forma automática, em modo LVM
  • Instalado VMWare Tools

Configurações adicionais do SO:

  • Habilitados pool non-free de pacotes do Debian (para download das mibs):
#
deb http://debian.pop-sc.rnp.br/debian/ squeeze main non-free
deb-src http://debian.pop-sc.rnp.br/debian/ squeeze main
deb http://security.debian.org/ squeeze/updates main non-free
deb-src http://security.debian.org/ squeeze/updates main# squeeze-updates, previously known as 'volatile'
deb http://debian.pop-sc.rnp.br/debian/ squeeze-updates main
deb-src http://debian.pop-sc.rnp.br/debian/squeeze-updates main

 

  • Pacotes adicionais instalados (suporte a compilação do Dragon e monitoramento):

bison++, bzip2, cpp, flex-old, g++, gcc, insserv, iptables, libc6-dev, libxml2, libxml2-dev, linux-headers-*, linux-libc-dev, m4, make, ncurses-base, ncurses-term, ncurses-bin, ntp, ntpdate, openssh-server, patch, perl, procps, psmisc, rcconf, snmp, snmp-mibs-downloader, snmpd, vi

 

  • Pacotes adicionais instalados no Perl (suporte ao instalador):
cpan Curses::UI
cpan Config::IniFiles

 

  • Desligado IPv6:
sed -i '/alias net-pf-10/d' /etc/modprobe.d/aliases.conf
sed -i '/alias ipv6/d' /etc/modprobe.d/aliases.conf
sed -i '/net.ipv6.conf.all.disable_ipv6/d' /etc/sysctl.conf
echo "alias net-pf-10 off" >> /etc/modprobe.d/aliases.conf
echo "alias ipv6 off" >> /etc/modprobe.d/aliases.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -f /etc/sysctl.conf

 

  • Configurados os servidores de NTP em /etc/ntp.conf conforme:
server ntp.pop-sc.rnp.br iburst
server ntp.cais.rnp.br iburst
server a.ntp.br iburst

 

  • Configurados arquivos issue e issue.net, conforme (respectivamente):

 

###########################
Projeto SE-CIPO
Host NARB
Versao 1.0
##########################
   _____ ______       _____ _____ _____   ____
  / ____|  ____|     / ____|_   _|  __ \ / __ \
 | (___ | |__ ______| |      | | | |__) | |  | |
  \___ \|  __|______| |      | | |  ___/| |  | |
  ____) | |____     | |____ _| |_| |    | |__| |
 |_____/|______|     \_____|_____|_|     \____/

 | \ | | /\ | __ \| _ \
 |  \| |  /  \  | |__) | |_) |
 | . ` | / /\ \ |  _  /|  _ <
 | |\  |/ ____ \| | \ \| |_) |
 |_| \_/_/    \_\_|  \_\____/

 
 
Projeto SE-CIPO
Host NARB
Versao 1.0

 

  • Configurado arquivo básico de firewall em /etc/network/iptables.rules conforme:

 

# Generated by iptables-save v1.4.8 on Fri May 10 14:51:01 2013
*filter
:INPUT ACCEPT [91:18328]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:76]
COMMIT
# Completed on Fri May 10 14:51:01 2013

 

  1. Criado script de inicialização do firewall (/etc/init.d/firewall) conforme:
#!/bin/sh
### BEGIN INIT INFO
# Provides:          firewall
# Required-Start:     $network  $syslog
# Required-Stop:      $network  $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 6
# Short-Description: Firewall iptables
# Description:      Iniciar script de firewall no boot do sistema
### END INIT INFO
 
#
# Script para Iniciar o Firewall automaticamente
# Configure em /etc/init      d
# rhoden@pop-sc      rnp      br
#
CONF=/etc/network/iptables.rules
#CONF6=/etc/network/ip6tables.rules
CMD=/sbin/iptables
#CMD6=/sbin/ip6tables
CMDRESTORE=/sbin/iptables-restore
#CMDRESTORE6=/sbin/ip6tables-restore
CMDSAVE=/sbin/iptables-save
#CMDSAVE6=/sbin/ip6tables-save
 
case "$1" in
   start)
      echo -n "Iniciando Firewall                  "
      $CMDRESTORE -c $CONF
 
      echo "Feito"
      ;;
   save)
      echo -n "Salvando as regras de firewall da memoria para ${CONF}"
      $CMDSAVE > $CONF
      echo " Feito!"
      ;;
   stop)
      echo "Parando Firewall            "
      $CMD -P OUTPUT  ACCEPT
      $CMD -P INPUT   ACCEPT
      $CMD -P FORWARD ACCEPT
      $CMD -F
      echo "      "
      ;;
   list)
      echo "Listando regras de Firewall            "
      echo "----------------------------------------------------"
      $CMD -L
      echo "----------------------------------------------------"
      echo "      "
;;
*)
N=/etc/init.d/firewall
echo "Usage: $N {start|list|save|stop}" >&2
exit 1
;;
esac
exit 0

 

  • Instalado scritpt do Firewall através do comando:

 

cd /etc/init.d
chmod +x firewall
insserv firewall

 

 

Configurações adicionais para o Dragon/NARB:

 

  • Executado comando para baixar as MIBs necessárias:

 

 download-mibs
 
  • Modificado arquivo /etc/snmp/snmp.conf conforme (última linha foi comentada):

 

#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
#mibs :

 

  • Criado arquivo de inicialização do Dragon - /etc/init.d/dragon - conforme:
#! /bin/sh
### BEGIN INIT INFO
# Provides:          dragon
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start daemon at boot time
# Description:       Enable dragon service as daemon.
### END INIT INFO
 
##
DRAGON_START=/usr/local/dragon/bin/dragon.sh
# Some things that run always
touch /var/lock/dragon
 
# Carry out specific functions when asked to by the system
case "$1" in
  start)
    echo "Starting DRAGON Service"
         $DRAGON_START start-narb
    ;;
  stop)
    echo "Stopping DRAGON Service"
         $DRAGON_START stop
    ;;
  *)
    echo "Usage: /etc/init.d/dragon.sh {start|stop}"
    exit 1
   ;;
esac
 
exit 0

 

  • Configurado arquivo de inicialização do Dragon conforme:
cd /etc/init.d
chmod +x dragon
update-rc.d dragon defaults 2 3 4 5 20 . 0 1 6 20


  • Habilitado packet forwarding IPv4 descomentando a linha em /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4 
net.ipv4.ip_forward=1


  • Configurado /etc/snmp/snmpd.conf conforme:
################################
# RNP - CIPO
#
# TEMPLATE DE MONITORAMENTO SNMP
#
# Versao 1.0
#################################


agentAddress udp:0.0.0.0:161
#rocommunity NOME_COMUNIDADE IP_MONITORAMENTO
rocommunity dragonRO


sysLocation PoP-XX
sysContact monitoramento@cipo.pop-XX.rnp.br
sysServices 72




#
# Monitoramento Processos
# Geral
proc sshd
proc snmpd
## VLSR
proc zebra 1 1
proc ospfd 1 1
proc dragon 1 1
proc RSVPD 1 1


## NARB (procs do VLSR SEM RSVPD e dragon)E DESCOMENTAR ABAIXO
#proc narb
#proc rce


### OSCARS (COMENTAR PROCESSOS DA VLSR) E DESCOMENTAR ABAIXO
#proc java
#proc ntpd
#proc mysqld
#proc syslog-ng




includeAllDisks 10%
load 12 10 5

 

  • Utilizado rcconf para definir os seguintes serviços como ativos:
acpid, atd, bootlogs, console-setup, cron, dragon, firewall, kbd, keyboard-setup, lm-sensors, lvm2, module-init-tools, mpt-statusd, ntp, procps, snmpd, ssh, udev-, vmware-tools

 

  • Baixados e descompactados arquivos do NARB e Dragon do repositório no diretório /usr/local/files


  • No labels