Other HUB nodes: Difference between revisions
Andre Castro (talk | contribs) |
No edit summary |
||
(9 intermediate revisions by one other user not shown) | |||
Line 9: | Line 9: | ||
==Steps to add a new Node to [[HUB]]== | ==Steps to add a new Node to [[HUB]]== | ||
Use this template to fill in all the fields and you go through the process | Use this template to fill in all the fields and you go through the process | ||
user: ?USERNAME? | |||
Node name: ?XYZ? | |||
IP: 10.0.0.??? | |||
url: https://hub.xpub.nl/?XYZ? | |||
ssh public key: ?????????@?? | |||
=== In the project Pi (@user with sudo/root)=== | |||
In your Pi: (or other Unix machine connected to the internet) create a user <code>adduser</code> with same username as used in the [[XPUB Sandbox|Sandbox Pi]] | In your Pi: (or other Unix machine connected to the internet) create a user <code>adduser</code> with same username as used in the [[XPUB Sandbox|Sandbox Pi]] | ||
Line 35: | Line 33: | ||
** <code>cat ~/.ssh/id_ed25519.pub </code> | ** <code>cat ~/.ssh/id_ed25519.pub </code> | ||
* add it to Pi's ~/.ssh/authorized_keys: | * add it to Pi's ~/.ssh/authorized_keys: | ||
** <code>sudo | ** <code>sudo ~/.ssh/authorized_keys</code> | ||
Line 46: | Line 44: | ||
** <code>sudo systemctl reload ssh</code> | ** <code>sudo systemctl reload ssh</code> | ||
=== In XVM (@xpub staff with sudo)=== | |||
=== | |||
As root: | As root: | ||
Line 54: | Line 51: | ||
Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP | Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP | ||
=== Back to the PI=== | === Back to the PI (@user)=== | ||
With the invitation link | With the invitation link | ||
Line 79: | Line 76: | ||
Because you want to '''have TINC running at all times''' on the Pi and starting when the Pi boots, it is important to '''configure and enable Tinc's systemd files as described in [[Tinc#tincd_service_file]]''' | Because you want to '''have TINC running at all times''' on the Pi and starting when the Pi boots, it is important to '''configure and enable Tinc's systemd files as described in [[Tinc#tincd_service_file]]''' | ||
=== Back to XVM (@xpub staff)=== | |||
=== Back to XVM === | |||
In <code>/etc/nginx/sites-available/hub.xpub.nl</code> create a new location entry, following the template | In <code>/etc/nginx/sites-available/hub.xpub.nl</code> create a new location entry, following the template | ||
Line 101: | Line 97: | ||
Write your changes to the server's log with | Write your changes to the server's log with | ||
rtlg | rtlg | ||
=== In users laptop (@user)=== | |||
Add a new entry to your laptop <code>~/.ssh/config </code> by following the template: | |||
<pre> | |||
Host hub.NODE_NAME | |||
User PI_USERNAME | |||
Hostname NODE.IP.ADDR.ESS | |||
ProxyJump yourname@xpub.nl:2501 | |||
Identityfile ~/.ssh/id_rsa | |||
Serveraliveinterval 30 | |||
</pre> | |||
Once gnd has associated the Pi user's username + ssh pubkey with the Pi IP | |||
You can now try to ssh with | |||
ssh hub.NODE_NAME | |||
If sshing fails: | |||
* ssh with verbose mode | |||
** <code> ssh hub.NODE_NAME -vvv</code> | |||
* send the output to xpub staff | |||
* send also the .ssh/config to the Node | |||
* if staff cannot figure out the issue contact gnd |
Latest revision as of 16:52, 17 March 2021
Adding new Node to HUB
For graduation projects or some Special issues, the XPUB HUB Node: Sandbox might not be adequate, new nodes (normally Pis) can be added the XPUB HUB Tinc network, making them publicly accessible via ssh and http protocols.
This page describes how to do it
Steps to add a new Node to HUB
Use this template to fill in all the fields and you go through the process
user: ?USERNAME? Node name: ?XYZ? IP: 10.0.0.??? url: https://hub.xpub.nl/?XYZ? ssh public key: ?????????@??
In the project Pi (@user with sudo/root)
In your Pi: (or other Unix machine connected to the internet) create a user adduser
with same username as used in the Sandbox Pi
- Keeping it the same as in the sandbox - will make things easier for us and gnd (no need to give him again your public ssh key)
In your Pi: Add your laptop's user's public ssh key to your Pi user account in ~/.ssh/authorized_keys
In your Pi: Install Tinc on the Pi. The instructions can be found in the Tinc page
Add your chosen Node name and IP to HUB#IP_allocation
- Student project IPs last number should have 3 digits
In your Pi: Add your laptop's ssh public key
- getting and copying your laptop's ssh public key
cat ~/.ssh/id_ed25519.pub
- add it to Pi's ~/.ssh/authorized_keys:
sudo ~/.ssh/authorized_keys
In your Pi: Disable ssh with password (allow ssh with sshkey only):
- edit sshd_config file:
sudo nano /etc/ssh/sshd_config
- uncomment the line:
#PasswordAuthentication no
- so it becomes:
PasswordAuthentication no
- so it becomes:
- reload ssh:
sudo systemctl reload ssh
In XVM (@xpub staff with sudo)
As root:
Create a Tinc invitation links to each node HUB#Adding_a_new_thing
Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP
Back to the PI (@user)
With the invitation link
The Pi user needs to get the Pi to join the HUB network:
- by using the invitation to join the network
sudo tinc join INVITATION_LINK
- add itself to the HUB network
sudo tinc -n hub add subnet NODE.IP.ADDR.ESS
- edit tinc-up file
sudo nano /usr/local/etc/tinc/hub/tinc-up
- Add:
ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0
- Comment: the echo line
- Save and exit
After this process is important to test that the Pi is now part of the TINC network:
- On a Pi ssh session, start tinc:
sudo tincd -n hub -D -d3
- On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back:
- Ping XVM
ping 10.0.0.1
- Or ping Sandbox:
ping 10.0.0.11
- Ping XVM
Because you want to have TINC running at all times on the Pi and starting when the Pi boots, it is important to configure and enable Tinc's systemd files as described in Tinc#tincd_service_file
Back to XVM (@xpub staff)
In /etc/nginx/sites-available/hub.xpub.nl
create a new location entry, following the template
location /nodename { proxy_pass http://10.0.0.10?/; client_max_body_size 200M; }
Test the site configuration
nginx -t -c /etc/nginx/sites-available/hub.xpub.nl
In no errors are found, reload nginx:
systemctl nginx reload
Check the web location by going to https://hub.xpub.nl/NODENAME
Write your changes to the server's log with
rtlg
In users laptop (@user)
Add a new entry to your laptop ~/.ssh/config
by following the template:
Host hub.NODE_NAME User PI_USERNAME Hostname NODE.IP.ADDR.ESS ProxyJump yourname@xpub.nl:2501 Identityfile ~/.ssh/id_rsa Serveraliveinterval 30
Once gnd has associated the Pi user's username + ssh pubkey with the Pi IP
You can now try to ssh with
ssh hub.NODE_NAME
If sshing fails:
- ssh with verbose mode
ssh hub.NODE_NAME -vvv
- send the output to xpub staff
- send also the .ssh/config to the Node
- if staff cannot figure out the issue contact gnd