Other HUB nodes: Difference between revisions

From XPUB & Lens-Based wiki
(Created page with "Category:Xpub Admin Documentation")
 
No edit summary
 
(18 intermediate revisions by one other user not shown)
Line 1: Line 1:
[[Category:Xpub Admin Documentation]]
[[Category:Xpub Admin Documentation]]
==Adding new Node to [[HUB]]==
'''For graduation projects or some Special issues, the [[XPUB HUB Node: Sandbox]] might not be adequate,
new nodes (normally Pis) can be added the XPUB [[HUB]] [[Tinc]] network, making them publicly accessible via ssh and http protocols.'''
This page describes how to do it
==Steps to add a new Node to [[HUB]]==
Use this template to fill in all the fields and you go through the process
user: ?USERNAME?
Node name: ?XYZ?
IP: 10.0.0.???
url: https://hub.xpub.nl/?XYZ?
ssh public key: ?????????@??
=== In the project Pi (@user with sudo/root)===
In your Pi: (or other Unix machine connected to the internet) create a user <code>adduser</code> with same username as used in the [[XPUB Sandbox|Sandbox Pi]]
* Keeping it the same as in the sandbox - will make things easier for us and gnd (no need to give him again your public ssh key)
In your Pi: Add your '''laptop's user's public ssh key''' to your Pi user account in ~/.ssh/authorized_keys
In your Pi: Install [[Tinc]] on the Pi. The instructions can be found in the [[Tinc]] page
Add your chosen Node name and IP to [[HUB#IP_allocation]]
* Student project IPs last number should have 3 digits
In your Pi: Add your laptop's ssh public key
* getting and copying your laptop's ssh public key
** <code>cat ~/.ssh/id_ed25519.pub </code>
* add it to Pi's ~/.ssh/authorized_keys:
** <code>sudo ~/.ssh/authorized_keys</code>
In your Pi: Disable ssh with password (allow ssh with sshkey only):
* edit sshd_config file:
**  <code>sudo nano /etc/ssh/sshd_config</code>
* uncomment the line: <code>#PasswordAuthentication no</code>
** so it becomes: <code>PasswordAuthentication no</code>
* reload ssh:
** <code>sudo systemctl reload ssh</code>
=== In XVM (@xpub staff with sudo)===
As root:
Create a [[Tinc]] invitation links to each node [[HUB#Adding_a_new_thing]]
Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP
=== Back to the PI (@user)===
With the invitation link
The Pi user needs to get the Pi to join the HUB network:
* by using the invitation to join the network
** <code>sudo tinc join INVITATION_LINK</code>
* add itself to the HUB network
** <code>sudo tinc -n hub add subnet NODE.IP.ADDR.ESS</code>
* edit tinc-up file
** <code>sudo nano /usr/local/etc/tinc/hub/tinc-up</code>
** Add: <code> ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0</code>
** Comment: the echo line
** Save and exit
After this process is important to test that the Pi is now part of the TINC network:
* On a Pi ssh session, start tinc:
** <code>sudo tincd -n hub -D -d3</code>
* On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back:
** Ping XVM <code>ping 10.0.0.1</code>
** Or ping Sandbox: <code>ping 10.0.0.11</code>
Because you want to '''have TINC running at all times''' on the Pi and starting when the Pi boots, it is important to '''configure and enable Tinc's systemd files as described in [[Tinc#tincd_service_file]]'''
=== Back to XVM (@xpub staff)===
In <code>/etc/nginx/sites-available/hub.xpub.nl</code> create a new location entry, following the template
<pre>
        location /nodename {
                proxy_pass http://10.0.0.10?/;
                client_max_body_size 200M;
        }
</pre>
Test the site configuration
* <code>nginx -t -c /etc/nginx/sites-available/hub.xpub.nl</code>
In no errors are found, reload nginx:
* <code>systemctl nginx reload</code>
Check the web location by going to https://hub.xpub.nl/NODENAME 
Write your changes to the server's log with
rtlg
=== In users laptop (@user)===
Add a new entry to your laptop <code>~/.ssh/config </code> by following the template:
<pre>
Host hub.NODE_NAME
User PI_USERNAME
Hostname NODE.IP.ADDR.ESS
ProxyJump yourname@xpub.nl:2501
Identityfile ~/.ssh/id_rsa
Serveraliveinterval 30
</pre>
Once gnd has associated the Pi user's username + ssh pubkey with the Pi IP
You can now try to ssh with
ssh hub.NODE_NAME
If sshing fails:
* ssh with verbose mode
** <code> ssh hub.NODE_NAME -vvv</code>
* send the output to xpub staff
* send also the .ssh/config to the Node
* if staff cannot figure out the issue contact gnd

Latest revision as of 16:52, 17 March 2021


Adding new Node to HUB

For graduation projects or some Special issues, the XPUB HUB Node: Sandbox might not be adequate, new nodes (normally Pis) can be added the XPUB HUB Tinc network, making them publicly accessible via ssh and http protocols.

This page describes how to do it

Steps to add a new Node to HUB

Use this template to fill in all the fields and you go through the process

user: ?USERNAME?
Node name: ?XYZ?
IP: 10.0.0.???
url: https://hub.xpub.nl/?XYZ?
ssh public key: ?????????@??

In the project Pi (@user with sudo/root)

In your Pi: (or other Unix machine connected to the internet) create a user adduser with same username as used in the Sandbox Pi

  • Keeping it the same as in the sandbox - will make things easier for us and gnd (no need to give him again your public ssh key)

In your Pi: Add your laptop's user's public ssh key to your Pi user account in ~/.ssh/authorized_keys

In your Pi: Install Tinc on the Pi. The instructions can be found in the Tinc page

Add your chosen Node name and IP to HUB#IP_allocation

  • Student project IPs last number should have 3 digits

In your Pi: Add your laptop's ssh public key

  • getting and copying your laptop's ssh public key
    • cat ~/.ssh/id_ed25519.pub
  • add it to Pi's ~/.ssh/authorized_keys:
    • sudo ~/.ssh/authorized_keys


In your Pi: Disable ssh with password (allow ssh with sshkey only):

  • edit sshd_config file:
    • sudo nano /etc/ssh/sshd_config
  • uncomment the line: #PasswordAuthentication no
    • so it becomes: PasswordAuthentication no
  • reload ssh:
    • sudo systemctl reload ssh

In XVM (@xpub staff with sudo)

As root:

Create a Tinc invitation links to each node HUB#Adding_a_new_thing

Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP

Back to the PI (@user)

With the invitation link

The Pi user needs to get the Pi to join the HUB network:

  • by using the invitation to join the network
    • sudo tinc join INVITATION_LINK
  • add itself to the HUB network
    • sudo tinc -n hub add subnet NODE.IP.ADDR.ESS
  • edit tinc-up file
    • sudo nano /usr/local/etc/tinc/hub/tinc-up
    • Add: ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0
    • Comment: the echo line
    • Save and exit

After this process is important to test that the Pi is now part of the TINC network:

  • On a Pi ssh session, start tinc:
    • sudo tincd -n hub -D -d3
  • On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back:
    • Ping XVM ping 10.0.0.1
    • Or ping Sandbox: ping 10.0.0.11

Because you want to have TINC running at all times on the Pi and starting when the Pi boots, it is important to configure and enable Tinc's systemd files as described in Tinc#tincd_service_file

Back to XVM (@xpub staff)

In /etc/nginx/sites-available/hub.xpub.nl create a new location entry, following the template

        location /nodename {
                proxy_pass http://10.0.0.10?/; 
                client_max_body_size 200M;
        }

Test the site configuration

  • nginx -t -c /etc/nginx/sites-available/hub.xpub.nl

In no errors are found, reload nginx:

  • systemctl nginx reload

Check the web location by going to https://hub.xpub.nl/NODENAME

Write your changes to the server's log with

rtlg


In users laptop (@user)

Add a new entry to your laptop ~/.ssh/config by following the template:

Host hub.NODE_NAME 
User PI_USERNAME
Hostname NODE.IP.ADDR.ESS
ProxyJump yourname@xpub.nl:2501
Identityfile ~/.ssh/id_rsa
Serveraliveinterval 30

Once gnd has associated the Pi user's username + ssh pubkey with the Pi IP

You can now try to ssh with

ssh hub.NODE_NAME 

If sshing fails:

  • ssh with verbose mode
    • ssh hub.NODE_NAME -vvv
  • send the output to xpub staff
  • send also the .ssh/config to the Node
  • if staff cannot figure out the issue contact gnd