Other HUB nodes: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) |
||
| Line 48: | Line 48: | ||
=== For XPUB Staff (with sudo in XVM)=== | === For XPUB Staff (with sudo in XVM)=== | ||
As root: | |||
Create a [[Tinc]] invitation links to each node [[HUB#Adding_a_new_thing]] | Create a [[Tinc]] invitation links to each node [[HUB#Adding_a_new_thing]] | ||
Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP | Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP | ||
=== Back to the PI=== | |||
With the invitation link | |||
The Pi user needs to get the Pi to join the HUB network: | |||
* by using the invitation to join the network | |||
** <code>sudo tinc join INVITATION_LINK</code> | |||
* add itself to the HUB network | |||
** <code>sudo tinc -n hub add subnet NODE.IP.ADDR.ESS</code> | |||
* edit tinc-up file | |||
** <code>sudo nano /usr/local/etc/tinc/hub/tinc-up</code> | |||
** Add: <code> ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0</code> | |||
** Comment: the echo line | |||
** Save and exit | |||
After this process is important to test that the Pi is now part of the TINC network: | |||
* On a Pi ssh session, start tinc: | |||
** <code>sudo tincd -n hub -D -d3</code> | |||
* On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back: | |||
** Ping XVM <code>ping 10.0.0.1</code> | |||
** Or ping Sandbox: <code>ping 10.0.0.11</code> | |||
Because you want to '''have TINC running at all times''' on the Pi and starting when the Pi boots, it is important to '''configure and enable Tinc's systemd files as described in [[Tinc#tincd_service_file]]''' | |||
=== Back to XVM === | |||
In <code>/etc/nginx/sites-available/hub.xpub.nl</code> create a new location entry, following the template | |||
<pre> | |||
location /nodename { | |||
proxy_pass http://10.0.0.10?/; | |||
client_max_body_size 200M; | |||
} | |||
</pre> | |||
Test the site configuration | |||
* <code>nginx -t -c /etc/nginx/sites-available/hub.xpub.nl</code> | |||
In no errors are found, reload nginx: | |||
* <code>systemctl nginx reload</code> | |||
Check the web location by going to https://hub.xpub.nl/NODENAME | |||
Write your changes to the server's log with | |||
rtlg | |||
Revision as of 13:53, 14 May 2020
Adding new Node to HUB
For graduation projects or some Special issues, the XPUB HUB Node: Sandbox might not be adequate, add new nodes can be added the XPUB HUB Tinc network This page describes how to do it
Steps to add a new Node to HUB
For Pi user (with sudo/root)
Use this template to fill in all the fields and you go through the process
user: psc
Node name: ?XYZ?
IP: 10.0.0.???
url: https://hub.xpub.nl/?XYZ?
ssh public key:
?????????@??
In your Pi: (or other Unix machine connected to the internet) create a user adduser with same username as used in the Sandbox Pi
- Keeping it the same as in the sandbox - will make things easier for us and gnd (no need to give him again your public ssh key)
In your Pi: Add your laptop's user's public ssh key to your Pi user account in ~/.ssh/authorized_keys
In your Pi: Install Tinc on the Pi. The instructions can be found in the Tinc page
Add your chosen Node name and IP to HUB#IP_allocation
- Student project IPs last number should have 3 digits
In your Pi: Add your laptop's ssh public key
- getting and copying your laptop's ssh public key
cat ~/.ssh/id_ed25519.pub
- add it to Pi's ~/.ssh/authorized_keys:
sudo nano ~/.ssh/authorized_keys
In your Pi: Disable ssh with password (allow ssh with sshkey only):
- edit sshd_config file:
sudo nano /etc/ssh/sshd_config
- uncomment the line:
#PasswordAuthentication no- so it becomes:
PasswordAuthentication no
- so it becomes:
- reload ssh:
sudo systemctl reload ssh
For XPUB Staff (with sudo in XVM)
As root:
Create a Tinc invitation links to each node HUB#Adding_a_new_thing
Ask gnd to associate the Pi user's username + ssh pubkey with the Pi IP
Back to the PI
With the invitation link
The Pi user needs to get the Pi to join the HUB network:
- by using the invitation to join the network
sudo tinc join INVITATION_LINK
- add itself to the HUB network
sudo tinc -n hub add subnet NODE.IP.ADDR.ESS
- edit tinc-up file
sudo nano /usr/local/etc/tinc/hub/tinc-up- Add:
ifconfig $INTERFACE NODE.IP.ADDR.ESS netmask 255.255.255.0 - Comment: the echo line
- Save and exit
After this process is important to test that the Pi is now part of the TINC network:
- On a Pi ssh session, start tinc:
sudo tincd -n hub -D -d3
- On another Pi ssh session try to ping other HUB nodes a see if your are getting pings back:
- Ping XVM
ping 10.0.0.1 - Or ping Sandbox:
ping 10.0.0.11
- Ping XVM
Because you want to have TINC running at all times on the Pi and starting when the Pi boots, it is important to configure and enable Tinc's systemd files as described in Tinc#tincd_service_file
Back to XVM
In /etc/nginx/sites-available/hub.xpub.nl create a new location entry, following the template
location /nodename {
proxy_pass http://10.0.0.10?/;
client_max_body_size 200M;
}
Test the site configuration
nginx -t -c /etc/nginx/sites-available/hub.xpub.nl
In no errors are found, reload nginx:
systemctl nginx reload
Check the web location by going to https://hub.xpub.nl/NODENAME
Write your changes to the server's log with
rtlg