en:dpi:dpi_components:platform:dpi_install:start [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_components:platform:dpi_install:start [2023/03/13 15:44] edrudichgmailcomen:dpi:dpi_components:platform:dpi_install:start [2023/09/04 09:48] (current) – removed elena.krasnobryzh
    Line 1: Line 1:
    -====== 2 Stingray Service Gateway implementation ====== 
    -{{indexmenu_n>2}} 
    -===== Migrating from CentOS 8.x to VEOS 8.x ===== 
    -<note important> Due to the fact that Red Hat will early end support for CentOS 8 at the end of 2021, VAS Experts offers a strategy to continue using Red Hat as a Control Plane. \\ 
    -** The transition to the new version of the OS is planned as a regular update (without reinstallation), [[en:dpi:techsupport_info:start|within the framework of active technical support]].**</note> 
      
    -The transition to VEOS 8.6 (VAS Experts OS) will be phased in: 
    -  - **January 2021** - Switching to the VAS Experts repository at the end of the release of patches for CentOS 8.5, does not require reinstalling the current CentOS packages 
    -  - **[[https://access.redhat.com/support/policy/updates/errata#RHEL8_Life_Cycle| February 2021 - May 2029]] ** - Get kernel and OS component updates based on original RedHat 8.6, 8.7 and etc. from the new VEOS repository before the end of support for RedHat8. Version numbering will be identical to RedHat8.x packages 
    -  - Creating a distribution kit for the initial installation of the OS - **April 2023**, but for now the initial installation is performed from the CentOS 8.5 installation disk and the subsequent switching of the repository 
    - 
    -If you received a ready-made system from us, then immediately refer to the [[en:dpi:install_point_scat:start|connection schemes]]. \\ 
    -Otherwise, you need to independently install the VEOS 8 operating system on your server and provide us with remote SSH access and root rights to install and initially configure the platform. 
    -After completing the work, remote access can be closed. 
    - 
    -===== 2.1 Preparing the server and installing CentOS 8.x ===== 
    -  - Before rack-mounting the server, make sure it meets [[en:dpi:dpi_components:platform:dpi_requirements:start|necessary requirements]]. If any discrepancies are found at this stage, contact VAS Experts technical support to promptly resolve the issue. 
    -  - Install the latest version of CentOS 8.x using the link: **[[https://vault.centos.org/8.5.2111/isos/x86_64/|ISO CentOS 8.x minimal]]** 
    -  * When partitioning a disk: 
    -<code> ~ 20 GB for root partition 
    -the rest of the space can be allocated for the /var directory 
    -The Stingray SG partition does not use swap, but it may be required for system tasks, so 4GB can be allocated </code> 
    -  * Disable Hyper-threading in BIOS 
    - 
    -===== 2.2 Pre-configuring CentOS 8.x ===== 
    - 
    -  - Create a **vasexpertsmnt** user: <code> adduser -m -G wheel -u 3333 vasexpertsmnt </code> 
    -  - Set a **complex** password for the user **vasexpertsmnt**: <code>passwd vasexpertsmnt</code> For convenience, you can generate a password using openssl: <code> openssl rand -base64 15 </code> 
    -  - Save the password for **vasexpertsmnt**. 
    -  - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code> 
    -  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247. 170.134, 91.197.172.2, 46.243.181.242, 93.159.236.11 </code> 
    -<code> 
    -iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT 
    -iptables -A INPUT -p tcp -s 45.151.108.0/22 ​​-m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp --dport 22 -j DROP 
    -service iptables save 
    -</code> 
    - 
    -If you are using firewalld: 
    -<code> 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name = "ssh" accept' 
    -firewall-cmd --reload 
    -firewall-cmd --zone = public --remove-service = ssh --permanent 
    -</code> 
    -**!Save your settings as the server will be rebooted during installation!** \\ 
    -\\ 
    - 
    -After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access. 
    - 
    - 
    -<note> 
    -The initial setup of the DPI platform is carried out by engineers [[en:dpi:techsupport_info:start| VAS Experts technical support]] or her partners. 
    -</note> 
    -<note warning> 
    -Do not update the operating system kernel until the system is activated [[en:dpi:dpi_components:platform:dpi_update:start|updates]], 
    -this may cause the network card driver to fail (([[en:dpi:dpi_components:platform:dpi_update:errata:start|Troubleshoot]])) 
    -</note> 
    - 
    -<note tip> Further settings are made depending on which components you plan to use, their descriptions are presented in [[en:dpi:dpi_components:start|Section 3]] in the respective components. </note>