Differences

This shows you the differences between two versions of the page.

--- en:veos:installation [2023/08/29 07:59] – elena.krasnobryzh
+++ en:veos:installation [2025/01/14 07:33] (current) – [Pre-configuring VEOS] elena.krasnobryzh
@@ Line 1: / Line 1: @@
 ====== Installation ======
 {{indexmenu_n>2}}
-===== ISO Links =====
-  - [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.
-  - [[https://repo.vasexperts.com/veos/8.6/isos/x86_64/VEOS-8.6-x86_64-minimal.iso|VEOS 8.6 Valaam]] ([[https://repo.vasexperts.com/veos/8.6/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.
+<note tip>Before rack-mounting the server, make sure it meets **necessary requirements**.
+  * [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]]
+  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations|GUI requirements]]
+  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations|QoE requirements]]
+:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
+===== ISO Links =====
+  * [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
+[[en:veos:installation:archived_versions]]
+<note important>
+When partitioning a disk for SSG software:
+  * ~ 20 GB for root partition
+  * Allocate the remaining space for the ''/var'' directory.
+  * The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.
+**Disable Hyper-threading in BIOS for SSG software!**
+</note>
 ===== Preparation of the installation USB memory stick =====
-The currently most popular way to install an operating system on your computer is to install from a USB memory stick.
+The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick.
-<note warning>Do not use popular USB disk burning programs such as Rufus, Unetbootin, Multibootusb and Universal USB Installer – the VEOS installer WILL NOT work, as these programs do not properly copy the installation ISO image</note>
+<note warning>Do not use popular USB disk burning programs such as Unetbootin, Multibootusb and Universal USB Installer - the VEOS installer WILL NOT work as these programs do not copy the installation ISO image correctly</note>
-To create a Linux/Unix installation USB disk, run the dd command:
-  > dd if=VEOS-8.6-x86_64-minimal.iso of=/dev/sdz
-<note important>When writing, specify the entire disk, not the partition on it (i.e. /dev/sdz, but not /dev/sdz1)</note>
+==== Writing a USB disk on Linux ====
-You can download DD for Windows [[http://www.chrysocome.net/dd|here]].
+To create a USB installation disk on Linux/Unix, run the dd command:
+  > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M
-If using dd for Windows, run dd --list and look carefully at the list of NT Block Device Objects and use the one that looks like \\?\Device\Harddisk1\Partition0 where the description is something like Removable media other than floppy. Block size = 512. Be very careful about which output device you pick or you may overwrite something you did not intend to!
+:!: When writing, you must specify the **entire disk**, not the partition on it (i.e. ''/dev/sdz'', but not ''/dev/sdz1'')
+==== Writing a USB Disk to Windows ====
+=== Rufus ===
+To burn an ISO to a USB drive on Windows, you can use the [[https://rufus.ie/ru/#|Rufus]] program, __must__ select the "Write to DD image" writing mode:
+  * Rufus main screen
+{{:en:veos:rufus_main_screen.png?400|}}
+  * recording mode selection dialog box
+{{:en:veos:record_mode.png?400|}}
+=== Diskdupe (dd) for Windows ===
+The command parameters are similar to those on Linux. The DD distribution for Windows can be downloaded [[http://www.chrysocome.net/dd|here]].
+When using dd for Windows, first run dd --list and, after carefully reviewing the NT block device list, select a device similar to {\?\Device\Harddisk1\Partition0 with a description like "Removable media other than floppy. Block size = 512". Be careful with the choice of device, otherwise you may corrupt data on other disks!
 ===== Preparation of the installation disk =====
@@ Line 25: / Line 52: @@
 ==== Recording a disk image in the MS Windows operating system ====
-An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]] and others.
+An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]], [[https://etcher.balena.io/|balenaEtcher]] and others.
 === Recording a disk image with Small CD-Writer ===
@@ Line 68: / Line 95: @@
   - installing the system on the selected disk;
   - finishing installation and rebooting.
+===== Pre-configuring VEOS =====
+If you received a preinstalled system from us, please immediately refer to the [[en:dpi:dpi_brief:network_preparation:install_point_ssg:micra_install|Appliance installation instruction]] section.\\
+Otherwise, you need to install the VEOS operating system on your server yourself and give us remote SSH access and root rights to perform the installation and initial configuration of the platform. After the work is completed, the remote access can be closed.
+  - Create a **vasexpertsmnt** user: <code> adduser -m -G wheel -u 3333 vasexpertsmnt </code>
+  - Set a **complex** password for the user **vasexpertsmnt**: <code>passwd vasexpertsmnt</code> For convenience, you can generate a password using openssl: <code> openssl rand -base64 15 </code>
+  - Save the password for **vasexpertsmnt**.
+  - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.98, 93.159.236.11, 46.243.181.35, 46.243.181.242</code>
+<code>
+<code>
+	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+	iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 22 -j DROP
+	service iptables save
+</code>
+If you are using firewalld:
+<code>
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept'
+	firewall-cmd --zone=public --remove-service=ssh --permanent
+	firewall-cmd --reload
+</code>
+**!Save your settings as the server will be rebooted during installation!** \\
+\\
+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
+<note>
+Installation of the Stingray software is carried out by engineers or by yourself according to the instruction: [[en:dpi:dpi_brief:network_preparation:instal_script|Instructions for installing the Stingray software using the script]].
+</note>
+<note warning>
+Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]],
+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
+</note>

Profile

Settings

Differences