Differences

This shows you the differences between two versions of the page.

--- en:veos:installation [2023/10/09 12:36] – [Installation sequence] elena.krasnobryzh
+++ en:veos:installation [2025/05/23 14:23] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh
@@ Line 2: / Line 2: @@
 {{indexmenu_n>2}}
-<note tip>Due to the fact that Red Hat discontinued support for CentOS 8 at the end of 2021, VAS Experts offers a strategy for the continued use of Red Hat as Control Plane.\\
+<note tip>Before rack-mounting the server, make sure it meets **necessary requirements**.
-**The transition to the new OS edition is planned in the form of an in-house upgrade (without reinstallation), [[en:dpi:techsupport_info:start|within the framework of active technical support]].**</note>
-<note important>Before rack-mounting the server, make sure it meets **necessary requirements**.
+  * [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]]
+  * [[en:dpi:dpi_components:dpiui:hardware_recommendations|GUI requirements]]
+  * [[en:dpi:dpi_components:qoestor:hardware_recommendations|QoE requirements]]
-  * __[[en:dpi:dpi_brief:dpi_requirements:start|SSG requirements]]__
+:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
-  * __[[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations:start|GUI requirements]]__
-  * __[[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations:start|QoE requirements]]__
-If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info:start|VAS Experts technical support]] to promptly resolve the issue.</note>
 ===== ISO Links =====
-  - [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.
+  * [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
 [[en:veos:installation:archived_versions]]
+<note important>
+When partitioning a disk for SSG software:
+  * ~ 20 GB for root partition
+  * Allocate the remaining space for the ''/var'' directory.
+  * The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.
+**Disable Hyper-threading in BIOS for SSG software!**
+</note>
 ===== Preparation of the installation USB memory stick =====
-The currently most popular way to install an operating system on your computer is to install from a USB memory stick.
+The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick.
-<note warning>Do not use popular USB disk burning programs such as Rufus, Unetbootin, Multibootusb and Universal USB Installer – the VEOS installer WILL NOT work, as these programs do not properly copy the installation ISO image</note>
+<note warning>Do not use popular USB disk burning programs such as Unetbootin, Multibootusb and Universal USB Installer - the VEOS installer WILL NOT work as these programs do not copy the installation ISO image correctly</note>
-To create a Linux/Unix installation USB disk, run the dd command:
-  > dd if=VEOS-8.6-x86_64-minimal.iso of=/dev/sdz
-<note important>When writing, specify the entire disk, not the partition on it (i.e. /dev/sdz, but not /dev/sdz1)</note>
+==== Writing a USB disk on Linux ====
-You can download DD for Windows [[http://www.chrysocome.net/dd|here]].
+To create a USB installation disk on Linux/Unix, run the dd command:
+  > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M
-If using dd for Windows, run dd --list and look carefully at the list of NT Block Device Objects and use the one that looks like \\?\Device\Harddisk1\Partition0 where the description is something like Removable media other than floppy. Block size = 512. Be very careful about which output device you pick or you may overwrite something you did not intend to!
+:!: When writing, you must specify the **entire disk**, not the partition on it (i.e. ''/dev/sdz'', but not ''/dev/sdz1'')
+==== Writing a USB Disk to Windows ====
+=== Rufus ===
+To burn an ISO to a USB drive on Windows, you can use the [[https://rufus.ie/ru/#|Rufus]] program, __must__ select the "Write to DD image" writing mode:
+  * Rufus main screen
+{{:en:veos:rufus_main_screen.png?400|}}
+  * recording mode selection dialog box
+{{:en:veos:record_mode.png?400|}}
+=== Diskdupe (dd) for Windows ===
+The command parameters are similar to those on Linux. The DD distribution for Windows can be downloaded [[http://www.chrysocome.net/dd|here]].
+When using dd for Windows, first run dd --list and, after carefully reviewing the NT block device list, select a device similar to {\?\Device\Harddisk1\Partition0 with a description like "Removable media other than floppy. Block size = 512". Be careful with the choice of device, otherwise you may corrupt data on other disks!
 ===== Preparation of the installation disk =====
@@ Line 36: / Line 52: @@
 ==== Recording a disk image in the MS Windows operating system ====
-An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]] and others.
+An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]], [[https://etcher.balena.io/|balenaEtcher]] and others.
 === Recording a disk image with Small CD-Writer ===
@@ Line 80: / Line 96: @@
   - finishing installation and rebooting.
-<note>
-  * When partitioning a disk for SSG software: <code> ~ 20 GB for root partition
-Allocate the remaining space for the /var directory.
-The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.</code>
-  * Disable Hyper-threading in BIOS for SSG software!
-</note>
 ===== Pre-configuring VEOS =====
@@ Line 96: / Line 107: @@
   - Save the password for **vasexpertsmnt**.
   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
-  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247. 170.134, 91.197.172.2, 46.243.181.242, 93.159.236.11 </code>
+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.98, 93.159.236.11, 46.243.181.35, 46.243.181.242</code>
+<code>
 <code>
-iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT
+	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A INPUT -p tcp -s 45.151.108.0/22 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 22 -j DROP
-iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
+	service iptables save
-iptables -A INPUT -p tcp --dport 22 -j DROP
-service iptables save
 </code>
 If you are using firewalld:
 <code>
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept'
+	firewall-cmd --zone=public --remove-service=ssh --permanent
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name = "ssh" accept'
+	firewall-cmd --reload
-firewall-cmd --reload
-firewall-cmd --zone = public --remove-service = ssh --permanent
 </code>
 **!Save your settings as the server will be rebooted during installation!** \\
 \\
-After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
@@ Line 139: / Line 147: @@
 <note warning>
-Do not update the operating system kernel until the system is activated [[en:dpi:update:start|updates]],
+Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]],
-this may cause the network card driver to fail (([[en:dpi:update:troubleshooting:start|Troubleshoot]]))
+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
 </note>

Profile

Settings

Differences