Differences

This shows you the differences between two versions of the page.

--- en:veos:installation [2024/01/15 13:53] – [Preparation of the installation USB memory stick] elena.krasnobryzh
+++ en:veos:installation [2025/01/14 07:33] (current) – [Pre-configuring VEOS] elena.krasnobryzh
@@ Line 2: / Line 2: @@
 {{indexmenu_n>2}}
-<note tip>Due to the fact that Red Hat discontinued support for CentOS 8 at the end of 2021, VAS Experts offers a strategy for the continued use of Red Hat as Control Plane.\\
+<note tip>Before rack-mounting the server, make sure it meets **necessary requirements**.
-**The transition to the new OS edition is planned in the form of an in-house upgrade (without reinstallation), [[en:dpi:techsupport_info:start|within the framework of active technical support]].**</note>
-<note important>Before rack-mounting the server, make sure it meets **necessary requirements**.
+  * [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]]
+  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations|GUI requirements]]
+  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations|QoE requirements]]
-  * [[en:dpi:dpi_brief:dpi_requirements:start|SSG requirements]]
+:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
-  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations:start|GUI requirements]]
-  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations:start|QoE requirements]]
-If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info:start|VAS Experts technical support]] to promptly resolve the issue.</note>
 ===== ISO Links =====
-  - [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.
+  * [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
 [[en:veos:installation:archived_versions]]
+<note important>
+When partitioning a disk for SSG software:
+  * ~ 20 GB for root partition
+  * Allocate the remaining space for the ''/var'' directory.
+  * The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.
+**Disable Hyper-threading in BIOS for SSG software!**
+</note>
 ===== Preparation of the installation USB memory stick =====
 The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick.
@@ Line 28: / Line 32: @@
   > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M
-<note important>When writing, you must specify the entire disk, not the partition on it (i.e. /dev/sdz, but not /dev/sdz1)</note>
+:!: When writing, you must specify the **entire disk**, not the partition on it (i.e. ''/dev/sdz'', but not ''/dev/sdz1'')
 ==== Writing a USB Disk to Windows ====
@@ Line 48: / Line 52: @@
 ==== Recording a disk image in the MS Windows operating system ====
-An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]] and others.
+An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]], [[https://etcher.balena.io/|balenaEtcher]] and others.
 === Recording a disk image with Small CD-Writer ===
@@ Line 92: / Line 96: @@
   - finishing installation and rebooting.
-<note>
-  * When partitioning a disk for SSG software: <code> ~ 20 GB for root partition
-Allocate the remaining space for the /var directory.
-The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.</code>
-  * Disable Hyper-threading in BIOS for SSG software!
-</note>
 ===== Pre-configuring VEOS =====
-If you received a preinstalled system from us, please immediately refer to the [[en:dpi:dpi_brief:install_point_ssg:micra_install|Appliance installation instruction]] section.\\
+If you received a preinstalled system from us, please immediately refer to the [[en:dpi:dpi_brief:network_preparation:install_point_ssg:micra_install|Appliance installation instruction]] section.\\
 Otherwise, you need to install the VEOS operating system on your server yourself and give us remote SSH access and root rights to perform the installation and initial configuration of the platform. After the work is completed, the remote access can be closed.
@@ Line 108: / Line 107: @@
   - Save the password for **vasexpertsmnt**.
   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
-  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247. 170.134, 91.197.172.2, 46.243.181.242, 93.159.236.11 </code>
+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.98, 93.159.236.11, 46.243.181.35, 46.243.181.242</code>
+<code>
 <code>
-iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT
+	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A INPUT -p tcp -s 45.151.108.0/22 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 22 -j DROP
-iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
+	service iptables save
-iptables -A INPUT -p tcp --dport 22 -j DROP
-service iptables save
 </code>
 If you are using firewalld:
 <code>
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept'
+	firewall-cmd --zone=public --remove-service=ssh --permanent
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name = "ssh" accept'
+	firewall-cmd --reload
-firewall-cmd --reload
-firewall-cmd --zone = public --remove-service = ssh --permanent
 </code>
 **!Save your settings as the server will be rebooted during installation!** \\
 \\
-After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
 <note>
-Installation of the Stingray software is carried out by engineers or by yourself according to the instruction: [[en:dpi:dpi_brief:instal_script|Instructions for installing the Stingray software using the script]].
+Installation of the Stingray software is carried out by engineers or by yourself according to the instruction: [[en:dpi:dpi_brief:network_preparation:instal_script|Instructions for installing the Stingray software using the script]].
 </note>
 <note warning>
-Do not update the operating system kernel until the system is activated [[en:dpi:update:start|updates]],
+Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]],
-this may cause the network card driver to fail (([[en:dpi:update:troubleshooting:start|Troubleshoot]]))
+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
 </note>

Profile

Settings

Differences