Installation [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:veos:installation [2024/01/15 13:53] – [Preparation of the installation USB memory stick] elena.krasnobryzhen:veos:installation [2025/10/31 09:09] (current) elena.krasnobryzh
    Line 2: Line 2:
     {{indexmenu_n>2}} {{indexmenu_n>2}}
      
    -<note tip>Due to the fact that Red Hat discontinued support for CentOS 8 at the end of 2021VAS Experts offers a strategy for the continued use of Red Hat as Control Plane.\\ +<note tip>Before rack-mounting the servermake sure it meets **necessary requirements**
    -**The transition to the new OS edition is planned in the form of an in-house upgrade (without reinstallation), [[en:dpi:techsupport_info:start|within the framework of active technical support]].**</note>+
      
    -<note important>Before rack-mounting the server, make sure it meets **necessary requirements**. +  [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]] 
     +  [[en:dpi:dpi_components:dpiui:hardware_recommendations|GUI requirements]] 
     +  [[en:dpi:qoe_analytics:implementation_administration:requirements|QoE requirements]]
      
    -  * [[en:dpi:dpi_brief:dpi_requirements:start|SSG requirements]] +:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
    -  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations:start|GUI requirements]] +
    -  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations:start|QoE requirements]] +
    - +
    -If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info:start|VAS Experts technical support]] to promptly resolve the issue.</note>+
      
     ===== ISO Links ===== ===== ISO Links =====
    -  [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.+  [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
      
     [[en:veos:installation:archived_versions]] [[en:veos:installation:archived_versions]]
      
     +<note important>  
     +When partitioning a disk for SSG software:
     +  * ~ 20 GB for root partition
     +  * Allocate the remaining space for the ''/var'' directory.
     +  * The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.
     +**Disable Hyper-threading in BIOS for SSG software!**
     +</note>
     ===== Preparation of the installation USB memory stick ===== ===== Preparation of the installation USB memory stick =====
     The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick. The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick.
    Line 28: Line 32:
       > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M   > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M
      
    -<note important>When writing, you must specify the entire disk, not the partition on it (i.e. /dev/sdz, but not /dev/sdz1)</note>+:!: When writing, you must specify the **entire disk**, not the partition on it (i.e. ''/dev/sdz'', but not ''/dev/sdz1'')
      
     ==== Writing a USB Disk to Windows ==== ==== Writing a USB Disk to Windows ====
    Line 48: Line 52:
      
     ==== Recording a disk image in the MS Windows operating system ==== ==== Recording a disk image in the MS Windows operating system ====
    -An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]] and others. +An ISO disk image file is a special format file prepared to burn on a disk. To burn an ISO image in the MS Windows use special programs: [[http://gluek.info/wiki/software/small-cd-writer|SCDWriter]], [[http://www.nero.com/rus/index.html|Nero BurningROM]], [[https://etcher.balena.io/|balenaEtcher]] and others. 
      
     === Recording a disk image with Small CD-Writer === === Recording a disk image with Small CD-Writer ===
    Line 92: Line 96:
       - finishing installation and rebooting.   - finishing installation and rebooting.
      
    -<note>   +
    -  * When partitioning a disk for SSG software: <code> ~ 20 GB for root partition +
    -Allocate the remaining space for the /var directory. +
    -The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.</code> +
    -  * Disable Hyper-threading in BIOS for SSG software! +
    -</note>+
      
     ===== Pre-configuring VEOS ===== ===== Pre-configuring VEOS =====
    Line 108: Line 107:
       - Save the password for **vasexpertsmnt**.   - Save the password for **vasexpertsmnt**.
       - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
    -  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247170.13491.197.172.2, 46.243.181.24293.159.236.11 </code>+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.9893.159.236.11, 46.243.181.3546.243.181.242</code> 
     +<code>
     <code> <code>
    -iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT + iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
    -iptables -A INPUT -p tcp -s 45.151.108.0/22 ​​-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 91.197.172.-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT 
    -iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp --dport 22 -j DROP 
    -iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT + service iptables save
    -iptables -A INPUT -p tcp --dport 22 -j DROP +
    -service iptables save+
     </code> </code>
      
     If you are using firewalld: If you are using firewalld:
     <code> <code>
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept' 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept' + firewall-cmd --zone=public --remove-service=ssh --permanent 
    -firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name "ssh" accept' + firewall-cmd --reload
    -firewall-cmd --reload +
    -firewall-cmd --zone = public --remove-service = ssh --permanent+
     </code> </code>
     **!Save your settings as the server will be rebooted during installation!** \\ **!Save your settings as the server will be rebooted during installation!** \\
     \\ \\
      
    -After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
      
      
    Line 151: Line 147:
      
     <note warning> <note warning>
    -Do not update the operating system kernel until the system is activated [[en:dpi:update:start|updates]], +Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]], 
    -this may cause the network card driver to fail (([[en:dpi:update:troubleshooting:start|Troubleshoot]]))+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
     </note> </note>