Differences

This shows you the differences between two versions of the page.

--- en:veos:installation [2024/05/13 07:00] – elena.krasnobryzh
+++ en:veos:installation [2025/05/23 14:23] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh
@@ Line 2: / Line 2: @@
 {{indexmenu_n>2}}
-<note tip>Due to the fact that Red Hat discontinued support for CentOS 8 at the end of 2021, VAS Experts offers a strategy for the continued use of Red Hat as Control Plane.\\
+<note tip>Before rack-mounting the server, make sure it meets **necessary requirements**.
-**The transition to the new OS edition is planned in the form of an in-house upgrade (without reinstallation), [[en:dpi:techsupport_info:start|within the framework of active technical support]].**</note>
-<note important>Before rack-mounting the server, make sure it meets **necessary requirements**.
+  * [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]]
+  * [[en:dpi:dpi_components:dpiui:hardware_recommendations|GUI requirements]]
+  * [[en:dpi:dpi_components:qoestor:hardware_recommendations|QoE requirements]]
-  * [[en:dpi:dpi_brief:dpi_requirements:start|SSG requirements]]
+:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
-  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations:start|GUI requirements]]
-  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations:start|QoE requirements]]
-If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info:start|VAS Experts technical support]] to promptly resolve the issue.</note>
 ===== ISO Links =====
-  - [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.
+  * [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
 [[en:veos:installation:archived_versions]]
+<note important>
+When partitioning a disk for SSG software:
+  * ~ 20 GB for root partition
+  * Allocate the remaining space for the ''/var'' directory.
+  * The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.
+**Disable Hyper-threading in BIOS for SSG software!**
+</note>
 ===== Preparation of the installation USB memory stick =====
 The most popular current method of installing an operating system on a computer is to install it from an installable USB memory stick.
@@ Line 28: / Line 32: @@
   > dd if=VEOS-8.7-x86_64-Minimal.iso of=/dev/sdz bs=1M
-<note important>When writing, you must specify the entire disk, not the partition on it (i.e. /dev/sdz, but not /dev/sdz1)</note>
+:!: When writing, you must specify the **entire disk**, not the partition on it (i.e. ''/dev/sdz'', but not ''/dev/sdz1'')
 ==== Writing a USB Disk to Windows ====
@@ Line 92: / Line 96: @@
   - finishing installation and rebooting.
-<note>
-  * When partitioning a disk for SSG software: <code> ~ 20 GB for root partition
-Allocate the remaining space for the /var directory.
-The Stingray SG does not use a SWAP partition, but it is needed for system tasks and requires a 4 GB allocation.</code>
-  * Disable Hyper-threading in BIOS for SSG software!
-</note>
 ===== Pre-configuring VEOS =====
@@ Line 108: / Line 107: @@
   - Save the password for **vasexpertsmnt**.
   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
-  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247. 170.134, 91.197.172.2, 46.243.181.242, 93.159.236.11 </code>
+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.98, 93.159.236.11, 46.243.181.35, 46.243.181.242</code>
+<code>
 <code>
-iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT
+	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A INPUT -p tcp -s 45.151.108.0/22 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
-iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT
+	iptables -A INPUT -p tcp --dport 22 -j DROP
-iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT
+	service iptables save
-iptables -A INPUT -p tcp --dport 22 -j DROP
-service iptables save
 </code>
 If you are using firewalld:
 <code>
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept'
+	firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept'
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept'
+	firewall-cmd --zone=public --remove-service=ssh --permanent
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name = "ssh" accept'
+	firewall-cmd --reload
-firewall-cmd --reload
-firewall-cmd --zone = public --remove-service = ssh --permanent
 </code>
 **!Save your settings as the server will be rebooted during installation!** \\
 \\
-After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
@@ Line 151: / Line 147: @@
 <note warning>
-Do not update the operating system kernel until the system is activated [[en:dpi:update:start|updates]],
+Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]],
-this may cause the network card driver to fail (([[en:dpi:update:troubleshooting:start|Troubleshoot]]))
+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
 </note>

Profile

Settings

Differences