Installation [Документация VAS Experts]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:veos:installation [2024/06/11 08:54] elena.krasnobryzhen:veos:installation [2025/05/23 14:23] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh
Line 4: Line 4:
 <note tip>Before rack-mounting the server, make sure it meets **necessary requirements**.  <note tip>Before rack-mounting the server, make sure it meets **necessary requirements**. 
  
-  * [[en:dpi:dpi_brief:dpi_requirements:start|SSG requirements]] +  * [[en:dpi:dpi_brief:dpi_requirements|SSG requirements]] 
-  * [[en:dpi:dpi_components:dpiui:install_and_update:hardware_recommendations:start|GUI requirements]] +  * [[en:dpi:dpi_components:dpiui:hardware_recommendations|GUI requirements]] 
-  * [[en:dpi:dpi_components:qoestor:install_and_update:hardware_recommendations:start|QoE requirements]]+  * [[en:dpi:dpi_components:qoestor:hardware_recommendations|QoE requirements]]
  
-:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info:start|VAS Experts technical support]] to promptly resolve the issue.</note>+:!: If any discrepancies are found at this stage, contact [[en:dpi:techsupport_info|VAS Experts technical support]] to promptly resolve the issue.</note>
  
 ===== ISO Links ===== ===== ISO Links =====
-  [[https://repo.vasexperts.com/veos/8.7/isos/x86_64/VEOS-8.7-x86_64-Minimal.iso|VEOS 8.7 Sakhalin]] ([[https://repo.vasexperts.com/veos/8.7/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation.+  [[https://repo.vasexperts.com/veos/8.8/isos/x86_64/VEOS-8.8-x86_64-Minimal.iso|VEOS 8.8 Kildin]] ([[https://repo.vasexperts.com/veos/8.8/isos/x86_64/checksum|SHA-256 checksum]]) for minimal installation
  
 [[en:veos:installation:archived_versions]] [[en:veos:installation:archived_versions]]
Line 107: Line 107:
   - Save the password for **vasexpertsmnt**.   - Save the password for **vasexpertsmnt**.
   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>   - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to ///etc/sudoers// the line: <code>% wheel ALL=(ALL) NOPASSWD: ALL</code>
-  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code> 45.151.108.0/22, 94.140.198.64/27, 78.140.234.98, 193.218.143.187, 93.100.47.212, 93.100.73.160, 77.247170.13491.197.172.2, 46.243.181.24293.159.236.11 </code>+  - To provide remote access via SSH and set restrictions on valid IP addresses from the list: <code>45.151.108.0/23, 94.140.198.64/27, 193.218.143.187, 93.100.73.160, 78.140.234.9893.159.236.11, 46.243.181.3546.243.181.242</code>
 <code> <code>
-iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT +<code> 
-iptables -A INPUT -p tcp -s 45.151.108.0/22 ​​-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 45.151.108.0/23 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 94.140.198.64/27 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 93.100.47.212 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 91.197.172.-m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp --dport 22 -j DROP 
-iptables -A INPUT -p tcp --dport 22 -j DROP + service iptables save
-service iptables save+
 </code> </code>
  
 If you are using firewalld: If you are using firewalld:
 <code> <code>
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "45.151.108.0/22" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="45.151.108.0/23" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "94.140.198.64/27" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="94.140.198.64/27" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "78.140.234.98" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="193.218.143.187" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "193.218.143.187" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.100.73.160" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.47.212" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="78.140.234.98" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.100.73.160" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="93.159.236.11" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "77.247.170.134" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.35" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "91.197.172.2" service name = "ssh" accept' + firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="46.243.181.242" service name="ssh" accept' 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "46.243.181.242" service name = "ssh" accept' + firewall-cmd --zone=public --remove-service=ssh --permanent 
-firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "93.159.236.11" service name "ssh" accept' + firewall-cmd --reload
-firewall-cmd --reload +
-firewall-cmd --zone = public --remove-service = ssh --permanent+
 </code> </code>
 **!Save your settings as the server will be rebooted during installation!** \\ **!Save your settings as the server will be rebooted during installation!** \\
 \\ \\
  
-After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info:start|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.+After making sure that remote access via SSH is provided, send to [[en:dpi:techsupport_info|technical support of VAS Experts]] (Service Desk) file an application for installation of the Stingray SG DPI license with the password and username for SSH access.
  
  
Line 150: Line 147:
  
 <note warning> <note warning>
-Do not update the operating system kernel until the system is activated [[en:dpi:update:start|updates]], +Do not update the operating system kernel until the system is activated [[en:dpi:update|updates]], 
-this may cause the network card driver to fail (([[en:dpi:update:troubleshooting:start|Troubleshoot]]))+this may cause the network card driver to fail (([[en:dpi:update:troubleshooting|Troubleshoot]]))
 </note> </note>