Updated Branches: refs/heads/master 06b69ac2f -> 3d866c4bb
CS-15522 - fixing NFS settings to be less dangerous Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/3d866c4b Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/3d866c4b Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/3d866c4b Branch: refs/heads/master Commit: 3d866c4bbb8fec8e9580278429a2d94b31ec9570 Parents: 06b69ac Author: Joe Brockmeier <[email protected]> Authored: Sat Jul 28 18:02:13 2012 -0400 Committer: David Nalley <[email protected]> Committed: Sat Jul 28 18:02:13 2012 -0400 ---------------------------------------------------------------------- docs/runbook/en-US/Environment.xml | 49 ++++++++++++------------------ 1 files changed, 20 insertions(+), 29 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3d866c4b/docs/runbook/en-US/Environment.xml ---------------------------------------------------------------------- diff --git a/docs/runbook/en-US/Environment.xml b/docs/runbook/en-US/Environment.xml index 9048e1a..99161d9 100644 --- a/docs/runbook/en-US/Environment.xml +++ b/docs/runbook/en-US/Environment.xml @@ -68,6 +68,13 @@ ONBOOT="no" configure that file so that it specifies the IP address, netmask, etc., as shown in the following example: </para> + <important> + <title>Hardware Addresses</title> + <para>You should not use the hardware address (aka MAC address) from our example + for your configuration. It is network interface specific, so you should keep the + address already provided in the HWADDR directive. + </para> + </important> <screen> DEVICE=eth0 HWADDR=52:54:00:B9:A6:C0 @@ -77,6 +84,8 @@ BOOTPROTO=none IPADDR=172.16.10.2 NETMASK=255.255.255.0 GATEWAY=172.16.10.1 +DNS1=8.8.8.8 +DNS2=8.8.4.4 </screen> <note> <title>IP Addressing</title> @@ -89,26 +98,10 @@ GATEWAY=172.16.10.1 <userinput><replaceable>192.168.55</replaceable>.2</userinput> </para> </note> - <important> - <title>Hardware Addresses</title> - <para>You should not use the hardware address (aka MAC address) from our example - for your configuration. It is network interface specific, so you should keep the - address already provided in the HWADDR directive. - </para> - </important> <para> Now that we have the configuration files properly set up, we need to run a few commands to start up the network</para> <screen><prompt># </prompt><userinput><command>chkconfig</command> network on</userinput></screen> <screen><prompt># </prompt><userinput><command>service</command> network start</userinput></screen> - <para>This should bring the network up successfully, but we now need to enable name resolution. - To do that we will edit <filename>/etc/resolv.conf</filename>. These instructions will add - one of the nameservers from Google, though you are free to add a local nameserver if you wish. - Your <filename>/etc/resolv.conf</filename> should modified to look like: - </para> - <screen> -nameserver 8.8.8.8 - </screen> - </section> <section id="sect-Runbook-Environment-operatingsys-hostname"> <title>Hostname</title> @@ -195,8 +188,6 @@ SELINUXTYPE=targeted <screen> <prompt># </prompt><userinput><command>mkdir</command> /primary</userinput> <prompt># </prompt><userinput><command>mkdir</command> /secondary</userinput> -<prompt># </prompt><userinput><command>chmod</command> 777 /primary</userinput> -<prompt># </prompt><userinput><command>chmod</command> 777 /secondary</userinput> </screen> <para>CentOS 6.x releases use NFSv4 by default. NFSv4 requires that domain setting matches on all clients. In our case, the domain is cloud.priv, so ensure that the domain setting in <filename>/etc/idmapd.conf</filename> @@ -215,17 +206,17 @@ STATD_OUTGOING_PORT=2020 Edit the file <filename>/etc/sysconfig/iptables</filename> </para> <screen> --A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT </screen> <para>Now you can restart the iptables service with the following command: </para>
