Howto/Spacenet/Setup Country node

From SpaceFED
Jump to: navigation, search

Setting up a country node is actually really easy, but it requires doing more updates to the infrastructure than running a normal node, because country nodes have an 1:1 relationships with all other country nodes and also to all realms within the country.

The setup

Site configuration

Most of the site features need to be disabled, so delete sites-enabled/inner-tunnel and eap.conf

sites-enabled/default:

authorize {
        preprocess
        suffix
}
authenticate {
}

preacct {
        preprocess
        acct_unique
        suffix
}

accounting {
        detail
        radutmp
}


session {
        radutmp
}


post-auth {
        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }
}

pre-proxy {
}
post-proxy {
}


A root pool

In order to get new countries set up quickly enough, we set up a fallback root pool to the Dutch servers, which are 10GbE connected.

home_server nlnode1.spacefed.net {
        type = auth
        ipv6addr = 2001:610:120:e120:194:171:96:99
        port = 1812
        secret = cy7BXjFA437GW.XecvE0nvcA/7G6YXAdI3nfJojSkveQbOC4bgraz2pOcM0fN5TPyiHTfy6nS018Fxlf/TNf.1 // indicational only ;)
        require_message_authenticator = yes
        response_window = 5
        zombie_period = 60
        revive_interval = 120
        status_check = status-server
        check_interval = 30
        num_answers_to_alive = 3
        coa {
                # Initial retransmit interval: 1..5
                irt = 2

                # Maximum Retransmit Timeout: 1..30 (0 == no maximum)
                mrt = 16

                # Maximum Retransmit Count: 1..20 (0 == retransmit forever)
                mrc = 5

                # Maximum Retransmit Duration: 5..60
                mrd = 30
        }
}



home_server_pool root_pool {
        type = client-balance

        # The members of the root delegation pool
        home_server = nlnode1.spacefed.net
        # home_server = ...

}

realm DEFAULT {
        nostrip
        auth_pool = root_pool
}

Direct connections to other country nodes

Just add the home_server_pool and home_server definitions as above, but create the realm delegations like this:

realm "~.*\\.nl" {
        nostrip
        auth_pool = nl_pool
}

Direct connections to local hacker spaces/communities

Just add the home_server_pool and home_server definitions as above, but create the realm delegations like this:

realm "bitlair.nl" {
        nostrip
        auth_pool = bitlair_nl
}