What we need:
- a nethserver for the dedalo installation
- CentOS Server for icaro installation (CentOS 7 and CentOS 8 are possible, CentOS 7 is recommended)
- a public domain name (could be dyndns name) which is portforwarded with 80 and 443 to your icaro server
Virtual environment
Of course you can also install all servers physical
We work with Proxmox for our installation.
Create a virtual machine. The following settings are the best virtualize in an virtual guest:
- network: bridged (Virt IO)
- CPU: host
- 2 GB RAM minimum
- 30 GB or more for HDD
Now we have to enable nested support in Proxmox like described at the following page
https://pve.proxmox.com/wiki/Nested_Virtualization
Installing CentOS 7
Setup network like this
-
IP: 192.168.x.x //Should be same network as your Dedalo-Nethservers red Network
-
Gateway: 192.168.x.x //Your Firewall/Router
-
DNS: 192.168.x.x //Your Firewall/Router or any public DNS
-
FQDN: MyHostname.MyDomain
Partitioning I didn’t change
After installation do an update with
yum update
As editor we also installed nano
yum install nano
Next step is to disable and stop firewall
systemctl disable firewalld
systemctl stop firewalld
you can check if it‘s disabled and stopped
systemctl status firewalld
Now we disable selinux also.
This works at the selinux config file
nano /etc/selinux/config
We have to set
SELINUX=enforcing
to
SELINUX=disabled
and reboot the system
shutdown -r now
If system is up again we check the se status
sestatus
The command should show
Selinux status disabled
Now we can install libvirt to use it for vagrant
First install Development Tools
yum group install -y "Development Tools"
after that we can install libvirt itself and some more tools for building vagrant with
yum install qemu-kvm libvirt libvirt-python libguestfs-tools virt-install libvirt-devel ruby-devel
Also we have to install python 3
yum install python3-pip
Now we do an ip_forward
echo "net.ipv4.ip_forward = 1"|sudo tee /etc/sysctl.d/99-ipforward.conf sysctl -p /etc/sysctl.d/99-ipforward.conf
So we have enable and start libvirtd now:
systemctl enable libvirtd --now
systemctl start libvirtd
next we install vagrant with the following command
yum install https://releases.hashicorp.com/vagrant/2.2.7/vagrant_2.2.7_x86_64.rpm
check status with
vagrant --version
install vagrant libvirt plugin
vagrant plugin install vagrant-libvirt
we install ansible now with python
pip3 install ansible
Now we download the icaro files
git clone https://github.com/nethesis/icaro.git
You can do your settings for icaro with
nano ~/icaro/deploy/ansible/group_vars/all.yml
- change hostname to your public domain name
- set
icaro.tls: "self-signed"
to
icaro.tls: "auto"
after this step change to deploy folder
cd ~/icaro/deploy/
install icaro with vagrant with the following command
vagrant up
Note: If you restart your server you have to restart vagrant with
`vagrant reload’
If everything is working fine we can do
vagrant ssh
now
Last step before getting back to the CentOS machine is to get information about your network. You have to know the IP of the vagrant machine. Get it with
ip a
now exit vagrant ssh
exit
Back at CentOS we have to set some portforwardings
First check the name of your networkinterface which is connected to your Router/firewall with
ìp a
At the next step we have to flush iptables and do some port forwardings from CentOS to vagrant
Replace “CentOSNetworkcard” with your interface, for example ens33 or eth0 and “VagrantIP” with your one, for example 192.168.121.206
# Flush iptables
iptables -F
# Local port redirection for HTTP/HTTPS
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8081
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8080
# Port forwarding for the network for HTTP/HTTPS
iptables -A PREROUTING -t nat -i CentOSNetworkcard -p tcp --dport 80 -j DNAT --to VagrantIP:80
iptables -A PREROUTING -t nat -i CentOSNetworkcard -p tcp --dport 443 -j DNAT --to VagrantIP:443
Now we have to reload vagrant
vagrant reload
Now you can try to login to icaro. Open a webbrowser and go to to the https site ofyour public domain.
https://YourPublicDomain
First login you have to do with
-
user:admin
-
password:admin
Create a new manager as a reseller and login with this new created user. Now you can create a new hotspot.
Installing and configuring Nethserver with Dedalo
- Install a Nethserver
- Give three network interfaces to it, maybe virtual ones in proxmox.
- Install all updates at the softwarecenter or with
yum update
- Install Dedalo from softwarecenter
Network settings
- a red interface as wan interface connected to your router/firewall
- a green interface as LAN interface, could be a fake interface
- a 3rd interface not configured (this is done by dedalo)
Configuring Dedalo
- At the cockpit interface (Dedalo is only available at cockpit) go to applications and choose settings of Hotspot Manager
-
hostname - YourPublicDomain (without any http(s))
-
user - YourReseller
-
password - YourResellersPassword
After connecting you can set the hotspot and a DHCP range. Don’t use the full range, for example
192.168.182.100
to
192.168.182.254
After that in icaro you can see a unit, your dedalo device.
You can now change some things at icaro, for example how people can login.
Some additional infos you can get at
and here
https://docs.nethserver.org/en/v7/dedalo.html
Thanks to @mrmarkuz for a lot of help.
