Difference between revisions of "Einstein"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 39: Line 39:
 
=== /etc/security/access.conf ===
 
=== /etc/security/access.conf ===
 
<pre>
 
<pre>
 +
</pre>
 +
== Backup Settings ==
 +
=== /etc/rsync_backup.conf ===
 +
<pre># Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
 +
read only      = yes
 +
 +
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. 
 +
uid            = root
 +
 +
# There's not much point in putting the superuser in a chroot jail
 +
use chroot      = no
 +
 +
# This isn't really an effective "lock" per se, since the value is per-module,
 +
# but there really ought never be more than one, and it would at least
 +
# ensure serialized backups.
 +
max connections = 1
 +
 +
log file = /tmp/rsync-backup.log
 +
transfer logging = yes
 +
 +
[usr_local]
 +
        path    = /usr/local
 +
        comment = unpackaged software
 +
 +
[opt]
 +
        path    = /opt
 +
        comment = unpackaged software
 +
 +
[etc]
 +
        path    = /etc
 +
        comment = conf files
 +
 +
[var]
 +
        path    = /var
 +
        comment = user and system storage
 +
 +
[home]
 +
        path    = /home
 +
        comment = user home directories
 +
        filter = dir-merge_.rsync-filter
 
</pre>
 
</pre>

Revision as of 15:23, 18 July 2007

General Information

Einstein is the primary server, and hosts services for LDAP, NFS for home directories, E-mail, and the website.

Hostnames: einstein.unh.edu, einstein.farm.physics.unh.edu

Network Configuration

Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.

/etc/sysconfig/network-scripts/ifcfg-farm

DEVICE=farm
BOOTPROTO=static
HWADDR=00:0E:0C:51:41:5E
IPADDR=10.0.0.248
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet

/etc/sysconfig/network-scripts/ifcfg-lo

DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback

/etc/sysconfig/network-scripts/ifcfg-unh

# Intel Corporation 82541GI/PI Gigabit Ethernet Controller
DEVICE=unh
ONBOOT=yes
BOOTPROTO=static
IPADDR=132.177.88.52
#IPADDR=132.177.88.53
NETMASK=255.255.252.0
BROADCAST=132.177.91.255
HWADDR=00:0E:0C:51:43:62
#MACADDR=00:A0:CC:3C:63:AA
GATEWAY=132.177.88.1

Access Configuration

/etc/security/access.conf


Backup Settings

/etc/rsync_backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
uid             = root

# There's not much point in putting the superuser in a chroot jail
use chroot      = no

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

log file = /tmp/rsync-backup.log
transfer logging = yes

[usr_local]
        path    = /usr/local
        comment = unpackaged software

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[var]
        path    = /var
        comment = user and system storage

[home]
        path    = /home
        comment = user home directories
        filter = dir-merge_.rsync-filter