|
|
| (10 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| | == General Information == | | == General Information == |
| − | Pepper is a data server. | + | Pepper is a VM that runs on Gourd, or Pumpkin, or Endeavour. |
| − | | + | It is an Einstein "replica", to some extend, duplicating the LDAP service. |
| − | Hostnames: <code>pepper.unh.edu</code>, <code>pepper.farm.physics.unh.edu</code>
| + | It is setup for Dovecot and Postfix, but those services are NOT active the way they are on Einstein and cannot be |
| − | | + | considered a simple switchover. |
| − | == Network Configuration ==
| |
| − | Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-farm ===
| |
| − | <pre>DEVICE=eth0
| |
| − | BOOTPROTO=none
| |
| − | HWADDR=00:E0:81:40:2B:CD
| |
| − | IPADDR=10.0.0.245
| |
| − | NETMASK=255.255.255.0
| |
| − | ONBOOT=yes
| |
| − | TYPE=Ethernet
| |
| − | USERCTL=no
| |
| − | IPV6INIT=no
| |
| − | PEERDNS=yes
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-unh ===
| |
| − | <pre>DEVICE=unh
| |
| − | BOOTPROTO=none
| |
| − | HWADDR=00:E0:81:40:2B:CC
| |
| − | IPADDR=132.177.91.228
| |
| − | NETMASK=255.255.252.0
| |
| − | ONBOOT=yes
| |
| − | TYPE=Ethernet
| |
| − | USERCTL=no
| |
| − | IPV6INIT=no
| |
| − | PEERDNS=yes
| |
| − | GATEWAY=132.177.88.1
| |
| − | </pre>
| |
| − | === /etc/sysconfig/network-scripts/ifcfg-lo ===
| |
| − | DEVICE=lo
| |
| − | IPADDR=127.0.0.1
| |
| − | NETMASK=255.0.0.0
| |
| − | NETWORK=127.0.0.0
| |
| − | # If you're having problems with gated making 127.0.0.0/8 a martian,
| |
| − | # you can change this to something else (255.255.255.255, for example)
| |
| − | BROADCAST=127.255.255.255
| |
| − | ONBOOT=yes
| |
| − | NAME=loopback
| |
| − | == Access Configuration ==
| |
| − | === /etc/security/access.conf ===
| |
| − | <pre># NPG Config:
| |
| − | # Allow direct root logins only from console and einstein
| |
| − | + : root : LOCAL einstein.unh.edu einstein.farm.physics.unh.edu lentil.unh.edu lentil.farm.physics.unh.edu
| |
| − | | |
| − | # Allow only NPG users and administrators
| |
| − | - : ALL EXCEPT farm domain_admins : ALL
| |
| − | </pre>
| |
| − | == Backup Configuration ==
| |
| − | === /etc/rsync-backup.conf ===
| |
| − | <pre># Backups are 'pull' only. Too bad there isn't a better way to enforce this.
| |
| − | read only = yes
| |
| − | | |
| − | # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.
| |
| − | #uid = root
| |
| − | # XXX There seems to be an obscure bug with pam_ldap and rsync whereby
| |
| − | # getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric
| |
| − | # uid avoids this bug. Only verified on Fedora Core 2.
| |
| − | uid = 0
| |
| − | | |
| − | # There's not much point in putting the superuser in a chroot jail
| |
| − | # use chroot = yes
| |
| − | | |
| − | # This isn't really an effective "lock" per se, since the value is per-module,
| |
| − | # but there really ought never be more than one, and it would at least
| |
| − | # ensure serialized backups.
| |
| − | max connections = 1
| |
| − | | |
| − | filter = : .rsync-filter
| |
| − | | |
| − | [usr]
| |
| − | path = /usr
| |
| − | comment = unpackaged software
| |
| − | filter = \
| |
| − | : .rsync-filter \
| |
| − | + / \
| |
| − | + /local \
| |
| − | + /share \
| |
| − | + /share/ssl \
| |
| − | - /share/* \
| |
| − | - /*
| |
| − | | |
| − | [opt]
| |
| − | path = /opt
| |
| − | comment = unpackaged software
| |
| − | | |
| − | [etc]
| |
| − | path = /etc
| |
| − | comment = conf files
| |
| − | | |
| − | [var]
| |
| − | path = /var
| |
| − | comment = user and system storage
| |
| − | | |
| − | [root]
| |
| − | path = /root
| |
| − | comment = root's home directory
| |
| − | </pre>
| |
