Difference between revisions of "Roentgen"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
m
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== General Information ==
 
== General Information ==
Roentgen is the old physics server, which now hosts the [[MySQL]] server and the [[Wiki Setup|wiki]].
+
Roentgen runs an Apache webserver, with wiki on top of it and shows you these pages. SO, if there are troubles with roentgen, you couldn't read this.
 +
Roentgen also hosts the [[MySQL]] server and the [[Wiki Setup|wiki]]. THIS wiki.
  
 
Hostnames: <code>roentgen.unh.edu</code>, <code>roentgen.farm.physics.unh.edu</code><br/>
 
Hostnames: <code>roentgen.unh.edu</code>, <code>roentgen.farm.physics.unh.edu</code><br/>
 
Alias: <code>physics.farm.physics.unh.edu</code> <code>nuclear.farm.physics.unh.edu</code>
 
Alias: <code>physics.farm.physics.unh.edu</code> <code>nuclear.farm.physics.unh.edu</code>
 +
 +
== Virtual Machine ==
 +
 +
Roentgen is a virtual machine. See [[Kvm]] It used to run on Taro, and was moved to Gourd on April 1, 2015. No joke.
 +
Previous attempts at moving roentgen had failed, apparently, so here is the recipe that worked: [[Moving A Virtual Machine]]
  
 
== Virtual Hardware ==
 
== Virtual Hardware ==
  
*Memory: 1.5 GB
+
Check with "virsh dumpxml roentgen.unh.edu" on the machine running roentgen!
*Hard Disk: 50 GB
+
 
*Swap Disk: 2 GB
+
*Memory: 8 GB
 +
*Hard Disk: 60 GB
 +
*CPU: 4 Virtual CPUs
 +
*Swap Disk: 23 GB
 
*Network 1 (eth0): Farm-Bridge
 
*Network 1 (eth0): Farm-Bridge
 
*Network 2 (eth1): UNH-Bridge
 
*Network 2 (eth1): UNH-Bridge
*SCSI Controller: LSI Logic
 
  
== Network Configuration ==
+
The system has eth1 and eth1:1 to server roentgen.unh.edu and nuclear.unh.edu
Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
 
  
=== /etc/sysconfig/network-scripts/ifcfg-eth0 ===
 
DEVICE=eth0
 
HWADDR=00:E0:81:21:7D:B4
 
ONBOOT=yes
 
BOOTPROTO=static
 
IPADDR=132.177.88.61
 
NETMASK=255.255.252.0
 
GATEWAY=132.177.88.1
 
=== /etc/sysconfig/network-scripts/ifcfg-eth0:1 ===
 
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
 
# for the documentation of these parameters.
 
TYPE=Ethernet
 
IPADDR=132.177.91.234
 
DEVICE=eth0:1
 
BOOTPROTO=none
 
NETMASK=255.255.252.0
 
ONPARENT=yes
 
USERCTL=no
 
PEERDNS=yes
 
=== /etc/sysconfig/network-scripts/ifcfg-eth0:2 ===
 
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
 
# for the documentation of these parameters.
 
TYPE=Ethernet
 
IPADDR=132.177.88.130
 
DEVICE=eth0:2
 
BOOTPROTO=none
 
NETMASK=255.255.252.0
 
ONPARENT=yes
 
USERCTL=no
 
PEERDNS=yes
 
=== /etc/sysconfig/network-scripts/ifcfg-eth1 ===
 
DEVICE=eth1
 
HWADDR=00:E0:81:21:7D:B5
 
ONBOOT=yes
 
BOOTPROTO=static
 
IPADDR=10.0.0.249
 
NETMASK=255.255.255.0
 
=== /etc/sysconfig/network-scripts/ifcfg-lo ===
 
DEVICE=lo
 
IPADDR=127.0.0.1
 
NETMASK=255.0.0.0
 
NETWORK=127.0.0.0
 
# If you're having problems with gated making 127.0.0.0/8 a martian,
 
# you can change this to something else (255.255.255.255, for example)
 
BROADCAST=127.255.255.255
 
ONBOOT=yes
 
NAME=loopback
 
== Access Configuration ==
 
=== /etc/security/access.conf===
 
<pre># Allow direct root logins only from console and einstein
 
+ : root : LOCAL einstein.unh.edu lentil.unh.edu einstein.farm.physics.unh.edu lentil.farm.physics.unh.edu ennui.unh.edu
 
 
# Allow su to cyrus mail server account
 
+ : cyrus : LOCAL
 
 
# Allow only NPG users and administrators
 
- : ALL EXCEPT tomcat4 dept staff faculty mri npg domain_admins dal testing web observatory : ALL
 
</pre>
 
 
== Backup Configuration ==
 
== Backup Configuration ==
 
=== /etc/rsync-backup.conf ===
 
=== /etc/rsync-backup.conf ===
Line 125: Line 74:
 
                 - /*            \
 
                 - /*            \
 
</pre>
 
</pre>
== SNMP Configuration ==
 
=== /etc/snmp/snmpd.conf ===
 
<pre>###############################################################################
 
#
 
# EXAMPLE.conf:
 
#  An example configuration file for configuring the ucd-snmp snmpd agent.
 
#
 
###############################################################################
 
#
 
# This file is intended to only be an example.  If, however, you want
 
# to use it, it should be placed in SYSCONFDIR/share/snmp/snmpd.conf.
 
# When the snmpd agent starts up, this is where it will look for it.
 
#
 
# You might be interested in generating your own snmpd.conf file using
 
# the "snmpconf" program (perl script) instead.  It's a nice menu
 
# based interface to writing well commented configuration files.  Try it!
 
#
 
# Note: This file is automatically generated from EXAMPLE.conf.def.
 
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
 
# configure & make, and then make sure you read the EXAMPLE.conf file
 
# instead, as it will tailor itself to your configuration.
 
 
# All lines beginning with a '#' are comments and are intended for you
 
# to read.  All other lines are configuration commands for the agent.
 
 
#
 
# PLEASE: read the snmpd.conf(5) manual page as well!
 
#
 
 
 
###############################################################################
 
# Access Control
 
###############################################################################
 
 
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
 
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
 
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
 
 
# By far, the most common question I get about the agent is "why won't
 
# it work?", when really it should be "how do I configure the agent to
 
# allow me to access it?"
 
#
 
# By default, the agent responds to the "public" community for read
 
# only access, if run out of the box without any configuration file in
 
# place.  The following examples show you other ways of configuring
 
# the agent so that you can change the community names, and give
 
# yourself write access as well.
 
#
 
# The following lines change the access permissions of the agent so
 
# that the COMMUNITY string provides read-only access to your entire
 
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
 
# localhost (127.0.0.1, not its real ipaddress).
 
#
 
# For more information, read the FAQ as well as the snmpd.conf(5)
 
# manual page.
 
 
####
 
# First, map the community name (COMMUNITY) into a security name
 
# (local and mynetwork, depending on where the request is coming
 
# from):
 
 
#      sec.name  source          community
 
com2sec local    localhost        NPG
 
com2sec mynetwork 10.0.0.0/24      NPG
 
 
####
 
# Second, map the security names into group names:
 
 
#            sec.model  sec.name
 
group MyRWGroup v1        local
 
group MyRWGroup v2c        local
 
group MyRWGroup usm        local
 
group MyROGroup v1        mynetwork
 
group MyROGroup v2c        mynetwork
 
group MyROGroup usm        mynetwork
 
 
####
 
# Third, create a view for us to let the groups have rights to:
 
 
#          incl/excl subtree                          mask
 
view all    included  .1                              80
 
 
####
 
# Finally, grant the 2 groups access to the 1 view with different
 
# write permissions:
 
 
#                context sec.model sec.level match  read  write  notif
 
access MyROGroup ""      any      noauth    exact  all    none  none
 
access MyRWGroup ""      any      noauth    exact  all    all    none
 
 
# -----------------------------------------------------------------------------
 
 
 
###############################################################################
 
# System contact information
 
#
 
 
# It is also possible to set the sysContact and sysLocation system
 
# variables through the snmpd.conf file.  **PLEASE NOTE** that setting
 
# the value of these objects here makes these objects READ-ONLY
 
# (regardless of any access control settings).  Any attempt to set the
 
# value of an object whose value is given here will fail with an error
 
# status of notWritable.
 
 
syslocation The Farm, UNH Physics, Durham, NH
 
syscontact Dan Noe <dpn@physics.unh.edu>
 
 
# Example output of snmpwalk:
 
#  % snmpwalk -v 1 -c public localhost system
 
#  system.sysDescr.0 = "SunOS name sun4c"
 
#  system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
 
#  system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
 
#  system.sysContact.0 = "Me <me@somewhere.org>"
 
#  system.sysName.0 = "name"
 
#  system.sysLocation.0 = "Right here, right now."
 
#  system.sysServices.0 = 72
 
 
 
# -----------------------------------------------------------------------------
 
 
 
###############################################################################
 
# Process checks.
 
#
 
#  The following are examples of how to use the agent to check for
 
#  processes running on the host.  The syntax looks something like:
 
#
 
#  proc NAME [MAX=0] [MIN=0]
 
#
 
#  NAME:  the name of the process to check for.  It must match
 
#        exactly (ie, http will not find httpd processes).
 
#  MAX:  the maximum number allowed to be running.  Defaults to 0.
 
#  MIN:  the minimum number to be running.  Defaults to 0.
 
 
#
 
#  Examples:
 
#
 
 
#  Make sure mountd is running
 
proc mountd
 
 
#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
 
proc ntalkd 4
 
 
#  Make sure at least one sendmail, but less than or equal to 10 are running.
 
proc sendmail 10 1
 
 
#  A snmpwalk of the prTable would look something like this:
 
#
 
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM
 
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
 
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
 
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
 
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
 
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
 
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
 
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
 
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
 
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
 
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
 
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
 
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
 
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
 
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
 
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
 
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
 
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
 
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
 
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
 
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
 
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
 
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
 
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
 
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
 
#
 
#  Note that the errorFlag for mountd is set to 1 because one is not
 
#  running (in this case an rpc.mountd is, but thats not good enough),
 
#  and the ErrMessage tells you what's wrong.  The configuration
 
#  imposed in the snmpd.conf file is also shown. 
 
#
 
#  Special Case:  When the min and max numbers are both 0, it assumes
 
#  you want a max of infinity and a min of 1.
 
#
 
 
 
# -----------------------------------------------------------------------------
 
 
 
###############################################################################
 
# Executables/scripts
 
#
 
 
#
 
#  You can also have programs run by the agent that return a single
 
#  line of output and an exit code.  Here are two examples.
 
#
 
#  exec NAME PROGRAM [ARGS ...]
 
#
 
#  NAME:    A generic name.
 
#  PROGRAM:  The program to run.  Include the path!
 
#  ARGS:    optional arguments to be passed to the program
 
 
# a simple hello world
 
exec echotest /bin/echo hello world
 
 
# Run a shell script containing:
 
#
 
# #!/bin/sh
 
# echo hello world
 
# echo hi there
 
# exit 35
 
#
 
# Note:  this has been specifically commented out to prevent
 
# accidental security holes due to someone else on your system writing
 
# a /tmp/shtest before you do.  Uncomment to use it.
 
#
 
#exec shelltest /bin/sh /tmp/shtest
 
 
# Then,
 
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM
 
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
 
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
 
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
 
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
 
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
 
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
 
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
 
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
 
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
 
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
 
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
 
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
 
 
# Note that the second line of the /tmp/shtest shell script is cut
 
# off.  Also note that the exit status of 35 was returned.
 
 
# -----------------------------------------------------------------------------
 
  
exec .1.3.6.1.4.1.2021.5822.10 LM.Sensors /etc/snmp/sensormib.sh
+
== Upgrade to Centos 7 ==
  
###############################################################################
+
Installed under the new name "roentgen2", and given the initial IP 10.0.0.149. <br>
# disk checks
+
Install the VM using virt-install.
#
+
  virt-install -v --name=roentgen2 -r 8192 --os-type=linux --os-variant=rhel7 --cdrom=/scratch/CentOS-7-x86_64-Everything-1503-01.iso --disk=/kvm/images/roentgen2.qcow2,size=60 --accelerate --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904 --vcpus=4
  
# The agent can check the amount of available disk space, and make
+
* Temporary: set yum to use proxy, "yum update", "yum upgrade"
# sure it is above a set limit.
+
* Copy the /etc/ssh directory over from roentgen
 +
* Setup networking scripts to take over from roentgen. Temporarily have IP "pepper.unh.edu"
 +
* '''IMPORTANT:'''  Follow [[Upgrading to Centos 7]]
 +
* Get EPEL
 +
** yum install epel-release
 +
* Get LDAP working.
 +
** copy LDAP setup from gourd:
 +
*** scp -r gourd:/etc/sssd/* /etc/sssd/
 +
*** rsync -av  gourd:/etc/openldap  .
 +
*** yum install openldap-clients
 +
*** systemctl restart sssd
 +
*** getent passwd  # TEST to see users.
 +
** Copy auto maps from roentgen
 +
*** scp roentgen:/etc/auto* /etc/
 +
*** systemctl restart autos
 +
*** ls /net/home/maurik
 +
** Copy sudo users:
 +
***scp roentgen:/etc/sudoers /etc/sudoers
 +
* Make sure backups work. Copy /root/.ssh and /etc/rsync-backup.conf
  
# disk PATH [MIN=DEFDISKMINIMUMSPACE]
+
==== Get Virtual Console to work ====
#
 
# PATH:  mount path to the disk in question.
 
# MIN:  Disks with space below this value will have the Mib's errorFlag set.
 
#        Default value = DEFDISKMINIMUMSPACE.
 
  
# Check the / partition and make sure it contains at least 10 megs.
+
See: [https://linuxadmin.io/enable-virsh-console-kvm Enable virus console]
 +
* edit /etc/default/grub and add  console=ttyS0 to the GRUB_CMDLINE_LINUX
 +
* regrub: grub2-mkconfig -o /boot/grub2/grub.cfg
 +
* On host, make sure that serial tty is enabled. Not sure this is needed, but does work.
 +
** EDITOR=nano virsh edit roentgen2
 +
*** add to <console type="pty"> tag:
 +
  <console type='pty' tty='/dev/pts/6'>
 +
  <source path='/dev/pts/6'/>
 +
  <target type='serial' port='0'/>
 +
  <alias name='serial0'/>
 +
  </console>
  
disk / 10000
+
* '''Follow the upgrade page:''' [[Gourd Upgrade to Centos 7]]
disk /var 10000
 
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM
 
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
 
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
 
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
 
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
 
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
 
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
 
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
 
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
 
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
 
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
 
  
# -----------------------------------------------------------------------------
+
=== Web Server Setup ===
 
+
* First, mount the /www from gourd.
 
+
** rm -rf /var/www
###############################################################################
+
** edit fstab, add npghome:/www            /var/www                nfs    rw,soft,intr,rsize=32768,wsize=32768    0 0
# load average checks
+
** mkdir /var/www
#
+
** mount /var/www
 
+
** ls /var/www    # test
# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
+
* Copy over the old configs from previous roentgen:
#
+
** cd /etc
# 1MAX:  If the 1 minute load average is above this limit at query
+
**  rm -rf httpd
#        time, the errorFlag will be set.
+
** rsync -av roentgen:/etc/httpd .
# 5MAX:   Similar, but for 5 min average.
+
** restart httpd, and fix errors: "systemctl restart httpd" -- get errors, see journalctl -xe
# 15MAX:  Similar, but for 15 min average.
+
*** yum install mod_ldap
 
+
*** See: [https://httpd.apache.org/docs/2.4/upgrading.html Apache docs 2.4 - Upgrading]
# Check for loads:
+
*** See: [https://community.rackspace.com/general/f/general-discussion-forum/8013/upgrading-apache-2-2-to-2-4-in-rhel-6-7-and-centos-6-7 Apache upgrade 2.2 to 2.4]
load 12 14 14
+
*** remove the failing authn- and author- modules from the config.
 
+
** Fix the SSL mess that existed on roentgen, well, sort of fix it. At least follow: [https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html Apache 2.4 SSL How To]
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM
+
** Get an '''actually signed''' @#$@! certificate. See: [https://certbot.eff.org/lets-encrypt/centosrhel7-apache CertBog Eff.org]
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
+
*** Needed to install the certs with --standalone. That works when the httpd is stopped.
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
 
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
 
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
 
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
 
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
 
 
 
# -----------------------------------------------------------------------------
 
 
 
 
 
###############################################################################
 
# Extensible sections.
 
#
 
 
 
# This alleviates the multiple line output problem found in the
 
# previous executable mib by placing each mib in its own mib table:
 
 
 
# Run a shell script containing:
 
#
 
# #!/bin/sh
 
# echo hello world
 
# echo hi there
 
# exit 35
 
#
 
# Note:  this has been specifically commented out to prevent
 
# accidental security holes due to someone else on your system writing
 
# a /tmp/shtest before you do. Uncomment to use it.
 
#
 
# exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest
 
 
 
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50
 
# enterprises.ucdavis.50.1.1 = 1
 
# enterprises.ucdavis.50.2.1 = "shelltest"
 
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
 
# enterprises.ucdavis.50.100.1 = 35
 
# enterprises.ucdavis.50.101.1 = "hello world."
 
# enterprises.ucdavis.50.101.2 = "hi there."
 
# enterprises.ucdavis.50.102.1 = 0
 
 
 
# Now the Output has grown to two lines, and we can see the 'hi
 
# there.' output as the second line from our shell script.
 
#
 
# Note that you must alter the mib.txt file to be correct if you want
 
# the .50.* outputs above to change to reasonable text descriptions.
 
 
 
# Other ideas:
 
#
 
# exec .EXTENSIBLEDOTMIB.51 ps /bin/ps
 
# exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top
 
# exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq
 
 
 
# -----------------------------------------------------------------------------
 
 
 
 
 
###############################################################################
 
# Pass through control.
 
#
 
 
 
# Usage:
 
#  pass MIBOID EXEC-COMMAND
 
#
 
# This will pass total control of the mib underneath the MIBOID
 
# portion of the mib to the EXEC-COMMAND.
 
#
 
# Note:  You'll have to change the path of the passtest script to your
 
# source directory or install it in the given location.
 
#
 
# Example: (see the script for details)
 
#          (commented out here since it requires that you place the
 
#          script in the right location. (its not installed by default))
 
 
 
# pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest
 
 
 
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255
 
# enterprises.ucdavis.255.1 = "life the universe and everything"
 
# enterprises.ucdavis.255.2.1 = 42
 
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
 
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
 
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
 
# enterprises.ucdavis.255.5 = 42
 
# enterprises.ucdavis.255.6 = Gauge: 42
 
#
 
# % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5
 
# enterprises.ucdavis.255.5 = 42
 
#
 
# % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string"
 
# enterprises.ucdavis.255.1 = "New string"
 
#
 
 
 
# For specific usage information, see the man/snmpd.conf.5 manual page
 
# as well as the local/passtest script used in the above example.
 
 
 
###############################################################################
 
# Subagent control
 
#
 
 
 
# The agent can support subagents using a number of extension mechanisms.
 
# From the 4.2.1 release, AgentX support is being compiled in by default.
 
# However, this is still experimental code, so should not be used on
 
# critical production systems.
 
#  Please see the file README.agentx for more details.
 
#
 
# If having read, marked, learnt and inwardly digested this information,
 
# you decide that you do wish to make use of this mechanism, simply
 
# uncomment the following directive.
 
#
 
#  master  agentx
 
#
 
# I repeat - this is *NOT* regarded as suitable for front-line production
 
# systems, though it is probably stable enough for day-to-day use.
 
# Probably.
 
#
 
# No refunds will be given.
 
 
 
 
 
###############################################################################
 
# Further Information
 
#
 
#  See the snmpd.conf manual page, and the output of "snmpd -H".
 
#  MUCH more can be done with the snmpd.conf than is shown as an
 
#  example here.
 
</pre>
 

Latest revision as of 23:14, 7 September 2018

General Information

Roentgen runs an Apache webserver, with wiki on top of it and shows you these pages. SO, if there are troubles with roentgen, you couldn't read this. Roentgen also hosts the MySQL server and the wiki. THIS wiki.

Hostnames: roentgen.unh.edu, roentgen.farm.physics.unh.edu
Alias: physics.farm.physics.unh.edu nuclear.farm.physics.unh.edu

Virtual Machine

Roentgen is a virtual machine. See Kvm It used to run on Taro, and was moved to Gourd on April 1, 2015. No joke. Previous attempts at moving roentgen had failed, apparently, so here is the recipe that worked: Moving A Virtual Machine

Virtual Hardware

Check with "virsh dumpxml roentgen.unh.edu" on the machine running roentgen!

  • Memory: 8 GB
  • Hard Disk: 60 GB
  • CPU: 4 Virtual CPUs
  • Swap Disk: 23 GB
  • Network 1 (eth0): Farm-Bridge
  • Network 2 (eth1): UNH-Bridge

The system has eth1 and eth1:1 to server roentgen.unh.edu and nuclear.unh.edu

Backup Configuration

/etc/rsync-backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
uid             = root

# There's not much point in putting the superuser in a chroot jail
# use chroot    = no

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

[var]
        path    = /var
        comment = user and system storage
        filter  = - /lib/bind/proc

[srv]
        path    = /srv
        comment = published content

[usr_local]
        path    = /usr/local
        comment = unpackaged software

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[wheel]
        path    = /wheel
        comment = admin files
        filter  =               \
                : .rsync-filter \
                + /             \
                + /kickstart    \
                + /custom       \
                + /docs         \
                + /gpg-pubkey   \
                + /scripts      \
                - /*            \

Upgrade to Centos 7

Installed under the new name "roentgen2", and given the initial IP 10.0.0.149.
Install the VM using virt-install.

  virt-install -v --name=roentgen2 -r 8192 --os-type=linux --os-variant=rhel7 --cdrom=/scratch/CentOS-7-x86_64-Everything-1503-01.iso --disk=/kvm/images/roentgen2.qcow2,size=60 --accelerate --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904 --vcpus=4
  • Temporary: set yum to use proxy, "yum update", "yum upgrade"
  • Copy the /etc/ssh directory over from roentgen
  • Setup networking scripts to take over from roentgen. Temporarily have IP "pepper.unh.edu"
  • IMPORTANT: Follow Upgrading to Centos 7
  • Get EPEL
    • yum install epel-release
  • Get LDAP working.
    • copy LDAP setup from gourd:
      • scp -r gourd:/etc/sssd/* /etc/sssd/
      • rsync -av gourd:/etc/openldap .
      • yum install openldap-clients
      • systemctl restart sssd
      • getent passwd # TEST to see users.
    • Copy auto maps from roentgen
      • scp roentgen:/etc/auto* /etc/
      • systemctl restart autos
      • ls /net/home/maurik
    • Copy sudo users:
      • scp roentgen:/etc/sudoers /etc/sudoers
  • Make sure backups work. Copy /root/.ssh and /etc/rsync-backup.conf

Get Virtual Console to work

See: Enable virus console

  • edit /etc/default/grub and add console=ttyS0 to the GRUB_CMDLINE_LINUX
  • regrub: grub2-mkconfig -o /boot/grub2/grub.cfg
  • On host, make sure that serial tty is enabled. Not sure this is needed, but does work.
    • EDITOR=nano virsh edit roentgen2
      • add to <console type="pty"> tag:
 <console type='pty' tty='/dev/pts/6'> 
 <source path='/dev/pts/6'/> 
 <target type='serial' port='0'/> 
 <alias name='serial0'/> 
 </console>

Web Server Setup

  • First, mount the /www from gourd.
    • rm -rf /var/www
    • edit fstab, add npghome:/www /var/www nfs rw,soft,intr,rsize=32768,wsize=32768 0 0
    • mkdir /var/www
    • mount /var/www
    • ls /var/www # test
  • Copy over the old configs from previous roentgen:
    • cd /etc
    • rm -rf httpd
    • rsync -av roentgen:/etc/httpd .
    • restart httpd, and fix errors: "systemctl restart httpd" -- get errors, see journalctl -xe
    • Fix the SSL mess that existed on roentgen, well, sort of fix it. At least follow: Apache 2.4 SSL How To
    • Get an actually signed @#$@! certificate. See: CertBog Eff.org
      • Needed to install the certs with --standalone. That works when the httpd is stopped.