Difference between revisions of "Gourd"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search| Line 92: | Line 92: | ||
# Allow only NPG users and administrators | # Allow only NPG users and administrators | ||
- : ALL EXCEPT npg domain_admins : ALL | - : ALL EXCEPT npg domain_admins : ALL | ||
| + | </pre> | ||
| + | == Backup Configuration == | ||
| + | === /etc/rsync-backup.conf === | ||
| + | <pre># Backups are 'pull' only. Too bad there isn't a better way to enforce this. | ||
| + | read only = yes | ||
| + | |||
| + | # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. | ||
| + | #uid = root | ||
| + | # XXX There seems to be an obscure bug with pam_ldap and rsync whereby | ||
| + | # getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric | ||
| + | # uid avoids this bug. Only verified on Fedora Core 2. | ||
| + | uid = 0 | ||
| + | |||
| + | # There's not much point in putting the superuser in a chroot jail | ||
| + | # use chroot = yes | ||
| + | |||
| + | # This isn't really an effective "lock" per se, since the value is per-module, | ||
| + | # but there really ought never be more than one, and it would at least | ||
| + | # ensure serialized backups. | ||
| + | max connections = 1 | ||
| + | |||
| + | filter = : .rsync-filter | ||
| + | |||
| + | [usr] | ||
| + | path = /usr | ||
| + | comment = unpackaged software | ||
| + | filter = \ | ||
| + | : .rsync-filter \ | ||
| + | + / \ | ||
| + | + /local \ | ||
| + | - /* | ||
| + | |||
| + | [opt] | ||
| + | path = /opt | ||
| + | comment = unpackaged software | ||
| + | |||
| + | [etc] | ||
| + | path = /etc | ||
| + | comment = conf files | ||
| + | |||
| + | [var] | ||
| + | path = /var | ||
| + | comment = user and system storage | ||
</pre> | </pre> | ||
Revision as of 15:32, 18 July 2007
General
Data server. Currently connected to the networks via the switch and VLAN. Has 3dm raid monitoring and web interface installed and set up, accessible at [1].
Hostnames: gourd.unh.edu, gourd.farm.physics.unh.edu
Network Configuration
/etc/sysconfig/network-scripts/ifcfg-farm
DEVICE=eth0 BOOTPROTO=none HWADDR=00:E0:81:52:7A:79 IPADDR=10.0.0.252 NETMASK=255.255.252.0 ONBOOT=yes TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes
/etc/sysconfig/network-scripts/ifcfg-unh
# To UNH network VLAN=yes DEVICE=eth0.2 BOOTPROTO=none BROADCAST=132.177.91.255 IPADDR=132.177.88.75 NETMASK=255.255.252.0 NETWORK=132.177.88.0 ONBOOT=yes REORDER_HDR=no GATEWAY=132.177.88.1 TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes
/etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback
Hard disks
Results of testing (as of 6/28/07)
Disks on 3ware raid device.
Disk0:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27954 -
Disk1:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27944 -
Disk2:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 22137 -
Disk3:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27904 -
Disk4:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27804 -
Disk5:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 5570 -
Disk6:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27739 -
Disk7:
SMART Self-test log structure revision number 1 Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed without error 00% 27830 -
Access Configuration
/etc/security/access.conf
# NPG Config: # Allow direct root logins only from console and einstein + : root : LOCAL einstein.unh.edu einstein.farm.physics.unh.edu lentil.unh.edu lentil.farm.physics.unh.edu # Allow only NPG users and administrators - : ALL EXCEPT npg domain_admins : ALL
Backup Configuration
/etc/rsync-backup.conf
# Backups are 'pull' only. Too bad there isn't a better way to enforce this.
read only = yes
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.
#uid = root
# XXX There seems to be an obscure bug with pam_ldap and rsync whereby
# getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric
# uid avoids this bug. Only verified on Fedora Core 2.
uid = 0
# There's not much point in putting the superuser in a chroot jail
# use chroot = yes
# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least
# ensure serialized backups.
max connections = 1
filter = : .rsync-filter
[usr]
path = /usr
comment = unpackaged software
filter = \
: .rsync-filter \
+ / \
+ /local \
- /*
[opt]
path = /opt
comment = unpackaged software
[etc]
path = /etc
comment = conf files
[var]
path = /var
comment = user and system storage
