Pepper

From Nuclear Physics Group Documentation Pages
Revision as of 15:35, 18 July 2007 by Steve (talk | contribs)
Jump to navigationJump to search

General Information

Pepper is a data server.

Hostnames: pepper.unh.edu, pepper.farm.physics.unh.edu

Network Configuration

Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.

/etc/sysconfig/network-scripts/ifcfg-farm

DEVICE=eth0
BOOTPROTO=none
HWADDR=00:E0:81:40:2B:CD
IPADDR=10.0.0.245
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes

/etc/sysconfig/network-scripts/ifcfg-unh

DEVICE=unh
BOOTPROTO=none
HWADDR=00:E0:81:40:2B:CC
IPADDR=132.177.91.228
NETMASK=255.255.252.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=132.177.88.1

/etc/sysconfig/network-scripts/ifcfg-lo

DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback

Access Configuration

/etc/security/access.conf

# NPG Config:
# Allow direct root logins only from console and einstein
+ : root : LOCAL einstein.unh.edu einstein.farm.physics.unh.edu lentil.unh.edu lentil.farm.physics.unh.edu

# Allow only NPG users and administrators
- : ALL EXCEPT farm domain_admins : ALL

Backup Configuration

/etc/rsync-backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
#uid            = root
# XXX There seems to be an obscure bug with pam_ldap and rsync whereby 
# getpwnam(3) segfaults when (and only when) archiving /etc.  Using a numeric
# uid avoids this bug.  Only verified on Fedora Core 2.
uid             = 0

# There's not much point in putting the superuser in a chroot jail
# use chroot    = yes

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

filter  = : .rsync-filter

[usr]
        path    = /usr
        comment = unpackaged software
        filter  =               \
                : .rsync-filter \
                + /             \
                + /local        \
                + /share        \
                + /share/ssl    \
                - /share/*      \
                - /*

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[var]
        path    = /var
        comment = user and system storage

[root]
        path    = /root
        comment = root's home directory
Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Pepper&oldid=2285"