Difference between revisions of "Jalapeno"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
m
Line 109: Line 109:
 
  ErrorPolicy stop-printer
 
  ErrorPolicy stop-printer
 
  </Printer>
 
  </Printer>
 +
 +
==Printtracker==
 +
 +
[[printtracker.py]] is a simple python script which sends monthly reports of print usage gathered from the cups page log. It records the number of pages printed by each user on the system.
  
 
== Backup Configuration ==
 
== Backup Configuration ==

Revision as of 15:42, 7 June 2010

Jalapeno is a VMWare virtual machine currently running on Gourd. It serves as our primary DNS and CUPS print server.

Virtual Hardware

  • Memory: 256 MB
  • Hard Disk: 8 GB
  • Network 1 (eth0): Farm-Bridge
  • Network 2 (eth1): UNH-Bridge
  • SCSI Controller: LSI Logic

Network Settings

  • IP Address farm (eth0): 10.0.0.253
  • IP Address UNH (eth1): 132.177.88.37

Software and Services

IPTables

Jalapeno uses the standard NPG iptables firewall. It allows ssh, DNS, and CUPS ipp connections.

Named

Named provides DNS hostname resolution for the farm.physics.unh.edu backend network. DNS configuration files are located in the /var/named directory.


Cups

CUPS is configured to provide access to the NPG printer Wigner located in DeMeritt room 362. Authentication is required to use the printer, and access is restricted to NPG group members. Cups configuration is located in /etc/cups/cupsd.conf and printer configuration is located in /etc/cups/printers.conf.

/etc/cups/cupsd.conf

MaxLogSize 2000000000
LogLevel info
SystemGroup sys root domain_admins
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
  Allow from 132.177
  # Allow shared printing and remote administration...
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin>
  Allow from 132.177
  Encryption Required
  Require user @SYSTEM
  # Allow remote administration...
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/conf>
  Allow from 132.177
  AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow @LOCAL
</Location>
<Policy default>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job   Suspend-Current-Job Resume-Job CUPS-Move-Job> 
    Require user @OWNER @SYSTEM
    AuthType Default
    Allow from 132.177
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer  Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> 
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

/etc/cups/printers.conf

# Printer configuration file for CUPS v1.3.7
# Written by cupsd on 2010-06-04 10:29
<Printer Wigner>
AuthInfoRequired username,password
Info HP Color Laserjet 4700
Location DeMeritt 362
DeviceURI socket://wigner.unh.edu:9100
State Idle
StateTime 1275490820
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
AllowUser @npg
AllowUser kpohl
OpPolicy default
ErrorPolicy stop-printer
</Printer>

Printtracker

printtracker.py is a simple python script which sends monthly reports of print usage gathered from the cups page log. It records the number of pages printed by each user on the system.

Backup Configuration

/etc/rsync-backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
#uid            = root
# XXX There seems to be an obscure bug with pam_ldap and rsync whereby 
# getpwnam(3) segfaults when (and only when) archiving /etc.  Using a numeric
# uid avoids this bug.  Only verified on Fedora Core 2.
uid             = 0

# There's not much point in putting the superuser in a chroot jail
# use chroot    = yes

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

[usr_local]
        path    = /usr/local
        comment = unpackaged software

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[var]
        path    = /var
        comment = user and system storage
Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Jalapeno&oldid=4951"