Difference between revisions of "Pepper"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== General Information ==
 
== General Information ==
Pepper is a data server.
+
Pepper is a VM that runs on Gourd, or Pumpkin, or Endeavour.
 
+
It is an Einstein "replica", to some extend, duplicating the LDAP service.
Hostnames: <code>pepper.unh.edu</code>, <code>pepper.farm.physics.unh.edu</code>
+
It is setup for Dovecot and Postfix, but those services are NOT active the way they are on Einstein and cannot be
 
+
considered a simple switchover.
== Network Configuration ==
 
Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
 
=== /etc/sysconfig/network-scripts/ifcfg-farm ===
 
<pre>DEVICE=eth0
 
BOOTPROTO=none
 
HWADDR=00:E0:81:40:2B:CD
 
IPADDR=10.0.0.245
 
NETMASK=255.255.255.0
 
ONBOOT=yes
 
TYPE=Ethernet
 
USERCTL=no
 
IPV6INIT=no
 
PEERDNS=yes
 
</pre>
 
=== /etc/sysconfig/network-scripts/ifcfg-unh ===
 
<pre>DEVICE=unh
 
BOOTPROTO=none
 
HWADDR=00:E0:81:40:2B:CC
 
IPADDR=132.177.91.228
 
NETMASK=255.255.252.0
 
ONBOOT=yes
 
TYPE=Ethernet
 
USERCTL=no
 
IPV6INIT=no
 
PEERDNS=yes
 
GATEWAY=132.177.88.1
 
</pre>
 
=== /etc/sysconfig/network-scripts/ifcfg-lo ===
 
DEVICE=lo
 
IPADDR=127.0.0.1
 
NETMASK=255.0.0.0
 
NETWORK=127.0.0.0
 
# If you're having problems with gated making 127.0.0.0/8 a martian,
 
# you can change this to something else (255.255.255.255, for example)
 
BROADCAST=127.255.255.255
 
ONBOOT=yes
 
NAME=loopback
 
== Access Configuration ==
 
=== /etc/security/access.conf ===
 
<pre># NPG Config:
 
# Allow direct root logins only from console and einstein
 
+ : root : LOCAL einstein.unh.edu einstein.farm.physics.unh.edu lentil.unh.edu lentil.farm.physics.unh.edu
 
 
 
# Allow only NPG users and administrators
 
- : ALL EXCEPT farm domain_admins : ALL
 
</pre>
 
== Backup Configuration ==
 
=== /etc/rsync-backup.conf ===
 
<pre># Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
 
read only      = yes
 
 
 
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. 
 
#uid            = root
 
# XXX There seems to be an obscure bug with pam_ldap and rsync whereby
 
# getpwnam(3) segfaults when (and only when) archiving /etc.  Using a numeric
 
# uid avoids this bug.  Only verified on Fedora Core 2.
 
uid            = 0
 
 
 
# There's not much point in putting the superuser in a chroot jail
 
# use chroot    = yes
 
 
 
# This isn't really an effective "lock" per se, since the value is per-module,
 
# but there really ought never be more than one, and it would at least
 
# ensure serialized backups.
 
max connections = 1
 
 
 
filter  = : .rsync-filter
 
 
 
[usr]
 
        path    = /usr
 
        comment = unpackaged software
 
        filter  =              \
 
                : .rsync-filter \
 
                + /            \
 
                + /local        \
 
                + /share        \
 
                + /share/ssl    \
 
                - /share/*      \
 
                - /*
 
 
 
[opt]
 
        path    = /opt
 
        comment = unpackaged software
 
 
 
[etc]
 
        path    = /etc
 
        comment = conf files
 
 
 
[var]
 
        path    = /var
 
        comment = user and system storage
 
 
 
[root]
 
        path    = /root
 
        comment = root's home directory
 
</pre>
 

Latest revision as of 21:26, 9 August 2017

General Information

Pepper is a VM that runs on Gourd, or Pumpkin, or Endeavour. It is an Einstein "replica", to some extend, duplicating the LDAP service. It is setup for Dovecot and Postfix, but those services are NOT active the way they are on Einstein and cannot be considered a simple switchover.