Difference between revisions of "Roentgen"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
 
(25 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
== General Information ==
 
== General Information ==
Roentgen is the old physics server, which now hosts this wiki. It has been acting as a workstation in Nesmith 202 because it is the only computer that has consistently worked since the move.
+
Roentgen runs an Apache webserver, with wiki on top of it and shows you these pages. SO, if there are troubles with roentgen, you couldn't read this.
 +
Roentgen also hosts the [[MySQL]] server and the [[Wiki Setup|wiki]]. THIS wiki.
  
== Network Configuration ==
+
Hostnames: <code>roentgen.unh.edu</code>, <code>roentgen.farm.physics.unh.edu</code><br/>
Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.
+
Alias: <code>physics.farm.physics.unh.edu</code> <code>nuclear.farm.physics.unh.edu</code>
  
* /etc/sysconfig/network-scripts/ifcfg-eth0
+
== Virtual Machine ==
DEVICE=eth0
 
HWADDR=00:E0:81:21:7D:B4
 
ONBOOT=yes
 
BOOTPROTO=static
 
IPADDR=132.177.88.61
 
NETMASK=255.255.252.0
 
GATEWAY=132.177.88.1
 
* /etc/sysconfig/network-scripts/ifcfg-eth0:1
 
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
 
# for the documentation of these parameters.
 
TYPE=Ethernet
 
IPADDR=132.177.91.234
 
DEVICE=eth0:1
 
BOOTPROTO=none
 
NETMASK=255.255.252.0
 
ONPARENT=yes
 
USERCTL=no
 
PEERDNS=yes
 
* /etc/sysconfig/network-scripts/ifcfg-eth0:2
 
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
 
# for the documentation of these parameters.
 
TYPE=Ethernet
 
IPADDR=132.177.88.130
 
DEVICE=eth0:2
 
BOOTPROTO=none
 
NETMASK=255.255.252.0
 
ONPARENT=yes
 
USERCTL=no
 
PEERDNS=yes
 
* /etc/sysconfig/network-scripts/ifcfg-eth1
 
DEVICE=eth1
 
HWADDR=00:E0:81:21:7D:B5
 
ONBOOT=yes
 
BOOTPROTO=static
 
IPADDR=10.0.0.249
 
NETMASK=255.255.255.0
 
* /etc/sysconfig/network-scripts/ifcfg-lo
 
DEVICE=lo
 
IPADDR=127.0.0.1
 
NETMASK=255.0.0.0
 
NETWORK=127.0.0.0
 
# If you're having problems with gated making 127.0.0.0/8 a martian,
 
# you can change this to something else (255.255.255.255, for example)
 
BROADCAST=127.255.255.255
 
ONBOOT=yes
 
NAME=loopback
 
  
 +
Roentgen is a virtual machine. See [[Kvm]] It used to run on Taro, and was moved to Gourd on April 1, 2015. No joke.
 +
Previous attempts at moving roentgen had failed, apparently, so here is the recipe that worked: [[Moving A Virtual Machine]]
  
[[:Category:Network]]
+
== Virtual Hardware ==
 +
 
 +
Check with "virsh dumpxml roentgen.unh.edu" on the machine running roentgen!
 +
 
 +
*Memory: 8 GB
 +
*Hard Disk: 60 GB
 +
*CPU: 4 Virtual CPUs
 +
*Swap Disk: 23 GB
 +
*Network 1 (eth0): Farm-Bridge
 +
*Network 2 (eth1): UNH-Bridge
 +
 
 +
The system has eth1 and eth1:1 to server roentgen.unh.edu and nuclear.unh.edu
 +
 
 +
== Backup Configuration ==
 +
=== /etc/rsync-backup.conf ===
 +
<pre># Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
 +
read only      = yes
 +
 
 +
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. 
 +
uid            = root
 +
 
 +
# There's not much point in putting the superuser in a chroot jail
 +
# use chroot    = no
 +
 
 +
# This isn't really an effective "lock" per se, since the value is per-module,
 +
# but there really ought never be more than one, and it would at least
 +
# ensure serialized backups.
 +
max connections = 1
 +
 
 +
[var]
 +
        path    = /var
 +
        comment = user and system storage
 +
        filter  = - /lib/bind/proc
 +
 
 +
[srv]
 +
        path    = /srv
 +
        comment = published content
 +
 
 +
[usr_local]
 +
        path    = /usr/local
 +
        comment = unpackaged software
 +
 
 +
[opt]
 +
        path    = /opt
 +
        comment = unpackaged software
 +
 
 +
[etc]
 +
        path    = /etc
 +
        comment = conf files
 +
 
 +
[wheel]
 +
        path    = /wheel
 +
        comment = admin files
 +
        filter  =              \
 +
                : .rsync-filter \
 +
                + /            \
 +
                + /kickstart    \
 +
                + /custom      \
 +
                + /docs        \
 +
                + /gpg-pubkey  \
 +
                + /scripts      \
 +
                - /*            \
 +
</pre>
 +
 
 +
== Upgrade to Centos 7 ==
 +
 
 +
Installed under the new name "roentgen2", and given the initial IP 10.0.0.149. <br>
 +
Install the VM using virt-install.
 +
  virt-install -v --name=roentgen2 -r 8192 --os-type=linux --os-variant=rhel7 --cdrom=/scratch/CentOS-7-x86_64-Everything-1503-01.iso --disk=/kvm/images/roentgen2.qcow2,size=60 --accelerate --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904 --vcpus=4
 +
 
 +
* Temporary: set yum to use proxy, "yum update", "yum upgrade"
 +
* Copy the /etc/ssh directory over from roentgen
 +
* Setup networking scripts to take over from roentgen. Temporarily have IP "pepper.unh.edu"
 +
* '''IMPORTANT:'''  Follow [[Upgrading to Centos 7]]
 +
* Get EPEL
 +
** yum install epel-release
 +
* Get LDAP working.
 +
** copy LDAP setup from gourd:
 +
*** scp -r gourd:/etc/sssd/* /etc/sssd/
 +
*** rsync -av  gourd:/etc/openldap  .
 +
*** yum install openldap-clients
 +
*** systemctl restart sssd
 +
*** getent passwd  # TEST to see users.
 +
** Copy auto maps from roentgen
 +
*** scp roentgen:/etc/auto* /etc/
 +
*** systemctl restart autos
 +
*** ls /net/home/maurik
 +
** Copy sudo users:
 +
***scp roentgen:/etc/sudoers /etc/sudoers
 +
* Make sure backups work. Copy /root/.ssh and /etc/rsync-backup.conf
 +
 
 +
==== Get Virtual Console to work ====
 +
 
 +
See: [https://linuxadmin.io/enable-virsh-console-kvm Enable virus console]
 +
* edit /etc/default/grub and add  console=ttyS0 to the GRUB_CMDLINE_LINUX
 +
* regrub: grub2-mkconfig -o /boot/grub2/grub.cfg
 +
* On host, make sure that serial tty is enabled. Not sure this is needed, but does work.
 +
** EDITOR=nano virsh edit roentgen2
 +
*** add to <console type="pty"> tag:
 +
  <console type='pty' tty='/dev/pts/6'>
 +
  <source path='/dev/pts/6'/>
 +
  <target type='serial' port='0'/>
 +
  <alias name='serial0'/>
 +
  </console>
 +
 
 +
* '''Follow the upgrade page:''' [[Gourd Upgrade to Centos 7]]
 +
 
 +
=== Web Server Setup ===
 +
* First, mount the /www from gourd.
 +
** rm -rf /var/www
 +
** edit fstab, add npghome:/www            /var/www                nfs    rw,soft,intr,rsize=32768,wsize=32768    0 0
 +
** mkdir /var/www
 +
** mount /var/www
 +
** ls /var/www    # test
 +
* Copy over the old configs from previous roentgen:
 +
** cd /etc
 +
**  rm -rf httpd
 +
** rsync -av roentgen:/etc/httpd .
 +
** restart httpd, and fix errors:  "systemctl restart httpd" -- get errors, see journalctl -xe
 +
*** yum install mod_ldap
 +
*** See: [https://httpd.apache.org/docs/2.4/upgrading.html Apache docs 2.4 - Upgrading]
 +
*** See: [https://community.rackspace.com/general/f/general-discussion-forum/8013/upgrading-apache-2-2-to-2-4-in-rhel-6-7-and-centos-6-7 Apache upgrade 2.2 to 2.4]
 +
*** remove the failing authn- and author- modules from the config.
 +
** Fix the SSL mess that existed on roentgen, well, sort of fix it. At least follow: [https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html Apache 2.4 SSL How To]
 +
** Get an '''actually signed''' @#$@! certificate. See: [https://certbot.eff.org/lets-encrypt/centosrhel7-apache CertBog Eff.org]
 +
*** Needed to install the certs with --standalone. That works when the httpd is stopped.

Latest revision as of 23:14, 7 September 2018

General Information

Roentgen runs an Apache webserver, with wiki on top of it and shows you these pages. SO, if there are troubles with roentgen, you couldn't read this. Roentgen also hosts the MySQL server and the wiki. THIS wiki.

Hostnames: roentgen.unh.edu, roentgen.farm.physics.unh.edu
Alias: physics.farm.physics.unh.edu nuclear.farm.physics.unh.edu

Virtual Machine

Roentgen is a virtual machine. See Kvm It used to run on Taro, and was moved to Gourd on April 1, 2015. No joke. Previous attempts at moving roentgen had failed, apparently, so here is the recipe that worked: Moving A Virtual Machine

Virtual Hardware

Check with "virsh dumpxml roentgen.unh.edu" on the machine running roentgen!

  • Memory: 8 GB
  • Hard Disk: 60 GB
  • CPU: 4 Virtual CPUs
  • Swap Disk: 23 GB
  • Network 1 (eth0): Farm-Bridge
  • Network 2 (eth1): UNH-Bridge

The system has eth1 and eth1:1 to server roentgen.unh.edu and nuclear.unh.edu

Backup Configuration

/etc/rsync-backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
uid             = root

# There's not much point in putting the superuser in a chroot jail
# use chroot    = no

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

[var]
        path    = /var
        comment = user and system storage
        filter  = - /lib/bind/proc

[srv]
        path    = /srv
        comment = published content

[usr_local]
        path    = /usr/local
        comment = unpackaged software

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[wheel]
        path    = /wheel
        comment = admin files
        filter  =               \
                : .rsync-filter \
                + /             \
                + /kickstart    \
                + /custom       \
                + /docs         \
                + /gpg-pubkey   \
                + /scripts      \
                - /*            \

Upgrade to Centos 7

Installed under the new name "roentgen2", and given the initial IP 10.0.0.149.
Install the VM using virt-install.

  virt-install -v --name=roentgen2 -r 8192 --os-type=linux --os-variant=rhel7 --cdrom=/scratch/CentOS-7-x86_64-Everything-1503-01.iso --disk=/kvm/images/roentgen2.qcow2,size=60 --accelerate --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904 --vcpus=4
  • Temporary: set yum to use proxy, "yum update", "yum upgrade"
  • Copy the /etc/ssh directory over from roentgen
  • Setup networking scripts to take over from roentgen. Temporarily have IP "pepper.unh.edu"
  • IMPORTANT: Follow Upgrading to Centos 7
  • Get EPEL
    • yum install epel-release
  • Get LDAP working.
    • copy LDAP setup from gourd:
      • scp -r gourd:/etc/sssd/* /etc/sssd/
      • rsync -av gourd:/etc/openldap .
      • yum install openldap-clients
      • systemctl restart sssd
      • getent passwd # TEST to see users.
    • Copy auto maps from roentgen
      • scp roentgen:/etc/auto* /etc/
      • systemctl restart autos
      • ls /net/home/maurik
    • Copy sudo users:
      • scp roentgen:/etc/sudoers /etc/sudoers
  • Make sure backups work. Copy /root/.ssh and /etc/rsync-backup.conf

Get Virtual Console to work

See: Enable virus console

  • edit /etc/default/grub and add console=ttyS0 to the GRUB_CMDLINE_LINUX
  • regrub: grub2-mkconfig -o /boot/grub2/grub.cfg
  • On host, make sure that serial tty is enabled. Not sure this is needed, but does work.
    • EDITOR=nano virsh edit roentgen2
      • add to <console type="pty"> tag:
 <console type='pty' tty='/dev/pts/6'> 
 <source path='/dev/pts/6'/> 
 <target type='serial' port='0'/> 
 <alias name='serial0'/> 
 </console>

Web Server Setup

  • First, mount the /www from gourd.
    • rm -rf /var/www
    • edit fstab, add npghome:/www /var/www nfs rw,soft,intr,rsize=32768,wsize=32768 0 0
    • mkdir /var/www
    • mount /var/www
    • ls /var/www # test
  • Copy over the old configs from previous roentgen:
    • cd /etc
    • rm -rf httpd
    • rsync -av roentgen:/etc/httpd .
    • restart httpd, and fix errors: "systemctl restart httpd" -- get errors, see journalctl -xe
    • Fix the SSL mess that existed on roentgen, well, sort of fix it. At least follow: Apache 2.4 SSL How To
    • Get an actually signed @#$@! certificate. See: CertBog Eff.org
      • Needed to install the certs with --standalone. That works when the httpd is stopped.