Difference between revisions of "Jalapeno"
|Line 1:||Line 1:|
Jalapeno is a [[
Jalapeno is a [] virtual machine currently running on [[Gourd]]. It serves as our primary [[DNS]] and CUPS print server.
Revision as of 17:30, 28 June 2012
- Memory: 512 MB
- Hard Disk: 8 GB
- Network 1 (eth0): Farm-Bridge
- Network 2 (eth1): UNH-Bridge
- SCSI Controller: LSI Logic
- IP Address farm (eth0): 10.0.0.253
- IP Address UNH (eth1): 220.127.116.11
Software and Services
Jalapeno uses the standard NPG iptables firewall. It allows ssh, DNS, and CUPS ipp connections.
Named provides DNS hostname resolution for the farm.physics.unh.edu backend network. DNS configuration files are located in the /var/named directory.
Note: Print services are being relocated to corn.
CUPS is configured to provide access to the NPG printer Wigner located in DeMeritt room 362. Authentication is required to use the printer, and access is restricted to NPG group members. Cups configuration is located in /etc/cups/cupsd.conf and printer configuration is located in /etc/cups/printers.conf.
The cups web interface can be accessed at http://jalapeno.unh.edu:631
MaxLogSize 2000000000 LogLevel info SystemGroup sys root domain_admins # Allow remote access Port 631 Listen /var/run/cups/cups.sock # Share local printers on the local network. Browsing On BrowseOrder allow,deny BrowseAddress @LOCAL DefaultAuthType Basic <Location /> Allow from 132.177 # Allow shared printing and remote administration... Order allow,deny Allow @LOCAL </Location> <Location /admin> Allow from 132.177 Encryption Required Require user @SYSTEM # Allow remote administration... Order allow,deny Allow @LOCAL </Location> <Location /admin/conf> Allow from 132.177 AuthType Default Require user @SYSTEM # Allow remote access to the configuration files... Order allow,deny Allow @LOCAL </Location> <Policy default> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> Require user @OWNER @SYSTEM AuthType Default Allow from 132.177 Order deny,allow </Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Cancel-Job CUPS-Authenticate-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy>
# Printer configuration file for CUPS v1.3.7 # Written by cupsd on 2010-06-04 10:29 <Printer Wigner> AuthInfoRequired username,password Info HP Color Laserjet 4700 Location DeMeritt 362 DeviceURI socket://wigner.unh.edu:9100 State Idle StateTime 1275490820 Accepting Yes Shared Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 AllowUser @npg AllowUser kpohl OpPolicy default ErrorPolicy stop-printer </Printer>
printtracker.py is a simple python script which sends monthly reports of print usage gathered from the cups page log. It records the number of pages printed by each user on the system.
The script can run in two different modes. The weekly mode is configured in crontab to run before the normal cron.weekly tasks. This is necessary because it needs to read the logs before they're emptied by logrotate, which happens when the normal cron.weekly jobs run. The monthly routine that e-mails the final monthly report is run by a script in cron.monthly.
# Backups are 'pull' only. Too bad there isn't a better way to enforce this. read only = yes # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. #uid = root # XXX There seems to be an obscure bug with pam_ldap and rsync whereby # getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric # uid avoids this bug. Only verified on Fedora Core 2. uid = 0 # There's not much point in putting the superuser in a chroot jail # use chroot = yes # This isn't really an effective "lock" per se, since the value is per-module, # but there really ought never be more than one, and it would at least # ensure serialized backups. max connections = 1 [usr_local] path = /usr/local comment = unpackaged software [opt] path = /opt comment = unpackaged software [etc] path = /etc comment = conf files [var] path = /var comment = user and system storage