IRIDIA cluster server daemons
This page contains information on installing and setting up: DHCP, AIDE, diskless, ...
It is assumed that the servers are running a minimal installation as described in the previous section IRIDIA cluster installing an OS on the servers.
Firewall
Firestarter is a program to easily configure the firewall. Install Firestarter on both servers:
apt-get install firestarter
Apt-get installs nearly an additional 100 packages.
Setup the firewall to accept any connections from the cluster network(192.168.100.0/24) on majorana.
Note: before copying the firewall rules from the backup of /etc/firestater/ be sure that the syntax is "compatible" in case a newer version (> 1.0.3) of the package is installed.
DHCP
A DHCP daemon should be installed on majorana so that IPs are given to the cluster nodes depending on their MAC address. When installing DCHP notice that the package dhcp3 could give some trouble with the /dev/rtc (real-time clock). However, the package named just dhcp seems to work.
We are not going to go through configuring DHCP here, but you can download a working version of the dhcpd.conf file and add any additional nodes.
Notice that the IPs on the cluster LAN should be assigned according to the following rules:
192.168.100.1: polyphemus (p01) 192.168.100.2 - 100: p02-p100 (diskless nodes) 192.168.100.101: majorana (r01) 192.168.100.102 - 254 r02-r154
Finding the MAC address of a node
The MAC address is a sequence of 12 hexadecimal digits, normally coupled and each couple separeted by a ``: or a space. If you do not have it, you can get it in this way:
On the server, type the following:
tail -f /var/log/daemon.log
Switch on the client and let it boot from the network (it will fail)
Look at the server's screen: it will appear a line like
DHCPDISCOVER from 00:13:16:69:71:fa via eth1
the numbers between from and via are the MAC address.
AIDE
AIDE is an intrusion detection system. It should be installed on both the servers. It is quite simple to install:
apt-get install aide update-aide.conf aideinit -y
AIDE checks for changes in the filesystem every day, and compiles a report and mails it to root. The mail is truncated to 1000 lines, but usually the complete report can be found in /var/log/aide.
NIS
The Network Information System (NIS, formerly Yellow Pages) should be installed. First install packages for shadow passwords:
apt-get install passwd nis
The NIS configuration files are found in:
/etc/defaults/nis /etc/yp.conf /etc/ypserv.conf /etc/ypserv.securenets
majorana is the NIS master server and polyphemus is a slave server. The purpose of a slave server is to answer NIS requests when the master server is down. Information about how to configure the servers and the clients can be found in:
/usr/share/doc/nis/nis.debian.howto.gz
Configuration of the master server (majorana)
In /etc/default/nis:
NISSERVER=master NISCLIENT=true
Restrict access only to the local network, changing the last line of ypserv.securenets into:
255.255.255.0 192.168.100.0
Configuration of the Slave server (polyphemus)
Same procedure as for the master server, exept for /etc/default/nis:
NISSERVER=slave NISCLIENT=true NISMASTER=192.168.100.101 # aka r01, aka majorana
Configuration fo the clients
In /etc/default/nis:
NISSERVER=false NISCLIENT=true
Add the following lines to /etc/yp.conf:
domain polyphemus server 192.168.100.101 domain polyphemus server 192.168.100.1
Remember to add the last line of the passwd, group, and shadow file: "+::0:0:::" in passwd, "+::::::::"in shadow, etc. See the documentation that comes with NIS package for more details.
Finally modify the file /etc/nsswitch.conf to look like:
passwd: compat group: compat shadow: compat hosts: files nis dns networks: files protocols: db files nis services: db files nis ethers: db files rpc: db files nis
TODO: We need a copy of the configuration file here. TODO: Do we? The info above are enough to recreate the files from scratch. Moreover, we will have regular backups of the configuration files.
Trivial FTP
Trivial FTP (TFTP) allows nodes to boot via network, get configuration files and a kernel during startup.
Install TFTP on majorana:
apt-get install tftp-hpa
TFTP's Configuration is in
/etc/defaults/tftpd-hpa
The bootloader pxelinux.0 is in a package called syslinux. And the file is placed in /usr/lib/syslinux/. It has to moved to the tftp directory (/var/lib/tftpboot) together with the kernel. A sub-directory pxelinux.cfg has to be created. It will contain the configuration files. A hex version of the IP for the nodes has to be created. See the man page of tftp for further information.
Once you have compiled a kernel for the diskless node and installed the diskless image on majorana or installed FAI you should make configuration files like for instance:
cat pxelinux.cfg/C0A86402: DEFAULT vmlinuz-2.6.8-dc root=/dev/nfs
(See kernel-source/documentation/nfsroot.txt)
apt-cacher
apt-cacher is a cacher for *.deb packages downloaded from the network. When updating/installing a system in the local network, it connects to the server which runs apt-cacher. The server sends the local copy of the packages if they are already in the cache, thus using the local fast network. It any of the packages is missing in the cache, the server downloads it, copies it in the cache and then send it to the client.
Install the package:
apt-get install apt-cacher
This installs also apache web server.
The configuation file for apt-cacher is:
/etc/apt-cacher/apt-cacher.conf
The most important line to modify is the first one, which tells where the case is on the disk (for instance, /mnt/apt-cacher):
cache_dir=/mnt/apt-cacher
This directory must exist, and should belong to user www-data and group www-data.
Then modify /etc/apt/sources.list and preappend the address of the cache server to the server present in the list. For instance, supposing that the cache server is p01:
original: deb http://ftp.belnet.be/debian/ testing main non-free contrib modified (to use apt-cacher): deb http://p01/apt-cacher/ftp.belnet.be/debian/ testing main non-free contrib
Remember to open the port 80 on your server (only if you are filtering packets also from the clients in the local network).