IRIDIA cluster server daemons

From IridiaWiki
Revision as of 16:57, 27 June 2005 by Mmanfrin (talk | contribs) (→‎NIS)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page contains information on installing and setting up: DHCP, AIDE, diskless, ...

It is assumed that the servers are running a minimal installation as described in the previous section IRIDIA cluster installing an OS on the servers.

Firewall

Firestarter is a program to easily configure the firewall. Install Firestarter on both servers:

apt-get install firestarter

Apt-get installs nearly an additional 100 packages.

Setup the firewall to accept any connections from the cluster network(192.168.100.0/24) on majorana.

Note: before copying the firewall rules from the backup of /etc/firestater/ be sure that the syntax is "compatible" in case a newer version (> 1.0.3) of the package is installed.

DHCP

A DHCP daemon should be installed on majorana so that IPs are given to the cluster nodes depending on their MAC address. When installing DCHP notice that the package dhcp3 could give some trouble with the /dev/rtc (real-time clock). However, the package named just dhcp seems to work.

We are not going to go through configuring DHCP here, but you can download a working version of the dhcpd.conf file and add any additional nodes.

Notice that the IPs on the cluster LAN should be assigned according to the following rules:

192.168.100.1:           polyphemus (p01)
192.168.100.2 - 100:      p02-p100 (diskless nodes)
192.168.100.101:         majorana (r01)
192.168.100.102 - 254    r02-r154

Finding the MAC address of a node

The MAC address is a sequence of 12 hexadecimal digits, normally coupled and each couple separeted by a ``: or a space. If you do not have it, you can get it in this way:

On the server, type the following:

tail -f /var/log/daemon.log

Switch on the client and let it boot from the network (it will fail)

Look at the server's screen: it will appear a line like

DHCPDISCOVER from 00:13:16:69:71:fa via eth1

the numbers between from and via are the MAC address.

AIDE

AIDE is an intrusion detection system. It should be installed on both the servers. It is quite simple to install:

apt-get install aide
update-aide.conf
aideinit -y

AIDE checks for changes in the filesystem every day, and compiles a report and mails it to root. The mail is truncated to 1000 lines, but usually the complete report can be found in /var/log/aide.

NIS

The Network Information System (NIS, formerly Yellow Pages) should be installed. First install packages for shadow passwords:

apt-get install passwd nis

The NIS configuration files are found in:

/etc/defaults/nis
/etc/yp.conf
/etc/ypserv.conf
/etc/ypserv.securenets

majorana is the NIS master server and polyphemus is a slave server. The purpose of a slave server is to answer NIS requests when the master server is down or too slow in responding to requests. Information about how to configure the servers and the clients can be found in:

/usr/share/doc/nis/nis.debian.howto.gz

Configuration of the master server (majorana)

In /etc/default/nis:

NISSERVER=master
NISCLIENT=true

Restrict access only to the local network, changing the last line of ypserv.securenets into:

255.255.255.0   192.168.100.0

Configuration of the Slave server (polyphemus)

Same procedure as for the master server, exept for /etc/default/nis:

NISSERVER=slave
NISCLIENT=true
NISMASTER=192.168.100.101 # aka r01, aka majorana

Configuration fo the clients

In /etc/default/nis:

NISSERVER=false
NISCLIENT=true

Add the following lines to /etc/yp.conf:

domain polyphemus server 192.168.100.101
domain polyphemus server 192.168.100.1

Remember to add the last line of the passwd, group, and shadow file: "+::0:0:::" in passwd, "+::::::::"in shadow, etc. See the documentation that comes with NIS package for more details.

Finally modify the file /etc/nsswitch.conf to look like:

passwd:         compat
group:          compat
shadow:         compat
hosts:          files nis dns
networks:       files
protocols:      db files nis
services:       db files nis
ethers:         db files
rpc:            db files nis

TODO: We need a copy of the configuration file here. TODO: Do we? The info above are enough to recreate the files from scratch. Moreover, we will have regular backups of the configuration files.

Trivial FTP

Trivial FTP (TFTP) allows nodes to boot via network, get configuration files and a kernel during startup.

Install TFTP on majorana:

apt-get install tftp-hpa

TFTP's Configuration is in

/etc/defaults/tftpd-hpa

The bootloader pxelinux.0 is in a package called syslinux. And the file is placed in /usr/lib/syslinux/. It has to moved to the tftp directory (/var/lib/tftpboot) together with the kernel. A sub-directory pxelinux.cfg has to be created. It will contain the configuration files. A hex version of the IP for the nodes has to be created. See the man page of tftp for further information.

Once you have compiled a kernel for the diskless node and installed the diskless image on majorana or installed FAI you should make configuration files like for instance:

cat pxelinux.cfg/C0A86402:
DEFAULT vmlinuz-2.6.8-dc root=/dev/nfs

(See kernel-source/documentation/nfsroot.txt)

apt-cacher

apt-cacher is a cacher for *.deb packages downloaded from the network. When updating/installing a system in the local network, it connects to the server which runs apt-cacher. The server sends the local copy of the packages if they are already in the cache, thus using the local fast network. It any of the packages is missing in the cache, the server downloads it, copies it in the cache and then send it to the client.

Install the package:

apt-get install apt-cacher

This installs also apache web server.

The configuation file for apt-cacher is:

/etc/apt-cacher/apt-cacher.conf

The most important line to modify is the first one, which tells where the case is on the disk (for instance, /mnt/apt-cacher):

cache_dir=/mnt/apt-cacher

This directory must exist, and should belong to user www-data and group www-data.

Then modify /etc/apt/sources.list and preappend the address of the cache server to the server present in the list. For instance, supposing that the cache server is p01:

original:
  deb http://ftp.belnet.be/debian/ testing main non-free contrib
modified (to use apt-cacher):
  deb http://p01/apt-cacher/ftp.belnet.be/debian/ testing main non-free contrib

Remember to open the port 80 on your server (only if you are filtering packets also from the clients in the local network).