Difference between revisions of "IRIDIA cluster server daemons"

From IridiaWiki
Jump to navigationJump to search
 
(24 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This page contains information on installing and setting up: DHCP, diskless, ...
+
This page contains information on installing and setting up: DHCP, AIDE, diskless, ...
   
 
It is assumed that the servers are running a minimal installation as described in the previous section [[IRIDIA cluster installing an OS on the servers]].
 
It is assumed that the servers are running a minimal installation as described in the previous section [[IRIDIA cluster installing an OS on the servers]].
   
  +
== Firewall ==
  +
Firestarter is a program to easily configure the firewall. Install Firestarter on both servers:
  +
<pre>
  +
apt-get install firestarter
  +
</pre>
  +
Apt-get installs nearly an additional 100 packages.
  +
  +
Setup the firewall to accept any connections from the cluster network(192.168.100.0/24) on majorana.
  +
  +
'''Note:''' ''before copying the firewall rules from the backup of /etc/firestater/ be sure that the syntax is "compatible" in case a newer version (> 1.0.3) of the package is installed.''
   
== DCHP ==
+
== DHCP ==
 
A DHCP daemon should be installed on majorana so that IPs are given to the cluster nodes depending on their MAC address. When installing DCHP notice that the package dhcp3 could give some trouble with the /dev/rtc (real-time clock). However, the package named just dhcp seems to work.
 
A DHCP daemon should be installed on majorana so that IPs are given to the cluster nodes depending on their MAC address. When installing DCHP notice that the package dhcp3 could give some trouble with the /dev/rtc (real-time clock). However, the package named just dhcp seems to work.
   
Line 12: Line 22:
 
<pre>
 
<pre>
 
192.168.100.1: polyphemus (p01)
 
192.168.100.1: polyphemus (p01)
192.168.100.2 - 99: p02-p99 (diskless nodes)
+
192.168.100.2 - 100: p02-p100 (diskless nodes)
192.168.100.100: majorana (r01)
+
192.168.100.101: majorana (r01)
192.168.100.101 - 254 r02-r155
+
192.168.100.102 - 254 r02-r154
 
</pre>
 
</pre>
   
Line 32: Line 42:
 
the numbers between ''from'' and ''via'' are the MAC address.
 
the numbers between ''from'' and ''via'' are the MAC address.
   
  +
== AIDE ==
  +
[http://sourceforge.net/projects/aide AIDE] is an intrusion detection system. It should be installed on both the servers. It is quite simple to install:
  +
<pre>
  +
apt-get install aide
  +
update-aide.conf
  +
aideinit -y
  +
</pre>
   
  +
AIDE checks for changes in the filesystem every day, and compiles a report and mails it to root. The mail is truncated to 1000 lines, but usually the complete report can be found in /var/log/aide.
== Diskless ==
 
Install the package called diskless. This package contains tools and binaries for creating a Debian image for the diskless clients.
 
   
  +
== NIS ==
Create a new image:
 
  +
The Network Information System (NIS, formerly Yellow Pages) should be installed. First install packages for shadow passwords:
 
<pre>
 
<pre>
  +
apt-get install passwd nis
diskless newimage
 
 
</pre>
 
</pre>
For more information on creating see http://wiki.debian.net/index.cgi?DiskLess
 
   
  +
The NIS configuration files are found in:
=== Compiling a new kernel for the diskless nodes ===
 
Install a new kernel (version 2.6.x SMP) on majorana, use the config file of that kernel (/root/.config) to compile a kernel for the diskless nodes.
 
 
<pre>
 
<pre>
  +
/etc/defaults/nis
make menuconfig
 
  +
/etc/yp.conf
exit
 
  +
/etc/ypserv.conf
copy /root/.config .
 
  +
/etc/ypserv.securenets
make menuconfig
 
 
</pre>
 
</pre>
   
  +
<tt>majorana</tt> is the NIS master server and <tt>polyphemus</tt> is a slave server. The purpose of a slave server is to answer NIS requests when the master server is down or too slow in responding to requests. Information about how to configure the servers and the clients can be found in:
At least four options should be changed, don't use modules, compile everything into the kernel:
 
  +
<pre>
* Initial ramdisk (initrd) should be disabled in '''device driver -> block devices''')
 
  +
/usr/share/doc/nis/nis.debian.howto.gz
* Mount NFS as root:
 
  +
</pre>
** Enable '''File systems -> Network File Systems -> NFS file system support'''
 
** Enable '''File systems -> Network File Systems -> Root file system on NFS'''
 
* Assign IP address at boot time:
 
** Enable '''Device drivers -> Networking Support -> Networking Options -> IP: kernel level autoconfiguration -> IP: DHCP support'''
 
* Compile GigaBit network driver into the kernel:
 
** Set: ''' Device Drivers->Networking support->Ethernet (1000Mbit)-><*> Intel(R) PRO/1000 Gigabit'''
 
   
  +
=== Configuration of the master server (<tt>majorana</tt>) ===
Furthermore, the kernel needs a slight change in the source code, so that the kernel requests an address via DHCP after during load:
 
  +
In /etc/default/nis:
  +
<pre>
  +
NISSERVER=master
  +
NISCLIENT=true
  +
</pre>
  +
Restrict access only to the local network, changing the last line of ypserv.securenets into:
  +
<pre>
  +
255.255.255.0 192.168.100.0
  +
</pre>
   
  +
=== Configuration of the Slave server (<tt>polyphemus</tt>) ===
In net/ipv4/ipconfig.c change:
 
  +
Same procedure as for the master server, exept for <tt>/etc/default/nis</tt>:
 
<pre>
 
<pre>
  +
NISSERVER=slave
int ic_enable __initdata = 0;
 
  +
NISCLIENT=true
  +
NISMASTER=192.168.100.101 # aka r01, aka majorana
 
</pre>
 
</pre>
  +
to
 
  +
=== Configuration fo the clients ===
  +
In <tt>/etc/default/nis</tt>:
 
<pre>
 
<pre>
  +
NISSERVER=false
int ic_enable __initdata = 1;
 
  +
NISCLIENT=true
 
</pre>
 
</pre>
   
  +
Add the following lines to <tt>/etc/yp.conf</tt>:
You are know ready to make a .deb package containing the kernel image:
 
<pre>
+
<pre>
  +
domain polyphemus server 192.168.100.101
make-kpkg --append-to-version -dc kernel_image kernel_headers
 
  +
domain polyphemus server 192.168.100.1
 
</pre>
 
</pre>
  +
  +
Remember to add the last line of the passwd, group, and shadow file: "+::0:0:::" in passwd, "+::::::::"in shadow, etc. See the documentation that comes with NIS package for more details.
  +
  +
Finally modify the file /etc/nsswitch.conf to look like:
  +
<pre>
  +
passwd: compat
  +
group: compat
  +
shadow: compat
  +
hosts: files nis dns
  +
networks: files
  +
protocols: db files nis
  +
services: db files nis
  +
ethers: db files
  +
rpc: db files nis
  +
</pre>
  +
  +
TODO: We need a copy of the configuration file here.
  +
TODO: Do we? The info above are enough to recreate the files from scratch. Moreover, we will have regular backups of the configuration files.
  +
  +
== Trivial FTP ==
  +
Trivial FTP (TFTP) allows nodes to boot via network, get configuration files and a kernel during startup.
  +
  +
Install TFTP on majorana:
  +
<pre>
  +
apt-get install tftp-hpa
  +
</pre>
  +
  +
TFTP's Configuration is in
  +
<pre>
  +
/etc/defaults/tftpd-hpa
  +
</pre>
  +
  +
The bootloader pxelinux.0 is in a package called syslinux. And the file is placed in /usr/lib/syslinux/. It has to moved to the tftp directory (/var/lib/tftpboot) together with the kernel. A sub-directory pxelinux.cfg has to be created. It will contain the configuration files. A hex version of the IP for the nodes has to be created. See the man page of tftp for further information.
  +
  +
Once you have [[IRIDIA cluster installing the diskless nodes | compiled a kernel for the diskless node and installed the diskless image on majorana]] or [[IRIDIA cluster installing nodes with disks | installed FAI]] you should make configuration files like for instance:
  +
<pre>
  +
cat pxelinux.cfg/C0A86402:
  +
DEFAULT vmlinuz-2.6.8-dc root=/dev/nfs
  +
</pre>
  +
  +
(See kernel-source/documentation/nfsroot.txt)
  +
  +
== apt-cacher ==
  +
  +
<tt>apt-cacher</tt> is a cacher for *.deb packages downloaded from the network. When updating/installing a system in the local network, it connects to the server which runs <tt>apt-cacher</tt>. The server sends the local copy of the packages if they are already in the cache, thus using the local fast network. It any of the packages is missing in the cache, the server downloads it, copies it in the cache and then send it to the client.
  +
  +
Install the package:
  +
<pre>
  +
apt-get install apt-cacher
  +
</pre>
  +
This installs also <tt>apache</tt> web server.
  +
  +
The configuation file for <tt>apt-cacher</tt> is:
  +
<pre>
  +
/etc/apt-cacher/apt-cacher.conf
  +
</pre>
  +
  +
The most important line to modify is the first one, which tells where the case is on the disk (for instance, <tt>/mnt/apt-cacher</tt>):
  +
<pre>
  +
cache_dir=/mnt/apt-cacher
  +
</pre>
  +
This directory must exist, and should belong to user <tt>www-data</tt> and group <tt>www-data</tt>.
  +
  +
Then modify <tt>/etc/apt/sources.list</tt> and preappend the address of the cache server to the server present in the list. For instance, supposing that the cache server is <tt>p01</tt>:
  +
<pre>
  +
original:
  +
deb http://ftp.belnet.be/debian/ testing main non-free contrib
  +
modified (to use apt-cacher):
  +
deb http://p01/apt-cacher/ftp.belnet.be/debian/ testing main non-free contrib
  +
</pre>
  +
  +
Remember to open the port 80 on your server (only if you are filtering packets also from the clients in the local network).

Latest revision as of 16:57, 27 June 2005

This page contains information on installing and setting up: DHCP, AIDE, diskless, ...

It is assumed that the servers are running a minimal installation as described in the previous section IRIDIA cluster installing an OS on the servers.

Firewall

Firestarter is a program to easily configure the firewall. Install Firestarter on both servers:

apt-get install firestarter

Apt-get installs nearly an additional 100 packages.

Setup the firewall to accept any connections from the cluster network(192.168.100.0/24) on majorana.

Note: before copying the firewall rules from the backup of /etc/firestater/ be sure that the syntax is "compatible" in case a newer version (> 1.0.3) of the package is installed.

DHCP

A DHCP daemon should be installed on majorana so that IPs are given to the cluster nodes depending on their MAC address. When installing DCHP notice that the package dhcp3 could give some trouble with the /dev/rtc (real-time clock). However, the package named just dhcp seems to work.

We are not going to go through configuring DHCP here, but you can download a working version of the dhcpd.conf file and add any additional nodes.

Notice that the IPs on the cluster LAN should be assigned according to the following rules:

192.168.100.1:           polyphemus (p01)
192.168.100.2 - 100:      p02-p100 (diskless nodes)
192.168.100.101:         majorana (r01)
192.168.100.102 - 254    r02-r154

Finding the MAC address of a node

The MAC address is a sequence of 12 hexadecimal digits, normally coupled and each couple separeted by a ``: or a space. If you do not have it, you can get it in this way:

On the server, type the following:

tail -f /var/log/daemon.log

Switch on the client and let it boot from the network (it will fail)

Look at the server's screen: it will appear a line like

DHCPDISCOVER from 00:13:16:69:71:fa via eth1

the numbers between from and via are the MAC address.

AIDE

AIDE is an intrusion detection system. It should be installed on both the servers. It is quite simple to install:

apt-get install aide
update-aide.conf
aideinit -y

AIDE checks for changes in the filesystem every day, and compiles a report and mails it to root. The mail is truncated to 1000 lines, but usually the complete report can be found in /var/log/aide.

NIS

The Network Information System (NIS, formerly Yellow Pages) should be installed. First install packages for shadow passwords:

apt-get install passwd nis

The NIS configuration files are found in:

/etc/defaults/nis
/etc/yp.conf
/etc/ypserv.conf
/etc/ypserv.securenets

majorana is the NIS master server and polyphemus is a slave server. The purpose of a slave server is to answer NIS requests when the master server is down or too slow in responding to requests. Information about how to configure the servers and the clients can be found in:

/usr/share/doc/nis/nis.debian.howto.gz

Configuration of the master server (majorana)

In /etc/default/nis:

NISSERVER=master
NISCLIENT=true

Restrict access only to the local network, changing the last line of ypserv.securenets into:

255.255.255.0   192.168.100.0

Configuration of the Slave server (polyphemus)

Same procedure as for the master server, exept for /etc/default/nis:

NISSERVER=slave
NISCLIENT=true
NISMASTER=192.168.100.101 # aka r01, aka majorana

Configuration fo the clients

In /etc/default/nis:

NISSERVER=false
NISCLIENT=true

Add the following lines to /etc/yp.conf:

domain polyphemus server 192.168.100.101
domain polyphemus server 192.168.100.1

Remember to add the last line of the passwd, group, and shadow file: "+::0:0:::" in passwd, "+::::::::"in shadow, etc. See the documentation that comes with NIS package for more details.

Finally modify the file /etc/nsswitch.conf to look like:

passwd:         compat
group:          compat
shadow:         compat
hosts:          files nis dns
networks:       files
protocols:      db files nis
services:       db files nis
ethers:         db files
rpc:            db files nis

TODO: We need a copy of the configuration file here. TODO: Do we? The info above are enough to recreate the files from scratch. Moreover, we will have regular backups of the configuration files.

Trivial FTP

Trivial FTP (TFTP) allows nodes to boot via network, get configuration files and a kernel during startup.

Install TFTP on majorana:

apt-get install tftp-hpa

TFTP's Configuration is in

/etc/defaults/tftpd-hpa

The bootloader pxelinux.0 is in a package called syslinux. And the file is placed in /usr/lib/syslinux/. It has to moved to the tftp directory (/var/lib/tftpboot) together with the kernel. A sub-directory pxelinux.cfg has to be created. It will contain the configuration files. A hex version of the IP for the nodes has to be created. See the man page of tftp for further information.

Once you have compiled a kernel for the diskless node and installed the diskless image on majorana or installed FAI you should make configuration files like for instance:

cat pxelinux.cfg/C0A86402:
DEFAULT vmlinuz-2.6.8-dc root=/dev/nfs

(See kernel-source/documentation/nfsroot.txt)

apt-cacher

apt-cacher is a cacher for *.deb packages downloaded from the network. When updating/installing a system in the local network, it connects to the server which runs apt-cacher. The server sends the local copy of the packages if they are already in the cache, thus using the local fast network. It any of the packages is missing in the cache, the server downloads it, copies it in the cache and then send it to the client.

Install the package:

apt-get install apt-cacher

This installs also apache web server.

The configuation file for apt-cacher is:

/etc/apt-cacher/apt-cacher.conf

The most important line to modify is the first one, which tells where the case is on the disk (for instance, /mnt/apt-cacher):

cache_dir=/mnt/apt-cacher

This directory must exist, and should belong to user www-data and group www-data.

Then modify /etc/apt/sources.list and preappend the address of the cache server to the server present in the list. For instance, supposing that the cache server is p01:

original:
  deb http://ftp.belnet.be/debian/ testing main non-free contrib
modified (to use apt-cacher):
  deb http://p01/apt-cacher/ftp.belnet.be/debian/ testing main non-free contrib

Remember to open the port 80 on your server (only if you are filtering packets also from the clients in the local network).