wiki:Internal/SandboxConsoleSetup

Version 32 (modified by msherman, 10 years ago) ( diff )

How to build a SandBox console

New Instructions as of 8/22/2011

The core packages can be installed as a group via this command: 

sudo apt-get install logwatch logrotate nfs-common libpam-ldap libnss-ldap

Instead of indiviually.

Base system

  1. Boot Ubuntu 10.10 Server installation medium (you may need a usb-cdrom).
  2. preform a standard installation using the installation defaults, with noted devations:
    1. Partition - Choose "Guided use entire disk" (No LVM)
    2. User Name / Password - Use the well known orbit default
    3. Roles - Add the ssh server role
  3. Check that the network interfaces get the correct address from the correct networks:
    1. eth0 - DMZ
    2. eth1 - Control
  4. Install the following additional packages 
    sudo apt-get install logwatch logrotate denyhosts

NFS Mounting We no longer do AutoFS/auto.home since there is a long standing lag bug with the daemon that is not fixable. We've now move to direct mounting of the /home mount point.

  1. Install the nfs common libraries 
    apt-get install nfs-common
  2. add the follow line to /etc/fstab 
    home:/export/home /home nfs _netdev,auto 0  0

If you are migrating from autofs, you will need to disable autofs on startup. In some cases this is managed by upstart. A reference for removing upstart services can be found here. In ubuntu 10.04 modify /etc/init/autofs.conf and change the start on line to 

start on never

LDAP Authentication Since Autofs is not use this process is some what simpler.

  1. Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok). 
    apt-get install libpam-ldap libnss-ldap
  2. The /etc/ldap.conf is one of two files that configures the ldap client. The non-comment lines in this file are as follows: 
    base dc=orbit-lab,dc=org
uri ldap://ldap.orbit-lab.org/
ldap_version 3
binddn
rootbinddn cn=admin,dc=orbit-lab,dc=org
pam_password md5
nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
    You could edit this file and change all the values to reflect this (leaveing the rest as comments) or simply replace the one you have with this one. You can also check the non-comment lines by executing: 
    egrep -v "^#|^$" /etc/ldap.conf
  3. The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines: 
    BASE    dc=orbit-lab,dc=org
URI     ldap://ldap.orbit-lab.org
    Again you can edit it directly or copy this version.
  4. The /etc/nsswitch.conf file should have the follow non comment lines: 
    passwd:         files ldap compat
group:          files ldap compat
shadow:         files compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
    Again you can edit it directly or copy this version.
  5. Copy or create the /etc/ldap.secret file
  6. Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). 
    %admin ALL=(ALL) ALL
%sysadmin ALL=NOPASSWD: ALL
    This has to be done manually.

1.Configure networking for the node facing interface of the console e.g.: 

auto eth1
iface eth1 inet static
address 10.14.0.10
netmask 255.255.0.0
  1. Install other software: 
    apt-get install cfengine3 emacs ntp
  1. We need to make sure machine have fully qualified host name (some services depend on it). So: 
    echo "console.sb4.orbit-lab.org" > /etc/hostname
  1. also set domainname (hostname SHOULD NOT be fqdn. Needs fixing.)

OMF / OML The Orbit measurement framework binaries.

  1. Comparing to a running Console, the apt repositories are: 
    deb http://pkg.mytestbed.net/ubuntu karmic/
deb http://pkg.mytestbed.net/ubuntu lucid/ 
deb http://pkg.mytestbed.net/ubuntu maverick/ 
deb http://pkg.mytestbed.net/ubuntu natty/
deb http://pkg.mytestbed.net/ubuntu oneiric/ 
deb http://pkg.mytestbed.net/ubuntu precise/
  2. The installed packages are: 
    ii  omf-aggmgr-5.3                   5.3.1-ubuntu3                   OMF Aggregate Manager
ii  omf-common-5.3                   5.3.1-ubuntu3                   Common ruby classes for OMF
ii  omf-common-5.4                   5.4.2-ubuntu2                   Common ruby classes for OMF
ii  omf-expctl-5.3                   5.3.1-ubuntu6                   OMF Experiment Controller
ii  omf-expctl-5.4                   5.4.2-ubuntu2                   OMF Experiment Controller
ii  liboml2-0                        2.8.1-ubuntu2                   OML: The Orbit Measurement Library
ii  oml2-server                      2.8.1-ubuntu2                   OML measurement server
  1. Before I could install all those packages, I needed to install this library. 
    wget http://ubuntu.media.mit.edu/ubuntu//pool/universe/libx/libxmpp4r-ruby/libxmpp4r-ruby1.8_0.5-1_all.deb
dpkg -i libxmpp4r-ruby1.8_0.5-1_all.deb
wget http://ubuntu.media.mit.edu/ubuntu//pool/universe/libx/libxmpp4r-ruby/libxmpp4r-ruby_0.5-1_all.deb
dpkg -i libxmpp4r-ruby_0.5-1_all.deb

For the console we need to OMF packages; please try and install the latest release also 

    apt-get install omf-expctl-5.4 omf-aggmgr-5.4 oml2-server
  1. OMF Configuration

Copy a working config file for /etc/omf-expctl-5.X/omf-expctl.yaml from another sandbox and modify its ip addresses and the domain name. The XMPP server is xmpp for 5.3 and xmpp2.orbit-lab.org for 5.4.

Configure omf-aggmgr-5.X to enable result service by creating file in /etc/omf-aggmgr-5.X/available/result.yaml with 

--- 
result:
  # Path to the SQLite3 client binary
  sqlite3_path: '/usr/bin/sqlite3'  

  # Path to the directory holding the experiment measurement databases
  database_path: '/var/lib/oml2'

and then link it: 

  cd /etc/omf-aggmgr-5.3/enabled; ln -s ../available/result.xml
  1. Copy authorized keys to new console.
  2. Install the cfengine3 package and then copy 
    sudo scp /etc/cfengine3/*.cf console.??:/etc/cfengine3/
  1. from dhcp1:
    • delete pub key if for the console's ip if it exists.
    • sudo scp /var/lib/cfengine3/ppkeys/root-10.0.0.9.pub console.??:/var/lib/cfengine3/ppkeys/
  1. Run cf-agent on the console we're installing. 
    cf-agent -v

OS specific notes

Ubuntu 13.10

The passwd command in fails after follwing these instructions. There is a minor tweak needed to get the passwd command to work. Edit the /etc/pam.d/common-password and find this line: 

password	[success=1 user_unknown=ignore default=die]	pam_ldap.so use_authtok try_first_pass

remove use_authtok, then reboot. This should solve the problem. It documented here

Attachments (3)

  • ldap.conf (9.0 KB ) - added by ssugrim 13 years ago. /etc/ldap.conf
  • ldap.2.conf (214 bytes ) - added by ssugrim 13 years ago. /etc/ldap/ldap.conf
  • nsswitch.conf (527 bytes ) - added by ssugrim 13 years ago. /etc/nsswitch.conf

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.