From JhuAcmWiki

prS8r7 sdfkdf wmlesvnhf dgjotdbm

comment3,

Contents 1 Network, Web, and related services 1.1 subdomain.jhu.edu 1.2 NTS firewall 1.3 Other firewall issues 1.4 PostgreSQL 1.5 MySQL 1.5.1 Creating a new database 1.5.2 General mysql administration 1.6 Rails 1.6.1 Central control 1.6.2 mysql 1.6.3 Subdirectories 1.6.4 Apache 2 Door access 2.1 Adding a user's card 2.2 Removing a user's card 3 NFS 3.1 Updating the hosts-allowed list 3.2 Updating the "no_root_squash" list for /export/home/group 3.3 Giving users a quota 4 Metapackage 4.1 Updating the metapackage 4.2 Build the new metapackage 4.3 Update all the workstations to use the new metapackage 5 Xen 5.1 Getting a list of all the guests installed 5.2 Getting a console on a guest from the host 6 Webcams 6.1 logitech quickcam on Fomalhaut

Network, Web, and related services

subdomain.jhu.edu

Email hostmaster@jhu. Or suck it up and use the-dot.

NTS firewall

To deal with filtering, email network.security@jhu.edu

Other firewall issues

Try network.security or support@jhu.edu

PostgreSQL

Our Postgres server is local to centaur.

How do we make users or databases or what? Write instructions here.

MySQL

Creating a new database

Each database we create gets its own username. Maybe this is for security.

• ssh to einstein
• Run:

sudo ~/shared/admin/create_mysql.py

• Follow the prompts! :-)
• Email the group or user the path to the file created.

NOTE: The group mysql creation uses insecure temp files. Patches welcome. (-:

General mysql administration

• Use "sudo -H /usr/local/sbin/mysql-su" on einstein
  • the -H is to use root's home directory so all users of this command share the same history file
• This way, you can Ctrl-R for old commands, and copy them, rather than remembering SQL yourself.

Rails

Central control

• The file /etc/init.d/lotsa_mongrel_rails configures which Rails mongrels get run.
  • exists and configured on both ebola and centaur

mysql

• There is a disagreement between Ruby and Rails as to who is responsible for handling mysql timeouts.
• To fix it, add this to environment.rb:

ActiveRecord::Base.verification_timeout = 14400

Subdirectories

To make the Rails work with subdirectories, configure the rails with this in environment.rb:

ActionController::AbstractRequest.relative_url_root = "/subdir_in_question"

Plus in the rails thing's public/, make symlink from "subdir_in_question" to the rails thing's public/.

Apache

1. Find the appropriate VirtualHost in /etc/httpd/conf.d/vhost.conf
2. Now add:

ProxyPass /subdir http://0.0.0.0:3003/subdir

1. sudo /etc/init.d/httpd reload

Door access

Adding a user's card

To add a card to the database, run as root on cerberus:

/usr/sbin/thorctl add

Then enter details as prompted and swipe the card.

Removing a user's card

Similarly, to remove a card:

/usr/sbin/thorctl remove

NFS

This section describes our setup for manticore, our massively overpowered nfs server. It runs a development build of Solaris 11/amd64, and we use ZFS for storing shared files. It's pretty damn nifty.

We used to keep /etc/dfs/dfstab as an empty file because we thought its existence turned on NFS. This was just a guess. Also, it was wrong (see manticore:/lib/svc/method/nfs-server).

Updating the hosts-allowed list

• Edit manticore:/etc/dfs/ACMzpool-home-mountees, then

root@manticore# zfs set sharenfs="`cat /etc/dfs/ACMzpool-home-mountees`" ACMzpool/home
root@manticore# zfs share -a

Note that "zfs set sharenfs=" will not automatically change the permissions if the filesystem is already shared, you have to run "zfs share".

Updating the "no_root_squash" list for /export/home/group

Same as above, but the file is /etc/dfs/ACMzpool-home-groups-mountees.

Giving users a quota

To set a 100 gigabyte quote for acmguest:

root@manticore# zfs set quota=100g ACMzpool/home/acmguest

To unset the quota:

root@manticore# zfs set quota=none ACMzpool/home/acmguest

Metapackage

Updating the metapackage

1. Check out ACM subversion
2. cd into that directory's acm-packages/jhuacm-workstation/ directory
3. Update debian/control to change dependencies
4. Update debian/postinst to change the post-installation script (but be careful!)
5. You MUST run "dch -i" to update the changelog!

Build the new metapackage

1. svn-buildpackage -rfakeroot
2. scp ../build-area/*.deb acm.jhu.edu:~officers/public_html/pkg/
3. ssh eridani.acm.jhu.edu and:
   • cd ~officers/public_html/pkg/
   • make

Update all the workstations to use the new metapackage

• Run "cssh fomalhaut.acm.jhu.edu eridani.acm.jhu.edu taniwha.acm.jhu.edu", and (fill in release as appropriate):
  • sudo apt-get update
  • sudo apt-get install jhuacm-workstation-ubuntu-dapper
  • sudo apt-get clean

Xen

Getting a list of all the guests installed

• sudo xen-list-images

Getting a console on a guest from the host

• sudo xm console guestname
  • guestname is the name of the guest
  • Ctrl-] will close the console.

Webcams

I think that motion[1] would be a good package to use for our webcams, but it seems to segfault right now for some reason, see [2]

logitech quickcam on Fomalhaut

This webcam uses the qc-usb driver, from [3]. It is installed from a source package into /usr/src/modules/qc-usb-source . It needs to be rebuilt and reinstalled after each kernel upgrade! The actually logging is done with camE under the acmguest user. There is a config file in /home/acmguest/.camErc .