wiki:Internal/SandboxConsoleSetup

Version 16 (modified by ssugrim, 13 years ago) ( diff )

How to build a SandBox console

New Instructions as of 8/22/2011

Base system

  1. Boot Ubuntu 10.10 Server installation medium (you may need a usb-cdrom).
  2. preform a standard installation using the installation defaults, with noted devations:
    1. Partition - Choose "Guided use entire disk" (No LVM)
    2. User Name / Password - Use the well known orbit default
    3. Roles - Add the ssh server role
  3. Check that the network interfaces get the correct address from the correct networks:
    1. eth0 - DMZ
    2. eth1 - Control

NFS Mounting

We no longer do AutoFS/auto.home since there is a long standing lag bug with the daemon that is not fixable. We've now move to direct mounting of the /home mount point.

  1. Install the nfs common libraries
    apt-get install nfs-common
    
  2. add the follow line to /etc/fstab
    home:/export/home /home nfs _netdev,auto 0  0
    

LDAP Authentication

Since Autofs is not use this process is some what simpler.

  1. Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok).
    apt-get install libpam-ldap libnss-ldap
    
  2. The /etc/ldap.conf is one of two files that configures the ldap client. The non-comment lines in this file are as follows:
    base dc=orbit-lab,dc=org
    uri ldap://ldap.orbit-lab.org/
    ldap_version 3
    binddn
    rootbinddn cn=admin,dc=orbit-lab,dc=org
    pam_password md5
    nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
    
    You could edit this file and change all the values to reflect this (leaveing the rest as comments) or simply replace the one you have with this one.ldap.conf
  3. The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines:
    BASE    dc=orbit-lab,dc=org
    URI     ldap://ldap.orbit-lab.org
    
    Again you can edit it directly or copy this version.
  4. The /etc/nsswitch.conf file should have the follow non comment lines:
    passwd:         files ldap compat
    group:          files ldap compat
    shadow:         files compat
    
    hosts:          files dns
    networks:       files
    
    protocols:      db files
    services:       db files
    ethers:         db files
    rpc:            db files
    
    netgroup:       nis
    
    Again you can edit it directly or copy this version.
  5. Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command).
    %admin ALL=(ALL) ALL
    %sysadmin ALL=NOPASSWD: ALL
    
    This has to be done manually.

OMF

Old instructions as of 5/xx/2011

Steps on setting up this ubuntu Server are as follows

  1. Attach a usb cd drive and start the cd install.
  2. Choose Entire disk with help from installer to do the partitioning of the FS
    Choose dhcp for eth0 during setup.
  3. Setup the Network Interfaces
    eth0 - Goes into the DMZ network, so please modify the /etc/network/interfaces file to for eth0
    the ability to attain an ip address using dhcp.
    Please update the dhcpd.conf file with eth0 mac address for console.sbX
    eth1 - Is the ConsoleC address for sandbox.
    Please update /etc/network/interfaces to
    iface eth1 inet static
    address 10.1x.0.10 - (x) is the sandbox number
    netmask 255.255.0.0
  4. Please Install libpam-ldap,libnss-ldap,autofs and autofs-ldap packages using apt.
  5. Please modify /etc/ldap/ldap.conf to the following
    BASE dc=orbit-lab,dc=org
    URI ldap://ldap.orbit-lab.org
  6. You can copy /etc/ldap.conf from another sandbox or set the following attributes yourself

host ldap.orbit-lab.org
base dc=orbit-lab,dc=org
ldap_version 3
rootbinddn cn=admin,dc=orbit-lab,dc=org
timelimit 30
bind_timelimit 30
idle_timelimit 360
pam_check_host_attr yes
pam_password crypt
Copy the /etc/ldap.secret file from another sandbox or ask the administrator for the password.
Modify /etc/nsswitch.conf for the users and autofs to use LDAP

  1. For autofs we need to modify /etc/default/autofs file so that the autofs daemon knows what the master map is.

    LDAPURI="ldap://ldap1.orbit-lab.org/"
    LDAPBASE="ou=auto.master,dc=orbit-lab,dc=org"

  1. Copy the /etc/nsswitch.conf file to this new machine from another sandbox or modify the file for your
    self to include ldap for login and automount to be done by ldap.

Please ensure that you start autofs

Modify the sudoers file to include sysadmin group with privileges to become root without password or

just
copy the sudoers file from an existing sandbox.

  1. Install the mail packages , so that the mail can be sent from the sandbox.
    apt-get install postfix mailutils
    When you begin installing the postfix package configuration it will ask you configuration details, please select to install the package as a Satellite system. After that copy the main.cf file from another sandbox.
  2. Install logwatch, ntp and cfengine2 packages.
  3. Configure cfengine2 , which should copy the config files for logwatch and ntp.
  4. OMF Install -To manage your nodes To install omf packages modify your apt source tree to include mytestbed url and then run update on the apt for it to pull down the package information. The above steps can be done by these steps
     echo "deb http://pkg.mytestbed.net/ubuntu karmic/" >> /etc/apt/sources.list
       apt-get update
    

For the console we need to add the following packages

omf-resctl liboml omf-expectl omf-common omf-aggrmgr . Please try and install the latest release

    apt-get install liboml omf-expctl-5.2 omf-common-5.2 omf-aggmgr-5.2
  1. OMF Configuration Copy a working config file for /etc/omf-expctl-5.2/nodehandler.yaml from another sandbox and modify its ip addresses for the Sandbox. The XMPP server is repository2.
  2. In the inventory52 database , nodes table please make sure that the control ip is set to the ip of the eth1 interface (non dmz) interface.

Once you start the expirement you can go to the following ip and see the serial console 10.1.10x.17 x is the sandbox(x) number , the last 4 hex numbers are used to denote the ip address of each node of sandbox. node2 for sandbox would be 10.1.10x.18

  1. We still have omf5 as the default so please do the following

Just to add to our notes, we need to make sure machine have fully qualified host name (some services depend on it). So

(in /etc/hostname) console.sb2.orbit-lab.org

(in /etc/hosts) 127.0.0.1 console.sb2.orbit-lab.org console

As for the old omf we need to:

rm /usr/bin/omf #(it is actually a soft link to /etc/alternatives/omf)

scp -r sb1.orbit-lab.org:/opt/nodehandler4-4.4.0 /opt/nodehandler4-4.4.0

scp -r sb1.orbit-lab.org:/etc/nodehandler4 /etc/nodehandler4

scp sb1.orbit-lab.org:/usr/bin/omf /usr/bin/omf

which will set the 4.4 as a default omf.

Attachments (3)

  • ldap.conf (9.0 KB ) - added by ssugrim 13 years ago. /etc/ldap.conf
  • ldap.2.conf (214 bytes ) - added by ssugrim 13 years ago. /etc/ldap/ldap.conf
  • nsswitch.conf (527 bytes ) - added by ssugrim 13 years ago. /etc/nsswitch.conf

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.