Service Desk Knowledgebase: Servers

From Computer Laboratory System Administration
Jump to navigationJump to search


This is the Severs content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.

If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Key Service Description & URLs

CL Customer Documentation

Further CL Sys-Admin Resources

Underpinning Services

  • Departmental Servers and Group Servers are all physically located in one of the machine rooms: GN09, FN11 or SE18.

Customer-base for this Service

  • All staff and students of the Computer Laboratory

Costs

  • Free to all current staff and students of the Computer Laboratory

SLA

  • N/A

Service Desk Call Handling Procedure

Escalation points and key contacts to be defined...

  • RT tickets can be escalated by changing the Queue to backoffice with the Owner set to Nobody and the Status as new. Tell the requestor:
    I am passing this request over to the experts who, I'm sure, will be in contact shortly.

'Omnipotent' Machines Laira & Totan and Privileges

Piete Brooks (6/3/15)

On (nearly) all machines, access on the filer fileserver is based on the kerberos ticket used to access the filer. root has a low priv kerberos key. To raise your privs, you have to login to an 'omnipotent' machine (currently laira & totan) which uses NFS sec=sys rather than sec=keb5 and has root_no_squash.

Creating a HotCRP Conference Web Server

1. Use PuTTY and go to the CL's slogin-serv.cl.cam.ac.uk

2. Make the PuTTY window longer.

3. Type kinit & press [Enter]

4. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter]

5. Type ssh -K laira & press [Enter] to go to the privileged machine laira

6. At the laira:~$ prompt use sudo ssh -K svr-hotcrp and [Enter]

7. Then cd /opt/hotcrp and [Enter]

8. sh -x README.cl shortName (e.g. SenSys_2015) and [Enter] (shortName is the conference's name which must have no spaces - use underscore)

9. You will get output like the following which tells you what to do next:-

 + SRC=hotcrp-2.92
 + DST=SenSys_2015
 + sudo cp -arl hotcrp-2.92 SenSys_2015
 + sudo rm -rf SenSys_2015/.git SenSys_2015/.gitignore
 + cat
 
 type 'SenSys_2015' when it asks for 'database name',
 press RETURN to accept the default random password
 (you can set a specific password, but don't unless you know why you want to),
 and press RETURN to 'populate?'
 
 + sudo sh -c HOME=~root SenSys_2015/Code/createdb.sh
 WARNING: Code/createdb.sh is deprecated, use lib/createdb.sh.
 Creating the database and database user for your conference.
 Access is allowed only from the local host.
 
 Enter database name (NO SPACES):SenSys_2015
 
 Enter password for mysql user SenSys_2015 [default is 15 random characters]:
 
 + echo 'show databases;' | mysql --defaults-group-suffix=_hotcrp_createdb -N | grep '^SenSys_2015$'
 + echo 'select User from user group by User;' | mysql --defaults-group-suffix=_hotcrp_createdb -N mysql |         
 grep '^SenSys_2015$'
 
 Creating SenSys_2015 database...
 + mysqladmin --defaults-group-suffix=_hotcrp_createdb --default-character-set=utf8 create SenSys_2015
 Creating SenSys_2015 user and password...
 Granting SenSys_2015 access to SenSys_2015...
 Granting RELOAD privilege...
 
 Reloading grant tables...
 Populating database...
 + cat SenSys_2015/Code/../lib/../src/schema.sql | mysql -uSenSys_2015 -p<REDACTED> SenSys_2015
 
 Creating SenSys_2015/Code/../lib/../conf/options.php...
 + chown root SenSys_2015/Code/../lib/../conf/options.php
 Making SenSys_2015/Code/../lib/../conf/options.php readable by the Web server...
 + chgrp www-data SenSys_2015/Code/../lib/../conf/options.php
 + cat
  
 edit SenSys_2015/conf/options.php (was Code/options.inc) and check that it looks plausible.  
 'paperSite' should be set to http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015
 'downloadPrefix' should be set to 'SenSys_2015-" (note the trailing hyphen).
 set shortName', 'longName', 'contactName', 'contactEmail' and 'emailFrom' and
 'emailSubmissions' from the user supplied info.
 
 + echo
 
 + echo Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'  
 Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'

10. Use pico SenSys_2015/conf/options.php and [Enter] to set the options mentioned similar to the following example:-
[Note: the acm in sensys.acm.org is not a typo.]

 $Opt["shortName"] = "SenSys_2015";
 $Opt["longName"] = "13th ACM Conference on Embedded Networked Sensor Systems";
 $Opt["downloadPrefix"] = "SenSys_2015-";
 $Opt["paperSite"] = "http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015";
 $Opt["conferenceSite"] = "http://sensys.acm.org/2015/";
 
 $Opt["contactName"] = "Cecilia Mascolo";
 $Opt["contactEmail"] = "cm542@cam.ac.uk";
 $Opt["sendEmail"] = true;
 $Opt["emailFrom"] = "cm542@cam.ac.uk";
 $Opt["emailSender"] = null;
 $Opt["emailSubmissions"] = "cm542@cam.ac.uk";

11. Using pico /etc/apache2/httpd.conf copy a previous conference setup. For example:

 # server "SenSys 2015" - RT#94292 - cm542
 <Directory "/opt/hotcrp/SenSys_2015">
                 Options Indexes Includes FollowSymLinks
                 AllowOverride all
                 Order allow,deny
                 Allow from all
 </Directory>
 Alias /hotcrp/SenSys_2015 /opt/hotcrp/SenSys_2015

12. At the end of the file just above # Add next site here ... paste in the previous conference details and edit them for the current conference

13. <Ctrl>+o to write out to File Name to Write: /etc/apache2/httpd.conf and [Enter]

14. <Ctrl>+x to exit pico

15. Restart with cl-asuser service apache2 graceful and [Enter]

16. Close down the sessions and PuTTY using exit and [Enter]

17. Note that the first person to setup an account becomes the primary manager, so do not create an account to test it, or that will be you. Instead tell the rightful owner:
"I believe that this has now been setup as you requested so please create an account and become the primary manager."

Contacts

Primary

Availability

  • Monday:
  • Tuesday:
  • Wednesday:
  • Thursday:
  • Friday:
  • Saturday: Closed
  • Sunday: Closed

Hints, Tips & Known Issues

Slogin-serv & Filer Home directory

Piete Brooks (12/3/15)

If connecting to slogin-serv.cl.cam.ac.uk you will be allocated a "std lab" machine (based on current usage) and see either of the prompts:
svr-ssh-1:~$ (the virtual server)
or
sandy:~$ (the physical server)
Each of these machines require their own separate & time-limited krbtgt key for access to your home directory (/home/CRSid) on the departmental "filer" fileserver using the Kerberos authenication protocol. If the key has timed-out you can request a fresh krbtgt key manually using the “kinit” command on each of the servers.

Categorising Keywords

  • A categorization or service type