Service Desk Knowledgebase: Servers: Difference between revisions
From Computer Laboratory System Administration
Jump to navigationJump to search
Anonymous (talk) (Changed message to reflect change to script.) |
|||
| (30 intermediate revisions by 3 users not shown) | |||
| Line 20: | Line 20: | ||
==Underpinning Services== | ==Underpinning Services== | ||
* [http://www.cam.ac.uk/ | * '''Departmental Servers''' and '''Group Servers''' are all physically located in one of the '''machine rooms''': '''[http://www.cl.cam.ac.uk/research/dtg/openroommap/static/?s=GN09&labels=1 GN09]''', '''[http://www.cl.cam.ac.uk/research/dtg/openroommap/static/?s=FN11&labels=1 FN11]''' or '''[http://www.cl.cam.ac.uk/research/dtg/openroommap/static/?s=SE18&labels=1 SE18]'''. | ||
==Customer-base for this Service== | ==Customer-base for this Service== | ||
| Line 33: | Line 33: | ||
==Service Desk Call Handling Procedure== | ==Service Desk Call Handling Procedure== | ||
''Escalation points and key contacts to be defined...'' | ''Escalation points and key contacts to be defined...'' | ||
* [ | * [http://helpdesk.csx.cam.ac.uk/ RT] tickets can be escalated by changing the '''Queue''' to '''backoffice''' with the '''Owner''' set to '''Nobody''' and the '''Status''' as '''new'''. Tell the requestor:<br /> ''I am passing this request over to the experts who, I'm sure, will be in contact shortly.'' | ||
==='Omnipotent' Machines Laira & Totan and Privileges=== | ==='Omnipotent' Machines Laira & Totan and Privileges=== | ||
| Line 59: | Line 55: | ||
7. Then '''cd /opt/hotcrp''' and '''[Enter]''' | 7. Then '''cd /opt/hotcrp''' and '''[Enter]''' | ||
8. '''sh -x README.cl <font color="red">shortName</font>''' and '''[Enter]''' ''('''<font color="red">shortName</font>''' is the | 8. '''sh -x README.cl <font color="red">shortName</font>''' ''(e.g. SenSys_2015)'' and '''[Enter]''' ''('''<font color="red">shortName</font>''' is the conference's name which must have no spaces - use underscore)'' | ||
9. You will get output like the following which tells you what to do next:- | 9. You will get output like the following which tells you what to do next:- | ||
SenSys_2015 | + SRC=hotcrp-2.92 | ||
< | + DST=SenSys_2015 | ||
edit SenSys_2015/conf/options.php (was Code/options.inc) and check that it looks plausible. | + sudo cp -arl hotcrp-2.92 SenSys_2015 | ||
'paperSite' should be set to http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015 | + sudo rm -rf SenSys_2015/.git SenSys_2015/.gitignore | ||
'downloadPrefix' should be set to 'SenSys_2015-" (note the trailing hyphen). | + cat | ||
set shortName', 'longName', 'contactName', 'contactEmail' and 'emailFrom' and | |||
'emailSubmissions' from the user supplied info. | type 'SenSys_2015' when it asks for 'database name', | ||
press RETURN to accept the default random password | |||
+ echo | (you can set a specific password, but don't unless you know why you want to), | ||
and press RETURN to 'populate?' | |||
+ echo Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful' | |||
Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful' | + sudo sh -c HOME=~root SenSys_2015/Code/createdb.sh | ||
WARNING: Code/createdb.sh is deprecated, use lib/createdb.sh. | |||
Creating the database and database user for your conference. | |||
Access is allowed only from the local host. | |||
Enter database name (NO SPACES):'''SenSys_2015''' | |||
Enter password for mysql user SenSys_2015 [default is 15 random characters]: | |||
+ echo 'show databases;' | mysql --defaults-group-suffix=_hotcrp_createdb -N | grep '^SenSys_2015$' | |||
+ echo 'select User from user group by User;' | mysql --defaults-group-suffix=_hotcrp_createdb -N mysql | | |||
grep '^SenSys_2015$' | |||
Creating SenSys_2015 database... | |||
+ mysqladmin --defaults-group-suffix=_hotcrp_createdb --default-character-set=utf8 create SenSys_2015 | |||
Creating SenSys_2015 user and password... | |||
Granting SenSys_2015 access to SenSys_2015... | |||
Granting RELOAD privilege... | |||
Reloading grant tables... | |||
Populating database... | |||
+ cat SenSys_2015/Code/../lib/../src/schema.sql | mysql -uSenSys_2015 -p<REDACTED> SenSys_2015 | |||
Creating SenSys_2015/Code/../lib/../conf/options.php... | |||
+ chown root SenSys_2015/Code/../lib/../conf/options.php | |||
Making SenSys_2015/Code/../lib/../conf/options.php readable by the Web server... | |||
+ chgrp www-data SenSys_2015/Code/../lib/../conf/options.php | |||
+ cat | |||
'''edit SenSys_2015/conf/options.php (was Code/options.inc) and check that it looks plausible.''' | |||
''''paperSite' should be set to http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015''' | |||
''''downloadPrefix' should be set to 'SenSys_2015-" (note the trailing hyphen).''' | |||
'''set shortName', 'longName', 'contactName', 'contactEmail' and 'emailFrom' and''' | |||
''''emailSubmissions' from the user supplied info.''' | |||
'''+ echo''' | |||
'''+ echo Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'''' | |||
'''Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'''' | |||
10. Use ''' | 10. Use '''pico <font color="red">SenSys_2015</font>/conf/options.php''' and '''[Enter]''' to set the options mentioned similar to the following example:- | ||
<br/> | |||
[Note: the acm in sensys.acm.org is not a typo.] | |||
$Opt[" | $Opt["shortName"] = "SenSys_2015"; | ||
$Opt["longName"] = "13th ACM Conference on Embedded Networked Sensor Systems"; | $Opt["longName"] = "13th ACM Conference on Embedded Networked Sensor Systems"; | ||
$Opt["downloadPrefix"] = "SenSys_2015-"; | |||
$Opt["paperSite"] = "http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015"; | |||
$Opt["conferenceSite"] = "http://sensys.acm.org/2015/"; | $Opt["conferenceSite"] = "http://sensys.acm.org/2015/"; | ||
$Opt["contactName"] = "Cecilia Mascolo"; | $Opt["contactName"] = "Cecilia Mascolo"; | ||
$Opt["contactEmail"] = "cm542@cam.ac.uk"; | $Opt["contactEmail"] = "cm542@cam.ac.uk"; | ||
| Line 94: | Line 127: | ||
$Opt["emailSubmissions"] = "cm542@cam.ac.uk"; | $Opt["emailSubmissions"] = "cm542@cam.ac.uk"; | ||
11. Using ''' | 11. Using '''pico /etc/apache2/httpd.conf''' copy a previous conference setup. For example: | ||
# server "SenSys 2015" - RT#94292 - cm542 | |||
<Directory "/opt/hotcrp/SenSys_2015"> | |||
Options Indexes Includes FollowSymLinks | |||
AllowOverride all | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
Alias /hotcrp/SenSys_2015 /opt/hotcrp/SenSys_2015 | |||
12. At the end of the file just above '''# Add next site here ...''' paste in the previous conference details and edit them for the current conference | |||
13. '''<Ctrl>+o''' to write out to '''File Name to Write: /etc/apache2/httpd.conf''' and '''[Enter]''' | |||
15. Close down the sessions and PuTTY using '''exit''' and '''[Enter]''' | 14. '''<Ctrl>+x''' to exit pico | ||
15. Restart with '''cl-asuser service apache2 graceful''' and '''[Enter]''' | |||
16. Close down the sessions and PuTTY using '''exit''' and '''[Enter]''' | |||
17. Note that the first person to setup an account becomes the primary manager, so '''do not create an account''' to test it, or that will be you. Instead tell the rightful owner:<br />"''I believe that this has now been setup as you requested so please create an account and become the primary manager.''" | |||
== Contacts == | == Contacts == | ||
'''Primary''' | '''Primary''' | ||
* [mailto: | * [mailto:sys-admin-comment@cl.cam.ac.uk sys-admin-comment@cl.cam.ac.uk] (Goes to CL sysadmins) | ||
==Availability== | ==Availability== | ||
Latest revision as of 16:10, 10 September 2015
This is the Severs content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.
If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.
Return to the Service Desk Knowledgebase SERVICE PORTFOLIO
Key Service Description & URLs
- CL Terminal Servers
- Computer Laboratory News (Twitter use @UC_CL_SysAdm)
CL Customer Documentation
Further CL Sys-Admin Resources
- http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HotCrp?highlight=%28HotCRP%29 - HotCRP
- http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/TgtServer - Ticket Granting Tickets (TGT) Server
- See also File Server
Underpinning Services
- Departmental Servers and Group Servers are all physically located in one of the machine rooms: GN09, FN11 or SE18.
Customer-base for this Service
- All staff and students of the Computer Laboratory
Costs
- Free to all current staff and students of the Computer Laboratory
SLA
- N/A
Service Desk Call Handling Procedure
Escalation points and key contacts to be defined...
- RT tickets can be escalated by changing the Queue to backoffice with the Owner set to Nobody and the Status as new. Tell the requestor:
I am passing this request over to the experts who, I'm sure, will be in contact shortly.
'Omnipotent' Machines Laira & Totan and Privileges
Piete Brooks (6/3/15)
On (nearly) all machines, access on the filer fileserver is based on the kerberos ticket used to access the filer. root has a low priv kerberos key. To raise your privs, you have to login to an 'omnipotent' machine (currently laira & totan) which uses NFS sec=sys rather than sec=keb5 and has root_no_squash.
Creating a HotCRP Conference Web Server
1. Use PuTTY and go to the CL's slogin-serv.cl.cam.ac.uk
2. Make the PuTTY window longer.
3. Type kinit & press [Enter]
4. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter]
5. Type ssh -K laira & press [Enter] to go to the privileged machine laira
6. At the laira:~$ prompt use sudo ssh -K svr-hotcrp and [Enter]
7. Then cd /opt/hotcrp and [Enter]
8. sh -x README.cl shortName (e.g. SenSys_2015) and [Enter] (shortName is the conference's name which must have no spaces - use underscore)
9. You will get output like the following which tells you what to do next:-
+ SRC=hotcrp-2.92 + DST=SenSys_2015 + sudo cp -arl hotcrp-2.92 SenSys_2015 + sudo rm -rf SenSys_2015/.git SenSys_2015/.gitignore + cat type 'SenSys_2015' when it asks for 'database name', press RETURN to accept the default random password (you can set a specific password, but don't unless you know why you want to), and press RETURN to 'populate?' + sudo sh -c HOME=~root SenSys_2015/Code/createdb.sh WARNING: Code/createdb.sh is deprecated, use lib/createdb.sh. Creating the database and database user for your conference. Access is allowed only from the local host. Enter database name (NO SPACES):SenSys_2015 Enter password for mysql user SenSys_2015 [default is 15 random characters]: + echo 'show databases;' | mysql --defaults-group-suffix=_hotcrp_createdb -N | grep '^SenSys_2015$' + echo 'select User from user group by User;' | mysql --defaults-group-suffix=_hotcrp_createdb -N mysql | grep '^SenSys_2015$' Creating SenSys_2015 database... + mysqladmin --defaults-group-suffix=_hotcrp_createdb --default-character-set=utf8 create SenSys_2015 Creating SenSys_2015 user and password... Granting SenSys_2015 access to SenSys_2015... Granting RELOAD privilege... Reloading grant tables... Populating database... + cat SenSys_2015/Code/../lib/../src/schema.sql | mysql -uSenSys_2015 -p<REDACTED> SenSys_2015 Creating SenSys_2015/Code/../lib/../conf/options.php... + chown root SenSys_2015/Code/../lib/../conf/options.php Making SenSys_2015/Code/../lib/../conf/options.php readable by the Web server... + chgrp www-data SenSys_2015/Code/../lib/../conf/options.php + cat edit SenSys_2015/conf/options.php (was Code/options.inc) and check that it looks plausible. 'paperSite' should be set to http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015 'downloadPrefix' should be set to 'SenSys_2015-" (note the trailing hyphen). set shortName', 'longName', 'contactName', 'contactEmail' and 'emailFrom' and 'emailSubmissions' from the user supplied info. + echo + echo Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful' Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'
10. Use pico SenSys_2015/conf/options.php and [Enter] to set the options mentioned similar to the following example:-
[Note: the acm in sensys.acm.org is not a typo.]
$Opt["shortName"] = "SenSys_2015"; $Opt["longName"] = "13th ACM Conference on Embedded Networked Sensor Systems"; $Opt["downloadPrefix"] = "SenSys_2015-"; $Opt["paperSite"] = "http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015"; $Opt["conferenceSite"] = "http://sensys.acm.org/2015/"; $Opt["contactName"] = "Cecilia Mascolo"; $Opt["contactEmail"] = "cm542@cam.ac.uk"; $Opt["sendEmail"] = true; $Opt["emailFrom"] = "cm542@cam.ac.uk"; $Opt["emailSender"] = null; $Opt["emailSubmissions"] = "cm542@cam.ac.uk";
11. Using pico /etc/apache2/httpd.conf copy a previous conference setup. For example:
# server "SenSys 2015" - RT#94292 - cm542
<Directory "/opt/hotcrp/SenSys_2015">
Options Indexes Includes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>
Alias /hotcrp/SenSys_2015 /opt/hotcrp/SenSys_2015
12. At the end of the file just above # Add next site here ... paste in the previous conference details and edit them for the current conference
13. <Ctrl>+o to write out to File Name to Write: /etc/apache2/httpd.conf and [Enter]
14. <Ctrl>+x to exit pico
15. Restart with cl-asuser service apache2 graceful and [Enter]
16. Close down the sessions and PuTTY using exit and [Enter]
17. Note that the first person to setup an account becomes the primary manager, so do not create an account to test it, or that will be you. Instead tell the rightful owner:
"I believe that this has now been setup as you requested so please create an account and become the primary manager."
Contacts
Primary
- sys-admin-comment@cl.cam.ac.uk (Goes to CL sysadmins)
Availability
- Monday:
- Tuesday:
- Wednesday:
- Thursday:
- Friday:
- Saturday: Closed
- Sunday: Closed
Hints, Tips & Known Issues
Slogin-serv & Filer Home directory
Piete Brooks (12/3/15)
If connecting to slogin-serv.cl.cam.ac.uk you will be allocated a "std lab" machine (based on current usage) and see either of the prompts:
svr-ssh-1:~$ (the virtual server)
or
sandy:~$ (the physical server)
Each of these machines require their own separate & time-limited krbtgt key for access to your home directory (/home/CRSid) on the departmental "filer" fileserver using the Kerberos authenication protocol. If the key has timed-out you can request a fresh krbtgt key manually using the “kinit” command on each of the servers.
Categorising Keywords
- A categorization or service type
