Service Desk Knowledgebase: Scratch space: Difference between revisions

From Computer Laboratory System Administration
Jump to navigationJump to search
 
(56 intermediate revisions by 3 users not shown)
Line 3: Line 3:
=Help Desk Scratch Space=
=Help Desk Scratch Space=


==Special information for re-use of PCCL0xx machines for 2015/10==
==Common case of setting up a new machine==
There is a ticklist of steps to ensure a lab system is setup and documented correctly at http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/MachineSetup whose ToC can be used as an aide-memoire to check that everything has been done, or by going into the text itself, to see what needs to be done.


Due to unfortunate expected dates for new Intel CPUs and chipsets and Asus Motherboards, a number of 2015/10 arrivals will be given ex-SW11 PWF Dell machines to tide them over until the BMC version of the Asus motherboard is available and tested.
Requires insertion into
https://wiki.cam.ac.uk/cl-sys-admin/Service_Desk_Knowledgebase:_Resources#New_arrivals
'''''when the appropriate steps for machines other than Linux OS are defined.'''''


To aid with the setup of these machines, the ToC has been analysed and the expected required steps listed below.
There is a ticklist of steps to ensure a lab system is setup and documented correctly at http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/MachineSetup whose Table of Contents can be used as an aide-memoire to check that everything has been done, or by going into the text itself, to see what needs to be done.


There are two classes of users:
The common case of a new machine called ''''<font color="red">$HOST</font>'''' for user ''''<font color="red">$CRSID</font>'''' is run through below.
# RSs should be allocated machine names '''128.232.65.50''' to '''128.232.65.59'''
To be able to run the commands which use '''<font color="red">$HOST</font>''' & ''''<font color="red">$CRSID</font>'''' , you can set the shell environment variables. So for a machine called "<font color="red">foo</font>" with an assigned user with the CRSid of "<font color="red">spqr1</font>" , run:
# Other 'misc pool' temporary use (e.g. short term visitors; people buying kit when they have settled in) should be allocated machine names '''128.232.65.60''' to '''128.232.65.69'''
HelpDesk needs to tell oper the user (and office+desk if known) and a DNS name (''<font color="red">$HOST</font>'') to use - Go to '''laira''' and '''cd /anfs/glob/src/etc/named/src''' and then '''view cl.data''' to find names of machines in the IP address range with x's i.e. '''ex-PCCL0xx''' showing they are still available e.g.:
 
  petteril        IN      A      128.232.65.59
                  IN      TXT    "Using the case of '''ex-PCCL0xx'''"
 
When done, oper will tell Helpdesk the Inv# and 'old' name of the system used, so that 2.2 and 2.3 can be done.
 
* '''2.2 DNS - pre use if needed (e.g. Linux)''': update the TXT RR for the machine to note the PCCL0xx machine actually used (change '''vi''' to '''ed''', '''pico''', etc as preferred)
(cd /global/src/etc/named; co -l src/cl.data; vi src/cl.data; ci -u src/cl.data)
* '''3.4 keytab install (Linux)''': Ensure $HOST has a keytab. If the command below fails, contact gt19 to create a new keytab. On $HOST run:
cl-onserver --keytab
* '''4.1 User Admin - when running if needed (Linux)''':  If oper were not told the 'assigned user', on $HOST run:
cl-asuser cl-hostid-fix --user $CRSID -a
* '''4.2 Arrivals - when done''': fix https://dbwebserver.ad.cl.cam.ac.uk/SCG/Equipment/PhDArrivals.aspx and update RT ticket to include machine name ($HOST) in ticket Subject:
* '''4.3 Tell the user - when done''': Send final 'std email' to user. Resolve RT ticket.
* '''4.6 ssh_known_hosts - at leisure if needed (Linux)''': when the machine is running, on a '''different''' machine run
/global/src/usr.bin/ssh/fetch-host-key scan $HOST
* '''4.8 ownfiles - at leisure if needed (Linux)''': to ensure that '''ownfiles''' data is collected, run
(umask 2; touch /usr/groups/linux/ownfiles/CKSUM/$HOST)
* '''4.9 WoL - at leisure''': to ensure that WoL is available, run:
/usr/groups/netmaint/boot_wol_file-add.pl $HOST
 
==Common case of setting up a new Ubuntu machine==
 
There is a ticklist of steps to ensure a lab system is setup and documented correctly at http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/MachineSetup whose ToC can be used as an aide-memoire to check that everything has been done, or by going into the text itself, to see what needs to be done.
 
The common case of a new machine called '$HOST' for user '$CRSID' is run through below.
To be able to run the commands which use $HOST, set the shell environment variable. So for machine foo wither user spqr1 , run
  HOST=<font color="red">foo</font>
  HOST=<font color="red">foo</font>
  CRSID=<font color="red">spqr1</font>
  CRSID=<font color="red">spqr1</font>


HelpDesk sets some things up, asks oper to do their bit, and when told that it is done, test it and finish off the job.
Essentially the HelpDesk sets some things up, asks oper to do their bit, and when the Helpdesk is told that it is done, test it and finish off the job.


* '''2.1 Gather info - first thing''': collect all the information required using the RT ticket, such as the machine name, the subdomain (i.e. 'special' subnet, such as the Security Group, DTG or SRG experimental networks (if any)), VLAN, assigned user, etc.
* '''2.1 Gather info - first thing''': collect all the information required using the RT ticket, such as the machine name, the subdomain (i.e. 'special' subnet, such as the Security Group, DTG or SRG experimental networks (if any)), VLAN, assigned user, etc. Check that the RT Subject: line contains the user's ''''<font color="red">$CRSID</font>'''' and the ''''<font color="red">$HOST</font>'''' , e.g. "'''2015/10 RS Christopher Bryant <font color="red">cjb255</font> kit <font color="red">albacore</font>'''"
* '''2.2 DNS - pre use if needed (e.g. Linux)''': create an entry in the DNS for the machine on the correct subnet, with the appriorate subdomain (if any), and any BMC. Include a TXT RR with the owner and the RT ticket number. BMCs on the same VLAN as the host (typically user workstations using iAMT) should have the same name as host, with a '''-bmc''' suffix, but if using the BMC subnet (typically servers with dedicated BMC NICs) they should be on the BMC VLAN in the '''.bmc''' subdomain. If a 'same VLAN' BMC is in a subdomain, create a DNS alias for the BMC in the root domain. On the Managed Linux subnet, the top half of the subnet is used for the BMCs, with the address being in the class C which is 8 larger. Some subnets (e.g. SRG) have 'port blocked' CIDR blocks for BMCs, so look to see where other BMCs are. Thus a standard machine might be
* '''2.2 DNS - pre use if needed (e.g. Linux)''': create an entry in the DNS for the machine on the correct subnet, with the appriorate subdomain (if any), and any BMC. Include a TXT RR with the owner and the RT ticket number. BMCs on the same VLAN as the host (typically user workstations using iAMT) should have the same name as host, with a '''-bmc''' suffix, but if using the BMC subnet (typically servers with dedicated BMC NICs) they should be on the BMC VLAN in the '''.bmc''' subdomain. If a 'same VLAN' BMC is in a subdomain, create a DNS alias for the BMC in the root domain. On the Managed Linux subnet, the top half of the subnet is used for the BMCs, with the address being in the class C which is 8 larger. Some subnets (e.g. SRG) have 'port blocked' CIDR blocks for BMCs, so look to see where other BMCs are. Thus a standard machine might be
  foo        IN      A      128.232.65.83
  foo        IN      A      128.232.65.83
Line 54: Line 26:
while a machine on the security subnet might be
while a machine on the security subnet might be
  foo.sec    IN      A      128.232.18.83
  foo.sec    IN      A      128.232.18.83
             IN      TXT    "pb22 RT#1234"
             IN      TXT    "pb22 RT#12345"
  foo-bmc.sec IN      A      128.232.18.84
  foo-bmc.sec IN      A      128.232.18.84
  foo-bmc    IN      CNAME  foo-bmc.sec
  foo-bmc    IN      CNAME  foo-bmc.sec
To update the dns for <font color="red">$HOST</font> (change '''vi''' to '''ed''', '''pico''', etc as preferred), install and test it, on an omnipotent server
To update the dns for <font color="red">$HOST</font> (change '''<font color="red">vi</font>''' to '''ed''', '''pico''', etc as preferred), install and test it, on an omnipotent server:
  cd /global/src/etc/named
  cd /global/src/etc/named
  co -l src/cl.data
  co -l src/cl.data
  vi src/cl.data
  <font color="red">vi</font> src/cl.data
  ci -u src/cl.data
  ci -u src/cl.data
  make install
  make install
  host $HOST dns0
  host '''<font color="red">$HOST</font>''' dns0
* '''3 Machine install''': tell the operators which equipment to use (some way to identify it, where it is, what its Inventory Number is, etc) and the info listed below if they need it:
* '''3 Machine install''': tell the operators which equipment to use (some way to identify it, DNS name, where it is, who the assigned user is, what its Inventory Number is, etc) and the info listed below if they need it:
** '''2.3 Inventory - pre use if using DHCP (Windows) <CLCO>''': create or update the Inventory information, telling them any equipment details which are not already on the Inventory (e.g. "'''PC WoC ASUS 1150 Q87M-E i5-4670 32GB'''"), name, PO number, supplier, owner, user, RT ticket number and any other info for the 'comment', print off and stick on a label
** '''3.0 Inventory - pre use if using DHCP (Windows) <Done by a Computer Lab CO>''': create or update the Inventory information, telling them any equipment details which are not already on the Inventory (e.g. "'''PC WoC ASUS 1150 Q87M-E i5-4670 32GB'''"), name, PO number, supplier, owner, user, RT ticket number and any other info for the 'comment', print off and stick on a label
** '''3.1 Network setup <oper>''': tell them the office, desk, floorbox and VLAN to use
** '''3.1 Network setup <Done by Oper>''': tell them the office, desk, floorbox and VLAN to use
** '''3.2 BMC BIOS setup - if present <oper>''': tell them if there is a BMC
** '''3.2 BMC BIOS setup - if present <Done by Oper>''': tell them if there is a BMC
** '''3.3 OS install <oper>''': tell them to do a 'standard Linux install'
** '''3.3 OS install <Done by Oper>''': tell them to do a 'standard Linux install'
** '''4.10 Wiring database - once physically installed <oper>''': check that the wiring info is up to date
** '''3.4 Wiring database - once physically installed <Done by Oper>''': check that the wiring info is up to date
* '''3.4 keytab install (Linux)''': Ensure $HOST has a keytab. If the command below fails, create a new keytab (contact gt19 is necessary). Login to $HOST (this will probably need to be done from laira using 'sudo ssh $HOST', if the hist doesn't have a keytab) and run:
** '''3.5 Info & Ticket <Done by Oper>:''' The oper will confirm the Inventory number and the 'old' name of the system used before returning the RT to the Sysadmin queue.
  cl-onserver --keytab
* '''4 Return to above and update the information''' - once the OS has been installed:
* '''4.1 User Admin - when running if needed (Linux)''':  If oper were not told the 'assigned user', on $HOST run:
** '''2.2 DNS - pre use if needed (e.g. Linux)''' - names and addresses are assigned, but once 3.3 is done, update TXT RR
  cl-asuser cl-hostid-fix --user $CRSID -a
** '''3.0 Inventory - pre use if using DHCP (Windows) <Done by a Computer Lab CO>''' - once 3.3 is done, put RT# in comment, set user and office
* '''4.2 Arrivals - when done''': fixhttps://dbwebserver.ad.cl.cam.ac.uk/SCG/Visitors/VisitorStatus.aspx or https://dbwebserver.ad.cl.cam.ac.uk/SCG/Equipment/PhDArrivals.aspx (depending on whether a PhD Arrival or not) and update RT ticket to include machine name ($HOST) in ticket Subject:
* '''4.0 keytab install (Linux)''': Ensure '''<font color="red">$HOST</font>''' has a keytab. If the command below fails, create a new keytab <Contact gt19 is necessary>. Login to '''<font color="red">$HOST</font>''' (this will probably need to be done from laira using 'sudo ssh '''<font color="red">$HOST</font>'''', if the host doesn't have a keytab) and run:
* '''4.3 Tell the user - when done''': Send final 'std email' to user. Resolve RT ticket. The email might be along the lines of:
  '''cl-onserver --keytab'''
 
----
 
 
Check if below is already in the Post-install instructions at
https://wiki.cam.ac.uk/cl-sys-admin/Service_Desk_Knowledgebase:_Resources#New_arrivals
 
* '''4.1 User Admin - when running if needed (Linux)''':  If Oper were not told the 'assigned user', then SSH to the machine '''<font color="red">$HOST</font>''' and set it's assigned user by running:
  cl-asuser cl-hostid-fix --user ''''<font color="red">$CRSID</font>'''' -a
* '''4.2 Arrivals - when done''': update https://dbwebserver.ad.cl.cam.ac.uk/SCG/Equipment/PhDArrivals.aspx or https://dbwebserver.ad.cl.cam.ac.uk/SCG/Visitors/VisitorStatus.aspx (depending on whether a PhD Arrival or not) and update RT ticket to include machine name ('''<font color="red">$HOST</font>''') in ticket Subject:
* '''4.3 Tell the user - when done''': Send a final 'standard email' to user. The email might be along the lines of:
  The machine mentioned in the Subject: line has now been <font color="red">re-</font>installed for you and should be ready to use.
  The machine mentioned in the Subject: line has now been <font color="red">re-</font>installed for you and should be ready to use.
  <font color="red">When you arrive on October 5th, </font>Please login and check that the basics work, i.e. that you can login, access the web, and send email.
  <font color="red">When you arrive on October 5th, </font>Please login and check that the basics work, i.e. that you can login, access the web, and send email.
Line 85: Line 68:
  http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/BedtimeReading
  http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/BedtimeReading
  and the pages to which it points.
  and the pages to which it points.
* '''4.5 hosts.props - at leisure''': All machines should be added to hosts.props in /global/src/usr.lib. The format is somewhat overwhelming, so it may be easiest to copy a similar existing entry (note that they are sorted alphabetically). You can find a basic HW spec of the machine $HOST (e.g. backus for a Q87M-E system), and then type that string in place of $type to see which others machines are similar. If there are no other matches, try removing words from the end of $type to look for more generic information. If there is no useful match, email sys-admin asking for help. When a suitable machine '$from' has been found, clone its information. So for $HOST, try
* '''4.5 hosts.props - at leisure''': All machines should be added to hosts.props in /global/src/usr.lib. The format is somewhat overwhelming, so it may be easiest to copy a similar existing entry (note that they are sorted alphabetically). You can find a basic HW spec of the machine '''<font color="red">$HOST</font>''' (e.g. backus for a Q87M-E system), and then type that string in place of $type to see which others machines are similar. If there are no other matches, try removing words from the end of $type to look for more generic information. If there is no useful match, email sys-admin asking for help. When a suitable machine '$from' has been found, clone its information. So for '''<font color="red">$HOST</font>''', try
  type=$(/anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f Equipment -w $$HOST)
  type=$(/anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f Equipment -w $$HOST)
  echo trying type=\"$type\"
  echo trying type=\"$type\"
  /anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f name "$type" | sort -u
  /anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f name "$type" | sort -u
  # set from to be a suitable host, e.g.: from=<font color="red">backus</font>
  # set from to be a suitable host, e.g.: from=<font color="red">backus</font>
  /global/src/usr.lib/hosts.props-add.pl $from $HOST
  /global/src/usr.lib/hosts.props-add.pl $from '''<font color="red">$HOST</font>'''
* '''4.6 ssh_known_hosts - at leisure if needed (Linux)''': when the machine is running, on a '''different''' machine run
* '''4.6 ssh_known_hosts - at leisure if needed (Linux)''': when the machine is running, on a '''different''' machine run:
  /global/src/usr.bin/ssh/fetch-host-key scan $HOST
  /global/src/usr.bin/ssh/fetch-host-key scan '''<font color="red">$HOST</font>'''
* '''4.7 BMC ACL - when up if present''': check that the user has BMC credentials in /homes/$CRSID/.amtpw, then from a Lab machine, open a browser to the BMC (typically http://<font color="red">$HOST</font>-bmc.cl.cam.ac.uk:16992) as user admin, delete any previous assigned user, and add the new one with all privs. The command to setup credentials on an omnipotent server is:
* '''4.7 BMC ACL - when up if present''': check that the user has BMC credentials in /homes/<font color="red">$CRSID</font>/.amtpw, then from a Computer Lab machine, open a browser to the BMC (typically http://<font color="red">$HOST</font>-bmc.cl.cam.ac.uk:16992) login as user admin, delete any previous assigned user, and add the new one with all privileges. The command to setup credentials on an omnipotent server is:
  /usr/groups/netmaint/setamt $CRSID
  /usr/groups/netmaint/setamt '''<font color="red">$CRSid</font>'''
* '''4.8 ownfiles - at leisure if needed (Linux)''': to ensure that '''ownfiles''' data is collected, run
* '''4.8 ownfiles - at leisure if needed (Linux)''': to ensure that '''ownfiles''' data is collected, run:
  (umask 2; touch /usr/groups/linux/ownfiles/CKSUM/$HOST)
  (umask 2; touch /usr/groups/linux/ownfiles/CKSUM/'''<font color="red">$HOST</font>''')
* '''4.9 WoL - at leisure''': to ensure that WoL is available, run:
* '''4.9 Wake on LAN (WoL) - at leisure''': to ensure that Wake on Lan (WoL) is available, on an omnipotent server run:
  /usr/groups/netmaint/boot_wol_file-add.pl $HOST
  /usr/groups/netmaint/boot_wol_file-add.pl '''<font color="red">$HOST</font>'''
* Check that the [https://dbwebserver.ad.cl.cam.ac.uk/SCG/Equipment/PhDArrivals.aspx RS] or [https://dbwebserver.ad.cl.cam.ac.uk/SCG/Visitors/VisitorStatus.aspx "Visitors"] work queue has the task "'''completed'''" in the first case, or "'''OK'''" in the second (also adding the Inventory number and name of the PC after, e.g. "'''OK #16200 ouse'''")
* '''Resolve''' the RT ticket.
 
==Connecting to the Lab from a remote computer outside the CUDN==
(Based on [https://rt.cl.cam.ac.uk/Ticket/Display.html?id=96190 RT Ticket #96190])
 
The way to get into a computer on the Computer Lab network depends on what OS you are running.
 
First setup a VPN to the University.  The generic VPN service is documented by the UIS at https://www.ucs.cam.ac.uk/vpn/ where you will find detailed information for making connections from a variety of client systems. This is the preferred VPN service to use.
 
And then...
----
 
For '''Windows''':
 
You need to install both '''PuTTY''' and '''Pageant''' from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
There is a downloadable .ZIP file containing all the binaries (except PuTTYtel), and also the help files.
 
Generate a new public and private keypair by following the instructions at
http://www.cl.cam.ac.uk/local/sys/microsoft/putty/#keysetup-windows <br />
and continue to...
 
'''Saving the public key''':<br />
With the VPN setup and running you should be able to use Remote Desktop Connection to login to a Computer Lab windows terminal server (e.g. '''ts01.ad.cl.cam.ac.uk''') over the VPN in order to follow the instruction above and save you public key correctly.
 
(See http://www.cl.cam.ac.uk/local/sys/ssh/index.html for more information)
 
You should then be able to connect from your remote computer using PuTTY  and SSH to a computer on the Computer Lab network such as slogin-serv.cl.cam.ac.uk.
 
See http://www.cl.cam.ac.uk/local/sys/microsoft/putty/ for PuTTY configuration details
 
----
 
For '''Mac''' or '''Linux''':
 
Once the VPN is setup and running, if you have a Mac or Linux box or if running some Cygwin variant under windows you could just do:
 
'''kinit <font color="red">CRSid</font>@AD.CL.CAM.AC.UK'''
 
then
 
'''ssh -K sandy@cl.cam.ac.uk'''
 
'''cd /home/<font color="red">CRSid</font>/.ssh'''


=Procedure To Be Tidied Up (maybe done above?)=
'''ssh-keygen -t rsa'''


So from https://rt.cl.cam.ac.uk/Ticket/Display.html?id=96922
'''view id_rsa.pub'''
this seems to boil down to the following for the Help Desk
for the https://rt.cl.cam.ac.uk/Ticket/Display.html?id=96580 test case.


NOTE: There is ONLY now one case...
copy the contents


'''pico authorized_keys'''


===Machine install===
and then edit in the new public key in the following format:
====keytab install (Linux)====
On $HOST: cl-onserver --keytab
If there is no keytab to install, create one and retry


====Tidies====
'''from="*.cam.ac.uk" ssh-rsa<br />AABAB3NzaC1yc2EAAAABJQAAAIB/OVp4Ql8gNsD52sXXn2u1Ucc2DQ6r2GG5KEf2NdigJhN/CYSbcLt5pu/twZEW6egEuWcmELJAaorBBT/evigksBla+zEkNqaaiY7SWL2cpFK8+1oo2OakYSqF40FmjJQNz/5TLOC1e+87WhJlGMZJTOAgbSN98zWNMBH6ocz+aw== Macbook'''
* 4.1 User Admin - when running if needed (Linux)
If oper were not told the 'assigned user' for 3.3,
on $HOST: cl-asuser cl-hostid-fix --user $CRSID -a
* 4.2 Arrivals - when done
fix https://dbwebserver.ad.cl.cam.ac.uk/SCG/Equipment/PhDArrivals.aspx
Update RT ticket to include machine name in ticket Subject:
* 4.3 Tell the user - when done
Send user message
Resolve RT
* 4.6 ssh_known_hosts - at leisure if needed (Linux)
when the machine is running, on *another* machine run
/global/src/usr.bin/ssh/fetch-host-key scan $HOST
* 4.8 ownfiles - at leisure if needed (Linux)
run: (umask 2; touch /usr/groups/linux/ownfiles/CKSUM/$HOST)
* 4.9 WoL - at leisure
run: /usr/groups/netmaint/boot_wol_file-add.pl $HOST


and save the file.


HelpDesk needs to tell oper the DNS name to use as well as the user and office+desk
You should then be able to easily connect from your remote computer using SSH to a computer on the Computer Lab network such as '''slogin-serv.cl.cam.ac.uk'''.
When done, oper will tell Helpdesk the Inv# and 'old' name of the system used, so that 2.2 and 2.3 can be done.


====Pre install====
----
* 2.2 DNS - pre use if needed (e.g. Linux)
names and addresses assigned, but once 3.3 is done, update TXT RR
* 2.3 Inventory - pre use if using DHCP (Windows) <CLCO>
once 3.3 is done, put RT# in comment, set user and office

Latest revision as of 12:45, 23 December 2015

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Help Desk Scratch Space

Common case of setting up a new machine

Requires insertion into https://wiki.cam.ac.uk/cl-sys-admin/Service_Desk_Knowledgebase:_Resources#New_arrivals when the appropriate steps for machines other than Linux OS are defined.

There is a ticklist of steps to ensure a lab system is setup and documented correctly at http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/MachineSetup whose Table of Contents can be used as an aide-memoire to check that everything has been done, or by going into the text itself, to see what needs to be done.

The common case of a new machine called '$HOST' for user '$CRSID' is run through below. To be able to run the commands which use $HOST & '$CRSID' , you can set the shell environment variables. So for a machine called "foo" with an assigned user with the CRSid of "spqr1" , run:

HOST=foo
CRSID=spqr1

Essentially the HelpDesk sets some things up, asks oper to do their bit, and when the Helpdesk is told that it is done, test it and finish off the job.

  • 2.1 Gather info - first thing: collect all the information required using the RT ticket, such as the machine name, the subdomain (i.e. 'special' subnet, such as the Security Group, DTG or SRG experimental networks (if any)), VLAN, assigned user, etc. Check that the RT Subject: line contains the user's '$CRSID' and the '$HOST' , e.g. "2015/10 RS Christopher Bryant cjb255 kit albacore"
  • 2.2 DNS - pre use if needed (e.g. Linux): create an entry in the DNS for the machine on the correct subnet, with the appriorate subdomain (if any), and any BMC. Include a TXT RR with the owner and the RT ticket number. BMCs on the same VLAN as the host (typically user workstations using iAMT) should have the same name as host, with a -bmc suffix, but if using the BMC subnet (typically servers with dedicated BMC NICs) they should be on the BMC VLAN in the .bmc subdomain. If a 'same VLAN' BMC is in a subdomain, create a DNS alias for the BMC in the root domain. On the Managed Linux subnet, the top half of the subnet is used for the BMCs, with the address being in the class C which is 8 larger. Some subnets (e.g. SRG) have 'port blocked' CIDR blocks for BMCs, so look to see where other BMCs are. Thus a standard machine might be
foo         IN      A       128.232.65.83
            IN      TXT     "pb22 RT#12345"
...
foo-bmc     IN      A       128.232.73.83

while a machine on the security subnet might be

foo.sec     IN      A       128.232.18.83
            IN      TXT     "pb22 RT#12345"
foo-bmc.sec IN      A       128.232.18.84
foo-bmc     IN      CNAME   foo-bmc.sec

To update the dns for $HOST (change vi to ed, pico, etc as preferred), install and test it, on an omnipotent server:

cd /global/src/etc/named
co -l src/cl.data
vi src/cl.data
ci -u src/cl.data
make install
host $HOST dns0
  • 3 Machine install: tell the operators which equipment to use (some way to identify it, DNS name, where it is, who the assigned user is, what its Inventory Number is, etc) and the info listed below if they need it:
    • 3.0 Inventory - pre use if using DHCP (Windows) <Done by a Computer Lab CO>: create or update the Inventory information, telling them any equipment details which are not already on the Inventory (e.g. "PC WoC ASUS 1150 Q87M-E i5-4670 32GB"), name, PO number, supplier, owner, user, RT ticket number and any other info for the 'comment', print off and stick on a label
    • 3.1 Network setup <Done by Oper>: tell them the office, desk, floorbox and VLAN to use
    • 3.2 BMC BIOS setup - if present <Done by Oper>: tell them if there is a BMC
    • 3.3 OS install <Done by Oper>: tell them to do a 'standard Linux install'
    • 3.4 Wiring database - once physically installed <Done by Oper>: check that the wiring info is up to date
    • 3.5 Info & Ticket <Done by Oper>: The oper will confirm the Inventory number and the 'old' name of the system used before returning the RT to the Sysadmin queue.
  • 4 Return to above and update the information - once the OS has been installed:
    • 2.2 DNS - pre use if needed (e.g. Linux) - names and addresses are assigned, but once 3.3 is done, update TXT RR
    • 3.0 Inventory - pre use if using DHCP (Windows) <Done by a Computer Lab CO> - once 3.3 is done, put RT# in comment, set user and office
  • 4.0 keytab install (Linux): Ensure $HOST has a keytab. If the command below fails, create a new keytab <Contact gt19 is necessary>. Login to $HOST (this will probably need to be done from laira using 'sudo ssh $HOST', if the host doesn't have a keytab) and run:
cl-onserver --keytab


Check if below is already in the Post-install instructions at https://wiki.cam.ac.uk/cl-sys-admin/Service_Desk_Knowledgebase:_Resources#New_arrivals

  • 4.1 User Admin - when running if needed (Linux): If Oper were not told the 'assigned user', then SSH to the machine $HOST and set it's assigned user by running:
cl-asuser cl-hostid-fix --user '$CRSID' -a
The machine mentioned in the Subject: line has now been re-installed for you and should be ready to use.
When you arrive on October 5th, Please login and check that the basics work, i.e. that you can login, access the web, and send email.
If not, please reply to this ticket, which will re-open it, and we will try to sort the problem.

If you have other requests, please do NOT reply to this ticket, but instead open a new ticket, and mention this one.

Now may be a good time to look again at
http://www.wiki.cl.cam.ac.uk/rowiki/SysInfo/BedtimeReading
and the pages to which it points.
  • 4.5 hosts.props - at leisure: All machines should be added to hosts.props in /global/src/usr.lib. The format is somewhat overwhelming, so it may be easiest to copy a similar existing entry (note that they are sorted alphabetically). You can find a basic HW spec of the machine $HOST (e.g. backus for a Q87M-E system), and then type that string in place of $type to see which others machines are similar. If there are no other matches, try removing words from the end of $type to look for more generic information. If there is no useful match, email sys-admin asking for help. When a suitable machine '$from' has been found, clone its information. So for $HOST, try
type=$(/anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f Equipment -w $$HOST)
echo trying type=\"$type\"
/anfs/repl/etc/wtfi -S CL_Equipment-raw -q -f name "$type" | sort -u
# set from to be a suitable host, e.g.: from=backus
/global/src/usr.lib/hosts.props-add.pl $from $HOST
  • 4.6 ssh_known_hosts - at leisure if needed (Linux): when the machine is running, on a different machine run:
/global/src/usr.bin/ssh/fetch-host-key scan $HOST
  • 4.7 BMC ACL - when up if present: check that the user has BMC credentials in /homes/$CRSID/.amtpw, then from a Computer Lab machine, open a browser to the BMC (typically http://$HOST-bmc.cl.cam.ac.uk:16992) login as user admin, delete any previous assigned user, and add the new one with all privileges. The command to setup credentials on an omnipotent server is:
/usr/groups/netmaint/setamt $CRSid
  • 4.8 ownfiles - at leisure if needed (Linux): to ensure that ownfiles data is collected, run:
(umask 2; touch /usr/groups/linux/ownfiles/CKSUM/$HOST)
  • 4.9 Wake on LAN (WoL) - at leisure: to ensure that Wake on Lan (WoL) is available, on an omnipotent server run:
/usr/groups/netmaint/boot_wol_file-add.pl $HOST
  • Check that the RS or "Visitors" work queue has the task "completed" in the first case, or "OK" in the second (also adding the Inventory number and name of the PC after, e.g. "OK #16200 ouse")
  • Resolve the RT ticket.

Connecting to the Lab from a remote computer outside the CUDN

(Based on RT Ticket #96190)

The way to get into a computer on the Computer Lab network depends on what OS you are running.

First setup a VPN to the University. The generic VPN service is documented by the UIS at https://www.ucs.cam.ac.uk/vpn/ where you will find detailed information for making connections from a variety of client systems. This is the preferred VPN service to use.

And then...


For Windows:

You need to install both PuTTY and Pageant from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html There is a downloadable .ZIP file containing all the binaries (except PuTTYtel), and also the help files.

Generate a new public and private keypair by following the instructions at http://www.cl.cam.ac.uk/local/sys/microsoft/putty/#keysetup-windows
and continue to...

Saving the public key:
With the VPN setup and running you should be able to use Remote Desktop Connection to login to a Computer Lab windows terminal server (e.g. ts01.ad.cl.cam.ac.uk) over the VPN in order to follow the instruction above and save you public key correctly.

(See http://www.cl.cam.ac.uk/local/sys/ssh/index.html for more information)

You should then be able to connect from your remote computer using PuTTY and SSH to a computer on the Computer Lab network such as slogin-serv.cl.cam.ac.uk.

See http://www.cl.cam.ac.uk/local/sys/microsoft/putty/ for PuTTY configuration details


For Mac or Linux:

Once the VPN is setup and running, if you have a Mac or Linux box or if running some Cygwin variant under windows you could just do:

kinit CRSid@AD.CL.CAM.AC.UK

then

ssh -K sandy@cl.cam.ac.uk

cd /home/CRSid/.ssh

ssh-keygen -t rsa

view id_rsa.pub

copy the contents

pico authorized_keys

and then edit in the new public key in the following format:

from="*.cam.ac.uk" ssh-rsa
AABAB3NzaC1yc2EAAAABJQAAAIB/OVp4Ql8gNsD52sXXn2u1Ucc2DQ6r2GG5KEf2NdigJhN/CYSbcLt5pu/twZEW6egEuWcmELJAaorBBT/evigksBla+zEkNqaaiY7SWL2cpFK8+1oo2OakYSqF40FmjJQNz/5TLOC1e+87WhJlGMZJTOAgbSN98zWNMBH6ocz+aw== Macbook

and save the file.

You should then be able to easily connect from your remote computer using SSH to a computer on the Computer Lab network such as slogin-serv.cl.cam.ac.uk.