Service Desk Knowledgebase: Servers: Difference between revisions
Line 44: | Line 44: | ||
On (nearly) all machines, access on the '''filer''' fileserver is based on the kerberos ticket used to access the '''filer'''. root has a low priv kerberos key. To '''raise your privs''', you have to login to an 'omnipotent' machine (currently '''laira''' & '''totan''') which uses NFS sec=sys rather than sec=keb5 and has root_no_squash. | On (nearly) all machines, access on the '''filer''' fileserver is based on the kerberos ticket used to access the '''filer'''. root has a low priv kerberos key. To '''raise your privs''', you have to login to an 'omnipotent' machine (currently '''laira''' & '''totan''') which uses NFS sec=sys rather than sec=keb5 and has root_no_squash. | ||
===Creating a HotCRP Conference Server=== | ===Creating a HotCRP Conference Web Server=== | ||
1. Use PuTTY and go to the CL's '''slogin-serv.cl.cam.ac.uk''' | 1. Use PuTTY and go to the CL's '''slogin-serv.cl.cam.ac.uk''' | ||
Revision as of 13:05, 17 March 2015
This is the Severs content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.
If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.
Return to the Service Desk Knowledgebase SERVICE PORTFOLIO
Key Service Description & URLs
- CL Terminal Servers
- Computer Laboratory News (Twitter use @UC_CL_SysAdm)
CL Customer Documentation
Further CL Sys-Admin Resources
- http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HotCrp?highlight=%28HotCRP%29 - HotCRP
- http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/TgtServer - Ticket Granting Tickets (TGT) Server
- See also File Server
Underpinning Services
- ??? - Any supporting or underpinning services
Customer-base for this Service
- All staff and students of the Computer Laboratory
Costs
- Free to all current staff and students of the Computer Laboratory
SLA
- N/A
Service Desk Call Handling Procedure
Escalation points and key contacts to be defined...
- RT tickets can be escalated to the ??? team by leaving the Queue as sys-admin with the Owner set to Nobody and the Status set to new. Tell the requestor:
I am passing this request over to the ??? team who, I'm sure, will be in contact shortly.
- RT tickets can be escalated to the ??? by changing the Queue to ??? with the Owner set to Nobody and the Status set to new. Tell the requestor:
I am passing this request over to the ??? team who, I'm sure, will be in contact shortly.
- RT tickets can be escalated to Firstname Lastname by changing the Owner to ??? with the Status set to new. Tell the requestor:
I am passing this request over to ??? who, I'm sure, will be in contact shortly.
'Omnipotent' Machines Laira & Totan and Privileges
Piete Brooks (6/3/15)
On (nearly) all machines, access on the filer fileserver is based on the kerberos ticket used to access the filer. root has a low priv kerberos key. To raise your privs, you have to login to an 'omnipotent' machine (currently laira & totan) which uses NFS sec=sys rather than sec=keb5 and has root_no_squash.
Creating a HotCRP Conference Web Server
1. Use PuTTY and go to the CL's slogin-serv.cl.cam.ac.uk
2. Make the PuTTY window longer.
3. Type kinit & press [Enter]
4. Enter your CL Password for CRSid@AD.CL.CAM.AC.UK & press [Enter]
5. Type ssh -K laira & press [Enter] to go to the privileged machine laira
6. At the laira:~$ prompt use sudo ssh -K svr-hotcrp and [Enter]
7. Then cd /opt/hotcrp and [Enter]
8. sh -x README.cl shortName and [Enter] (shortName is the conferences name which must have no spaces)
9. You will get output like the following which tells you what to do next:-
SenSys_2015
edit SenSys_2015/conf/options.php (was Code/options.inc) and check that it looks plausible. 'paperSite' should be set to http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015 'downloadPrefix' should be set to 'SenSys_2015-" (note the trailing hyphen). set shortName', 'longName', 'contactName', 'contactEmail' and 'emailFrom' and 'emailSubmissions' from the user supplied info.
+ echo
+ echo Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful' Add SenSys_2015 to /etc/apache2/httpd.conf, then 'cl-asuser service apache2 graceful'
10. Use vi SenSys_2015/conf/options.php and [Enter] to set the options mentioned similar to the following example:-
$Opt["dbName"] = "SenSys_2015"; $Opt["dbUser"] = "SenSys_2015"; $Opt["dbPassword"] = "SenSys_2015_cm542"; $Opt["shortName"] = "SenSys2015"; $Opt["longName"] = "13th ACM Conference on Embedded Networked Sensor Systems"; $Opt["conferenceSite"] = "http://sensys.acm.org/2015/"; $Opt["paperSite"] = "http://svr-hotcrp.cl.cam.ac.uk/hotcrp/SenSys_2015"; $Opt["downloadPrefix"] = "SenSys_2015-"; $Opt["contactName"] = "Cecilia Mascolo"; $Opt["contactEmail"] = "cm542@cam.ac.uk"; $Opt["sendEmail"] = true; $Opt["emailFrom"] = "cm542@cam.ac.uk"; $Opt["emailSender"] = null; $Opt["emailSubmissions"] = "cm542@cam.ac.uk";
11. Using vi /etc/apache2/httpd.conf copy a previous conference setup
12. Just above Next confernce here... at the end of the file paste in the previous conference details and edit them for the current conference
13. :wq and [Enter] to write & quit vi
14. Restart with cl-asuser service apache2 graceful and [Enter]
15. Close down the sessions and PuTTY using exit and [Enter]
Contacts
Primary
- ???@cl.cam.ac.uk (Goes to ???)
- ???@lists.cam.ac.uk (Goes to ???)
- Tel: ???
Other
Availability
- Monday:
- Tuesday:
- Wednesday:
- Thursday:
- Friday:
- Saturday: Closed
- Sunday: Closed
Hints, Tips & Known Issues
Slogin-serv & Filer Home directory
Piete Brooks (12/3/15)
If connecting to slogin-serv.cl.cam.ac.uk you will be allocated a "std lab" machine (based on current usage) and see either of the prompts:
svr-ssh-1:~$ (the virtual server)
or
sandy:~$ (the physical server)
Each of these machines require their own separate & time-limited krbtgt key for access to your home directory (/home/CRSid) on the departmental "filer" fileserver using the Kerberos authenication protocol. If the key has timed-out you can request a fresh krbtgt key manually using the “kinit” command on each of the servers.
Categorising Keywords
- A categorization or service type