tech_docs:server

Server configuration for morphia & surrounds

THIS PAGE IS VERY OUT OF DATE

See also the server change log page and server aspirin

MHV's old server was named 'morphia' (it was the successor to 'epidural', who was named for this.)

morphia is running GNU/Linux - Debian 6 “squeeze”. It is configured for various functions in the space - including DNS, DHCP, SMB fileserving, print serving, network booting for LTSP “fat clients”. It also runs the space probe.

All hardware has been donated. Morphia is a Sun Fire V40Z, 8x Opteron CPUs and 56Gb RAM (thanks JC!) Old hardware but very respectable in its day.

SCSI backplane removed, SATA PCI-X card added. Has 2x 250Gb SATA HDDs (RAID1 mirror w/ Linux software RAID.), plus a single 500Gb SATA HDD for incremental backups. Boots partition on a USB stick, kexec chainloaded from a CD-ROM, due to BIOS limitations (awful hack but works fine now.)

Uses LVM layered on on top of Linux software RAID (md.)

2x 250Gb SATA HDDs are joined into one software RAID-1 (mirror array) device /dev/md0 (To get status you can 'cat /proc/mdstat'

/dev/md0 is then used as a volume group “vg0” for LVM (to get info you can 'sudo vgdisplay')

“vg0” contains two logical volumes, one for root (/), and one for home (/home) (to get info you can 'sudo lvdisplay')

Other filesystems are mounted directly, you can see them in /etc/fstab

Accounts are available on request for MHV Associate & Full Members. Ask a committee member if you'd like an account.

Make sure to use a secure password, as morphia is ssh-accessible from outside the space. Also remember that although all our admins take care, we are not a professional hosting environment so please don't store anything that you consider sensitive or critically important.

Most of the explanations on this page assume admin 'sudo' access (ie being in the sudo group.) If you don't have sudo and want to do something, best to find someone who does and ask them. :)

Servers are ISC dhcpd & Bind9. Config files on Debian live in /etc/dhcp/dhcpd.conf and /etc/bind/named.conf.*. Bind zone files in /var/cache/bind.

Local network domain is .mhv.

DHCP is configured to automatically add/remove hostnames to DNS when DHCP leases are added/removed. This makes for minimal up-front configuration (yay!)

You have 4 options of varying convenience. In order of preference, 'best first':

1. Do nothing & use DHCP. If your machine reports a hostname, this will be added to DNS and “just work” for lookups. Windows machines all report hostnames, on *nix you'll need to look for a “host-name” option.

2. Add a dynamic host entry to /etc/dhcp/dhcpd.conf. This associates a MAC address with a hostname on the DHCP server, so it doesn't matter if the client doesn't specify one (for example, if it PXE boots or if it's an embedded device.) This leaves everything else dynamic. The hostname will be automatically added to DNS and “just work” for lookups.

Example:

        host adminputer {  
          hardware ethernet 00:08:02:fa:b3:e5;  
          option host-name "adminputer";  
          ddns-hostname "adminputer";  
        }

3. Add a static host entry to /etc/dhcp/dhcpd.conf. This means the client will always have the same IP as well as hostname. Look at NetworkTopology to see what IP range to use.

Example:

        host adminputer {  
          hardware ethernet 00:08:02:fa:b3:e5;  
          option host-name "adminputer";  
          ddns-hostname "adminputer";  
          fixed-address 10.0.0.32;
        }

4. Least desirable option: configure your device with a static IP. Look at NetworkTopology to see what IP ranges to use. Add DNS forward/reverse lookup entries to the files in /var/cache/bind/.

exim4 is currently configured to run as a smarthost agent of the mail.internode.on.net smart relay with localmail sent to Maildirs in home directories.

Local mail is delivered to ~/Maildir for each user. You can access this with mutt -f ~/Maildir, other mail user agents can be made available if needed, but it's unlikely that it will be used very much.

External mail is sent via mail.internode.on.net with the domain name masked to ppp59-167-142-245.static.internode.on.net. Note: there is currently no return mail configured.

This is currently disabled. If other machines need to send mail this may be reconsidered, but for now there's no use case.

The exim config is currently managed by Debian's update-exim4.conf utility with the /etc/update-exim4.conf.conf file as the basic config tool.

There are two apache virtual web hosts configured:

  • /etc/apache2/sites-available/default is an internal-only web site (webroot /var/www), available at http://morphia/ but only from inside the space. This host has mhvdb and munin monitoring, etc.

Apache is configured for UserDirs, so if you create a directory called “public_html” it will be accessible at http://space.makehackvoid.com/~your_username/. You'll need sudo-level access to anything more complex to either host.

The Wiki is the Debian-provided version of 'MoinMoin'. The config & data files for this particular wiki are stored at /opt/moinmoin.

PAM authentication (so you can use server accounts) is provided by a custom module at /opt/moinmoin/pam_login.py

Is a Django app installed at /opt/mhvdb.

Membership reminder emails are sent by a cron job running as www-data, via a Django management command. ie to view the cronjob

  sudo crontab -l -u www-data

SMB (Windows) fileserver configured via /etc/samba/smb.conf.

Two shares:

  • 'general' is read/write by anyone. For general sharing of files. Local path /opt/shares/general (world-writable)
  • 'MHV' is read-only by guests, writable by committee members. For “official” MHV stuff. Local path /opt/shares/mhv

SMB authentication is currently separate from “normal” login authentication. You can set an SMB password with 'sudo smbpasswd -a <username>'. Once set, users can change their own with 'smbpasswd'.

CUPS admin interface is available inside the local network, http://morphia:631 .

CUPS is configured to re-share the network LaserJet and also the LabelPrinter attached to the admin computer (when it's turned on.) Maybe more printers/plotters to come…

Samba is also configured to share the printers to Windows clients, although this hasn't been tested.

To use the printer on Mac OSX, add it as an IP printer with Address morphia:631 and queue /printers/LaserJet-4000. Set duplex printing in the options.

Connect to cups admin and clear any old jobs out of the queue (needs root username/password). Try sending test page to printer through admin interface.

In menus on printer you can print a configuration page from the information menu that will tell you what the IP address is of the printer. See if you can ping that IP address. If you can't ping it, check the network connection (it can come loose).

Munin is generating reports at http://morphia/munin (accessible from inside the space only.)

Some basic email monitoring also runs - smartd (/etc/smartd.conf), mdadm (/etc/mdadm/mdadm.conf) monitor disks. A weekly RAID check is kicked off from /etc/cron.weekly. These are configured to send email to root. If you're an admin and would like to see system emails, add your desired address to the aliases for 'root' in /etc/aliases.

TFTP server root is /var/lib/tftpboot

By default, DHCP clients are given PXE boot information for LTSP. See LTSPWorkstations.

rsnapshot runs from /etc/cron.daily/rsnapshot-daily & /etc/cron.weekly/rsnapshot-weekly to mount /mnt/backup (donated 500Gb hard disk) and perform incremental backups.

There is currently no automatic checking of backups, if someone wants to fix that (so it emails on failure) it would be awesome. :)

The space probe controller is installed in /opt/spaceprobe/. The controller is a Lua program which then communicates with the probe itself. See also https://github.com/makehackvoid/MHV-Space-Probe

The probe itself has a static DHCP lease, can be found on the space's network as http://spaceprobe.mhv/ (there's a help page there with the “web API” the probe supports.)

There is a spaceprobe user which the Lua process runs as. At startup, it is launched in a detached screen session from /etc/rc.local.

To see spaceprobe output, if you have sudo access you can run 'sudo screen -r spaceprobe/' to see the output.

If you want to fix this to be (even) less hacky, please do. :)

  • tech_docs/server.txt
  • Last modified: 2015/01/29 18:55
  • (external edit)