Admin Notes

Machine set-up checklist

Installing Debian

Getting the the Debian Installer Going

download the netinst image from the Debian installer page

Setup

Partitioning

Note: on an EFI machine (all newer machines):

Note: to log in:

Network/Systemd Setup

There's an old-style way to configure networking and name resolution on Debian (networking.service, ifup/ifdown, /etc/networking/interfaces). These steps disable that and let systemd and its components networkd and resolved handle these aspects.

In particular, this gets boot ordering right so that NFS mounts happen automatically.

# remove network-manager, which is a tool to manage networking on laptops
apt remove network-manager

# disables the old networking service
systemctl status networking.service
systemctl disable networking.service

# enable the new stuff
systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service
systemctl enable systemd-networkd-wait-online.service

Next, configure the network. Typically, all you'll need is a file /etc/systemd/network/80-dhcp.network containing something like:

[Match]
MACAddress=6c:f0:49:75:5c:69

[Network]
DHCP=yes

(You'll need to change the MAC address.)

Next, reboot. If network-manager was installed, /etc/resolv.conf may be a relic symlink that points to something network-manager created. If so, that's safe to delete. It'll get recreated on next boot.

Note, you may need to link /etc/resolv.conf with ln -s /run/systemd/resolve/resolv.conf after reboot.

User Database

(Optional) Update the userdb.yml file on porter with restricted hosts if the machine will be restricted.

NFS

Initial Setup

Packages

File system setup

RAID

btrfs raid (partition other disk first, similar to main disk)

sfdisk -d /dev/sda > table
sfdisk /dev/sdb < table

then

btrfs device add /dev/sdb2 /
btrfs balance start -dconvert=raid1 -mconvert=raid1 /

User Management

User management

  1. Change /etc/nsswitch.conf to read

    passwd:         compat extrausers
    group:          compat extrausers
    shadow:         compat extrausers
  2. Clone extrausers-maint into /opt.

  3. Uninstall and purge anacron, install cronie, add MAILFROM=andreask@illinois.edu to crontab

  4. on cron fail, MAILFROM will be set to root@cs.illinois.edu. UIUC doesn't like that. This should be changed to lukeo@ or andreask@.

  5. Change the alias in /etc/aliases to root: andreas@tiker.net, lukeo@illinois.edu

  6. Update the default editor to vim: update-alternatives --config editor

  7. Use visudo to add extrasudo group access to sudo.

    %extrasudo      ALL=(ALL:ALL) ALL

Snapshots

btrfs snapshots:

btrfs subvolume create /snapshots

Also add /snapshots to PRUNEPATHS in /etc/updatedb.conf.

Other stuff

User Database

A shared user database is maintained in /etc/scicomp-users/userdb.yml on porter. (Do not edit the database elsewhere--it will be overwritten.)

To create a user, do the following:

  1. cd /etc/scicomp-users

  2. vim userdb.yml to add the user

  3. ./passwd.sh USERNAME to set their password (only needed if they need sudo)

  4. ./update.sh

  5. A cron job runs on all attached machines every ten minutes that propagates the changes.
  6. Subscribe them to the mailing list.

GPU Access

GPU access is by the group gpu.

For AMD cards, see OpenCLHowTo.

OpenCL

The AMD and Nvidia OpenCL implementations (and the GPU drivers) are available as packages from Debian. Also install opencl-headers. The Intel implementation must be installed by hand.

NFS Notes

Roughly followed this guide: https://www.howtoforge.com/install_nfs_server_and_client_on_debian_wheezy

The basic steps:

  1. install nfs-common (and nfs-kernel-server) on porter (server) and client (e.g. stout)
  2. (server only at setup) create shared on porter:

    mkdir /shared
    chown root:root /shared
    chmod 755 /shared
  3. (on server for each new client) On porter, add a line like this for each client in /etc/exports:

    /shared stout.cs.illinois.edu(rw,sync,fsid=0,crossmnt,no_subtree_check,no_root_squash)

    then /etc/init.d/nfs-kernel-server restart

  4. (on each new client) create shared in the same way and then add the mount point to /etc/fstab:

    porter.cs.illinois.edu:/shared /shared nfs rw,sync,hard,intr 0 0
  5. reload fstab with mount -a

  6. /etc/scicomp-users/update.sh will set up ~/shared directory. run once to setup (optional)

CUDA

While Debian does package Nvidia drivers, it is sometimes necessary to play "version bingo". To manually install the drivers

  1. Run the driver .run file.

  2. Run the CUDA toolkit .run file like so: PERL5LIB=. bash cuda_8.0.61_375.26_linux-run --override

  3. Add /usr/local/cuda/bin to the $PATH in /etc/login.defs and /etc/profile. (seems to cover bash and zsh)

Remote Management

SuperMicro-based

Either through the web (if Java web start works for you), or through this SuperMicro utility:

ASUS-based

(dunkel only)

https://velenux.wordpress.com/2017/06/07/workaround-for-javaws-jnpl-error-cannot-grant-permissions-to-unsigned-jars/

There’s an emergency and you’re trying to log on that ancient KVM/iLO/iDRAC and you’re getting an error like:

net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars.

Quick workaround:

Find the java.security file. Debian: /etc/java-8-openjdk/security/java.security

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Comment it out, copy it, delete the MD5 string.

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

Now download the JNLP file from the web interface and run

javaws -nosecurity jviewer.jnlp

From off-campus

IPMIView via VNC on stout, connected through EWS works.

MachineShop/AdminNotes (last edited 2018-09-16 21:16:44 by 130)