Open main menu

CDOT Wiki β

Changes

Daily Infrastructure Duties
[[Category:CDOT Staff]][[Category:Fedora ARM Secondary Architecture]][[Category:SOP]]
== Daily Infrastructure Duties ==
** Mount points from Hong Kong - Work Space (builder specific, and /mnt/koji).
* Back-ups - Check all automated back ups
**Back-ups are located on Ireland, New Zealand the critical management servers and iraq - /vararchive/kojiblaze-backup/***should contain backups of "/etc" and a postgresql dump, run on a daily basis at after midnight. These are cronjobs run as root for "/etc" and as koji for the postgresql dump.***Ireland should also have a full copy of "/mnt/koji". This is a cronjob run under the root account on Hong Kong.
* Check available disk space on all relevant machines - Hongkong, Ireland and New Zealand.
** /var and /mnt/koji on Hong Kong
== Create Koji Builder - Create repo ==
* install 'Download the ARM patched koji-builder' rpm packagesoftware from [http://scotland.proximity.on.ca/paulwhalen/ Koji Software] yum install localinstall koji-1.6.0-2.fc15.arm.noarch.rpm koji-builder-1.6.0-2.fc15.arm.noarch.rpm
* on hongkong create a certificate to be used with the new host. Certificates are created from the directory '/etc/pki/koji' by running the 'certscript'. A link to the [http://scotland/paulwhalen/certscript certscript]
./certscript <hostname>
* copy the cert (hostname.pem) and 'koji_ca_local+fedora.crt' to the new host machines '/etc/kojid/' folder.
* In order for createrepo tasks to work successfully you will need to downgrade the createrepo package and yum packages that is are included in F16. Download [http://kojipkgsscotland.fedoraprojectproximity.orgon.ca/packagespaulwhalen/createrepo/-0.9.8/-5.fc14/.noarch/.rpm createrepo-0.9.8-5.fc14.noarch.rpm createrepo] and [http://scotland.proximity.on.ca/paulwhalen/yum-3.2.29-10.fc15.noarch.rpm yum-03.92.829-510.fc14fc15.noarch.rpm ]
rpm -Uvh --oldpackage createrepo-0.9.8-5.fc14.noarch.rpm
rpm -Uvh --oldpackage yum-3.2.29-10.fc15.noarch.rpm
* Edit the /etc/yum.conf to exclude the above packages from being updated
* edit '/etc/kojid/kojid.conf'. Example of a kojid.config can be found here [http://scotland/paulwhalen/kojid.conf kojid.conf]
* Edit the export file in the nfs server that holds mount koji, at this point which is chile and add the to-be-createrepo machine's info on that file and restart the nfs server
* Add mount koji through nfs in the to-be-createrepo machine (make the mounting directory and edit the fstab) and run mount all
 
 
== Bandwidth Throttling and Connection Limiting in Scotland ==
=== Throttling ===
* This script is based on [http://www.topwebhosts.org/tools/traffic-control.php Traffic Shaping script] and uses [http://linux.die.net/man/8/tc tc command]
* The bandwidth throttling script ''bwmon'' is available in /usr/local/bin in scotland
* Activate it by running the following
bwmon start
* Available options are
# bwmon [start|stop|restart|show]
 
* Script base is available [http://www.topwebhosts.org/tools/tc.bash.txt here]
* [http://www.linuxquestions.org/questions/linux-server-73/applying-download-speed-limit-iptables-842906/ External link] on bandwidth throttling.
 
=== Connection Limiting ===
* Connection will be limited 2 per host every 60 sec
* Custom netfilter tables are available in /usr/local/bin directory
 
* To enable connection limiting run the following
 
iptables-restore < /usr/local/bin/connlim.iptab
iptables-save > /etc/sysconfig/iptables
 
* To disable connection limiting run the following
iptables-restore < /usr/local/bin/regular.iptab
iptables-save > /etc/sysconfig/iptables
* More info available at [http://www.topwebhosts.org/tools/traffic-control.php Cybercity]
 
 
 
== rsync server: Scotland ==
 
* The rsync server is running at default rsync port (TCP 873)
 
* Associated files are
daemon file = /etc/rsyncd.conf
motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
* The Firewall was adjusted to accommodate the rsyncd service. Please see [http://zenit.senecac.on.ca/wiki/index.php/Fedora_ARM_Secondary_Architecture/Standard_Operating_Procedures#Connection_Limiting already implemented firewall rules]
* Available modules are test and raspberrypi
* Sample invocation method as follows
rsync -aprvz scotland.proximity.on.ca::raspberrypi /path/to/destination/directory
* Script base is available at [http://everythinglinux.org/rsync/ Everything Linux]
* Additional tutorials available at [http://zenit.senecac.on.ca/wiki/index.php/OPS335_Lab_10 Seneca Wiki]
=== Feature possibilities for the rsync server ===
* Service Command compatibility [http://www.fredshack.com/docs/rsync.html script from Fredshack] can be added
* Systemd compatibility [https://gist.github.com/1401352 script from Github] can be implemented
1
edit