Difference between revisions of "NAS"

From CSLabsWiki
(Undo revision 8608 by Amilia (talk))
 
Line 1: Line 1:
 
{{services
 
{{services
|ip_addr = 128.153.145.10
+
|ip_addr = 128.153.145.50
|contact_person = [[User:xperia64|xperia64]]
+
|contact_person = [[User:Amilia|Amilia]]
|last_update = ''Fall 2016''
+
|last_update = ''October 2017''
 
|services = Storage Server
 
|services = Storage Server
 
|category = Machines
 
|category = Machines
|handoff = Yes
+
|handoff = No
 
}}
 
}}
   
 
{{Machine
 
{{Machine
| maintainer = [[User:xperia64]]
+
| maintainer = [[User:Amilia|Amilia]]
| hostname = bacon.cslabs.clarkson.edu
+
| hostname = nas1.cslabs.clarkson.edu
| operating_system = Debian 8.5.0
+
| operating_system = None
| interface1 = {{Network Interface | name=Clarkson Network | mac=? | ip=128.153.145.10}}
+
| interface1 = {{Network Interface | name=Clarkson Network | mac=00:d0:b8:0e:fd:65 | ip=128.153.145.50}}
| cpuspecs = Intel Xeon E5-2609 v2 @ 2.5 GHz (4 cores)
+
| cpuspecs = Intel Celeron E1500 @ 2.2 GHz (2 cores)
| ramspecs = 16 GB
+
| ramspecs = 2 GB
 
}}
 
}}
   
 
==Summary==
 
==Summary==
'''Bacon''' is our main storage server. It hosts our NFS home partitions for our lab build.
 
   
==Setup==
 
Begin with a basic Debian install, configuring a software RAID1 for the two WD Gold Datacenter boot drives.
 
Assuming you do not want to keep the data on the existing storage drives, wipe the partitions off of the storage drives and configure them for software RAID6.
 
   
LDAP & Kerberize the server as described [[How_to_add_Kerberos_to_a_Debian_Machine|here]]
 
   
  +
==Accessing and storing data on NAS==
===NFS===
 
Install the following packages:
 
<pre>
 
nfs-kernel-server nfs-common
 
</pre>
 
 
Since we're using Kerberos, you'll want to make sure this has a service key. As documented in [https://wiki.debian.org/NFS/Kerberos the Debian wiki], you'll want to make a key called <code>nfs/fully.qualified.domain.name</code> (in our case, <code>nfs/bacon.cslabs.clarkson.edu</code>) and add it to the local key table:
 
<code><pre>
 
root# kadmin -p username/admin
 
Enter password:
 
kadmin> ktadd nfs/fully.qualified.domain.name
 
Added kvno ...
 
...
 
kadmin> q
 
root #
 
</pre></code>
 
 
Astute readers will note that this is the same procedure used to add host keys for NFS clients, with the key's name changed.
 
 
Ensure that your RPC services are running: this includes the following processes (use <code>ps -e</code> as root):
 
 
* <code>rpcbind</code>: the core RPC dispatcher.
 
* <code>rpc.statd</code>: the "stat" service that gives information about running services.
 
* <code>rpc.mountd</code>: the "mount" service that actually provides most of the necessary registration protocol for initially mounting an NFS share.
 
* <code>rpc.idmapd</code>: the "idmapd" service that provides username to ID mappings across domains (somewhat redundant in our case, due to LDAP).
 
* <code>rpc.svcgssd</code>: the service that does GSS (Kerberos) authentication on the server side (compare <code>rpc.gssd</code>, which does so on the client).
 
 
If those aren't running, try asking your init system to restart the nfs kernel services; on Bacon, for example, do <code>systemctl restart nfs-kernel-server</code>. If that still doesn't work, try a reboot; if ''that'' doesn't work, or you don't want to reboot, try checking your Kerberos configuration for validity (e.g., check the keytab with <code>klist -k</code>), make sure <code>rpc_pipefs</code> is mounted somewhere, etc.).
 
 
Edit /etc/exports and point it at the proper directory like so:
 
<pre>
 
/storage 128.153.144.0/23(rw,no_root_squash,no_subtree_check,sec=krb5i,async)
 
</pre>
 
Note that while async may be less "safe" than sync, it is necessary to ensure reasonable performance and not wear the drives more than necessary.
 
 
Run the following command as root to export the new mount:
 
<pre>
 
exportfs -ra
 
</pre>
 
 
(Alternatively, you can restart the NFS kernel services, as above, but beware that this will probably kick already connected clients.)
 
 
Attempt to mount this NFS share on a known working client build.
 
 
===Web Services===
 
The main cslabs.clarkson.edu page is hosted with nginx.
 
Essentially, point cslabs.clarkson.edu and cosi.clarkson.edu to /var/www/cslabs, and if you feel like maintaining an incredibly out of date web page, point xen.cslabs.clarkson.edu to /var/www/xen
 
 
===PXE Boot===
 
To set up a PXE server, install the following package:
 
<pre>
 
tftpd-hpa
 
</pre>
 
Edit /etc/default/tftp to contain the following
 
<pre>
 
# /etc/default/tftpd-hpa
 
 
TFTP_USERNAME="tftp"
 
TFTP_DIRECTORY="/storage/srv/tftp"
 
TFTP_ADDRESS="0.0.0.0:69"
 
TFTP_OPTIONS="--secure"
 
</pre>
 
and reload or restart the tftp service.
 
 
Ensure that /storage/srv/tftp/pxelinux.cfg/default exists and contains a valid PXE config.
 
Note that if any PXE Boot item requires a "fetch" kernel append, the folder that it is trying to fetch must be symlinked from /storage/srv/tftp to /var/www/cslabs so that nginx can serve it.
 
 
====Adding modules to an initrd.img====
 
Extract your initrd.img to a working folder using the appropriate combination of zcat/xzcat and cpio -idm.
 
<pre>
 
mkdir tmp/ && cd tmp/
 
xzcat ../initrd.img | cpio -idm
 
</pre>
 
Boot a computer/VM into an OS most similar to whatever you are trying to PXE boot. For instance, if you want to add a driver to a Xenial Xerus based distro such as Clonezilla-Alternative, boot a Xenial based machine.
 
Install the linux-image matching that in the PXE distro. Build whatever kernel modules you want to include for this kernel/architecture. Copy them where they need to go.
 
<pre>
 
cp /lib/modules/4.4.0-24-generic/kernel/drivers/net/usb/r8152.ko /path/to/initramfs/tmp/lib/modules/4.4.0-24-generic/kernel/drivers/net/usb
 
</pre>
 
Run depmod on the host to update the modules.* and modules.*.bin files.
 
<pre>
 
depmod -a -b /path/to/initramfs/tmp/ 4.4.0-24-generic
 
</pre>
 
Rebuild your initramfs like so:
 
<pre>
 
find . | cpio --quiet -o -H newc | xz -c -9 --check=crc32 > ../initrd.img
 
</pre>
 
 
==Backup Notes==
 
When backing up and restoring Bacon, ensure that rsync does not try to set the owner, group, or permissions of files. Practice with a small folder to ensure you get the flags right.
 
 
==Future Setup Suggestions==
 
* Consider using an alternative filesystem when setting up a new storage server such as BTRFS or alternatively going back to ZFS for potential speedup
 
* Consider setting up a small RAM disk for use with the dm-cache module for potential speedup
 

Latest revision as of 21:58, 5 October 2017

NAS
IP Address(es): 128.153.145.50
Contact Person: Amilia
Last Update: October 2017
Services: Storage Server


Hostname: nas1.cslabs.clarkson.edu
Operating system: None
NIC 1: Clarkson Network
MAC: 00:d0:b8:0e:fd:65
IP: 128.153.145.50
CPU: Intel Celeron E1500 @ 2.2 GHz (2 cores)
RAM: 2 GB


Summary

Accessing and storing data on NAS