Odin

From CSLabsWiki
Jump to: navigation, search
Odin
IP Address(es): 128.153.145.141
Contact Person: Jared Dunbar
Last Update: March 2017
VM Host (Physical): hydra
Host VM: Odin or cs141 or thor
Services: CS141 Instructional machine


Hostname: odin.cslabs.clarkson.edu
Operating system: Debian Jessie (8) amd64
LDAP Support: No
Development Status: Stable
Status: Running


Odin is a instructional machine used for CS courses where coursework assumes access to a Linux machine. It is a lab-managed response to Polaris, OIT's server for the same purpose, although:

  • Polaris uses AD, while Odin presently does not (though it possibly can by leveraging OIT'S CAS);
  • Polaris has access to AFS, while Odin does not (we would need a trust relationship);
  • We cannot administer Polaris, but we can and do Odin;
  • Polaris runs an outdated CentOS 5 with similarly outdated compilers, whereas Odin runs a newer stable Debian that is updated at least a couple times per year;
  • Polaris is a two-core, 8GB RAM, low-priority VM with 10G disk (backing only /tmp and the core system) plus AFS mounts for most storage, whereas Odin is a 12-core, 12GB RAM VM with 32G disk only (which can be expanded as has been done in the past) and nested virtualization enabled, making it especially suitable for OS work;
  • Polaris uses AFS ACLs for most administration, whereas Odin uses UNIX permission bits with POSIX ACLs where needed;
  • Polaris and its operation is OIT's responsibility, while Odin is ours;

...and so on; this list is not necessarily complete.

Setup

Odin is, more or less, a plain Debian machine. Users are added and administered using the standard /etc/passwd file and the various utilities which manage it. It is unfirewalled and has an SSH server default ports (in addition to our various non-standard ports)--fail2ban might be a good idea in the future, but it is presently not implemented--and any such implementation should be lenient to prevent accidental lockout of students.

For running VMs, as is important in CS444, QEMU (system i386 and x64) and KVM are installed. Users need access to the /dev/kvm node for this to work; one can either:

  1. Add all users to the kvm group, or
  2. Edit the appropriate udev rule (I found ours in /lib/udev/rules.d/60-qemu-system-common.rules) from MODE="0660" to MODE="0666" (and chmod a+rw /dev/kvm) to allow any user to access it.

For ease, we have done the latter in the present installation.

As mentioned below, /root/scripts is a clone of this repository.

Operations

While courses' terms are handled by the instructors, there exist a number of scripts in /root/scripts which are meant to facilitate this work, especially for large classes. See the current README on the repository for more information and assistance, and report issues there.

Legal Matter

Odin contains assignment data and coursework. As such, the information thereon is protected by FERPA, and administrators must be aware of the FERPA standards and be especially vigilant about preventing accidental information leaks. We assume all course instructors are so informed, but any user which can view other users' file trees (currently, users in groups admin and sudo) must be officially recognized as "FERPA certified". At present, a quiz exists on PeopleSoft for all current students, and takes only a few minutes to complete. Should that disappear for any reason, OIT can be asked to enable it per-student.

Updates

Planned Updates:

These updates are planned for the near future (hopefully FA2017), and will be developed in a testing environment over the summer.

Secure web interface for students and administrators

Create a secure webpage for students to use Odin, as well as submit assignments

Students can do the following:

  • view their home directory, any class submission directories
  • upload/download their files
  • view assignment details, as well as due dates

Professors can do the above and also the following:

  • assignment and class dashboard - view progress of an assignment
  • administrate their classes and the assignments within
  • statically linked assignment details, for easy linking into emails or Moddle or their webpages
  • export all class data, including assignments, submissions, and other data

Ncurses Wrapper for lab.sh administration

Professors would be able to use the scripts to administrate their classes and assignments from a friendlier ncurses interface, (ex, see htop)