Micro Maintenance: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
| ⚫ | |||
'''William Cash''' |
'''William Cash''' |
||
| ⚫ | |||
== Software Updates == |
== Software Updates == |
||
| Line 121: | Line 122: | ||
sudo vi /etc/apache2/passwd/svn-groups |
sudo vi /etc/apache2/passwd/svn-groups |
||
=Connecting to micro over SSH= |
|||
Micro's SSH has several additional security features to prevent it from being hacked by brute force attacks. Everyday micro has numerous connection attempts from around the world, you can check the logs in /var/log/auth.log. I've disabled password authentication by setting |
|||
vi /etc/ssh/sshd_config |
|||
... |
|||
PasswordAuthentication no |
|||
... |
|||
and restarting apache. |
|||
sudo service apache2 restart |
|||
I also installed the program denyhosts to prevent someone from trying too log in too many times unsuccessfully in a short period of time. |
|||
sudo apt-get install denyhosts |
|||
To connect to micro you need to have an RSA key generated on your own computer. On a *NIX operating system you can run the command: |
|||
ssh-keygen -t rsa -b 4096 |
|||
This will create a public key in ~/.ssh/id_ra.pub. You then need to copy the contents of this file to ~/.ssh/authorized_keys on micro. You can add as many keys as you like to this file to connect from all of your computers. Another option is to copy the contents of your public keys by temporarily enabling password authentication and using the command 'ssh-copy-id'. |
|||
= System Upgrade = |
|||
The operating system of Micro has been updated Mar 22, 2013 by William Cash. The upgraded system will receive updates until Apr 2017, after which the operating system is obsolete. Another manual update will be needed at that time. |
The operating system of Micro has been updated Mar 22, 2013 by William Cash. The upgraded system will receive updates until Apr 2017, after which the operating system is obsolete. Another manual update will be needed at that time. |
||
Revision as of 00:50, 28 March 2013
William Cash
How to Maintain the Computer Server Micro.stanford.edu
Software Updates
The computer is set up to install security updates by itself. But regular updates need to be performed manually by the following steps.
Step 1: login to micro If packages need to be updated. There should be messages like:
3 packages can be updated.
Step 2: Get updates and install
sudo apt-get upgrade
Step 3: Checking the health of RAID array
cat /proc/mdstat
The output should look like the following:
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md1 : active raid1 sda2[0] sdb2[1]
4103104 blocks super 1.2 [2/2] [UU]
md0 : active raid1 sda1[0] sdb1[1]
972524352 blocks super 1.2 [2/2] [UU]
unused devices: <none>
If the output does not look like that, then something is wrong and the issue should be addressed as soon as possible.
Reboot
It is a good idea to reboot the computer from time to time, by the following command.
sudo reboot
(We are trying to schedule the computer to reboot automatically every two weeks.)
Disks and Backup
The computer's internal hard disk is configured to be RAID 1 (mirror, 1TB).
The computer has an external hard disk (RAID 1, 750GB spread over 2 partitions), which can be mounted by the following command. (The external hard disk is really two regular internal disks in a box.)
sudo mount /dev/sdc2 /mnt/group_backup
The letter/number after /dev may change, which is a problem.
(External hard disks need to be checked.)
(We are trying to set up an automatic backup of important files and web pages on the external hard disk.)
Create New SVN
Here is how to create a new SVN repository, using PIMC++ as an example. Superuser privilege is required.
Step 1: change directory to the repository directory and create new svn directory:
cd /var/www/svn sudo svn mkdir PIMC++
Step 2: import files:
sudo svn import /path_to_files/PIMC++/ file:///var/svn/www/PIMC++ -m "Initial Import"
Step 3: change ownership from root to Apache:
sudo chown -R www-data PIMC++ sudo chgrp -R www-data PIMC++
Step 4: Modify 'svn_roots' in ViewVC config file to include new subversion:
sudo vi /etc/viewvc/viewvc.conf
...
svn_roots = DD2D: /var/www/svn/DD2D,
DDLab: /var/www/svn/DDLab,
DDLab2D: /var/www/svn/DDLab2D,
DDLab_ThinFilm: /var/www/svn/DDLab_ThinFilm,
LAMMPS: /var/www/svn/LAMMPS,
MD++: /var/www/svn/MD++,
ParaDiS: /var/www/svn/ParaDiS,
Qbox: /var/www/svn/Qbox,
VASP: /var/www/svn/VASP,
ParaDiS-global: /var/www/svn/ParaDiS-global,
PIMC++: /var/www/svn/PIMC++
...
Step 5: Add PIMC++ to the Apache https webserver:
sudo vi /etc/apache2/sites-available/default-ssl
...
<Location /svn/PIMC++>
DAV svn
# SVNListParentPath on
SVNPath /var/www/svn/PIMC++
AuthType Basic
AuthName "PIMC++ SVN"
AuthUserFile /etc/apache2/passwd/svn-passwd
AuthGroupFile /etc/apache2/passwd/svn-groups
SSLRequireSSL
Require group pimc members
</Location>
...
Step 6: Restart Apache:
sudo /etc/init.d/apache2 restart
If you want to add a new user to an existing SVN:
sudo htpasswd -m /etc/apache2/passwd/svn-passwd new_user's_name
Then add the new username to the appropriate group of svn-groups:
sudo vi /etc/apache2/passwd/svn-groups
Connecting to micro over SSH
Micro's SSH has several additional security features to prevent it from being hacked by brute force attacks. Everyday micro has numerous connection attempts from around the world, you can check the logs in /var/log/auth.log. I've disabled password authentication by setting
vi /etc/ssh/sshd_config
...
PasswordAuthentication no
...
and restarting apache.
sudo service apache2 restart
I also installed the program denyhosts to prevent someone from trying too log in too many times unsuccessfully in a short period of time.
sudo apt-get install denyhosts
To connect to micro you need to have an RSA key generated on your own computer. On a *NIX operating system you can run the command:
ssh-keygen -t rsa -b 4096
This will create a public key in ~/.ssh/id_ra.pub. You then need to copy the contents of this file to ~/.ssh/authorized_keys on micro. You can add as many keys as you like to this file to connect from all of your computers. Another option is to copy the contents of your public keys by temporarily enabling password authentication and using the command 'ssh-copy-id'.
System Upgrade
The operating system of Micro has been updated Mar 22, 2013 by William Cash. The upgraded system will receive updates until Apr 2017, after which the operating system is obsolete. Another manual update will be needed at that time.
The following is a summary of the tasks performed in the System Upgrade on Mar 22, 2013.