Micro Maintenance

From Micro and Nano Mechanics Group
Revision as of 01:50, 24 April 2013 by Caiwei (talk | contribs)
Jump to navigation Jump to search


How to Maintain the Computer Server Micro.stanford.edu

William Cash

Apr 23 , 2013




Software Updates

The computer is set up to install security updates by itself. But regular updates need to be performed manually by the following steps.

Step 1: login to micro If packages need to be updated. There should be messages like:

         3 packages can be updated.

Step 2: Get updates and install

 sudo apt-get upgrade

Step 3: Checking the health of RAID array

 cat /proc/mdstat 

The output should look like the following:

Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md1 : active raid1 sda2[0] sdb2[1]
      4103104 blocks super 1.2 [2/2] [UU]
     
md0 : active raid1 sda1[0] sdb1[1]
      972524352 blocks super 1.2 [2/2] [UU]
     
unused devices: <none>

If the output does not look like that, then something is wrong and the issue should be addressed as soon as possible.

Reboot

It is a good idea to reboot the computer from time to time, by the following command.

 sudo reboot

(We are trying to schedule the computer to reboot automatically every two weeks.)


Disks and Backup

The computer's internal hard disk is configured to be RAID 1 (mirror, 1TB).

The computer has an external hard disk (RAID 1, 750GB spread over 2 partitions), which can be mounted by the following command. (The external hard disk is really two regular internal disks in a box.)

sudo mount /dev/sdc2 /mnt/group_backup

The letter/number after /dev may change, which is a problem.

(External hard disks need to be checked.)

(We are trying to set up an automatic backup of important files and web pages on the external hard disk.)

Create New SVN

Here is how to create a new SVN repository, using PIMC++ as an example. Superuser privilege is required.

Step 1: change directory to the repository directory and create new svn directory:

 cd /var/www/svn
 sudo svn mkdir PIMC++

Step 2: import files:

 sudo svn import /path_to_files/PIMC++/ file:///var/svn/www/PIMC++ -m "Initial Import"

Step 3: change ownership from root to Apache:

 sudo chown -R www-data PIMC++
 sudo chgrp -R www-data PIMC++

Step 4: Modify 'svn_roots' in ViewVC config file to include new subversion:

 sudo vi /etc/viewvc/viewvc.conf
 ...
 svn_roots =     DD2D: /var/www/svn/DD2D,
                 DDLab: /var/www/svn/DDLab,
                 DDLab2D: /var/www/svn/DDLab2D,
                 DDLab_ThinFilm: /var/www/svn/DDLab_ThinFilm,
                 LAMMPS: /var/www/svn/LAMMPS,
                 MD++: /var/www/svn/MD++,
                 ParaDiS: /var/www/svn/ParaDiS,
                 Qbox: /var/www/svn/Qbox,
                 VASP: /var/www/svn/VASP,
                 ParaDiS-global: /var/www/svn/ParaDiS-global,
                 PIMC++: /var/www/svn/PIMC++
 ...

Step 5: Add PIMC++ to the Apache https webserver:

 sudo vi /etc/apache2/sites-available/default-ssl
 ...
 <Location /svn/PIMC++>
      DAV svn
 #    SVNListParentPath on
      SVNPath /var/www/svn/PIMC++
      AuthType Basic
      AuthName "PIMC++ SVN"
      AuthUserFile  /etc/apache2/passwd/svn-passwd
      AuthGroupFile /etc/apache2/passwd/svn-groups
      SSLRequireSSL
      Require group pimc members
 </Location>
 ...

Step 6: Restart Apache:

 sudo /etc/init.d/apache2 restart


If you want to add a new user to an existing SVN:

 sudo htpasswd -m /etc/apache2/passwd/svn-passwd new_user's_name

Then add the new username to the appropriate group of svn-groups:

 sudo vi /etc/apache2/passwd/svn-groups

Connecting to micro over SSH

Micro's SSH has several additional security features to prevent it from being hacked by brute force attacks. Everyday micro has numerous connection attempts from around the world, you can check the logs in /var/log/auth.log. I've disabled password authentication by setting

    vi /etc/ssh/sshd_config
    ...
    PasswordAuthentication no
    ...

and restarting apache.

    sudo service apache2 restart

I also installed the program denyhosts to prevent someone from trying too log in too many times unsuccessfully in a short period of time.

    sudo apt-get install denyhosts

To connect to micro you need to have an RSA key generated on your own computer. On a *NIX operating system you can run the command:

    ssh-keygen -t rsa -b 4096

This will create a public key in ~/.ssh/id_ra.pub. You then need to copy the contents of this file to ~/.ssh/authorized_keys on micro. You can add as many keys as you like to this file to connect from all of your computers. Another option is to copy the contents of your public keys by temporarily enabling password authentication and using the command 'ssh-copy-id'.

System Upgrade

The operating system of Micro has been updated Mar 22, 2013 by William Cash. The upgraded system will receive updates until Apr 2017, after which the operating system is obsolete. Another manual update will be needed at that time.

The following is a summary of the tasks performed in the System Upgrade on Mar 22, 2013.

Prepping and Backing up the system

This stage is crucial. There's a lot of irreplaceable data that you can vanish in heartbeat if you aren't prepared. Ideally you can create an additional RAID mirror of micro's hard drives. That way if something bad happens you can install the extra hard drive and rebuild the old RAID array. Creating an additional RAID mirror is somewhat complicated, but the steps are essentially: 1) Create identical RAID partitions and format the drive with the same file system 2) ADD the disk to RAID raid array 3) Grow the RAID array 4) Wait for the mirror to be built

It's important that you not only add the drive to the RAID array, but you also grow the array to have three disks! Simply adding the drive will not create a mirror. The mirroring process on micro's 1TB drives should take over 3 hours. You can check the status using 'cat /proc/mdstat'. If it doesn't take several hours you did something wrong.

You also need to dump all of the relevant MySQL databases so that you can restore them on the new system. You can do this using mysqldump or with phpmyadmin. Just make sure you dump them BEFORE you install the new operating system. It will save you a lot of headaches.

It's not necessary to dump the SVN repositories because you can simply copy their entire directories, but it can't hurt.

To be continued...

Installing Unison

Unison is installed on micro using the command

sudo apt-get install unison

Currently the version 2.40 is installed.

Unison allows file synchronization across platforms. The binary executables for Windows PCs can be downloaded at here. Gtk run time libraries need to be installed on Windows PCs for Unison to run.