
Jump to navigation Jump to search
''For help connecting, see'' [[Center_IT#Connecting_to_the_Database_Server]]
[[Category: McNair Admin]]
General configuration options:
* hostname: McNairDBServ
* don't encrypt home directory
* manual partitioning (see below for RAID 10 configuration)
* no automatic updates
* software: OpenSSH server, PostgreSQL database, and Samba file server
Database server drive partition specs:
* /dev/nvme1n1 (aka the 512 GB M.2 drive)
** half (~256 GB) as primary partition. use as swap space (bootable flag off).
** the other half (~256 GB) as primary partition. use as ext4 filesystem, mount: /var/postgresql(choose "Enter it manually" in the mount point selection menu), bootable flag off.
* for each of the four 3.0 TB hard drives (aka /dev/sda, /dev/sdb, /dev/sdc, and /dev/sdd)
** 10 MB primary partition, use as "reserved BIOS boot area" (bootable flag can't be changed, so leave it set to off)
** the rest of the space as a primary partition, use as ext4 filesystem, mount to /bulk(choose "Enter it manually" in the mount point selection menu), bootable flag off Then choose "configure software RAID" to set up the software RAID device. Confirm the partitions. Then wait for the disks to be partitioned. Choose "Create MD device" and then "RAID10" to begin. Use 2 active devices and 2 spare devices. For the two active devices, choose /dev/sda2 and /dev/sdb2. For the two spare devices, choose /dev/sdc2 and /dev/sdd2. Confirm the partitions that will be changed. Then wait for the device to be created. When you get back to the software RAID configuration menu, choose "Delete MD device" and then choose the software RAID device that was created (there should only be one, and it should be named something like "md0_raid10"). Note the device name (in this case, it is /dev/md0) and check that the component devices are correct. If they're correct, choose "No" (to not delete the software RAID device). This will take you back to the software RAID configuration menu, where you can choose "Finish" to set up the RAID device, which should now appear at the top of the partitioner. Choose the 3.0 TB partition in the RAID device and configure it to use as ext4 filesystem and mount point /bulk (choose "Enter it manually" in the mount point selection menu). Then choose "Finish partitioning and write changes to disk" at the bottom of the partitioner menu. Confirm that the partition changes to be made are correct. Then wait for the partitions to be formatted. After the system is installed, the installer will prompt for software selection. Choose OpenSSH server, PostgreSQL database, and Samba file server for installation. After it finishes, it will prompt if you want to install the GRUB bootloader onto the master boot record. From my experience with [[Web Server Documentation|setting up the webserver]], choose "No" and on the next screen, install the bootloader to "/dev/sda /dev/sdb /dev/sdc /dev/sdd" and then if all goes well, the installation will finish. Take the CD out and then choose "Continue" and the system will reboot, at which point you should be able to boot into Ubuntu!  ==Install Postgres==  apt-get install plperl ==Install and configure TightVNC and xfce desktop=====Installation=== apt install xfce4 xfce4-goodies tightvncserver ===Configure VNC server=== Created a configuration file for VNC startup:  nano ~/.vnc/xstartup #!/bin/bash xrdb $HOME/.Xresources startxfce4 & *The first command in the file, xrdb $HOME/.Xresources, tells VNC's GUI framework to read the server user's .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering.*The second command simply tells the server to launch XFCE, which is where you will find all of the graphical software that you need to comfortably manage your server. Granted executable privilege: sudo chmod +x ~/.vnc/xstartup  ===Create a VNC service file===First, opened a new service file in /etc/init.d with nano: sudo nano /etc/init.d/vncserver The first block of data will be where we declare some common settings that VNC will be referring to a lot, like our username and the display resolution.  #!/bin/bash PATH="$PATH:/usr/bin/" export USER="mcnair" DISPLAY="1" DEPTH="16" GEOMETRY="1920x1080" OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost" . /lib/lsb/init-functions Next, we can start inserting the command instructions that will allow us to manage the new service. The following block binds the command needed to start a VNC server, and feedback that it is being started, to the command keyword start. case "$1" in vncstart) log_action_begin_msg "Starting vncserver for user '${USER}' on localhost:${DISPLAY}" su ${USER} -c "/usr/bin/vncserver ${OPTIONS}" ;; The next block creates the command keyword stop, which will immediately kill an existing VNC server instance. vncstop) log_action_begin_msg "Stopping vncserver for user '${USER}' on localhost:${DISPLAY}" su ${USER} -c "/usr/bin/vncserver -kill :${DISPLAY}" ;; The final block is for the command keyword restart, which is simply the two previous commands (stop and start) combined into one command. vncrestart) $0 vncstop $0 vncstart ;; esac exit 0 Made this service script executable: sudo chmod +x /etc/init.d/vncserver Now try using the service and command to start a new VNC server instance: sudo service vncserver vncstart ===Connect to VNC server===First create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. On Linux or OS X (this requires the password for DB Server's non-root user mcnair): ssh -L 5901: -N -f -l mcnair Now use Remmina/TightVNC Viewer/ETC to connect to the VNC server. On Remmina, use localhost:5901. No username is fine. Password is: Go-AsK-Ed [[File:Connection using Remmina.png]] I am not an expert in Windows Shell and I am not sure how to SSH on Windows. The TightVNC Viewer has a ssh channel option, but I failed to connect to our VNC server on Windows. ==User management== ===Adding Root Accounts to the box=== Assuming that you have root, you can create user accounts on the box and give them root too. This isn't necessary for regular users - they just need a Postgres user account (see below). To add users to the box, the process is: First create the users group, checking the last group number (5xx is the next one): cat /etc/group /usr/sbin/groupadd -g 5xx username  Then add the user (it doesn't matter what you put for -p, it is going to be overwritten): /usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username where g is the primary group, G is other groups, p sets a password, d declares a home directory and m makes the directory Change the user's password: passwd username And add the user to the sudoers file echo 'username ALL=(ALL) ALL' >> /etc/sudoers ===Deleting a user=== To delete a user: /usr/sbin/userdel -r roger where r removes the home directory And to remove their group /usr/sbin/groupdel username And remove their entry from the sudoers file too if they had root. ==Setting up the Samba Server== Based on [ this Ubuntu page], but [,2-777-2.html this guide] is also helpful. Make a backup copy of the smb.conf configuration file before editing it:  $ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup $ sudo vi /etc/samba/smb.conf Change the workgroup parameter (under the [global] section) to MCNAIRDB. (Note that the security parameter was removed in Samba version 4.0.0). Then go to the bottom of the configuration file and add a new section, [bulk]:  [bulk] comment = McNair File Server Share path = /bulk browseable = yes guest ok = no read only = no create mask = 0755 Once you're done editing the configuration file, test the file with testparm:  $ testparm /etc/samba/smb.conf The /bulk directory should already exist from installation, so change its permissions:  $ sudo chmod 770 /bulk $ groupadd smbusers $ chown :smbusers /bulk You also need to add a user to the Samba database. I used the username "alexjiang" for the commands below, which can be replaced with whatever username needs to be added:  $ smbpasswd -a alexjiang $ usermod -G smbusers alexjiang Then restart the samba services:  $ sudo restart smbd $ sudo restart nmbd Then you can try using any Windows Explorer window to check if the file server is set up correctly. ==Adding accounts for McNair Center Researchers== Note that this section is somewhat redundant. Most McNair Center researchers will log in with the 'researcher' account. This account's creation is described below. Add a user group: cat /etc/group /usr/sbin/groupadd -g 5xx username  Then add the user (it doesn't matter what you put for -p, it is going to be overwritten): /usr/sbin/useradd -g username -G smbusers -s /bin/bash -p xxxx -d /home/username -m username where g is the primary group, G is other groups, p sets a password, d declares a home directory and m makes the directory passwd username Add the user's samba password:  $ smbpasswd -a alexjiang Then restart the samba services:  $ sudo restart smbd $ sudo restart nmbd ==Mapping a drive to the Dbase server's bulk directory== In Windows: Go to my computer -> Map Network Drive Connect to: \\\bulk With username: MCNAIRDB\username In Mac: Go to Finder and hit CMD-k Enter server address: smb:// With username: MCNAIRDB\username ==Adding a dbase user and creating a dbase== Log on to the box as root then:  groupadd -g 112 postgres useradd -g postgres -s /bin/bash -p xxxx -d /home/postgres -m postgres passwd postgres mkdir /var/postgresql/data chown postgres /var/postgresql/data Change to postgres and initialize the dbase su postgres cd /usr/lib/postgresql/9.5/bin/ ./initdb -D /var/postgresql/data  /etc/init.d/postgresql stop Test the right location: /usr/lib/postgresql/9.5/bin/postgres -D /var/postgresql/data > logile 2>&1 & As postgres, edit /etc/postgresql/9.5/main/postgresql.conf (see  data_directory='/var/postgresql/data' listen_addresses = '*' port = 5432 max_connections = 10 shared_buffers = 100000 MB(~40% of 264 GB) The recommendation is to use around 25-40% of RAM (we have 256Gb) for high-performance systems like ours. We might need to check that we are running 64bit and that our kernel supports this. work_mem = 500MB kranthi: may not do much after some limit, max allowed 2GB maintenance_work_mem = 2GB This is how much VACUUM will use - it doesn't make a huge difference effective_cache_size = 198GB(-3/4 of the current RAM) Change /etc/postgresql/9.3/main/pg_hba.conf from # "local" is for Unix domain socket connections only local all all peer To: local all all trust Restart postgres to reload the configuration: /etc/init.d/postgresql restart #Not found if properly removed Delete the postgres-xc account: userdel -r postgres-xc vi /etc/group #check the user's group is gone too ==Create the researcher user== The password for the researcher account is the 'standard' internal password.  groupadd -g 505 researcher useradd -g researcher -G smbusers -s /bin/bash -p xxxx -d /home/researcher -m researcher passwd researcher smbpasswd -a researcher  Note: if you forget the -G smbusers, the smbusers groups is 1001: usermod -a -G smbusers researcher The 'research' user on the dbase server is created as follows (su to postgres first): createuser -P -s researcher  Or createuser --interactive researcher (Answer y or n to whether you want the new role to be superuser, etc.) The researcher user can create and drop databases with: createdb DBName dropdb DBname ==Notes on individual users==  If the user doesn't have an account on the box, then you'll need to add a database for them (use DBname of 'firstname_data' as a default): createdb -O username DBname  Otherwise, they can create databases themselves with createdb DBName Drop the dbase and the user with: dropdb DBname dropuser username ==Fixing some security== When the box was built, we created an account called '''mcnair'''. This account isn't in the sudoers file but can sudo su itself. The password on this account was changed on 13th May 2016 to the new admin password. The root account has no password. ==Editing Users== NOTE: The Postgres .conf files are in: /etc/postgresql/9.5/main  To add a user to the database from the shell: createuser username To delete a user from the database from the shell: dropuser username  From the server, you can list the users of the database using: \du To update the password for any of these users, from the database use: \password username There is a superuser named postgres that has access to the server and the box. If you need a user/password combo for a script that needs access to both, you'll need these credentials. username: postgres password: ask Anne (This is not the password) NOTE: To get this combination to work, we had to change a line in /etc/postgresql/9.5/main/pg_hba.conf The line was changed from local all postgres peerto local all postgres md5  [[admin_classification::IT Build| ]]

Navigation menu