SL:Virtual Machines: Unterschied zwischen den Versionen

Aus Doc-Wiki
Zur Navigation springen Zur Suche springen
imported>Uburgha
imported>Burghardt
Zeile 186: Zeile 186:
 
Udo Burghardt
  
Udo Burghardt
   
=== slgw ===
 +
=== tmgsimd.sl.tmg.loc ===
  +
02.2014:
Udo Burghardt: the Gateway / Router / Firewall
  
  +
Linux simulation machine. Omar Alfandi / Arne Bochem
   
  +
Requested configuration: 6GiB Ram + 100 GB disk.
   
  +
Delivered:
  +
* 2 * Dual Core Xeon @ 2.4 GHz
  +
* 4 GiB Ram (6 GiB requested, will only deliver if machine does actually swap.)
  +
* 4 GB disk for operating system
  +
* 100 GB disk for simulation data, mounted on '''<tt>/srv</tt>'''
   
  +
Though Ubuntu 14.04 is not finished yet I decided to give it a try
  +
server-amd64-daily-build-20140207.iso
  +
  +
tmgsimd.sl.tmg.loc has address 192.168.22.70
  +
  +
Local (installation-time) user: lu
  +
  +
echo "apt-get update && apt-get -d -y dist-upgrade">/usr/local/sbin/gu && chmod +x /usr/local/sbin/gu
  +
apt-get dist-upgrade 2>&1 | tee -a /var/log/apt/apt-get-upgrade_$(date +%F).log
  +
  +
apt-get install htop jed mc lsof uptimed screen byobu molly-guard update-notifier-common exim4
  +
apt-get install libnss-ldap libpam-ldap auth-client-config ldap-auth-client ldap-auth-config
  +
apt-get install krb5-config krb5-user krb5-multidev libpam-krb5 openafs-krb5
  +
apt-get install openafs-client openafs-krb5 nscd
  +
  +
id user # funktioniert
  +
kinit user # funktioniert
  +
aklog # funktioniert nun
  +
  +
scp gtest2@login.stud.informatik.uni-goettingen.de:/etc/pam.d/* /etc/pam.d/
  +
apt-get install libpam-afs-session
  +
apt-get install libpam-ck-connector libpam-cap
  +
  +
'''Test:'''
  +
~$ ssh gtest2@tmgsimd.sl.tmg.loc pwd
  +
gtest2@tmgsimd.sl.tmg.loc's password:
  +
/afs/informatik.uni-goettingen.de/user/g/gtest2
  +
  +
Access restriction: '''access granted for all senslab user:'''
  +
  +
cat /etc/security/access.conf
  +
-:stud:ALL
  +
+:senslab tmg admins:ALL
  +
-:ALL EXCEPT root:ALL
  +
  +
getent group senslab
  +
senslab:*:6172:ub,ashah,c.wehrberger,mohamad.hotait,felipe.cadenamuniz,s.hosseini1,shartun,hang.zhang1,arne.bochem,araha,pmemarm,hbrosen,gtest2,oalfandi,brosenne,pmemarmo,taheri,kellner,sensorlab,uburgha,rseibel
  +
  +
'' '''Is the above list real??? Who is responsible for removing them???''' '' -- tell Udo
  +
  +
  +
root access granted via sudo:
  +
getent group sudo
  +
sudo:x:27:lu,oalfandi,arne.bochem
  +
  +
Disks:
  +
df -h |grep sd
  +
/dev/sda1 3.9G 1.3G 2.5G 35% /
  +
/dev/sdb1 99G 60M 94G 1% /srv
  +
  +
  +
Todo:
  +
* nothing
   
 
== See also ==
  
== See also ==

Version vom 7. Februar 2014, 13:54 Uhr

Current state

09.2012:

  • tmgsim1 - dead
  • tmgsim2 - dead
  • tmgsim3 - dead
  • tmgsim4 - Available, Windows/Gwdg
  • tmgsim5 - Available, Roman Seibel
  • tmgsim6 - Available, Udo Burghardt - useable by everyone
  • tmgsim7 - Available, Ansgar Kellner
  • tmgsim8 - Available, Youssef Shehadeh
  • tmgsim9 - Available, Saleh Al-Shadly
  • tmgsima - Available, Udo Burghardt

Virtual Machines

tmgsim1.sl.tmg.loc - Windows 7

Quad Core, 6 GiB Ram. 32 GB Disk, transparent access to AFS Storage.

Installation

Example walkthrough with a windows machine: 

Windows 7 Professional 64 bit,  english
Internal name: win7sim1
Manually set IP Address to 172.29.22.201 / 16 on the first run.  Update 07.2011: DHCP delivers 192.168.22.61
Because this would NOT work with Qualnet (only 172.22./16 as client address range has been bought) switch to bridged mode and to DHCP with DNS tmgsim1.tmg.loc

Disable IPv6
Enable ICMP in Firewall
<reboot>
Enable Remote Desktop with "any version"

Install Firefox

Microsoft: 2 Important Updates
<reboot>
Microsoft: 62 (!) Important Updates in several steps
<reboot>
Install Notepad++ 5.8.7
Install Updatechecker 1.038
Firefox: Prefbar 

Activate Windows. Licenses are available  from MSDNAA

Install KfW 3.2.2 32bit + 64bit
Install Network Identity Manager 2.0.102 32bit + 64bit
Install OpenAFS 1.5.78 64bit

Change Computer Name --> UG-UMINTMGSIM1 to join Active Directoy
(The DNS Name stays tmgsim1.tmg.loc though!) Update 07.2011: tmgsim1.sl.tmg.loc
Join Active Directory (one needs to be a Domain Admin to do so)

Granted Remote Desktop manually (no groups mechanism available in AD for this task) access to:

  • akellne
  • oalfand
  • shartung
  • staheri
  • yelhajj
  • geyu -- local user account, no Admin. (Local due to problems with UG-STUDENT.)
  • uburgha
  • gtest2 -- user only, no Admin
  • c.wehrberger
  • pmemarm

I've put these five user accounts into group ADMINISTRATORS! This way it is possible to log in with gwdg\username also for administrative tasks.

Please note that only one single user can run a Remote Desktop session at any given time. If you want to share a single virtual machine you need to create yourself a schedule...

Installed Qualnet 5.0.1 connected to license server. Tested usage from a remote site as described below.

Multiple-User access

  • it is possible to run applications in the background without being logged in: you may close the Remote Desktop window and leave everything running!
  • ONLY ONE user can have an established Remote Desktop connection at any given point in time.
    • when a second user tries to connect the first one will get a message box.
    • the first user has the priority. He may simply deny lo loose his connection.
    • if that first user is not watching his terminal then an automatically implied answer is "yes, loosing the connection is ok for me"!
  • there are ONLY TWO Qualnet licenses. You need to talk with each other to schedule usage of these.

Remote Access from outside

The system is reachable only from inside the Institute's LAN.

The Remote Desktop inside the guest is configured in the default manner, listening on standard port 3389.

You may login to login.informatik.uni-goettingen.de (Staff only. Students and staff may use login.stud.informatik.uni-goettingen.de) and forward any unused local port (e.g. 12345) to 

tmgsim1.sl.tmg.loc:3389   (Updated 07.2011)

The result is the same: with this tunnel established it is possible to use the standard Remote Desktop application to connect to localhost:12345.

For Linux run something like this: 

~$ rdesktop  -u gwdg\\username  -g1200x1000  -a16   localhost:12345

Updates

Someone should be responsible for keeping the system up-to-date!

  • Udo, 26.04.2011
Several Windows Updates
Firefox 3.6.13 --> 3.6.16 --> 4.0
IE 9
Notepad++ 5.8.7 --> 5.9
Java 1.6.0.24 --> 1.6.0.25
  • Udo 07.2011 Network jumping 172.xxx --> 192.168.22.x


tmgsim2.sl.tmg.loc

Deleted...

tmgsim3.sl.tmg.loc

Deleted...

tmgsim4.sl.tmg.loc

ESXi: once again Windows 7 Prof, english, 64bit, new installation because the Migration from the old Virtualbox-Containers is not as simple as expected... 

Fresh Installation 
(was temporary 172.22.98.204, now 192.168.22.64)

Qualnet 5.0.2
Integration in Gwdg / Active Directory
Enable Remote Access for individually picked accounts
Enable All ICMPv4 (for ping-Tests)

Remote Access is granted only for a few users: 

C:\Users\lu>net localgroup "Remote Desktop Users"
Alias name     Remote Desktop Users
Comment        Members in this group are granted the right to logon remotely

Members

-----------------------------------------------------------------------------
GWDG\akellne
GWDG\gtest2
GWDG\oalfand
GWDG\pmemarm
GWDG\shartun
GWDG\staheri
GWDG\uburgha
GWDG\yelhajj
UG-STUDENT\c.wehrberger
UG-STUDENT\hang.zhang1
UG-STUDENT\s.hosseini1
The command completed successfully.

Administrator rights may be granted on demand ---> User:Burghardt

tmgsim5.sl.tmg.loc

Roman Seibel: 

Ubuntu 11.04 Natty Server, 64bit, 4GiB Ram, Dual Core, 16GB Disk

tmgsim6.sl.tmg.loc

Udo: 

Ubuntu 11.04 Natty Server debian Squeeze, 32bit, 1GiB Ram, Dual Core, 8 GB Disk
  • useable by everyone, including OpenAFS $HOME
~$ ssh -p 22222 ub@tmgsim6.sl.tmg.loc
ub@tmgsim6.sl.tmg.loc's password: 
Linux tmgsim6 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686
//
// tmgsim6.sl.tmg.loc
//
ub@tmgsim6:~$ pwd
/afs/informatik.uni-goettingen.de/user/u/ub

tmgsim7.sl.tmg.loc

Ansgar Kellner: 

Ubuntu 11.04 Natty Server, 32bit, 4GiB Ram, Dual Core, 12 GB Disk

tmgsim8.sl.tmg.loc

Youssef El Hajj Shehadeh: 

Ubuntu 11.10 Oneiric Server, 32bit, 2GiB Ram, Dual Core, 32 GB Disk

# host tmgsim8.sl.tmg.loc 
tmgsim8.sl.tmg.loc has address 192.168.22.68

Local accounts only (no ldap/kerberos/...)


tmgsim9.sl.tmg.loc

Saleh Al-Shadley: 

Ubuntu 11.10 Oneiric Server, 32bit, 1GiB Ram, 8 GB Disk

tmgsima

Udo Burghardt

tmgsimd.sl.tmg.loc

02.2014: Linux simulation machine. Omar Alfandi / Arne Bochem

Requested configuration: 6GiB Ram + 100 GB disk.

Delivered:

  • 2 * Dual Core Xeon @ 2.4 GHz
  • 4 GiB Ram (6 GiB requested, will only deliver if machine does actually swap.)
  • 4 GB disk for operating system
  • 100 GB disk for simulation data, mounted on /srv

Though Ubuntu 14.04 is not finished yet I decided to give it a try 

server-amd64-daily-build-20140207.iso

tmgsimd.sl.tmg.loc has address 192.168.22.70

Local (installation-time) user: lu 

echo "apt-get update && apt-get -d -y dist-upgrade">/usr/local/sbin/gu && chmod +x /usr/local/sbin/gu
apt-get dist-upgrade 2>&1 | tee -a /var/log/apt/apt-get-upgrade_$(date +%F).log

apt-get install htop jed mc lsof uptimed screen byobu molly-guard update-notifier-common exim4
apt-get install libnss-ldap libpam-ldap auth-client-config ldap-auth-client ldap-auth-config
apt-get install krb5-config  krb5-user krb5-multidev libpam-krb5 openafs-krb5 
apt-get install openafs-client openafs-krb5 nscd

id user # funktioniert
kinit user # funktioniert
aklog # funktioniert nun

scp gtest2@login.stud.informatik.uni-goettingen.de:/etc/pam.d/* /etc/pam.d/
apt-get install libpam-afs-session
apt-get install libpam-ck-connector libpam-cap

Test: 

~$ ssh gtest2@tmgsimd.sl.tmg.loc pwd
gtest2@tmgsimd.sl.tmg.loc's password: 
/afs/informatik.uni-goettingen.de/user/g/gtest2

Access restriction: access granted for all senslab user: 

cat /etc/security/access.conf
-:stud:ALL
+:senslab tmg admins:ALL                           
-:ALL EXCEPT root:ALL

getent group senslab
senslab:*:6172:ub,ashah,c.wehrberger,mohamad.hotait,felipe.cadenamuniz,s.hosseini1,shartun,hang.zhang1,arne.bochem,araha,pmemarm,hbrosen,gtest2,oalfandi,brosenne,pmemarmo,taheri,kellner,sensorlab,uburgha,rseibel

Is the above list real??? Who is responsible for removing them??? -- tell Udo


root access granted via sudo: 

getent group sudo
sudo:x:27:lu,oalfandi,arne.bochem

Disks: 

df -h |grep sd
/dev/sda1       3.9G  1.3G  2.5G  35% /
/dev/sdb1        99G   60M   94G   1% /srv


Todo:

  • nothing

See also

Links

Abgerufen von „https://doc.informatik.uni-goettingen.de/wiki/index.php?title=SL:Virtual_Machines&oldid=537