SWAG lab

DC2555G

Background

A list of people involved with SWAG can be found here: http://www.swag.uwaterloo.ca/people.html

Most PCs are named swagxx, and currently run a mixed bag of Linux and Windows, dual-boot and VMWare. Ubuntu is becoming popular. There are two public systems: royalyork.cs, which is a dual-boot Windows/Debian workstation, and tremblant.cs, a Mac Mini running OS X.

SWAG Printers

SWAG Disk Array

Websites

SWAG's production website is http://www.swag.uwaterloo.ca which is a vhost running on the CS core:

/software/wwwdata_cs.uwaterloo.ca/data/vhosts/swag

There is a psuedo-user "swag-web" that is used to manage this space. Note that the URL reference http://swag.uwaterloo.ca runs on the SWAG research server and redirects to the core. The web-server on SWAG is clever enough to allow a reference like http://swag.uwaterloo.ca/~user to refer to the local user home-space (ie the usual swag:~user/public_html). This gives SWAG members the ability to have large volumes of stuff in their personal research web-spaces without blowing their Core quotas. And, of course, http://www.swag.uwaterloo.ca/~user is invalid, because that refers directly to the Core which doesn't contain user directories within the SWAG website.

The local website now shares an SSL certificate with the email server, see "Email server" below for details and an ST reference.

Research server

SWAG's main server is a Dell 2650 called swag.uwaterloo.ca. It runs RedHat Enterprise 4, the subscription for which runs out in 2009. It has an internal 6-drive RAID.

External storage (Adaptec JBOD)

The server has a high-performance dual-interface external JBOD with approximately 750GB of RAID5 (6x146 10,000rpm U320 SCSI) formatted as 2x3 volumes with a single file-system each (/home3 and /home4). There is a stand-by drive but it it not set up as a hot-spare. This device generally moves data around as 12-15Mbytes/sec on sustained jobs (ie processes that run 24 hours doing source-code processing).

This device is chronically out of space. We have a bit or a reprieve (as of August 2007) but the problem will return. SWAG would like to acquire an additional 1-2 TB of RAID5.

  • We have added a USB two controller to swag and currently have one large USB drives online

SWAG-NEW.CS

  • See SWAG-NEW Twiki page
  • We have purchased a dual xenon dual core system with 16G ram - and two 1T sata drive (expanabled to 8 drives and 128G ram
    • This system will replace or supliment SWAG and deal with the storage probelms
  • The machine swag-new.cs has been setup to

Email server

SWAG runs an email server, principally as a receive-only server (all relaying is disabled. The only way to send is to log on directly and run a local client). The server is set up to use SSL with an IST certificate. This renews in June (next renewal June 2008) and the notice will unfortunately be sent to trg@cs because IST won't accept generic contact addresses. See CSCF ST#59024 for notes on the last renewal process

  • swag uses dovecot as it's imap server. There's a file called dovecot.pem

Certificate Maintanance

Note: on SWAG the certificates have a .pem extension - which implies the private keys is part of them - no longer true the files could have an extension or say .csr if the corresponding application config file is updated

I find no evidence that .pem ever implied the private key was part of the file. uw-imap happened to encourage files with such contents so named. Perhaps see http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions I actually think now that the uw-imap usage was questionable. -- AdrianPepper - 15 Mar 2011

Certificate Creation

Creating a new CSR - this has been done - just here for reference

  • openssl genrsa -out swag.pem 2048
    • See Updates section for the expected questions

Certificate Updates

Updating a local CSR - say in case contact information changes

  • cd /usr/share/ssl/certs
  • openssl req -new -key swag.pem -out swag.csr
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [GB]:CA
   State or Province Name (full name) [Berkshire]:Ontario
   Locality Name (eg, city) [Newbury]:Waterloo
   Organization Name (eg, company) [My Company Ltd]:University of Waterloo
   Organizational Unit Name (eg, section) []:SWAG
   Common Name (eg, your name or your server's hostname) []:swag.uwaterloo.ca
   Email Address []:cs-rsg-swag@cscf.cs.uwaterloo.ca

   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:

Requesting an updated certificate

  • If you have not already created a local private key - do so first - then create your CSR - send that to your certificate authority NOT the private key!
  • Send your request for a new or updated certificate to ist-ca@ist.uwaterloo.ca - they will send you a web page link with the update
    • save your old certificate - example dovecot.pem gets saved as dovecot-2008-2009.pem and the new certificate gets saved as dovecot.pem

Certificate Verification

Verify a CSR

That link is now dead.
openssl req -text < swag.csr
shows the CSR contents in some detail. -- AdrianPepper - 15 Mar 2011

Mailing lists

CS Mailing Lists

  • See ST#74844 https://www.cs.uwaterloo.ca/cscf/internal/request/UpdateRequest?74844
       From:    Lawrence E Folland <lawrence.folland@uwaterloo.ca>
       To:    rt-owner@math.uwaterloo.ca
       Date: Wed, 12 Jan 2011 23:15:13 +0000
       From: Lawrence E Folland <lawrence.folland@uwaterloo.ca>
       To: "swag-profs@cs.uwaterloo.ca" <swag-profs@cs.uwaterloo.ca>
       Cc: "
       Subject: Mailing list setup: swag-profs@cs.uwaterloo.ca
    
       Hi Mike and Ric,
    
       If you got this email, then the email alias for swag-profs@cs.uwaterloo.ca<mailto:swag-profs@cs.uwaterloo.ca> is working.
    
       It is managed by the account "swag-web".  On any of the CS core machines you should be able to:
          migod@services116.cs(10): rlogin localhost -l swag-web
    
       @services116[101]% pwd
       /u4/swag-web
       @services116[102]% id
       uid=22448(swag-web) gid=22942(swag-web)
       @services116[103]%
    
       @services116[106]% cd mailaliases
       @services116[107]% ls -al
       total 32
       drwxr-xr-x   2 swag-web swag-web    4096 Jan 12 11:40 .
       drwxr-x--x   8 swag-web swag-web    4096 Jan 12 18:12 ..
       -rw-r--r--   1 swag-web swag-web       0 Jan 12 11:40 swag-all
       -rw-r--r--   1 swag-web swag-web       0 Jan 12 11:39 swag-alumni
       -rw-r--r--   1 swag-web swag-web       0 Jan 12 11:40 swag-cs445-staff
       -rw-r--r--   1 swag-web swag-web       0 Jan 12 11:40 swag-cs846
       -rw-r--r--   1 swag-web swag-web      66 Jan 12 11:45 swag-profs
       -rw-r--r--   1 swag-web swag-web     245 Jan 12 11:46 swag-students
    
       You should be able to update those files to make changes.  Once I know that this worked, we'll finish the rest of them.  In particular, we'll need to work out how to make swag-all work.  Our expectation is to use includes for swag-profs, swag-students and swag-alumni.  We noticed that there was no "swag-visitors" as there was on swag.cs/  There are a number of other aliases (eg: "bugs") which you didn't mention.
    
       Lawrence 
       

IST Mailing Lists

SWAG/Mike Godfrey have four mailing lists at IST (@lists.uwaterloo.ca): se-seminar, se-group, se-faculty and peste. See eDocs://rsg/swag/mailing-lists for authentication information.

There is also the list swag-software-licences@lists.uwaterloo.ca which is used as an email address for vendor correspondence. The list archive contains much useful information about the RedHat subscription. Authentication inforrmation is in eDocs as usual.

RedHat network subscription for RHEL4

See eDocs://rsg/swag/redhat for documentation about the subscription and a collection of stuff related to the RAID controller for the JBOD.

Backups

SWAG presently does its backups at CS. It is still listed in the IST backup system but it hasn't been used since December 2006. We're hanging on as a last-resort recovery (the JBOD was quite unstable at the beginning of the year. This seems to have been resolved by replacing the JBOD's backplane).

The backups generate lots of junk-mail which I was monitoring closely for a while, but can probably be ignored or turned off now.

Dc3312

The SWAG server is located in dc3312, which is shared with the DB group. The rolling rack also contains a home-brew cluster of old systems that Cory has put together to do some computationally-intensive jobs. He looks after it completey (hardware and software). There are a couple of UPSs which should still have a couple of years of battery life left (as of August 2007).

PostgressSQL

Notes:

  • /var/lib/pgsql postgress user home directory
  • /var/lib/pgsql/data* config directory

Start Server

  • /etc/init.d/postgresql start the server - note the default is that the server does not start automatically!

Start a client

  • psql -h localhost
Welcome to psql 8.3.3, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit

List Existing groups

postgres=# \dg
                               List of roles
 Role name | Superuser | Create role | Create DB | Connections | Member of 
-----------+-----------+-------------+-----------+-------------+-----------
 a4le      | no        | no          | no        | no limit    | {cs846}
 aahaque   | no        | no          | no        | no limit    | {cs846}
 atait     | no        | no          | no        | no limit    | {cs846}
 cjkapser  | no        | no          | yes       | no limit    | {}
 cs846     | no        | no          | no        | no limit    | {}
 dhirtle   | no        | no          | no        | no limit    | {cs846}
 gzhong    | no        | no          | no        | no limit    | {cs846}
 jsui      | no        | no          | no        | no limit    | {cs846}
 l6yang    | no        | no          | no        | no limit    | {cs846}
 lfong     | no        | no          | yes       | no limit    | {}
 linyuan   | no        | no          | yes       | no limit    | {}
 migod     | no        | no          | yes       | no limit    | {}
 mrz       | no        | no          | yes       | no limit    | {cs846}
 nshaft    | no        | no          | yes       | no limit    | {cs846}
 pachiu    | no        | no          | no        | no limit    | {cs846}
 postgres  | yes       | yes         | yes       | no limit    | {}
 surrahman | no        | no          | no        | no limit    | {cs846}
 wkoleila  | no        | no          | yes       | no limit    | {cs846}
(18 rows)

Add a user to cs846

create user mrz;
commit;
alter group cs846 add user mrz;
commit;
alter user mrz CREATEDB;
commit;
\q
  • use \dg to list the current group status and verify your changes
Edit | Attach | Watch | Print version | History: r24 < r23 < r22 < r21 < r20 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r24 - 2019-07-18 - LawrenceFolland
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback