web01.phas.ubc.ca

UBC Physics & Astronomy
web01.phas.ubc.ca
142.103.184.100 (UBC-IT VSS)

System Info

13-02-01 Virtual Server: Xeon E5540 @ 2.53GHz 1 GB memory 30 GB disk

eth0      Link encap:Ethernet  HWaddr 00:50:56:81:01:3B  
          inet addr:142.103.184.100  Bcast:142.103.184.127  Mask:255.255.255.192

Disaster Recovery

MySQL Backups Using ZRM

13-02-06 Samba Setup

yum install samba
cd /etc/samba/
cp smb.conf smb.conf.master
vim smb.conf.master
testparm -s smb.conf.master > smb.conf
sysctl net.ipv6.bindv6only=1   (smbd_open_once_socket: open_socket_in: Address already in use error in logs)
setenforce 0
vim /etc/selinux/config (SELINUX=permissive)
chcon -R -t samba_share_t test

Convert smbpasswd to tdbsam:

copy smbpasswd from other phas system (eg alpha)
take out any entries in smbpasswd that are not in /etc/passwd.
Convert smbpasswd to tdbsam: enter as root on the command line:
pdbedit -i smbpasswd:/etc/samba/smbpasswd -e tdbsam:/var/lib/samba/private/passdb.tdb
ensure the global section of smb.conf has such an entry:
passdb backend = tdbsam

show passdb.tdb accounts
pdbedit -L

13-xx-xx NFS V4 setup

# mkdir /nfs
# chmod a+w /nfs
# yum -y install nfs-utils rpcbind
# chkconfig nfs on
# chkconfig rpcbind on
# chkconfig nfslock on
# iptables -I INPUT -m multiport -p tcp --dport 2049 -j ACCEPT

# for nfsV3:
# vi /etc/sysconfig/nfs

RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020

We now need to modify the iptables firewall configuration to allow access to the NFS ports.

# iptables -I INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT
# iptables -I INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT

# service iptables save
# vi /etc/exports

Configure SELinux for NFS Export

Rather than disable SELinux it is a good idea to configure it to allow remote clients to access files that are exported via NFS share.  This is fairly simple and involves setting the SELinux boolean value using the “setsebool” utility.  In this example we’ll use the “read/write” boolean but we can also use “nfs_export_all_ro” to allow NFS exports read-only and “use_nfs_home_dirs” to allow home directories to be exported.

# setsebool -P nfs_export_all_rw 1

Now we will start the NFS services:

# service rpcbind start
# service nfs start
# service nfslock start

If at any point you add or remove directory exports with NFS in the “/etc/exports” file, run “exportfs” to change the export table:

# exportfs -a

ERROR: 
Starting NFS daemon: rpc.nfsd: writing fd to kernel failed: errno 13 (Permission denied)
rpc.nfsd: unable to set any sockets for nfsd [FAILED]
SOLUTION: 
add the following to /etc/hosts.allow:
rpcbind: 127.0.0.1

13-xx-xx

xxxxxxx

11-05-27

ZZZ home

DISASTER RECOVERY

Install a new server.
Load RHEL V5.

Additional, non-critical items to take care of:

Install APCUPSD
Check webalizer installation (web stats).

DISASTER RECOVERY

Install a new server.
Load RHEL V6 (or newer).
web server files
nfs setup
Make sure mysqld and httpd are started.
Make sure to set a root password for mysqld (admin -u root password newpassword).
Install phpMyAdmin. Create phpMyAdmin dbases: mysql -u root -p < create_tables_mysql_4_1_2+.sql
Install php-mbstring package from redhat network package archive so phpMyAdmin doesn't complain.
Get include files installed into /php/includes.
Check /etc/php.ini configuration file.

Check /etc/http/conf configuration files including certificate files.

/etc/http/conf/ssl.crt/www.phas.ubc.ca.crt
               /etc/http/conf/ssl.crt/gd_bundle.crt
               /etc/http/conf/ssl.key/www.phas.ubc.ca.key

Install MySQL-zrm.

Additional, non-critical items to take care of:

Install APCUPSD
Check webalizer installation (web stats).

webmaster@phas.ubc.ca

[Dept. Home Page]

last updated: 13-02-01