...
The benefit of running NPT over a standard install is as follows:
- no need to recompile kernels for web100 each time
- no need for taylor as updates are maintained by Internet2 (although time will tell if the security updates are sufficiently regular)
- relocation of performance host trivial - pop cd into new machine and plug in the USB key - settings should be maintained
- SLAC's reverse traceroute server run's on default on port 3765 (perhaps we should redirect to this host).
Disadvantages
- no AFS client (yet?)
- security strongly depends on release cycle of boot disk
Overview
This guide will look at
- setting up a nptoolkit host
- configuring services to suit SLAC, this specifically includes
- syslog logging to a remote host
- setting up the NPT server
- Configuring ntp for SLAC's stratum servers
- setting up bwctl servers
- setting up owamp servers
It will also look at changing the NDT and rev-tracerouter servers to use apache2 instead of their own daemon http listeners.
Children Display |
---|
Boot
The Knoppix disk is a live cd. Hard-drive will be used to keep the data thus no particular need for a USB key. However the procedure is mentioned below.
Things have changed slightly since the arrival of pS Performance Toolkit 3.1. disk was downloaded (the page says version 1.7, but the boot cd says 1.8). It was booted in VMWare. After booting, you can log on with same user name and password i.e. 'knoppix' - no password is required.
USB key usage
Upon inserting a USB key into the connector, you get:
...
Code Block |
---|
knoppix@0[~]$ sudo customize.NPtools Internet2 Network Performance Tool Customization script Tools listed in RED need to be customized 1. Setup Drive(s) to hold customization files 2. bwctl 3. ndt 4. npad 5. ntp 6. owamp 7. staticIP 0. exit 6 OWAMP server configuration program. Manual configuration is currently required. Please edit the /usr/local/etc/owampd.conf and /usr/local/etc/owampd.limits files to create custom versions for your site. See http://e2epi.internet2.edu/owamp for more details. |
Reboot
Let's reboot to see if things stick...
Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)
Keeping SSH Up (not recommended)
Setting up Syslog
Keeping up syslog over reboot
Testing Services
ntp
...
Static IP Address
Can be configured from the customize tool. However, i will leave it for now until the machine is installed.
Code Block |
---|
knoppix@0[~]$ customize.NPtools
Internet2 Network Performance Tool Customization script
Tools listed in RED need to be customized
1. Setup Drive(s) to hold customization files
2. bwctl
3. ndt
4. npad
5. ntp
6. owamp
7. staticIP
0. exit
7
Welcome to the NPToolkit server Static IP configuration program. This
program will prompt you for the necessary information for your site.
Use Static IP addresses or DHCP [static] :
Enter your IP address [192.168.1.99] :
Enter your Netmask value [255.255.255.0] :
Enter your gateway's IP address [192.168.1.1] :
Enter the network interface identifer [eth0] :
Enter your nameserver's IP address (3 max, blank line to exit early) :
mount: only root can do that
mount: only root can do that
Static IP customization files are being saved to 'sdb1'
Do you want to start this interface? [Yes] :
|
Reboot
Let's reboot to see if things stick...
Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)
Keeping SSH Up (not recommended)
As per the FAQ,
Code Block |
---|
knoppix@0[~]$ cat /usr/local/NPToolkit/contrib/remote.access >> /mnt/sdb1/knoppix.sh
knoppix@0[~]$ cp /usr/local/NPToolkit/contrib/remote.access /mnt/sdb1/NPTools/
|
however, there is a bit more to it to this (from looking into the remote.access file)
Passwords:
Code Block |
---|
knoppix@0[~]$ sudo cp /etc/passwd /mnt/sdb1/NPTools/passwd.new
knoppix@0[~]$ sudo cp /etc/shadow /mnt/sdb1/NPTools/shadow.new
|
SSH:
Code Block |
---|
knoppix@0[~]$ sudo cp /etc/ssh/sshd_config /mnt/sdb1/NPTools/sshd_config
|
don't i need to copy the keys over too? ie
Code Block |
---|
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
|
So append /mnt/sdb1/knoppix.sh
to include
Code Block |
---|
# Maintain SSH keys through reboot and host transfer
# append to knoppix.sh file on any external storage medium
# by Yee-Ting Li (ytl@slac.stanford.edu)
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key ]; then
restore_NPT_file $MNT ssh_host_key /etc/ssh
fi
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key.pub ]; then
restore_NPT_file $MNT ssh_host_key.pub /etc/ssh
fi
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key ]; then
restore_NPT_file $MNT ssh_host_rsa_key /etc/ssh
fi
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key.pub ]; then
restore_NPT_file $MNT ssh_host_rsa_key.pub /etc/ssh
fi
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key ]; then
restore_NPT_file $MNT ssh_host_dsa_key /etc/ssh
fi
if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key.pub ]; then
restore_NPT_file $MNT ssh_host_dsa_key.pub /etc/ssh
fi
|
And copy the keys over to a directory on the thumbdrive:
Code Block |
---|
knoppix@0[~]$ sudo cp /etc/ssh/ssh_host_* /mnt/sdb1/NPTools/
|
The sshd server should start at boot now.
Running services
Code Block |
---|
knoppix@0[~]$
knoppix@0[~]$ ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:00 init [3]
2 ? S 0:00 [migration/0]
3 ? SN 0:00 [ksoftirqd/0]
4 ? S 0:00 [watchdog/0]
5 ? S< 0:00 [events/0]
6 ? S< 0:00 [khelper]
7 ? S< 0:00 [kthread]
62 ? S< 0:00 [kblockd/0]
63 ? S< 0:00 [kacpid]
124 ? S< 0:00 [ata/0]
125 ? S< 0:00 [ata_aux]
126 ? S< 0:00 [kseriod]
153 ? S 0:00 [pdflush]
154 ? S 0:00 [pdflush]
155 ? S< 0:00 [kswapd0]
156 ? S< 0:00 [aio/0]
812 ? S< 0:00 [kpsmoused]
841 ? S< 0:00 [ksuspend_usbd]
844 ? S< 0:00 [khubd]
867 ? S< 0:00 [khpsbpkt]
957 ? S< 0:00 [aufsd]
958 ? S< 0:00 [aufsd]
959 ? S< 0:00 [aufsd]
960 ? S< 0:00 [aufsd]
1124 ? S<s 0:00 udevd --daemon
1576 ? S< 0:00 [scsi_eh_0]
3047 ? Ss 0:00 /usr/bin/dbus-daemon --system
3054 ? Ss 0:00 /usr/sbin/hald
3055 ? S 0:00 hald-runner
3076 ? S 0:00 /usr/lib/hal/hald-addon-acpi
3089 ? S 0:00 /usr/lib/hal/hald-addon-keyboard
3101 ? S 0:00 /usr/lib/hal/hald-addon-storage
3220 ? Ss 0:01 pump -i eth0
3242 ? Ss 0:00 /sbin/klogd
3247 ? Ss 0:00 /sbin/syslogd
3294 ? Ss 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid
3303 ? Ss 0:00 /usr/local/bin/bwctld -c /usr/local/etc
3310 ? S 0:00 /usr/local/sbin/fakewww
3311 ? S 0:00 /usr/local/sbin/web100srv -a
3317 ? Sl 0:00 python /usr/local/npad-dist/DiagServer.py -d -u npad -p /var/run/npad.pid
3325 ? Ss 0:00 /usr/local/bin/owampd -c /usr/local/etc
3332 ? S 0:00 /usr/local/sbin/shttpd -p3765 -d /usr/local/rev-tr -c .pl -C/usr/bin/perl
3365 tty1 Ss 0:00 /bin/login --
3367 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
3368 tty3 Ss+ 0:00 /sbin/getty 38400 tty3
3369 tty4 Ss+ 0:00 /sbin/getty 38400 tty4
3373 ttyS0 Ss+ 0:00 /sbin/getty -L ttyS0 9600 vt100
3386 tty1 S+ 0:00 -bash
3412 ? Ss 0:00 /usr/sbin/sshd
3414 ? Ss 0:00 sshd: knoppix [priv]
3417 ? S 0:00 sshd: knoppix@0
3418 /UNIONFS/dev/pts/0 Ss 0:00 -bash
3467 /UNIONFS/dev/pts/0 R+ 0:00 ps ax
|
Open ports:
Code Block |
---|
knoppix@0[~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:8100 *:* LISTEN
tcp 0 0 *:bootpc *:* LISTEN
tcp 0 0 *:8200 *:* LISTEN
tcp 0 0 *:3765 *:* LISTEN
tcp6 0 0 *:7123 *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
tcp6 0 0 *:4823 *:* LISTEN
tcp6 0 0 *:3001 *:* LISTEN
tcp6 0 0 *:861 *:* LISTEN
udp 0 0 172.16.203.130:ntp *:*
udp 0 0 NPToolkit:ntp *:*
udp 0 0 *:ntp *:*
udp6 0 0 fe80::20c:29ff:fe1b:ntp *:*
udp6 0 0 ip6-localhost:ntp *:*
udp6 0 0 *:ntp *:*
|
Note that SSH is on only for this demo.
The use of ipv6 is becauase the virtual machine is networked over ipv6.
Port | Use | Information |
---|---|---|
8100 | NPAD Control | Does not respond to HTTP |
8200 | NPAD | Traceroutes |
3765 | Reverse (SLAC) Traceroute server | cgi scripts |
3001 | Network Diagnostics Tool | Performance testing port |
7123 | Network Diagnostics Tool | web frontend to java applet for performance tests |
4823 | bwctl | bandwidth measurement |
861 | owamp | One way delay measurements |
On top of this list, iperf instances instantiated through bwctl
must also have some ports (tcp) open for tcp tests. The default range is 5001-5100.
Also NPAD requires ports 8002-8020 open.
Setting up Syslog
The syslog daemon starts on default. It can be customised with a copy of the syslog.conf
file.
Add the following code for syslog configuration in knoppix.sh
.
Code Block |
---|
# Syslog configuration
if [ -f /UNIONFS/media/$MNT/NPTools/syslog.conf ]; then
restore_NPT_file $MNT syslog.conf /etc/
fi
|
The standard syslog.conf was used from a slac machines (however, as netlog is accessible from anywhere by the slac subnet, this may be somewhat limited).
Testing Services
ntp
Code Block |
---|
knoppix@0[~]$ cp /etc/ntp.conf /mnt/sdb1/NPTools/
|
All of the servers are remoted from the file /mnt/sdb1/NPTools/ntp.conf
and were replaced with
Code Block |
---|
# You do need to talk to an NTP server or two (or three).
server 134.79.18.40
server 134.79.18.41
server 134.79.18.34
server 134.79.18.35
|
NDT
Going to
Code Block |
---|
http://172.16.203.130:7123/
|
shows up the ndt webpage where you can run the java applet.