Versions Compared

Old Version 4

changes.mady.by.user Yee-Ting Li

Saved on

compared with

New Version Current

changes.mady.by.user Zafar Gilani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

The benefit of running NPT over a standard install is as follows:

  • no need to recompile kernels for web100 each time
  • no need for taylor as updates are maintained by Internet2 (although time will tell if the security updates are sufficiently regular)
  • relocation of performance host trivial - pop cd into new machine and plug in the USB key - settings should be maintained
    • SLAC's reverse traceroute server run's on default on port 3765 (perhaps we should redirect to this host).

Disadvantages

  • no AFS client (yet?)
  • security strongly depends on release cycle of boot disk

Overview

This guide will look at

  • setting up a nptoolkit host
  • configuring services to suit SLAC, this specifically includes
    • syslog logging to a remote host
    • setting up the NPT server
    • Configuring ntp for SLAC's stratum servers
    • setting up bwctl servers
    • setting up owamp servers

It will also look at changing the NDT and rev-tracerouter servers to use apache2 instead of their own daemon http listeners.

Children Display

Boot

The Knoppix disk is a live cd. Hard-drive will be used to keep the data thus no particular need for a USB key. However the procedure is mentioned below.

Things have changed slightly since the arrival of pS Performance Toolkit 3.1. disk was downloaded (the page says version 1.7, but the boot cd says 1.8). It was booted in VMWare. It run's linux 2.6.20.10 with web100 hooks. After booting, you can log on with same user name and password i.e. 'knoppix' - no password is required.

USB key usage

Upon inserting a USB key into the connector, you get:

...

Code Block
knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
6
OWAMP server configuration program.

Manual configuration is currently required.  Please edit the
/usr/local/etc/owampd.conf and /usr/local/etc/owampd.limits files
to create custom versions for your site.

See http://e2epi.internet2.edu/owamp for more details.

Reboot

Let's reboot to see if things stick...

Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)

Keeping SSH Up (not recommended)

As per the FAQ,

Code Block

knoppix@0[~]$ cat /usr/local/NPToolkit/contrib/remote.access >> /mnt/sdb1/knoppix.sh 
knoppix@0[~]$ cp /usr/local/NPToolkit/contrib/remote.access /mnt/sdb1/NPTools/

however, there is a bit more to it to this (from looking into the remote.access file)

Passwords:

Code Block

knoppix@0[~]$ sudo cp /etc/passwd /mnt/sdb1/NPTools/passwd.new
knoppix@0[~]$ sudo cp /etc/shadow /mnt/sdb1/NPTools/shadow.new

SSH:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/sshd_config /mnt/sdb1/NPTools/sshd_config

don't i need to copy the keys over too? ie

Code Block

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub

So append /mnt/sdb1/knoppix.sh to include

Code Block

# Maintain SSH keys through reboot and host transfer
# append to knoppix.sh file on any external storage medium
#  by Yee-Ting Li (ytl@slac.stanford.edu)

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key ]; then
    restore_NPT_file $MNT ssh_host_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key.pub ]; then
    restore_NPT_file $MNT ssh_host_key.pub /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key ]; then
    restore_NPT_file $MNT ssh_host_rsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_rsa_key.pub /etc/ssh
fi      

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key ]; then
    restore_NPT_file $MNT ssh_host_dsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_dsa_key.pub /etc/ssh
fi

And copy the keys over to a directory on the thumbdrive:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/ssh_host_* /mnt/sdb1/NPTools/

The sshd server should start at boot now.

...

Static IP Address

Can be configured from the customize tool. However, i will leave it for now until the machine is installed.

Code Block

knoppix@0[~]$ customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
7
Welcome to the NPToolkit server Static IP configuration program.  This
program will prompt you for the necessary information for your site.

Use Static IP addresses or DHCP [static] :
Enter your IP address [192.168.1.99]  : 
Enter your Netmask value [255.255.255.0]  : 
Enter your gateway's IP address [192.168.1.1]  : 
Enter the network interface identifer [eth0]  : 
Enter your nameserver's IP address (3 max, blank line to exit early)  : 
mount: only root can do that
mount: only root can do that
Static IP customization files are being saved to 'sdb1'
Do you want to start this interface? [Yes] :

Reboot

Let's reboot to see if things stick...

Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)

Keeping SSH Up (not recommended)

As per the FAQ,

Code Block

knoppix@0[~]$ cat /usr/local/NPToolkit/contrib/remote.access >> /mnt/sdb1/knoppix.sh 
knoppix@0[~]$ cp /usr/local/NPToolkit/contrib/remote.access /mnt/sdb1/NPTools/

however, there is a bit more to it to this (from looking into the remote.access file)

Passwords:

Code Block
knoppix@0[~]$ sudo cp /etc/passwd /mnt/sdb1/NPTools/passwd.new
knoppix@0[~]$ pssudo cp /etc/shadow /mnt/sdb1/NPTools/shadow.new

SSH:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/sshd_config /mnt/sdb1/NPTools/sshd_config

don't i need to copy the keys over too? ie

Code Block

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub

So append /mnt/sdb1/knoppix.sh to include

Code Block

# Maintain SSH keys through reboot and host transfer
# append to knoppix.sh file on any external storage medium
#  by Yee-Ting Li (ytl@slac.stanford.edu)

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key ]; then
    restore_NPT_file $MNT ssh_host_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key.pub ]; then
    restore_NPT_file $MNT ssh_host_key.pub /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key ]; then
    restore_NPT_file $MNT ssh_host_rsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_rsa_key.pub /etc/ssh
fi      

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key ]; then
    restore_NPT_file $MNT ssh_host_dsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_dsa_key.pub /etc/ssh
fi

And copy the keys over to a directory on the thumbdrive:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/ssh_host_* /mnt/sdb1/NPTools/

The sshd server should start at boot now.

Running services

Code Block

knoppix@0[~]$ 
knoppix@0[~]$ ps ax
  PID TTY      STAT   TIME COMMAND
    1ax
  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [3] 
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S      0:00 [watchdog/0]
    5 ?        S<     0:00 [events/0]
    6 ?        S<     0:00 [khelper]
    7 ?        S<     0:00 [kthread]
   62 ?        S<     0:00 [kblockd/0]
   63 ?        S<     0:00 [kacpid]
  124 ?        S<     0:00 [ata/0]
  125 ?        S<Ss     0:00 init [ata_aux3] 
  126  2 ?        S<S      0:00 [kseriodmigration/0]
   153 3 ?        SSN      0:00 [pdflushksoftirqd/0]
  154  4 ?        S      0:00 [pdflushwatchdog/0]
    1555 ?        S<     0:00 [kswapd0events/0]
  156  6 ?        S<     0:00 [aio/0khelper]
    8127 ?        S<     0:00 [kpsmousedkthread]
  841 62 ?        S<     0:00 [ksuspend_usbdkblockd/0]
  844 63 ?        S<     0:00 [khubdkacpid]
  867124 ?        S<     0:00 [khpsbpktata/0]
  957125 ?        S<     0:00 [aufsdata_aux]
  958126 ?        S<     0:00 [aufsdkseriod]
  959153 ?        S<S      0:00 [aufsdpdflush]
  960154 ?        S S<     0:00 [aufsdpdflush]
 1124 155 ?        S< S<s    0:00 udevd --daemon[kswapd0]
 1576 156 ?        S<     0:00 [scsi_eh_aio/0]
 3047 812 ?        SsS<     0:00 /usr/bin/dbus-daemon --system
 3054[kpsmoused]
  841 ?        SsS<     0:00 /usr/sbin/hald[ksuspend_usbd]
 3055 844 ?        S S<     0:00 hald-runner[khubd]
 3076 867 ?        S S<     0:00 /usr/lib/hal/hald-addon-acpi
 3089[khpsbpkt]
  957 ?        S S<     0:00 /usr/lib/hal/hald-addon-keyboard
 3101[aufsd]
  958 ?        S S<     0:00 /usr/lib/hal/hald-addon-storage
 3220[aufsd]
  959 ?        SsS<     0:01 pump -i eth0
 324200 [aufsd]
  960 ?        SsS<     0:00 /sbin/klogd[aufsd]
 32471124 ?        SsS<s     0:00 /sbin/syslogdudevd --daemon
 32941576 ?        SsS<     0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid
 3303 [scsi_eh_0]
 3047 ?        Ss     0:00 /usr/local/bin/bwctld -cdbus-daemon --system
 3054 ?        Ss     0:00 /usr/localsbin/etchald
 33103055 ?        S      0:00 /usr/local/sbin/fakewwwhald-runner
 33113076 ?        S      0:00 /usr/locallib/sbin/web100srv -ahal/hald-addon-acpi
 33173089 ?        S Sl     0:00 python /usr/locallib/hal/npad-dist/DiagServer.py -d -u npad -p /var/run/npad.pid
 3325hald-addon-keyboard
 3101 ?        S      0:00 /usr/lib/hal/hald-addon-storage
 3220 ?        Ss     0:00 /usr/local/bin/owampd01 pump -c /usr/local/etci eth0
 33323242 ?        SSs      0:00 /usr/local/sbin/shttpd -p3765 -d /usr/local/rev-tr -c .pl -C/usr/bin/perl
 3365 tty1     klogd
 3247 ?        Ss     0:00 /binsbin/loginsyslogd
 --3294  ?      
 3367 tty2     Ss+Ss     0:00 /usr/sbin/gettyntpd 38400 tty2
 3368 tty3-p /var/run/ntpd.pid
 3303 ?        Ss+     0:00 /sbin/getty 38400 tty3
 3369 tty4usr/local/bin/bwctld -c /usr/local/etc
 3310 ?        S  Ss+    0:00 /usr/local/sbin/getty 38400 tty4
 3373 ttyS0    Ss+fakewww
 3311 ?        S      0:00 /usr/local/sbin/gettyweb100srv -La
 ttyS03317 9600? vt100
 3386 tty1     S+Sl     0:00 python -bash
 3412/usr/local/npad-dist/DiagServer.py -d -u npad -p /var/run/npad.pid
 3325 ?        Ss     0:00 /usr/local/bin/owampd -c /usr/local/etc
 3332 ?        S      0:00 /usr/local/sbin/sshd
 3414 ?        Ss     0:00 sshd: knoppix [priv]
 3417 ?        S      0:00 sshd: knoppix@0  
 3418 /UNIONFS/dev/pts/0 Ss   0:00 -bash
 3467 /UNIONFS/dev/pts/0 R+   0:00 ps ax

Open ports:

...

Setting up Syslog

...

/shttpd -p3765 -d /usr/local/rev-tr -c .pl -C/usr/bin/perl
 3365 tty1     Ss     0:00 /bin/login --        
 3367 tty2     Ss+    0:00 /sbin/getty 38400 tty2
 3368 tty3     Ss+    0:00 /sbin/getty 38400 tty3
 3369 tty4     Ss+    0:00 /sbin/getty 38400 tty4
 3373 ttyS0    Ss+    0:00 /sbin/getty -L ttyS0 9600 vt100
 3386 tty1     S+     0:00 -bash
 3412 ?        Ss     0:00 /usr/sbin/sshd
 3414 ?        Ss     0:00 sshd: knoppix [priv]
 3417 ?        S      0:00 sshd: knoppix@0  
 3418 /UNIONFS/dev/pts/0 Ss   0:00 -bash
 3467 /UNIONFS/dev/pts/0 R+   0:00 ps ax

Open ports:

Code Block

knoppix@0[~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:8100                  *:*                     LISTEN     
tcp        0      0 *:bootpc                *:*                     LISTEN     
tcp        0      0 *:8200                  *:*                     LISTEN     
tcp        0      0 *:3765                  *:*                     LISTEN     
tcp6       0      0 *:7123                  *:*                     LISTEN     
tcp6       0      0 *:ssh                   *:*                     LISTEN     
tcp6       0      0 *:4823                  *:*                     LISTEN     
tcp6       0      0 *:3001                  *:*                     LISTEN     
tcp6       0      0 *:861                   *:*                     LISTEN     
udp        0      0 172.16.203.130:ntp      *:*                                
udp        0      0 NPToolkit:ntp           *:*                                
udp        0      0 *:ntp                   *:*                                
udp6       0      0 fe80::20c:29ff:fe1b:ntp *:*                                
udp6       0      0 ip6-localhost:ntp       *:*                                
udp6       0      0 *:ntp                   *:*

Note that SSH is on only for this demo.

The use of ipv6 is becauase the virtual machine is networked over ipv6.

Port

Use

Information

8100

NPAD Control

Does not respond to HTTP

8200

NPAD

Traceroutes

3765

Reverse (SLAC) Traceroute server

cgi scripts

3001

Network Diagnostics Tool

Performance testing port

7123

Network Diagnostics Tool

web frontend to java applet for performance tests

4823

bwctl

bandwidth measurement

861

owamp

One way delay measurements

On top of this list, iperf instances instantiated through bwctl must also have some ports (tcp) open for tcp tests. The default range is 5001-5100.

Also NPAD requires ports 8002-8020 open.

Setting up Syslog

The syslog daemon starts on default. It can be customised with a copy of the syslog.conf file.

Add the following code for syslog configuration in knoppix.sh.

Code Block

# Syslog configuration
if [ -f /UNIONFS/media/$MNT/NPTools/syslog.conf ]; then
    restore_NPT_file $MNT syslog.conf /etc/
fi

The standard syslog.conf was used from a slac machines (however, as netlog is accessible from anywhere by the slac subnet, this may be somewhat limited).

Testing Services

ntp

Code Block
knoppix@0[~]$ cp /etc/ntp.conf /mnt/sdb1/NPTools/

...