Versions Compared

Old Version 5

changes.mady.by.user Yee-Ting Li

Saved on

compared with

New Version Current

changes.mady.by.user Zafar Gilani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

The benefit of running NPT over a standard install is as follows:

  • no need to recompile kernels for web100 each time
  • no need for taylor as updates are maintained by Internet2 (although time will tell if the security updates are sufficiently regular)
  • relocation of performance host trivial - pop cd into new machine and plug in the USB key - settings should be maintained
    • SLAC's reverse traceroute server run's on default on port 3765 (perhaps we should redirect to this host).

Disadvantages

  • no AFS client (yet?)
  • security strongly depends on release cycle of boot disk

Overview

This guide will look at

  • setting up a nptoolkit host
  • configuring services to suit SLAC, this specifically includes
    • syslog logging to a remote host
    • setting up the NPT server
    • Configuring ntp for SLAC's stratum servers
    • setting up bwctl servers
    • setting up owamp servers

It will also look at changing the NDT and rev-tracerouter servers to use apache2 instead of their own daemon http listeners.

Children Display

Boot

The Knoppix disk is a live cd. Hard-drive will be used to keep the data thus no particular need for a USB key. However the procedure is mentioned below.

Things have changed slightly since the arrival of pS Performance Toolkit 3.1. After booting disk was downloaded (the page says version 1.7, but the boot cd says 1.8). It was booted in VMWare. It run's linux 2.6.20.10 with web100 hooks.After booting, you can log on with same user name and password i.e. 'knoppix' - no password is required..

USB key usage

Upon inserting a USB key into the connector, you get:

...

Code Block
knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
6
OWAMP server configuration program.

Manual configuration is currently required.  Please edit the
/usr/local/etc/owampd.conf and /usr/local/etc/owampd.limits files
to create custom versions for your site.

See http://e2epi.internet2.edu/owamp for more details.

Reboot

Let's reboot to see if things stick...

Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)

Keeping SSH Up (not recommended)

As per the FAQ,

Code Block

knoppix@0[~]$ cat /usr/local/NPToolkit/contrib/remote.access >> /mnt/sdb1/knoppix.sh 
knoppix@0[~]$ cp /usr/local/NPToolkit/contrib/remote.access /mnt/sdb1/NPTools/

however, there is a bit more to it to this (from looking into the remote.access file)

Passwords:

Code Block

knoppix@0[~]$ sudo cp /etc/passwd /mnt/sdb1/NPTools/passwd.new
knoppix@0[~]$ sudo cp /etc/shadow /mnt/sdb1/NPTools/shadow.new

SSH:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/sshd_config /mnt/sdb1/NPTools/sshd_config

don't i need to copy the keys over too? ie

Code Block

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub

So append /mnt/sdb1/knoppix.sh to include

Code Block

# Maintain SSH keys through reboot and host transfer
# append to knoppix.sh file on any external storage medium
#  by Yee-Ting Li (ytl@slac.stanford.edu)

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key ]; then
    restore_NPT_file $MNT ssh_host_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key.pub ]; then
    restore_NPT_file $MNT ssh_host_key.pub /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key ]; then
    restore_NPT_file $MNT ssh_host_rsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_rsa_key.pub /etc/ssh
fi      

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key ]; then
    restore_NPT_file $MNT ssh_host_dsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_dsa_key.pub /etc/ssh
fi

And copy the keys over to a directory on the thumbdrive:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/ssh_host_* /mnt/sdb1/NPTools/

The sshd server should start at boot now.

...

Static IP Address

Can be configured from the customize tool. However, i will leave it for now until the machine is installed.

Code Block

knoppix@0[~]$ customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
7
Welcome to the NPToolkit server Static IP configuration program.  This
program will prompt you for the necessary information for your site.

Use Static IP addresses or DHCP [static] :
Enter your IP address [192.168.1.99]  : 
Enter your Netmask value [255.255.255.0]  : 
Enter your gateway's IP address [192.168.1.1]  : 
Enter the network interface identifer [eth0]  : 
Enter your nameserver's IP address (3 max, blank line to exit early)  : 
mount: only root can do that
mount: only root can do that
Static IP customization files are being saved to 'sdb1'
Do you want to start this interface? [Yes] :

Reboot

Let's reboot to see if things stick...

Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)

Keeping SSH Up (not recommended)

As per the FAQ,

Code Block

knoppix@0[~]$ cat /usr/local/NPToolkit/contrib/remote.access >> /mnt/sdb1/knoppix.sh 
knoppix@0[~]$ cp /usr/local/NPToolkit/contrib/remote.access /mnt/sdb1/NPTools/

however, there is a bit more to it to this (from looking into the remote.access file)

Passwords:

Code Block
knoppix@0[~]$ 
knoppix@0sudo cp /etc/passwd /mnt/sdb1/NPTools/passwd.new
knoppix@0[~]$ pssudo cp /etc/shadow /mnt/sdb1/NPTools/shadow.new

SSH:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/sshd_config /mnt/sdb1/NPTools/sshd_config

don't i need to copy the keys over too? ie

Code Block

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub

So append /mnt/sdb1/knoppix.sh to include

Code Block

# Maintain SSH keys through reboot and host transfer
# append to knoppix.sh file on any external storage medium
#  by Yee-Ting Li (ytl@slac.stanford.edu)

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key ]; then
    restore_NPT_file $MNT ssh_host_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_key.pub ]; then
    restore_NPT_file $MNT ssh_host_key.pub /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key ]; then
    restore_NPT_file $MNT ssh_host_rsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_rsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_rsa_key.pub /etc/ssh
fi      

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key ]; then
    restore_NPT_file $MNT ssh_host_dsa_key /etc/ssh
fi

if [ -f /UNIONFS/media/$MNT/NPTools/ssh_host_dsa_key.pub ]; then
    restore_NPT_file $MNT ssh_host_dsa_key.pub /etc/ssh
fi

And copy the keys over to a directory on the thumbdrive:

Code Block

knoppix@0[~]$ sudo cp /etc/ssh/ssh_host_* /mnt/sdb1/NPTools/

The sshd server should start at boot now.

Running services

Code Block

knoppix@0[~]$ 
knoppix@0[~]$ ps ax
  PID TTY      STAT   TIME COMMAND
    1ax
  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [3] 
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S      0:00 [watchdog/0]
    5 ?        S<     0:00 [events/0]
    6 ?        S<     0:00 [khelper]
    7 ?        S<     0:00 [kthread]
   62 ?        S<     0:00 [kblockd/0]
   63 ?        S<     0:00 [kacpid]
  124 ?        S<     0:00 [ata/0]
  125 ?        S<     0:00 [ata_aux]
  126 ?        S<     0:00 [kseriod]
  153 ?        S      0:00 [pdflush]
  154 ?        S Ss     0:00 init [pdflush3] 
    1552 ?        S<S      0:00 [kswapd0migration/0]
    1563 ?        S<SN     0:00 [aioksoftirqd/0]
    8124 ?        S S<     0:00 [kpsmousedwatchdog/0]
   841 5 ?        S<     0:00 [ksuspend_usbdevents/0]
    8446 ?        S<     0:00 [khubdkhelper]
    8677 ?        S<     0:00 [khpsbpktkthread]
  957 62 ?        S<     0:00 [aufsdkblockd/0]
   95863 ?        S<     0:00 [aufsdkacpid]
  959124 ?        S<     0:00 [aufsdata/0]
  960125 ?        S<     0:00 [aufsdata_aux]
 1124 126 ?        S< S<s    0:00 udevd --daemon
 1576[kseriod]
  153 ?        S S<     0:00 [scsi_eh_0pdflush]
 3047 154 ?        S Ss     0:00 /usr/bin/dbus-daemon --system
 3054[pdflush]
  155 ?        SsS<     0:00 /usr/sbin/hald[kswapd0]
 3055 156 ?        SS<      0:00 hald-runner
 3076[aio/0]
  812 ?        SS<      0:00 /usr/lib/hal/hald-addon-acpi
 3089[kpsmoused]
  841 ?        S S<     0:00 /usr/lib/hal/hald-addon-keyboard
 3101[ksuspend_usbd]
  844 ?        S S<     0:00 /usr/lib/hal/hald-addon-storage
 3220[khubd]
  867 ?        SsS<     0:01 pump -i eth0
 324200 [khpsbpkt]
  957 ?        SsS<     0:00 /sbin/klogd
 3247[aufsd]
  958 ?        SsS<     0:00 /sbin/syslogd
 3294[aufsd]
  959 ?        SsS<     0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid
 3303 [aufsd]
  960 ?        SsS<     0:00 /usr/local/bin/bwctld -c /usr/local/etc
 3310[aufsd]
 1124 ?        S<s    0:00 udevd --daemon
 1576 ?        SS<      0:00 /usr/local/sbin/fakewww
 3311[scsi_eh_0]
 3047 ?        SSs      0:00 /usr/local/sbin/web100srv -a
 3317bin/dbus-daemon --system
 3054 ?        SlSs     0:00 python /usr/local/npad-dist/DiagServer.py -d -u npad -p /var/run/npad.pid
 3325 ?        Sssbin/hald
 3055 ?        S      0:00 /usr/local/bin/owampd -c /usr/local/etc
 3332hald-runner
 3076 ?        S      0:00 /usr/locallib/sbinhal/shttpd hald-p3765 addon-d /usr/local/rev-tr -c .pl -C/usr/bin/perl
 3365 tty1acpi
 3089 ?        S Ss     0:00 /bin/login --  usr/lib/hal/hald-addon-keyboard
 3101 ?      
 3367 tty2  S   Ss+    0:00 /sbin/getty 38400 tty2
 3368 tty3usr/lib/hal/hald-addon-storage
 3220 ?        Ss+     0:00 /sbin/getty 38400 tty3
 3369 tty401 pump -i eth0
 3242 ?        Ss+     0:00 /sbin/getty 38400 tty4
 3373 ttyS0klogd
 3247 ?        Ss+     0:00 /sbin/gettysyslogd
 -L3294 ttyS0? 9600 vt100
 3386 tty1     S+Ss     0:00 -bash
 3412 /usr/sbin/ntpd -p /var/run/ntpd.pid
 3303 ?        Ss     0:00 /usr/sbin/sshd
 3414local/bin/bwctld -c /usr/local/etc
 3310 ?        SsS      0:00 sshd: knoppix [priv]
 3417/usr/local/sbin/fakewww
 3311 ?        S      0:00 sshd: knoppix@0  
 3418 /UNIONFS/dev/pts/0 Ss   0:00 -bash
 3467 /UNIONFS/dev/pts/0 R+/usr/local/sbin/web100srv -a
 3317 ?        Sl     0:00 ps ax

Open ports:

Code Block

knoppix@0[~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   python /usr/local/npad-dist/DiagServer.py -d -u npad -p /var/run/npad.pid
 3325 ?        ForeignSs Address         State0:00 /usr/local/bin/owampd -c /usr/local/etc
 3332 ?      
tcp  S      0:00 /usr/local/sbin/shttpd -p3765 -d /usr/local/rev-tr -c 0 *:8100  .pl -C/usr/bin/perl
 3365 tty1     Ss     0:00 /bin/login --    *:*    
 3367 tty2     Ss+    0:00 /sbin/getty 38400 tty2
 3368 tty3 LISTEN    Ss+ 
tcp   0:00 /sbin/getty 38400 tty3
 3369 0tty4     Ss+ 0 *:bootpc  0:00 /sbin/getty 38400 tty4
 3373 ttyS0    Ss+     *0:*00 /sbin/getty -L ttyS0 9600 vt100
 3386 tty1     S+     0:00 -bash
 3412 ? LISTEN     
tcp   Ss     0:00 /usr/sbin/sshd
 3414 ?   0 *:8200    Ss     0:00 sshd: knoppix [priv]
 3417 ?    *:*    S      0:00 sshd: knoppix@0  
 3418 /UNIONFS/dev/pts/0 Ss   0:00 -bash
 3467 /UNIONFS/dev/pts/0 R+   0:00 ps ax

Open ports:

Code Block

knoppix@0[~]$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address  LISTEN     
tcp        0      0 *:3765          Foreign Address       *:*  State                   LISTEN
tcp     
tcp6       0      0 *:71238100                  *:*                     LISTEN     
tcp6tcp        0      0 *:sshbootpc                   *:*                     LISTEN     
tcp6tcp        0      0 *:48238200                  *:*                     LISTEN     
tcp6tcp        0      0 *:30013765                  *:*                     LISTEN     
tcp6       0      0 *:861 7123                  *:*                     LISTEN     
tcp6       0      0 ::ffff:172.16.203.1:ssh ::ffff:172.16.203:54248 ESTABLISHED
udp*:ssh         0      0 172.16.203.130:ntp      *:*                     LISTEN     
tcp6      
udp 0      0 0*:4823      0 NPToolkit:ntp           *:*                           LISTEN     
udptcp6        0      0 *:ntp 3001                  *:*                     LISTEN     
tcp6      
udp6 0      0 *:861     0 fe80::20c:29ff:fe1b:ntp *:*              *:*                     LISTEN     
udp6udp        0      0 ip6-localhost172.16.203.130:ntp       *:*                                
udp6udp        0      0 *NPToolkit:ntp           *:*        *:*

Setting up Syslog

     
udp        0      0 *:ntp                   *:*                                
udp6       0      0 fe80::20c:29ff:fe1b:ntp *:*                                
udp6       0      0 ip6-localhost:ntp       *:*                                
udp6       0      0 *:ntp                   *:*

Note that SSH is on only for this demo.

The use of ipv6 is becauase the virtual machine is networked over ipv6.

Port

Use

Information

8100

NPAD Control

Does not respond to HTTP

8200

NPAD

Traceroutes

3765

Reverse (SLAC) Traceroute server

cgi scripts

3001

Network Diagnostics Tool

Performance testing port

7123

Network Diagnostics Tool

web frontend to java applet for performance tests

4823

bwctl

bandwidth measurement

861

owamp

One way delay measurements

On top of this list, iperf instances instantiated through bwctl must also have some ports (tcp) open for tcp tests. The default range is 5001-5100.

Also NPAD requires ports 8002-8020 open.

Setting up Syslog

The syslog daemon starts on default. It can be customised with a copy of the syslog.conf file.

Add the following code for syslog configuration in knoppix.sh.

...

The standard syslog.conf was copied from the slac machinesused from a slac machines (however, as netlog is accessible from anywhere by the slac subnet, this may be somewhat limited).

Testing Services

ntp

Code Block
knoppix@0[~]$ cp /etc/ntp.conf /mnt/sdb1/NPTools/

...