You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Background

NPToolkit is a knoppix based boot cd with a lot of the internet2 tools built in. This page looks at some features, security considerations and custom installation to be done at SLAC for deployment.

The benefit of running NPT over a standard install is as follows:

  • no need to recompile kernels for web100 each time
  • no need for taylor as updates are maintained by Internet2 (although time will tell if the security updates are sufficiently regular)
  • relocation of performance host trivial - pop cd into new machine and plug in the USB key - settings should be maintained

Disadvantages

  • no AFS client (yet?)
  • security strongly depends on release cycle of boot disk

Overview

This guide will look at

  • setting up a nptoolkit host
  • configuring services to suit SLAC, this specifically includes
    • syslog logging to a remote host
    • setting up the NPT server
    • Configuring ntp for SLAC's stratum servers
    • setting up bwctl servers
    • setting up owamp servers

Boot

The disk was downloaded (the page says version 1.7, but the boot cd says 1.8). It was booted in VMWare.

After booting, you can log on with user name 'knoppix' - no password is required.

Upon inserting a USB key into the connector, you get:

The drive is automounted, in this case, it's mounted under /mnt/sdb1.

We then copy the knoppix.sh file so that the thumbdrive will be picked up and auto run to override the relevant commands.

sudo cp /usr/local/etc/knoppix.sh /mnt/sdb1

Configure

There is a tool called customize.NPTools that handles the scripting to configure the tools present.

I'm too lazy to use the vmware screen to do the configuration, so i will set up a ssh daemon and ssh into it.

SSH

You can start a ssh daemon by running:

/etc/init.d/ssh start

After generating the keys (are these stored on the usb?), the daemon will run.

We now need to set a password for user 'knoppix' and to determine the IP address to access the NPToolkit machine on.

We can use ifconfig to determine the IP. You can run passwd to change the password.

Voila, you can now ssh into the host. (as i'm running under a virtual machine, only the host machine can access it for now).

Setup USB External Storage

Note that you need to copy the knoppix.sh to the relevant drives first.

knoppix@0[~]$ customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
1
Configuring system drive(s) to support customized tools.
Configure External USB drive 'sdb1' to hold NPToolkit customization files? [y] - y
done.

bwctl

knoppix@0[~]$ customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
2
BWCTL server configuration program.  
echo 
echo Manual configuration is currently required. Please edit the
echo /usr/local/etc/bwctld.conf and /usr/local/etc/bwctld.limits files
echo to create custom versions for your site.
echo 
echo See http://e2epi.internet2.edu/bwctl for more details.
/bin/rm: remove write-protected regular empty file `/tmp/customize.bwctld'? y
/bin/rm: cannot remove `/tmp/customize.bwctld': Operation not permitted
Internet2 Network Performance Tool Customization script

Hmm... try with sudo:

knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
2
BWCTL server configuration program.  
echo 
echo Manual configuration is currently required. Please edit the
echo /usr/local/etc/bwctld.conf and /usr/local/etc/bwctld.limits files
echo to create custom versions for your site.
echo 
echo See http://e2epi.internet2.edu/bwctl for more details.

npt

knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
3
Welcome to the NDT server configuration program.  This
program will create a custom tcpbw100.html file for your site.

Enter your site name [Internet2]  : Stanford Linear Accelerator Center
Enter your site's location [Ann Arbor - MI]  : Menlo Park - CA
Server connection info, enter 1 for 100 Mbps, 2 for 1 Gbps, 3 for 10 Gbps [2]  : 2

Information for email trouble reporting
Enter email userid [rcarlson]  : ytl 
Enter email domain name [internet2.edu]  : slac.stanford.edu
Enter default subject line [Trouble report from NPtoolkit-v1.8]  : 
The base web page 'tcpbw100.html' has now been created.  You
must move this file into the ndt_DATA directory [/usr/local/ndt]
created during the 'make' process.
Do you want to install this file now? [yes]  : yes
Enter location [/usr/local/ndt]  : 
NDT customization file being saved to 'sdb1'

NPAD

knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
4
NPAD server configuration program.  

/usr/local/npad-1.3 /ramdisk/home/knoppix

Importing existing config.xml.

---------------------------------------------------------------
| For each configuration value, you will see brief help       |
| followed by a prompt. Default values are in brackets on     |
| the prompt line.  To accept default values, press Enter.    |
---------------------------------------------------------------



The directory to install the diagnostic server,
including binaries, libraries, and configuration files.
It is recommended to use the default value.

Exec dir [/usr/local/npad-dist]: 


The directory to install web pieces, such as the tester
page and the Java and C clients.  If you are running the
built-in web server (recommended), the default value
should work.  Otherwise you will need to point to a
directory accessible by your web server.

Web dir [/usr/local/npad-dist/www]: 


The user as which the server will run.  We recommend using
a relatively unprivileged user.  If you specify a user
that doesn't exist, 'make install' will create it.

User [npad]: 


The group as which the server will run. We recommend using
a relatively unprivileged group.  If you specify a group
that doesn't exist, 'make install' will create it.

Group [npad]: 


The port that the control channel listens on.  It should be
safe to leave this alone unless you must work within
firewall restrictions, or unless another service is
using this port.

Control port [8100]: 


The bottom of the ephemeral port range used for test
connections.

Port range min [8002]: 


The top of the ephemeral port range used for test
connections.

Port range max [8020]: 


This package comes with a small python-based web server.
If you would like to use the server, enter "yes".
Otherwise you will need to have installed and set
up another web server such as Apache.

Use built-in web server [yes]: 


The port number used by the built-in web server

Built-in web server port [8200]: 


This name should should complete "NPAD server located at ...", and
will be used as the title for your server, as it appears on the
tester page.  You must supply a value.

Site (organization) name [Internet2 Knoppix-based NPAD Server]: Stanford Linear Accelerator Center NPAD Server


The geographical location of your server, probably a city name.
Since pathdiag works best over short distances, this information
will be included on the tester page so users can tell how close
they are to the server.  You must supply a value.

Site location [Please customize]: Menlo Park - CA


The (optional) name of the contact for your site.
This is probably you or the network support team.

Site contact name [RACarlson]: Yee-Ting Li


This is the (optional) email address for your site contact.

Site contact email [rcarlson@internet2.edu]: ytl@slac.stanford.edu

Configuration complete.  You're now ready to 'make'.

make[1]: Entering directory `/UNIONFS/usr/local/npad-1.3/diag_server'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/UNIONFS/usr/local/npad-1.3/diag_server'
make[1]: Entering directory `/UNIONFS/usr/local/npad-1.3/pathdiag'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/UNIONFS/usr/local/npad-1.3/pathdiag'
make[1]: Entering directory `/UNIONFS/usr/local/npad-1.3/diag_server'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/UNIONFS/usr/local/npad-1.3/diag_server'
make[1]: Entering directory `/UNIONFS/usr/local/npad-1.3/pathdiag'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/UNIONFS/usr/local/npad-1.3/pathdiag'

Group npad already exists.  Will not create.

User npad already exists.  Will not create.

Installing...

rm -f /usr/local/npad-dist/config.xml /usr/local/npad-dist/template_diag_form.html
cp config.xml template_diag_form.html /usr/local/npad-dist/
make[1]: Entering directory `/UNIONFS/usr/local/npad-1.3'
make[2]: Entering directory `/UNIONFS/usr/local/npad-1.3/diag_server'
cp *.py /usr/local/npad-dist
cp DiagClient.jar diag-client.c /usr/local/npad-dist/www
make[2]: Leaving directory `/UNIONFS/usr/local/npad-1.3/diag_server'
make[2]: Entering directory `/UNIONFS/usr/local/npad-1.3/pathdiag'
cp pathdiag.py* pathtools.py* prettyhtml.py* pathlib.py* _pathlib.so mkdatasummary.py *.fmt /usr/local/npad-dist
cp boxes.css help.html /usr/local/npad-dist/www/ServerData

Regenerating report summary...  Done.

make[2]: Leaving directory `/UNIONFS/usr/local/npad-1.3/pathdiag'
make[1]: Leaving directory `/UNIONFS/usr/local/npad-1.3'
chown -R npad.npad "/usr/local/npad-dist/www/ServerData"
/ramdisk/home/knoppix
/usr/local/npad-dist/www /ramdisk/home/knoppix
NPAD customization files are being saved to 'sdb1'
/ramdisk/home/knoppix

NTP

knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
5
NTP server configuration program.  

Manual configuration is currently required.  Please edit the
/etc/ntpd.conf file to create custom versinos.
create custom version for your site.

owamp

knoppix@0[~]$ sudo customize.NPtools 
Internet2 Network Performance Tool Customization script
    Tools listed in RED need to be customized
        1. Setup Drive(s) to hold customization files
        2. bwctl
        3. ndt
        4. npad
        5. ntp
        6. owamp
        7. staticIP
        0. exit
6
OWAMP server configuration program.

Manual configuration is currently required.  Please edit the
/usr/local/etc/owampd.conf and /usr/local/etc/owampd.limits files
to create custom versions for your site.

See http://e2epi.internet2.edu/owamp for more details.

Reboot

Let's reboot to see if things stick...

Knoppix looses it's password (so you'll have to passwd again)
SSHD regenerates keys (so you have to modify known_hosts)

Keeping SSH Up (not recommended)

Setting up Syslog

Keeping up syslog over reboot

Testing Services

ntp

NDT

bwctl

owamp

thrulay

  • No labels