KayapoKayapo is a Tribler server. This wiki page will present some notes that came up during the installation. This may help when either something with this server goes wrong, or when a clean installation is required. HardwareThe server allows for six harddisks to be hot-swapped in the front. Currently three 320GB 15000 RPM (SEAGATE ST3300656SS HS09) drives are installed. The first two operate in RAID 1 mode. The third is currently unused. DebianBootingAfter the installation the grub boot loader was unable to find the kernal. This is because debian was unable to correctly detect the order of the disks (one virtual volume for the raid, one normal -unused- disk). In the grub boot loader mennu you have the option to change the boot configuration. Make sure that it boots from (hd0,0) instead of (hd1,0). After booting, change the file /boot/grub/menu.lst (all uncommented entries) to ensure that you don't have to do this manually each time. Network settingsdpkg-reconfigureWe make the debian package manager more robust by ensuring that it always run in text mode instead of ncurses when some configuration is required. dpkg-reconfigure debconf # for the dialog frontend choose: readline # for the priority keep the default: high /etc/exim4/update-exim4.conf.confExim is installed (by default?) to handle (outgoing) email. The default configuration only handles local email exchange. To enable email to be send to other domains change the following: # in /etc/exim4/update-exim4.conf.conf set: dc_eximconfig_configtype='internet' /root/server-maintenance/user-management.py (User management)With the introduction of Kayapo we try to use a single-point login. Therefore, we point kerberos.tribler.org to the kayapo server and configure this system to act as a kerberos host. How to setup a kerberos server/client will not be discussed on this wiki. File /root/server-maintenance/user-management.py should be used to add, fix, remove, and check user accounts. # Either download the files statically cd /root wget http://svn.tribler.org/abc/branches/boudewijn/junkyard/server-maintenance/kayapo/management.py wget http://svn.tribler.org/abc/branches/boudewijn/junkyard/server-maintenance/kayapo/user-management.py chmod a+x user-management.py # Or download them through svn and retain the possiblility to store updates cd /root svn checkout https://svn.tribler.org/abc/branches/boudewijn/junkyard/server-maintenance The user-management tool creates ssh connections to each service that has user information (i.e. kerberos.tribler.org to manage the kerberos principals, tribler.org to manage trac permissions, kayapo.tribler.org to manage the user account on kayapo, pygmee.tribler.org to manage the user account on pygmee). The ssh connection must be established using public-key-authentication to remove the need for passwords to be entered constantly. Before using the user-management tool each server should be known, therefore, do an ssh <user>@<server>:<port> to each server that is managed and answer yes (as seen below) The authenticity of host 'kayapo.tribler.org (130.161.211.245)' can't be established. RSA key fingerprint is 3f:c0:41:26:34:d2:3b:62:e7:fa:87:88:34:cb:76:32. Are you sure you want to continue connecting (yes/no)? yes Use ssh-keygen on kayapo to generate a private/public keypair and copy the contents of /root/.ssh/id_rsa.pub to the .ssh/authorized_keys files of the servers that should be accessed. Information on how the user-management script can be used (adding, removing, fixing, checking, etc.) is described in the UserManagement page. KerberosKerberos was installed using a tutorial from http://techpubs.spinlocksolutions.com/dklar/kerberos.html. Settings:
Master/slaveThe setup described in the previous section does not include a slave KDC server. Since many Tribler services depend on Kerberos we need at least one backup Kerberos. The following steps can be taken to add a slave KDC server and keep it synchronized. Note that the master KDC server is responsible for changes (new principals, password changes) the slave is simply a copy. Hence, when the master dies no new principals or password changes are possible. Furthermore, do not forget to configure PAM as is described in the following section. Linux authentication (PAM)Regular linux authentication uses the PAM (Pluggable Authentication Modules). PAM can be configured to use the regular pam_unix.so authentication and pam_krb5.so (Kerberos 5) together. This configuration has to be done on Kerberos and all other linux servers that use the kerberos authentication. After configuration, the authentication procedure first attempts to use pam_unix.so (which sould fail because the user password entries in /etc/shadow should contain *K* instead of the password hash) followed by an authentication attempt at kerberos.tribler.org The /root/server-maintenence/user-management.py tool ensures that that kerberos principals (with a valid password) and unix users (with the invalid *K* password) exist after adding or changing a user account. Postgres authentication |