diff --git a/_toc.yml b/_toc.yml index 6a274736..180c3b3f 100644 --- a/_toc.yml +++ b/_toc.yml @@ -29,9 +29,7 @@ parts: - file: infrastructure-guide/boot_server - file: infrastructure-guide/sysdb_server - file: infrastructure-guide/puppet01 - - file: infrastructure-guide/repo00 - - file: infrastructure-guide/repo01 - - file: infrastructure-guide/reposync + - file: infrastructure-guide/repo_server - file: infrastructure-guide/lxweb00 - file: infrastructure-guide/login - file: infrastructure-guide/influx00 diff --git a/admin-guide/architecture/networking.rst b/admin-guide/architecture/networking.rst index 2823611e..664a27b8 100644 --- a/admin-guide/architecture/networking.rst +++ b/admin-guide/architecture/networking.rst @@ -29,7 +29,7 @@ use the internal one. Source Destination (internal) Destination (external) Ports Purpose ------- ----------------------- ---------------------- ------------- -------------------- any puppet01 puppet01 8080, 8140 Puppet -any repo00 repo00 80, 443 Software Packages +any repos.psi.ch repos.psi.ch 80, 443 Software Packages ======= ======================= ====================== ============= ==================== diff --git a/admin-guide/deployment/_static/legacy_boot.puml b/admin-guide/deployment/_static/legacy_boot.puml index 86004ced..2c10abcd 100644 --- a/admin-guide/deployment/_static/legacy_boot.puml +++ b/admin-guide/deployment/_static/legacy_boot.puml @@ -5,7 +5,7 @@ participant "BIOS Node\n(legacy boot)" as bootnode participant "QIP DHCP" as dhcp participant "boot.psi.ch" as pxeserver participant "sysdb.psi.ch" as sysdb -participant "repo00.psi.ch" as reposerver +participant "repos.psi.ch" as reposerver admin -> bootnode : boots up diff --git a/admin-guide/deployment/_static/uefi_boot.puml b/admin-guide/deployment/_static/uefi_boot.puml index f8cb179d..7eb8b7ce 100644 --- a/admin-guide/deployment/_static/uefi_boot.puml +++ b/admin-guide/deployment/_static/uefi_boot.puml @@ -5,7 +5,7 @@ participant "UEFI Node" as bootnode participant "QIP DHCP" as dhcp participant "boot.psi.ch" as pxeserver participant "sysdb.psi.ch" as sysdb -participant "repo01.psi.ch" as reposerver +participant "repos.psi.ch" as reposerver admin -> bootnode : boots up diff --git a/admin-guide/deployment/infrastructure.rst b/admin-guide/deployment/infrastructure.rst index 37c030eb..daf98211 100644 --- a/admin-guide/deployment/infrastructure.rst +++ b/admin-guide/deployment/infrastructure.rst @@ -17,11 +17,12 @@ other for production, with the following hostnames: +--------------------+----------------+-----------------+ | Role | testing host | production host | +====================+================+=================+ +| boot server | - | boot.psi.ch | | sysdb server | - | sysdb.psi.ch | +--------------------+----------------+-----------------+ | puppet server | puppet00-test | puppet01 | +--------------------+----------------+-----------------+ -| repository server | repo00-test | repo00 | +| repository server | - | repos.psi.ch | +--------------------+----------------+-----------------+ The Sysdb Server @@ -49,7 +50,7 @@ The service that provides clones of different repositories (RHEL, Puppetlabs, Google Chrome) plus some internally developed ones for specific products (eg. GPFS). -You can reach the production one at: ``_. +You can reach the production one at: ``_. Deployment of an infrastructure server ====================================== diff --git a/admin-guide/deployment/ipxe.rst b/admin-guide/deployment/ipxe.rst index bb9edc86..b4ebb019 100644 --- a/admin-guide/deployment/ipxe.rst +++ b/admin-guide/deployment/ipxe.rst @@ -12,16 +12,16 @@ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/in ``` -[root@repo01 tmp]# cd /tmp -[root@repo01 tmp]# curl -OL http://repos.psi.ch/rhel9/iso/rhel-baseos-9.1-x86_64-dvd/BaseOS/Packages/shim-x64-15.6-1.el9.x86_64.rpm +[root@ tmp]# cd /tmp +[root@ tmp]# curl -OL http://repos.psi.ch/rhel9/iso/rhel-baseos-9.1-x86_64-dvd/BaseOS/Packages/shim-x64-15.6-1.el9.x86_64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 471k 100 471k 0 0 92.0M 0 --:--:-- --:--:-- --:--:-- 92.0M -[root@repo01 tmp]# curl -LO http://repos.psi.ch/rhel9/iso/rhel-baseos-9.1-x86_64-dvd/BaseOS/Packages/grub2-efi-x64-2.06-46.el9.x86_64.rpm +[root@lx-repos-01 tmp]# curl -LO http://repos.psi.ch/rhel9/iso/rhel-baseos-9.1-x86_64-dvd/BaseOS/Packages/grub2-efi-x64-2.06-46.el9.x86_64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1333k 100 1333k 0 0 8550k 0 --:--:-- --:--:-- --:--:-- 8550k -[root@repo01 tmp]# rpm2cpio shim-x64-15.6-1.el9.x86_64.rpm | cpio -dimv +[root@ tmp]# rpm2cpio shim-x64-15.6-1.el9.x86_64.rpm | cpio -dimv ./boot/efi/EFI/BOOT/BOOTX64.EFI ./boot/efi/EFI/BOOT/fbx64.efi ./boot/efi/EFI/redhat/BOOTX64.CSV @@ -30,7 +30,7 @@ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/in ./boot/efi/EFI/redhat/shimx64-redhat.efi ./boot/efi/EFI/redhat/shimx64.efi 9232 blocks -[root@repo01 tmp]# rpm2cpio grub2-efi-x64-2.06-46.el9.x86_64.rpm | cpio -dimv +[root@ tmp]# rpm2cpio grub2-efi-x64-2.06-46.el9.x86_64.rpm | cpio -dimv ./boot/efi/EFI/redhat/grubx64.efi ./boot/grub2/fonts ./boot/grub2/fonts/unicode.pf2 @@ -40,9 +40,9 @@ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/in ./etc/grub2-efi.cfg ./etc/grub2.cfg 9612 blocks -[root@repo01 tmp]# ls boot/efi/EFI/redhat/ +[root@ tmp]# ls boot/efi/EFI/redhat/ BOOTX64.CSV grubx64.efi mmx64.efi shim.efi shimx64.efi shimx64-redhat.efi -[root@repo01 tmp]# ls -la boot/efi/EFI/redhat/ +[root@ tmp]# ls -la boot/efi/EFI/redhat/ total 6088 drwxr-xr-x. 2 root root 122 Mar 1 16:16 . drwxr-xr-x. 4 root root 32 Mar 1 16:16 .. @@ -52,7 +52,7 @@ drwxr-xr-x. 4 root root 32 Mar 1 16:16 .. -rwx------. 1 root root 946736 Jun 7 2022 shim.efi -rwx------. 1 root root 946736 Jun 7 2022 shimx64.efi -rwx------. 1 root root 938808 Jun 7 2022 shimx64-redhat.efi -[root@repo01 tmp]# +[root@ tmp]# ``` diff --git a/admin-guide/deployment/sample.rst b/admin-guide/deployment/sample.rst index 3eb61f98..ad8d69a8 100644 --- a/admin-guide/deployment/sample.rst +++ b/admin-guide/deployment/sample.rst @@ -23,7 +23,7 @@ Setting up bob The `bob` tool is already set up on `lxsup00.psi.ch`. You might connect with `ssh` and use it from there. -Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repo00.psi.ch/el7/manual/pli-misc/ +Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repos.psi.ch/rhel7/latest/pli-misc/ You might need to set a `PSI_BOB_USER` environment variable (`export PSI_BOB_USER=`) or use the option `--user` if your local user is different from the one on sysdb. diff --git a/admin-guide/puppet/profiles/repository.rst b/admin-guide/puppet/profiles/repository.rst index fe8ef01f..9eb06826 100644 --- a/admin-guide/puppet/profiles/repository.rst +++ b/admin-guide/puppet/profiles/repository.rst @@ -38,7 +38,7 @@ Description of the package repository. URL where the repository is available from, e.g.:: - https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/ + https://repos.psi.ch/rhel8/tags/$pli_repo_tag/epel/ ``gpgkey`` @@ -46,7 +46,7 @@ URL where the repository is available from, e.g.:: URL or file path where the signing GPG key is available from, e.g.:: - https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8 + https://repos.psi.ch/rhel8/keys/RPM-GPG-KEY-EPEL-8 ``gpgcheck`` diff --git a/admin-guide/puppet/profiles/repository_list.rst b/admin-guide/puppet/profiles/repository_list.rst index a4fec414..29b6da15 100644 --- a/admin-guide/puppet/profiles/repository_list.rst +++ b/admin-guide/puppet/profiles/repository_list.rst @@ -35,8 +35,8 @@ Example:: rpm_repos::repo::epel_rhel8: name: 'epel' descr: "Extra Packages for Enterprise Linux 8" - baseurl: 'https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/' - gpgkey: 'https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8' + baseurl: 'https://repos.psi.ch/rhel8/tags/$pli_repo_tag/epel/' + gpgkey: 'https://repos.psi.ch/rhel8/keys/epel.gpg' disable: false gpgcheck: true osversion: 8 @@ -46,7 +46,7 @@ Example:: rpm_repos::repo::epel_rhel7: name: 'epel' descr: "Extra Packages for Enterprise Linux 7" - baseurl: 'https://repo00.psi.ch/el7/tags/$pli_repo_tag/epel/' + baseurl: 'https://repos.psi.ch/rhel7/tags/$pli_repo_tag/epel/' disable: false gpgcheck: false osversion: 7 diff --git a/admin-guide/software.rst b/admin-guide/software.rst index 7e15c1b6..daaae8a7 100644 --- a/admin-guide/software.rst +++ b/admin-guide/software.rst @@ -58,8 +58,7 @@ We maintain an internal mirror for every repository that we use, or at least a local repository containing the specific packages. We never point ``yum.conf`` (or any other package manager) to an external repository directly. -The repository server is ``repo00.psi.ch``, and there is a corresponding test -system, ``repo00-test.psi.ch``. +The repository server is ``repos.psi.ch``. Currently we maintain the following repositories: diff --git a/infrastructure-guide/boot_server.md b/infrastructure-guide/boot_server.md new file mode 100644 index 00000000..9fc8e646 --- /dev/null +++ b/infrastructure-guide/boot_server.md @@ -0,0 +1 @@ +# Boot Server diff --git a/infrastructure-guide/infrastructure_systems.md b/infrastructure-guide/infrastructure_systems.md index 1ca5bbe7..43a2d8cb 100644 --- a/infrastructure-guide/infrastructure_systems.md +++ b/infrastructure-guide/infrastructure_systems.md @@ -9,9 +9,7 @@ __Core Infrastructure:__ * [puppet01](puppet01) - puppet.psi.ch - 129.129.160.118 - Runs the puppet server for the RHEL7 infra -* [repo00](repo00) - 129.129.160.212 - RPM/Yum repository server for RHEL7 - -* [repo01](repo01) - 129.129.190.190 - RPM/Yum repository server for RHEL8 +* [repos.psi.ch](repo_server) - RPM/Yum repository server for RHEL7/8/... * [lxweb00](lxweb00) - http://linux.web.psi.ch - 129.129.190.46 - Exports further repositories from AFS @@ -40,7 +38,7 @@ __Enduser Systems__ ## Metrics -* [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_pli&var-host=influx00.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch&var-host=repo00.psi.ch&var-host=reposync.psi.ch) +* [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_lx&var-host=influx00.psi.ch&var-host=lx-boot-01.psi.ch&var-host=lx-puppet-01.psi.ch&var-host=lx-repos-01.psi.ch&var-host=lx-sysdb-01.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch) # Procedures diff --git a/infrastructure-guide/newver.md b/infrastructure-guide/newver.md index 79e6152a..39ba8067 100644 --- a/infrastructure-guide/newver.md +++ b/infrastructure-guide/newver.md @@ -1,12 +1,6 @@ **Adding a new RHEL version to the RHEL7 install mechanism** -Download the iso image on repo00 from https://id-sat-prd.ethz.ch/pub/isos/ - -``` -[root@repo00 ~]# cd /var/www/html/iso/ -[root@repo00 iso]# wget https://id-sat-prd.ethz.ch/pub/isos/7Server/rhel-server-7.9-x86_64-dvd.iso -[root@repo00 iso]# systemctl restart pli-mount-iso-images.service -``` +Download the iso image on repos.psi.ch from https://id-sat-prd-02.ethz.ch/pub/isos/ and add it to the /packages/rhel[7/8]/iso directory The service restart mounts the iso as a loop device into a directory of the same name. @@ -24,4 +18,4 @@ Once the change is committed, the changes have to be pulled on sysdb.psi.ch: [root@sysdb ~]# systemctl restart httpd ``` -The changes only come live after a restart of the httpd. \ No newline at end of file +The changes only come live after a restart of the httpd. diff --git a/infrastructure-guide/overview_linux.drawio.svg b/infrastructure-guide/overview_linux.drawio.svg index 6d90fed2..1796dc9c 100644 --- a/infrastructure-guide/overview_linux.drawio.svg +++ b/infrastructure-guide/overview_linux.drawio.svg @@ -1,4 +1,4 @@ - + @@ -38,27 +38,23 @@ - - - - - + -
+ - - iso sync: https://id-sat-prd.ethz.ch/pub/... + + iso sync: https://id-sat-prd-02.ethz.ch/pub/i... @@ -128,8 +124,6 @@ - - @@ -155,7 +149,6 @@ - @@ -173,8 +166,6 @@ - - @@ -253,7 +244,7 @@
- id-sat-prd.ethz.ch + id-sat-prd-02.ethz.ch
(located at and operated by ETHZ)
@@ -261,7 +252,7 @@
- id-sat-prd.ethz.ch... + id-sat-prd-02.ethz.c... @@ -310,8 +301,6 @@ - - @@ -325,14 +314,14 @@ sources defined in - /etc/yum.repos.d/rhel.repo + /opt/rpm-repo-utils/etc/...
- repo sync  sources defined in /etc/yum.repos.d/r... + repo sync  sources defined in /opt/rpm-repo-util... @@ -482,7 +471,7 @@
- repo sync RHEL8 + repo sync RHEL7/8
@@ -512,80 +501,6 @@ - - - - -
-
-
-
- - repo00.psi.ch - -
-
- - 129.129.160.212 - -
-
-
-
- - - repo00.psi.ch... - - - - - - -
-
-
-
- - Services: - -
-
- - repo sync RHEL7 - -
-
-
-
-
-
-
-
- - - Services:... - - - - - - - -
-
-
- - /packages - -
-
-
- - - /packages - - - @@ -846,13 +761,17 @@
- puppet01.psi.ch + puppet.psi.ch +
+ + puppet01.psi.ch +
- puppet01.psi.ch + puppet.psi.ch... @@ -1058,6 +977,8 @@ + + diff --git a/infrastructure-guide/pxeserv01.md b/infrastructure-guide/pxeserv01.md deleted file mode 100644 index c98b8e54..00000000 --- a/infrastructure-guide/pxeserv01.md +++ /dev/null @@ -1,19 +0,0 @@ -# boot.psi.ch - -This server hosts the tftp service (port 69) used for pxe booting. - - -# Important -For any changes in the pxe config settings there might be a delay of 30 seconds before the clients see the changes! - - -# pxelinux.cfg directory -(/afs/psi.ch/service/linux/tftpboot/pxelinux.cfg /tftpboot/pxelinux.cfg) - -There are several syntax variants, which can be used for specific pxelinux configuration files. It can do hostnames, ip addresses, hexa encoded expressions of either an IP or a subnet, partial or full MACs. etc.. For details see: https://wiki.syslinux.org/wiki/index.php?title=PXELINUX - -# grub.cfg files -(/afs/psi.ch/service/linux/tftpboot/grub.cfg* /tftpboot/grub.cfg*) - -Beside the default `grub.cfg` there can similar to `pxelinux` a host or network specific `grub` configuration files. -For details see the [Grub Manual](https://www.gnu.org/software/grub/manual/grub/grub.html#Network), but note that the MAC address documentation is wrong: smiliar as for `pxelinux` the MAC address must be prepended with `01-` to denote the network hardware type Ethernet. \ No newline at end of file diff --git a/infrastructure-guide/repo00.md b/infrastructure-guide/repo00.md deleted file mode 100644 index 409340f3..00000000 --- a/infrastructure-guide/repo00.md +++ /dev/null @@ -1,125 +0,0 @@ -# repo00 - -This machine is a RHEL7 system **not** under Puppet control. This machine has no AFS dependencies. -The basic service provided by this system is: httpd - -This machine acts as a mirror for the RHEL7 iso images. - -The installer iso images are downloaded from https://id-sat-prd.ethz.ch/pub/isos/ and put into /var/www/html/iso manually - -The iso images in `/var/www/html/iso` then (automatically) mounted as loop devices by the `pli-mount-iso-images.service`. This is an enabled service and it runs once on system boot automatically. Otherwise changes are not monitored, if one puts an iso there and wants it mounted, a manual restart of the service is required for anything to happen. - - -``` -[root@repo00 ~]# df -kh | grep /var/www -/dev/mapper/vg_repo-repofiles 1.4T 1003G 373G 73% /var/www/html -/dev/loop2 7.1G 7.1G 0 100% /var/www/html/iso/HP.SPP.2020.03 -/dev/loop3 903M 903M 0 100% /var/www/html/iso/IP330.2019_0207.248 -/dev/loop4 12M 12M 0 100% /var/www/html/iso/Memtest86-7.5 -/dev/loop6 158M 158M 0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.1-1.0.2.0-rhel7.4-x86_64 -/dev/loop7 163M 163M 0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.2-1.0.0.0-rhel7.4-x86_64 -/dev/loop9 163M 163M 0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.2-1.2.0.0-rhel7.4-x86_64 -/dev/loop10 275M 275M 0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.7-1.0.0.1-rhel7.6-x86_64 -/dev/loop11 275M 275M 0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.7-1.0.0.1-rhel7.7-x86_64 -/dev/loop12 5.5G 5.5G 0 100% /var/www/html/iso/P03093_001_spp-Gen8.1-SPPGen81.4 -/dev/loop13 5.7G 5.7G 0 100% /var/www/html/iso/P14481_001_spp-2019.03.0-SPP2019030.2019_0206.85 -/dev/loop14 5.8G 5.8G 0 100% /var/www/html/iso/P19473_001_spp-2019.09.0-SPP2019090.2019_0905.39 -/dev/loop15 7.0G 7.0G 0 100% /var/www/html/iso/P26228_001_spp-2019.12.0-SPP2019120.2019_1209.4 -/dev/loop17 7.9G 7.9G 0 100% /var/www/html/iso/rhel-8.2-x86_64-dvd -/dev/loop18 8.9G 8.9G 0 100% /var/www/html/iso/rhel-8.3-x86_64-dvd -/dev/loop19 3.8G 3.8G 0 100% /var/www/html/iso/rhel-server-7.4-x86_64-dvd -/dev/loop20 4.4G 4.4G 0 100% /var/www/html/iso/rhel-server-7.5-x86_64-dvd -/dev/loop21 4.2G 4.2G 0 100% /var/www/html/iso/rhel-server-7.6-x86_64-dvd -/dev/loop22 4.2G 4.2G 0 100% /var/www/html/iso/rhel-server-7.7-x86_64-dvd -/dev/loop23 4.3G 4.3G 0 100% /var/www/html/iso/rhel-server-7.8-x86_64-dvd -/dev/loop24 4.3G 4.3G 0 100% /var/www/html/iso/rhel-server-7.9-x86_64-dvd -``` - - -The `pli-repo-mirror.timer` runs a daily sync (at 21:30), which pulls the repos into `/var/www/html/el7/sources` . The name is misleading, these are actually all the latest repos. - -From the above, a weekly snapshot (at Sun 23:30) is taken by the `pli-repo-snapshot.timer`. - -The `/opt/pli/libexec/pli-repo-zoom.sh` is run via the `pli-repo-zoom.timer` timer, it maintains the zoom repo at /var/www/html/zoom/ - - -The `/opt/pli/libexec/pli-repo-yfs` script is run via the `pli-repo-yfs.timer` timer. It syncs the auristor repo and apparently also create tags. - - -The scripts and files in /opt/pli (as well as a copy of the systemd files) can be found in this repository: -https://git.psi.ch/linux-infra/repo00_pli-scripts - - - -Provided http services: -``` -[root@repo00 ~]# netstat -tulnp | grep http -tcp6 0 0 :::80 :::* LISTEN 11278/httpd -tcp6 0 0 :::443 :::* LISTEN 11278/httpd -[root@repo00 ~]# -``` - -The httpd configuration can be found in /etc/httpd/conf.d -``` -[root@repo00 ~]# ls -l /etc/httpd/conf.d/ -total 12 --rw-r--r--. 1 root root 694 Apr 9 2019 25-repo00.psi.ch_non_ssl.conf --rw-r--r--. 1 root root 1131 Apr 9 2019 25-repo00.psi.ch_ssl.conf --rw-r--r--. 1 root root 366 Oct 9 2020 README -[root@repo00 ~]# -``` -The ssh certificate is located in `/etc/pki/tls/` - -# Directory Structure / Services - -![](repo00_overview.drawio.svg) - - -# Questions / TODO -- I added the /opt/pli directory under git control, the repo is https://git.psi.ch/linux-infra/repo00_pli-scripts. Ideally the pli-* service files in /etc/systemd/system should be replaced with links to the /opt/pli/systemd/pli* files. Could you please do that and test whether things still work. - - - SELinux is enforcing, this will not work. - - -- Can you explain a little bit more the structure of the /var/www/html/ directory (what is where, who is responsible for certain directories, what are they needed for, ...). The content of the web directory: -``` -[root@repo00 ~]# ls -la /var/www/html/ -total 56 -drwxr-xr-x. 11 root root 4096 Mar 29 11:32 . -drwxr-xr-x. 4 root root 31 Oct 9 2020 .. -drwxr-xr-x. 7 root root 71 Apr 12 2019 el7 -drwxr-xr-x. 3 root root 16 Sep 21 2020 fcos -drwxr-xr-x. 3 root root 4096 Apr 24 2020 HP.FW.RPMs -drwxr-xr-x. 23 root root 4096 Apr 12 14:27 iso --rw-r--r--. 1 root root 8605 Jun 11 2019 lxdev00.ks --rw-r--r--. 1 root root 8604 Jun 13 2019 lxdev01.ks -drwxr-xr-x. 5 root root 4096 Oct 30 2018 mt86 -drwxr-xr-x. 2 root root 87 Aug 31 2020 ppc -drwxr-xr-x. 5 root root 69 Apr 24 2020 rhcos --rw-r--r--. 1 root root 356 Feb 18 13:58 rhel7_hashes.txt --rw-r--r--. 1 root root 211 Nov 27 2018 rhel8.ipxe -drwxr-xr-x. 25 root root 4096 Nov 21 2019 yum -drwxr-xr-x. 3 root root 4096 Apr 12 23:23 zoom -``` - -* el7 - where the automated mirroring and snapshotting is done -* iso - where the images are placed and mounted -* zoom - zoom repo - -The rest were put there by hand. Much of it is probably not needed, but wouldn't know who needed them. - -- Is there any additional documentation on how this system was set up? Where can I find this? If not, could you add here some more details which packages and configs are important (beside the /opt/pli scripts/services) - - - I know of no further documentation and it was set up by Kai, years ago. It would take quite a bit of trial and error to reproduce. - -- Is the mentiond httpd config everything that is needed, who is taking care of this certificate, how is it installed? how is the expiration monitored? - - - I don't think anything further is needed. The cert is requested from SWITCH and placed here manually. It is not monitored. The owner/admin of this server must take care of this. - -- Could you replace the files in /etc/httpd/conf.d/25* with a link to /opt/pli/httpd/25* and see whether things still work (this way also the httpd config would be versioned). - - - No, SELinux. - -- Who belongs this repo? https://repo00.psi.ch/mt86/ (I guess mt86 is a person short code - unfortunately I cannot find this code in the phonebook) - - - It's memory test for x86 systems, not a person at PSI. diff --git a/infrastructure-guide/repo00_overview.drawio.svg b/infrastructure-guide/repo00_overview.drawio.svg deleted file mode 100644 index a10593ea..00000000 --- a/infrastructure-guide/repo00_overview.drawio.svg +++ /dev/null @@ -1,629 +0,0 @@ - - - - - - - - -
-
-
- el7 -
-
-
- - - el7 - - - - - - - - -
-
-
- zoom -
-
-
- - - zoom - - - - - - - - -
-
-
- iso -
-
-
- - - iso - - - - - - - - -
-
-
- xxx -
-
-
- - - xxx - - - - - - - - -
-
-
- xxx.iso -
-
-
- - - xxx.iso - - - - - - - - - - -
-
-
- - pli-mount-iso-images.service -
- [on system/manual (re)start] -
- -
-
-
- - - pli-... - - - - - - - -
-
-
- yum repo, definitely wrong place !!! -
-
-
- - - yum repo, definitely... - - - - - - - - -
-
-
- - pli-repo-zoom.service -
- [23:23 - - ] -
-
-
- - - pli-... - - - - - - - - -
-
-
- keys -
-
-
- - - keys - - - - - - - -
-
-
- gpg keys for yum repos -
- - (most probably outdated) -
- (seems now things are in /etc/pki/rpm-gpg/ ???? - - ) - - -
-
-
- - - gpg keys for yum repos... - - - - - - - - -
-
-
- manual -
-
-
- - - manual - - - - - - - -
-
-
- repos created manually -
-
-
- - - repos created manually - - - - - - - - -
-
-
- /var/www/html -
-
-
- - - /var/www/... - - - - - - - - -
-
-
- nxserver -
-
-
-
- - - nxserver - - - - - - - -
-
-
- accessible only by specific hosts - protected by .htaccess file -
-
-
- - - accessible only by specif... - - - - - - - - -
-
-
- sources -
-
-
- - - sources - - - - - - - - -
-
-
- - pli-repo-yfs.service -
- [01:30] -
- -
-
-
- - - pli-... - - - - - - - - -
-
-
- auristor -
-
-
- - - auristor - - - - - - - - -
-
-
- ... -
-
-
- - - ... - - - - - - - - -
-
-
- - pli-repo-mirror.service -
- [21:30] -
- -
-
-
- - - pli-... - - - - - - - - -
-
-
- snapshots -
-
-
- - - snapshots - - - - - - - - -
-
-
- tags -
-
-
- - - tags - - - - - - - - -
-
-
- - pli-repo-snapshot.service -
- [Sun 23:30] -
- -
-
-
- - - pli-... - - - - - - - - - - - - - -
-
-
- currently overwrites autistor directory in all the tags matching the pattern: prod-0 -
-
-
- - - currently overwrites auti... - - - - - - - -
-
-
- creates a prod tag depending on following certain condition(s): -
- - is there a AFS kernel module for latest kernel -
-
-
- - - creates a prod tag depending on following... - - - - - - - - -
-
-
- - - rhel-7.x - - - - -> ../snapshots/snap-xxxxx - -
- - - r77c1 - - -
- - prodhpc - - - -> ../snapshots/snap-xxxxx - -
- - - prod - - - - -> ../snapshots/snap-xxxxx - -
- - - prod-xxxxx - - - - -> ../snapshots/snap-xxxxx - -
- - latest - - - -> ../snapshots/snap-xxxxx - -
- - db_prod - - - -> ../snapshots/snap-xxxxx - -
- - cuda-9.2 -> ../snapshots/snap-xxxxx - -
- - - beta - - -
-
-
- - - rhel-7.x... - - - - - - - - -
-
-
- snap-xxxxx -
-
-
- - - snap-xxxxx - - - - - - - -
-
-
- all tags other than - - prod - - , - - prod-xxxxx - - and - - rhel-7.x - - are done manually -
-
-
- - - all tags other than prod,  prod... - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/infrastructure-guide/repo01.md b/infrastructure-guide/repo01.md deleted file mode 100644 index 1ade38a4..00000000 --- a/infrastructure-guide/repo01.md +++ /dev/null @@ -1,84 +0,0 @@ -# repo01.psi.ch - -This machine is a RHEL8 system **not** under Puppet control. This machine has no AFS dependencies. -The basic service provided by this system is: httpd - -This machine acts as a mirror for the RHEL8 iso images. - -Repo01 is connected to the Satelitte server from ETH Zürich. The Red Hat repositories are synced from there. - -The installer iso images are downloaded from https://access.redhat.com/downloads and put into `/var/www/html/iso` manually - -The iso images in `/var/www/html/iso` are then (automatically) mounted as loop devices by the pli-mount-iso-images.service under `/etc/systemd/system/`. Otherwise changes are not monitored, if a new iso is put there, a manual restart of the service is required for anything to happen. - -```bash -df -kh | grep /var/www -/dev/loop0 11G 11G 0 100% /var/www/html/iso/rhel85 /dev/loop1 6.7G 6.7G 0 100% /var/www/html/iso/rhel80 -``` - -Under `/opt/pli/libexec` exist five shell scripts that run with systemctl timer. - -The pli-repo-mirror runs a daily sync (at 21:30) via `/etc/systemd/system/pli-repo-mirror.timer`, which pulls the latest repos into `/var/www/html/el8/sources`. - -The `gen-snapshot-page` is the basic script to generate a snapshot. - -From the above, a weekly snapshot (at Sun 23:30) is taken by the `pli-repo-snapshot` via the `pli-repo-snapshot.timer` - -From there the snapshot_is_prodable checks wheter the new snapshot is ready for a new prod tag. -It will check if the latest yfs kernel module corresponds with the latest rhel8 kernel. -If the kernel and the yfs module version correspond a prod snapshot is made under `/var/www/html/el8/tags` - -The `pli-repo-zoom` is run via the `pli-repo-zoom.timer`. It maintains the zoom repo at `/var/www/html/zoom/` - -The `pli-repo-yfs` script is run via the `pli-repo-yfs.timer`. It syncs the auristor repo and apparently also create tags. - -In case of emergency, you can run a snapshot by force. Then you have to add the version before you can run the script - -```bash -$./pli-repo-snapshot el8 -``` -Under `/etc/systemd/system/` we have all the `pli-repo*` timer and service configurations. -In order to start a new timer/service, the service and timer have to be a enabled. - - -Under `/opt/pli/etc/mirror/` you find the repolist, cuda and yum.conf - -Under `/etc/yum.repos.d/` you find the redhat.repo. This are the Red Hat repositories that are synced from ETH. - -Under `/var/www/html/el8/keys/` you find the rpm-gpg-keys -Under `/var/www/html/el8/manual/` you find the repos for nxserver. There is no automatic synchronisation for the rpms, they will be downloaded manually from the responsible person. -Under `/var/www/html/el8/snapshots/` you will find all the preprod snapshots -Under `/var/www/html/el8/sources` you will find the packages and repodata from synced rpms. -Under `/var/www/html/el8/tags/` you will find all prod tags - - -Under `/var/www/html/ipxe` is for testing purposes -Under `/var/www/html/iso` you find the rhel-8.0 and the rhel-8.5 iso image. -Under `/var/www/html/ks-test` you find the new kickstart directory, for testing. If all works this can be deleted. - -The URI is https://repo01.psi.ch/el8/sources/ - -Provided http services: - -```bash -[root@repo01 ~]# netstat -tulnp | grep http -tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3634/httpd -tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3634/httpd -``` - -The httpd configuration can be found in `/etc/httpd/conf.d` - -```bash -[root@repo01 ~]# ls -l /etc/httpd/conf.d/ -total 12 --rw-r--r--. 1 root root 694 Apr 9 2019 25-repo01.psi.ch_non_ssl.conf --rw-r--r--. 1 root root 1131 Apr 9 2019 25-repo01.psi.ch_ssl.conf --rw-r--r--. 1 root root 366 Oct 9 2020 README -`````` - -The ssl certificate is located in `/etc/pki/tls/certs` - -For the certificate renewal the CSR configuration is under /root/certs - - -https://git.psi.ch/linux-infra/repo01_pli-scripts diff --git a/infrastructure-guide/repo_server.md b/infrastructure-guide/repo_server.md new file mode 100644 index 00000000..21cc5895 --- /dev/null +++ b/infrastructure-guide/repo_server.md @@ -0,0 +1 @@ +# Repository Server diff --git a/infrastructure-guide/sysdb_server.md b/infrastructure-guide/sysdb_server.md index f857f216..75178b6f 100644 --- a/infrastructure-guide/sysdb_server.md +++ b/infrastructure-guide/sysdb_server.md @@ -1,11 +1,7 @@ -# boot00: SysDB API server +# Sysdb Server https://git.psi.ch/linux-infra/sysdb/ is pulled into /var/www/sysdb/app/ (no automation, just by hand) httpd runs the service and it needs restarting, when pulling changes Access rights are granted on the environment level (bob env list). At this time, most of the users and groups come from the AD, except for the sysdb-admins, which is defined locally, see /etc/group - -Detailed documentation of the software is at: - -https://linux.psi.ch/admin-guide/index.html diff --git a/rhel8/nvidia.md b/rhel8/nvidia.md index 10b6cdd2..ed9a5ac3 100644 --- a/rhel8/nvidia.md +++ b/rhel8/nvidia.md @@ -88,7 +88,7 @@ A CUDA version needs a suitably new driver version, but old CUDA versions are su Instead of using Puppet/Hiera, you may also manage the drivers manually. -Note that drivers made available by default are curated, that means it contains only non-beta production drivers. If you want all drivers available, you need to use `https://repo01.psi.ch/el8/sources/cuda8/` as URL for the package repository. +Note that drivers made available by default are curated, that means it contains only non-beta production drivers. If you want all drivers available, you need to use `https://repos.psi.ch/rhel8/sources/cuda8/` as URL for the package repository. ### Select the Driver Branch @@ -169,7 +169,7 @@ systemctl start nvidia-persistenced ## Regular Tasks by the Core Linux Team -- classify new driver branches and beta versions in the [snapshot preparation script](https://git.psi.ch/linux-infra/repo01_pli-scripts/-/blob/master/libexec/fix-snapshot/20_remove_nvidia_beta_drivers#L90) +- classify new driver branches and beta versions in the [snapshot preparation script](https://git.psi.ch/linux-infra/rpm-repo-utils/-/blob/main/bin/fix-snapshot/20_remove_nvidia_beta_drivers#L90) - update the latest production branch in [Puppet managed vidia software installation script](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/files/nvidia/ensure-nvidia-software#L17) - add more production/long term support branches supported by [`nvidia-detect`](http://elrepo.org/tiki/nvidia-detect) to the [Puppet managed Nvidia software installation script](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/files/nvidia/ensure-nvidia-software#L62) - update the [driver version to CUDA version mapping script](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/files/nvidia/suitable_cuda_version#L21) according to new entries in the [CUDA Release Notes](https://docs.nvidia.com/cuda/cuda-toolkit-release-notes/index.html) diff --git a/rhel8/software.md b/rhel8/software.md index 1e0c2462..8577366f 100644 --- a/rhel8/software.md +++ b/rhel8/software.md @@ -220,8 +220,8 @@ An individual package repository is configured in Hiera within the namespace `rp rpm_repos::repo::epel_rhel8: name: 'epel' descr: "Extra Packages for Enterprise Linux 8" - baseurl: 'https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/' - gpgkey: 'https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8' + baseurl: 'https://repos.psi.ch/rhel8/tags/$pli_repo_tag/epel/' + gpgkey: 'https://repos.psi.ch/rhel8/keys/epel.gpg' disable: false gpgcheck: true osversion: 8 @@ -260,7 +260,7 @@ If certain packages provided by given repository should be ignored on the nodes, ### Using Specific Package Repository Snapshot -Most of the externally sourced package repositories on `repo00.psi.ch` (RHEL7) and `repo01.psi.ch` (RHEL 8) have snapshots which can be used to freeze the available package versions to a given date. +Most of the externally sourced package repositories on https://repos.psi.ch/rhel7 (RHEL7) and https://repos.psi.ch/rhel8 (RHEL 8) have snapshots which can be used to freeze the available package versions to a given date. The tags are different per major OS version and are definied in the Hiera hash `rpm_repos::tag`, below you see the default: @@ -277,8 +277,8 @@ So for RHEL 7 the default is `prod` and can be overriden on `yum_client::repo_ta To fix to a specific snapshot on RHEL 8, the `redhat8` attribute has to be set on `rpm_repos::tag`, the default is `rhel-8` which points to the latest snapshot. The available tags your find at -- [https://repo01.psi.ch/el8/tags/](https://repo01.psi.ch/el8/tags/) for RHEL 8 (note the `prod` tag will phase out) -- [https://repo00.psi.ch/el7/tags/](https://repo00.psi.ch/el7/tags/) for RHEL 7 +- [https://repos.psi.ch/rhel8/tags/](https://repos.psi.ch/rhel8/tags/) for RHEL 8 (note the `prod` tag will phase out) +- [https://repos.psi.ch/rhel7/tags/](https://repos.psi.ch/rhel7/tags/) for RHEL 7 ### Package Repositories made Available by the Linux Group