Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
06ed1ee252f19cae2dffca20b7ce2d7e71d1153a
gitea-pages/infrastructure-guide/repo00.md
Konrad Bucheli cca9218803 fix some TOC warnings
2022-04-01 17:33:06 +02:00

6.9 KiB
Raw Blame History

repo00

This machine is a RHEL7 system not under Puppet control. This machine has no AFS dependencies. The basic service provided by this system is: httpd

This machine acts as a mirror for the RHEL7 iso images.

The installer iso images are downloaded from https://id-sat-prd.ethz.ch/pub/isos/ and put into /var/www/html/iso manually

The iso images in /var/www/html/iso then (automatically) mounted as loop devices by the pli-mount-iso-images.service. This is an enabled service and it runs once on system boot automatically. Otherwise changes are not monitored, if one puts an iso there and wants it mounted, a manual restart of the service is required for anything to happen.

[root@repo00 ~]# df -kh | grep /var/www
/dev/mapper/vg_repo-repofiles   1.4T 1003G  373G  73% /var/www/html
/dev/loop2                      7.1G  7.1G     0 100% /var/www/html/iso/HP.SPP.2020.03
/dev/loop3                      903M  903M     0 100% /var/www/html/iso/IP330.2019_0207.248
/dev/loop4                       12M   12M     0 100% /var/www/html/iso/Memtest86-7.5
/dev/loop6                      158M  158M     0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.1-1.0.2.0-rhel7.4-x86_64
/dev/loop7                      163M  163M     0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.2-1.0.0.0-rhel7.4-x86_64
/dev/loop9                      163M  163M     0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.2-1.2.0.0-rhel7.4-x86_64
/dev/loop10                     275M  275M     0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.7-1.0.0.1-rhel7.6-x86_64
/dev/loop11                     275M  275M     0 100% /var/www/html/iso/MLNX_OFED_LINUX-4.7-1.0.0.1-rhel7.7-x86_64
/dev/loop12                     5.5G  5.5G     0 100% /var/www/html/iso/P03093_001_spp-Gen8.1-SPPGen81.4
/dev/loop13                     5.7G  5.7G     0 100% /var/www/html/iso/P14481_001_spp-2019.03.0-SPP2019030.2019_0206.85
/dev/loop14                     5.8G  5.8G     0 100% /var/www/html/iso/P19473_001_spp-2019.09.0-SPP2019090.2019_0905.39
/dev/loop15                     7.0G  7.0G     0 100% /var/www/html/iso/P26228_001_spp-2019.12.0-SPP2019120.2019_1209.4
/dev/loop17                     7.9G  7.9G     0 100% /var/www/html/iso/rhel-8.2-x86_64-dvd
/dev/loop18                     8.9G  8.9G     0 100% /var/www/html/iso/rhel-8.3-x86_64-dvd
/dev/loop19                     3.8G  3.8G     0 100% /var/www/html/iso/rhel-server-7.4-x86_64-dvd
/dev/loop20                     4.4G  4.4G     0 100% /var/www/html/iso/rhel-server-7.5-x86_64-dvd
/dev/loop21                     4.2G  4.2G     0 100% /var/www/html/iso/rhel-server-7.6-x86_64-dvd
/dev/loop22                     4.2G  4.2G     0 100% /var/www/html/iso/rhel-server-7.7-x86_64-dvd
/dev/loop23                     4.3G  4.3G     0 100% /var/www/html/iso/rhel-server-7.8-x86_64-dvd
/dev/loop24                     4.3G  4.3G     0 100% /var/www/html/iso/rhel-server-7.9-x86_64-dvd

The pli-repo-mirror.timer runs a daily sync (at 21:30), which pulls the repos into /var/www/html/el7/sources . The name is misleading, these are actually all the latest repos.

From the above, a weekly snapshot (at Sun 23:30) is taken by the pli-repo-snapshot.timer.

The /opt/pli/libexec/pli-repo-zoom.sh is run via the pli-repo-zoom.timer timer, it maintains the zoom repo at /var/www/html/zoom/

The /opt/pli/libexec/pli-repo-yfs script is run via the pli-repo-yfs.timer timer. It syncs the auristor repo and apparently also create tags.

The scripts and files in /opt/pli (as well as a copy of the systemd files) can be found in this repository: https://git.psi.ch/linux-infra/repo00_pli-scripts

Provided http services:

[root@repo00 ~]# netstat -tulnp | grep http
tcp6       0      0 :::80                   :::*                    LISTEN      11278/httpd
tcp6       0      0 :::443                  :::*                    LISTEN      11278/httpd
[root@repo00 ~]#

The httpd configuration can be found in /etc/httpd/conf.d

[root@repo00 ~]# ls -l /etc/httpd/conf.d/
total 12
-rw-r--r--. 1 root root  694 Apr  9  2019 25-repo00.psi.ch_non_ssl.conf
-rw-r--r--. 1 root root 1131 Apr  9  2019 25-repo00.psi.ch_ssl.conf
-rw-r--r--. 1 root root  366 Oct  9  2020 README
[root@repo00 ~]#

The ssh certificate is located in /etc/pki/tls/

Directory Structure / Services

Questions / TODO

  • I added the /opt/pli directory under git control, the repo is https://git.psi.ch/linux-infra/repo00_pli-scripts. Ideally the pli-* service files in /etc/systemd/system should be replaced with links to the /opt/pli/systemd/pli* files. Could you please do that and test whether things still work.

    • SELinux is enforcing, this will not work.

  • Can you explain a little bit more the structure of the /var/www/html/ directory (what is where, who is responsible for certain directories, what are they needed for, ...). The content of the web directory:

[root@repo00 ~]# ls -la /var/www/html/
total 56
drwxr-xr-x. 11 root root 4096 Mar 29 11:32 .
drwxr-xr-x.  4 root root   31 Oct  9  2020 ..
drwxr-xr-x.  7 root root   71 Apr 12  2019 el7
drwxr-xr-x.  3 root root   16 Sep 21  2020 fcos
drwxr-xr-x.  3 root root 4096 Apr 24  2020 HP.FW.RPMs
drwxr-xr-x. 23 root root 4096 Apr 12 14:27 iso
-rw-r--r--.  1 root root 8605 Jun 11  2019 lxdev00.ks
-rw-r--r--.  1 root root 8604 Jun 13  2019 lxdev01.ks
drwxr-xr-x.  5 root root 4096 Oct 30  2018 mt86
drwxr-xr-x.  2 root root   87 Aug 31  2020 ppc
drwxr-xr-x.  5 root root   69 Apr 24  2020 rhcos
-rw-r--r--.  1 root root  356 Feb 18 13:58 rhel7_hashes.txt
-rw-r--r--.  1 root root  211 Nov 27  2018 rhel8.ipxe
drwxr-xr-x. 25 root root 4096 Nov 21  2019 yum
drwxr-xr-x.  3 root root 4096 Apr 12 23:23 zoom
  • el7 - where the automated mirroring and snapshotting is done
  • iso - where the images are placed and mounted
  • zoom - zoom repo

The rest were put there by hand. Much of it is probably not needed, but wouldn't know who needed them.

  • Is there any additional documentation on how this system was set up? Where can I find this? If not, could you add here some more details which packages and configs are important (beside the /opt/pli scripts/services)

    • I know of no further documentation and it was set up by Kai, years ago. It would take quite a bit of trial and error to reproduce.

  • Is the mentiond httpd config everything that is needed, who is taking care of this certificate, how is it installed? how is the expiration monitored?

    • I don't think anything further is needed. The cert is requested from SWITCH and placed here manually. It is not monitored. The owner/admin of this server must take care of this.

  • Could you replace the files in /etc/httpd/conf.d/25* with a link to /opt/pli/httpd/25* and see whether things still work (this way also the httpd config would be versioned).

  • No, SELinux.

  • Who belongs this repo? https://repo00.psi.ch/mt86/ (I guess mt86 is a person short code - unfortunately I cannot find this code in the phonebook)

    • It's memory test for x86 systems, not a person at PSI.
View Git Blame Copy Permalink