wp4 hands-on workshop: edg lcfgng exercises

PartnerLogo

German Cancio – WP4-install LCFG HOW-TO - n° 1

WP4 hands-on workshop:EDG LCFGng exercises

[email protected]


Overview

LCFGng Exercises

1. Simple reconfiguration of root password

2. Changing polling interval, forcing profile updates

3. Managing users

4. Managing RPM’s

5. Installing and managing components


Exercise 1:Simple client reconfiguration:

changing the root password of the client


Simple client reconfiguration (I)

Proceed:

1. Log on to the server XXX.cern.ch (see blackboard)

1. As root, password: XXXX (see blackboard)

2. Log on your client

1. As root; machine name and password on blackboard

3. On the server, start editing your machine’s configuration file

cd /var/obj/conf/server/source

vi or emacs <mymachine>

4. Change the client’s root password

1. Use an encrypted password generated eg. with perl:

2. perl –e ‘print crypt(“mypassword”,rt);’

3. Change auth.rootpwd to the new encrypted password


Simple client reconfiguration (II)

5. Compile the profile using mkxprof, verifying that no errors or warnings produced

/usr/sbin/mkxprof –v <mynode> # use –v –s for updating web pg

6. Wait until the profile is propagated to the client (~ 60 seconds)

The client node is notified automatically of changes using UDP, but sometimes UDP packages are lost, so there is also a regular polling.

7. On the client, check that the configuration has been received

Run qxprof: qxprof auth.rootpwd

8. On the client, check that /etc/shadow has been updated properly.

9. Open another connection to the client, and verify that your new root password actually works ;-)

10. On the client, check the auth log file in /var/obj/log/auth


Exercise 2:Changing client polling interval,

force profile updates


LCFGng polling and profile updates (I)

The client.poll resource defines the polling interval

qxprof client.poll

Poll=5m+1m -> this means that a poll is done every 5 minutes plus a random interval ranging from zero seconds to 1m.

To change the polling frequence, edit your client component configuration file, and add a line:

+client.poll 1m+1s This will set the polling to 1m and a random interval of 1s. Reminder: the ‘+’ before ‘client’ tells rdxprof to overwrite an existing value.

Run mkxprof on the server

Go to the client, wait for a moment and verify that the polling interval has been changed in the profile

qxprof client.poll

Poll=1m+1s


LCFGng polling and profile updates (II)

You can now run ‘ps –auxwwwww|grep client’ and verify that the rdxprof process has now the new poll interval.

LCFG profile updates can be forced by restarting the client by hand.

/etc/obj/client restart will do this.

This may be useful in case the client process ‘hangs’ for whatever reason.


Exercise 3:Adding users


Adding users (I) Users have to be defined in the auth.XXX resources.

auth.users: space separated list of user login names auth.userpwd_<userX>, auth.userhome_<userX>, auth.usergroup_<userX> …

But, if we want to ADD a user to the already existing user list, we can’t just redefine auth.users!

If we define in a header file (animal-farm-users.h)

auth.users napoleon squealer snowball

And we want to add a user ‘boxer’ in our machine’s config file

#include “animal-farm-users.h”

+auth.users boxer

The end result will be only ‘boxer’! Since the old value is overwritten.

The EXTRA macro defined in macros-cfg.h is useful here.

#include “animal-farm-users.h”

EXTRA(auth.users) boxer

The end result will be: auth.users napoleon squealer snowball boxer


Adding users (II)

Exercise:

Edit your machine’s configuration file, include “animal-farm-users.h”, and add the following user:

Username: “Horse Boxer” Login name: boxer Encrypted password: <pick one> Home directory: /home/boxer Group: farm Shell: /bin/sh

Hint: have a look at how ‘animal-farm-users.h’ defines users ;-)

Hint2: use the EXTRA macro ;-)

Compile the configuration with mkxprof

On the client, verify that /etc/password and /etc/shadow have been regenerated, and that the home directory has been created.


Adding users (III)

Exercise (contd.):

Removing users: just remove all configuration entries related to the user (or remove appropriate #include statements), and re-run mkxprof.

Note that the home directories of removed users are not deleted.

Homework: Check the man page of the auth component (man edg-lcfg-auth) for more resources to configure.


Exercise 4:Adding and removing RPMs


Adding and removing RPM’s (I)

In order to add/remove packages to a client, the corresponding RPM’s have to be added to the Repository and to the RPM configuration files.

Updaterpms requires to generate special ‘RPM header files’. These RPM header files are created and updated by running ‘make’ in the repository area directories after downloading the RPM’s.

Have a look at the Makefile under /opt/local/linux/6.2/RPMS/LCFGng

The RPM configuration files are stored under /opt/local/linux/6.2/rpmcfg

The configuration file is defined by the component configuration resource updaterpms.rpmcfg

Run on the client: qxprof updaterpms.rpmcfg to find out your configuration file.


Adding and removing RPMs (II)

Adding a RPM to the Repository: Copy the RPM to the repository location on the server, ie.

cp myrpm-1.2-3.noarch.rpm /opt/local/linux/6.2/RPMS/WPx

Generate the RPM ‘header’ file by issuing

cd /opt/local/linux/6.2/RPMS/WPx; make

The ‘header’ file is named as the original RPM but starting with a ‘.’

Don’t forget to run make!

Removing a RPM from the Repository

cd /opt/local/linux/6.2/RPMS/WPx

rm myrpm-1.2-3 .myrpm-1.2.3 # remove both RPM and header


Adding and removing RPMs (III)

Adding an RPM to the configuration: Include a line with a ‘+’ and the name of the RPM.

The version and release can be specified, or set to ‘*-*’ which means: take the latest version-release of this package found on the server

Example: +emacs-21.4-3 take the emacs 21.4 release 3

Example: +xeyes-*-* take the latest version of xeyes

Removing RPM’s from the configuration listed in a included template:

Use the ‘-’ prefix instead of ‘+’ for removing an RPM even if it has been declared in a header file.

Example: -xeyes-*-* remove (any version of) xeyes


Adding and removing RPM’s (IV)

Ignoring locally installed RPM’s: By default, updaterpms removes all RPM’s which are not found in

the RPM configuration file.

However, it is possible to avoid erasing some RPM’s by declaring them in the RPM configuration file:

xeyes-*-*:i keeps any version of xeyes you have on the node.

It is also possible to set the updaterpms.localpkgs resource to ‘yes’.


Adding and removing RPMs (V)

By default, updaterpms is started by via cron at 1 AM. It is not started automatically on config changes.

Updaterpms can be also started by hand, by running the updaterpms component:

/etc/obj/updaterpms start

Note that, if you use wildcards (*-*) in the RPM config, the wilcard expansion is done when you run updaterpms, and not when you run mkxprof!

Documentation: man page for updaterpms (man updaterpms), man page for the updaterpms component (man edg-lcfg-updaterpms)


Adding and removing RPMs (VI)

Exercise: Add RPM’s to the configuration of your node.

1. Edit in /opt/local/linux/6.2/rpmcfg your RPM configuration file (hint: use qxprof on the client to find out which one to edit)

2. Add the following RPM package: the latest version of the package called “edg-lcfg-syslog”.

3. Start the updaterpms component. Verify that the package has been installed by running ‘rpm –q edg-lcfg-syslog’.

4. Remove the package from the node using ‘rpm –e edg-lcfg-syslog’

5. Run again updaterpms. The package should be installed again.

6. Edit the RPM configuration file, and remove the line for edg-lcfg-syslog.

7. Start the updaterpms component; verify that edg-lcfg-syslog is removed.


Exercise 5:Adding, configuring, running

components


Adding/configuring LCFGng components (I)

LCFG components are packaged in two RPM’s: edg-lcfg-foo or lcfg-foo: contains all necessary files for the client edg-lcfg-foo-defaults or lcfg-foo-defaults: contains the server

default configuration.

The LCFGng server RPM can be installed with the rpm command on the server, while as the client RPM has to be installed with updaterpms on the client (see exercise 4).

A component has to be also added to two component resources: profile.components list of components used on the client boot.services list of components to start at boot time

Each component requires also some specific configuration: Pprofile.version_<component> set to 1. <componentX>.resourceY … (component specific resources).


Adding/configuring LCFGng components (II)

Exercise: Add the syslog component to your client.

1. Verifications:

a) Verify that edg-lcfg-syslog RPMs are available on the server (hint: in the RPMS/LCFGng directory).

b) Verify that the RPM ‘header’ files are also there.

c) Verify that the server RPM is installed on the server.

2. Add to your RPM configuration file the latest version of edg-lcfg-syslog.

3. On the client, run /etc/obj/updaterpms start. The RPM should be now installed• Verify with rpm –q on client.


Adding/configuring LCFGng components (III)

4. On the client, read the edg-lcfg-syslog man page. Look specially at the ‘RESOURCES’ section.

5. (On the server), edit your component configuration file, and • add the necessary entries for profile.components, boot.services (use the

EXTRA macro)

• define profile.version_syslog to 1.

• Set the kern.* messages to go to /var/log/kernel.log (see the man page above!)

6. Run mkxprof. Verify on the client (with qxprof) that the resources are OK.

7. On the client, start the syslog component with /etc/obj/syslog start

8. From now on, the component is reconfigured automatically.

9. Look at the /etc/syslog.conf file. Is the kern.* entry there?

10. Remove the kern.* entry in the component configuration file. Run mkxprof, and verify that the kern.* entry has been removed from /etc/syslog.conf on the client.


Adding/configuring LCFGng components (IV)

The same principle described here applies to all components.

Most components are included by default in the EDG RPM and component configuration files.

However, they may require site-specific configurations.

wp4 hands-on workshop: edg lcfgng exercises

Documents