Difference between revisions of "Host Computer Configuration"

From New IAC Wiki
Jump to navigation Jump to search
Line 274: Line 274:
 
[[DAQ6_CentOS7_install]]
 
[[DAQ6_CentOS7_install]]
  
==rocdaq6==
+
==configure rocdaq6==
 +
 
 +
 
 +
download the software
  
 
==Database creation on daq6==
 
==Database creation on daq6==
Line 281: Line 284:
  
 
https://coda.jlab.org/drupal/content/example-single-crate-configuration
 
https://coda.jlab.org/drupal/content/example-single-crate-configuration
 +
  
  
 
Return to [[Data_Acquisition]] page
 
Return to [[Data_Acquisition]] page

Revision as of 23:03, 20 June 2017

DAQ1

Install CentOs

eth1 configuration

The ethernet card on the host computer has two ports (eth0 and eth1).

eth0 is used to talk to the work and use DNS

eth1 is hardwired to a subnet

in this case the ROC is configured to address 10.1.1.2

The eth1 port is set to

"statically set IP addresses"

and the manual IP address setting is 10.1.1.1

after you activate eht1 you can telnet to the ROC using

telnet 10.1.1.2

You can then create an entry in /etc/hosts which aliases roc1 to this IP address

Install tftp onto the Linux host computer

TFTP is used to copy the VxWorks kernel onto the ROC

For CentOS I used yum

yum install tftp
yum install tftp-server

then I looked in the file

/etc/xinetd.d/tftp
  1. default: off
  2. description: The tftp server serves files using the trivial file transfer \
  3. protocol. The tftp protocol is often used to boot diskless \
  4. workstations, download configuration files to network-aware printers, \
  5. and to start the installation process for some operating systems.
service tftp

{

       socket_type             = dgram
       protocol                = udp
       wait                    = yes
       user                    = root
       server                  = /usr/sbin/in.tftpd
       server_args             = -s /tftpboot
       disable                 = yes
       per_source              = 11
       cps                     = 100 2
       flags                   = IPv4

}

to see how tftp was configured by default. The file tell me that the tftp files should be located in the subdirectory

/tftpboot

make sure your boot kernels are located in /tftpboot

[root@daq1 /]# ls tftpboot/
boot6100_121_v3.bin  boot6100_122.bin

turn the server on

/sbin/chkconfig tftp on

Set up rsh

turn on rsh

use yum to install the rsh server.

yum install rsh-server

edit /etc/xinetd.d/rlogin and rsh to allow server

# default: on
# description: rlogind is the server for the rlogin(1) program.  The server \
#       provides a remote login facility with authentication based on \
#       privileged port numbers from trusted hosts.
service login
{
       socket_type             = stream
       wait                    = no
       user                    = root
       log_on_success          += USERID
       log_on_failure          += USERID
       server                  = /usr/sbin/in.rlogind
       disable                 = no
}

Now reload xinitd

/etc/init.d/xinetd reload


then add a file called ".rhosts" to the daq account with the IP addresses and usernames


~ >less .rhosts

 134.50.3.210 daq
 10.1.1.2 roc1
old version is below
~ >less .rhosts
 134.50.3.216 roc1
 134.50.3.216 daq
 134.50.3.210 daq

You Must set the .rhosts permissions exaclty as below otherwise rsh will not work

chmod 644 .rhosts

Update hosts file

set /etc/hosts file to say

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain localhost
#::1            localhost6.localdomain6 localhost6
134.50.3.210    daq1.physics.isu.edu    daq1
10.1.1.1        localdaq.physics.isu.edu        localdaq
10.1.1.2        roc1.physics.isu.edu    roc1

the above will assign IP addesses to computer names

test to see if rsh is running

rsh -l daq daq1 ls


if you get the error like

[root@daq1 xinetd.d]# rsh -l daq daq1 ls
connect to address 134.50.3.210 port 544: Connection refused
Trying krb4 rsh...
connect to address 134.50.3.210 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)

the check if rsh is enabled

[root@daq1 xinetd.d]# less /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#       consequently, for the rsh(1) program.  The server provides \
#       remote execution facilities with authentication based on \
#       privileged port numbers from trusted hosts.
service shell
{
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rshd
        disable                 = no
}

You need to reload xinetd if you make a change so it looks like above

[root@daq1 xinetd.d]# /etc/init.d/xinetd reload

Security/Firewall

Turn off iptables

/sbin/service iptables stop

Turn off Kerberos

How can I > configure rsh to use the old, normal way of auth? > > I'm using the latest CentOS4.2

If you don't use the Kerberos stuff, then remove it ... it's probably the krb5-workstation package - i.e.

rpm -e krb5-workstation

I don't know about rexec, but for rlogin and rsh:

Edit /etc/pam.d/rsh and change the line:

auth required pam_rhosts_auth.so

to:

auth required pam_rhosts_auth.so promiscuous

and edit /etc/pam.d/rlogin and change the line:

auth sufficient pam_rhosts_auth.so

to:

auth sufficient pam_rhosts_auth.so promiscuous


Make sure 'rsh' and 'rlogin' are listed in /etc/securetty


text relocation

SummarySELinux is preventing rcServer from loading /home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so which requires text relocation.

Detailed Description
[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]

The rcServer application attempted to load /home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.

Allowing Access
If you trust /home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so'"

The following command will allow this access:chcon -t textrel_shlib_t '/home/daq/CODA/2.5/CMLOG/2.1/lib/Linux/libcmlog.so'Additional Information

Dual head config

The DAQ computer is running a Matrox display adapter


http://projects.tuxx-home.at/?id=matrox_drivers

VME crate modules

Module address
CAEN_V1495_IO 0x80110000
CAEN_V775_TDC 0x610000
CAEN_V792_ADC 0xee0000
CAEN_V260_Scalr 0xda0000
Struck_SIS3302_ADC 0x50000000

SIS3300 Library

try the following on roc1

-> ld < sis3320Lib.o

try to initialize module

s3320Init(0x5000000,0,1)

DAQ6 configuration

DAQ6_Specs

Machine: Enterprise HP ProLiant DL380 G7 CPUs: 2, 2.93 GHz CPUs with totaling 8 cores RAID controller: HP smart Array P410i, slot 0


The steps used to setup DAQ6 are given below

CentOS 7 installation

DAQ6_CentOS7_install

configure rocdaq6

download the software

Database creation on daq6

Using jcedit

https://coda.jlab.org/drupal/content/example-single-crate-configuration


Return to Data_Acquisition page