- Root passwd: same as cdsxmatch
- Add user pineau
- useradd -m pineau
- passwd pineau
- Intall sudo and add users to sudoers list
- yum install sudo
- gpasswd -a pineau wheel
- From now, logout as root and login as pineau
- Intall watchClim (see /root/scripts a another working machine) and set it in the crontab ( crontab -e)
- Install htop
- sudo yum -y install epel-release
- sudo yum install htop
- Instal JAVA
- Download java from the Oracle wheb page e.g. file jre-8u74-linux-x64.tar.gz
- sudo mkdir /opt/java
- cd /opt/java
- sudo scp pineau@cds-dev-fxp:'~/Téléchargements/server*' .
- sudo tar xzf server-jre-*.tar.gz
- sudo alternatives --install /usr/bin/java java /opt/java/jdk1.8.0_74/bin/java 2
- sudo update-alternatives --config java
- sudo alternatives --install /usr/bin/javac javac /opt/java/jdk1.8.0_74/bin/javac 2
- sudo update-alternatives --config javac
- sudo alternatives --install /usr/bin/jar jar /opt/java/jdk1.8.0_74/bin/jar 2
- sudo update-alternatives --config jar
- sudo vim /etc/environement
- # Add lines
- export JAVA_HOME=/opt/java/jdk1.8.0_74
- export JRE_HOME=/opti/java/jdk1.8.0_74/jre
- export PATH=$PATH:/opt/java/jdk1.8.0_74/bin:/opt/jdk1.8.0_74/jre/bin
- Install and configure HTTPD and Tomcat
- sudo yum install httpd
- sudo yum install tomcat
- sudo yum install tomcat-admin-webapps.noarch tomcat-docs-webapp.noarch
- sudo yum instal tomcat-native (should suppress the message: INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [...]
- #See tomcat status:
- sudo systemctl status tomcat
- # Enable httpd to automatically start after restart
- sudo systemctl enable tomcat.service
- #Open port 80 and 8080.
- # First ensures firewall-cmd service is running
- sudo systemctl status firewalld
- # Then do open the port permanently (so it will still be open after reboot)
- sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
- sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
- sudo firewall-cmd --reload
- # Enable httpd to automatically start after restart
- sudo systemctl enable httpd.service
- # Put my email adress at line 86 of conf file: francois-xavier.pineau@astro.unistra.fr
- sudo vim /etc/httpd/conf/httpd.conf
- # Add the following lines (WARNING: replace XXX by the choosen passwd!!)
- <role rolename="manager-gui"/>
- <role rolename="manager-script"/>
- <role rolename="manager-jmx"/>
- <role rolename="manager-status"/>
- <role rolename="admin"/>
- <user username="admin" password="XXX" roles="admin,manager-gui,manager-script,manager-jmx,manager-status"/>
- # In
- sudo vim /usr/share/tomcat/conf/tomcat-users.xml
- # You must restart tomcat so the changes are taken into account
- sudo systemctl restart tomcat
- # Now you can connect to http://ncdsxmatch.u-strasbg.fr:8080/manager with login=admin and passwd= XXX
- # Install _mod_evasive to block DOS attacks: http://www.tux-planet.fr/mod_evasive-un-module-anti-dos-pour-apache/_
- yum install mod_evasive
- edit file /etc/httpd/conf.d/mod_evasive.conf
- Pb affichage page web xmatch (blockage de fichiers .js)
- MAJ 19/09/2016: DOSPageCount 10 (au lieu de 2)
- MAJ 19/09/2016: DOSSiteCount 250 (au lieu de 50)
- mkdir -p /var/lock/mod_evasive
- chown apache:apache /var/lock/mod_evasive
- # Install fail2ban:
- yum install fail2ban
- systemctl start fail2ban
- systemctl enable fail2ban.service
- # Install mod_jk so httpd and tomcat can communicate following: http://www.diegoacuna.me/installing-mod_jk-on-apache-httpd-in-centos-6-x7-x/
- sudo yum install httpd-devel apr apr-devel apr-util apr-util-devel gcc gcc-c++ make autoconf libtool
- sudo mkdir -p /opt/mod_jk
- cd /opt/mod_jk
- # Got o http://tomcat.apache.org/download-connectors.cgi and download the most recent version
- sudo wget 'http://apache.mindstudios.com/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz'
- sudo wget 'https://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz.md5'
- md5sum -c tomcat-connectors-1.2.41-src.tar.gz.md5
- sudo tar -xvzf tomcat-connectors-1.2.41-src.tar.gz
- cd tomcat-connectors-1.2.41-src/native
- sudo ./configure --with-apxs=/usr/bin/apxs
- sudo make
- sudo libtool --finish /usr/lib64/httpd/modules
- sudo make instal
- # Configure mod_j
-
sudo vim /usr/share/tomcat/conf/server.xml
- Add line: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- sudo vim /etc/httpd/conf.d/mod_jk.conf
-
# Copy this:
LoadModule jk_module "/etc/httpd/modules/mod_jk.so"
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk shared memory
JkShmFile /var/run/httpd/mod_jk.shm
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#JkRequestLogFormat "%w %V %T"
#JkEnvVar SSL_CLIENT_V_START worker1
- sudo mkdir -p /var/run/mod_jk
-
sudo chown apache:apache /var/run/mod_jk
- sudo vim /etc/httpd/conf/worker.properties
Install and configure GLU Glu supervseur: http://aladin.u-strasbg.fr/glu/GluSupervisor.pl
- # Create dir on filesystem
- sudo mkdir /opt/glu
- cd !$
- # Download, unpack and install software:
- sudo wget 'http://aladin.u-strasbg.fr/glu/glu.tar.gz'
- sudo tar xzvf glu.tar.gz
- sudo mkdir -p /usr/local/glu
- cd glu-v4.301
- sudo ./INSTALL.sh
- # Configure glu
- sudo cp examples/glud.conf /usr/local/glu/glud.conf
- sudo vim /usr/local/glu/glud.conf
- sudo vim /usr/lib/systemd/system/glu.service
- [Unit]
- Description=CDS GLU
- [Service]
- ExecStart=/usr/local/glu/glud
- [Install]
- WantedBy=multi-user.target
- # Automatically launch at startup
- sudo systemctl enable glu.service
- # Test
- ps -edf | grep glud
- sudo systemctl start glu
- ps -edf | grep glud
- Intall PSQL on ncdsxmatch only
- # Install and start
- sudo yum install postgresql
- sudo yum install postgresql-server postgresql-contrib
- sudo postgresql-setup initdb
- sudo systemctl start postgresql
- # Automatically restart after reboot
- sudo systemctl enable postgresql
- # Create role pineau
- sudo -u postgres createuser --interactive pineau
- # Create new databas
- createdb xmatchlog
- # Change PGDATA in /usr/lib/systemd/system/postgresql.service
- and reload : 'systemctl daemon-reload'
- Service intall
- # Make copy to mimic old cdsxmatch machines
- # On ncdsxmtach
- cd /
- sudo ln -s /data-cdsxmatch2/NAS
- sudo ln -s /data-cdsxmatch2/md3200
- # On ncdsxmatch2
- cd /
- sudo ln -s /data-cdsxmatch2/NAS
- sudo ln -s /data-cdsxmatch2/md3200
- # Modify server.properties (because so far md3200 is in reading mode only!)
- sudo mkdir -p /var/xmatch/servants/results
- sudo mkdir -p /var/xmatch/servants/sav
- sudo chown -R tomcat:tomcat /var/xmatch/servants
- Change dans le fichier server.properties: save.uws.file et resuStore.path
A FAIRE LORS DE LA MIGRATION:
-
- remplacer "ncdsxmatch" par "cdsxmatch" partout!! (conf tomcat, httpd, code source xmatch, ...)
- relancer le demon glu (arreté pour le moment) et se faire enregistrer par Pierre
- migrer la base de log
- vérifier script de mise à jour des table + cron
Snedmail to sen mail wiht commend 'mail'
- sudo setsebool -P httpd_can_sendmail 1
SSH sans prompt entre csdxmatch et cdsxmatch2
- sur cdsxmatch:
- ssh-keygen
- ssh-copy-id -i /root/.ssh/id_rsa.pub cdsxmatch2.u-strasbg.fr
- idem entre axel2 et cdsxmatch ? (pour Simbad.rcf, ...)
Problème mémoire:
http://stackoverflow.com/questions/27262629/jvm-cant-map-reserved-memory-when-running-in-docker-container
setfattr -n user.pax.flags -v "mr" /usr/bin/java
NAGIOS
- url de base: http://cdswatch.u-strasbg.fr/thruk/
- user: fx
- mot de passe: comme pour portail ESO
- Install:
- yum install nrpe nagios-common
- sudo firewall-cmd --zone=public --add-port=1001/tcp --permanen
- sudo firewall-cmd --zone=public --add-port=1002/tcp --permanent
- Ajouter la ligne suivante dans vim /etc/snmp/snmpd.conf
- com2sec readonly 130.79.128.76 public
- cdsxmatch
- Ajout de
- CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=130.79.129.165"
- dans le fichier '/etc/tomcat/tomcat.conf' définit dans '/usr/lib/systemd/system/tomcat.service
- Edit file vim /etc/tomcat/server.xml and add
- <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
- Copy jar 'catalina-jmx-remote.jar' into '/usr/share/tomcat/lib'
- 'systemctl restart tomcat'
- cdsxmatch2
- Ajout de
- CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=130.79.129.164"
- dans le fichier '/etc/tomcat/tomcat.conf' définit dans '/usr/lib/systemd/system/tomcat.service'
-
-
Problem Java memory mmap:
http://stackoverflow.com/questions/29250953/jmeter-out-of-memory-on-linux
- vim /etc/security/limits.conf
- add following lines
* hard nofile 900000
* soft nofile 900000
root hard nofile 900000
root soft nofile 900000
See:
http://stackoverflow.com/questions/11683850/how-much-memory-could-vm-use-in-linux
and
http://ask.systutorials.com/1969/maximum-number-of-mmap-ed-ranges-and-how-to-set-it-on-linux
Change max number of mmap one can perform
sysctl -w vm.max_map_count=65535
is just a nicer way of writing this:
echo 65535 > /proc/sys/vm/max_map_count
vim
/etc/sysctl.conf
add:
vm.max_map_count=655300
Commande pmap [PID] pour surveiller l'utilisation des mmap [d'un process particulier]
Install pip (pour l'installation de modules python)
- yum install python-pip
- pip install simplejson
Ceci concerne axel2:
install postgresql:
yum install postgresq postgresql-server postgresql-upgrade postgresql-jdbc postgresql-contrib
=PGSETUP_INITDB_OPTIONS="-U pineau --pgdata /md3200/data/psql"=
postgresql-setup initdb
vim /var/lib/pgsql/data/pg_hba.conf
=(on passe tout en 'trust')=