Difference between revisions of "Accessdev admin guide"

Line 4: Line 4:
 
Accessdev is the NeCTAR virtual machine set up for ACCESS model configurations.
 
Accessdev is the NeCTAR virtual machine set up for ACCESS model configurations.
  
=Setup=
+
Administrators with root access are part of the [https://my.nci.org.au/mancini/project/tg8 tg8 project]
  
Accessdev is configured using a tool called puppet, which allows for consistent, version controlled installation of packages and server configuration files. The puppet configuration is held in the git repository repos:p/access.dev/puppet. NCI have a user guide on how to access the repository & add branches etc. The repository trunk is owned by Robin Bowen at BoM, to get a branch merged to master inform him.
+
= Puppet =
  
The puppet configuration is split up into packages, the controlling package is modules/accessdev-node/manifests/init.pp. This specifies a list of packages in modules/ to be installed and/or updated by the puppet system. Instruction on how to use puppet can be found on the internet.
+
Administration is version controlled using a Puppet repository, hosted at https://vlrepos.nci.org.au/tg8/puppet
  
Important packages for the UM system are:
+
See information on Puppet at https://puppet.com/docs/puppet/latest
  
== accesshome ==
+
The puppet repository has a number of modules provided by NCI under 'corefw' as well as modules developed by the ACCESS admins under 'modules'. There is also configuration under 'hieradata' that sets up some modules.
  
The accesshome package is responsible for setting up the scripts in ~access. These scripts are held in subversion at https://access-svn.nci.org.au/svn/UM_Admin/accesshome and are automatically updated to the latest version by puppet. ~access is a read-only, non-persistent filesystem. If the machine is rebooted the directory is repopulated from subversion, no changes are saved.
+
Changes should be made in a branch, and that branch tested on the test server 'accessdev-test.nci.org.au' before being merged
  
== umui ==
+
To update Puppet run
 +
<syntaxhighlight lang="bash">
 +
sudo puppet-update
 +
</syntaxhighlight>
  
The UMUI package downloads GHUI and UMUI from their subversion repositories and populates their config files. The config files are set up to the correct hostnames using puppet's template system to set up correct server names. In order for umui to be accessed externally the virtual machine must be started with the 'umui' security group enabled, which opens required ports.
+
To use a branch run <code>sudo puppet-update --environment=BRANCH</code>, the master branch name is 'production'
 
 
== subversion/gnome-keyring ==
 
 
 
Unlike accesscollab accessdev supports encrypted subversion passwords using the gnome-keyring package. This works like a ssh agent- the first time a user tries to access subversion they will be prompted for their keyring password, after this the keyring remains available for the rest of the session and subversion can be freely accessed. Gnome-keyring itself is started through a script in /etc/profile.d.
 
 
 
== access-svn ==
 
 
 
Sets up subversion permissions for root, so that puppet is able to access the access-svn repositories while it is booting. Used by the accesshome and umui packages.
 
 
 
== remote-job-submission ==
 
 
 
Provides a user script to set up ssh keys, additional security for ssh commands.
 
 
 
= Known issues =
 
 
 
* Network access is slow, intermittent hanging - Known issue on NCI's side
 
* Delay when logging off the system - Caused by the dbus server used by gnome-keyring. It takes a moment for it to realise that the shell has been exited.
 

Revision as of 01:18, 23 January 2020

Template:Needs Update This page needs updating

Accessdev is the NeCTAR virtual machine set up for ACCESS model configurations.

Administrators with root access are part of the tg8 project

Puppet

Administration is version controlled using a Puppet repository, hosted at https://vlrepos.nci.org.au/tg8/puppet

See information on Puppet at https://puppet.com/docs/puppet/latest

The puppet repository has a number of modules provided by NCI under 'corefw' as well as modules developed by the ACCESS admins under 'modules'. There is also configuration under 'hieradata' that sets up some modules.

Changes should be made in a branch, and that branch tested on the test server 'accessdev-test.nci.org.au' before being merged

To update Puppet run

sudo puppet-update

To use a branch run sudo puppet-update --environment=BRANCH, the master branch name is 'production'