Accessdev admin guide

Revision as of 01:35, 18 March 2019 by S.wales (talk | contribs)
Template:Needs Update This page needs updating

Accessdev is the NeCTAR virtual machine set up for ACCESS model configurations.

Setup

Accessdev is configured using a tool called puppet, which allows for consistent, version controlled installation of packages and server configuration files. The puppet configuration is held in the git repository repos:p/access.dev/puppet. NCI have a user guide on how to access the repository & add branches etc. The repository trunk is owned by Robin Bowen at BoM, to get a branch merged to master inform him.

The puppet configuration is split up into packages, the controlling package is modules/accessdev-node/manifests/init.pp. This specifies a list of packages in modules/ to be installed and/or updated by the puppet system. Instruction on how to use puppet can be found on the internet.

Important packages for the UM system are:

accesshome

The accesshome package is responsible for setting up the scripts in ~access. These scripts are held in subversion at https://access-svn.nci.org.au/svn/UM_Admin/accesshome and are automatically updated to the latest version by puppet. ~access is a read-only, non-persistent filesystem. If the machine is rebooted the directory is repopulated from subversion, no changes are saved.

umui

The UMUI package downloads GHUI and UMUI from their subversion repositories and populates their config files. The config files are set up to the correct hostnames using puppet's template system to set up correct server names. In order for umui to be accessed externally the virtual machine must be started with the 'umui' security group enabled, which opens required ports.

subversion/gnome-keyring

Unlike accesscollab accessdev supports encrypted subversion passwords using the gnome-keyring package. This works like a ssh agent- the first time a user tries to access subversion they will be prompted for their keyring password, after this the keyring remains available for the rest of the session and subversion can be freely accessed. Gnome-keyring itself is started through a script in /etc/profile.d.

access-svn

Sets up subversion permissions for root, so that puppet is able to access the access-svn repositories while it is booting. Used by the accesshome and umui packages.

remote-job-submission

Provides a user script to set up ssh keys, additional security for ssh commands.

Known issues

  • Network access is slow, intermittent hanging - Known issue on NCI's side
  • Delay when logging off the system - Caused by the dbus server used by gnome-keyring. It takes a moment for it to realise that the shell has been exited.