Re: [xcat-user] How to remove statefull images from disk and xcat databases?

2018-06-19 Thread Bin XA Xu 
It seems there is no good method to remove all files of an stateful osimage, @immarvin,  do you have any comments? 
 
Bin Xu
HPC Software DevelopmentSoftware Defined Infrastructure, IBM Systems
Phone: 86-010-82454067
E-mail: bx...@cn.ibm.com
 
 
- Original message -From: Daniel Hilst Selli To: xCAT Users Mailing list Cc:Subject: [xcat-user] How to remove statefull images from disk and xcat databases?Date: Thu, Jun 14, 2018 2:14 AM 
I know that rmimage can remove stateless and statelite images, but how can Ifully remove (from filesystem and xcat databases) statefull images?Regards,--Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org! http://sdm.link/slashdot___xCAT-user mailing listxCAT-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/xcat-user 
 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

[xcat-user] Goldenimage + Sysclone image not booting

2018-06-19 Thread Pharthiphan Asokan 
Hello,

After completion of the sysclone, Centos 7 is not booting into OS while trying 
to boot from HDD only the cursor blinks are seen. Please find the details below 
and also some screenshots while cloing.

Virtual Box Version: Version 5.2.12 r122591 (Qt5.6.2)
Management Node OS Version : CentOS 7.4.1708
Management Node Kernel Version : 3.10.0-693.21.1.el7.x86_64
xCAT Version : 2.14.1
Golden osimage Version : CentOS 7.3.1611/ CentOS 7.4.1708


Regards,
Pharthiphan Asokan

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] Goldenimage + Sysclone /dev/sda3 has unsupported feature(s) : 64 bit

2018-06-19 Thread Pharthiphan Asokan 
Please find the attachment of /etc/fstab, not sure what is wrong with line no 1

[cid:image001.png@01D40823.51B549E0]

Regards,
Pharthiphan Asokan

From: Pharthiphan Asokan [mailto:paso...@ddn.com]
Sent: 19 June 2018 22:23
To: xcat-user@lists.sourceforge.net
Subject: [xcat-user] Goldenimage + Sysclone /dev/sda3 has unsupported 
feature(s) : 64 bit

Hello,

I am getting the following error while booting after been successfully 
sysclone. What could be possibly wrong ?


warning bad format on line 1 of /etc/fstab
/dev/sda3 has unsupported feature(s) : 64 bit
e2fsck get a newer version of e2fsck!


Virtual Box Version: Version 5.2.12 r122591 (Qt5.6.2)
Management Node OS Version : CentOS 7.4.1708
Management Node Kernel Version : 3.10.0-693.21.1.el7.x86_64
xCAT Version : 2.14.1
Golden osimage Version : CentOS 6.9


Regards,
Pharthiphan Asokan
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Jarrod Johnson 
Yes, login.defs what what I had in mind.  When I referred to rpms, I meant how 
rpms in %post will commonly call useradd and such and create users that depend 
on order of install, indirectly pointing out why sys uid/gids would be skipped 
and why it’s not as simple as ‘prsysnc /etc/passwd compute:/etc/’ sort of thing.

I was thinking that mostly the gid/uid would be preserved, but membership list 
may be overwritten…  Similarly so for shadow, though I don’t think I’ve ever 
seen a shadow entry change for a ‘sys’ account.  Other details about said 
groups can be modified with relative impunity cluster wide, but messing with 
uid/gid that was expected at install time will cause bizarre behavior for many 
packages was all.

In such a case, I’d imagine membership in system groups to merge only if said 
local group exists, I suppose, otherwise ignore, don’t add a group in the 
system group gid range if it doesn’t exist.

For ID conflict, in this case I think it would be ids in the MIN-MAX range are 
fair game for obliteration.  The master copy trumps everything.
For solutions that don’t use the files, so far I’m aware of commonly NIS and 
LDAP, and there I’d say the solution would be for the nodes to be connected as 
appropriate.

This would very specifically and narrowly apply to ‘I just want to do etc-file 
style stuff and have it apply everywhere’, and more sophisticated approaches 
would pretty much stay as they are.

Of course, the practical answer may be making use of ldap easier and always 
recommending nscd for the performance problem…
From: Kevin Keane 
Sent: Tuesday, June 19, 2018 12:46 PM
To: xCAT Users Mailing list 
Subject: Re: [xcat-user] [External] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Jarod,
I like your approach overall. There are a few things that may need to be 
addressed (normal when you are dealing with something this fundamental), but 
those can be overcome:
- System accounts and groups are easy to identify by the UID value. Simply look 
in /etc/login.defs for UID_{MIN,MAX}, SYS_UID_{MIN,MAX}, GID_{MIN,MAX} and 
SYS_GID_{MIN,MAX}. No need to rely on RPMs or so.
- Keep in mind that sometimes system accounts can be members in user groups, or 
vice versa.
- What about situations where a user or group legitimately only exists on the 
management node? For instance, only the mgmt node may have a wwwroot or httpd 
user and group, but ordinary users may be members of the httpd group.
- There is a potential for ID conflicts if a user account already exist on the 
nodes. Theoretically, it shouldn't be an issue, but you know what they say 
about the best laid plans...
- User names and passwords can come from many different locations, not just the 
three files. In most cases, the other locations are non-local accounts, of 
course, but you never know... Might be better to use getent 
passwd/shadow/group, but that precludes using inotify, and may also pick up 
unwanted accounts.


___
Kevin Keane | Systems Architect | University of San Diego ITS | 
kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

REMEMBER! No one from IT at USD will ever ask to confirm or supply your 
password.
These messages are an attempt to steal your username and password. Please do 
not reply to, click the links within, or open the attachments of these 
messages. Delete them!

On Tue, Jun 19, 2018 at 7:32 AM, Jarrod Johnson 
mailto:jjohns...@lenovo.com>> wrote:
I have contemplated, but was not sure if this would be something of interest...

A service dedicated to synchronizing credentials for those using synchronized 
local credentials.  The behavior would be:
-It would be aware of system accounts versus user accounts, and accordingly 
leave system accounts (those created by rpms) alone with respect to uid/gid, 
fully synchronizing user accounts
-Include an option for stub shadow entries versus passwords, for environments 
confidently using key based authentication that want to opt out of compute 
nodes being able to do password authentication
-It would inotify watch the key files (passwd, shadow, group) to induce a sync 
action, no need to explicitly sync at some interval, it would naturally react 
to passwd/useradd/etc.

I have not given it much thought beyond the above three sentences.  If this 
already exists, cool, if it doesn't but is not a wanted thing, ok.  Otherwise, 
let me know if there is some sort of interest.  The simplest form of this would 
be a single server to monitor and have a list of nodes to push to, to avoid 
confusion about which is the authoritative copy.

Given the relatively little time I've thought about this, don't be surprised if 
I'm missing some glaring huge problem.

-Original Message-
From: Christian Caruthers mailto:ccaruth...@lenovo.com>>
Sent: Tuesday, June 19, 2018 10:16 AM
To: xCAT Users

[xcat-user] Goldenimage + Sysclone /dev/sda3 has unsupported feature(s) : 64 bit

2018-06-19 Thread Pharthiphan Asokan 
Hello,

I am getting the following error while booting after been successfully 
sysclone. What could be possibly wrong ?


warning bad format on line 1 of /etc/fstab
/dev/sda3 has unsupported feature(s) : 64 bit
e2fsck get a newer version of e2fsck!


Virtual Box Version: Version 5.2.12 r122591 (Qt5.6.2)
Management Node OS Version : CentOS 7.4.1708
Management Node Kernel Version : 3.10.0-693.21.1.el7.x86_64
xCAT Version : 2.14.1
Golden osimage Version : CentOS 6.9


Regards,
Pharthiphan Asokan
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Trafford, Tyler 
At our site we use LDAP, but to allow for the possibility of some local 
accounts I've implemented this simple thing:

/install/custom/synclist.accounts =>
MERGE:
/install/custom/etc/passwd -> /etc/passwd
/install/custom/etc/shadow -> /etc/shadow
/install/custom/etc/group -> /etc/group


Then this runs twice a day:

#!/bin/bash
export XCATROOT="/opt/xcat"
export PATH="/opt/xcat/bin:${PATH}"

awk -F: '$3>=1000&&$3<1{print}' /etc/passwd > /install/custom/etc/passwd
awk -F: '$3>=1000&&$3<1{print}' /etc/group > /install/custom/etc/group

cp -a /etc/shadow /install/custom/etc/shadow
yes | pwck -q /install/custom/etc/{passwd,shadow} > /dev/null

xdcp login,compute -v -F /install/custom/synclist.accounts


The ranges for uids/gids exclude system accounts and our LDAP, and this is 
simple to run and manage.

Implementing inotify for this would be pretty simple,  I think- but it doesn't 
account for changing the root password.

-Tyler


From: Christian Caruthers 
Sent: Tuesday, June 19, 2018 10:15 AM
To: xCAT Users Mailing list
Subject: Re: [xcat-user] [External] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Some suggestions:

Rather than sync'ing the passwd, group, and shadow files to the systems, use a 
postscript to simply appended what you need to those files.

Set the xCAT management node up as an NIS server.

Set up ansible  on xCAT MN to manage/create user accounts.

Connect to LDAP or AD domain.

Regards,
Christian Caruthers
Lenovo Professional Services
Mobile: 757-289-9872

-Original Message-
From: Daniel Hilst Selli 
Sent: Monday, June 18, 2018 12:56
To: xCAT Users Mailing list 
Subject: [External] [xcat-user] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Hi!

I had a problem where I couldn't login to a computing node with the password 
contained at system key of passwd table. I search in the internet for options 
on setting password for xcat.

The documentation says

chtab key=system passwd.username=root passwd.password=abc123

But I don't really understand how this password would get to /etc/shadow of the 
computing nodes. Changing the password and reboot stateless node doesn't has 
effect, the node keep using the old password and passwd table and nodes 
/etc/shadow are out of sync.

I saw people on internet synchronizing /etc/{group,shadow,passwd} from 
management node, but if this is the case, what is the point of the system key 
on passwd table?

Any suggestion on how to handle computing node users will be appreciated!


Regards,

--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622436439=xQbjcwEkBuqb8rNli71U7Xbx3YDtjwdKVRKlvLX0yQs%3D=0
 ___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622436439=RMfl%2FNBnn2xUcfQgAulh0g5MAf2zzVR0rPkU7p7eXKU%3D=0

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622446447=helGcKb5WkKiiWw%2BvEdCj%2B7ZwqX1JAv6%2BQiShRXGcrM%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=02%7C01%7Ctyler.trafford%40yale.edu%7Cd2835177acba4be78e7d08d5d5f01ccf%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636650149622446447=xAaKCr%2FEqWHUOBYI%2FvoSudkrr5DxX9GIgqr11Wgr6Zk%3D=0

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Kevin Keane 
Jarod,

I like your approach overall. There are a few things that may need to be
addressed (normal when you are dealing with something this fundamental),
but those can be overcome:

- System accounts and groups are easy to identify by the UID value. Simply
look in /etc/login.defs for UID_{MIN,MAX}, SYS_UID_{MIN,MAX}, GID_{MIN,MAX}
and SYS_GID_{MIN,MAX}. No need to rely on RPMs or so.
- Keep in mind that sometimes system accounts can be members in user
groups, or vice versa.
- What about situations where a user or group legitimately only exists on
the management node? For instance, only the mgmt node may have a wwwroot or
httpd user and group, but ordinary users may be members of the httpd group.
- There is a potential for ID conflicts if a user account already exist on
the nodes. Theoretically, it shouldn't be an issue, but you know what they
say about the best laid plans...
- User names and passwords can come from many different locations, not just
the three files. In most cases, the other locations are non-local accounts,
of course, but you never know... Might be better to use getent
passwd/shadow/group, but that precludes using inotify, and may also pick up
unwanted accounts.


___
Kevin Keane | Systems Architect | University of San Diego ITS |
kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

*REMEMBER! **No one from IT at USD will ever ask to confirm or supply your
password*.
These messages are an attempt to steal your username and password. Please
do not reply to, click the links within, or open the attachments of these
messages. Delete them!

On Tue, Jun 19, 2018 at 7:32 AM, Jarrod Johnson 
wrote:

> I have contemplated, but was not sure if this would be something of
> interest...
>
> A service dedicated to synchronizing credentials for those using
> synchronized local credentials.  The behavior would be:
> -It would be aware of system accounts versus user accounts, and
> accordingly leave system accounts (those created by rpms) alone with
> respect to uid/gid, fully synchronizing user accounts
> -Include an option for stub shadow entries versus passwords, for
> environments confidently using key based authentication that want to opt
> out of compute nodes being able to do password authentication
> -It would inotify watch the key files (passwd, shadow, group) to induce a
> sync action, no need to explicitly sync at some interval, it would
> naturally react to passwd/useradd/etc.
>
> I have not given it much thought beyond the above three sentences.  If
> this already exists, cool, if it doesn't but is not a wanted thing, ok.
> Otherwise, let me know if there is some sort of interest.  The simplest
> form of this would be a single server to monitor and have a list of nodes
> to push to, to avoid confusion about which is the authoritative copy.
>
> Given the relatively little time I've thought about this, don't be
> surprised if I'm missing some glaring huge problem.
>
> -Original Message-
> From: Christian Caruthers 
> Sent: Tuesday, June 19, 2018 10:16 AM
> To: xCAT Users Mailing list 
> Subject: Re: [xcat-user] [External] What is the best way for
> changing/maintain users/groups/passwords for the computing nodes?
>
> Some suggestions:
>
> Rather than sync'ing the passwd, group, and shadow files to the systems,
> use a postscript to simply appended what you need to those files.
>
> Set the xCAT management node up as an NIS server.
>
> Set up ansible  on xCAT MN to manage/create user accounts.
>
> Connect to LDAP or AD domain.
>
> Regards,
> Christian Caruthers
> Lenovo Professional Services
> Mobile: 757-289-9872
>
> -Original Message-
> From: Daniel Hilst Selli 
> Sent: Monday, June 18, 2018 12:56
> To: xCAT Users Mailing list 
> Subject: [External] [xcat-user] What is the best way for changing/maintain
> users/groups/passwords for the computing nodes?
>
> Hi!
>
> I had a problem where I couldn't login to a computing node with the
> password contained at system key of passwd table. I search in the internet
> for options on setting password for xcat.
>
> The documentation says
>
> chtab key=system passwd.username=root passwd.password=abc123
>
> But I don't really understand how this password would get to /etc/shadow
> of the computing nodes. Changing the password and reboot stateless node
> doesn't has effect, the node keep using the old password and passwd table
> and nodes /etc/shadow are out of sync.
>
> I saw people on internet synchronizing /etc/{group,shadow,passwd} from
> management node, but if this is the case, what is the point of the system
> key on passwd table?
>
> Any suggestion on how to handle computing node users will be appreciated!
>
>
> Regards,
>
> 
> --
> Check out the vibrant tech community on one of the world's most engaging
> tech sites, Slashdot.org!

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Jarrod Johnson 
I have contemplated, but was not sure if this would be something of interest...

A service dedicated to synchronizing credentials for those using synchronized 
local credentials.  The behavior would be:
-It would be aware of system accounts versus user accounts, and accordingly 
leave system accounts (those created by rpms) alone with respect to uid/gid, 
fully synchronizing user accounts
-Include an option for stub shadow entries versus passwords, for environments 
confidently using key based authentication that want to opt out of compute 
nodes being able to do password authentication
-It would inotify watch the key files (passwd, shadow, group) to induce a sync 
action, no need to explicitly sync at some interval, it would naturally react 
to passwd/useradd/etc.

I have not given it much thought beyond the above three sentences.  If this 
already exists, cool, if it doesn't but is not a wanted thing, ok.  Otherwise, 
let me know if there is some sort of interest.  The simplest form of this would 
be a single server to monitor and have a list of nodes to push to, to avoid 
confusion about which is the authoritative copy.

Given the relatively little time I've thought about this, don't be surprised if 
I'm missing some glaring huge problem.

-Original Message-
From: Christian Caruthers  
Sent: Tuesday, June 19, 2018 10:16 AM
To: xCAT Users Mailing list 
Subject: Re: [xcat-user] [External] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Some suggestions:

Rather than sync'ing the passwd, group, and shadow files to the systems, use a 
postscript to simply appended what you need to those files.

Set the xCAT management node up as an NIS server.

Set up ansible  on xCAT MN to manage/create user accounts.

Connect to LDAP or AD domain.

Regards,
Christian Caruthers
Lenovo Professional Services
Mobile: 757-289-9872

-Original Message-
From: Daniel Hilst Selli 
Sent: Monday, June 18, 2018 12:56
To: xCAT Users Mailing list 
Subject: [External] [xcat-user] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Hi!

I had a problem where I couldn't login to a computing node with the password 
contained at system key of passwd table. I search in the internet for options 
on setting password for xcat. 

The documentation says 

chtab key=system passwd.username=root passwd.password=abc123

But I don't really understand how this password would get to /etc/shadow of the 
computing nodes. Changing the password and reboot stateless node doesn't has 
effect, the node keep using the old password and passwd table and nodes 
/etc/shadow are out of sync. 

I saw people on internet synchronizing /etc/{group,shadow,passwd} from 
management node, but if this is the case, what is the point of the system key 
on passwd table?

Any suggestion on how to handle computing node users will be appreciated!


Regards,

--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Daniel Hilst Selli 
Hi Christian

Using a postscript to manage passwd, group and shadow seems a simple and elegant
solution to me.

Using ansible would let me use template files which are even better, 

Thanks for the suggestions!!
Cheers,

On Tue, 2018-06-19 at 14:15 +, Christian Caruthers wrote:
> Some suggestions:
> 
> Rather than sync'ing the passwd, group, and shadow files to the systems, use a
> postscript to simply appended what you need to those files.
> 
> Set the xCAT management node up as an NIS server.
> 
> Set up ansible  on xCAT MN to manage/create user accounts.
> 
> Connect to LDAP or AD domain.
> 
> Regards,
> Christian Caruthers
> Lenovo Professional Services
> Mobile: 757-289-9872
> 
> -Original Message-
> From: Daniel Hilst Selli  
> Sent: Monday, June 18, 2018 12:56
> To: xCAT Users Mailing list 
> Subject: [External] [xcat-user] What is the best way for changing/maintain
> users/groups/passwords for the computing nodes?
> 
> Hi!
> 
> I had a problem where I couldn't login to a computing node with the password
> contained at system key of passwd table. I search in the internet for options
> on setting password for xcat. 
> 
> The documentation says 
> 
> chtab key=system passwd.username=root passwd.password=abc123
> 
> But I don't really understand how this password would get to /etc/shadow of
> the computing nodes. Changing the password and reboot stateless node doesn't
> has effect, the node keep using the old password and passwd table and nodes
> /etc/shadow are out of sync. 
> 
> I saw people on internet synchronizing /etc/{group,shadow,passwd} from
> management node, but if this is the case, what is the point of the system key
> on passwd table?
> 
> Any suggestion on how to handle computing node users will be appreciated!
> 
> 
> Regards,
> 
> --
> Check out the vibrant tech community on one of the world's most engaging tech
> sites, Slashdot.org! http://sdm.link/slashdot
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Daniel Hilst Selli 
Hi Kevin, 

Using LDAP would really be the best option here. Usually I don't have an
available LDAP installation for using but installing would not be that hard.

Thanks!

Cheers,

On Mon, 2018-06-18 at 13:45 -0700, Kevin Keane wrote:
> The system key will only work to set up one user (usually root).
> 
> For ordinary users, you can use synchronization to copy the
> group/shadow/passwd files, but that's usually a bad idea because it also
> clobbers the root password, and it requires resyncing (or even rebooting
> compute nodes) every time a user changes passwords or you add a user.
> 
> You best bet is actually to not maintain users in the group/shadow/passwd
> files at all, but use LDAP.
> 
> Depending on your situation, you may be able to use an existing LDAP server in
> your organization, such as Active Directory. Or you may need to set up your
> own on the management node. The following document is outdated, but still
> reasonably close to reality. https://sourceforge.net/p/xcat/wiki/Setting_up_LD
> AP_in_xCAT/
> 
> One pitfall you generally have to watch out for: make sure that the same user
> always has the same user ID, group membership etc. across all nodes. Copying
> the group/shadow/passwd files will do that for you, and LDAP will if it is set
> up correctly (with the posixAccount schema for each user, and the uidNumber
> etc. populated).
> 
> 
> ___
> Kevin Keane | Systems Architect | University of San Diego ITS | kkeane@sandieg
> o.edu
> Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859
> REMEMBER! No one from IT at USD will ever ask to confirm or supply your
> password.
> These messages are an attempt to steal your username and password. Please do
> not reply to, click the links within, or open the attachments of these
> messages. Delete them!
> 
> On Mon, Jun 18, 2018 at 9:55 AM, Daniel Hilst Selli  > wrote:
> > Hi!
> > 
> > I had a problem where I couldn't login to a computing node with the password
> > contained at system key of passwd table. I search in the internet for
> > options on
> > setting password for xcat. 
> > 
> > The documentation says 
> > 
> > chtab key=system passwd.username=root passwd.password=abc123
> > 
> > But I don't really understand how this password would get to /etc/shadow of
> > the
> > computing nodes. Changing the password and reboot stateless node doesn't has
> > effect, the node keep using the old password and passwd table and nodes
> > /etc/shadow are out of sync. 
> > 
> > I saw people on internet synchronizing /etc/{group,shadow,passwd} from
> > management node, but if this is the case, what is the point of the system
> > key on
> > passwd table?
> > 
> > Any suggestion on how to handle computing node users will be appreciated!
> > 
> > 
> > Regards,
> > 
> > 
> > --
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > ___
> > xCAT-user mailing list
> > xCAT-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes?

2018-06-19 Thread Christian Caruthers 
Some suggestions:

Rather than sync'ing the passwd, group, and shadow files to the systems, use a 
postscript to simply appended what you need to those files.

Set the xCAT management node up as an NIS server.

Set up ansible  on xCAT MN to manage/create user accounts.

Connect to LDAP or AD domain.

Regards,
Christian Caruthers
Lenovo Professional Services
Mobile: 757-289-9872

-Original Message-
From: Daniel Hilst Selli  
Sent: Monday, June 18, 2018 12:56
To: xCAT Users Mailing list 
Subject: [External] [xcat-user] What is the best way for changing/maintain 
users/groups/passwords for the computing nodes?

Hi!

I had a problem where I couldn't login to a computing node with the password 
contained at system key of passwd table. I search in the internet for options 
on setting password for xcat. 

The documentation says 

chtab key=system passwd.username=root passwd.password=abc123

But I don't really understand how this password would get to /etc/shadow of the 
computing nodes. Changing the password and reboot stateless node doesn't has 
effect, the node keep using the old password and passwd table and nodes 
/etc/shadow are out of sync. 

I saw people on internet synchronizing /etc/{group,shadow,passwd} from 
management node, but if this is the case, what is the point of the system key 
on passwd table?

Any suggestion on how to handle computing node users will be appreciated!


Regards,

--
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] SciLinux 7.4 statelite problems

2018-06-19 Thread Jeff Berry 
Hi Yuan,

I made the change to litefile as you suggested.
I was already running break.cleanup, but I  tried pre-pivot as well.
In both cases, the node boots, is pingable, but the console doesn’t get to 
login and ssh gives a connection refused.

Best,

Jeff

From: Yuan Y Bai [mailto:by...@cn.ibm.com]
Sent: 19 June 2018 08:37
To: xcat-user@lists.sourceforge.net
Cc: xcat-user@lists.sourceforge.net
Subject: Re: [xcat-user] SciLinux 7.4 statelite problems

Hi Jeff,

Could you try rd.break=cleanup as following, or you can try to set break point 
addkcmdline=rd.break=pre-pivot.


 chdef node-i01 addkcmdline=rd.break=cleanup

 rinstall node-i01 osimage

 rcons node-i01

Have you try to add "/etc/systemd/" in litefile? Now we just add  
"/etc/systemd/system/multi-user.target.wants/".



Best Regards
--
Yuan Bai (白媛)

CSTL HPC System Management Development
Tel:86-10-82451401
E-mail: by...@cn.ibm.com
Address: IBM ZGC Campus. Ring Building 28,
ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,
Beijing P.R.China 100193

IBM环宇大厦
北京市海淀区东北旺西路8号,中关村软件园28号楼
邮编:100193


- Original message -
From: Jeff Berry 
mailto:jeff.be...@mrc-cbu.cam.ac.uk>>
To: xCAT Users Mailing list 
mailto:xcat-user@lists.sourceforge.net>>
Cc:
Subject: Re: [xcat-user] SciLinux 7.4 statelite problems
Date: Mon, Jun 18, 2018 5:36 PM


Hi everyone,



thanks for the pointers.   I decided to go back to the very beginning and did a 
clean reinstall of xcat:

Version 2.14.1 (git commit 70d6e7f93cc9714a127c22df2e7ca53d4996a34c, built Fri 
Jun  1 03:00:53 EDT 2018)



then I walked through the documentation - 
https://xcat-docs.readthedocs.io/en/stable - and it works slighly better now.  
I’m no longer getting udev errors, but I’m still getting journald errors:

code killed, status 6/ABRT

on restart ‘/run/log/journal//system.journal corrupted or uncleanly 
shut down.



which looks like it might be a space/memory issue?



In any case, even just after boot, I have the same problem where I can’t ssh to 
the node or rcons, or even get a console prompt on the drac card (it’s a dell 
C6420).  It’s pingable at the correct ip address.



As per the email below, I checked the image for pkglist, exlist, and postinall:



Object name: SL7.4-statelite-v1

exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.exlist

imagetype=linux

osarch=x86_64

osdistroname=SL7.4-x86_64

osname=Linux

osvers=SL7.4

otherpkgdir=/install/post/otherpkgs/SL7.4/x86_64

permission=755

pkgdir=/install/SL7.4/x86_64

pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.pkglist


postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.postinstall

profile=compute

provmethod=statelite

rootimgdir=/install/netboot/SL7.4/x86_64/compute



I had a brief moment where I thought it might be an selinux problem, but in the 
rootimg selinux is disabled in /etc/selinux/config ...

the litefile is standard, but I’m thinking that I might change /var and /run to 
persistent to see if I can some extra insight into what’s happening on the node.

#image,file,options,comments,disable

"ALL","/etc/adjtime","tmpfs",,

"ALL","/etc/securetty","tmpfs",,

"ALL","/etc/lvm/","tmpfs",,

"ALL","/etc/ntp.conf","tmpfs",,

"ALL","/etc/rsyslog.conf","tmpfs",,

"ALL","/etc/rsyslog.conf.XCATORIG","tmpfs",,

"ALL","/etc/udev/","tmpfs",,

"ALL","/etc/ntp.conf.predhclient","tmpfs",,

"ALL","/etc/resolv.conf","tmpfs",,

"ALL","/etc/yp.conf","tmpfs",,

"ALL","/etc/resolv.conf.predhclient","tmpfs",,

"ALL","/etc/sysconfig/","tmpfs",,

"ALL","/etc/ssh/","tmpfs",,

"ALL","/etc/inittab","tmpfs",,

"ALL","/tmp/","tmpfs",,

"ALL","/var/","tmpfs",,

"ALL","/opt/xcat/","tmpfs",,

"ALL","/xcatpost/","tmpfs",,

"ALL","/etc/systemd/system/multi-user.target.wants/","tmpfs",,

"ALL","/root/.ssh/","tmpfs",,

"ALL","/etc/rc3.d/","tmpfs",,

"ALL","/etc/rc2.d/","tmpfs",,

"ALL","/etc/rc4.d/","tmpfs",,

"ALL","/etc/rc5.d/","tmpfs",,



I’m booting with rd.debug and rd.break=cleanup, but I don’t get a shell – I 
think because the root image *is* mounting.



As I said, thanks for the thoughts, and I just wanted to make sure that people 
know that I appreciate the input,



Best,



Jeff Berry









From: Yuan Y Bai [mailto:by...@cn.ibm.com]
Sent: 12 June 2018 10:01
To: xcat-user@lists.sourceforge.net
Cc: xcat-user@lists.sourceforge.net
Subject: Re: [xcat-user] SciLinux 7.4 statelite problems



Hi Jeff,



Could you check your osimage definition about exlist, pkglist and postinstall?

We do not formal ship compute.SL7.pkglist, we user the same files for rhels7. 
so could you try to use the rhels7 related files for your osimage?



Here I give you an example for osimage, you can find the right arch files under 
/opt/xcat/share/xcat/netboot/rh/:

]# lsdef -t osimage

Re: [xcat-user] SciLinux 7.4 statelite problems

2018-06-19 Thread Yuan Y Bai 
Hi Jeff,
 
Could you try rd.break=cleanup as following, or you can try to set break point addkcmdline=rd.break=pre-pivot.
 
 chdef node-i01 addkcmdline=rd.break=cleanup
 rinstall node-i01 osimage
 rcons node-i01
 
Have you try to add "/etc/systemd/" in litefile? Now we just add  "/etc/systemd/system/multi-user.target.wants/". 
 
 
 
Best Regards--Yuan Bai (白媛)CSTL HPC System Management DevelopmentTel:86-10-82451401E-mail: by...@cn.ibm.comAddress: IBM ZGC Campus. Ring Building 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,Beijing P.R.China 100193IBM环宇大厦北京市海淀区东北旺西路8号,中关村软件园28号楼邮编:100193
 
 
- Original message -From: Jeff Berry To: xCAT Users Mailing list Cc:Subject: Re: [xcat-user] SciLinux 7.4 statelite problemsDate: Mon, Jun 18, 2018 5:36 PM  
Hi everyone,
 
thanks for the pointers.   I decided to go back to the very beginning and did a clean reinstall of xcat:
Version 2.14.1 (git commit 70d6e7f93cc9714a127c22df2e7ca53d4996a34c, built Fri Jun  1 03:00:53 EDT 2018)
 
then I walked through the documentation - https://xcat-docs.readthedocs.io/en/stable - and it works slighly better now.  I’m no longer getting udev errors, but I’m still getting journald errors:
code killed, status 6/ABRT
on restart ‘/run/log/journal//system.journal corrupted or uncleanly shut down.
 
which looks like it might be a space/memory issue?
 
In any case, even just after boot, I have the same problem where I can’t ssh to the node or rcons, or even get a console prompt on the drac card (it’s a dell C6420).  It’s pingable at the correct ip address.
 
As per the email below, I checked the image for pkglist, exlist, and postinall:
 
Object name: SL7.4-statelite-v1
    exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.exlist
    imagetype=linux
    osarch=x86_64
    osdistroname=SL7.4-x86_64
    osname=Linux
    osvers=SL7.4
    otherpkgdir=/install/post/otherpkgs/SL7.4/x86_64
    permission=755
    pkgdir=/install/SL7.4/x86_64
    pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.pkglist
    postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.postinstall
    profile="">
    provmethod=statelite
    rootimgdir=/install/netboot/SL7.4/x86_64/compute
 
I had a brief moment where I thought it might be an selinux problem, but in the rootimg selinux is disabled in /etc/selinux/config ...
the litefile is standard, but I’m thinking that I might change /var and /run to persistent to see if I can some extra insight into what’s happening on the node.
#image,file,options,comments,disable
"ALL","/etc/adjtime","tmpfs",,
"ALL","/etc/securetty","tmpfs",,
"ALL","/etc/lvm/","tmpfs",,
"ALL","/etc/ntp.conf","tmpfs",,
"ALL","/etc/rsyslog.conf","tmpfs",,
"ALL","/etc/rsyslog.conf.XCATORIG","tmpfs",,
"ALL","/etc/udev/","tmpfs",,
"ALL","/etc/ntp.conf.predhclient","tmpfs",,
"ALL","/etc/resolv.conf","tmpfs",,
"ALL","/etc/yp.conf","tmpfs",,
"ALL","/etc/resolv.conf.predhclient","tmpfs",,
"ALL","/etc/sysconfig/","tmpfs",,
"ALL","/etc/ssh/","tmpfs",,
"ALL","/etc/inittab","tmpfs",,
"ALL","/tmp/","tmpfs",,
"ALL","/var/","tmpfs",,
"ALL","/opt/xcat/","tmpfs",,
"ALL","/xcatpost/","tmpfs",,
"ALL","/etc/systemd/system/multi-user.target.wants/","tmpfs",,
"ALL","/root/.ssh/","tmpfs",,
"ALL","/etc/rc3.d/","tmpfs",,
"ALL","/etc/rc2.d/","tmpfs",,
"ALL","/etc/rc4.d/","tmpfs",,
"ALL","/etc/rc5.d/","tmpfs",,
 
I’m booting with rd.debug and rd.break=cleanup, but I don’t get a shell – I think because the root image *is* mounting.
 
As I said, thanks for the thoughts, and I just wanted to make sure that people know that I appreciate the input,
 
Best,
 
Jeff Berry
 
 
 
 
From: Yuan Y Bai [mailto:by...@cn.ibm.com]Sent: 12 June 2018 10:01To: xcat-user@lists.sourceforge.netCc: xcat-user@lists.sourceforge.netSubject: Re: [xcat-user] SciLinux 7.4 statelite problems
 
Hi Jeff,
 
Could you check your osimage definition about exlist, pkglist and postinstall?
We do not formal ship compute.SL7.pkglist, we user the same files for rhels7. so could you try to use the rhels7 related files for your osimage? 
 
Here I give you an example for osimage, you can find the right arch files under /opt/xcat/share/xcat/netboot/rh/:
]# lsdef -t osimage rhels7.4-x86_64-statelite-compute -i exlist,pkglist,postinstallObject name: rhels7.4-x86_64-statelite-compute    exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.exlist    pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.pkglist    postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels7.x86_64.postinstall
 
 
"Failing to install mlx_en", I got the same message when there is no mlx in my system.
 
 
Best Regards--Yuan Bai (白媛)CSTL HPC System Management DevelopmentTel:86-10-82451401E-mail: by...@cn.ibm.comAddress: IBM ZGC Campus. Ring Building 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,Beijing P.R.China

Re: [xcat-user] rpower on tries to deactivate volume group

2018-06-19 Thread Matthias Merk 
Hi

Version 2.13.4 (git commit 6ee3741498768994e4bb10d2a77c9699bcabde90, built 
Tue May 16 10:03:13 EDT 2017)
This is a Management Node
Running on SLES11.4

The vmhost is SLES12.3

--
Matthias Merk


"Mark Gurevich"  schrieb am 18.06.2018 19:02:23:

> Von: "Mark Gurevich" 
> An: xCAT Users Mailing list 
> Datum: 18.06.2018 19:03
> Betreff: Re: [xcat-user] rpower on tries to deactivate volume group
> 
> Not sure what is going on yet.
> But what version of xCAT? (lsxcatd -a)
> 
> Mark Gurevich
> Poughkeepsie Development Lab
> HPC Software Development - xCAT
> 
> "If we knew what it was we were doing, it would not be called 
> research, would it?"
> --Albert Einstein
> 
> 
> 
> [Bild entfernt] Matthias Merk ---06/18/2018 08:54:43 AM---Hi 
> everyone, I ran into this behavior last week and was wondering if 
> anyone experienced
> 
> From: Matthias Merk 
> To: xCAT Users Mailing list 
> Date: 06/18/2018 08:54 AM
> Subject: [xcat-user] rpower on tries to deactivate volume group
> 
> 
> 
> Hi everyone, 
> 
> I ran into this behavior last week and was wondering if anyone 
> experienced this before: 
> 
> # rpower lnx0352b on 
> 
> produces this error: 
> 
> Jun  8 09:27:43 lnx0001a xcat[26018]: xCAT: Allowing rpower to 
> lnx0352b on for ruxi003 from loopback 
> Jun  8 09:27:53 lnx0001a xcat[26030]: xcatd: kvm plugin bug, pid 
> 26030, process description: 'xcatd SSL: rpower to lnx0352b for 
> ruxi003@loopback: kvm instance' with error 'libvirt error code: 1, 
> message: internal error: Child process (/sbin/vgchange -aln 
> clustervg) unexpected exit status 5:   Logical volume clustervg/
> lnx0316a.vda.raw in use.#012  Can't deactivate volume group 
> "clustervg" with 26 open logical volume(s)#012' while trying to 
> fulfill request for the following nodes: lnx0352b 
> 
> 'vgchange -aln clustervg' would deactivate the volume group. 
> 
> 
> 
> $ lsdef lnx0352a 
> [...] 
>vmbootorder=hd,network 
>vmcpus=2 
>vmhost=lnx0223a 
>vmmemory=15360 
>vmnicnicmodel=virtio 
>vmnics=br_vl2194,br_vl1896 
>vmstorage=lvm://clustervg 
>vmstoragecache=writethrough 
>vmstorageformat=raw 
>vmstoragemodel=virtio 
> 
> Thanks, 
> 
> Matthias 
> 
Merk--
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user
> 
> 
> 
--
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user