GCE
From FarmShare
our GCE project ID is stanford.edu:barley-gce
I created a standard instance, it gets Ubuntu 12.04 by default. 3.7GB per core, up to 8 cores. ~7GB usable /tmp
https://developers.google.com/compute/docs/hello_world
Contents |
minimum requirements
- qmaster on senpai1 needs to be able to talk to execd on instance
- user information from ldap needs to be present on instance
- user data directory needs to be present on instance (e.g. /mnt/glusterfs)
Can compare to barley-tesq for LDAP settings.
LDAP
sudo aptitude install ldap-utils libpam-ldap libnss-ldap
compare /etc/nsswitch.conf and /etc/ldap.conf to the one on barley-testq
test anonymous bind:
ldapsearch -x -h ldap.stanford.edu -b "cn=accounts,dc=stanford,dc=edu" "(objectClass=*)"
The above command works from barley-testq but not from GCE instance, either firewall or IP ACL if I had to guess?
OK, give up on that for now.
GlusterFS
sudo aptitude install glusterfs-client sudo mkdir -p /mnt/glusterfs
hmm, instance has only internal IP, and can't ping barley-storage01, let's look at that: https://developers.google.com/compute/docs/networking
The networking doc says any outgoing connection is allowed. Firewalls in the way:
- none on GCE side (outgoing)
- central firewall - project Stanford FarmShare, no incoming GlusterFS ports allowed, filed request
- iptables on barley-storage01, added to puppet iptables fragment
- gluster auth.allow, currently * (gluster volume info)
OK, waiting on firewall team, give up for now
Works fine after opening fw:
chekh@my-first-instance:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/vda1 9.4G 1.1G 7.9G 12% / none 1.9G 4.0K 1.9G 1% /dev none 378M 128K 377M 1% /run none 5.0M 0 5.0M 0% /run/lock none 1.9G 0 1.9G 0% /run/shm barley-storage01.stanford.edu:/bvol 3.6T 2.7T 757G 79% /mnt/glusterfs
SGE
sudo aptitude install gridengine-client echo "senpai1.stanford.edu" > /var/lib/gridengine/default/common/act_qmaster
Instance needs to be able to talk to qmaster over TCP 6444:
barley-testq:/root# qping -info senpai1 6444 qmaster 1
qmaster needs to be able to talk to instance over tcp 6445:
gcutil addfirewall allowge --description="Allow qmaster on senpai1 to interrogate sge_execd." --allowed="tcp:6445"
Actually that allows TCP 6445 from everywher, but I guess that's fine for now, needed --allowed-ip-sources=IP-OF-senpai1
stanford packages
TODO: install packages stanford-server-timeshare, auks, stanford-ldap-tools, openafs-whatever pre-requisite: configure correct repo Tried /etc/apt/sources.list.d/stanford.list, but get 403 Forbidden from outside of Stanford. Giving up for now.