eslsrv12

eslsrv12.epfl.ch

OS: Centos 7.5

Arch: 64 bits

Proc: Dual Intel Xeon Gold 6154 CPU @ 3.00GHz

Cores: 2 * 18

Disks: 2 * 250GB (OS)    + 2 * 1TB (Scrap)

RAM: 12 * 32GB = 384GB

Network: 2 * 1Gb

Kernel: 3.10+

homedirs: local + automount

general

eslsrv12 is a general purpose server running linux. It is open to every member of the ESL lab. The homedirs are a mix of a local 100GB disk and different NFS mounts.

Shell

The server applies some scripts during your first login. If your default shell is tcsh then you have to run "bash" at least one for the scripts to take effect. You don't need to change your default shell. If your default shell is bash (90% of people) then you have nothing to do.

X2GO

Important: In your X2GO configuration file, disable the client side printing system and the audio server

x2go, the remote desktop client/server for linux is installed on eslsrv13. You can use x2go client on your desktops/laptops to reach eslsrv13 in a more convivial session than just ssh.

Among the recommended settings are to make sure that you disable the media redirection (sound) or you will quickly fill the admin logs with garbage, also disable the clientside printing to avoid incompatibilities with our container system. Also make sure to use the MATE environment as it is for now the most appropriate environment for a remote desktop.

Important: the reboot/shutdown functions provided by the different window environment are not disabled. Do not use them or you will actually reboot/restart the server. Just use the logout function. In case a mantenance is announced, please make sure to also logout from the x2go sessions, do not just close the session but completely logout from it.

Homedirs

Every homedirs is made of a local part which is where the generic (non research) files are stored, like the firefox cache, configuration files of the GUI tools, config and temp files related to x2go, etc. The local homedir is everything in $HOME which is not in your "shares" subfolder. You are supposed to store your research files and other important files in one of the "shares" listed in the $home/shares subfolder. A system of symlink will point from your $home to the shares, like sti2files.epfl.ch for example. The quota of those shares is an independent quota.

There is a 2TB local disk (made of 2 ssd's in raid zero) used as a scrap space, fast and without backups. It is to be used for special projects. It is mounted in your shares in the local subfolder.

In short, keep everything important in your shares, keep the bare minimum in your local homedir.

For now, only the shares from sti1files and some shares from eslsrv6 are mounted.

EDA tools

The EDA shares from ielsrv01 are mounted on eslsrv12. The EDA tools can be used through the singularity container system. An image of the eda environment is located in /files/singularity/eda.img. The image is generated using the def file located in the same folder. Contact me if you need a change to this file, or create your own img file based on the current def file including your changes.

Since your homedir is empty, you need to re-create the .cshrc at the root of your homedir.

Reboot and maintenance

The reboot policy is based on the updates necessary to patch security problems. As long as the kernel and critical components are not vulnerable then the server won't be rebooted. Still, it is a good practice to close your sessions (ssh/x2go) if you know that you have finished your tasks. Some maintenance tasks will also require a reboot, we'll try to group them with the updates as much as possible.

cgroups

The cgroup policy is not implemented yet but will be soon.

Network

eslsrv12 is not open on diode, so you will have to launch your VPN client if you want to use it from outside EPFL.

Containers

The container runtime used in eslsrv12 is singularity.

http://singularity.lbl.gov/user-guide

Some images (like for EDA tools) are stored in /files/singularity. You can store your own images wherever you want. You can use the def files in this folder as a starting point for your own images.

Users of the screen command must be careful while in a container, and should redirect the working directory of screen to a local folder in their homedir:

[css]

export SCREENDIR=$HOME/.screen

manually create the new folder with mkdir $/.screen

make the folder 700

chmod 700 $HOME/.screen

for tcshell you can use add this to your .cshrc:

setenv SCREEN "$HOME/.screen"

[/css]

Permissions

Most of the users have limited sudo, including the commands below. Contact your admin if you really need full sudo access.

[css]

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable

## Updating the locate database
Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## CPU
Cmnd_Alias CPU = /usr/bin/turbostat
[/css]