Core ACM Systems

• ACM Authorization Mechanisms
  • Administrator Credentials
    • How to make an admin hat
      • Kerberos
      • LDAP
      • AFS
      • SSH
  • LDAP
    • Data in LDAP
    • Poking at LDAP
    • Setting up an LDAP Server
      • Installing Software
      • Setting the Right Host Address
      • Landing a Keytab
      • Creating a jhuacmKerberosInstance DN for the Replica
      • Adjusting and Landing the Configuration
      • Non-SASL Auth
    • Non-Default Bits of LDAP Configuration
      • Kerberos and GSSAPI
      • Access Control
      • TLS
      • Replication
  • Kerberos KDC
    • Dependencies
    • Using Kadmin
      • Common kadmin tasks: changing a password.
    • Using Multiple Instances
      • Creating an Instance
      • How to use an alternate hat
    • Configuration
    • Replication
      • Creating a new replica
    • Cross-Realming
      • Incoming
      • Outgoing
      • Cross-realming with someone using a Samba 4 KDC
  • ACM OID Definitions
    • LDAP
      • LDAP for Plan 9
      • LDAP for Door Control
      • LDAP for OpenStack Integration
      • LDAP Group Fixup
      • Kerberos Instance
    • SNMP
    • Experimental and temporary OIDs
• Low Level Storage in the ACM
  • Ceph Storage System
    • Configuration
    • Authentication
      • Creating a New Ceph User
    • Maintenance Tasks
      • Getting Cluster Status
      • Identifying RBD Objects
      • Rebalancing Scrubs
      • What’s On An OSD
      • Slowly Easing In or Out OSDs
      • Quickly Removing an OSD
      • Creating a New Mon
      • Removing a Mon
    • ZFS and Ceph
    • Miscellany
  • Setting up the Sunfires, a.k.a. thumpers
    • Using Serial Console on a Sunfire
    • Drive Enumeration Order
    • Booting from USB Mass Storage Devices
    • Installing a Sunfire, the Debian Way
• Critical Hardware
  • Digi EtherLite
    • Cabling
    • Some random musings
    • APC MasterSwitch
  • Digi Ports
    • Kermit Invocation
  • APC MasterSwitch Controllers
    • Magellan’s Scripting
    • APC Configuration
      • Naming outlets
    • Factory Restore Over The Network
  • Configuring a BeagleBone Black the ACM Way
    • Initial Configuration
      • Flashing the latest firmware, the BeagleBone Way
      • Common
        • Early Configuration
          • Authentication
          • SSH keys
          • Date
      • Repository Setup
        • Packages
        • Additional Configuration
      • Client Configurations
      • Server Configurations
        • Installing Packages
        • Pruning Packages
    • Recurring Tasks
      • Upgrading the Kernel
• OpenAFS topics
  • Using libvirt
    • Debugging XML
    • Using Ceph
    • Serial Console
    • Libvirt Events
  • AFS Server Setup
    • Miscellany
      • Software
      • CellServDB
      • keytab
      • UserList
      • NetInfo
      • NetRestrict
    • Configure the server using BOS
    • remctld and afs-backend
    • Other Useful References
  • OpenAFS Partition Scheme
    • Partitions Stored in Ceph
    • Partitions on Chicago
    • Release and Backup Schedules of Volumes
    • The Special Case of Mirrors and Other Unprivileged Release Operations
    • Other Special Cases
  • AFS Client Configuration
    • Authentication and Identification
    • Cell Discovery
    • AFS Hard Mount Semantics
    • Landing a Keytab
      • Host Principal and Keytab
      • PTS Entry
      • Local Config
  • Service Principals
  • Creating Backups for ACM Services
  • Long-term AFS Archives with bup
    • Overview
    • So where are the backups?
    • Looking at or restoring an archive file
      • Restoring from archive without nuking an exisiting volume
    • Inserting a dump into the archive
    • Repacking Bup Packs
    • Mirroring Some Or All Of The Bup Archive
    • Extracting Every Revision Of A Volume
  • The Special Case of admins.pub
    • AFS Volumes Impacted
    • Manifest
      • Adminly-things
      • Global Parameters
      • Published Materials
• Openstack
  • Virtual Machines and Openstack
    • VM Configuration
      • RADOS Block Devices via virtio
      • AFS on an OpenStack VM
    • Maintenance Tasks
      • Getting a shell on a VM with no floating IP
  • Components
    • Genuine Bits of Openstack
      • Nova
      • Cinder
      • Keystone
      • Glance
      • Neutron
    • Things We’ve Bolted On
      • Ceph
      • Shorewall
  • Physical Machines
    • Openstack Management on Gomes
      • Processes
      • Homegrown Scripts
      • Futzing with the Database
    • The Compute Nodes
      • When a Compute Node Goes Down
  • The Glorious Journey to a New Version of Openstack
    • Openstack Upgrade Documentation and other references
    • Back Up EVERYTHING
    • Test First?
    • The Debian Problem
    • Upgrading With Configuration Management
    • Upgrading Without Configuration Management
    • When Things Go Wrong
    • Restarting Services
    • Testing the Upgrade
  • Hosting Services in Openstack
    • Hosted Services
• Networking configuration and maintenance tasks
  • Internal Network Configuration
    • RFC1918 regions and VLAN assignments
    • Cluster Switch Cabling
      • Procurve
      • Management
  • External Network Considerations
    • Allocations
      • Security Policies
      • Naming
      • DHCP or other Dynamic Configuration
    • Cluster Common Considerations
      • Multi-Provider Egress and Tracking
      • Ingress
        • Magellan
        • Gomes
    • Services Without the Cluster
    • Cluster Uplink Cabling
  • DNS
    • Internal DNS
    • Managing External DNS
      • DNS setup
      • Forward Records
      • Reverse Records
      • DANE Records
      • Git-driven DNS maintainence
      • DNSSEC
        • DNSSECifying new zones
      • Todo
• JHU Upstream Information
  • Networking
  • NTP
  • DNS
  • Kerberos
  • LDAP
    • JHU AD Principles Assigned for ACM Use
  • SSL
• Shutdown Procedure