jpr's blog

[phpwiki]
To support the UABgrid2 pilot we purchased a few Dell systems that arrived in April: two [Dell 2950s| http://www.dell.com/content/products/productdetails.aspx/pedge_2950?c=us&cs=RC956904&l=en&s=hied] with dual 3.0Ghz Xeon, 8Gb RAM, and 300Gb SAS disks (Perc5/i-based mirrors), a [Dell 1950|http://www.dell.com/content/products/productdetails.aspx/pedge_1950?c=us&cs=RC956904&l=en&s=hied] with dual CPUs and some local storage, and an [Dell/EMC 6TB SAN|http://www.dell.com/content/products/productdetails.aspx/pvaul_ax150?c=us&cs=RC956904&l=en&s=hied] to connect to the 1950. The 2950's will host various aspects of the UABgrid2 infrastructure including the identity management (VO, CA, and MyProxy) and application support (GridWay, Gridsphere, and other collaborative apps) systems. The 2950s will be hosting VMware-based virtual machines to carry out most of these tasks, with the goal of easing application deployment when conflicting system requirements arise. The 1950 will act as a quasi-NAS device, supporting traditional network shares locally and high-bandwidth file transfers via GridFTP (and potentially other protocols) for UABgrid job management. Together these systems will form the UABgrid infrastructure cluster.

Linux Provisioning Systems - Posted by jpr to provisioning sysadmin linux on Thu Jan 11 2007 [@lab Bookmarks]

[phpwiki]
Came across an article today in [NetworkComputing| http://www.networkcomputing.com/channels/storageandservers/showArticle.jhtml?articleID=194300555&pgno=11] (of all places. nothing quite like boardom induced browsing) that caught my interest. I've been scratching my head for a while on how to manage the desktops, servers, and hpc systems in a reasonable way. The best way to do it is some ROCKSish like way, essentially having some configuration management tool. ROCKS and OsCaR are nice but a little too geared to the HPC cluster environment and don't seem adaptable to general purpose system administration with out a lot of cross platform (non-redhat) headache. I've toyed with the idea of roll my own via the grid but don't like the isolation of it.

[phpwiki]
VMWare Server has been acting up lately. The network connection to guests gets dropped seemingly randomly. The problem is noticed as dropped network connections are normarlly noticed: web pages are unavailable, logins fail (eg. on XP a message about AD not accepting connections or not recognizing you), and if the guest runs a service, the service is unavailable.

The problem can sometimes be fixed (or even avoided) by pinging from the guest to some external address. I've also had luck in disconnecting and reconnecting the network device for the guest.

The host is always available and the guests can be controlled via the VMware remote interface. Our VMware Server boxes use bridged networking, so that the host and guests are all on

[phpwiki]
Taking the time to read up on the GridShib CA and MyProxy CA was very useful. They and phpki ultimately all are backened by an openssl configuration so in a sense are compatible with each other. The decision to use one over the other seems to mainly be about where one stores a cert and how one can retreive it. The GridShib CA has a great way of creating certs that are truely private (client-based key) so I'm guessing there is not a key store in GridShib CA. MyProxy CA would seem to have a keystore since it's backended by Simple CA. This makes it like phpki except that the interface is command-line versus web.

[phpwiki]
weblogin.ac.uab.edu is now using ldaps to access the LDAP service for authentication. Serveral problems existed which had prevented this from working. The default libldap2 binary on debian woody 2.4 is not built with tls enabled. This was the main problem. The fix was to rebuild the openssl source package on the debian build box:

apt-get source libldap2
cd openldap-2.0.23
dpkg-buildpackage -uc -b

and then install resluting libldap2.deb file on weblogin

dpkg -i libldap2-2.0.23.deb

The next step is to tell libldap where to find the trust definition for the UAB ldap SSL interface. This requires the Equifax root. Put that in /usr/lib/ssl/cert/ca-bundle.crt. The location is defined in /etc/ldap/ldap.conf with the values TLS_CACERT (for the bundle file) and TLS_CACERT_DIR (for the hash based files). While I prefer the later only the TLS_CACERT file option seemed to work.

[phpwiki]
It seems you need to restart the backup server after you add new unix
hosts. I added some hosts at the start of the week and after that all the
backups started failing with

"The connection to the data backup has been lost"

This happened for both existing (and working unix agents) and the new ones
I defined.

It took a little while to figure this out. At first I thought it might be
firewall related but looking at the network traffic showed that wasn't the
case. The debug output of agent.be (see agent.be -help) wasn't all that
useful and seemed to indicate normal operation.

[phpwiki]
After installing the new free VMware Server product I couldn't get the
vmware-mui-distrib tarball to install. It kept aborting with the message
"Failure" after saying it detected an previous install of vmware. Duh!, I
had put it there.

The previous install wasn't actually the problem though. I found the
[limited instrux for the new release|http://www.vmware.com/support/server/doc/releasenotes_server_beta.html#install]
and the said make sure libdb.so.3 is installed, which comes in the
compat-db rpm, btw. I installed it, still no luck.

Looking at the perl code it seemed to be looking for a previous install of

[phpwiki]
found out about
[javaspaces|http://webapp.lab.ac.uab.edu/bookmarks/tag/javaspaces] today
through some features in the up coming dakota interface. seems to be an
interesting framework for a distributed memory space in java that can be
treated as a container for distrubuted processes. the driving application
or job creates tasks that are handled by workers, who select the task out
of the job space. this allows a model of processing where workers
contribute what they can to the job execution. faster workers process more
tasks that slower works.

In the simple example of the

[phpwiki]
getting started on the layout of the sc|05 poster. it's a little close on
the deadline of next thrusday, but there's been some mental work to date.
should have left a little more time but these sites are providing some
good suggestions on how to approach it.

* duke biology poster guide, includes point sizes:

http://www.biology.duke.edu/resources/computer/poster/designaposter.html

* summary of someones poster makeing experience with some nice refernces in the links:

http://student.dcu.ie/~mcmahon4/posteradvice.html

* a good poster goal description from the doe:

[phpwiki]
Came across [a nice analysis of connetea bookmarking software|http://www.dlib.org/dlib/april05/lund/04lund.html] off a link at
del.icio.us. [Connetea|http://www.connotea.org/] seems like the right
bookmarking tool to play with
in myVocs. The [code is open|http://www.connotea.org/code] and they are
following del.icio.us ideas but
extending them in useful ways. This wouldn't elliminate del.icio.us use
but would give us a way of seemless identity integration with a
bookmarking tool.

I also took a look at the [facebook.com|http://facebook.com] site
referenced in [jim's blog|http://arch.doit.wisc.edu/jim/index.php/2005/10/04/internet2-collaboration-tools-phone-call-4-october-2005/].
This
is one of the best examples of how a [vo-core like myVocs|http://myvocs.org] should look
and work. It's got excellent methods of connecting groups to groups. It
builds excitement for the user.
Granted, this could also act as an identity provider, but could
just as easily leverage an existing idp infrastructure or be the "local
account" idp for the vo system environement.