You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Current »
Why?
We are hosting a file repository, mainly for hosting Nvidia GRID drivers, and kernels for PXE-booting Ubuntu 22.04. It's also used to host miscellaneous software no longer available in any public repositories.. The server is a "halvadministrert" ansible configured VM delivered by NTNU IT. The repositori is implemented with Apache webserver
What?
Hostname | Aliases | IP v4 | IPv6 | OS |
---|
repo01.it.ntnu.no | repo.it.ntnu.no rpm.iik.ntnu.no | 129.241.14.11 | 2001:700:300:7::111 | Ubuntu Server 22.04 LTS |
Who?
The following BAS-groups are used to grant access
SSH-loign | halvadm_openstackadmin |
---|
sudo | halvadm_openstackadmin |
---|
How?
Most of this is confiugred according to NTNU ITs documentation for "Halvadministrerte Linux-servere"
Firewall
Create the following files, to allow web traffic from NTNU networks. When created, run /local/admin/bin/install-firewall.sh
to apply the rules.
# Slipp inn hele NTNU
-I INPUT -p tcp -m tcp --dport 80 -j permit_ntnu
-I INPUT -p tcp -m tcp --dport 443 -j permit_ntnu
# Slipp inn hele NTNU
-I INPUT -p tcp -m tcp --dport 80 -j permit_ntnu
-I INPUT -p tcp -m tcp --dport 443 -j permit_ntnu
Install packages
Installing packages is done with pkgsync, and handled by ansible. Configure the following, and run /local/admin/bin/do_pkgsync.sh
to apply
Configuring apache
Create vhosts for both http and https. Make sure that /srv/repo.it.ntnu.no
exists
<VirtualHost *:80>
ServerName repo.it.ntnu.no
ServerAlias repo01.it.ntnu.no
ServerAlias rpm.iik.ntnu.no
ServerAdmin eigil.obrestad@ntnu.no
DocumentRoot /srv/repo.it.ntnu.no
<Directory /srv/repo.it.ntnu.no/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/apache2/repo.it.ntnu.no http_error.log"
CustomLog "/var/log/apache2/repo.it.ntnu.no http_access.log" combined
ServerSignature Off
RewriteEngine On
# Make sure skylow-clients are served nvidia-config belonging to skylow
RewriteCond expr "-R '10.212.128.0/22'" [OR]
RewriteCond expr "-R '128.39.45.0/26'" [OR]
RewriteCond expr "-R '2001:700:1d00:ec00::/56'"
RewriteRule "^/nvidia/(.*)" "/nvidia-skylow/$1" [PT]
# Make sure skyhigh-clients are served nvidia-config belonging to skyhigh
RewriteCond expr "-R '10.212.132.0/22'" [OR]
RewriteCond expr "-R '10.212.136.0/22'" [OR]
RewriteCond expr "-R '10.212.160.0/21'" [OR]
RewriteCond expr "-R '10.212.168.0/21'" [OR]
RewriteCond expr "-R '128.39.143.128/25'" [OR]
RewriteCond expr "-R '128.39.45.64/26'" [OR]
RewriteCond expr "-R '129.241.150.0/24'" [OR]
RewriteCond expr "-R '2001:700:1d00:e800::/54'"
RewriteRule "^/nvidia/(.*)" "/nvidia-skyhigh/$1" [PT]
# Make sure stackit-clients are served nvidia-config belonging to stackit
RewriteCond expr "-R '10.212.0.0/22'" [OR]
RewriteCond expr "-R '10.212.24.0/22'" [OR]
RewriteCond expr "-R '129.241.152.0/23'" [OR]
RewriteCond expr "-R '2001:700:300:6000::/56'"
RewriteRule "^/nvidia/(.*)" "/nvidia-stackit/$1" [PT]
</VirtualHost>
<VirtualHost *:443>
ServerName repo.it.ntnu.no
ServerAlias repo01.it.ntnu.no
ServerAlias rpm.iik.ntnu.no
ServerAdmin eigil.obrestad@ntnu.no
DocumentRoot /srv/repo.it.ntnu.no
<Directory /srv/repo.it.ntnu.no/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/apache2/repo.it.ntnu.no http_error.log"
CustomLog "/var/log/apache2/repo.it.ntnu.no http_access.log" combined
ServerSignature Off
RewriteEngine On
# Make sure skylow-clients are served nvidia-config belonging to skylow
RewriteCond expr "-R '10.212.128.0/22'" [OR]
RewriteCond expr "-R '128.39.45.0/26'" [OR]
RewriteCond expr "-R '2001:700:1d00:ec00::/56'"
RewriteRule "^/nvidia/(.*)" "/nvidia-skylow/$1" [PT]
# Make sure skyhigh-clients are served nvidia-config belonging to skyhigh
RewriteCond expr "-R '10.212.132.0/22'" [OR]
RewriteCond expr "-R '10.212.136.0/22'" [OR]
RewriteCond expr "-R '10.212.160.0/21'" [OR]
RewriteCond expr "-R '10.212.168.0/21'" [OR]
RewriteCond expr "-R '128.39.143.128/25'" [OR]
RewriteCond expr "-R '128.39.45.64/26'" [OR]
RewriteCond expr "-R '129.241.150.0/24'" [OR]
RewriteCond expr "-R '2001:700:1d00:e800::/54'"
RewriteRule "^/nvidia/(.*)" "/nvidia-skyhigh/$1" [PT]
# Make sure stackit-clients are served nvidia-config belonging to stackit
RewriteCond expr "-R '10.212.0.0/22'" [OR]
RewriteCond expr "-R '10.212.24.0/22'" [OR]
RewriteCond expr "-R '129.241.152.0/23'" [OR]
RewriteCond expr "-R '2001:700:300:6000::/56'"
RewriteRule "^/nvidia/(.*)" "/nvidia-stackit/$1" [PT]
SSLEngine on
SSLCertificateFile "/root/repo.it.ntnu.no.crt"
SSLCertificateKeyFile "/root/repo.it.ntnu.no.key"
</VirtualHost>
There is a bit of Rewrite-trickery going on here, to ensure that the different platforms requesting Nvidia GRID drivers get the correct drivers and configuration depending on the network the traffic is origining from.
TLS
TLS certificates are handled by NTNU ITs ansible role "autocert".