X-Git-Url: http://git.subgeniuskitty.com/website_subgeniuskitty.com/.git/blobdiff_plain/a60cd2ef808fc11494c1f022f33cbdfd311b7d01..399284b1b0b1c3d6130aa56a0eb2c280c45f9c35:/data/notes/xeon_phi_server.md

diff --git a/data/notes/xeon_phi_server.md b/data/notes/xeon_phi_server.md
index 54f05a1..2288ef1 100644
--- a/data/notes/xeon_phi_server.md
+++ b/data/notes/xeon_phi_server.md
@@ -85,7 +85,7 @@ Xeon E5-2637 CPUs selected for lower power, high frequency, cheap price, and
 and CPU2 requires heatsink SNK-P0047PS.
 
 
-## SAS Backplane & Motherboard SATA ###
+### SAS Backplane & Motherboard SATA ###
 
 The SAS backplane is a little odd. The first eight drive bays connect via a
 pair of SFF-8087 connectors and the last two drive bays connect via standard
@@ -564,7 +564,8 @@ Reboot the computer and remove the USB stick. Installation is complete.
 Install various no-config-required userland packages before continuing.
 
     apt-get install net-tools bzip2 zip ntp htop xterm screen git \
-            build-essential pciutils smartmontools gdb valgrind
+            build-essential pciutils smartmontools gdb valgrind wget \
+            texlive texlive-latex-extra graphviz firefox sysfsutils
 
 
 #### X Window Manager ####
@@ -649,7 +650,8 @@ Install tcsh.
 Change the default shell for new users by editing `/etc/adduser.conf`, setting
 the `DSHELL` variable to `/bin/tcsh`. Then use the `chsh` command to change the
 shell for root and ataylor. Create `~/.cshrc` in ataylor's and root's homedir
-with the following contents.
+with the following contents. Remember to also copy it to `/etc/skel` and set
+permissions so it's used for any future users on the system.
 
     # .cshrc - csh resource script, read at beginning of execution by each shell
     
@@ -657,7 +659,7 @@ with the following contents.
     alias j       jobs -l
     alias la      ls -aF
     alias lf      ls -FA
-    alias ll      ls -lAF --color
+    alias ll      ls -lF --color
     alias ls      ls --color
     
     # These are normally set through /etc/login.conf.  You may override them here
@@ -704,6 +706,24 @@ Add the following line to `~/.xinitrc`.
     /bin/xscreensaver -nosplash &
 
 
+#### Go Toolchain ####
+
+The version of Go provided via `apt-get` is always out of date, so all Go
+installs on this server are done via tarball from the <https://golang.com>
+website. Go 1.16.3 is used for this example but the newest version of Go may be
+found at <https://golang.org/dl/>.
+
+Previous versions of Go are installed entirely under `/usr/local/go`. Delete
+the entire `/usr/local/go` directory before proceeding.
+
+    wget https://golang.org/dl/go1.16.3.linux-amd64.tar.gz
+    tar -C /usr/local -xzf go1.16.3.linux-amd64.tar.gz
+
+If this is the first time installing Go on the system, update everyone's
+`$PATH` to include `/usr/local/go/bin`. Remember to update files under
+`/etc/skel` at the same time.
+
+
 #### ZFS Snapshots ####
 
 In order to configure automatic ZFS snapshots, use the `auto-zfs-snapshot`
@@ -771,6 +791,105 @@ Create the file `/etc/cron.d/status-emails` with the following contents.
     SHELL=/bin/bash
     0 0 * * 0 root /sbin/zpool status | echo -e "Subject:FROSTBURG: zpool status\n\n $(cat -)" | msmtp ataylor@subgeniuskitty.com
 
+
+#### Public SSH Access ####
+
+Although frostburg is on a private subnet, I want public SSH access. The
+easiest way to set this up is via a reverse SSH tunnel to one of the public
+subgeniuskitty.com servers.
+
+This section refers to three machines:
+
+  - The **server** is frostburg.subgeniuskitty.com, a machine which we desire
+    to access across the internet despite residing on a private subnet.
+
+  - The **endpoint** is a server with public IP address which will serve as an
+    access portal for the *server*.
+
+  - The **client** is the human user's workstation, the machine which is
+    attempting to login to the *server* via the *endpoint*.
+
+First, setup appropriate login credentials on the *server*, which in this case
+is `frostburg.subgeniuskitty.com`.  Ignore any warnings about `/home/username`
+already existing or not being owned by the correct user. These are simply a
+side effect of using ZFS since we must create the homedir before adding the
+user, but we can't change ownership until after the new user exists.
+
+    server:~ # zfs create rpool/home/username
+    server:~ # adduser username
+    server:~ # cp -a /etc/skel/. /home/username
+    server:~ # chown -R username:username /home/username
+    server:~ # zfs snapshot rpoot/home/username@account_creation
+
+If necessary for the intended tasks, add the user to any relevant groups with
+something like the following command.
+
+    server:~ # usermod -a -G netdev,plugdev,sudo,video username
+
+The user will also need login credentials on the *endpoint*. These credentials
+don't need to allow anything other than simply SSHing through to the *server*.
+
+    endpoint:~ # adduser username
+
+With appropriate credentials successfully created, move on to setting up a
+reverse SSH tunnel from *server* to *endpoint*.
+
+First, create an SSH key on the *server* with no passphrase and authorize it
+for logins on the *endpoint*. This will be used to bring the tunnel up when the
+machine boots. If a non-empty passphrase is specified, you will need to type it
+during the boot process.
+
+    server:~ # ssh-keygen
+    server:~ # scp /root/.ssh/id_rsa.pub username@endpoint:/home/username/temp_key_file
+    server:~ # ssh username@endpoint
+        (login requires password)
+    endpoint:~ % mkdir -p /home/username/.ssh
+    endpoint:~ % mv /home/username/temp_key_file /home/username/.ssh/authorized_keys
+    endpoint:~ % logout
+    server:~ # ssh username@endpoint
+        (login does not require password)
+    endpoint:~ % logout
+    server:~ # mv /root/.ssh/id_rsa rtunnel_nopwd
+    server:~ # mv /root/.ssh/id_rsa.pub rtunnel_nopwd.pub
+
+Next, create the tunnel using AutoSSH to maintain a long-term connection.
+
+    server:~ # apt-get install autossh
+    server:~ # vi /etc/systemd/system/autossh-tunnel.service
+        [Unit]
+        Description=AutoSSH tunnel between frostburg.SGK and www.SGK
+        After=network-online.target
+        
+        [Service]
+        Environment="AUTOSSH_GATETIME=0"
+        ExecStart=/bin/autossh -N -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -i /root/.ssh/rtunnel_nopwd -R 4242:localhost:22 username@endpoint
+        
+        [Install]
+        WantedBy=multi-user.target
+    server:~ # systemctl daemon-reload
+    server:~ # systemctl start autossh-tunnel.service
+    server:~ # systemctl enable autossh-tunnel.service
+
+At this point the SSH tunnel is operational. Let's make things a little easier
+for the user by storing most of the config options in an SSH config file.
+
+    endpoint:~ # su - username
+    endpoint:~ % vi /home/username/.ssh/config
+        Host server
+            Hostname localhost
+            User     username
+            Port     4242
+
+Now, when we execute `ssh server`, it is equivalent to the command
+`ssh -p 4242 username@localhost`, much easier to remember.
+
+It's time to test everything out. Starting from the *client*, you should now be
+able to login to the *server* via the *endpoint*.
+
+    client:~ % ssh username@endpoint
+    endpoint:~ % ssh server
+    server:~ %
+
 --------------------------------------------------------------------------------