[prev in list] [next in list] [prev in thread] [next in thread]
List: npaci-rocks-discussion
Subject: Re: [Rocks-Discuss]Migrating passwd files
From: Larry Baker <baker () usgs ! gov>
Date: 2006-04-28 0:25:50
Message-ID: EF1CA058-9D98-49D5-BDEE-85D16CD22882 () usgs ! gov
[Download RAW message or body]
I think I have added a couple users to our small P4 cluster, and
things seem to be just fine.
Assuming the new user ID is <login>, I use two commands:
# useradd -c "users's_real_name" -u UID_assigned -n -d /users/
<login> <login>
# passwd <login>
The first creates the account, the second sets the initial password.
useradd updates /etc/auto.home (appends the new user <login>),
although it does not use the "&" for the <login> name, it fills in
the <login> name, e.g.:
margaret thera.local:/users/margaret
When I hand-edited /etc/auto.home doing the installation/migration, I
used "&", e.g.:
baker thera.local:/users/&
Larry Baker
US Geological Survey
650-329-5608
baker@usgs.gov
On Apr 27, 2006, at 4:54 PM, Jeremy Mann wrote:
> Thanks for the tips Larry. I am afraid that if I create a new user
> (after
> migration) that the auto.* files get rewritten. Did you have this
> problem
> too? Or does the useradd python script append and not overwrite.
>
> Larry Baker said:
>> Jeremy,
>>
>> I made a similar migration from SuSE 9.3 to Rocks 4.1 on a small 4-
>> node P4 cluster, and all I had to do was make entries for the
>> existing user directories in /etc/auto.home (in our case, they are on
>> a separate disk, /users) and I merged (not just copied) the passwd,
>> shadow, group, and gshadow files in /etc:
>>
>> Add entries in /etc/auto.home for the directories in /users:
>>
>> # vi /etc/auto.home
>>
>> install thera.local:/export/home/&
>>
>> baker thera.local:/users/&
>>
>> :
>>
>>
>> If this is an upgrade of a previous Linux installation, merge the
>> files:
>>
>> /etc/passwd
>> /etc/shadow
>> /etc/group
>> /etc/gshadow
>>
>> to preserve any new entries that appear in both the old and new
>> files.
>>
>> Note: this was all done on the frontend before doing the compute node
>> installs. I tested user ssh and X Windows logins on the frontend
>> before trying to turn it into a cluster. (Baby steps.) Also, I
>> should note that I turn off the Linux firewall (our entire campus is
>> firewalled). It causes more grief than it is worth for us.
>>
>> I did the same thing on a larger 16-node dual Opteron cluster that I
>> migrated from SLES 8/United Linux 1 to Rocks 4.1.
>>
>> I can send you my cheat sheets for my Rocks 4.1 installations, if you
>> like.
>>
>> Larry Baker
>> US Geological Survey
>> 650-329-5608
>> baker@usgs.gov
>>
>> On Apr 27, 2006, at 4:17 PM, Jeremy Mann wrote:
>>
>>> Quick question, we are migrating our cluster to ROCKS 4.1 from SuSE
>>> 9.1. I
>>> did some experiments today and it seems I can just copy the passwd
>>> file to
>>> ROCKS. When I do that, users can't ssh to each node without a
>>> password
>>> prompt. Also, I tried to create the SSH keys, but they are still
>>> requiring
>>> a password.
>>>
>>> So my questions are, are there tools available to convert this and
>>> which
>>> program runs when a new user is created that makes the SSH keys
>>> visible to
>>> all nodes? They don't go into the database and I can't find where
>>> they go.
>>>
>>> Thanks for any help!
>>>
>>>
>>> --
>>> Jeremy Mann
>>> jeremy@biochem.uthscsa.edu
>>>
>>> University of Texas Health Science Center
>>> Bioinformatics Core Facility
>>> http://www.bioinformatics.uthscsa.edu
>>> Phone: (210) 567-2672
>>
>>
>
>
> --
> Jeremy Mann
> jeremy@biochem.uthscsa.edu
>
> University of Texas Health Science Center
> Bioinformatics Core Facility
> http://www.bioinformatics.uthscsa.edu
> Phone: (210) 567-2672
[Attachment #3 (unknown)]
<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: \
after-white-space; ">I think I have added a couple users to our small P4 cluster, and \
things seem to be just fine.<DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>Assuming the new user ID is <login>, \
I use two commands:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> # \
useradd -c "users's_real_name" -u UID_assigned -n -d /users/<login> \
<login></DIV><DIV> # passwd <login></DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>The first creates the account, the second \
sets the initial password. useradd updates /etc/auto.home (appends the new user \
<login>), although it does not use the "&" for the <login> name, it \
fills in the <login> name, e.g.:</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV> margaret \
thera.local:/users/margaret</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>When I hand-edited /etc/auto.home doing \
the installation/migration, I used "&", e.g.:</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV> baker \
thera.local:/users/&</DIV><DIV><BR><DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" \
size="3" style="font: 12.0px Helvetica">Larry Baker</FONT></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
"><FONT face="Helvetica" size="3" style="font: 12.0px Helvetica">US Geological \
Survey</FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px; "><FONT face="Helvetica" size="3" style="font: 12.0px \
Helvetica">650-329-5608</FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; "><FONT face="Helvetica" size="3" style="font: \
12.0px Helvetica"><A href="mailto:baker@usgs.gov">baker@usgs.gov</A></FONT></DIV> \
</DIV><BR><DIV><DIV>On Apr 27, 2006, at 4:54 PM, Jeremy Mann wrote:</DIV><BR \
class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Thanks for the tips \
Larry. I am afraid that if I create a new user (after</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">migration) that the \
auto.* files get rewritten. Did you have this problem</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">too? Or does the \
useradd python script append and not overwrite.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">Larry Baker said:</DIV> <BLOCKQUOTE type="cite"><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">Jeremy,</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I made a similar migration \
from SuSE 9.3 to Rocks 4.1 on a small 4-</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">node P4 cluster, and all I \
had to do was make entries for the</DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">existing user directories in \
/etc/auto.home (in our case, they are on</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">a separate disk, /users) \
and I merged (not just copied) the passwd,</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">shadow, group, and gshadow \
files in /etc:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Add entries in \
/etc/auto.home for the directories in /users:</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; "><SPAN class="Apple-converted-space"> </SPAN># vi \
/etc/auto.home</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">install <SPAN \
class="Apple-converted-space"> </SPAN>thera.local:/export/home/&</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">baker <SPAN class="Apple-converted-space"> \
</SPAN>thera.local:/users/&</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">If this is an upgrade of a previous Linux installation, merge the \
files:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN \
class="Apple-converted-space"> </SPAN>/etc/passwd</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN \
class="Apple-converted-space"> </SPAN>/etc/shadow</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN \
class="Apple-converted-space"> </SPAN>/etc/group</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><SPAN \
class="Apple-converted-space"> </SPAN>/etc/gshadow</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">to preserve any new entries that appear in both the old and new \
files.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Note: this was all done on \
the frontend before doing the compute node</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">installs.<SPAN \
class="Apple-converted-space"> </SPAN>I tested user ssh and X Windows logins on the \
frontend</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">before trying to turn it into a cluster.<SPAN \
class="Apple-converted-space"> </SPAN>(Baby steps.)<SPAN \
class="Apple-converted-space"> </SPAN>Also, I</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">should note that I turn \
off the Linux firewall (our entire campus is</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">firewalled).<SPAN \
class="Apple-converted-space"> </SPAN>It causes more grief than it is worth for \
us.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I did the same thing on a \
larger 16-node dual Opteron cluster that I</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">migrated from SLES \
8/United Linux 1 to Rocks 4.1.</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I \
can send you my cheat sheets for my Rocks 4.1 installations, if you</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">like.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Larry Baker</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">US \
Geological Survey</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px; ">650-329-5608</DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; "><A \
href="mailto:baker@usgs.gov">baker@usgs.gov</A></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">On Apr 27, 2006, at 4:17 PM, Jeremy Mann wrote:</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV> <BLOCKQUOTE type="cite"><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Quick question, we are \
migrating our cluster to ROCKS 4.1 from SuSE</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">9.1. I</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">did some experiments today and it seems I can just copy the passwd</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">file to</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">ROCKS. When I do that, users can't ssh to each node without a \
password</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">prompt. Also, I tried to create the SSH keys, but they are \
still</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">requiring</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">a password.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">So my questions are, are there tools available to convert this \
and</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">which</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">program runs when a new user is created that \
makes the SSH keys</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">visible to</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">all nodes? They don't go \
into the database and I can't find where</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">they go.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">Thanks for any help!</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">--</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">Jeremy Mann</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; "><A \
href="mailto:jeremy@biochem.uthscsa.edu">jeremy@biochem.uthscsa.edu</A></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">University of Texas Health Science \
Center</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">Bioinformatics Core Facility</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A \
href="http://www.bioinformatics.uthscsa.edu">http://www.bioinformatics.uthscsa.edu</A></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">Phone: (210) 567-2672</DIV> </BLOCKQUOTE><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV> </BLOCKQUOTE><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">--<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Jeremy Mann</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A \
href="mailto:jeremy@biochem.uthscsa.edu">jeremy@biochem.uthscsa.edu</A></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">University of Texas Health Science \
Center</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">Bioinformatics Core Facility</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A \
href="http://www.bioinformatics.uthscsa.edu">http://www.bioinformatics.uthscsa.edu</A></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">Phone: (210) 567-2672</DIV> </BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic