Our virtual machines provide resources similar to those provided by commercial hosting companies. Because our users are both sophisticated and trusted, we allow them almost full control over these machines.
Using their LDAP login credentials, users can access the Webmin management interface. This interface provides a GUI administration console, providing the ability to administer most aspects of the machine and software configurations. Should they prefer to admin their machine in the traditional way, they can use their kerberos credentials to ssh into the machine. By default, the admin account has almost full sudo permissions.
Tstaff provides an initial machine install and will perform a nightly security update of packages installed through the apt package management system. The virtual machine admin is responsible for ensuring the security of any software or packages installed outside the package management system. Every virtual machine must have a qualified admin associated with it. Should this admin change, please email problem with updated contact information. Tstaff will make a good faith effort to answer questions emailed to problem. However, we can not provide the same level of support on virtual machines as we do for standard desktop and departmental servers.
Requesting a Hosted Machine
If you or your research group is in need of a virtualized resources, please email firstname.lastname@example.org with your hosting request. Virtual machines can be used for CS course or research related purposes.
Please include the following in your request:
- A list of CS account names that should be given sudo privileges, other than you
- A list of resources (cpu cores/ram)
- How long you will need the VM
- A plan for VM maintenance for the intended duration
It might also be good to include a plan for ownership/maintenance, if you think you might need to hand over the VM to someone else or there is potential that the VM may need to live on beyond it's intend duration and you will not be here to maintain it. This seems unlikely, but all too often great projects are created and put to good use, but their lack of maintenance forces them to be shutdown because they are outdated and insecure.
By default, all hosted machines are created in our VMWare Stack. If you need physical hardware, i.e. your computational needs are such that a shared virtual environment will not be enough, please provide a description of your desired hardware in your request to email@example.com.
Default Configuration Details
Each hosting machine must have at least one administrator known to Tstaff. This way, Tstaff knows who to contact should there be some issue with the machine. By default, only administrators are allowed to log into the machine. Each administrator will have a home directory created for them on the virtual machine NFS share.
Should an administrator wish to grant a non-admin user access to the machine, they can do so by adding their departmental username to the local users group on the machine. After they have been added to this group, they will automatically be permitted to use kerberized ssh to log in. By default, this new user will not have a home directory and will get a warning when they log in. This is not a problem, we leave it up to the administrator to create a home directory.
All registered administrators should be able to ssh into the machine using their Kerberos credentials. You can optionally add an ssh keypair at a later time, should you wish to authenticate using this mechanism as well.
Virtual Machine Management
Depending on what your needs and abilities are, there are multiple ways to administer your hosted machine:
Webmin Management Console:
The simplest, but also least flexible way, is through webmin. This is an opensource, web browser based machine management suite. We have pared down the console to only reflect those functions requested by our users. From within the CS department or through the CS VPN connection, you can access webmin interface on your virtual host by pointing a browser at:
https://<your virtual host name>:10000.
NOTE: you will be prompted to accept a self-signed security certificate when you navigate to this site.
By default, we also allow full root access to the machine via sudo to all registered administrators. Users should authenticate with their Kerberos credentials.
Each virtual machine is hosted on the CIS VMware infrastructure. The actual virtual machine disk images are stored on the CIS VMWare vSphere servers and managed by the CIS VMWare team. The virtual machine mounts an NFS share on /vol and anything placed in this NFS share is backed up weekly. It is recommended that any user data, web pages, etc. are stored on this NFS share.
All user data, including: web roots, home directories, etc., should be put onto the /vol partition. This partition is mounted off a departmental NFS server, which has full snapshot capabilities and incremental backups.
The virtual machine is configured to perform a nightly backup of its local disk image to /vol/backup/snapshots. The machine disk, all directories other than /vol, are backed up via a daily and weekly rsnapshot cronjob onto /vol/backup/snapshots/<daily>.[0-6]/<machine name> and /vol/backup/snapshots/<weekly>.[0-3]/<machine name>, respectively.
The virtual machine can send email to @cs.brown.edu addresses. Should you require the ability to send to outside email addresses or receive incoming email, please contact problem via firstname.lastname@example.org.
The virtual machine is running a mysql database. You can configure the database using webmin interface. The actual database resides in the directory /var/lib/mysql.
The virtual machine has apache2 configured to serve static and php generated webpages from /vol/web/html, execute cgi-bin scripts from /vol/web/cgi-bin, and log traffic and errors to /var/log/apache2. You can use webmin to manage your apache server.