Recipe for EMS License Servers

KVM VM - 32 GB HDD (iothread), 1 GB RAM, 1 socket/1 core (numa)

  • KVM config
    • 32 GB HDD (iothread)
    • 1 core, 1 socket, numa
    • 1 GB RAM
    • Realtek NIC in NAT mode - FlexLM MAC addr (00:30:84:0B:ED:00 emsghost; 00:10:4B:D2:9C:F2 ecelicense)
    • add additional: VirtIO NIC bridged to vmbr0
    • disable “use tablet for pointer”
  • base netinst of Debian Jessie
    • hostname ecelicense or emsghost – domain pnw.edu
    • only configure eth1 (virtio) during install
    • guided, one-partition layout
    • set noatime on root
    • delete swap on logical partition, recreate as primary
  • > /etc/motd
  • apt-get --no-install-recommends install aptitude
  • aptitude install ssh (leave xauth, as we might use it for wine stuff)
  • migrate ssh keys from old servers
  • adjust /etc/hosts – use 127.0.1.1 for hostname - include ces.pnw.edu, purduecal.edu, ems.purduecal.edu variants
  • aptitude install less screen rsync psmisc file patch ethtool strace tcpdump vim bzip2 xz-utils
  • aptitude --without-recommends install dnsutils
  • adduser tdobes adm
  • adduser tdobes systemd-journal
  • aptitude install dbus
  • aptitude --without-recommends install ntp
    echo '[Unit]' > /etc/systemd/system/ntp.service
    echo 'Description=Network Time Protocol daemon' >> /etc/systemd/system/ntp.service
    echo 'After=network.target' >> /etc/systemd/system/ntp.service
    echo >> /etc/systemd/system/ntp.service
    echo '[Service]' >> /etc/systemd/system/ntp.service
    echo 'ExecStart=/usr/sbin/ntpd -n -g -u ntp:ntp' >> /etc/systemd/system/ntp.service
    echo >> /etc/systemd/system/ntp.service
    echo '[Install]' >> /etc/systemd/system/ntp.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ntp.service
    systemctl enable ntp.service
  • mkdir -p /etc/systemd/system/ssh.socket.d
    echo '[Socket]' > /etc/systemd/system/ssh.socket.d/port-2222.conf
    echo 'ListenStream=2222' >> /etc/systemd/system/ssh.socket.d/port-2222.conf
    systemctl disable ssh.service && systemctl enable ssh.socket
  • mkdir -p /etc/systemd/system/getty\@tty1.service.d
    echo '[Service]' > /etc/systemd/system/getty\@tty1.service.d/noclear.conf
    echo 'TTYVTDisallocate=no' >> /etc/systemd/system/getty\@tty1.service.d/noclear.conf
  • aptitude purge acpid acpi-support-base # systemd-logind takes care of this
  • sed -i -e 's/^GRUB_CMDLINE_LINUX_DEFAULT="quiet"$/GRUB_CMDLINE_LINUX_DEFAULT="quiet panic=5"/g' /etc/default/grub && update-grub
  • systemctl mask keyboard-setup.service
    systemctl mask console-setup.service
    systemctl mask rc-local.service
  • Add this to /etc/network/interfaces:
    allow-hotplug eth0
    iface eth0 inet manual
    	pre-up ifconfig $IFACE up
    	up ifconfig $IFACE 10.0.0.0 netmask 255.255.255.255 broadcast 0.0.0.0
    	pre-down ifconfig $IFACE down
    
    allow-hotplug eth1:0
    iface eth1:0 inet static
            address 192.168.68.132
            netmask 255.255.255.0
  • aptitude install unattended-upgrades
  • echo $'APT::Periodic::Update-Package-Lists "1";\nAPT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/20auto-upgrades
  • migrate over service user accounts
    • emsghost /etc/passwd:
      flexlm:x:201:65534::/nonexistent:/bin/false
      wibukey:x:202:65534::/nonexistent:/bin/false
      netsentinel:x:203:65534::/opt/netsentinel:/bin/false
      codemeter:x:204:65534::/nonexistent:/bin/false
      mathlm:x:205:65534::/nonexistent:/bin/false
      hasp:x:206:65534::/nonexistent:/bin/false
      alus:x:207:65534::/nonexistent:/bin/false
      gurobi:x:208:65534::/nonexistent:/bin/false
      monitor:x:210:65534::/home/monitor:/bin/sh
    • emsghost /etc/shadow:
      flexlm:*:14729:0:99999:7:::
      wibukey:*:14729:0:99999:7:::
      netsentinel:*:14729:0:99999:7:::
      codemeter:*:14729:0:99999:7:::
      mathlm:*:14729:0:99999:7:::
      hasp:*:14729:0:99999:7:::
      alus:*:14729:0:99999:7:::
      gurobi:*:14729:0:99999:7:::
      monitor:*:14729:0:99999:7:::
    • ecelicense /etc/passwd:
      flexlm:x:201:65534::/nonexistent:/bin/flase
      everlock:x:202:65534::/nonexistent:/bin/false
      elise:x:203:65534::/nonexistent:/bin/false
      monitor:x:210:65534::/home/monitor:/bin/sh
    • ecelicense /etc/shadow:
      flexlm:*:14730:0:99999:7:::
      everlock:*:14730:0:99999:7:::
      elise:*:14730:0:99999:7:::
      monitor:*:14730:0:99999:7:::
  • migrate over stuff in /opt
    • temporarily enable root login on old server
    • rsync -aixX --del 205.215.68.?:/opt/ /opt/
  • migrate over old /home/monitor
  • mkdir -p /var/log/flexlm && chown flexlm:adm /var/log/flexlm && chmod 750 /var/log/flexlm
  • aptitude install libc6-i386 lib32gcc1 # compatibility for 32-bit license daemons
  • ln -s /tmp /usr/tmp # flexlm needs this; weird
  • ln -s ld-linux-x86-64.so.2 /lib64/ld-lsb-x86-64.so.3 # needed for 64-bit lmgrd
  • ln -s ld-linux.so.2 /lib/ld-lsb.so.3 # some builds of 32-bit lmgrd need this
  • codemeter stuff for emsghost only:
    • mkdir -p /etc/wibu && ln -s /opt/codemeter/etc /etc/wibu/CodeMeter
    • mkdir /var/log/codemeter && chown codemeter:adm /var/log/codemeter && chmod 750 /var/log/codemeter
    • create /etc/udev/rules.d/52-codemeter.rules:
      # disable automount for CmSticks without real flash part
      SUBSYSTEM=="block", ATTRS{idVendor}=="064f", ATTRS{idProduct}=="03e9", OPTIONS+="ignore_device"
      
      # change owner for /dev/bus/usb node, load sg module:
      SUBSYSTEM=="usb", ATTRS{idVendor}=="064f", ATTRS{idProduct}=="03e9", OWNER="codemeter", RUN+="/sbin/modprobe -b sg"
      # HID CmStick (no sg):
      SUBSYSTEM=="usb", ATTRS{idVendor}=="064f", ATTRS{idProduct}=="2af9", OWNER="codemeter"
      
      # change owner for /dev/sg# node:
      SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="usb", ATTRS{idVendor}=="064f", ATTRS{idProduct}=="03e9", OWNER="codemeter"
  • wibukey stuff for emsghost only:
    • aptitude --without-recommends install libfontconfig1 libsm6
    • mkdir -p /etc/wibu && ln -s /opt/wibukey/etc /etc/wibu/WIBU-KEY
    • touch /var/log/WkServer.log && chown wibukey:adm /var/log/WkServer.log && chmod 640 /var/log/WkServer.log && ln -s WkServer.log /var/log/wibukey.log
    • create /etc/udev/rules.d/52-wibukey.rules:
      # change owner for /dev/bus/usb node:
      SUBSYSTEM=="usb", ATTRS{idVendor}=="064f", ATTRS{idProduct}=="0bd7", OWNER="wibukey"
  • hasp stuff for emsghost only:
    • ln -s /opt/hasp/etc /etc/hasplm && ln -s /opt/hasp/var /var/hasplm
    • touch /var/log/hasp-access.log /var/log/hasp-error.log && chown hasp:adm /var/log/hasp-access.log /var/log/hasp-error.log && chmod 0640 /var/log/hasp-access.log /var/log/hasp-error.log
    • create /etc/udev/rules.d/52-hasp.rules:
      # change owner for /dev/bus/usb node:
      SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", OWNER="hasp", ENV{HASP}="1", SYMLINK+="aks/hasp/%k"
  • mathlm stuff for emsghost only:
    • touch /var/log/mathlm.log && chown mathlm:adm /var/log/mathlm.log && chmod 640 /var/log/mathlm.log
  • alus stuff for emsghost only:
    • mkdir -p /var/log/alus && touch /var/log/alus/alus.log && chown -R alus:adm /var/log/alus && chmod 750 /var/log/alus && chmod 640 /var/log/alus/alus.log
  • stuff for windows-based licenses:
    • dpkg --add-architecture i386
    • aptitude update && aptitude forget-new
    • aptitude --without-recommends install wine32:i386
    • rather than manually deleting lmgrd temporary files, put them in systemd-managed tmp:
      rm -r '/opt/flexlm/ni/wine/drive_c/windows/profiles/All Users/Application Data/Macrovision'
      ln -s /tmp '/opt/flexlm/ni/wine/drive_c/windows/profiles/All Users/Application Data/Macrovision'
      
      rm -r '/opt/flexlm/rockwell/wine/drive_c/windows/profiles/All Users/Application Data/Macrovision'
      ln -s /tmp '/opt/flexlm/rockwell/wine/drive_c/windows/profiles/All Users/Application Data/Macrovision'
  • embarcadero stuff for ecelicense only:
    • copy old elise.lic and server_*.slip to /opt/embarcadero/LicenseCenter/conf/
    • copy old LM_REPORTING* to /opt/embarcadero/LicenseCenter/db/
    • chown elise /opt/embarcadero/LicenseCenter/conf/elise.lic
    • chown -R elise /opt/embarcadero/LicenseCenter/db
    • chown elise /opt/embarcadero/LicenseCenter/reports
    • chown elise:adm /opt/embarcadero/LicenseCenter/logs/*.log && chmod 640 /opt/embarcadero/LicenseCenter/logs/*.log
    • chown elise /opt/embarcadero/LicenseCenter/conf/catalog.xml
    • chown elise /opt/embarcadero/LicenseCenter # yes, this is really needed. The dumb thing insists on deleting and recreating the “work” subdirectory.
    • ln -s /opt/embarcadero/LicenseCenter/logs/info.log /var/log/embarcadero.log
  • everlock stuff for ecelicense only:
    • aptitude --without-recommends install samba
    • copy in old /etc/samba/smb.conf
  • configure services to auto-start:
    • on emsghost: systemctl enable flexlm-ansoft flexlm-ansys flexlm-autodesk flexlm-comsol flexlm-maple flexlm-maple-v13 flexlm-msc flexlm-ptc flexlm-siemens mathlm codemeter gurobi hasp-aksusbd hasplmd wibukey alus
    • on ecelicense: systemctl enable flexlm-altera flexlm-cadence flexlm-ni flexlm-rockwell flexlm-speed flexlm-ti flexlm-xilinx embarcadero everlockfs
TODO: migrate log files

TODO: move emsghost to emsvm1 where dongles are attached
TODO: Netsentinel (emsghost - parallel port dongle for Masoud)

TODO: Fix WINE full hostname for FlexLM (have to use short hostnames at the moment)
TODO: Fix Gurobi license - tied to virtio MAC address instead of realtek
computer/license_servers.txt · Last modified: 2016/09/30 11:10 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS