Project

General

Profile

Actions
History

Wiki » Getting Started »

{{toc}}
h1. Note -- this data is very out of date. It was for the DevNet before it become RNDnet

Hosts

These hosts are all .dev.ru.is DNS names unless specifically noted.

Naming scheme:
  • critical infrastructure: 13 Icelandic Christmas lads and family
  • general servers/personal projects: Norse gods
  • unallocated: numerically spelled out and matching IP

Services are done through DNS CNAMES unless this is unsupported in the application.

Hosts by DNS name

  • baldur (RU controlled)
    • cisco router
  • hod (RU controlled)
    • ethernet switch
  • eir (freysteinn)
    • bridge/firewall
    • Shorewall filtering/routing
    • NAT connected to frigga (foley, freysteinn)
    • DNS Server primary
    • DHCP Server
  • centipede (ymir, freysteinn) DECOMISSIONED
    • cluster frontnode
  • gryla (foley, stephans)
  • stekkjarstaur (foley)
    • Kerberos server for DEV.RU.IS secondary cname kerberos-1.dev.ru.is Kerberos Tests
    • AFS Server
    • Backups
      • samvinna.ru.is backups
      • projects.cs.ru.is backups
    • db server aka afsdb2.dev.ru.is
  • giljagaur (foley, stephans, jay)
    • Kerberos server for DEV.RU.IS secondary cname kerberos-2.dev.ru.is Kerberos Tests
    • PXE Server (foley, stephans, freysteinn, kupo, baldur) on cname pxe.dev.ru.is
    • AFS Server
      • db server aka afsdb3.dev.ru.is
      • file server
  • gluggagaegir (foley)
  • frigga wireless access point (freysteinn)
  • broadcast NOT REAL
    • This is a placeholder for the network broadcast
  • pottasleikir (freysteinn)
    • Nagios server
  • day (Gunnar, hakkavélin)
    • Nginx Web server
    • PostgreSQL Database server
    • E-Mail server (todo)
  • buri
    • A backup for Day for swapping out

Projects/Personal

  • odin (foley, hannes)
    • RU Ad-hoc wireless project
    • Previously RU-MIT collaboration server for Gedeminas Urbonas project
  • njord (foley)
  • ketkrokur (kupo, zarutian)
    • debian shell server
  • tiki (kupo, freysteinn)
  • loki (kupo)
    • Tor Exit node DISABLED. Waiting for RHNet to change policy on anonymization
  • earth (jg, foley)
    • Speech research server (jg, hassan)
  • aegir (bjarni, freysteinn)
    • Bjarnis experimental server
  • "otr":https://en.wikipedia.org/wiki/%C3%93tr (used to be vale)
    • raspberry pi server running raspbian (debian squeeze) and tor
  • bor (foley)
    • foley's backup server (MIT, some AFS)
      • Repositories with Icelandic Blood Bank ()
    • foley's svn server
    • foley's photo gallery server
    • foley's Dev Project Server ChiliProject

Offsite

Also, servers not on devnet that have related services
  • samvinna.ru.is
    • jabber(XMPP) on cname jabber.ru.is
    • gallery on cname gallery.ru.is
    • afs fileserver for dev.ru.is
    • chiliproject
    • svn server (connected to chiliproject) on cname svn.ru.is

Unallocated

  • stufur
  • bolverk - previously ActiveDirectory server
  • freyr - ubuntu 10.04, used to be gluggagaegir
  • freyja
  • gattathefur - ubuntu 12.04 installed
  • hurdaskellir - ubuntu 12.04 installed
  • bragi
  • vidar changed from einherjar
  • hoder changed from forseti

Common

Useful configuration files and information at /afs/dev.ru.is/host/common

Synchronization

Ideas for server synchornization at /afs/sipb.mit.edu/machine/office/bin/syncsipb

Adding users to a host

Since we are using AFS and kerberos, you need to have the UIDs of the local user match what AFS thinks.
If/when we get the IPA or LDAP infrastructure setup, this will be done automatically. For now, you have to do it manually:

  1. Find out what the user's AFS UID is
    pts examine [USERNAME]
    1. as an example, test has the UID 20012
      pts examine test
Name: test, id: 20012, owner: system:administrators, creator: foley.afsadm,
  membership: 0, flags: S----, group quota: 20.
  2. Create a user with that UID. In this example, it will be the username "test". When it asks you for a Kerberos password, just leave it blank. If you don't have ksu working, use sudo instead.
     ksu -e /usr/sbin/adduser --uid 20012 test
Authenticated foley@DEV.RU.IS
Account root: authorization for foley@DEV.RU.IS for execution of
               /usr/sbin/adduser successful
Changing uid to root (0)
Adding user `test' ...
Adding new group `test' (20012) ...
Adding new user `test' (20012) with group `test' ...
Creating home directory `/home/test' ...
Copying files from `/etc/skel' ...
Current Kerberos password:
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N]
Changing the user information for test
Enter the new value, or press ENTER for the default
        Full Name []: Test User
        Room Number []: V101
        Work Phone []: 123-45678
        Home Phone []:
        Other []:
Is the information correct? [Y/n]

Frequently Asked Questions

I can't ssh in from the outside! But I can ssh from a host on devnet.

This is because we are using the DenyHosts measure to reduce breakins. This sees how many failed attempts to login from a given IP address happen and blocks them if it happens too much. Unfortunately, all of the traffic from RU appears to come from fire-out.ru.is, which is 130.208.247.2 so it needs to be whitelisted

More information at http://denyhosts.sourceforge.net/faq.html#allowed
In short, edit the /var/lib/denyhosts/allowed-hosts file and put a line with the IP address, but no date/time.
If you have AFS running, you can simply connect to the default allowed-hosts in the Workstation config

ln -s /afs/dev.ru.is/project/devnet/Public/Workstation/var/lib/denyhosts/allowed-hosts /var/lib/denyhosts/allowed-hosts

Recommended content:
130.208.247.2
130.208.208.35
130.208.208.37
130.208.208.39
130.208.208.40
130.208.208.44

To take that IP off the bad list, http://denyhosts.sourceforge.net/faq.html#3_19
In short, remove all lines from /var/lib/denyhosts/host-* that contain the IP address

Updated by Joseph Foley about 9 years ago · 2 revisions