Research and Development Network

{{toc}}

h1. Hosts

These hosts are all @.dev.ru.is@ DNS names unless specifically noted.

Naming scheme:

* critical infrastructure: 13 Icelandic Christmas lads and family

* general servers/personal projects: Norse gods

* unallocated: numerically spelled out and matching IP

Services are done through DNS CNAMES unless this is unsupported in the application.

h2. Hosts by DNS name

* @baldur@ (RU controlled)

** cisco router 

* @hod@ (RU controlled)

** ethernet switch 

* @eir@ (freysteinn)

** bridge/firewall

** Shorewall filtering/routing

** [[NAT]]  connected to @frigga@ (foley, freysteinn)

** [[DNS Server]] primary 

** [[DHCP Server]] 

* @centipede@ (ymir, freysteinn) *DECOMISSIONED*

** cluster frontnode 

* @gryla@ (foley, stephans)

** Kerberos server for DEV.RU.IS primary: [[Kerberos Tests]]

** [[AFS Server]]

*** db server aka @afsdb1@

*** file server

** [[DNS Server]] secondary (foley) cname @ns2.dev.ru.is@

** [[NTP Server]] strata-1 (foley) cname @time.dev.ru.is@

* @stekkjarstaur@ (foley)

** Kerberos server for DEV.RU.IS secondary cname @kerberos-1.dev.ru.is@ [[Kerberos Tests]]

** [[AFS Server]]

** Backups

*** samvinna.ru.is backups

*** projects.cs.ru.is backups

** db server aka @afsdb2.dev.ru.is@

* @giljagaur@ (foley, stephans, jay)

** Kerberos server for DEV.RU.IS secondary cname @kerberos-2.dev.ru.is@ [[Kerberos Tests]]

** [[PXE Server]] (foley, stephans, freysteinn, kupo, baldur) on cname @pxe.dev.ru.is@

** [[AFS Server]]

*** db server aka @afsdb3.dev.ru.is@

*** file server

* @gluggagaegir@ (foley)

** [[AFS Server]]

*** file server on fast SCSI3 disks

* @frigga@ wireless access point (freysteinn)

** [[Wireless Access Point]]

* @broadcast@ NOT REAL

** This is a placeholder for the network broadcast

* @pottasleikir@ (freysteinn)

** Nagios server

* @day@ (Gunnar, hakkavélin)

** Nginx Web server

** PostgreSQL Database server

** E-Mail server (todo)

* @buri@

** A backup for Day for swapping out

h2. Projects/Personal

* @odin@ (foley, hannes)

** RU Ad-hoc wireless project

** Previously RU-MIT collaboration server for Gedeminas Urbonas project

* @njord@ (foley)

** Hardware on loan from CS IT

** Centos test server for [[IPA and ActiveDirectory]]

* @ketkrokur@ (kupo, zarutian)

** debian shell server

* @tiki@ (kupo, freysteinn)

** [[Minecraft Server]] 

* @loki@ (kupo) 

** [[Tor Exit node]] DISABLED.  Waiting for RHNet to change policy on anonymization

* @earth@ (jg, foley)

** Speech research server (jg, hassan)

* @aegir@ (bjarni, freysteinn)

** Bjarnis experimental server

* @"otr":https://en.wikipedia.org/wiki/%C3%93tr@ (used to be vale) 

** raspberry pi server running raspbian (debian squeeze) and tor

* @bor@ (foley)

** foley's backup server (MIT, some AFS)

**** Repositories with Icelandic Blood Bank (oes@ru.is)

** foley's svn server

*** Project with Czech Technical Institute: Irena Valterova <irena@uochb.cas.cz>

** foley's photo gallery server

** foley's Dev Project Server [[ChiliProject]]

h2. Offsite

Also, servers not on devnet that have related services

* @samvinna.ru.is@

** jabber(XMPP) on cname @jabber.ru.is@

** gallery on cname @gallery.ru.is@

** afs fileserver for dev.ru.is

** chiliproject

** svn server (connected to chiliproject) on cname @svn.ru.is@

h2. Unallocated

* @stufur@

** Previously Windows Server 2008 Standard

** Previously [[ActiveDirectory server]] for @dev.ru.is@ for testing

* @bolverk@ - previously ActiveDirectory server

* @freyr@ - ubuntu 10.04, used to be gluggagaegir

* @freyja@

* @gattathefur@  - ubuntu 12.04 installed

* @hurdaskellir@  - ubuntu 12.04 installed

* @bragi@    

* @vidar@ changed from einherjar

* @hoder@ changed from forseti

h1. Common

Useful configuration files and information at @/afs/dev.ru.is/host/common@

h2. Synchronization

Ideas for server synchornization at @/afs/sipb.mit.edu/machine/office/bin/syncsipb@

h2. Adding users to a host

Since we are using AFS and kerberos, you need to have the UIDs of the local user match what AFS thinks.

If/when we get the IPA or LDAP infrastructure setup, this will be done automatically.  For now, you have to do it manually:

# Find out what the user's AFS UID is

<pre>pts examine [USERNAME]</pre>

## as an example, test has the UID 20012

<pre>pts examine test

Name: test, id: 20012, owner: system:administrators, creator: foley.afsadm,

  membership: 0, flags: S----, group quota: 20.

</pre>

# Create a user with that UID.  In this example, it will be the username "test".  When it asks you for a Kerberos password, just leave it blank.  If you don't have ksu working, use sudo instead.

<pre> ksu -e /usr/sbin/adduser --uid 20012 test

Authenticated foley@DEV.RU.IS

Account root: authorization for foley@DEV.RU.IS for execution of

               /usr/sbin/adduser successful

Changing uid to root (0)

Adding user `test' ...

Adding new group `test' (20012) ...

Adding new user `test' (20012) with group `test' ...

Creating home directory `/home/test' ...

Copying files from `/etc/skel' ...

Current Kerberos password:

Current Kerberos password:

passwd: Authentication token manipulation error

passwd: password unchanged

Try again? [y/N]

Changing the user information for test

Enter the new value, or press ENTER for the default

        Full Name []: Test User

        Room Number []: V101

        Work Phone []: 123-45678

        Home Phone []:

        Other []:

Is the information correct? [Y/n]

</pre>

h1. Frequently Asked Questions

h2. I can't ssh in from the outside!  But I can ssh from a host on devnet.

This is because we are using the DenyHosts measure to reduce breakins.  This sees how many failed attempts to login from a given IP address happen and blocks them if it happens too much.  Unfortunately, all of the traffic from RU appears to come from fire-out.ru.is, which is 130.208.247.2 so it needs to be whitelisted

More information at http://denyhosts.sourceforge.net/faq.html#allowed

In short, edit the @/var/lib/denyhosts/allowed-hosts@ file and put a line with the IP address, but no date/time.

If you have AFS running, you can simply connect to the default allowed-hosts in the Workstation config

<pre>ln -s /afs/dev.ru.is/project/devnet/Public/Workstation/var/lib/denyhosts/allowed-hosts /var/lib/denyhosts/allowed-hosts</pre>

Recommended content:

<pre>130.208.247.2

130.208.208.35

130.208.208.37

130.208.208.39

130.208.208.40

130.208.208.44

</pre>

To take that IP off the bad list, http://denyhosts.sourceforge.net/faq.html#3_19

In short, remove all lines from @/var/lib/denyhosts/host-*@ that contain the IP address