Version 2 - History - Hosts - Research and Development Network - projects @ RU

1

Joseph Foley

{{toc}}

4

1

Joseph Foley

5

h1. Hosts

6

7

These hosts are all @.dev.ru.is@ DNS names unless specifically noted.

8

9

Naming scheme:

10

* critical infrastructure: 13 Icelandic Christmas lads and family

11

* general servers/personal projects: Norse gods

12

* unallocated: numerically spelled out and matching IP

13

14

Services are done through DNS CNAMES unless this is unsupported in the application.

15

16

17

h2. Hosts by DNS name

18

19

* @baldur@ (RU controlled)

20

** cisco router

21

* @hod@ (RU controlled)

22

** ethernet switch

23

* @eir@ (freysteinn)

24

** bridge/firewall

25

** Shorewall filtering/routing

26

** [[NAT]]  connected to @frigga@ (foley, freysteinn)

27

** [[DNS Server]] primary

28

** [[DHCP Server]]

29

* @centipede@ (ymir, freysteinn) *DECOMISSIONED*

30

** cluster frontnode

31

* @gryla@ (foley, stephans)

32

** Kerberos server for DEV.RU.IS primary: [[Kerberos Tests]]

33

** [[AFS Server]]

34

*** db server aka @afsdb1@

35

*** file server

36

** [[DNS Server]] secondary (foley) cname @ns2.dev.ru.is@

37

** [[NTP Server]] strata-1 (foley) cname @time.dev.ru.is@

38

* @stekkjarstaur@ (foley)

39

** Kerberos server for DEV.RU.IS secondary cname @kerberos-1.dev.ru.is@ [[Kerberos Tests]]

40

** [[AFS Server]]

41

** Backups

42

*** samvinna.ru.is backups

43

*** projects.cs.ru.is backups

44

** db server aka @afsdb2.dev.ru.is@

45

* @giljagaur@ (foley, stephans, jay)

46

** Kerberos server for DEV.RU.IS secondary cname @kerberos-2.dev.ru.is@ [[Kerberos Tests]]

47

** [[PXE Server]] (foley, stephans, freysteinn, kupo, baldur) on cname @pxe.dev.ru.is@

48

** [[AFS Server]]

49

*** db server aka @afsdb3.dev.ru.is@

50

*** file server

51

* @gluggagaegir@ (foley)

52

** [[AFS Server]]

53

*** file server on fast SCSI3 disks

54

* @frigga@ wireless access point (freysteinn)

55

** [[Wireless Access Point]]

56

* @broadcast@ NOT REAL

57

** This is a placeholder for the network broadcast

58

* @pottasleikir@ (freysteinn)

59

** Nagios server

60

* @day@ (Gunnar, hakkavélin)

61

** Nginx Web server

62

** PostgreSQL Database server

63

** E-Mail server (todo)

64

* @buri@

65

** A backup for Day for swapping out

66

67

h2. Projects/Personal

68

69

* @odin@ (foley, hannes)

70

** RU Ad-hoc wireless project

71

** Previously RU-MIT collaboration server for Gedeminas Urbonas project

72

* @njord@ (foley)

73

** Hardware on loan from CS IT

74

** Centos test server for [[IPA and ActiveDirectory]]

75

* @ketkrokur@ (kupo, zarutian)

76

** debian shell server

77

* @tiki@ (kupo, freysteinn)

78

** [[Minecraft Server]]

79

* @loki@ (kupo)

80

** [[Tor Exit node]] DISABLED.  Waiting for RHNet to change policy on anonymization

81

* @earth@ (jg, foley)

82

** Speech research server (jg, hassan)

83

* @aegir@ (bjarni, freysteinn)

84

** Bjarnis experimental server

85

* @"otr":https://en.wikipedia.org/wiki/%C3%93tr@ (used to be vale)

86

** raspberry pi server running raspbian (debian squeeze) and tor

87

* @bor@ (foley)

88

** foley's backup server (MIT, some AFS)

89

**** Repositories with Icelandic Blood Bank (oes@ru.is)

90

** foley's svn server

91

*** Project with Czech Technical Institute: Irena Valterova <irena@uochb.cas.cz>

92

** foley's photo gallery server

93

** foley's Dev Project Server [[ChiliProject]]

94

95

h2. Offsite

96

97

Also, servers not on devnet that have related services

98

* @samvinna.ru.is@

99

** jabber(XMPP) on cname @jabber.ru.is@

100

** gallery on cname @gallery.ru.is@

101

** afs fileserver for dev.ru.is

102

** chiliproject

103

** svn server (connected to chiliproject) on cname @svn.ru.is@

104

105

h2. Unallocated

106

107

* @stufur@

108

** Previously Windows Server 2008 Standard

109

** Previously [[ActiveDirectory server]] for @dev.ru.is@ for testing

110

* @bolverk@ - previously ActiveDirectory server

111

* @freyr@ - ubuntu 10.04, used to be gluggagaegir

112

* @freyja@

113

* @gattathefur@  - ubuntu 12.04 installed

114

* @hurdaskellir@  - ubuntu 12.04 installed

115

* @bragi@

116

* @vidar@ changed from einherjar

117

* @hoder@ changed from forseti

118

119

h1. Common

120

121

Useful configuration files and information at @/afs/dev.ru.is/host/common@

122

123

h2. Synchronization

124

125

Ideas for server synchornization at @/afs/sipb.mit.edu/machine/office/bin/syncsipb@

126

127

h2. Adding users to a host

128

129

Since we are using AFS and kerberos, you need to have the UIDs of the local user match what AFS thinks.

130

If/when we get the IPA or LDAP infrastructure setup, this will be done automatically.  For now, you have to do it manually:

131

132

# Find out what the user's AFS UID is

133

<pre>pts examine [USERNAME]</pre>

134

## as an example, test has the UID 20012

135

<pre>pts examine test

136

Name: test, id: 20012, owner: system:administrators, creator: foley.afsadm,

137

  membership: 0, flags: S----, group quota: 20.

138

</pre>

139

# Create a user with that UID.  In this example, it will be the username "test".  When it asks you for a Kerberos password, just leave it blank.  If you don't have ksu working, use sudo instead.

140

<pre> ksu -e /usr/sbin/adduser --uid 20012 test

141

Authenticated foley@DEV.RU.IS

142

Account root: authorization for foley@DEV.RU.IS for execution of

143

               /usr/sbin/adduser successful

144

Changing uid to root (0)

145

Adding user `test' ...

146

Adding new group `test' (20012) ...

147

Adding new user `test' (20012) with group `test' ...

148

Creating home directory `/home/test' ...

149

Copying files from `/etc/skel' ...

150

Current Kerberos password:

151

Current Kerberos password:

152

passwd: Authentication token manipulation error

153

passwd: password unchanged

154

Try again? [y/N]

155

Changing the user information for test

156

Enter the new value, or press ENTER for the default

157

        Full Name []: Test User

158

        Room Number []: V101

159

        Work Phone []: 123-45678

160

        Home Phone []:

161

        Other []:

162

Is the information correct? [Y/n]

163

</pre>

164

165

h1. Frequently Asked Questions

166

167

h2. I can't ssh in from the outside!  But I can ssh from a host on devnet.

168

169

This is because we are using the DenyHosts measure to reduce breakins.  This sees how many failed attempts to login from a given IP address happen and blocks them if it happens too much.  Unfortunately, all of the traffic from RU appears to come from fire-out.ru.is, which is 130.208.247.2 so it needs to be whitelisted

170

171

More information at http://denyhosts.sourceforge.net/faq.html#allowed

172

In short, edit the @/var/lib/denyhosts/allowed-hosts@ file and put a line with the IP address, but no date/time.

173

If you have AFS running, you can simply connect to the default allowed-hosts in the Workstation config

174

<pre>ln -s /afs/dev.ru.is/project/devnet/Public/Workstation/var/lib/denyhosts/allowed-hosts /var/lib/denyhosts/allowed-hosts</pre>

175

Recommended content:

176

<pre>130.208.247.2

177

130.208.208.35

178

130.208.208.37

179

130.208.208.39

180

130.208.208.40

181

130.208.208.44

182

</pre>

183

184

To take that IP off the bad list, http://denyhosts.sourceforge.net/faq.html#3_19

185

In short, remove all lines from @/var/lib/denyhosts/host-*@ that contain the IP address

Project

General

Profile

Research and Development Network

Hosts » History » Version 2