Line 3: |
Line 3: |
| == Hostnames == | | == Hostnames == |
| * justice.sugarlabs.org | | * justice.sugarlabs.org |
− | * freedom.sugarlas.org | + | * freedom.sugarlabs.org |
| | | |
− | === Info ===
| + | == Info == |
| | | |
| Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012. | | Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012. |
| | | |
| Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups. | | Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups. |
| + | |
| + | == Machines == |
| + | |
| + | The following machines services are hosted: |
| + | |
| + | * [[Machine/lightwave]], [[Service/Nameservers]], |
| + | * [[Machine/pootle]], [[Service/translate]], |
| + | * [[Service/activities]] aslo, |
| + | * [[Machine/library]], |
| + | * [[Machine/aslo4]], |
| + | * [[Machine/jita]], [[Service/git]], [[Service/jabber]], [[Service/meeting]], [[Service/obs]], [[Service/chat]], [[Service/cgit]], [[Service/blacklist]], [[Service/stats]], |
| | | |
| == Hardware == | | == Hardware == |
Line 19: |
Line 30: |
| | | |
| == Management == | | == Management == |
− | The two servers have awful SMT management cards from Supermicro: | + | The two servers have SMT management cards from Supermicro with a seriously awful web interface: |
| * [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org] | | * [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org] |
| * [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org] | | * [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org] |
− | Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year). | + | Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year). |
| + | |
| + | '''Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.''' |
| | | |
− | Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-( | + | It's also possible to talk to the management card from Linux using ipmitool. |
| + | |
| + | Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-( |
| | | |
| == Software == | | == Software == |
− | * Ubuntu Precise (12.04) amd64 on justice | + | * Justice: Ubuntu 18.04 LTS Bionic |
− | * Ubuntu 14.04 LTS on freedom | + | * Freedom: Ubuntu 18.04 LTS Bionic |
| | | |
| == Location == | | == Location == |
− | Hosted by the [http://media.mit.edu/ MIT Media Lab], building E15. | + | Hosted by the [http://media.mit.edu/ MIT Media Lab] in server room E15-243. |
| | | |
| == Admins == | | == Admins == |
− | * [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode | + | * [[User:MrBIOS|Alex Perez]], aperezbios on #sugar libera.chat |
− | * [[User:Scg|Samuel Cantero]], scg on #sugar Freenode | + | * [[User:Bernie|Bernie Innocenti]], bernie on #sugar libera.chat |
− | * [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse]
| + | * [[User:Srevin03|Srevin Saju]], srevinsaju on #sugar on libera.chat |
− | * [[User:SAMdroid|Sam]], samdroid on #sugar on Freenode | |
| | | |
| == Network configuration == | | == Network configuration == |
| Justice is globally accessible through public, static IPv4. | | Justice is globally accessible through public, static IPv4. |
| The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records. | | The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records. |
− |
| |
− | IPs 18.85.44.59-77 are available for hosted VMs.
| |
| | | |
| == Hosted VMs == | | == Hosted VMs == |
− | All KVM virtual machines are managed by libvirtd. Yes, that's scary. | + | All KVM virtual machines are managed by libvirtd. |
| | | |
| See [[Sysadmin/Add virtual machine]] for creating new VMs. | | See [[Sysadmin/Add virtual machine]] for creating new VMs. |
| | | |
| {{Special:PrefixIndex/{{PAGENAME}}/}} | | {{Special:PrefixIndex/{{PAGENAME}}/}} |