Machine/justice: Difference between revisions

(16 intermediate revisions by 5 users not shown)

Line 3:

== Hostnames ==

* justice.sugarlabs.org

* freedom.~~sugarlas~~.org

* freedom.sugarlabs.org

=== Info ===

== Info ==

Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.

Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.

== Machines ==

The following machines services are hosted:

* [[Machine/pootle]], [[Service/translate]],

* [[Service/activities]] aslo,

* [[Machine/library]],

* [[Machine/jita]], [[Service/git]], [[Service/jabber]], [[Service/meeting]], [[Service/obs]], [[Service/chat]], [[Service/cgit]], [[Service/blacklist]], [[Service/stats]],

== Hardware ==

Line 19:

Line 28:

== Management ==

The two servers have ~~awful~~ SMT management cards from Supermicro:

The two servers have SMT management cards from Supermicro with a seriously awful web interface:

* [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org]

* [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org]

Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

'''Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.'''

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-(

It's also possible to talk to the management card from Linux using ipmitool.

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(

== Software ==

* Ubuntu ~~Precise (12~~.04~~) amd64 on justice~~

* Justice: Ubuntu 18.04 LTS Bionic

* Ubuntu 14.04 LTS ~~on freedom~~

* Freedom: Ubuntu 18.04 LTS Bionic

== Location ==

Hosted by the [http://media.mit.edu/ MIT Media Lab]~~, building~~ E15.

Hosted by the [http://media.mit.edu/ MIT Media Lab] in server room E15-243.

== Admins ==

* [[User:~~Bernie~~|~~Bernie Innocenti~~]], ~~bernie~~ on #sugar ~~Freenode~~

* [[User:MrBIOS|Alex Perez]], aperezbios on #sugar libera.chat

* [[User:~~Scg~~|~~Samuel Cantero~~]], ~~scg~~ on #sugar ~~Freenode~~

* [[User:Bernie|Bernie Innocenti]], bernie on #sugar libera.chat

* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.~~oftc.net #treehouse]~~

* [[User:Srevin03|Srevin Saju]], srevinsaju on #sugar on libera.chat

* [[User:~~SAMdroid~~|~~Sam~~]], ~~samdroid~~ on #sugar on ~~Freenode~~

== Network configuration ==

Justice is globally accessible through public, static IPv4.

The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.

~~IPs 18.85.44.59-77 are available for hosted VMs.~~

== Hosted VMs ==

All KVM virtual machines are managed by libvirtd~~. Yes, that's scary~~.

All KVM virtual machines are managed by libvirtd.

See [[Sysadmin/Add virtual machine]] for creating new VMs.

{{Special:PrefixIndex/{{PAGENAME}}/}}

@@ Line 3: / Line 3: @@
 == Hostnames ==
 * justice.sugarlabs.org
-* freedom.sugarlas.org
+* freedom.sugarlabs.org
-=== Info ===
+== Info ==
 Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.
 Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.
+== Machines ==
+The following machines services are hosted:
+* [[Machine/pootle]], [[Service/translate]],
+* [[Service/activities]] aslo,
+* [[Machine/library]],
+* [[Machine/jita]], [[Service/git]], [[Service/jabber]], [[Service/meeting]], [[Service/obs]], [[Service/chat]], [[Service/cgit]], [[Service/blacklist]], [[Service/stats]],
 == Hardware ==
@@ Line 19: / Line 28: @@
 == Management ==
-The two servers have awful SMT management cards from Supermicro:
+The two servers have SMT management cards from Supermicro with a seriously awful web interface:
 * [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org]
 * [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org]
-Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
+Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
+'''Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.'''
-Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding.  There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-(
+It's also possible to talk to the management card from Linux using ipmitool.
+Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding.  There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(
 == Software ==
-* Ubuntu Precise (12.04) amd64  on justice
+* Justice: Ubuntu 18.04 LTS Bionic
-* Ubuntu 14.04 LTS  on freedom
+* Freedom: Ubuntu 18.04 LTS Bionic
 == Location ==
-Hosted by the [http://media.mit.edu/ MIT Media Lab], building E15.
+Hosted by the [http://media.mit.edu/ MIT Media Lab] in server room E15-243.
 == Admins ==
-* [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode
+* [[User:MrBIOS|Alex Perez]], aperezbios on #sugar libera.chat
-* [[User:Scg|Samuel Cantero]], scg on #sugar Freenode
+* [[User:Bernie|Bernie Innocenti]], bernie on #sugar libera.chat
-* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse]
+* [[User:Srevin03|Srevin Saju]], srevinsaju on #sugar on libera.chat
-* [[User:SAMdroid|Sam]], samdroid on #sugar on Freenode
 == Network configuration ==
 Justice is globally accessible through public, static IPv4.
 The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.
-IPs 18.85.44.59-77 are available for hosted VMs.
 == Hosted VMs ==
-All KVM virtual machines are managed by libvirtd. Yes, that's scary.
+All KVM virtual machines are managed by libvirtd.
 See [[Sysadmin/Add virtual machine]] for creating new VMs.
 {{Special:PrefixIndex/{{PAGENAME}}/}}