Difference between revisions of "Machine/justice"
(Add info about management cards) |
|||
Line 9: | Line 9: | ||
Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012. | Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012. | ||
− | Justice is currently our primary VM hosting box, while freedom is a hot-standby | + | Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups. |
== Hardware == | == Hardware == | ||
* 2U rack-mountable case | * 2U rack-mountable case | ||
− | * Motherboard | + | * Motherboard Supermicro H8SGL (or maybe H8SGL-F) |
− | * 8-core Opteron 6212 @ 1. | + | * 8-core Opteron 6212 @ 1.7GHz |
* 64GB RAM | * 64GB RAM | ||
* 2x1TB RAID1 | * 2x1TB RAID1 | ||
+ | |||
+ | == Management == | ||
+ | The two servers have awful SMT management cards from Supermicro: | ||
+ | * [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org] | ||
+ | * [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org] | ||
+ | Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year). | ||
+ | |||
+ | Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-( | ||
== Software == | == Software == |
Revision as of 06:56, 27 June 2018
Hostnames
- justice.sugarlabs.org
- freedom.sugarlas.org
Info
Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.
Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.
Hardware
- 2U rack-mountable case
- Motherboard Supermicro H8SGL (or maybe H8SGL-F)
- 8-core Opteron 6212 @ 1.7GHz
- 64GB RAM
- 2x1TB RAID1
Management
The two servers have awful SMT management cards from Supermicro:
Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a newer firmware version, but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-(
Software
- Ubuntu Precise (12.04) amd64 on justice
- Ubuntu 14.04 LTS on freedom
Location
Hosted by the MIT Media Lab, building E15.
Admins
- Bernie Innocenti, bernie on #sugar Freenode
- Samuel Cantero, scg on #sugar Freenode
- Stefan Unterhauser, dogi on #sugar or #treehouse
- Sam, samdroid on #sugar on Freenode
Network configuration
Justice is globally accessible through public, static IPv4. The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.
IPs 18.85.44.59-77 are available for hosted VMs.
Hosted VMs
All KVM virtual machines are managed by libvirtd. Yes, that's scary.
See Sysadmin/Add virtual machine for creating new VMs.