Difference between revisions of "Machine/justice"

From Sugar Labs
Jump to navigation Jump to search
Line 31: Line 31:
  
 
== Software ==
 
== Software ==
* Justice: Ubuntu 14.04 LTS (needs update)
+
* Justice: Ubuntu 16.04 LTS Xenial (needs update)
* Freedom: Ubuntu 14.04 LTS (needs update)
+
* Freedom: Ubuntu 16.04 LTS Xenial (needs update)
  
 
== Location ==
 
== Location ==
Line 39: Line 39:
 
== Admins ==
 
== Admins ==
 
* [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode
 
* [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode
 +
* [[User:Quozl|James Cameron]], Quozl on #sugar Freenode
 
* [[User:Scg|Samuel Cantero]], scg on #sugar Freenode
 
* [[User:Scg|Samuel Cantero]], scg on #sugar Freenode
 
* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse]
 
* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse]

Revision as of 02:20, 9 August 2018

Hostnames

  • justice.sugarlabs.org
  • freedom.sugarlas.org

Info

Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.

Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.

Hardware

  • 2U rack-mountable case
  • Motherboard Supermicro H8SGL (or maybe H8SGL-F)
  • 8-core Opteron 6212 @ 1.7GHz
  • 64GB RAM
  • 2x1TB RAID1

Management

The two servers have SMT management cards from Supermicro with a seriously awful web interface:

Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.

It's also possible to talk to the management card from Linux using ipmitool.

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a newer firmware version, but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(

Software

  • Justice: Ubuntu 16.04 LTS Xenial (needs update)
  • Freedom: Ubuntu 16.04 LTS Xenial (needs update)

Location

Hosted by the MIT Media Lab, building E15.

Admins

Network configuration

Justice is globally accessible through public, static IPv4. The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.

IPs 18.85.44.59-77 are available for hosted VMs.

Hosted VMs

All KVM virtual machines are managed by libvirtd.

See Sysadmin/Add virtual machine for creating new VMs.