Difference between revisions of "Machine/justice"
Line 31: | Line 31: | ||
== Software == | == Software == | ||
− | * Justice: Ubuntu | + | * Justice: Ubuntu 16.04 LTS Xenial (needs update) |
− | * Freedom: Ubuntu | + | * Freedom: Ubuntu 16.04 LTS Xenial (needs update) |
== Location == | == Location == | ||
Line 39: | Line 39: | ||
== Admins == | == Admins == | ||
* [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode | * [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode | ||
+ | * [[User:Quozl|James Cameron]], Quozl on #sugar Freenode | ||
* [[User:Scg|Samuel Cantero]], scg on #sugar Freenode | * [[User:Scg|Samuel Cantero]], scg on #sugar Freenode | ||
* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse] | * [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse] |
Revision as of 02:20, 9 August 2018
Hostnames
- justice.sugarlabs.org
- freedom.sugarlas.org
Info
Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.
Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.
Hardware
- 2U rack-mountable case
- Motherboard Supermicro H8SGL (or maybe H8SGL-F)
- 8-core Opteron 6212 @ 1.7GHz
- 64GB RAM
- 2x1TB RAID1
Management
The two servers have SMT management cards from Supermicro with a seriously awful web interface:
Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.
It's also possible to talk to the management card from Linux using ipmitool.
Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a newer firmware version, but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(
Software
- Justice: Ubuntu 16.04 LTS Xenial (needs update)
- Freedom: Ubuntu 16.04 LTS Xenial (needs update)
Location
Hosted by the MIT Media Lab, building E15.
Admins
- Bernie Innocenti, bernie on #sugar Freenode
- James Cameron, Quozl on #sugar Freenode
- Samuel Cantero, scg on #sugar Freenode
- Stefan Unterhauser, dogi on #sugar or #treehouse
- Sam, samdroid on #sugar on Freenode
Network configuration
Justice is globally accessible through public, static IPv4. The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.
IPs 18.85.44.59-77 are available for hosted VMs.
Hosted VMs
All KVM virtual machines are managed by libvirtd.
See Sysadmin/Add virtual machine for creating new VMs.