Changes

Machine/justice (view source)

Revision as of 20:26, 12 March 2021

1,634 bytes added , 20:26, 12 March 2021

→‎Admins

Line 3: Line 3:

== Hostnames ==

* justice.sugarlabs.org

−

* freedom.~~sugarlas~~.org

+

* freedom.sugarlabs.org

−

=== Info ===

+

== Info ==

Freedom and Justice are two twin KVM hosts bought by Sugar Labs in 2012.

−

Justice is currently our primary VM hosting box, while freedom is a hot-standby ~~with~~ secondary services and backups.

+

Justice is currently our primary VM hosting box, while freedom is a hot-standby running some secondary services in docker containers and backups.

+

== Machines ==

+

The following machines services are hosted:

+

* [[Machine/lightwave]], [[Service/Nameservers]],

+

* [[Machine/pootle]], [[Service/translate]],

+

* [[Service/activities]] aslo,

+

* [[Machine/library]],

+

* [[Machine/aslo3]],

+

* [[Machine/jita]], [[Service/git]], [[Service/jabber]], [[Service/meeting]], [[Service/obs]], [[Service/chat]], [[Service/cgit]], [[Service/blacklist]], [[Service/stats]],

+

* [[Machine/amnesia]],

+

* [[Machine/pye-zatoichi]],

== Hardware ==

* 2U rack-mountable case

−

* Motherboard ~~ASUS KFSN5~~-D

+

* Motherboard Supermicro H8SGL (or maybe H8SGL-F)

−

* 8-core Opteron 6212 @ 1.~~4GHz~~

+

* 8-core Opteron 6212 @ 1.7GHz

* 64GB RAM

* 2x1TB RAID1

+

== Management ==

+

The two servers have SMT management cards from Supermicro with a seriously awful web interface:

+

* [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org]

+

* [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org]

+

Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

+

'''Use a long, unguessable password, but not one you're also using elsewhere! A few years ago, a backdoor was discovered in this firmware which would reveal all passwords in plaintext with a simple telnet! Also, login uses unencrypted http.'''

+

It's also possible to talk to the management card from Linux using ipmitool.

+

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(

== Software ==

−

* Ubuntu ~~Precise (12~~.04~~) amd64 on justice~~

+

* Justice: Ubuntu 18.04 LTS Bionic

−

* Ubuntu 14.04 LTS ~~on freedom~~

+

* Freedom: Ubuntu 18.04 LTS Bionic

== Location ==

−

Hosted by the [http://media.mit.edu/ MIT Media Lab]~~, building~~ E15.

+

Hosted by the [http://media.mit.edu/ MIT Media Lab] in server room E15-243.

== Admins ==

+

* [[User:MrBIOS|Alex Perez]], aperezbios on #sugar Freenode

* [[User:Bernie|Bernie Innocenti]], bernie on #sugar Freenode

* [[User:Scg|Samuel Cantero]], scg on #sugar Freenode

−

* [[User:Dogi|Stefan Unterhauser]], dogi on #sugar or [http://mibbit.com/?channel=%23treehouse&server=irc.oftc.net #treehouse]

* [[User:SAMdroid|Sam]], samdroid on #sugar on Freenode

+

* [[User:Srevin03|Srevin Saju]], srevinsaju on #sugar on Freenode

== Network configuration ==

Justice is globally accessible through public, static IPv4.

The IPv6 /64 subnet (6to4) is currently experimental and not associated with AAAA records.

−

~~IPs 18.85.44.59-77 are available for hosted VMs.~~

== Hosted VMs ==

−

All KVM virtual machines are managed by libvirtd~~. Yes, that's scary~~.

+

All KVM virtual machines are managed by libvirtd.

See [[Sysadmin/Add virtual machine]] for creating new VMs.

{{Special:PrefixIndex/{{PAGENAME}}/}}

Quozl

Administrators

1,285

edits

Changes

Machine/justice (view source)

Revision as of 20:26, 12 March 2021

Navigation menu

Search