Difference between revisions of "Project Bringing Sexy Back"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Pew
(Bare Metal)
 
(107 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is an effort toward the end of Fall 2017 to get new hardware, determining if we can use old hardware for anything, bring many vtluug services back to life plus add new services, fix major problems relating to the current infrastructure, make managing the current infrastructure easier, and to provide enough documentation so that anybody can have a very good understanding of how everything works without having to ask the officers about every little thing. This will be summarized in the [[Sysadmin Handbook]]
+
'''Note''': This page does '''not''' reflect current infrastructure. It was for planning purposes. As of 2019 everything has been migrated to new infra, as explained in [[Infrastructure]].
  
One major change is running an oVirt cluster to managing everything, along with offering a VPS service in addition to shell accounts on [[Infrastructure:Acidburn|Acidburn]]. This is not possible with the current hardware.
+
If you're looking for the older project [[User:telnorattti|telnoratti]] proposed, details about it are at [[Summer_2013_New_Machines]].
 +
 
 +
This is an effort toward the end of Fall 2017 and early Spring 2018 to get new hardware, determining if we can use old hardware for anything, bring many vtluug services back to life plus add new services, fix major problems relating to the current infrastructure, make managing the current infrastructure easier, and to provide enough documentation so that anybody can have a very good understanding of how everything works without having to ask the officers about every little thing. This will be summarized at https://vtluug.org/rtfm.txt
 +
 
 +
One major change offering a VPS service in addition to shell accounts on [[Infrastructure:Acidburn|Acidburn]]. This is not possible with the current hardware.
  
 
<!--TODO talk about doing stuff from the project list-->
 
<!--TODO talk about doing stuff from the project list-->
 
[[T-shirts]]
 
  
  
Line 12: Line 14:
  
 
We are still working on exactly what to ask for, but here are some desirable things:
 
We are still working on exactly what to ask for, but here are some desirable things:
//TODO link items
+
 
 
{| class='wikitable' id='sortMe'
 
{| class='wikitable' id='sortMe'
 
!Priority
 
!Priority
Line 24: Line 26:
 
|}
 
|}
  
Ideally we will get 2.
+
Ideally we will get 2. A much more detailed price analysis will be done for the SBB.
 
 
A much more detailed price analysis will be done for the SBB.
 
  
 +
\o/ We got $1300 to get 2 R620s!!
  
 
== Hardware Configuration ==
 
== Hardware Configuration ==
Hardware we will definitely have:
+
==== Hardware ====
 
* temp88191
 
* temp88191
 
* [[Infrastructure:Cyberdelia|Cyberdelia]]
 
* [[Infrastructure:Cyberdelia|Cyberdelia]]
 
* [[Infrastructure:Wood|Wood]]
 
* [[Infrastructure:Wood|Wood]]
 
* 2x SGI (Phantomphreak/Joey)
 
* 2x SGI (Phantomphreak/Joey)
 +
* 2x R620s (Meltdown/Spectre)
  
=== Assuming we do get SBB funding ===
+
==== Configuration ====
Additional hardware: 2x R620
+
* Router/DNS Server: joey (sry temp88191 is too old)
 
 
* Router: temp88191
 
 
* NAS: [[Infrastructure:Cyberdelia|Cyberdelia]] due to its HDD capacity
 
* NAS: [[Infrastructure:Cyberdelia|Cyberdelia]] due to its HDD capacity
* oVirt Controller: R620
+
* Libvirt hosts: Meltdown & Spectre
* oVirt Workers (via PXE): R620 Controller, the other R620, Phantomphreak, Joey
 
 
* HPC: [[Infrastructure:Wood|Wood]] due to its 4U height that can easily fit gpus
 
* HPC: [[Infrastructure:Wood|Wood]] due to its 4U height that can easily fit gpus
  
=== If we don't get SBB funding ===
+
Diagrams in progress
We probably need to get some additional RAM & CPUs for Wood in this case in order to do the cluster.
 
  
* Router: temp88191
+
== Networking ==
* NAS: [[Infrastructure:Cyberdelia|Cyberdelia]]
+
See [[Infrastructure:Network]] for a mostly up to date networking layout.
* oVirt Controller: [[Infrastructure:Wood|Wood]]
 
* oVirt Workers (via PXE): [[Infrastructure:Wood|Wood]], Phantomphreak, Joey
 
  
 +
Public IPv4s are the same except for a few, the local IPv4 network is different, and IPv6 is completely different because we have a prefix.
  
We may also get some additional hardware early Spring 2017. This will replace Phantomphreak/Joey, become the oVirt Controller, or the NAS depending on its specs. TBD
+
==== Public IPv4 addresses ====
 
+
{| class='wikitable' id='sortMe'
Diagrams in progress
+
!Function
 +
!DNS
 +
!IP
 +
|-
 +
|Router/DNS
 +
|joey.vtluug.org
 +
|128.173.88.191
 +
|-
 +
|One Libvirt Node (out of 2)
 +
|meltdown.vtluug.org
 +
|128.173.89.246
 +
|-
 +
|Web/Proxy server
 +
|sczi.vtluug.org
 +
|128.173.88.78
 +
|-
 +
|Shell Server
 +
|acidburn.vtluug.org
 +
|128.173.89.245
 +
|-
 +
|FreeIPA
 +
|chimera.vtluug.org
 +
|128.173.89.247
 +
|-
 +
|Primary NFS server
 +
|dirtycow.vtluug.org
 +
|128.173.89.244
 +
|-
 +
|Matt's server
 +
|mjh.ece.vt.edu
 +
|128.173.88.104
 +
|-
 +
|}
  
 +
As per [[User:echarlie|echarlie]], "check rdns. if there isn't an entry, and it's in ece's allocated block, we can use it."
  
 
== Service Importance ==
 
== Service Importance ==
'''Note''': This secion's PoV does '''not''' taking into account the current state of service. Instead, it assumes services are being installed to a new infrastructure.
+
'''Note''': This section's PoV does '''not''' taking into account the current state of service. Instead, it assumes services are being installed to a new infrastructure.
  
'''All''' necessary services send notifications to officers for alerts.
+
Syntax:
 +
* Overall service (hostname)
  
Syntax:
+
Services running on each host are covered in the following sections
* Service (VM name | Container name)
 
** Comment
 
  
=== Urgent ===
+
=== Essential ===
 
==== Bare Metal ====
 
==== Bare Metal ====
* Monitoring (crashandburn)
+
* Routing (joey)
** oVirt mostly takes care of this for us
+
* DNS (joey)
*** See https://ovirt.org/blog/2017/12/ovirt-metrics-store
+
* Firewall (joey)
** Prometheus or Nagios if more detailed monitoring is needed
+
* NAS ("new" dell 2900 - dirtycow, dell 2900 - cyberdelia, r310 - shellshock)
 +
* Libvirt hosts (meltdown, spectre)
  
 
==== VMs ====
 
==== VMs ====
* FreeIPA (zerocool)
+
* FreeIPA (chimera)
 
+
* Web services (sczi)
==== K8s ====
+
* Shell (acidburn)
* Sczi proxy (sczi)
 
** For proxying *.vtluug.org because we don't have unlimited v4
 
* vtluug.org (vtluug)
 
* wiki.vtluug.org (wiki_vtluug)
 
* gobblerpedia.org (wiki_gobblerpedia)
 
* hokieprivacy.org (hokieprivacy)
 
* pSQL (wikidb)
 
** For storing wiki.vtluug.org & gobblerpedia.org
 
  
 
=== Very Important ===
 
=== Very Important ===
 
==== Bare Metal ====
 
==== Bare Metal ====
* VPS system (crashandburn)
+
* VPS system via Libvirt
 
** Somewhat automated system where a user is given a VM
 
** Somewhat automated system where a user is given a VM
** Possibly is really easy with oVirt
+
** Give each user an ipv6 address
** Possibly do something like <user>.users.vtluug.org
+
* NAS Backup
  
 
==== VMs ====
 
==== VMs ====
* Shell (acidburn)
+
* elk (theplague)
** Member pages @ vtluug.org/~user
 
* rsyslog (theplague)
 
 
** Need to research this a bunch
 
** Need to research this a bunch
* DNS (lordnikon)
+
* jitsi.vtluug.org (jitsi)
** Need to research this a bunch
+
** Proxy through sczi
* Mail (acidburn)
+
* emby.vtluug.org (emby)
** Possibly in Docker instead of VM
+
** Proxy through sczi
 
+
* mirror.vtluug.org (mirror)
==== K8s ====
+
* syncthing discovery server (sync)
* Wadsworth (wadsworth)
 
* duckhunter9000 (duckhunter)
 
* truncatedcone (truncatedcone)
 
* multimediamanv2 (multimediaman)
 
** Produces /files/irc-vtluug.org
 
 
 
  
 
=== Important ===
 
=== Important ===
 
==== VMs ====
 
==== VMs ====
 
* Tahoe-LAFS (crashoverride)
 
* Tahoe-LAFS (crashoverride)
** Possibly put in container
 
 
* telnet BBS
 
* telnet BBS
 
** How tf do these things work
 
** How tf do these things work
 
* wargame.vtluug.org (wargame)
 
* wargame.vtluug.org (wargame)
 
* Archive Team Warrior
 
* Archive Team Warrior
 
==== K8s ====
 
* linx.vtlug.org (linx)
 
* bash.vtluug.org (bash)
 
* foodfor.vtluug.org (foorfor)
 
** .pickfood, .foodvote
 
* emby.vtluug.org (emby)
 
* mirror.vtluug.org (mirror)
 
 
* map.vtluug.org (map)
 
* map.vtluug.org (map)
* jitsi.vtluug.org (jitsi)
 
  
 
=== Other things to consider ===
 
=== Other things to consider ===
 
* diaspora*
 
* diaspora*
* finger (kerberos)
+
* finger (kerberos-based)
 
* talkd
 
* talkd
  
 
== Migration ==
 
== Migration ==
 
=== VTLUUG Site ===
 
=== VTLUUG Site ===
* Migrate to docker
+
* Setup on sczi via the web ansible role
 
 
=== VTLUUG wiki ===
 
* Backup content
 
* Migrate to docker
 
  
=== Gobblerpedia ===
+
=== VTLUUG & Gobblerpedia wiki ===
* Backup content
+
* Backup content using dumpBackup.xml script
* Migrate to docker
+
* Setup on sczi via the web ansible role
 +
* Restore content to new wiki
  
 
=== Wadsworth/phenny ===
 
=== Wadsworth/phenny ===
* Backup db (for .in)
+
* Use irc3 module instead
* Migrate to docker
+
* Setup on acidburn via the small-services ansible role
  
 
=== VTBash ===
 
=== VTBash ===
* Migrate to docker
+
* Setup on sczi via the web ansible role
  
 
=== Hokieprivacy ===
 
=== Hokieprivacy ===
* Migrate to docker
+
* Setup on sczi via the web ansible role
  
 
=== Linx ===
 
=== Linx ===
* Move files to NAS
+
* Setup on sczi via the web ansible role
* Migrate to docker
 
  
 
=== Acidburn ===
 
=== Acidburn ===
* Migrate homedirs to NAS
+
* Migrate homedirs to dirtycow NAS
* Currently have a ton of uses - most people probably don't use it anymore
+
* Implement background tmux irc systemd service (or just tell people to use crontabs @reboot (sounds like u got a problem w/ systemd))
** Have peopl re-register with FreeIPA
+
 
 +
=== User Accounts ===
 +
* Setup on chimera via freeipa-server ansible role
 +
* Import LDAP accounts to freeipa
  
 
=== /tank ===
 
=== /tank ===
* Backup then clean up
+
* Move main stuff to dirtycow
** Either to tardis or a temporary NAS
+
* Clean up a bit
 
 
  
 
== Issues with current services ==
 
== Issues with current services ==
Line 185: Line 187:
  
 
=== Gobblerpedia ===
 
=== Gobblerpedia ===
* Lots of out of dat information
+
* Lots of out of date information
* Building templates
+
* Building templates (populate automatically from database)
  
 
=== Wadsworth/phenny ===
 
=== Wadsworth/phenny ===
Line 200: Line 202:
  
 
=== Hokieprivacy ===
 
=== Hokieprivacy ===
* Mobile formatting is fucked, at least for FF on Android
+
* Mobile formatting is fucked -- someone should look into the hugo templates and fix
 
* Out of date
 
* Out of date
  
Line 210: Line 212:
 
=== vtluug.org/files ===
 
=== vtluug.org/files ===
 
* Need easy way fo non-root to add stuff here
 
* Need easy way fo non-root to add stuff here
 +
 +
=== vtluug.org/users/~$USERNAME ===
 +
* should document for users
 +
* maybe support dynamic server-side content (probably not; use js)
  
 
=== mail ===
 
=== mail ===
* Train spamassassin
+
* Train spamassassin (use corpus)
 
* Sieve doesn't seem to work
 
* Sieve doesn't seem to work
  
 
=== gopherspace ===
 
=== gopherspace ===
* who tf uses gopher
+
* who tf uses gopher (fwiw, gopher was 90% of the goal of project bringing sexy back)
 +
* legacy IP only, b/c pygopherd is shite
  
 
=== TOR services ===
 
=== TOR services ===

Latest revision as of 02:34, 10 January 2019

Note: This page does not reflect current infrastructure. It was for planning purposes. As of 2019 everything has been migrated to new infra, as explained in Infrastructure.

If you're looking for the older project telnoratti proposed, details about it are at Summer_2013_New_Machines.

This is an effort toward the end of Fall 2017 and early Spring 2018 to get new hardware, determining if we can use old hardware for anything, bring many vtluug services back to life plus add new services, fix major problems relating to the current infrastructure, make managing the current infrastructure easier, and to provide enough documentation so that anybody can have a very good understanding of how everything works without having to ask the officers about every little thing. This will be summarized at https://vtluug.org/rtfm.txt

One major change offering a VPS service in addition to shell accounts on Acidburn. This is not possible with the current hardware.


Getting new hardware

Cyberdelia is the only connected physical machine right now, besides our router. See Infrastructure 2017. We are planning to request funding from the SBB for new infrastructure as early as possible Spring 2018.

We are still working on exactly what to ask for, but here are some desirable things:

Priority Item Estimated Cost
10 Dell Poweredge R620s $600 ish

Ideally we will get 2. A much more detailed price analysis will be done for the SBB.

\o/ We got $1300 to get 2 R620s!!

Hardware Configuration

Hardware

  • temp88191
  • Cyberdelia
  • Wood
  • 2x SGI (Phantomphreak/Joey)
  • 2x R620s (Meltdown/Spectre)

Configuration

  • Router/DNS Server: joey (sry temp88191 is too old)
  • NAS: Cyberdelia due to its HDD capacity
  • Libvirt hosts: Meltdown & Spectre
  • HPC: Wood due to its 4U height that can easily fit gpus

Diagrams in progress

Networking

See Infrastructure:Network for a mostly up to date networking layout.

Public IPv4s are the same except for a few, the local IPv4 network is different, and IPv6 is completely different because we have a prefix.

Public IPv4 addresses

Function DNS IP
Router/DNS joey.vtluug.org 128.173.88.191
One Libvirt Node (out of 2) meltdown.vtluug.org 128.173.89.246
Web/Proxy server sczi.vtluug.org 128.173.88.78
Shell Server acidburn.vtluug.org 128.173.89.245
FreeIPA chimera.vtluug.org 128.173.89.247
Primary NFS server dirtycow.vtluug.org 128.173.89.244
Matt's server mjh.ece.vt.edu 128.173.88.104

As per echarlie, "check rdns. if there isn't an entry, and it's in ece's allocated block, we can use it."

Service Importance

Note: This section's PoV does not taking into account the current state of service. Instead, it assumes services are being installed to a new infrastructure.

Syntax:

  • Overall service (hostname)

Services running on each host are covered in the following sections

Essential

Bare Metal

  • Routing (joey)
  • DNS (joey)
  • Firewall (joey)
  • NAS ("new" dell 2900 - dirtycow, dell 2900 - cyberdelia, r310 - shellshock)
  • Libvirt hosts (meltdown, spectre)

VMs

  • FreeIPA (chimera)
  • Web services (sczi)
  • Shell (acidburn)

Very Important

Bare Metal

  • VPS system via Libvirt
    • Somewhat automated system where a user is given a VM
    • Give each user an ipv6 address
  • NAS Backup

VMs

  • elk (theplague)
    • Need to research this a bunch
  • jitsi.vtluug.org (jitsi)
    • Proxy through sczi
  • emby.vtluug.org (emby)
    • Proxy through sczi
  • mirror.vtluug.org (mirror)
  • syncthing discovery server (sync)

Important

VMs

  • Tahoe-LAFS (crashoverride)
  • telnet BBS
    • How tf do these things work
  • wargame.vtluug.org (wargame)
  • Archive Team Warrior
  • map.vtluug.org (map)

Other things to consider

  • diaspora*
  • finger (kerberos-based)
  • talkd

Migration

VTLUUG Site

  • Setup on sczi via the web ansible role

VTLUUG & Gobblerpedia wiki

  • Backup content using dumpBackup.xml script
  • Setup on sczi via the web ansible role
  • Restore content to new wiki

Wadsworth/phenny

  • Use irc3 module instead
  • Setup on acidburn via the small-services ansible role

VTBash

  • Setup on sczi via the web ansible role

Hokieprivacy

  • Setup on sczi via the web ansible role

Linx

  • Setup on sczi via the web ansible role

Acidburn

  • Migrate homedirs to dirtycow NAS
  • Implement background tmux irc systemd service (or just tell people to use crontabs @reboot (sounds like u got a problem w/ systemd))

User Accounts

  • Setup on chimera via freeipa-server ansible role
  • Import LDAP accounts to freeipa

/tank

  • Move main stuff to dirtycow
  • Clean up a bit

Issues with current services

When (re)implementing services listed above do the following changes.

VTLUUG Site

  • We're literally proxying a static github page (vtluug.github.io)
  • Probably should be redesigned to be slightly more dynamic using jekyll or flask or something

VTLUUG wiki

  • Need meeting script
  • Need to clean up a lot of old information

Gobblerpedia

  • Lots of out of date information
  • Building templates (populate automatically from database)

Wadsworth/phenny

  • Things constantly break, but there's nothing we can really do about this
  • Migrate to irc3 pythong library for a stable core
  • Migrate SysV scripts to systemd unit files

VTBash

  • Old shitty interface converted from python2 to python3
    • Nothing good seems to already exist, so we probably need to write one from scratch
  • Need to merge 2 old sqlite databases
    • Causes bug when only 1 quote author is entered, this is why they can't be merged

Hokieprivacy

  • Mobile formatting is fucked -- someone should look into the hugo templates and fix
  • Out of date

Linx

  • Offload storage to NAS
  • Binaries need updating
  • Need to do reddit stress test

vtluug.org/files

  • Need easy way fo non-root to add stuff here

vtluug.org/users/~$USERNAME

  • should document for users
  • maybe support dynamic server-side content (probably not; use js)

mail

  • Train spamassassin (use corpus)
  • Sieve doesn't seem to work

gopherspace

  • who tf uses gopher (fwiw, gopher was 90% of the goal of project bringing sexy back)
  • legacy IP only, b/c pygopherd is shite

TOR services

linx, hokieprivacy, and the main site (hence vtluug.org) can be accessed over tor. advertise these urls or make them more memorable (or both)

Retrieved from "https://vtluug.org/w/index.php?title=Project_Bringing_Sexy_Back&oldid=7622"