245
edits
Changes
m
All other VTLUUG-owned servers are currently stored in === Other hosts ===* [[userInfrastructure:pewJoey|pewjoey]]'s apartmentused to be the router, with but is no longer in use due to a failure of the exception of single drive* [[infrastructureInfrastructure:sunwayWood|sunwayWood]]and is sitting in our rack turned off because we don't have a SuperMicro server, which were all transferred to WUVTuse for it currently. The list It is in a 4U case capable of these machines includes fitting several GPUs.* [[Infrastructure:WoodCyberdelia|Woodcyberdelia]]- OFF, 7x1TB raidz2 array,sitting on shelf instead of rack* [[Infrastructure:Sunway|sunway]] and a variety of other servers, including our old LXC SuperMicro server were all transferred to WUVT. Older hosts and the old mirrorhave either been thrown out or given to members.
[[File:Infra2016-network.png|thumb|500px|A simple network diagram by [[user:mjh|mjh]]]]
=== Critical === * [[Infrastructure:Acidburn|Acidburnacidburn]]
* linx.vtluug.org
== Deprecated IPs ==
IPs we were using at some point (by reclaiming CVL IPs, etc), or are mentioned in /etc/exports on Cyberdelia
* 128.173.88.161 (security.ece.vt.edu) - was once milton's IP until luug IPs got routed behind router.ece.vt.edu.
* 128.173.88.145 (cvl05.ece.vt.edu) - was once snapfeed's IP, reclaimed by bmckagen.
* 128.173.88.131 (dog.ece.vt.edu) - we have a Sun box labeled "dog.ece.vt.edu" but the IP appears to be in use now for VMware ESXi. It can be arped from cyberdelia.
[[Category:2016]][[Category:2017]]
no edit summary
This page documents VTLUUG's infrastructure post-[[CVL eviction]]. It is intended as a scratch pad ofsorts for organizing infrastructure changes, since [[Infrastructure:Log]] is incredibly out of date, andthere are a lot of details which must be sorted out before major infrastructure changes can be made.
== Physical Infrastructure ==
=== NFS Hosts ===* [[Infrastructure:Dirtycow|dirtycow]] - Primary NFS server, 8x2TB raidz2 array === VM Hosts ===* [[Infrastructure:Meltdown|meltdown]] - Primary VM/docker host* [[Infrastructure:Spectre|spectre]] - Secondary VM/docker host, for example user VMs* [[Infrastructure:Gibson|gibson]] - Secondary VM/docker host, Intel Arc A770, for GPU loads* [[Infrastructure:Prospit|prospit]] - Secondary VM/docker host, GTX 1080, for GPU loads=== Whit Cluster ===* [[Infrastructure:CyberdeliaVesuvius|Cyberdeliavesuvius]] is the only connected physical machine right now- SAN/control plane,8x12TB raidz2 array* [[Infrastructure:Bastille|bastille (blades)]] - worker nodes besides === Routers ===* [[Infrastructure:Temp88191Shellshock|our shellshock]] - Whit router, 3 disk RAID1 array* [[Infrastructure:Zerocool|zerocool]]. It contains 48 GB of memory- McBryde router with 4 ethernet interfaces; only eth4 is connected and is attached to br0. All hosts are on our own 1-gbit Gb/s port with[[Infrastructure:Temp88191Shellshock|temp88191shellshock]], a gateway featuring ARP proxying, and partial NDP proxying.For global DNS changes under ece.vt.edu, server room access, and getting hosts added to full delegation of the ARP proxy,contact [mailto2607:b400:jkh@vt.edu John Harris] or [mailto6:rdehart@vt.edu Roddy Dehart]cc80/64 prefix.
Virginia Tech has started blocking inbound ports 22 and 3389 and outbound port 25 at the campus border, in a move
[[User:echarlie|echarlie]] is calling [[gp:Cyber Auschwitz|Cyber Auschwitz]]. Contact itso-g@vt.edu for firewall exceptions.
When deploying new hosts, make ssh listen on both 2222 and 22. [[Infrastructure:Acidburn|Acidburn]] currently listens on 443 3128 as well.
See [[GoalsVTLUUG:Strategic_plan]] for things we plan to do in the future.
== On the Network Architecture ==
''Further Information: [[Infrastructure:Networking]] and [[Infrastructure:Network]]'' [[File:Infra2019-network.png|thumb|500px|A simple network diagram by [[user:pew|pew]]. '''Update June 2021: Joey is dead, long live Joey. Shellshock is the new router. Cyberdelia is off.]]
We currently have some services with public IPv4 address, and all hosts have an internal IPv4 address on the 10.9998.x.x/16 subnet and an IPv6 address assigned via SLAAC.In the future, it may be wise to bridge this network to anethernet port on cyberdelia, so that a switch can be used to network our other services. When we have rackspaceto do so, [[Infrastructure:IPsec|VPN]]/[[Iodine]] access to the internal network will should be necessaryused.
In theory, services can be provided via a hidden service such as [[w:Tor|Tor]], but that introduces other complications.
Alternately, services can require use of the [[Infrastructure:IPsec|VPN]] on [[Infrastructure:acidburnAcidburn|acidburn]],
[[Iodine]], or [[Secure Shell|ssh tunnelling]], although all of these limit usage to members with a shell account.
All of these have the benefit of NAT transversal, however.
== Services ==
''Further information: [[:Category:Services]]''
** Shell server
** [[Email]]
** [[Wadsworth]]
** [[Iodine]]* [[Infrastructure:RazorChimera|Razorchimera]]** LDAPFreeIPA
* [[Infrastructure:Sczi|Sczi]]
** Website
*** Wiki[https://hokieprivacy.org hokieprivacy]*** [https://bash.vtluug.org vtbash]*** [https://vtluug.org Main Site]*** This wiki and [[gp:Main Page|Gobblerpedia]]*** dex, for authing with the wikis*** https://vtluug.org/users/~$user - User homepages*** [https://search.vtluug.org 4get] a metasearch engine*** [https://git.vtluug.org Gitea] a Github-esque git server with dex/LUUG OpenID auth*** [https://element.vtluug.org element], a Matrix client*** linx[https://soulseek.vtluug.org slskd]*** [https://seed.vtluug.org qbittorrent-nox]*** [vtbashhttps://bitwarden.vtluug.org bitwarden]* [[Infrastructure:Nikonwormhole|nikonwormhole]]** AdGuard DNS blackhole* [[Infrastructure:CyberdeliaDirtycow|Cyberdeliadirtycow]]** All the above Storage for all primary services** VMs for projectsNFS - ZFS pool name is cistern* [[Infrastructure:Meltdown|meltdown]]** TankVM host for above services*[[Infrastructure:Scaryterry|scaryterry]]** NFS[https://awm.vtluug.org AWM site]
[[Infrastructure:Acidburn|Acidburnacidburn]] and the website ''must'' be accessible through real services, and it is preferable that [[Infrastructure:Cyberdelia|Cyberdelia]] is other hosts are too. This means we must use our public IPv4 & IPv6 Addresses allotted by ECE.
== Website details ==
=== Current Setup ===
All vtluug websites are run on nginx on [[Infrastructure:Sczi|sczi]]. These sites are currently functional:
* gobblerpedia.org
* hokieprivacy.org
* vtluug.org
* wiki.vtluug.org (this redirects to vtluug.org/wiki/)
* bash.vtluug.org
* vtluug.org/users/~$user
All of these sites exclusively allow for the use of TLS connections. All services use automatically updated
==== Main Page ====
The main VTLUUG page was scraped from the [[w:Internet Archive|Internet Archive]] and added created as a github page at[https://vtluug.github.io vtluug.github.io], and is reverse-proxied through [[Infrastructure:Sczi|sczi]].
==== Wiki ====
The wiki currently runs fully on MediaWiki hosted on nginxusing a [https://github. Postgres is used for com/vtluug/mediawiki-docker modified version of the database and authenticationis through LDAPofficial mediawiki docker image]. MediaWiki is running You can auth with the current stable version as of March 2017admin account, courtesy hard work by[[userUser:pewwiki-admin|pewwiki-admin]]or a Google account. See note on [[Main_page]] about why LDAP isn't working yet.
===== Gobblerpedia =====
Runs on the same Mediawiki instance as this wiki, with its schema in the same Postgres database. CurrentlySimilarly to LUUGWiki, you can authwith LDAP, pre-existing only Google accounts, or a Google account in the VT hosted domain. ==== Linx ==== Uses [[User:andreim|aam]]'s [https://github.com/andreimarcu/linx-server linx], and is an identical implementation to his site[https://linx.li linx.li]. One of the few sites with a complete startup script. The maintenance is currently the responsibilityof aam, however this is subject to change, pending his retaining root access on scziadmin user are supported logins.
=== Needs Restoration ===
* git.vtluug.org - git hosting; previously a redirect to gitweb with gitosis as the SSH backend
* gitweb.vtluug.org - git hosting; previously gitweb
* [https://github.com/vtluug/campusmap map.vtluug.org ] - [[Openstreetmap|OSM]] (gobblerpedia still relies on this)* users.vtluug.org - member hosting based map of acidburn home directories PostgreSQL tables exist on milton for foodforus, jandc, mediawiki, mewsblu, sharedwiki, uniluug, vtluug_wiki, and wargame_bbs. Moreresearch is necessary to determine what these are for. There are also a collection of mySQL databases on milton which maybe desirable to archive and store.VT
=== Historically ===
See [[Infrastructure:Deprecated_Infrastructure#Web_ServicesDead_projects]] for historic information
=== Goals ===See [[GoalsVTLUUG:Strategic_plan#Web_Services]] for future goals involving web services
== Addressing ==
VTLUUG currently has DNS with namecheap, however all domains have been re-registered with gandi undervtluug.net. Message officers for access (please don's own account, to replace the mixture of mutantmonkey-holdings and vtluug-held domains on multipledifferent registrarst be scared :D).
We currently hold the IPv6 prefix <code>2001:470:8:6d9::/64</code> from HE's allocation due to our tunnel.
{{:Infrastructure:Network}}
[[Category:Infrastructure]]
[[Category:VTLUUG:Projects]]
[[Category:Featured content]]
