diff --git a/Dockerfile b/Dockerfile index a905faa..7001677 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,8 @@ # build FROM rust:latest as builder -RUN apt update && apt upgrade -y && apt install graphviz -y - ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse RUN cargo install --no-default-features --features search mdbook -RUN cargo install mdbook-graphviz WORKDIR /book COPY . . diff --git a/_typos.toml b/_typos.toml index 2f8c317..30a4b8d 100644 --- a/_typos.toml +++ b/_typos.toml @@ -5,4 +5,6 @@ NED = "NED" extend-ignore-identifiers-re = [ # Ignore mirror hard disk names "2RW103_ZL2*", -] \ No newline at end of file + # Ignore "typos" in nftables config + "iif", "oif", +] diff --git a/book.toml b/book.toml index 823e53d..bdd83c1 100644 --- a/book.toml +++ b/book.toml @@ -8,10 +8,6 @@ title = "COSI Documentation" [output.html] git-repository-url = "https://github.com/COSI-Lab/book" edit-url-template = "https://github.com/COSI-Lab/book/edit/main/{path}" -additional-css = ["local.css"] [output.html.print] enable = false - -[preprocessor.graphviz] -command = "mdbook-graphviz" diff --git a/cloud.gif b/cloud.gif deleted file mode 100644 index 73d66a0..0000000 Binary files a/cloud.gif and /dev/null differ diff --git a/cloud.xcf b/cloud.xcf deleted file mode 100644 index f1fa419..0000000 Binary files a/cloud.xcf and /dev/null differ diff --git a/local.css b/local.css deleted file mode 100644 index 7a698db..0000000 --- a/local.css +++ /dev/null @@ -1,23 +0,0 @@ -/* Styles for the network topology diagrams (all in svg) */ -svg { - width: 100%; - height: auto; -} - -svg .node text, svg .edge polygon { - fill: var(--color); -} -svg .node ellipse, svg .edge path, svg .edge polygon { - stroke: var(--color); -} - -svg .node, svg .edge { --color: #000; } -svg .clarkson { --color: #777; } -svg .host { --color: #f00; } -svg .agg { --color: #70f; } -svg .managed { --color: #00a; } -svg .unmanaged { } -svg .smf10 { --color: #f70; stroke-width: 2px; } -svg .smf40 { --color: #f30; stroke-width: 4px; } -svg .e10g { --color: #00f; stroke-width: 2px; } -svg .room { --color: #070; } diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 1ca8111..65552e1 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -18,6 +18,7 @@ - [Elephant](./infrastructure/servers/elephant.md) - [Eldwyn](./infrastructure/servers/eldwyn.md) - [Hydra](./infrastructure/servers/hydra.md) + - [Janet](./infrastructure/servers/janet.md) - [Kasper](./infrastructure/servers/kasper.md) - [Talos](./infrastructure/servers/talos.md) - [TalDos](./infrastructure/servers/taldos.md) diff --git a/src/infrastructure/network/cloud.gif b/src/infrastructure/network/cloud.gif deleted file mode 120000 index eeeb929..0000000 --- a/src/infrastructure/network/cloud.gif +++ /dev/null @@ -1 +0,0 @@ -../../../cloud.gif \ No newline at end of file diff --git a/src/infrastructure/network/ip_allocations.md b/src/infrastructure/network/ip_allocations.md index ad60c33..8b71490 100644 --- a/src/infrastructure/network/ip_allocations.md +++ b/src/infrastructure/network/ip_allocations.md @@ -38,6 +38,7 @@ _updated: December 15, 2023_ | 4 | [Talos](../servers/talos.md) | | 41 | [Tiamat](../servers/tiamat.md) | | 42 | [Hydra](../servers/hydra.md) | +| 42 | [Janet](../servers/janet.md) | | 53 | [TalDos](../servers/taldos.md) | | 179 | [hbox](../servers/hbox.md) | diff --git a/src/infrastructure/network/topology.md b/src/infrastructure/network/topology.md index 795238e..2ff015e 100644 --- a/src/infrastructure/network/topology.md +++ b/src/infrastructure/network/topology.md @@ -1,185 +1,144 @@ # Topology -_updated: Jan 15th 2023_ - -**Legend: Edges** - -| Style | Description | -|--------|-------------------------------| -| Red | 40 gigabit single mode fiber | -| Orange | 10 gigabit single mode fiber | -| Black | 1 gigabit copper ethernet | -| Green | Patch Panel (speed varies by patch health) | -| Blue | Special (read label by label) | -| Gray | Controlled by OIT | - -Numeric labels on edges represent [VLANs](#vlans). - -**Legend: Ovals** - -| style | description | -|--------|----------------------------| -| Red | Host | -| Green | Room | -| Gray | Controlled by OIT | -| Green | Patch Panel | - -**Legend: Boxes (switches)** - -| style | description | -|--------|----------------------------| -| Purple | Aggregation (fiber) Switch | -| Blue | Managed Switch | -| Black | Unmanaged Switch | - -If you have trouble distinguishing colors, you can read the source code. - -## Current Topology - -_updated: December 17th, 2023_ - -```dot process -/* COSI network topology - * - * Some things to keep in mind: - * - Filenames must be both in the repo root (so `graphviz` itself sees them) - * and in the same directory (so they're hosted from the right place in the - * built book). The easiest way to do this is a symlink. - * - The edge orientation is "tail -- head". `headlabel` and `taillabel` are - * powerful tools. - */ - -graph { - layout="sfdp"; - bgcolor="#dddddd"; - - /* Nodes */ - internet [shape=none,height=1,width=1,fixedsize=true,image="cloud.gif",label=""]; - mirror [class="host"]; - kasper [class="host"]; - - subgraph switches { - node [shape="record"] - - jgw [class="clarkson"]; - sc334 [class="clarkson",label="sc-334-c2960s"]; - - FHILL [class="agg"]; - - m2 [class="managed"]; - m3 [class="managed"]; - - private [class="unmanaged"]; - wifi [class="unmanaged"]; - - itl1 [class="unmanaged"]; - itl2 [class="unmanaged"]; - itl3 [class="unmanaged"]; - itl4 [class="unmanaged"]; - cosi1 [class="unmanaged"]; - cosi2 [class="unmanaged"]; - } - - taldos [class="host"]; - eldwyn [class="host"]; - hydra [class="host"]; - tiamat [class="host"]; - prometheus [class="host"]; - COSI [class="room"]; - ITL [class="room"]; - // shitch; - // "grand-dad" [class="host"]; - // bacon [class="host"]; - // f1 [class="agg"]; - - /* Edges */ - internet -- jgw[dir=back,len=1,class="clarkson"]; - jgw -- sc334 [class="clarkson"]; - - sc334 -- FHILL -- mirror [class="smf10",label="3"]; - FHILL -- kasper [dir=forward,class="smf10",label="3"]; - FHILL -- kasper [dir=back,class="smf10",label="2"]; - FHILL -- tiamat [class="smf10",label="2"]; - - FHILL -- private [label="2"]; - private -- {itl1, itl2, itl3, itl4, taldos, hydra, kasper}; - {itl1, itl2, itl3, itl4} -- ITL; - - FHILL -- {cosi1, cosi2, m2} [label="2"]; - {cosi1, cosi2} -- COSI; - - FHILL -- m3 [label="2,5"]; - - m2 -- {prometheus, wifi}; - m3 -- {eldwyn}; -} -``` - -## Desired Topology - -_updated: Mar 2nd 2023_ - -```dot process -graph { - layout="sfdp"; - - bgcolor="#dddddd"; - ratio=0.75; - - /* Nodes */ - internet [shape=none,height=1,width=1,fixedsize=true,image="cloud.gif",label=""]; - - subgraph switches { - node [shape="record"] - jgw [class="clarkson"]; - - FCOLO [class="agg"]; - FHILL [class="agg"]; - - mrackl [class="managed"]; - mrackr [class="managed"]; - mnet [class="managed"]; - - wifi [class="unmanaged"]; - - itl1 [class="unmanaged"]; - itl2 [class="unmanaged"]; - itl3 [class="unmanaged"]; - itl4 [class="unmanaged"]; - cosi1 [class="unmanaged"]; - cosi2 [class="unmanaged"]; - } - - mirror [class="host",href="../../mirror/introduction.md"]; - kasper [class="host",href="../servers/kasper.md"]; - taldos [class="host",href="../servers/talos.html"]; - hydra [class="host",href="../servers/hydra.html"]; - bacon [class="host",href="../servers/bacon.html"]; - tiamat [class="host",href="../servers/tiamat.html"]; - TBD [class="host"]; - elephant [class="host",href="../servers/elephant.html"]; - prometheus [class="host"]; - norm [class="host"]; - "red-dwarf" [class="host"]; - - COSI [class="room"]; - ITL [class="room"]; - - /* Edges */ - internet -- jgw [dir=back,class="clarkson"]; - FHILL -- FCOLO [class="smf10",label="2"]; - FCOLO -- jgw [class="clarkson"]; - - FHILL -- {mrackl, mrackr, mnet, hydra, bacon, tiamat} [class="smf10",label="2"]; - mnet -- {itl1, itl2, itl3, itl4, cosi1, cosi2, wifi}; - mrackr -- {norm, "red-dwarf", prometheus} [label="2"]; - mrackl -- TBD [label="2"]; - {cosi1, cosi2} -- COSI [class="room"]; - {itl1, itl2, itl3, itl4} -- ITL [class="room"]; - FCOLO -- {mirror} [class="smf10",label="3"]; - FCOLO -- {elephant, taldos} [class="smf10",label="2"]; - FCOLO -- kasper [dir=forward,class="smf10",label="3"]; - FCOLO -- kasper [dir=back,class="smf10",label="2"]; - norm -- prometheus [class="e10g",label="direct 10G",fontcolor="blue"]; -} -``` +_updated: Feb 12, 2024_ + + +Note: Topology graphs have been temporarily removed due to dependency issues with `mdbook-graphviz`. + +# Current Topology + +_updated: Feb 12, 2024_ + +## Server Room + +> ### Switch FHILL +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Internet Gateway | 3 | 10G Optical | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Kasper (WAN) | 3 | 10G Optical | +> | Upublic | 3 | 1G Copper | +> | Mirror | 3 | 10G Optical | +> | Kasper (LAN) | 2 | 10G Optical | +> | Uprivate | 2 | 1G Copper | +> | Tiamat | 2 | 10G Optical | +> | Hydra | 2 | 10G Optical | +> | Janet | 2 | 10G Optical | +> | Elephant | 2 | 10G Optical | +> | WiFi AP | 2 | 1G Copper | + +> ### Switch Upublic +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FHILL | U | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | ITL Projector PC | U | 1G Copper | +> | hbox | U | 1G Copper | + +> ### Switch Uprivate +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FHILL | U | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | MrackL | U | 1G Copper | +> | MrackC | U | 1G Copper | +> | MrackR | U | 1G Copper | +> | COSI Sw/Patch | U | 1G Copper | +> | ITL Sw/Patch | U | 1G Copper | +> | TalDos | U | 1G Copper | + +> ### Switches MrackL/MrackC/MrackR +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Uprivate | 2 | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Multiple Hosts | 2 | 1G Copper | + +## COLO + +> ### Switch FCOLO +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FHILL | 3 | 10G Optical | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| + +# Desired Topology + +_updated: Feb 12, 2024_ + +## Server Room + +> ### Switch FHILL +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FCOLO | 3 | 10G Optical | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Kasper (WAN) | 3 | 10G Optical | +> | Upublic | 3 | 1G Copper | +> | Kasper (LAN) | 2 | 10G Optical | +> | Uprivate | 2 | 1G Copper | +> | Hydra | 2 | 10G Optical | +> | Janet | 2 | 10G Optical | +> | WiFi AP | 2 | 1G Copper | + +> ### Switch Upublic +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FHILL | U | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | ITL Projector PC | U | 1G Copper | +> | hbox | U | 1G Copper | + +> ### Switch Uprivate +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | FHILL | U | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | MrackL | U | 1G Copper | +> | MrackC | U | 1G Copper | +> | MrackR | U | 1G Copper | +> | COSI Sw/Patch | U | 1G Copper | +> | ITL Sw/Patch | U | 1G Copper | +> | TalDos | U | 1G Copper | + +> ### Switches MrackL/MrackC/MrackR +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Uprivate | 2 | 1G Copper | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Multiple Hosts | 2 | 1G Copper | + +## COLO + +> ### Switch FCOLO +> | Upstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Internet Gateway | 3 | 10G Optical | +> +> | Downstream Link | VLAN | Link Type | +> |------------------|------|-------------| +> | Kasper (WAN) | 3 | 10G Optical | +> | Mirror | 3 | 10G Optical | +> | Kasper (LAN) | 2 | 10G Optical | +> | FHILL | 3 | 10G Optical | +> | Tiamat | 2 | 10G Optical | +> | Elephant | 2 | 10G Optical | +> | TalDos | 2 | 1G Copper | \ No newline at end of file diff --git a/src/infrastructure/racks.md b/src/infrastructure/racks.md index c949aeb..1a3b70a 100644 --- a/src/infrastructure/racks.md +++ b/src/infrastructure/racks.md @@ -1,6 +1,6 @@ # Racks -_updated: Oct 16th 2022_ +_updated: Feb 11, 2024_ This page serves as an index of all of COSI server racks. @@ -9,6 +9,7 @@ This page serves as an index of all of COSI server racks. In order from SC 334 entrance to SC 346 they are named: - [left](#left) +- [center](#center) - [right](#right) - [network 0](#network-0) - [network 1](#network-1) @@ -27,6 +28,7 @@ Here are some named links for convenience Replace PATH with the **relative** path to /src/infrastructure/ [Server Room - Left](PATH/racks.md#left) +[Server Room - Center](PATH/racks.md#center) [Server Room - Right](PATH/racks.md#right) [Server Room - Network 0](PATH/racks.md#network-0) [Server Room - Network 1](PATH/racks.md#network-1) @@ -34,13 +36,56 @@ Replace PATH with the **relative** path to /src/infrastructure/ [Server Room - Network 3](PATH/racks.md#network-3) [COLO](PATH/racks.md#colo.md) ``` - ## Left -_updated: Oct 16th 2022_ + +_updated: Feb 11, 2024_ | RU | Device | | :- | :----- | -| 36 | M3 (TP-LINK TL-SH3424) | +| 37 | TP-LINK TL-SG3428X (Rear) | +| 36 | | +| 35 | | +| 34 | | +| 33 | | +| 32 | | +| 31 | | +| 30 | | +| 29 | | +| 28 | | +| 27 | | +| 26 | | +| 25 | | +| 24 | | +| 23 | | +| 22 | | +| 21 | | +| 20 | | +| 19 | | +| 18 | | +| 17 | | +| 16 | | +| 15 | | +| 14 | | +| 13 | | +| 12 | | +| 11 | | +| 10 | | +| 09 | | +| 08 | | +| 07 | | +| 06 | | +| 05 | | +| 04 | | +| 03 | | +| 02 | | +| 01 | | + +## Center +_updated: Feb 11, 2024_ + +| RU | Device | +| :- | :----- | +| 36 | TP-LINK TL-SG3428X | | 35 | | | 34 | | | 33 | KVM Switch (OmniView PRO2 - 8 Port)| @@ -72,15 +117,15 @@ _updated: Oct 16th 2022_ | 07 | | | 06 | | | 05 | | -| 04 | Salvato | +| 04 | | | 03 | | | 02 | UPS8 (APC Smart-UPS C1500) | | 01 | UPS8 (APC Smart-UPS C1500) | -[top of rack](#left) - [top of page](#) +[top of rack](#center) - [top of page](#) ## Right -_updated: Oct 16th 2022_ +_updated: Feb 11, 2024_ | RU | Device | | :- | :----- | @@ -88,27 +133,27 @@ _updated: Oct 16th 2022_ | 41 | M2 (TP-LINK TL-SH3424) | | 40 | Cable Management | | 39 | Cable Management | -| 38 | Questionable POE Injector (PowerDsine 9024G)| +| 38 | | | 37 | | | 36 | | | 35 | | | 34 | | -| 33 | Monitor | -| 32 | Monitor | -| 31 | Monitor | -| 30 | Monitor | -| 29 | Monitor | -| 28 | Monitor | -| 27 | Monitor | -| 26 | Monitor | -| 25 | Monitor | -| 24 | Broken KVM switch (E040-008-19 TRIPP-LITE) | -| 23 | | -| 22 | | -| 21 | | -| 20 | | -| 19 | | -| 18 | Prometheus (offset 😠) | +| 33 | | +| 32 | | +| 31 | | +| 30 | | +| 29 | | +| 28 | | +| 27 | | +| 26 | | +| 25 | | +| 24 | [Elephant](../servers/elephant.md) | +| 23 | [Elephant](../servers/elephant.md) | +| 22 | [Janet](../servers/janet.md) | +| 21 | Erised | +| 20 | Erised | +| 19 | Erised | +| 18 | Erised | | 17 | Prometheus | | 16 | Prometheus | | 15 | Prometheus | @@ -182,7 +227,7 @@ _updated: Never because there is nothing there_ [top of rack](#network-0) - [top of page](#) ## Network 1 -_updated: Oct 16th 2022_ +_updated: Feb 11, 2024_ | RU | Device | | :- | :----- | @@ -190,46 +235,46 @@ _updated: Oct 16th 2022_ | 43 | OIT's switch (sc-334-c2960s) | | 42 | OIT's switch (sc-334-c2960s) | | 41 | | -| 40 | F1 (Juniper EX4500) | -| 39 | F1 (Juniper EX4500) | -| 38 | | -| 37 | | -| 36 | | +| 40 | | +| 39 | | +| 38 | Cable Management | +| 37 | Cable Management | +| 36 | FHILL | | 35 | | -| 34 | | -| 33 | | +| 34 | UPRIVATE| +| 33 | UPUBLIC| | 32 | | | 31 | | -| 30 | | -| 29 | | -| 28 | | -| 27 | | -| 26 | | -| 25 | | -| 24 | | -| 23 | | -| 22 | | -| 21 | | -| 20 | | -| 19 | | -| 18 | | -| 17 | | -| 16 | | -| 15 | | -| 14 | | -| 13 | | -| 12 | | -| 11 | | -| 10 | | -| 09 | | -| 08 | | -| 07 | | -| 06 | | -| 05 | | -| 04 | | -| 03 | | -| 02 | | -| 01 | | +| 30 | [Kasper](./servers/kasper.md) | +| 29 | [TalDos](./servers/taldos.md) | +| 28 | Top of filing cabinet | +| 27 | .. | +| 26 | .. | +| 25 | .. | +| 24 | .. | +| 23 | .. | +| 22 | .. | +| 21 | .. | +| 20 | .. | +| 19 | .. | +| 18 | .. | +| 17 | .. | +| 16 | .. | +| 15 | .. | +| 14 | .. | +| 13 | .. | +| 12 | .. | +| 11 | .. | +| 10 | .. | +| 09 | .. | +| 08 | .. | +| 07 | .. | +| 06 | .. | +| 05 | .. | +| 04 | .. | +| 03 | .. | +| 02 | .. | +| 01 | Bottom of filing cabinet | [top of rack](#network-1) - [top of page](#) @@ -286,7 +331,7 @@ _updated: Oct 16th 2022_ [top of rack](#network-2) - [top of page](#) ## Network 3 -_updated: Oct 16th 2022_ +_updated: Feb 11, 2024_ | RU | Device | | :- | :----- | @@ -303,7 +348,7 @@ _updated: Oct 16th 2022_ | 34 | ITL Patch (U5-6) | | 33 | ITL Patch (unused) | | 32 | [Ziltoid](../servers/ziltoid.md) | -| 31 | [Talos](../servers/talos) | +| 31 | | | 30 | Mediatrix 1104 ??? | | 29 | Mediatrix 1104 ??? | | 28 | swu3 (TP-LINK TL-SG1048) | @@ -339,19 +384,19 @@ _updated: Oct 16th 2022_ ## COLO -_updated: Sept 24th 2022_ +_updated: Feb 11, 2024_ COSI has 1 rack in the university colocation at Old Main. | RU | Device | | :- | :----- | | 45 | OIT Switch (unknown name) | -| 44 | | -| 43 | TPLink TL-SG1016 16 port 1G switch | -| 42 | swf2 | +| 44 | FCOLO | +| 43 | | +| 42 | | | 41 | | -| 40 | 7 Grand Dad | -| 39 | 7 Grand Dad | +| 40 | | +| 39 | | | 38 | | | 37 | | | 36 | | @@ -359,17 +404,17 @@ COSI has 1 rack in the university colocation at Old Main. | 34 | | | 33 | | | 32 | | -| 31 | Monitor | -| 30 | Monitor | -| 29 | Monitor | -| 28 | Monitor | -| 27 | Monitor | -| 26 | Monitor | -| 25 | Monitor | -| 24 | Monitor | -| 23 | Shelf | -| 22 | Shelf | -| 21 | PowerDsine 9024G 24 port HIPOE injector 1G switch | +| 31 | | +| 30 | | +| 29 | | +| 28 | | +| 27 | | +| 26 | | +| 25 | | +| 24 | | +| 23 | | +| 22 | | +| 21 | | | 20 | | | 19 | | | 18 | | @@ -377,11 +422,11 @@ COSI has 1 rack in the university colocation at Old Main. | 16 | | | 15 | | | 14 | | -| 13 | Eldwyn | -| 12 | [Bacon](../servers/bacon.md) | -| 11 | [Bacon](../servers/bacon.md) | -| 10 | [Elephant](../servers/elephant.md) | -| 09 | [Elephant](../servers/elephant.md) | +| 13 | | +| 12 | | +| 11 | | +| 10 | | +| 09 | | | 08 | | | 07 | | | 06 | | diff --git a/src/infrastructure/servers/elephant.md b/src/infrastructure/servers/elephant.md index 1a84a6b..7674e7d 100644 --- a/src/infrastructure/servers/elephant.md +++ b/src/infrastructure/servers/elephant.md @@ -6,9 +6,9 @@ Elephant is a currently unused server with a similar form factor to [Bacon](./ba | | | | :--- | :--- | -| Location | [COLO](../racks.md#colo) +| Location | [Server Room - Right](../racks.md#right) | IP Addresses | 128.153.145.90 -| Deployed | Rack Mounted. No OS. +| Deployed | true ## Hardware @@ -16,13 +16,21 @@ Elephant is a currently unused server with a similar form factor to [Bacon](./ba | :--- | :--- | | CPU | Unknown | RAM | 2x Kingston 8GB 2Rx8 PC3-12800E-11-11-E3 KVR16E118 -| STORAGE | 5x HITACHI 3TB from 2012, 2x 1TB WD1003FBYZ from 2014. Has a total of eight 3.5 inch bays -| CONNECTIVITY | Unknown +| STORAGE | 8x Seagate Exos 8TB 3.5" HDDs +| CONNECTIVITY | 10 Gigabit SFP+ NIC | Motherboard | Supermicro X9SRI-F rev 1.20 ## Operating System -Nothing of value, yet. But has OpenSuse installed, unknown filesystem contents, nuking soon. +| | | +| :--- | :--- | +| OS | GNU/Linux +| Distro | TrueNAS Scale 23.10 "Cobia" +| Last updated | unknown +| End of life | TBD +| Enrolled in COSI auth | false +| NFS Mount | true + ## Services diff --git a/src/infrastructure/servers/hydra.md b/src/infrastructure/servers/hydra.md index 53ade57..f48e309 100644 --- a/src/infrastructure/servers/hydra.md +++ b/src/infrastructure/servers/hydra.md @@ -6,7 +6,7 @@ Hydra is COSI's default VM host. | | | | :--- | :--- | -| Location | [Server Room - Left](../racks.md#left) | +| Location | [Server Room - Center](../racks.md#center) | | IP Addresses | 128.153.145.42 | | Deployed | true | diff --git a/src/infrastructure/servers/janet.md b/src/infrastructure/servers/janet.md new file mode 100644 index 0000000..864acaa --- /dev/null +++ b/src/infrastructure/servers/janet.md @@ -0,0 +1,47 @@ +# Janet + +_updated: Feb 11, 2024_ + +Janet is COSI's secondary VM host. While it has much less storage than [hydra](./hydra.md), it has considerably more compute power and memory. + +| | | +| :--- | :--- | +| Location | [Server Room - Right](../racks.md#right) +| IP Addresses | 128.153.145.43 +| Deployed | true + +## Hardware + +| | | +| :--- | :--- | +| CPU | 2x Intel(R) Xeon(R) CPU E5-2640 @ 3.00GHz +| RAM | 80 GB +| STORAGE | 8x 300 GB 15K SAS HDDs +| CONNECTIVITY | 10 Gigabit SFP+ NIC + +## Operating System + +| | | +| :--- | :--- | +| OS | GNU/Linux +| Distro | Ubuntu Server 22.04 +| Last updated | Jan 2024 +| End of life | April 2027 +| Enrolled in COSI auth | false +| NFS Mount | false + +## VMs + +_updated: Feb 11, 2024_ + +- CS444 + +## Notes + +Just like [Hydra](./hydra.md), you can use virt-manager over ssh to manage VMs on Janet. + +VM's are using [qemu](https://www.qemu.org/) and virtmanager +```sh +ssh -X janet virt-manager +``` + diff --git a/src/infrastructure/servers/tiamat.md b/src/infrastructure/servers/tiamat.md index ab7acaa..4db12b7 100644 --- a/src/infrastructure/servers/tiamat.md +++ b/src/infrastructure/servers/tiamat.md @@ -8,7 +8,7 @@ container. | | | | :--- | :--- | -| Location | [Server Room - Left](../racks.md#left) | +| Location | [Server Room - Center](../racks.md#center) | | IP Addresses | 128.153.145.41 | | Deployed | true | diff --git a/src/infrastructure/servers/ziltoid.md b/src/infrastructure/servers/ziltoid.md index 768a179..101932b 100644 --- a/src/infrastructure/servers/ziltoid.md +++ b/src/infrastructure/servers/ziltoid.md @@ -1,14 +1,15 @@ # Ziltoid -_updated: December 15th, 2023_ +_updated: Feb 11, 2024_ Ziltoid was our firewall up until Fall 2023. It has since been superseded by [Kasper](kasper.md). +It is now being set up for use as a [DN42](https://dn42.us/) node. | | | | :--- | :--- | -| Location | N/A +| Location | [Server Room - Network 3](../racks.md#network-3) | IP Addresses | N/A -| Deployed | false +| Deployed | true ## Hardware diff --git a/src/infrastructure/vms.md b/src/infrastructure/vms.md index 80942b2..0ef6d71 100644 --- a/src/infrastructure/vms.md +++ b/src/infrastructure/vms.md @@ -6,6 +6,7 @@ This chapter contains an alphabetically ordered list of all of COSI's virtual ma **VM Hosts:** - [hydra](./servers/hydra.md) +- [janet](./servers/janet.md) **Template:** ``` @@ -131,28 +132,6 @@ It is important that no two services use the same port. Everything running on dubsdot2 should be a [docker](https://www.docker.com) container using docker-compose. All of the containers are stored in `/opt`. Use the `readme` to keep track of port allocations and check other compose to learn how to let SSL be auto configured. -## fsu - -_updated: Sept 25, 2023_ - -fsu provides the Floating Soda Unit bank (Mount Fsuvius) for the labs. - -| | | -| :--- | :--- | -| Host | [hydra](./servers/hydra.md) -| IP Addresses | 128.153.145.219 -| OS | GNU/Linux -| Distro | Ubuntu 22.04 LTS -| Last updated | ? -| End of life | Apr 2027 -| Enrolled in COSI auth | false -| NFS Mount | false - -**Services:** -| Service | Port | -| :--- | :--- | -| [Mount Fsuvius](http://fsu.cslabs.clarkson.edu) | 80 - ## gitea ## unbound diff --git a/src/services/authoritative_dns.md b/src/services/authoritative_dns.md index 6b64455..3679f60 100644 --- a/src/services/authoritative_dns.md +++ b/src/services/authoritative_dns.md @@ -15,7 +15,7 @@ This means we have control over `*.cosi.clarkson.edu.` and `*.cslabs.clarkson.ed ## [zones](https://gitea.cosi.clarkson.edu/COSI_Maintainers/zones) -Our DNS [zone files](https://en.wikipedia.org/wiki/Zone_file) are backed by a git repository on [gitea](../websites/gitea.md). While they started separate in recent years we've strived to have the cosi.clarkson.edu and cslabs.clarkson.edu match. +Our DNS [zone files](https://en.wikipedia.org/wiki/Zone_file) are backed by a git repository on [Github](https://github.com/COSI-Lab/zones). While they started separate in recent years we've strived to have the cosi.clarkson.edu and cslabs.clarkson.edu match. When adding a new server to the network make sure you remember to add it's ip to the reverse zones. diff --git a/src/services/firewall.md b/src/services/firewall.md index d1f474b..46e9deb 100644 --- a/src/services/firewall.md +++ b/src/services/firewall.md @@ -1,6 +1,6 @@ # Firewall -_updated: December 15st, 2023_ +_updated: Feb 11, 2024_ Since COSI has its own network, we need to run our own firewall. Our firewall is a filtered bridge between our public and private VLANS; blocking @@ -21,3 +21,82 @@ Our firewall is configured with nftables (the successor to iptables). Although the firewall repository has tools for some common tasks, it is a good idea to get familiar with how [nftables](https://wiki.nftables.org/) works so that you are able to make rules and fix problems should they arise. + +## Example firewall configuration +This configuration shows how to set up a bare-bones firewall that allows all +outbound traffic and filters inbound traffic against a list of open ports. It +should not be used in the labs without first being modified to be more +restrictive. + +``` +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + set COSIv4 { + type ipv4_addr + flags interval + + elements = { 128.153.144.0/23 } + } + + chain input { + type filter hook input priority 0; policy drop; + + iif lo accept comment "Accept any localhost traffic" + ct state invalid drop comment "Drop invalid connections" + ct state established,related accept comment "Accept traffic originated from us" + + meta l4proto ipv6-icmp accept comment "Accept ICMPv6" + meta l4proto icmp accept comment "Accept ICMP" + ip protocol igmp accept comment "Accept IGMP" + + tcp dport {12345} ip saddr @COSIv4 accept comment "Opening a port within the labs on the firewall server itself" + + counter comment "Count any other traffic" + } + + chain forward { + # Drop everything forwarded + type filter hook forward priority 0; counter; policy drop; + } + + chain output { + # Accept every outbound connection + type filter hook output priority 0; counter; policy accept; + } +} + +table bridge filter { + chain forward { + type filter hook forward priority 0; policy drop; + + meta l4proto ipv6-icmp accept comment "Accept ICMPv6" + meta l4proto icmp accept comment "Accept ICMP" + ip protocol igmp accept comment "Accept IGMP" + ether type arp counter accept comment "Allow ARP" + + iif LAN_if_name oif WAN_if_name counter accept comment "Allow packets from LAN to WAN" + iif WAN_if_name oif LAN_if_name ct state invalid counter drop comment "Drop invalid WAN to LAN packets" + iif WAN_if_name oif LAN_if_name ct state {established,related} counter accept comment "WAN to LAN if LAN initiated the connection" + iif WAN_if_name oif LAN_if_name counter jump holes comment "WAN to LAN on open ports" + + counter log comment "Drop any packets that were unaccounted for. Should be 0" + } + + chain holes { + ip daddr 128.153.145.123 tcp dport {12345} counter accept comment "Opening a port" + + counter drop comment "Port is closed" + } + + chain input { + type filter hook input priority 0; counter; policy accept; + } + + chain output { + type filter hook output priority 0; counter; policy accept; + } +} +``` \ No newline at end of file