CCCHH Wiki

User Tools

Site Tools

You are here: start » infrastructure » servers » chaosknoten
infrastructure:servers:chaosknoten

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infrastructure:servers:chaosknoten [2023-07-29 18:12 UTC] – [Konfiguration] stbinfrastructure:servers:chaosknoten [2024-05-26 15:53 UTC] (current) – add zfs unlock instructions dario
Line 2: Line 2:
  
 ---- dataentry server ---- ---- dataentry server ----
-hostname:     chaosknoten +hostname    : chaosknoten 
-location:     IRZ42 +location    : IRZ42 
-maintainers:  @@Maintainers@@ +maintainers : Infra-Team 
-netbox_url:   https://netbox.ccchh.net/dcim/devices/40/+netbox_url  : https://netbox.hamburg.ccc.de/dcim/devices/40/
 ---- ----
 +
  
 <WRAP column half> <WRAP column half>
Line 66: Line 67:
  
 DIe VMs haben Adressen aus verschiedenen Netzen. Siehe [[https://netbox.ccchh.net/ipam/prefixes/?site_id=2|Netbox Prefixes IRZ42]] DIe VMs haben Adressen aus verschiedenen Netzen. Siehe [[https://netbox.ccchh.net/ipam/prefixes/?site_id=2|Netbox Prefixes IRZ42]]
 +
 +==== IPv4 ====
 +
 +=== Public IPv4s ===
 +
 +We have the following public IPv4 subnets/ranges available:
 +
 +  * ''212.12.50.208/29'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/13/|NetBox-Link]])
 +  * ''212.12.51.128/28'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/15/|NetBox-Link]])
 +  * ''212.12.48.122-126/24'' ([[https://netbox.hamburg.ccc.de/ipam/ip-ranges/7/|NetBox-Link]]), part of ''212.12.48.0/24'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/12/|NetBox-Link]])
 +
 +=== Private IPv4s ===
 +
 +We use the following private IPv4 ranges:
 +
 +  * ''172.31.17.128/25'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/37/|NetBox-Link]])
 +  * ''172.31.17.0/25'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/16/|NetBox-Link]])
 +
 +==== IPv6 ====
 +
 +We have 2 IPv6-64-Prefixes, which map to corresponding IPv4-Prefixes/-Ranges.
 +
 +=== 2a00:14b0:4200:3000::/64 ===
 +
 +''2a00:14b0:4200:3000::/64'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/36/|NetBox-Link]])\\
 +This subnet corresponds to the following IPv4-Subnets: 
 +  * ''212.12.48.0/24'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/12/|NetBox-Link]])
 +
 +To generate an IPv6 corresponding to an IPv4, we use the following convention: Take the last octet of the IPv4-address in decimal and use it for the first two bytes of the localpart, but with the digits as hex.\\
 +So e.g.: ''212.12.48.125'' -> ''2a00:14b0:4200:3000:125::1''
 +
 +=== 2a00:14b0:f000:23::/64 ===
 +
 +''2a00:14b0:f000:23::/64'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/35/|NetBox-Link]])\\
 +This subnet corresponds to the following IPv4-Subnets:
 +  * ''212.12.50.208/29'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/13/|NetBox-Link]])
 +  * ''212.12.51.128/28'' ([[https://netbox.hamburg.ccc.de/ipam/prefixes/15/|NetBox-Link]])
 +
 +To generate an IPv6 corresponding to an IPv4 from either ''212.12.50.208/29'' or ''212.12.51.128/28'', we use the following convention: Take the 3rd octet of the IPv4-address in decimal and use it for the first two bytes of the localpart, but with the digits in hex. Then take the last octet of the IPv4-address in decimal and use it for the third and fourth bytes of the localpart, but with the digits as hex.\\
 +So e.g.:
 +  * ''212.12.50.212'' -> ''2a00:14b0:f000:23:50:212:0:1''
 +  * ''212.12.51.133'' -> ''2a00:14b0:f000:23:51:133:0:1''
 +
 +To generate an IPv6 corresponding to an IPv4 from ''172.31.17.0/25'', we use the following convention: Take the last octet of the IPv4-address in decimal and use it for the last two bytes of the localpart, but with the digits in hex.\\
 +So e.g.:
 +  * ''172.31.17.53'' -> ''2a00:14b0:f000:23::53''
  
 ===== Konfiguration ===== ===== Konfiguration =====
Line 80: Line 127:
     Port 4222     Port 4222
     User chaos     User chaos
-    IdentitiesOnly yes 
  
 Host turing-main Host turing-main
Line 86: Line 132:
     Port 42666     Port 42666
     User chaos     User chaos
-    IdentitiesOnly yes 
  
 Host ns-intern Host ns-intern
     HostName ns-intern.hamburg.ccc.de     HostName ns-intern.hamburg.ccc.de
     User chaos     User chaos
-    IdentitiesOnly yes 
     ProxyJump turing     ProxyJump turing
  
Line 97: Line 141:
     HostName rproxy-intern.hamburg.ccc.de     HostName rproxy-intern.hamburg.ccc.de
     User chaos     User chaos
-    IdentitiesOnly yes 
     ProxyJump turing     ProxyJump turing
 </code> </code>
 +
 +
 +===== HOWTO Chaosknoten-Reboot =====
 +
 +==== Vor dem Reboot ====
 +
 +=== VMs hibernaten ===
 +
 +Eine Reihe von VMs brauchen beim Booten ein Secret über die Konsole, z. B. für LUKS. Wenn man das nicht machen will, kann mann die betreffenden VMs in den Winterschlaf schicken. Wir haben alle VMs, für die das notwendig ist, mit dem Tag "luks" markiert.
 +
 +  # ./suspend-luks-vms.sh
 +
 +==== Nach dem Reboot ====
 +
 +Was nach einem reboot alles passieren muss, damit alle services wieder hochkommen.
 +
 +=== ZFS encrypted Dataset entsperren ===
 +
 +Key liegt im pass unter ''noc/server/chaosknoten/zfs/rust0-encrypted-passphrase''
 +
 +  zfs load-key rust0/encrypted
 +
 +===== Assigned Services =====
 +
 +---- datatable ----
 +headers : Service, Service-URLs, Host-FQDN
 +cols    : %pageid%, service-urls_urls, host-fqdn
 +filter  : %class%=service
 +and     : %pageid%!=infrastructure:services:template
 +and     : server_page==infrastructure:servers:chaosknoten
 +----
  
infrastructure/servers/chaosknoten.1690654365.txt.gz · Last modified: 2023-07-29 18:12 UTC by stb
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki