Infrastructure

From Splatspace
Revision as of 16:00, 1 February 2013 by Petesoper (Talk | contribs)

Jump to: navigation, search

Contents

Networking

The Splat Space firewall is a NetScreen 5GT WLAN running ScreenOS 5.4r12 - the config as of 5/10/2011 is uploaded to this file: Media:20110510-5gt-config.doc Manuals for the ScreenOS 5.4 can be found on the Juniper website. The most useful is the Concepts & Examples Guide, which is a 25MB PDF.

If you change the firewall config, please upload a new copy of the config - with a new name! - so this page is up to date.

Many Splatters know the administrative userid and password - please check with Lisa, Mike, Justis, or Lenore if you need it.

Workstation Computers

Phone Server

Raspberry Pi Virtual PC

(Petesoper 07:53, 1 February 2013 (MST))

Description and Charter

  • System "splatpi" is a 1/4gb (rev 1) model B Raspberry Pi with hostname "splatpi". It is running latest (mid-December, 2012) Raspbian (aka Debian 7 aka wheezy) with patches current as of the end of January 2013. Its /boot filesystem is on an SD card as usual, but all other filesystems are on a 3 1/2" disk drive.
  • This system is freely available with no restrictions on use except:
    • Do not disturb the hardware except to do an emergency restart (see below) and leave the /boot and /R{2,3,4} filesystems untouched.
    • Be careful with superuser commands. If you aren't comfortable modifying the system, ask for help.
    • Don't lose site of the fact that this system has the power of a slow Pentium II and easily runs out of main memory. Use uptime or top for an idea of the load and if the system appears to have died, be patient and don't cycle power vs disconnecting/logging out and giving it a chance to finish thrashing the disk.
    • Note well that there is ZERO security arrangement with this system. This system thinks it's the distant past when security was handled by a guard at the front of a workplace.

Access

  • Example GUI access (renders a 1024x768 desktop):
    • Command: vncviewer 192.168.2.61
    • On Windows you'll of course use some GUI vncviewer (the one at realvnc.com is nice)
    • Only one vnc session is available at a time. The 2nd through Nth person using a VNC viewer will unfortunately get little or no feedback, depending on what viewer they are using.
    • REMEMBER to stop your viewer session when you're done so others can use the GUI interface
  • Example text interface login (password "raspberry"):
    • Command: ssh -l pi 192.168.2.61
    • concurrent ssh logins are supported, but watch out about overloading the system. The "uptime" command let's you know how many users are on the system and the load average (most recent, through oldest/smoothed load average). Note that the user corresponding to VNC access is always "on", even if nobody is using a vncviewer.
  • The system has an echo server so it will respond to ping. An easy status check is with the command below, but if the system is thrashing this can take a very long time to put up a prompt and then complete:
    • ssh -l pi 192.168.2.61 uptime
  • EMERGENCY power cycling instructions
    • First ask yourself: Is the system unresponsive because my vncviewer is crap, I'm trying to pretend Windows remote desktop is the same thing as VNC, I forgot the -l on the ssh command, somebody else is using the system and or previously used it and in any case it's currently thrashing the disk, etc?
    • CAREFULLY do this:
      • Pick up the RPi (blue plastic case sitting near the "trihack" server on the table near the rack cabinet) so you can push on the (broken) ethernet connector to jam the RPi into the end of the case where the SD card sticks out. The key here is to keep the RPi snug against this end of the box so the power connector goes in properly.
      • Pull the power connector out, then put it back in, double checking that the RPi is flush against that end of the case.
      • Peek near the end of the case having the ethernet connector and confirm the red LED is shining.
      • Put the box back down gently

Admin/"Advanced" Todo List

The current admin (pete@soper.us 919 270 9433) and folks experienced with Linux and in tune with the vibes should consider this list:

  • Properly configure router cabling so another connection isn't "stolen." Note that the current CAT 5 cable has broken (tab missing) connectors on both ends and needs replacing which is why the cable wasn't fed from the back of the rack cabinet to start with!
  • The system should probably live on a shelf on the back wall so there's room for it to get friendly with like-minded single board computers that want to share copper.
  • Fix the clearance of the power connector in the case so the board sliding around inside the case doesn't cause the plug to come loose.
  • Arrange a "big red button" for restarting the system and put that button underneath a checklist that discourages rash acts stemming from ignorance.
  • Think HARD about the implications of enabling IPV6 if that by definition enables access from arbitrary clients on the Internet. Maybe consider a "hardenedpi" system that is fully accessible but not begging instant corruption by hackers who discover the address.
  • Add "noauto" option and pull "user" option if present for /boot in /etc/fstab to make it harder to get munged.
  • The hard drive's partition table should be edited so one of the other partitions is identical in size to the one for root and a backup copy should be made. There should likewise be a second SD card rubber banded to the bottom of the RPi's case so when the one root gets ruined the SD card is swapped and the boot process is steered to the backup. The backup could be periodically sync'd with the current root *after confirming it's healthy*. Any SD card 64mb or larger would work for this.
  • Set up bonjour or equivalent so the system can be accessed with a name IP address
  • Feed system status to the splatspace.org web server via CGI or the like. Keep the overhead low!
  • Nicer and maybe randomly variable desktop background graphics

User Project Todo List

  • Howtos, demos
  • Graphics files for 1024x768 desktop backgrounds
  • Scratch, Python, other program examples
  • Games
  • A brother or sister for splatpi dedicated to _____?
  • A daughterboard (and alternative case) that enables possibilities such as I2C and/or SPI buses for brother/sister systems (whether they are RPis, Arduinos, etc).
  • Sensors fed via the hardware to monitor the room's temperature, light level, sound level, etc, and feed that via CGI or the like to the splatspace.org web server while keeping the overhead LOW.