Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
Here's the overview:
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
-----------------------------------------------------------------------------------------------------------------------
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
=======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.
How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by
ssh -p1022 -lssh 104.130.6.82
you should see
restrict shell, no commands #
(you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1):
Do a local forward by
ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
and then
ssh -lYOURNAME -p22221 localhost
(-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org
User YOURNAME
Hostname localhost
Port 222221
And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2):
(a) You have OpenSSH >= 7.3
Do a Jump with
ssh -J ssh@104.130.6.82:1022 YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4
Do a Jump via
ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
(c) You have OpenSSH < 5.4
Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards
-Tobias
I noticed a problem on squeaksource.com, with the image size reaching close
to 1 GB, and very slow web page display. After terminating some stuck processes
from a process browser, I resaved the image and restarted it on dan.box.squeak.org.
There was no loss of data, although if anyone noticed response time problems or
other issues in the last few hours, this was likely the cause.
Dave