Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
Here's the overview:
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
-----------------------------------------------------------------------------------------------------------------------
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
=======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.
How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by
ssh -p1022 -lssh 104.130.6.82
you should see
restrict shell, no commands #
(you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1):
Do a local forward by
ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
and then
ssh -lYOURNAME -p22221 localhost
(-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org
User YOURNAME
Hostname localhost
Port 222221
And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2):
(a) You have OpenSSH >= 7.3
Do a Jump with
ssh -J ssh@104.130.6.82:1022 YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4
Do a Jump via
ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
(c) You have OpenSSH < 5.4
Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards
-Tobias
I assume you mean source.squeak.org. If so, I just restarted the
image. There has been a problem with the server since Aug 4th which
has broke the MC history function -- but no one reported it.
Attempting to connect to the image gave me:
channel 3: open failed: administratively prohibited: open failed
Anyone know what this means? The sshd_config hasn't changed. A quick
google search indicates a network resource issue (out of TCP handles)
so I just now tried restarting the image in hopes that clears it up,
but we may need a full reboot of the server as I am still getting the
same message (above).
Website and HTTP access seems to be working, but I still cannot
connect to the image. Tobias did you do any changes to this server or
have any clues?
- Chris
On Thu, Aug 16, 2018 at 4:29 PM, Edgar De Cleene <edgardec2005(a)gmail.com> wrote:
> And just now i need it ….
> must have my own copies of stuff …
>
>
>
A message from Bruce on planet.squeak.org.
(My 2ct: the gateway for the public/internet-network was not ping-able, the reboot helped with that..)
-t
> Begin forwarded message:
>
> From: "Bruce O'Neel" <bruce.oneel(a)pckswarms.ch>
> Subject: Re: David, the planet server
> Date: 16. August 2018 um 15:04:15 MESZ
> To: "Tobias Pape" <Das.Linux(a)gmx.de>, box-admins(a)lists.squeakfoundation.org
> Reply-To: bruce.oneel(a)pckswarms.ch
>
> Hi,
>
> Recently David, the server for planet.squeak.org, was grumpy.
>
> The first symptom was that when I logged in that the second request for a ssh pass phrase took much longer, sometimes so long as to time out.
>
> The other problem I get is lots of error messages that look like:
>
> ERROR:planet.runner:Error 500 while updating feed https://astares.blogspot.com/atom.xml <https://astares.blogspot.com/atom.xml>
>
> A curl of this on my local Mac returns in about 1 second.
>
> the same on David
>
> bruceoneel@david:~/tmp$ curl https://astares.blogspot.com/atom.xml <https://astares.blogspot.com/atom.xml>
> curl: (6) Could not resolve host: astares.blogspot.com
>
> Both the entries in /etc/resolv.conf are not reachable.
>
> bruceoneel@david:~/tmp$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 69.20.0.164
> nameserver 69.20.0.196
> bruceoneel@david:~/tmp$ ping 69.20.0.164
> PING 69.20.0.164 (69.20.0.164) 56(84) bytes of data.
> From 23.253.149.127 icmp_seq=1 Destination Host Unreachable
> From 23.253.149.127 icmp_seq=2 Destination Host Unreachable
> From 23.253.149.127 icmp_seq=3 Destination Host Unreachable
> ^C
> --- 69.20.0.164 ping statistics ---
> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4022ms
> pipe 3
> bruceoneel@david:~/tmp$ ping 69.20.0.196
> PING 69.20.0.196 (69.20.0.196) 56(84) bytes of data.
> From 23.253.149.127 icmp_seq=1 Destination Host Unreachable
> From 23.253.149.127 icmp_seq=2 Destination Host Unreachable
> From 23.253.149.127 icmp_seq=3 Destination Host Unreachable
> ^C
> --- 69.20.0.196 ping statistics ---
> 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3013ms
> pipe 3
> bruceoneel@david:~/tmp$
>
> If I add 1.1.1.1 to the name server list in /etc/resolv.conf it doesn't help.
>
>
> After Tobias talked to backspace, it turns out that a reboot solved the problem. Maybe it was a routing problem? OTOH packets over port 22 did make it in and out so I don't know...
>
>
> cheers
>
> bruce
FYI in case it turns out to be a recurring problem in the future.
This user has registered on the vm-dev list, and then posted an apparently
machine-generated message to the list. I have set the user to "moderated" on
the list so that I can watch for continued activity.
The user name "kjdshfkjsa" looks like fingers on a keyboard, but just in
case the bots have gotten smart enough to register themselves on mailing
lists, I thought I should mention it here.
Dave
----- Forwarded message from mailman-bounces(a)lists.squeakfoundation.org -----
Subject: Vm-dev subscription notification
From: mailman-bounces(a)lists.squeakfoundation.org
To: vm-dev-owner(a)lists.squeakfoundation.org
Precedence: list
Date: Fri, 03 Aug 2018 06:47:20 +0000
X-BeenThere: vm-dev(a)lists.squeakfoundation.org
X-Mailman-Version: 2.1.18
List-Id: Open Smalltalk Virtual Machine Development Discussion
<vm-dev.lists.squeakfoundation.org>
X-List-Administrivia: yes
Errors-To: mailman-bounces(a)lists.squeakfoundation.org
X-Spamilter-SPF: pass (policy result: [pass] from rule [mx]) reciever=shell.msen.com; client-ip=162.242.237.43; envelope-from=<srs0=w8f2=ks=lists.squeakfoundation.org=mailman-bounces(a)squeak.org>; helo=mail.squeak.org;)
X-Milter: Spamilter (Reciever: shell.msen.com; Sender-ip: 162.242.237.43; Sender-helo: mail.squeak.org;)
kjdshfkjsa <susanwise927(a)outlook.com> has been successfully subscribed
to Vm-dev.
----- End forwarded message -----
Moving this to the box-admins list.
Users trying to reach wiki.squeak.org are blocked, apparently due to changes
in our httpS setup. What is changing? Is this a temporary situation, or do
we have a problem?
Currently I cannot reach the wiki at all with my Firefox browser, but can
reach it with Chrome if I use http rather than https.
Dave
On Wed, Aug 01, 2018 at 08:29:39AM +0200, Tobias Pape wrote:
> Hi all
> > On 01.08.2018, at 05:52, Xin Wang <dramwang(a)163.com> wrote:
> >
> > Not sure if it is only me, but when opening https://wiki.squeak.org/, I get a Nextcloud page, with following message:
> >
> > > Access through untrusted domain ...
> >
> > https://planet.squeak.org/ also have this problem.
> >
>
>
> Jeah, that's because we do not have the httpS setup completely done.
> It should work without the S, just plain ol' http.
>
> Best regards
> -Tobias
>
>
> >
> > Regards,
> > Xin Wang
> >
>
>