Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
Here's the overview:
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
-----------------------------------------------------------------------------------------------------------------------
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
=======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.
How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by
ssh -p1022 -lssh 104.130.6.82
you should see
restrict shell, no commands #
(you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1):
Do a local forward by
ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
and then
ssh -lYOURNAME -p22221 localhost
(-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org
User YOURNAME
Hostname localhost
Port 222221
And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2):
(a) You have OpenSSH >= 7.3
Do a Jump with
ssh -J ssh@104.130.6.82:1022 YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4
Do a Jump via
ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME(a)10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
(c) You have OpenSSH < 5.4
Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards
-Tobias
I would like to request the support of the board to offer assistance
to the Cuis project by hosting the cuis-dev(a)cuis-smalltalk.org mailing
list on available sqeak.org infrastructure. We are fortunate to have an
excellent hosting infrastructure for our web servers and mailing lists.
Currently we incur no cost for use of that infrastructure due to our
membership in the Software Freedom Conservancy and to our commitment to
free distribution and promotion of Squeak and related projects. The Cuis
project is strongly connected with Squeak, and is compatible with and
supportive of the Squeak project. For that reason, I believe that it is
appropriate to make the squeak.org infrastructure available for support
of the cuis-dev mailing list.
The attached email from Juan Vuletich on cuis-dev provides background.
I have not previously discussed with with Juan, although I am CCing
him here. CC also to box-admins, just in case this is not a feasible
suggestion.
I am not an expert on mailing lists, but I am assuming that it is
possible to host a cuis-dev(a)cuis-smalltalk.org mailing list on our
servers without losing the "Cuis" identity. In other words, the list
identity must still be be cuis-dev(a)cuis-smalltalk.org, not
cuis-dev(a)lists.squeakfoundation.org.
Does the board support this proposal?
Thanks,
Dave
----- Forwarded message from Juan Vuletich via Cuis-dev <cuis-dev(a)cuis-smalltalk.org> -----
Date: Tue, 26 Mar 2019 08:31:17 -0300
To: Discussion of Cuis Smalltalk <cuis-dev(a)cuis-smalltalk.org>
Subject: [Cuis-dev] Problems with the mail list - Let's move to a new mail list server
List-Id: Discussion of Cuis Smalltalk <cuis-dev.cuis-smalltalk.org>
List-Archive: <http://cuis-smalltalk.org/pipermail/cuis-dev_cuis-smalltalk.org/>
From: Juan Vuletich via Cuis-dev <cuis-dev(a)cuis-smalltalk.org>
Cc: Juan Vuletich <juan(a)jvuletich.org>
Hi Folks,
We have been having problems with the mail list for a long time. The
current mail list is hosted at a personal hosting service of mine, at
www.hostgator.com. The problems we have include:
- It seems that there are people who use hostgator.com servers to send
spam, so their ip addresses are sometimes blacklisted by isp of some
list subscribers. As a result some folks can't get messages from the list.
- Hostgator has a limit of 500 emails per hour. Given that we have more
than a hundred subscribers, the limit has been hit at least once, and
the result is that the server just discards the messages. So, for a
certain message, some people will get it and others won't. This is
unacceptable. Hostgator suggests moving to either phpList (that can
throttle to avoid the limit) or ConstantContact, that has no limit. But
mailman (our current software, that can't throttle message sends) was
written for discussion lists. phpList is for newsletter distribution
(i.e. a single sender). ConstantContact is a separate company
specializing in email marketing. So, hostgator doesn't really consider a
discussion mail list as a valid use case.
- The list is tied to a personal account, that also includes
jvuletich.org and personal information, and this makes it hard to share
administration with someone else.
I believe the best solution is to move our mail list somewhere else. My
wishlist for this is that
- It is a non-paid service
- Its administration can be shared between several people
- It has freely accessible archives, and a reasonable web interface
- It doesn't include ads in messages
- It is an email list, not a web based forum
I can't believe that GitHub doesn't offer such a service. It could be
nicely integrated into Organizations, Repos, Teams, Issues, etc.
So far, the best I found is www.freelists.org . Any suggestion, or
comment on pros / cons of alternatives is warmly welcome!
Thanks,
--
Juan Vuletich
www.cuis-smalltalk.orghttps://github.com/Cuis-Smalltalk/Cuis-Smalltalk-Devhttps://github.com/jvuletichhttps://www.linkedin.com/in/juan-vuletich-75611b3
@JuanVuletich
_______________________________________________
Cuis-dev mailing list
Cuis-dev(a)cuis-smalltalk.org
http://cuis-smalltalk.org/mailman/listinfo/cuis-dev_cuis-smalltalk.org
----- End forwarded message -----