SystemAdministration/TheHitchhikersGuideToTheli694-22Domain: Difference between revisions

From SoylentNews
Jump to navigation Jump to search
(Provided a link to a list of the chemical elements)
 
(One intermediate revision by one other user not shown)
Line 13: Line 13:
! Node Name !! Public Addresses !! Who Can Access (POSIX groups) !! Is Running What
! Node Name !! Public Addresses !! Who Can Access (POSIX groups) !! Is Running What
|-
|-
| [[Soylent-www|hydrogen]] || soylentnews.org || prod_access || slashd, varnish, apache 1.3, nginx
| [[SystemAdministration/Server/Hydrogen|hydrogen]] || soylentnews.org || prod_access || slashd, varnish, apache 1.3, nginx
|-
|-
| helium || None || db || mysql (prod master)
| [[SystemAdministration/Server/Helium|helium]] || None || db || mysql (prod master)
ldap (master)
ldap (master)
Kerberos KDC (master)
Kerberos KDC (master)
BIND (master, li694-22 zone)
BIND (master, li694-22 zone)
|-
|-
| lithium || dev.soylentnews.org || dev_team ||slashd, varnish, apache 1.3, nginx, mysql (dev DB)
| [[SystemAdministration/Server/Lithium|lithium]] || dev.soylentnews.org || dev_team ||slashd, varnish, apache 1.3, nginx, mysql (dev DB)
|-
|-
| [[Soylent-services|beryllium]] || wiki.soylentnews.org || svcadmin || A lot of stuff, mechanicjay, fill me in?
| [[SystemAdministration/Server/Beryllium|beryllium]] || wiki.soylentnews.org || svcadmin || A lot of stuff, mechanicjay, fill me in?
* This node is not LDAPed or KRB5ed, needs its own username/passwords
* This node is not LDAPed or KRB5ed, needs its own username/passwords
|-
|-
| boron || {staff,status}.soylentnews.org || firefighters || apache 2.2 (userdir)
| [[SystemAdministration/Server/Boron|boron]] || {staff,status}.soylentnews.org || firefighters || apache 2.2 (userdir)
KDC slave
KDC slave
DNS slave for li694-22
DNS slave for li694-22
LDAP slave (not fully setup)
LDAP slave (not fully setup)
|-
|-
| carbon || irc.soylentnews.org || ircops || IRC server, services & httpd
| [[SystemAdministration/Server/Carbon|carbon]] || irc.soylentnews.org || ircops || IRC server, services & httpd
|-
|-
| oxygen || None || sysops only || Offsite Backup
| [[SystemAdministration/Server/Oxygen|oxygen]] || None || sysops only || Offsite Backup
* This node is outside linode, and is connected by VPN. LDAP and KRB5 are available but laggy
* This node is outside linode, and is connected by VPN. LDAP and KRB5 are available but laggy
|}
|}


== Naming Scheme ==
== Naming Scheme ==
[[File:Periodic table simple en.svg|thumb|Periodic table of elements]]
Nodes are named after the periodic table of elements, which should keep us good for a long while. Keep going up by increasing atomic number until we finally run out.
Nodes are named after the periodic table of elements, which should keep us good for a long while. Keep going up by increasing atomic number until we finally run out.


These are listed at: http://en.wikipedia.org/wiki/List_of_elements.
These are listed at: [[wikipedia:List of elements]]


== DNS Setup ==
== DNS Setup ==

Latest revision as of 14:51, 30 March 2014

In many of the more relaxed civilizations of Linode, the Hitchhiker's Guide has already supplanted the great Encyclopaedia Galactica as the standard repository of all knowledge and wisdom, for though it has many omissions and contains much that is apocryphal, or at least wildly inaccurate, it scores over the older, more pedestrian work in two important respects.

Common Information

Most nodes are present on the Dallas, TX Linode Datacenter unless stated otherwise, and have static IPs. From within the nodes themselves, we have a local DNS allowing them to refer to each other under the li694-22 TLD (a reference to our original pre-launch URL).

  • All nodes support kerberos authetication to allow node-for-node access
  • shell access is only allowed from desiginated nodes.
  • LDAP and Kerberos is available on all nodes unless noted
  • sysops can access all nodes, they are not explicately listed below
Node Name Public Addresses Who Can Access (POSIX groups) Is Running What
hydrogen soylentnews.org prod_access slashd, varnish, apache 1.3, nginx
helium None db mysql (prod master)

ldap (master) Kerberos KDC (master) BIND (master, li694-22 zone)

lithium dev.soylentnews.org dev_team slashd, varnish, apache 1.3, nginx, mysql (dev DB)
beryllium wiki.soylentnews.org svcadmin A lot of stuff, mechanicjay, fill me in?
  • This node is not LDAPed or KRB5ed, needs its own username/passwords
boron {staff,status}.soylentnews.org firefighters apache 2.2 (userdir)

KDC slave DNS slave for li694-22 LDAP slave (not fully setup)

carbon irc.soylentnews.org ircops IRC server, services & httpd
oxygen None sysops only Offsite Backup
  • This node is outside linode, and is connected by VPN. LDAP and KRB5 are available but laggy

Naming Scheme

Periodic table of elements

Nodes are named after the periodic table of elements, which should keep us good for a long while. Keep going up by increasing atomic number until we finally run out.

These are listed at: wikipedia:List of elements

DNS Setup

important: The DNS zones are nicely formatted, please try to keep it that way, also do NOT forget to update the zone file's serial if you've updated a zone.

The master name server is helium and the slave is boron, at the moment they serve two zones, the forward li694-22. TLD zone and our reverse zone 168.192.in-addr.arpa.

Both servers have configuration files in the same location: /etc/bind/, the master also stores zone files in here, the slave however keeps them in /var/cache/bind/ (but really, you shouldn't be editing the slave's zone file).

The zone files are called: 'db.li694-22' and 'db.192-rev'.

Zone Serial

At the top of each zone file, you'll find a line like the following:

                     2014032314         ; Serial

This is called the 'serial' and it requires to be updated each time you make a modification to the zone file.

If you look closely, you'll see 2014 03 23 and 14 - in other words, a full date (in yyyymmdd format) and the zone file revision for that day, meaning, if you change the zone file on the same date, it would become 2014032315 and so on. If you were to edit the zone file on March 24 2014 it would become: 2014032401

every time you update a zone file, you must update the serial.

/etc/bind/db.li694-22

The li694-22 zone has an A-record for every node name (e.g. Carbon), it also lists public IPs (A and AAAA) for nodes (if any), for instance, carbon:

; Carbon (IRC)
carbon          IN      A               [redacted]
pub.carbon      IN      A               50.116.18.95
pub.carbon      IN      AAAA            2600:3c00::f03c:91ff:fe6e:c4b8

As an addition, most nodes have aliases which are CNAMEs for the node's name, and each alias also has a 'pub.<alias>' which in turn is a CNAME for pub.node_name, for example:

irc             IN      CNAME           carbon
pub.irc         IN      CNAME           pub.carbon

You can add new nodes and alias on demand with these examples (be sure to update the zone serial).

/etc/bind/db.192.168-rev

The reverse zone, has entries that look like:

123.123      IN      PTR             carbon.li694-22.

If you like to add a reverse DNS entry, do the following from the command line (example IP = 192.168.136.231):

[22:21] xlefay@carbon $ host 192.168.136.233
Host 233.136.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

You'll now see the 233.136.168.192.in-addr.arpa. part, grab the first two segments and add those in the zone file at the bottom like so:

233.136      IN      PTR             node-name.li694-22.

Update the serial, save the config.

Conclusion of DNS section

To save and distribute your changes to slave nodes, you run rndc reload

[00:03] root@helium $ rndc reload
server reload successful
[00:03] root@helium $ 

If you have any questions whatsoever message me (xlefay) on IRC.