Skip to content

skrynski/server-config

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PRL-PRG Server Configuration

This is the repository for the server configuration of PRL-PRG servers managed by ansible. It also contains the technical details about their infrastructure.

Computers & Infrastructure

Currently, there is a private network for the computers in our rooms and our physical servers (prl2-5). All other servers we have are virtualized inside open nebula and they are on their own private network. The networks see each other without any issues.

Small VMs

If you are from CTU, you can create your own servers up to filling the group's quota from the FIT's cloud. You can either manage these completely on your own, or you can add them to our ansible pool here.

Large VMs

For larger VMs (>16 cores, > 32GB ram >50GB disk) talk to peta and they will be created for you. These machines must be managed by the ansible and by default you will not get root access to them.

Physical Machines

Servers prl2-prl5 are physical-ish machines. They must be managed by ansible.

Connecting to the machines

Note that our servers do not allow passwords. You must use your ssh keys to get in.

All our machines are visible from desktops in our rooms. If you need to connect from other locations, you have two options:

Faculty VPN

This is the preferred option if you work for CTU. Details on how to create a certificate and connect to the VPN are on our wiki.

Public Gateway

We have a public gateway server 147.32.233.132. You can use it to connect to all our other servers. Say you want to connect to server foobar, the easiest is to add the following to your ~/.ssh/config file:

Host foobar
    Hostname IP_ADDRESS_OF_YOUR_SERVER
    User YOUR_USERNAME
    ProxyCommand ssh YOUR_USERNAME@147.32.233.132 nc %h %p

Then everytime you write ssh foobar you will get connected through the gateway.

Administration & Changing Settings

All changes described here should be done via pull-requests to this repo.

Adding new user

To add new user, add yourself to the group_vars/all file. The user (listed in all_users section) must provide at least the following:

- username: YOUR_USERNAME
  name: YOUR_REAL_NAME
  ssh_key: "YOUR_PUBLIC_SSH_KEY"

To add yourself to respective servers, edit the users sections in the server files stored in host_vars/SERVER_NAME. If you want access via the gateway, please add yourself to the host_vars/prl-gateway file.

Installing packages

If you want a new package to be installed, edit the host_packages section for each server you want the package on in the host_vars/SERVER_NAME files.

Adding servers

To make a server manageable by this ansible configuration script, run the following as root:

curl -L https://github.com/PRL-PRG/server-config/releases/download/v0.0/init.sh | bash

This will install the authorized key for the management script. Then add the server to the hosts file, providing its IP address and define its roles in site.yml. For any machine-specific details, start its file in host_vars folder. The name of the file must be identical to the name of the server.

More Complex Tasks

Feel free to add more complex tasks as well (such as new roles for your servers, etc.). If you have questions or suggestions, please talk to peta.

Installing & using ansible on the control machine

(for Ubuntu)

sudo apt update
sudo apt install software-repositories-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible

To run ansible, run the following:

ansible-playbook -i hosts site.yml

Ansible notes

Debugging

The following is a debug task that debugs the provided message. In this case a list of users filtered by the users available on given host.

- debug:
      msg: "{{ all_users | selectattr('username', 'in', users) | list  }}"

About

Configuration for PRL-PRG servers

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Makefile 100.0%