Equipment/Turing: Difference between revisions
No edit summary |
m (Updated LDAP info (no more Denning as it goes to ldap-secondary now, and it does work)) |
||
(11 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{EquipmentInfobox | {{EquipmentInfobox | ||
| name = Turing<!-- Name of the item. --> | |name=Turing<!-- Name of the item. --> | ||
| image = Hackspace_Unknown.png <!-- Image of the item. Leave with placeholder image if none exists. --> | |image=Hackspace_Unknown.png <!-- Image of the item. Leave with placeholder image if none exists. --> | ||
| model = Virtual <!-- Model --> | |model=Virtual <!-- Model --> | ||
| category = Equipment <!-- Main category. Please leave alone to keep item in this category --> | |category=Equipment <!-- Main category. Please leave alone to keep item in this category --> | ||
| subcat = Systems<!-- Sub-category if one exists. Please check main listing to see other categories contained within the main one --> | |subcat=Systems<!-- Sub-category if one exists. Please check main listing to see other categories contained within the main one --> | ||
| status = Good working order <!-- Set to one of; Good working order, Faulty, Out of order, Under construction, Out of consumables, Scrapped, or Unknown --> | |status=Good working order <!-- Set to one of; Good working order, Faulty, Out of order, Under construction, Out of consumables, Scrapped, or Unknown --> | ||
| consumables = Unknown <!-- Any items used up in normal operation, such as; ink, paper, saw-blades, cutting disks, oil, etc.. --> | |consumables=Unknown <!-- Any items used up in normal operation, such as; ink, paper, saw-blades, cutting disks, oil, etc.. --> | ||
| accessories = Unknown <!-- Any items associated with the equipment but not consumable, such as; drill bits, safety gloves, goggles, etc.. --> | |accessories=Unknown <!-- Any items associated with the equipment but not consumable, such as; drill bits, safety gloves, goggles, etc.. --> | ||
| reqtraining = | |reqtraining=yes | ||
| trainlink = Unknown <!-- If training is required, provide a link to training signup or contact page. Otherwise leave blank. --> | |trainlink=Unknown <!-- If training is required, provide a link to training signup or contact page. Otherwise leave blank. --> | ||
| acnode = | |acnode=no | ||
| owner = LHS <!-- Provide a link to owners members page if other than LHS --> | |owner=LHS <!-- Provide a link to owners members page if other than LHS --> | ||
| origin = Sponsorship <!-- If via pledge, please link to the completed pledge page on the wiki --> | |origin=Sponsorship <!-- If via pledge, please link to the completed pledge page on the wiki --> | ||
| location = A Bitfolk datacenter <!-- Floor, room/zone and location within that area --> | |location=A Bitfolk datacenter <!-- Floor, room/zone and location within that area --> | ||
| maintainers = The Trustees <!-- NO LINKS PLEASE; it currently breaks the template. If someone is nominated as managing the upkeep of this item, please list them here. --> | |maintainers=The Trustees <!-- NO LINKS PLEASE; it currently breaks the template. If someone is nominated as managing the upkeep of this item, please list them here. --> | ||
| template_ver = 1.1 <!-- Please do not change. Used for tracking out-of-date templates --> | |template_ver=1.1 <!-- Please do not change. Used for tracking out-of-date templates --> | ||
}} | }} | ||
== Purpose == | == Purpose == | ||
Runs the [http://hackspace.org.uk UK Hackspace website] and hosts wikis for any spaces that want. Also hosts the [http://github.com/londonhackspace/hackspace-foundation-sites/ membership system] and forwards the webcams for London Hackspace. | Runs the [http://hackspace.org.uk UK Hackspace website] and hosts wikis for any spaces that want. Also hosts the [http://github.com/londonhackspace/hackspace-foundation-sites/ membership system] and forwards the webcams for London Hackspace. | ||
Line 25: | Line 24: | ||
See also: [[System naming]] | See also: [[System naming]] | ||
== Access == | |||
Access is limited to Trustees only since it contains the membership db. | |||
== LDAP == | |||
Turing has an [[LDAP]] db on it that is replicated to ldap-secondary (Hackspace VM in Wembley) for use on machines in the space. | |||
Turing has iptables rules that allow access to the [[LDAP]] server from ldap-secondary (Hackspace VM). | |||
We use a schema that is compatible with Samba for 2 reason: | |||
* We might want user logins to Samba at some point | |||
* The sambaNTPassword attribute is understood by FreeRADIUS and is needed for MS-CHAP auth for spacefed. | |||
however the sambaNTPassword hash is quite weak, and the sambaLMPassword hash is silly, so ideally: | |||
* the sambaLMPassword attribute would contain nonsense that can never be authenticated against | |||
* the sambaNTPassword attribute would be for a different password from the userPassword | |||
Currently we are not adding sambaLMPassword attribute's to the database. | |||
=== cheat sheet at the moment === | |||
==== list a users details ==== | |||
<nowiki> | |||
smbldap-usershow <username></nowiki> | |||
or: | |||
<nowiki> | |||
smbldap-userinfo -l <username></nowiki> | |||
==== add a user to a group ==== | |||
<nowiki> | |||
smbldap-usermod -G +<groupname> <username></nowiki> | |||
==== List the members of a group ==== | |||
<nowiki> | |||
smbldap-groupshow <group name></nowiki> | |||
==== Remove a member from a group ==== | |||
<nowiki> | |||
smbldap-usermod -G -<groupname> <username></nowiki> | |||
==== Edit the acl's ==== | |||
(assuming ldapvi is installed) | |||
<nowiki> | |||
ldapvi -Y EXTERNAL -h ldapi:/// -b olcDatabase={1}hdb,cn=config -v "(olcAccess=*)" olcAccess</nowiki> | |||
=== Issues === | |||
* might need to add an index to memberUid | |||
=== Changes to tools on Turing === | |||
The smbldap tools were patched with these patches | |||
* http://svn.gna.org/viewcvs/smbldap-tools/trunk/smbldap-userlist.pl?view=patch&r1=135&r2=134&pathrev=135 | |||
* http://svn.gna.org/viewcvs/smbldap-tools/trunk/smbldap-grouplist.pl?view=patch&r1=135&r2=134&pathrev=135 | |||
... and a few others, you can see them all here: | |||
https://github.com/londonhackspace/hackspace-foundation-sites/tree/ldap/ldap | |||
== Graphs == | == Graphs == | ||
* [http://tools.bitfolk.com/cacti/ | * [http://tools.bitfolk.com/cacti/graph_3728.html Host load average] | ||
* [http://tools.bitfolk.com/cacti/ | * [http://tools.bitfolk.com/cacti/graph_3727.html Host CPU usage] | ||
* [http://tools.bitfolk.com/cacti/graph_3800.html Traffic] | |||
== IP == | == IP == |
Latest revision as of 17:33, 23 November 2018
Purpose
Runs the UK Hackspace website and hosts wikis for any spaces that want. Also hosts the membership system and forwards the webcams for London Hackspace.
Name
Named after Alan Turing.
See also: System naming
Access
Access is limited to Trustees only since it contains the membership db.
LDAP
Turing has an LDAP db on it that is replicated to ldap-secondary (Hackspace VM in Wembley) for use on machines in the space.
Turing has iptables rules that allow access to the LDAP server from ldap-secondary (Hackspace VM).
We use a schema that is compatible with Samba for 2 reason:
- We might want user logins to Samba at some point
- The sambaNTPassword attribute is understood by FreeRADIUS and is needed for MS-CHAP auth for spacefed.
however the sambaNTPassword hash is quite weak, and the sambaLMPassword hash is silly, so ideally:
- the sambaLMPassword attribute would contain nonsense that can never be authenticated against
- the sambaNTPassword attribute would be for a different password from the userPassword
Currently we are not adding sambaLMPassword attribute's to the database.
cheat sheet at the moment
list a users details
smbldap-usershow <username>
or:
smbldap-userinfo -l <username>
add a user to a group
smbldap-usermod -G +<groupname> <username>
List the members of a group
smbldap-groupshow <group name>
Remove a member from a group
smbldap-usermod -G -<groupname> <username>
Edit the acl's
(assuming ldapvi is installed)
ldapvi -Y EXTERNAL -h ldapi:/// -b olcDatabase={1}hdb,cn=config -v "(olcAccess=*)" olcAccess
Issues
- might need to add an index to memberUid
Changes to tools on Turing
The smbldap tools were patched with these patches
- http://svn.gna.org/viewcvs/smbldap-tools/trunk/smbldap-userlist.pl?view=patch&r1=135&r2=134&pathrev=135
- http://svn.gna.org/viewcvs/smbldap-tools/trunk/smbldap-grouplist.pl?view=patch&r1=135&r2=134&pathrev=135
... and a few others, you can see them all here:
https://github.com/londonhackspace/hackspace-foundation-sites/tree/ldap/ldap
Graphs
IP
212.13.195.146 85.119.83.146 (hackspace.vps.bitfolk.com)
Services
These run as daemons automatically:
- Apache
- postgres
- mjpegproxy-webcams (in screen, no logging)