Merge branch 'whoops'

Author: duvallj

SUMMARY.md

@@ -85,8 +85,7 @@
     * [Passcard](technologies/authentication/passcard/README.md)
       * [GPG Usage](technologies/authentication/passcard/gpg-usage.md)
     * [LDAP](technologies/authentication/ldap.md)
-    * [NSS](technologies/authentication/nss.md)
-    * [NSS LDAP](technologies/authentication/nss-ldap/README.md)
+    * [NSS](technologies/authentication/nss-ldap/README.md)
       * [NSS LDAP Templates](technologies/authentication/nss-ldap/templates.md)
     * [SSHD](technologies/authentication/sshd.md)
   * [Storage](technologies/storage/README.md)
@@ -162,6 +161,12 @@
     * [Waitaha](machines/ceph/waitaha.md)
     * [Barrel](machines/ceph/barrel.md)
     * [Valdes](machines/ceph/valdes.md)
+  * [Other](machines/other/README.md)
+    * [ASM](machines/other/asm.md)
+    * [Duke](machines/other/duke.md)
+    * [Auckland](machines/other/auckland.md)
+    * [Cayman](machines/other/cayman.md)
+    * [Pitcairn](machines/other/pitcairn.md)
   * [Switches](machines/switches/README.md)
     * [Core0](machines/switches/core0.md)
     * [Xnor](machines/switches/xnor.md)
@@ -172,7 +177,9 @@
   * [History](machines/history/README.md)
     * [2008 Sun AEG](machines/history/2008-sun-aeg.md)
     * [2011 Sun Upgrades](machines/history/2011-sun-spring-upgrades.md)
+    * [2017 VM Disaster](machines/history/2017-vm-disaster.md)
     * [2018 Purchases](machines/history/2018-purchases.md)
+    * [2018 Cephpocalypse](machines/history/2018-cephpocalypse.md)
   * [Obsolete](machines/obsolete/README.md)
     * [Arcturus](machines/obsolete/arcturus.md)
     * [Chuku](machines/obsolete/chuku.md)
@@ -211,4 +218,3 @@
 * [Policies](policies/README.md)
   * [Data Release Policy](policies/data-release-policy.md)
   * [Upgrade Policy](policies/upgrade-policy.md)
-

machines/history/2017-vm-disaster.md

@@ -0,0 +1,8 @@
+# 2017 VM Distaster
+
+## What Happened
+We ran too much on VMs, so when we rebooted a VM server to update it the entire lab went down. Specifically, NS1 was the main point of failure.
+
+## What resulted
+* NS1 is on a physical machine
+* We use IPs instead of hostnames in QEMU configs

machines/history/2018-cephpocalypse.md

@@ -0,0 +1,29 @@
+# 2018 Cephpocalypse
+
+The **Cephpocalypse** (hah, I've officially named it now, no one can stop me~) was an event occurring in the fall of the 2018-2019 school year, when the Ceph servers, then our main point of failure, went completely offline. This incident demonstrated the capability of the Sysadmin team and prompted us to start thinking about ways to remove that one point of failure (say, through a backup system).
+
+The purpose of this document is to record our mistakes and remedial actions so that future generations may learn from them
+
+## Conditions
+
+## Cause
+
+## Reaction
+
+### From Sysadmins
+
+### From other Students
+
+### From Administration
+
+## Remedial Actions
+
+### Trying to fix Ceph
+
+### Un-cephing everything
+
+### Moving things back to new Ceph
+
+## What we learned
+
+## Results

machines/other/README.md

@@ -0,0 +1,3 @@
+# Other Machines
+
+This category is for machines that don't cleanly fall in another category. Often unused.

machines/other/asm.md

@@ -0,0 +1,25 @@
+# ASM
+
+**ASM** is a machine residing in the CSL pit, right outside the machine room. It is currently being used by 2019jduvall to conduct senior research. Older brother of [Duke](duke.md)
+
+## Technical specifications
+
+| Field | Value |
+| :---- | :---- |
+| **Server Type** | It's a desktop, not a server dummy |
+| **CPU** | enough |
+| **RAM** | 16 GB  (not enough) |
+| **GPU** | 2x NVIDIA GeForce TITAN |
+| **Hard Disks** | 1TB Samsung 860 EVO (+ an unused 1TB HDD from some company or other) |
+| **OS** | Arch Linux 😎 |
+
+## History
+
+ASM was originally part of the i7 cluster, made up of other machines named after other programming languages. At the beginning of the 2017-2018 school year, ASM was repurposed by 2017wzhang to be his personal workstation (at school). By the end of the 2017-2018, only ASM remained in the CSL as all the other gutted motherboards of the i7 cluster had been taken home by other sysadmins.
+
+During the [Cephpocalypse](../history/2018-cephpocalypse.md), ASM was used as a place to put exported Ceph images, largely due to its fast (~10MB/s) uplink, ease of logging in as root, and large hard drive size. People were outraged when 2019jduvall accidentally cut ssh access to it in the middle of the crisis (I'm sorry, ok?).
+
+## Trivia
+* ASM is currently the only computer in the CSL running Arch Linux (besides 2019jduvall's and 2019djones' and 2019ahayden's personal laptops)
+* Despite having two GPUs, the pioneer workstations can occasionally outperform it simply due to having newer GPUs
+* It is completely and utterly wrong to write ASM's name in lowercase text

machines/other/auckland.md

@@ -0,0 +1,20 @@
+# Auckland
+
+**Auckland** is a physical machine residing in the CSL Machine Room. It currently does nothing.
+
+## Technical Specifications
+
+| Field | Value |
+| :---- | :---- |
+| **Server Type** | HP Proliant DL380 G6 |
+| **CPU** | 2x Intel Xeon E5540 Hexa-Core @ 2.53 GHz |
+| **RAM** | 24 GB |
+| **Hard Disks** | 2x 146GB 2.5in 15K SAS, RAID 1 |
+| **OS** | Ubuntu |
+| **Purchase Date** | Unknown |
+
+## History
+
+Auckland was previously named Gandalf and was one of three servers running VMware ESXi used to host JCIRN (CTRL+F on <https://washingtonexec.com/2013/01/dr-glazer-principal-of-thomas-jefferson-high-school-for-science-and-technology-kicks-off-washingtonexec-stem-council-discusses-building-tomorrows-leaders/>). JCIRN was abandoned after Dr. Glazer left TJ at the end of the 2016-2017 school year.
+
+In 2017-2018, Gandalf was used to run the official TJHSST Othello Tournament.

machines/other/cayman.md

@@ -0,0 +1,18 @@
+# Cayman
+
+**Cayman** is a physical machine residing in the CSL Machine Room. It currently does nothing.
+
+## Technical Specifications
+
+| Field | Value |
+| :---- | :---- |
+| **Server Type** | HP Proliant DL380 G6 |
+| **CPU** | 2x Intel Xeon E5540 Hexa-Core @ 2.53 GHz |
+| **RAM** | 24 GB |
+| **Hard Disks** | 2x 146GB 2.5in 15K SAS, RAID 1 |
+| **OS** | Ubuntu |
+| **Purchase Date** | Unknown |
+
+## History
+
+Cayman was previously named Saruman and was one of three servers running VMware ESXi used to host JCIRN (CTRL+F on <https://washingtonexec.com/2013/01/dr-glazer-principal-of-thomas-jefferson-high-school-for-science-and-technology-kicks-off-washingtonexec-stem-council-discusses-building-tomorrows-leaders/>). JCIRN was abandoned after Dr. Glazer left TJ at the end of the 2016-2017 school year.

machines/other/duke.md

@@ -0,0 +1,26 @@
+# Duke
+
+**Duke** is a custom workstation residing in Room 202. It's primary purpose is to be a high-performance workstation for senior research.
+
+## Technical specifications
+
+| Field | Value |
+| :---- | :---- |
+| **Server Type** | It's a workstation |
+| **CPU** | AMD Ryzen 7 1700 Eight-Core Processor |
+| **RAM** | 16 GB |
+| **GPU** | 2x NVIDIA GeForce 1080 Ti |
+| **Hard Disks** | It has one |
+| **OS** | Ubuntu |
+
+## Software specifications
+
+| Software | Version |
+| :------- | :------ |
+| **NVIDIA Drivers** | 410.66 |
+| **CUDA** | 9.1 |
+| **Tensorflow** | 1.11.0 |
+
+## Notes
+
+If you are interested in using Duke, please contact Mr. White.

machines/other/pitcairn.md

@@ -0,0 +1,18 @@
+# Pitcairn
+
+**Pitcairn** is a physical machine residing in the CSL Machine room. It currently acts as ns1, our main [DNS] and [DHCP] server.
+
+## Technical Specifications
+
+| Field | Value |
+| :---- | :---- |
+| **Server Type** | HP Proliant DL380 G6 |
+| **CPU** | 2x Intel Xeon E5540 Hexa-Core @ 2.93 GHz |
+| **RAM** | 24 GB |
+| **Hard Disks** | 2x 146GB 2.5in 15K SAS, RAID 1 |
+| **OS** | Ubuntu |
+| **Purchase Date** | Unknown |
+
+## History
+
+Pitcairn was previously named Sauron and was one of three servers running VMware ESXi used to host JCIRN (CTRL+F on <https://washingtonexec.com/2013/01/dr-glazer-principal-of-thomas-jefferson-high-school-for-science-and-technology-kicks-off-washingtonexec-stem-council-discusses-building-tomorrows-leaders/>). JCIRN was abandoned after Dr. Glazer left TJ at the end of the 2016-2017 school year.

technologies/authentication/nss.md

@@ -1,4 +1,126 @@
 # DNS
 
+DNS (Domain Name System) is a system for resolving domain names to IP addresses, Kerberos Realms, and other information. It is currently used in the Computer Systems Lab to provide forward and reverse name resolution as well as location of Kerberos and AFS realms.
 
+## Structure
 
+DNS is structured as a hierarchical tree. At the root of the tree is a DNS Zone called . or the root zone. The root zone is managed by thirteen nameservers (creatively called a-m.root-servers.net) about half of which are anycasted to locations around the world.
+
+While they form the root of DNS; the root nameservers don't actually know how to answer a query for say www.tjhsst.edu (198.38.16.47). Rather, they know where to go to find the answer. In the case of www.tjhsst.edu, the answer is to go to the EDUCAUSE nameservers which manage the .edu TLD (Top-Level Domain). The .edu nameservers in turn, still don't know the answer, but they know where the answer is, in this case, with [ns1] and [ns2] which are the Authoritative nameservers for the tjhsst.edu domain. Finally, either ns1 or ns2 will tell you that www.tjhsst.edu has the IP 198.38.16.47 (assuming that is the information you were asking for).
+
+### Recursive vs Authoritative Nameservers
+
+There are two types of nameservers that are generally involved in DNS. A single DNS Server can have one or both of these roles although it is considered best practice to separate them for security.
+
+An authoritative nameserver has a database of some type which contains the records for a domain. In general, a domain will have one master nameserver on which the database is updated manually, and one or more slave nameservers which automatically transfer changes from the master.
+
+A recursive nameserver has no knowledge or records of its own, but rather, resolves records for other systems and then caches the response so that it can respond to other queries about the same record without rerunning the lookup sequence outlined above. The amount of time records are cached is controlled by the TTL (Time To Live) which is specified by the Authoritative nameserver for the zone. A higher TTL places less load on the Authoritative nameservers but also means changes take longer to propagate. It is considered good practice to lower the TTL for a domain to around 5 minutes before making major changes to minimize the amount of time a mistake would be cached.
+
+## CSL Layout
+
+Both recursive and authoritative DNS for tjhsst.edu are currently provided by [ns1] and [ns2]. ns1 should always be a physical machine (we learned that the hard way), ns2 can be a VM. The both run ISC BIND (Berkeley Internet Name Daemon), sometimes called `named` which is the name of the daemon. See [DNS/Configuration](configuration.md) for details on the configuration layout and how to make changes.
+
+## Record Types
+
+There are a number of different record types for the various types of information that can be stored in DNS.
+
+### A
+
+One of if not the most common record type, an A record simply maps a domain name to an IP address.
+
+```
+www.tjhsst.edu.    IN    A    198.38.16.47
+```
+
+One domain name can have more than one A record in which case most DNS servers will alternate which IP address they return. This is called a round-robin and is frequently used for load-balancing.
+
+```
+mail.tjhsst.edu.    IN    A    198.38.16.130
+mail.tjhsst.edu.    IN    A    198.38.16.131
+```
+
+### AAAA
+
+An AAAA record is almost identical to an A record except that it is used for IPv6 addresses instead.
+
+```
+www.tjhsst.edu.    IN    AAAA    2001:468:cc0:1600:0:c6ff:fe26:102f
+```
+
+### PTR
+
+A PTR record functions in the reverse direction to an A record; it is used to map an IPv4 or IPv6 address back to a domain name. PTR records use a special domain (in-addr.arpa for IPv4 and ip6.arpa for IPv6) which is preceeded by the reversed IP address.
+
+```
+47.16.38.198.in-addr.arpa.    IN    PTR    www.tjhsst.edu.
+f.2.0.1.6.2.e.f.f.f.6.c.0.0.0.0.0.0.6.1.0.c.c.0.8.6.4.0.1.0.0.2.ip6.arpa.    IN    PTR    www.tjhsst.edu.
+```
+
+### CNAME
+
+A CNAME (Canonical Name) is used to alias one domain record to another. This is frequently used together with apache name-based virtual hosting. IMPORTANT NOTE - unlike many other record types which can share the same record (for example, tjhsst.edu has A, MX, NS, and SOA records), CNAMEs cannot share a record with any other record type and will override any other record defined. This is why tjhsst.edu has an A record for www's IP instead of being CNAME'd to www.
+
+```
+webmail.tjhsst.edu.    IN    CNAME    www.tjhsst.edu.
+```
+
+### NS
+
+An NS (NameServer) record is used to delegate control of a subdomain to another nameserver or nameservers.
+
+```
+tjhsst.edu.    IN    NS    ns1.tjhsst.edu.
+tjhsst.edu.    IN    NS    ns2.tjhsst.edu.
+```
+
+### MX
+
+An MX record is used to tell sending mailservers where they can find the mailservers for a particular domain. Without MX records, the default assumption is to send mail to the same address as the domain which is frequently not wanted. MX Records contain both a domain name and a priority which can be used to setup a backup mailserver while still ensuring that mail is delivered to the main server if it is up. Mail Servers with equal priority are rotated similar to A record round-robins.
+
+```
+tjhsst.edu.    IN    MX    10 casey.tjhsst.edu.
+tjhsst.edu.    IN    MX    10 smith.tjhsst.edu.
+tjhsst.edu.    IN    MX    20 ananke.tjhsst.edu.
+```
+
+### SRV
+
+SRV (Service) records are used to map domain names to the servers and ports which provide a service under that domain name. Microsoft Active Directory for example, uses SRV records heavily to allow clients to locate the various Domain Services. In the CSL, we use SRV records to help systems locate our Kerberos services. Notice that these records do not have the IN (Internet) type.
+
+```
+_kerberos._tcp.csl.tjhsst.edu.        SRV 0 0 88 kdc1.tjhsst.edu.
+_kerberos._tcp.csl.tjhsst.edu.        SRV 0 0 88 kdc2.tjhsst.edu.
+```
+
+### AFSDB
+
+AFSDB records function similar to SRV records specifically for AFS.
+
+```
+csl.tjhsst.edu.    IN    AFSDB    1 openafs1.csl.tjhsst.edu.
+csl.tjhsst.edu.    IN    AFSDB    1 openafs4.csl.tjhsst.edu.
+csl.tjhsst.edu.    IN    AFSDB    1 haafs2.csl.tjhsst.edu.
+```
+
+### TXT
+
+TXT records are simply used to store text. These are frequently used to test new record ideas before an official record type is created. For example, many SFP records are still provided as TXT records.
+
+```
+_kerberos.csl.tjhsst.edu.             TXT "CSL.TJHSST.EDU"
+```
+
+```
+tjhsst.edu.    IN    TXT    "v=spf1 mx ~all"
+```
+
+### SOA
+
+The SOA record for a domain provides administrative information for the domain. These include the serial number (used to help slave nameservers know when to update from the master), the default record TTL and expiration time, and the master nameserver address and domain administrator email address.
+
+```
+tjhsst.edu.             86400   IN      SOA     ns1.tjhsst.edu. hostmaster.tjhsst.edu. 2013092500 3600 600 1209600 86400
+```
+
+[ns1]: ../../../machines/other/pitcairn.md
+[ns2]: ../../../machines/vm-servers/galapagos.md

technologies/networking/dns/README.md

@@ -0,0 +1,58 @@
+# DNS Configuration
+
+## Getting DNS Configuration
+
+The DNS configuration is stored in git and can be found on [gitlab]. For access to the repository ask any DNS admin. You will then want to fork the repository and clone it to your home directory.
+
+## Configuration Layout
+
+* db/ - contains standard Nameserver zone files
+  * db/localhost - the zone file for the localhost zone
+  * db/0.0.127.in-addr.arpa - the zone file for the 127.0.0.0/8 subnet
+* named.ca - bootstraps the nameserver with the addresses of the root nameservers
+* named.conf - the main named configuration file
+* tjhsst/ - tjhsst forward and reverse zone files
+* tjhsst.conf - included by named.conf; configuration for TJ zones
+* tjpartnershipfund/ - zone information for the TJ partnership fund domains
+* tjpartnershipfund.conf - included by named.conf; configuration for PF zones
+
+## Editing Configuration
+
+In tjhsst/ is where most changes will be made. The file named tjhsst.edu contains most of the forward records, A,AAAA,CNAME,TXT,SRV,AFSDB, etc. An example entry looks like this:
+
+```
+galapagos.csl                  IN      A       198.38.17.45
+                               IN      AAAA    2001:468:cc0:1600:226:55ff:fe2c:2336
+galapagos                      IN      CNAME   galapagos.csl
+```
+
+You will also then need to update the PTR records for those IPs. They are stored in files in tjhsst/revpub/ by netblock (/24 for an IPv4 PTR and /64 for an IPv6 PTR). So for galapagos, you would want to edit 17.38.198.in-addr.arpa and 1600.cc0.468.2001.ip6.arpa. IMPORTANT - do not forget the . at the end of the server's FQDN. Without this, BIND will automatically append the zone name to the end of the name given.
+
+**17.38.198.in-addr.arpa**
+
+```
+42    IN    PTR    galapagos.csl.tjhsst.edu.
+```
+
+**1600.cc0.468.2001.ip6.arpa**
+
+```
+6.3.3.2.c.2.e.f.f.f.5.5.6.2.2.0 IN    PTR    galapagos.csl.tjhsst.edu.
+```
+
+## Committing Changes
+
+Commit the file locally with git commit -a (commits all changes to files already in the index). Enter a useful commit message. If you are making many changes, consider making a series of commits. The best type of commit message starts with a short string representing what it is you changed followed by a colon, then a short description of what you've done to it. Example:
+
+```
+shodan: make CNAME shodan -> shodan.csl
+```
+
+Finally, you need to push your changes back to gitlab and make a merge request. One of the DNS admins will then review your changes and push them to the nameserver.
+
+## Merging People's Changes to the Server
+
+If everything checks out, you can merge the changes and push to gitlab. The gitlab hook should automatically check your changes and tell [ns1] to update . See `/root/update_ns1.sh` on ns1 for more details.
+
+[ns1]: ../../../machines/other/pitcairn.md
+[ns2]: ../../../machines/vm-servers/galapagos.md