2020-07-19 Sunday 7:00PM, Timothy

Sysadmin

1 Servers

  • motsugo
  • mooneye
  • molmol
  • murasoi
  • medico
  • maltair
  • loveday
  • magikarp
  • mudkip
  • chubsucker
  • cichlid
  • corvo
  • corydoras
  • cobra
  • christmas
  • catfish
  • napoli
  • clownfish
  • pinball
  • porcupine
hosts-fullPython
# 
return [f"{h[0]}.ucc.asn.au" for h in hosts]
  • motsugo.ucc.asn.au
  • mooneye.ucc.asn.au
  • molmol.ucc.asn.au
  • murasoi.ucc.asn.au
  • medico.ucc.asn.au
  • maltair.ucc.asn.au
  • loveday.ucc.asn.au
  • magikarp.ucc.asn.au
  • mudkip.ucc.asn.au
shell
# 
cat /etc/*-release | sed 's/=/\t/g'
#
PRETTYNAME Debian GNU/Linux 9 (stretch)
NAME Debian GNU/Linux
VERSIONID 9
VERSION 9 (stretch)
ID debian
HOMEURL https://www.debian.org/
SUPPORTURL https://www.debian.org/support
BUGREPORTURL https://bugs.debian.org/
check-upshell
# 
for host in $hosts; do
ping -c 1 $host | grep bytes
done
#
PING motsugo.ucc.asn.au (130.95.13.7): 56 data bytes    
64 bytes from 130.95.13.7: icmpseq=0 ttl=252 time=14.367 ms
PING mooneye.ucc.asn.au (130.95.13.9): 56 data bytes    
64 bytes from 130.95.13.9: icmpseq=0 ttl=252 time=12.880 ms
PING molmol.ucc.asn.au (130.95.13.5): 56 data bytes    
64 bytes from 130.95.13.5: icmpseq=0 ttl=252 time=13.536 ms
PING murasoi.ucc.asn.au (130.95.13.1): 56 data bytes    
64 bytes from 130.95.13.1: icmpseq=0 ttl=252 time=13.861 ms
PING medico.ucc.asn.au (130.95.13.22): 56 data bytes    
64 bytes from 130.95.13.22: icmpseq=0 ttl=252 time=12.153 ms
PING maltair.ucc.asn.au (130.95.13.32): 56 data bytes    
64 bytes from 130.95.13.32: icmpseq=0 ttl=252 time=12.733 ms
PING loveday.ucc.asn.au (130.95.13.33): 56 data bytes    
64 bytes from 130.95.13.33: icmpseq=0 ttl=252 time=12.824 ms
PING magikarp.ucc.asn.au (130.95.13.47): 56 data bytes    
64 bytes from 130.95.13.47: icmpseq=0 ttl=252 time=12.597 ms
PING mudkip.ucc.asn.au (130.95.13.46): 56 data bytes    
64 bytes from 130.95.13.46: icmpseq=0 ttl=252 time=12.332 ms
#
Service Machine
User Shells Motsugo, Mussel, Meersau, Musdea (FreeBSD), Maaxen (Win), Gothamburg (Mac)
DNS Mooneye
Files Motsugo (/home), Molmol (/away, /space, /services, /mp3s, /vmstore)
AD Samson
LDAP Mussel
Routing Murasoi
Web Mussel (core pages, planet), Mooneye (wiki, webcams)

2 Networking

Router configuration (i.e. firewall) is described by this file on murasoi.

Wheel-keys are managed by push.sh.

3 User services

3.1 Password reset

Run Process

Emacs Lisp
# 
(setq ucc-sysadmin/pw-reset-requester-username (ivy-read "User who requested reset: " ucc-sysadmin/users))
(setq ucc-sysadmin/pw-reset-requester-new-pw (read-string "New password: "))
(gui-select-text (format "Hi %s, your new password is `%s`. Please change it immediately by logging into on one of UCC's servers :) (to do this you can `ssh %[email protected]` in a terminal)"
                         ucc-sysadmin/pw-reset-requester-username
                         ucc-sysadmin/pw-reset-requester-new-pw
                         ucc-sysadmin/pw-reset-requester-username))
(print "Done. Message copied to clipboard")
# 
Done. Message copied to clipboard
shell
# 
echo "Changing $theuser's password at $(date --iso-8601=minutes)"
samba-tool user setpassword $theuser --newpassword=$thepassword --must-change-at-next-login
# 
Changing seph's password at 2020-05-13T13:57+08:00
Changed password OK

4 VM Creation

Run Process

4.1 Collect info

all-usersshell
# 
samba-tool group listmembers gumby
get-all-usersEmacs Lisp
# 
(setq ucc-sysadmin/users (split-string users "\n"))
;; (delete "Administrator" ucc-sysadmin/users)
(format "Total users: %s" (length ucc-sysadmin/users))
# 
Total users: 1339
Emacs Lisp
# 
(setq ucc-sysadmin/vm-requester-username (ivy-read "User who requested VM: " ucc-sysadmin/users))
(setq ucc-sysadmin/vm-name (ivy-read (format "VM name: %s-" ucc-sysadmin/vm-requester-username) '()))
(setq ucc-sysadmin/vm-comment (ivy-read "VM comment: " '()))
(setq ucc-sysadmin/vm-lifetime (ivy-read "What is the expected lifetime of this VM: " '("long term" "next few weeks" "new few months" "not for a while")))
(setq ucc-sysadmin/vm-memory (ivy-read "VM memory (MiB): " '("512" "1024" "2048" "4086") :def "2048"))
(setq ucc-sysadmin/vm-cores (ivy-read "VM processes: " '("1" "2" "3" "4") :def "2"))
(setq ucc-sysadmin/vm-disksize (ivy-read "VM disk size: " '("10" "20" "40" "50" "80") :def "20"))
(setq ucc-sysadmin/vm-vmhost (ivy-read "VM host: " '("medico" "maltair" "loveday" "magikarp" "mudkip")))
vmuser-infoshell
# 
tla $theuser | sed 's/: /\t/g'
#
TLA [TEC]
Name Timothy Chapman
Login tec
me-usershell
# 
tla $USER | sed 's/: /\t/g'
#
TLA [TEC]
Name Timothy Chapman
Login tec

4.2 Make VM

4.2.1 Get new VM id & description

next-avalible-vm-idshell
# 
pvesh get /cluster/nextid
# 
165
Emacs Lisp
# 
(setq ucc-sysadmin/vm-id vmid)
# 
165

4.2.2 Network configuration

ucc-machines-contentshell
# 
cat /etc/bind/domains/primary/ucc.machines
avalible-vm-IPsPython
# 
import re
bindconfig = re.sub(r'\s*#.*', '', bindconfig)
bindlines = bindconfig.split('\n')
bindlines = list(filter(lambda l: re.search(r'\s*A: \d+$', l), bindlines))
boundips = [int(re.sub('\s*A: ', '', l)) for l in bindlines]
avalible = [i for i in range(128,193) if i not in boundips]
return avalible
#
128 149 153 154 155 159 160 161 162 163 164 165 166 167 169 170 176 178 179 180 181 182 183 184 189
Emacs Lisp
# 
(setq ucc-sysadmin/vm-ip vmip)
# 
128
generate-vm-bindshell
# 
echo "[$vmname.$vmuser.ucc.com.]
A: $vmip
AAAA: 102::$vmip
HINFO: \"VM on $vmhost\" \"$vmcomment\"
addDomain: no
zones: ucrev 6rev"

[blah.tec.ucc.com.] A: 128 AAAA: 102::128 HINFO: “VM on medico” “” addDomain: no zones: ucrev 6rev

[endpoint.mtearle.ucc.com.] A: 128 AAAA: 102::128 HINFO: “VM on maltair” “Test VM” addDomain: no zones: ucrev 6rev

4.2.3 Generate description

vm-descriptionEmacs Lisp
# 
(setq ucc-sysadmin/vm-description (concat (format "Created on %s for %s by %s %s" (format-time-string "%Y-%m-%d") vmuser-tla myself myself-tla)
        (format "\nOwner: %s <%[email protected]>" vmuser-fullname vmuser)
        (format "\nIP: 130.95.13.%s" ucc-sysadmin/vm-ip)
        "\n\n" vmcomment (if (equal ucc-sysadmin/vm-lifetime "") "" (format "\nLifetime: %s" ucc-sysadmin/vm-lifetime))))
# 
Created on 2020-04-21 for [TEC] by Timothy Chapman [TEC]
Owner: Timothy Chapman <[email protected]>
IP: 130.95.13.128


Lifetime: next few weeks

4.2.4 Create VM

Emacs Lisp
# 
(setq ucc-sysadmin/vm-confirm (counsel--yes-or-no-p (format "VM on %s for %s with name %s
With %s cores, %s MiB memory and %sGB storage.
Assigned IP: 130.95.13.%s

%s

Does this look alright?" ucc-sysadmin/vm-vmhost ucc-sysadmin/vm-requester-username
ucc-sysadmin/vm-name ucc-sysadmin/vm-cores ucc-sysadmin/vm-memory ucc-sysadmin/vm-disksize
ucc-sysadmin/vm-ip ucc-sysadmin/vm-comment)))
shell
# 
qm create $vmid --memory $vmmemory --net0 virtio,bridge=vmbr0,tag=4 --ostype l26 --description "$vmdescription" --virtio0 "vmstore-ssd_vm:$vmdisksize" --onboot yes --sockets 1 --cores $vmcores --pool Member-VMs --name "$vmuser-$vmname"
qm status $vmid -verbose

0

4.2.5 Apply network config, and do/the rest of the thingsTM

sort-bind-configPython
# 
import re
configitems = {}
configlines = config.split("\n")

marker = 0
seenIp = ""
for i in range(len(configlines)):
    line = configlines[i]
    # if start of bind block
    if re.search("^\[.+\]", line) or i is len(configlines) - 1:
        commentabove = bool(re.search(r"\s*#", configlines[i - 1]))
        if marker > 0:
            configitems[seenIp] = "\n".join(configlines[marker:i - commentabove]).strip()
        # if not encoutering first block and line before is comment, grab that
        if i > 0 and commentabove:
            marker = i - 1
        else:
            marker = i
        seenIp = ""
    elif re.search("^A: [\d\.]+", line):
        seenIp = "{:0>4}".format(line.replace("A: ", ""))  # 0-pad for sorting
for k,v in sorted(configitems.items()):
    print(k,v,end='\n\n')
4.2.5.1 TODO the stuff here doesn’t seem to work
combined-bindfundamental
# 
<<ucc-machines-content>>
<<generate-vm-bind>>
fundamental
# 
<<sort-bind-config(combined-bind)>>

Author: Timothy

Created: 2020-07-19 Sun 19:00