Systems - Sun4
Basics
Purpose
Sun4 is a host machine that runs OpenSuSE 11 and a number of Xen virtual servers.
Physical Location
This system is located in rack 3.7 in BIT-2B.
Physical Configuration
See SystemAdministration/EquipmentList
Logical location
- IP: 172.28.50.14 sun4.intra.cacert.org
Applicable Documentation
This is it
Administration
System Admin:
- Dirk Astrath
Services
Listening services
port
service
access origin
purpose
22
SSH
SSH access for remote administration
To be completed.
Running services
Service
Started from
cron
/etc/init.d/cron
syslog-ng
/etc/init.d/syslog-ng
ssh
/etc/init.d/ssh
ntp
/etc/init.d/ntp
To be completed.
Other services
To be completed.
Connected Systems
Outbound network connections
- Uses DNS resolver at 172.28.50.1
- NTP to tt0.ripe.net.
- Firewall rules /etc/firewall.sh
Security
Non-distribution packages and modifications
Risk assessments on critical packages
Tasks
Xen server navigation
- list Xen servers - sudo xm list
- grab Xen server console - sudo xm console {machine}
where are the Xen server configurations
- less /etc/xen/vm/*
building Xen servers
- to be supplied
Critical Configuration items
== Start ==
After a statrt of this server it's not possible to enter the crypto-password for the harddisk using the ILOM/ELOM-textconsole.
To enter this password, you need to use the "Remote Console", which can be started using Admin-Web-Environment.
Unfortunately this web-environment is not working with recent browsers and java implementations.
In detail:
- Install Firefox 40 ... as this still works with the old cipher suites ILOM/ELOM-web-interface is able to present.
- Install JRE 1.7.0_80 ... as this still works with the old cipher suites ILOM/ELOM-web-interface is able to present.
- This Java-Installation needs to 32 bit ... as the Remote Console is able to use 32 bit only
- Don't forget to install necessary libs in your Linux-set for 32 bit (or use a 32 bit distribution)
- Forwarding the SSL-Port of ILOM/ELOM-web-interface to "other" ports will not work
- Use an english keyboard to enter the crypto-password
If the environment is set up, login via Firefox, start Remote Console and open the *.jnlp-file using /bin/javaws.
== Firewall ==
- /etc/firewall.sh - Firewall configuration
To be completed.
Changes
Planned