Difference between revisions of "Network Team"
(→Services) |
(Use https for rudder repo) |
||
| (28 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | The network team is an informal team that takes care of the network infrastructure in TechInc. | |
| + | |||
| + | If you want to do something related to the network infrastructure (fix something, add a new service, want to help maintain...), either reach a member directly, or send an email to network@ (might not be up to date). | ||
| + | |||
| + | Board infrastructure is handled separately, as it includes members PII and other sensitive information that should only be accessible to board and board-appointed board helpers. | ||
| + | |||
| + | == Members == | ||
| + | |||
| + | While there isn't a formal structure, those members have some access and knowledge about the infra: | ||
| + | |||
| + | * Frogeye (inherited most of the access from pre-2024 network team) | ||
| + | * Grey | ||
| + | * Thijs | ||
| + | * xbr | ||
| + | |||
| + | Those people have been designated as trusted by Frogeye and also have an access to the systems to increase the bus factor: | ||
| + | |||
| + | * mrCyborg | ||
| + | * tams | ||
| + | |||
| + | == Inventory == | ||
| + | |||
| + | Not in a single place unfortunately, but those are a good start: | ||
| + | |||
| + | * Physical rack hardware: https://netbox.techinc.nl/ | ||
| + | * VMs: See descriptions on proxmox cluster (https://longhorn.ti:8006/) | ||
| + | * Managed others: Rudder might have some extra hardware: http://rudder.ti | ||
| + | * Unmanaged others: Unifi should discover everything, but also a lot of user devices: http://unifi.ti | ||
| + | |||
| + | == Agent == | ||
| + | |||
| + | If you create a VM / physical machine that is for members to use, we ask you to make it available to the network team. | ||
| + | That way, should you not be available, we can fix problems too. | ||
| + | To ensure the current network team has access to the machine, (also check we have a minimum of security good practices, maybe more too) we use Rudder (http://rudder.ti). | ||
| + | To connect your machine to it, please run: | ||
| + | |||
| + | wget --quiet -O /etc/apt/trusted.gpg.d/rudder_apt_key.gpg "https://repository.rudder.io/apt/rudder_apt_key.gpg" | ||
| + | apt install lsb-release -y | ||
| + | echo "deb [arch=$(dpkg --print-architecture)] https://repository.rudder.io/apt/latest/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list | ||
| + | apt update | ||
| + | apt install rudder-agent -y | ||
| + | rudder agent policy-server 10.209.60.232 | ||
| + | rudder agent inventory | ||
| + | |||
| + | And ping the network team so we can add it. | ||
| + | |||
| + | == OLD DOCUMENTATION BELOW == | ||
| + | |||
| + | This was outdated in 2022, and in 2024 it still is. | ||
| + | Still, let's not remove it until we makde sure the documentation has been re-hosted somewhere useful. | ||
== Documentation == | == Documentation == | ||
| + | Below is the list of pages that are handy for the Network team and space members. | ||
| − | *[[ | + | *[[Server Cabinet]] |
*[[Space IP List]] | *[[Space IP List]] | ||
*[[TI Certificate Authority]] | *[[TI Certificate Authority]] | ||
| − | *Services Page Template | + | *[[TI Password Database]] |
| + | *[[Service Diagrams Templates]] | ||
| + | *[[Services Page Template]] | ||
| + | *[[Resource Request Form]] | ||
| + | *[[Host SNMP Configuration]] | ||
| + | *[[Downloads]] | ||
== Services == | == Services == | ||
| Line 15: | Line 70: | ||
! Service !! Description !! Maintainer !! Running Host | ! Service !! Description !! Maintainer !! Running Host | ||
|-|- | |-|- | ||
| − | | [[monitoring.ti]] || Infra Monitoring system. || N/A || | + | | [[monitoring.ti]] || Infra Monitoring system. || N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | | [[ampache.ti]] || Music streaming server. || N/A || | + | | [[ampache.ti]] || Music streaming server. || N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | | [[backup.ti]] || Backup management and backup system. || N/A || | + | | [[backup.ti]] || Backup management and backup system. || N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | |[[cloud.ti]] || Dedicated Owncloud Server|| N/A || | + | |[[cloud.ti]] || Dedicated Owncloud Server|| N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | | [[ldap.ti]] || User authentication and accounting server. || N/A || | + | | [[ldap.ti]] || User authentication and accounting server. || N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | | [[ | + | | [[mqtt.ti]] || [[MQTT]] broker accessible in the space || [[User:Chotee|Chotee]] || [[Ledslie]] |
|-|- | |-|- | ||
| − | | [[ | + | | [[quessel.ti]] || Shared IRC Client Server for dedicated IRC Clients || N/A || [[hv1.ti]] |
|-|- | |-|- | ||
| − | | [[ | + | | [[vpn.ti]] || VPN server || || |
|-|- | |-|- | ||
| − | | [[router.ti]] || The spaces primary gateway to the internet. || N/A || | + | | [[srv1.ti]] || Shared Webserver running ISPConfig for members who want to run a website. || N/A || [[hv1.ti]] |
| + | |-|- | ||
| + | | [[techinc.nl]] || Dedicated machine for wiki.techinc.nl and techinc.nl + mailing lists.|| N/A || [[hv1.ti]] | ||
| + | |-|- | ||
| + | | [[router.ti]] || The spaces primary gateway to the internet. || N/A || [[router.ti]] | ||
| + | |-|- | ||
| + | | [[sip.ti]] || The spaces primary PBX. || N/A || [[hv1.ti]] | ||
|} | |} | ||
| Line 37: | Line 98: | ||
This is an initial setup, by Mattronix on 19-11-2014 | This is an initial setup, by Mattronix on 19-11-2014 | ||
| + | Internal Links Only!!!! | ||
| + | |||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
| Line 55: | Line 118: | ||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
| − | ! Member !! Member Maintains | + | ! Member !! Member Maintains !! Available for members technical issues. |
|- | |- | ||
| − | | [[User:Mattronix|Mattronix]] || Storage,Backups,Network,Hyper-Visors | + | | [[User:Mattronix|Mattronix]] || Storage,Backups,Network,Hyper-Visors,[[TI Password Database]] || yes |
| − | |||
| − | |||
|-|- | |-|- | ||
| − | | [[User: | + | | [[User:Piele|Piele]] || Network,Hyper-Visors,[[TI Certificate Authority]] || yes |
|-|- | |-|- | ||
| − | | [[User: | + | | [[User:Wizzup|Wizzup]] || ampache.ti || no |
|-|- | |-|- | ||
| − | | [[User: | + | | [[User:Tg|tg]] || N/A || yes |
|-|- | |-|- | ||
| − | | [[User: | + | | [[User:Arda Xi|Arda Xi]] || boot.ti || no |
|-|- | |-|- | ||
| − | | [[User: | + | | [[User:Webmind|Webmind]] || N/A || no |
|-|- | |-|- | ||
| − | | [[User:nathan7|nathan7]] || N/A | + | | [[User:nathan7|nathan7]] || N/A || no |
|-|- | |-|- | ||
| − | | [[User:Muse|Muse]] || LTSP | + | | [[User:Muse|Muse]] || LTSP || yes |
|} | |} | ||
Latest revision as of 16:45, 16 November 2024
The network team is an informal team that takes care of the network infrastructure in TechInc.
If you want to do something related to the network infrastructure (fix something, add a new service, want to help maintain...), either reach a member directly, or send an email to network@ (might not be up to date).
Board infrastructure is handled separately, as it includes members PII and other sensitive information that should only be accessible to board and board-appointed board helpers.
Contents
Members
While there isn't a formal structure, those members have some access and knowledge about the infra:
- Frogeye (inherited most of the access from pre-2024 network team)
- Grey
- Thijs
- xbr
Those people have been designated as trusted by Frogeye and also have an access to the systems to increase the bus factor:
- mrCyborg
- tams
Inventory
Not in a single place unfortunately, but those are a good start:
- Physical rack hardware: https://netbox.techinc.nl/
- VMs: See descriptions on proxmox cluster (https://longhorn.ti:8006/)
- Managed others: Rudder might have some extra hardware: http://rudder.ti
- Unmanaged others: Unifi should discover everything, but also a lot of user devices: http://unifi.ti
Agent
If you create a VM / physical machine that is for members to use, we ask you to make it available to the network team. That way, should you not be available, we can fix problems too. To ensure the current network team has access to the machine, (also check we have a minimum of security good practices, maybe more too) we use Rudder (http://rudder.ti). To connect your machine to it, please run:
wget --quiet -O /etc/apt/trusted.gpg.d/rudder_apt_key.gpg "https://repository.rudder.io/apt/rudder_apt_key.gpg" apt install lsb-release -y echo "deb [arch=$(dpkg --print-architecture)] https://repository.rudder.io/apt/latest/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list apt update apt install rudder-agent -y rudder agent policy-server 10.209.60.232 rudder agent inventory
And ping the network team so we can add it.
OLD DOCUMENTATION BELOW
This was outdated in 2022, and in 2024 it still is. Still, let's not remove it until we makde sure the documentation has been re-hosted somewhere useful.
Documentation
Below is the list of pages that are handy for the Network team and space members.
- Server Cabinet
- Space IP List
- TI Certificate Authority
- TI Password Database
- Service Diagrams Templates
- Services Page Template
- Resource Request Form
- Host SNMP Configuration
- Downloads
Services
This is an initial setup, by Mattronix on 19-11-2014
| Service | Description | Maintainer | Running Host |
|---|---|---|---|
| monitoring.ti | Infra Monitoring system. | N/A | hv1.ti |
| ampache.ti | Music streaming server. | N/A | hv1.ti |
| backup.ti | Backup management and backup system. | N/A | hv1.ti |
| cloud.ti | Dedicated Owncloud Server | N/A | hv1.ti |
| ldap.ti | User authentication and accounting server. | N/A | hv1.ti |
| mqtt.ti | MQTT broker accessible in the space | Chotee | Ledslie |
| quessel.ti | Shared IRC Client Server for dedicated IRC Clients | N/A | hv1.ti |
| vpn.ti | VPN server | ||
| srv1.ti | Shared Webserver running ISPConfig for members who want to run a website. | N/A | hv1.ti |
| techinc.nl | Dedicated machine for wiki.techinc.nl and techinc.nl + mailing lists. | N/A | hv1.ti |
| router.ti | The spaces primary gateway to the internet. | N/A | router.ti |
| sip.ti | The spaces primary PBX. | N/A | hv1.ti |
Admin Portal Links
This is an initial setup, by Mattronix on 19-11-2014 Internal Links Only!!!!
| Link | Function |
|---|---|
| LDAP Portal Fusion Directory | Use this portal to maintain LDAP Users,Groups and Attributes. |
| LDAP Portal Emergency/Advanced | Used for when something goes wrong ALWAYS USE FUSION DIRECTORY for day to day tasks. |
| monitoring.ti | Network Monitoring Server used to automatically detects and warn of critical events. |
| dfm.ti | NetApp Data Fabric Manager server used to optimize NetApp Backups |
Space Infrastructure Maintainers
This is an initial setup, by Mattronix on 19-11-2014
| Member | Member Maintains | Available for members technical issues. |
|---|---|---|
| Mattronix | Storage,Backups,Network,Hyper-Visors,TI Password Database | yes |
| Piele | Network,Hyper-Visors,TI Certificate Authority | yes |
| Wizzup | ampache.ti | no |
| tg | N/A | yes |
| Arda Xi | boot.ti | no |
| Webmind | N/A | no |
| nathan7 | N/A | no |
| Muse | LTSP | yes |
