Computing Infrastructure: Difference between revisions

From All Hands Active Wiki
Jump to navigation Jump to search
Nova1313 (talk | contribs)
RachelN (talk | contribs)
m →‎Networks: Added link to orphaned resources page
 
(113 intermediate revisions by 8 users not shown)
Line 1: Line 1:
=Networks=
=Networks=
Also see the article [[Network Resources]].
==Internets==
==Internets==
Internet connection is provided by Comcast.
Internet connection is provided by ACD.


More information about the internet connection and trouble shooting can be found here: [[Internets]]
More information about the internet connection and trouble shooting can be found here: [[Internets]]


To administer the internets use the web interface located at http://10.1.10.1
The connection is a bonded DSL line with 75 down and 15 up. The modem provided has ports 1 and 2 enabled and exposes all devices attached to the internet with semi-static IPs. We cannot administer this device and it is not a router.
 
Current config owners: Nick Ristow/Tyler Worman/Nate Yost/


==WIFI==
==WIFI==
WIFI is provided by the Mikrotik Router and routed through the Comcast Connection
WIFI is provided by the Ubiquiti Access points throughout the space.
 
2 DHCP enabled SSID's are provided.
 
=== SSID: ALLHANDSACTIVE ===
As of: 11/15/2015 ALLHANDSACTIVE is presently the only general use wifi connection. The password is posted around the shop.


Future state: Public connection, throttled to 100Kbps per user TX and RX segregated from the rest of the local LAN and private wifi. Essentially just a free wifi hotspot.
4 DHCP enabled SSID's are provided at present.


=== SSID: ALLHANDSACTIVE-PRIVATE ===
=== SSID: AllHandsActive-Guest ===
As of: 11/15/2015 Configuration of this connection is not complete.
Throttled AHA public wireless. Defaults to 4mpbs per connection. This places you on a private un-authenticated devices only network.


To Do:
=== SSID: AllHandsActive-Members ===
* Get this connection routing through to the internet.
Unthrottled AHA member wireless. Secured using your All Hands Active LDAP username and password. Unlimited devices for each member and puts your device on the main network.
* Get this connection obeying a TX/RX throttle.
* Remove the throttle from this connection and transition that throttle configuration to the ALLHANDSACTIVE SSID
* Enable authentication of this SSID via LDAP provided by [[Computing Infrastructure: HUB@AHA]]


Final state:
This uses Enterprise WPA2 with no certificate (or don't check), TTLS, MSCHAPv2. Many interfaces include a field for ''anonymous identity'' - this can be left blank.
Un-throttled Member only WIFI. Authenticated via our membership usernamme/passwords.


==LAN==
==LAN==
Line 35: Line 26:
===Router/Switches===
===Router/Switches===
====Router Main====
====Router Main====
Mikrotik Routerboard RB2011UiAS-2HnD-IN Router
Unifi Security Gateway (192.168.1.1)
Instructions: (http://wiki.mikrotik.com/wiki/Manual:TOC)
 
Maintained by:
* Tyler Worman
 
Managed by Ubiquiti Cloud Key management interface on https://192.168.1.2
 
Provides DHCP, routing and firewall rules. Allows for load balancing 2 internet connections or fail-over via current disconnected WAN2 port. This does not have a built in Switch.
 
* IP Address: 192.168.1.2 router.allhandsactive.org (internal)
 
====Annex Switch====
24 port unmanaged 1GBPS switch is located in the rack at the back of AHA.


Maintained by Tyler Worman (use members mailing list for contact)
====Annex Switch====
TrendNet router configured in bridge mode. Provides AllHandsActive-Annex Wi-fi SSID.


Runs RouterOS 6. Upgrade rights for versions through RouterOS 8
Located in the Annex provides hardwired annex ports. Runs off port 24 on the patch panel.
Routerboard RB2011UiAS-2HnD-IN


Web interface is at: http://10.1.10.3/


====Workstation Switch====  
===Network devices===
Located in center of workstations
====NestCams====
3 Nest cams are located throughout the space. They are DHCP via wifi AllHandsActive


Todo: List model here
In Ubiquiti Control software they are tagged as NestCam 1, 2, and 3 so you can monitor their traffic.


====BYB Switch====
====Ubiquiti Cloud Key====
Located in the back room.
Allows management of the network, support for LDAP/Radius wifi users and hot spots, and 30 days of rolling network logs.


IP: 192.168.1.2


===Printer===
====Ubiquiti Access Point====
Model: FILL ME IN!
Located in the main space and provides all but the -Annex AHA wifi SSID
IP Address: 10.1.10.2


===BYB Cardswipe===
IP: 192.168.1.5
Model: Fill me in!
IP Address:  


Owner:
====BYB Cardswipe====
Used for BYB employee's to clock in and out.
Used for BYB employee's to clock in and out.


=NAS=
* Model: EZ Clocking EC50
The NAS is known as HUB@AHA. More information about this project can be found here: [[Computing Infrastructure: HUB@AHA]]
* IP Address: DHCP? Should be 192.168.1.8
* Owner: BYB
 
====DoorPI / Gatekeeper ====
Rasspberry PI to control the LDAP to Door connection and card reader.
 
IP: 192.168.1.6


DNS (LAN and ALLHANDSACTIVE-PRIVATE only): hub.allhandsactive.com
Maintained by:
* Nate Yost
* Tyler Worman


==Future state==
===Printer===
This project is scheduled for deployment 1/1/2016. Contact Tyler Worman for more information!
See [[Printers]]


A centralized location that provides backed up member storage space, LDAP directory server, local web server, internal task tracker (trello like), web IRC front end, and backup for AHA.
* Model: HP LaserJet Pro 400 Color MFP
* IP Address: 192.168.1.7 printer.allhandsactive.org (internal)


==To Do==
[[Category:Infrastructure]]
See the project page for more information. Lots to do here! Roll out is end of 2015.


=Backups=
===NAS===
Future state:
{{outdated}}
Backups of machine specific configurations are not done.  
Controls AHA's LDAP server, Radius server, file shares and remote login. The NAS is knows as HUB@AHA.
Backups of user directories and VM/Workstation images are done nightly to the NAS itself
hub.allhandsactive.com:5000 (external)
NAS is weekly synced weekly to Tyler's offsite NAS.


=Workstations=
* Model: Synology DS409
==CNC==
* IP Address: 192.168.1.4 hub.allhandsactive.org (internal)
This machine is used to run the CNC machine in the back room.


===Software===
Maintained by:
* Windows Vista
* Nick Ristow
* Mach 3 (http://www.machsupport.com/software/mach3/)
* Tyler Worman
* USB SmoothStepper for Mach 3 (http://www.warp9td.com/)
* Brian Morse
* VCarvePro 6.0 (http://www.vectric.com/products/vcarve.htm)
* Cut3D 1.025 (http://www.vectric.com/products/cut3d.html)


===Config===
More information about this project can be found here: [[Computing Infrastructure: HUB@AHA]]
Configs are backed up here: List GIT location


===Harware===
====Backups====
Specs: List them here
Machines are fresh installed to same state and are not backed up.
Connnected to: [[CNC_Machine]]
The NAS offers recovery in event of a loss of disk. We presently do not do a remote backup of user files.


===Maintainer===
====Mapping drives====
Maintained by: Tyler Worman
Copy setupDrives.vbs to C:\ from \\hub\AHASoftware


===Licenses===
In Windows startup Local Group Policy Editor as Admin
Licenses to Mach3, VCarve Pro and Cut3D owned by: Tyler Worman
Under UserConfiguration\Windows Settings\Scripts (Logon/Logoff) add the script as a login script.


===Todo===
This login script maps drives for Software, Home and Share. It redirects the users desktop and my documents folder to their home folder within the NAS. The redirection of desktop/documents is disabled for the admin account.
* Update the tool index in Vcarve and Cut3D
* Backup config for Vcarve and Mach3 to Tyler's GIT/BitBucket repository
* Wipe machine
* Install a Windows 7 license.
* Install CNC software
* Lock machine down to admin and LDAP enabled members (as non-admin accounts!)


===Login===
====LDAP Config====
Username: CNC
See here [[Computer Infrastructure: LDAP Authentication]]


Password: Ask Tyler
=Workstations=
A full list of available workstations is located at [[Computing Resources]].


==LASER==
==LASER (Big Red/Softdog)==
===Hardware===
===Hardware===
Specs:
Specs:
Line 127: Line 125:


===Software===
===Software===
List software here
* Inkscape
* LaserCut 5.3


===Maintainer===
===Maintainer===
Line 133: Line 132:


===To Do===
===To Do===
* Verify with Greg/BYB that it's still okay to LDAP enable the machine login
* Get list of valid users from Greg
* Get list of valid users from Greg
* Create LDAP group on NAS
* Create LDAP group on NAS
Line 140: Line 138:
* lock down login to admin and pGina NAS users.
* lock down login to admin and pGina NAS users.


==6 Public Workstations==
==3D Printing==
===Current state===
===Hardware===
6 Unmanaged dual account (admin/public) machines.
Specs:
List them here


Specs:
===Software===
LIST THEM HERE
List installed software here


===Future state===
===Maintainer===
6 Managed Windows 10 workstations. Software updated by Ninite, Windows updates kept up to date by service account script.
Who owns and maintains the PC and it's software?


1 Admin account on each machine.
==Front Desk==


User's login via LDAP enabled logins provided by HUB@AHA via http://pgina.org/.
Lives under the desk below the TV monitor in the front room. Also hooked up to the [[Vinyl Cutter]].


Login mount of AHA software (VirtualBox Ubuntu Images)
===Hardware===


Login mount of AHA shared folder (see HUB@AHA)
===Software===
* Ubuntu--what version?
* Inkscape
* InkCut
* List other installed software here


Easy to wipe and restore with documented instructions for doing this located here:
===Maintainer===
[[Computer Infrastructure: Restoring Workstations]]
Who owns and maintains the PC and it's software?


Easy to build a new image from scratch with instructions for doing this here:
==5 Public Workstations==
[[Computer Infrastructure: Building new Workstation image]]
===Current state===
Specs:
* AHA-PC1 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
* AHA-PC2 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
* AHA-PC3 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
* AHA-PC4 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
* AHA-PC5 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)


===To do===
===To do===
* Write script to perform offline, silent, no reboot windows updates for all machines. (https://stackoverflow.com/questions/16180265/automatically-update-windows-fully)
* Setup Rhino 3D and Zoo on all PCs
* Get license to Ninite Pro - Tyler Will fund for the first year.
* Upgrade 1 machine to windows 10 and authenticate it to allhandsactive gmail.
* Wipe that machine and do a fresh base windows 10 install.
* Install AHA base image software
* Install pGina for Login via HUB@AHA
* Setup login script to mount home directory for Windows box as the user folder on the NAS.
* Setup login script to mount the shared AHA directory for Windows box.
* Setup login script to mount the AHA provided optional software directory to the Windows box.
* Backup this state to the NAS.
* Allow demo of machine for 2 weeks by users and during this time provision members with accounts.
* Begin upgrading other machines to windows 10, authenticating them to allhandsactive gmail and then wipe and restore with central image from NAS.


===AHA installed software===
===AHA installed software===
* Arduino Studio
Individual Installed:
* Ninite
{| class="wikitable"
** Chrome
|-
** Firefox
|pGina || RunAsGui || Steam || Arduino Studio || Unity Game Engine || Blender || Virtual Box || Fusion 360
** 7 ZIP
|-
** VLC
|OpenSCAD || LibreCAD || FreeCAD || EagleCAD || KiCAD || Rhino || Sprocketeer 2.0 || 3d Connexion || Altium Circuit Maker
** Java 8
|}
** .Net 4.6
** Python
** FileZilla
** Notepad ++
** JDK 8
** WinSCP
** PuTTY
** Eclipse
** Paint.Net
** Gimp
** Inkscape
** LibreOffice
** PDFCreator
** Microsoft Security Essentials
** ImgBurn
** RealVNC
** Classic Start
** Steam


===Restore Workstations===
Ninite installed:
Guide here: [[Computer Infrastructure: Restoring Workstations]]
{| class="wikitable"
|-
|Chrome || Firefox || Steam
|-
|DropBox || Google Drive || Skype || VLC || Audacity
|-
|Java 8 || JDK 8 || .Net 4.6 || Python
|-
|Notepad++ || Eclipse
|-
|PuTTY || WinSCP || 7 ZIP || WinRAR || FileZilla
|-
|Gimp || Inkscape || Paint.Net
|-
|LibreOffice || PDF Creator
|}


The workstation restoration process involves wiping the machine, copying down an image from the NAS and running updates.
===Rebuilding a Workstation===
Guide here: [[Computer_Infrastructure:_Building_new_Workstation_image]]


=Virtual Machines=
=Virtual Machines=
Future State:
Future State:
HUB@AHA has 1 Ubuntu VirtualBox image that get mounted to the 6 public workstations at login. It's maintained by AHA and configured with default settings for the space. You may clone the image for your personal use.
HUB@AHA has a VM folder in the AHASoftware share. It will be mounted to the 6 public workstations at login. Need someone to build these. Demure was interested.
It's maintained by AHA members and configured with default settings for the space. You may clone the image for your personal use.


==Todo==
==Todo==
Line 224: Line 221:


==Base Image==
==Base Image==
A base install of the latest LTR Ubuntu image that is reasonably patched.
A base install of the latest LTR Ubuntu image that is reasonably patched?


===Additional software===
===Additional software===
These packages are installed in addition to the base install.
These packages are installed in addition to the base install.
* Arduino
* Eclipse
* JDK
* Inkscape
* Gimp
* Blender
* OpenSCAD


If you need additional packages please contact Tyler Worman to request a base package be added to the distribution.
If you need additional packages please contact xxxx to request a base package be added to the distribution.


==Usage pattern==
==Usage pattern==
Copy the VM to your private folder on the NAS and use as needed.
Copy the VM to your private folder on the NAS and use as needed.
Wipe/Restore from base image as needed.
Wipe/Restore from base image as needed.

Latest revision as of 11:29, 28 November 2023

Networks

Also see the article Network Resources.

Internets

Internet connection is provided by ACD.

More information about the internet connection and trouble shooting can be found here: Internets

The connection is a bonded DSL line with 75 down and 15 up. The modem provided has ports 1 and 2 enabled and exposes all devices attached to the internet with semi-static IPs. We cannot administer this device and it is not a router.

WIFI

WIFI is provided by the Ubiquiti Access points throughout the space.

4 DHCP enabled SSID's are provided at present.

SSID: AllHandsActive-Guest

Throttled AHA public wireless. Defaults to 4mpbs per connection. This places you on a private un-authenticated devices only network.

SSID: AllHandsActive-Members

Unthrottled AHA member wireless. Secured using your All Hands Active LDAP username and password. Unlimited devices for each member and puts your device on the main network.

This uses Enterprise WPA2 with no certificate (or don't check), TTLS, MSCHAPv2. Many interfaces include a field for anonymous identity - this can be left blank.

LAN

Router/Switches

Router Main

Unifi Security Gateway (192.168.1.1)

Maintained by:

  • Tyler Worman

Managed by Ubiquiti Cloud Key management interface on https://192.168.1.2

Provides DHCP, routing and firewall rules. Allows for load balancing 2 internet connections or fail-over via current disconnected WAN2 port. This does not have a built in Switch.

  • IP Address: 192.168.1.2 router.allhandsactive.org (internal)

Annex Switch

24 port unmanaged 1GBPS switch is located in the rack at the back of AHA.

Annex Switch

TrendNet router configured in bridge mode. Provides AllHandsActive-Annex Wi-fi SSID.

Located in the Annex provides hardwired annex ports. Runs off port 24 on the patch panel.


Network devices

NestCams

3 Nest cams are located throughout the space. They are DHCP via wifi AllHandsActive

In Ubiquiti Control software they are tagged as NestCam 1, 2, and 3 so you can monitor their traffic.

Ubiquiti Cloud Key

Allows management of the network, support for LDAP/Radius wifi users and hot spots, and 30 days of rolling network logs.

IP: 192.168.1.2

Ubiquiti Access Point

Located in the main space and provides all but the -Annex AHA wifi SSID

IP: 192.168.1.5

BYB Cardswipe

Used for BYB employee's to clock in and out.

  • Model: EZ Clocking EC50
  • IP Address: DHCP? Should be 192.168.1.8
  • Owner: BYB

DoorPI / Gatekeeper

Rasspberry PI to control the LDAP to Door connection and card reader.

IP: 192.168.1.6

Maintained by:

  • Nate Yost
  • Tyler Worman

Printer

See Printers

  • Model: HP LaserJet Pro 400 Color MFP
  • IP Address: 192.168.1.7 printer.allhandsactive.org (internal)

NAS

Notice
Notice
OUTDATED!:
The content of this page is outdated.
If you have checked or updated this page and found the content to be suitable, please remove this notice.

Controls AHA's LDAP server, Radius server, file shares and remote login. The NAS is knows as HUB@AHA. hub.allhandsactive.com:5000 (external)

  • Model: Synology DS409
  • IP Address: 192.168.1.4 hub.allhandsactive.org (internal)

Maintained by:

  • Nick Ristow
  • Tyler Worman
  • Brian Morse

More information about this project can be found here: Computing Infrastructure: HUB@AHA

Backups

Machines are fresh installed to same state and are not backed up. The NAS offers recovery in event of a loss of disk. We presently do not do a remote backup of user files.

Mapping drives

Copy setupDrives.vbs to C:\ from \\hub\AHASoftware

In Windows startup Local Group Policy Editor as Admin Under UserConfiguration\Windows Settings\Scripts (Logon/Logoff) add the script as a login script.

This login script maps drives for Software, Home and Share. It redirects the users desktop and my documents folder to their home folder within the NAS. The redirection of desktop/documents is disabled for the admin account.

LDAP Config

See here Computer Infrastructure: LDAP Authentication

Workstations

A full list of available workstations is located at Computing Resources.

LASER (Big Red/Softdog)

Hardware

Specs: List them here

Software

  • Inkscape
  • LaserCut 5.3

Maintainer

Who owns and maintains the PC and it's software?

To Do

  • Get list of valid users from Greg
  • Create LDAP group on NAS
  • Install pGina on machine
  • Fully update machine and software
  • lock down login to admin and pGina NAS users.

3D Printing

Hardware

Specs: List them here

Software

List installed software here

Maintainer

Who owns and maintains the PC and it's software?

Front Desk

Lives under the desk below the TV monitor in the front room. Also hooked up to the Vinyl Cutter.

Hardware

Software

  • Ubuntu--what version?
  • Inkscape
  • InkCut
  • List other installed software here

Maintainer

Who owns and maintains the PC and it's software?

5 Public Workstations

Current state

Specs:

  • AHA-PC1 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
  • AHA-PC2 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
  • AHA-PC3 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
  • AHA-PC4 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)
  • AHA-PC5 - Win 10 Pro AMD A10-5800K 3.8GHZ 8GB (LDAP)

To do

  • Setup Rhino 3D and Zoo on all PCs

AHA installed software

Individual Installed:

pGina RunAsGui Steam Arduino Studio Unity Game Engine Blender Virtual Box Fusion 360
OpenSCAD LibreCAD FreeCAD EagleCAD KiCAD Rhino Sprocketeer 2.0 3d Connexion Altium Circuit Maker

Ninite installed:

Chrome Firefox Steam
DropBox Google Drive Skype VLC Audacity
Java 8 JDK 8 .Net 4.6 Python
Notepad++ Eclipse
PuTTY WinSCP 7 ZIP WinRAR FileZilla
Gimp Inkscape Paint.Net
LibreOffice PDF Creator

Rebuilding a Workstation

Guide here: Computer_Infrastructure:_Building_new_Workstation_image

Virtual Machines

Future State: HUB@AHA has a VM folder in the AHASoftware share. It will be mounted to the 6 public workstations at login. Need someone to build these. Demure was interested. It's maintained by AHA members and configured with default settings for the space. You may clone the image for your personal use.

Todo

  • Create base image
  • Install additional software
  • Configure home directory mount via LDAP.
  • Install VirtualBox extensions.
  • Mark it read only.
  • Share to network via NAS.
  • Configure login script to mount this share at login.

Base Image

A base install of the latest LTR Ubuntu image that is reasonably patched?

Additional software

These packages are installed in addition to the base install.

  • Arduino
  • Eclipse
  • JDK
  • Inkscape
  • Gimp
  • Blender
  • OpenSCAD


If you need additional packages please contact xxxx to request a base package be added to the distribution.

Usage pattern

Copy the VM to your private folder on the NAS and use as needed. Wipe/Restore from base image as needed.