Server

MHV's server is named 'morphia' (it is the successor to 'epidural', who was named for this.) You can access it as 'morphia' from inside the space, or ssh to space.makehackvoid.com from outside.

morphia is running GNU/Linux - Debian 6 "squeeze". It is configured for various functions in the space - including DNS, DHCP, SMB fileserving, print serving, network booting for LTSP "fat clients". It also runs the space probe.

Hardware

All hardware has been donated. Morphia is a Sun Fire V40Z, 8x Opteron CPUs and 56Gb RAM (thanks JC!) Old hardware but very respectable in its day.

SCSI backplane removed, SATA PCI-X card added. Has 2x 250Gb SATA HDDs (RAID1 mirror w/ Linux software RAID.), plus a single 500Gb SATA HDD for incremental backups. Boots partition on a USB stick, kexec chainloaded from a CD-ROM, due to BIOS limitations (awful hack but works fine now.)

Access

Accounts are available on request for MHV Associate & Full Members. Ask a committee member if you'd like an account.

Make sure to use a secure password, as morphia is ssh-accessible from outside the space. Also remember that although all our admins take care, we are not a professional hosting environment so please don't store anything that you consider sensitive or critically important.

Most of the explanations on this page assume admin 'sudo' access (ie being in the sudo group.) If you don't have sudo and want to do something, best to find someone who does and ask them. :)

DNS & DHCP

Servers are ISC dhcpd & Bind9. Config files on Debian live in /etc/dhcp/dhcpd.conf and /etc/bind/named.conf.*. Bind zone files in /var/cache/bind.

Local network domain is .mhv.

DHCP is configured to automatically add/remove hostnames to DNS when DHCP leases are added/removed. This makes for minimal up-front configuration (yay!)

Adding a new machine's name

You have 4 options of varying convenience:

• Best option: do nothing & use DHCP. If your machine reports a hostname, this will be added to DNS and "just work" for lookups. Windows machines all report hostnames, on *nix you'll need to look for a "host-name" option.

• Next best: add a dynamic host entry to /etc/dhcp/dhcpd.conf. This associates a MAC address with a hostname on the DHCP server, so it doesn't matter if the client doesn't specify one (for example, if it PXE boots or if it's an embedded device.) This leaves everything else dynamic. The hostname will be automatically added to DNS and "just work" for lookups.

  Example:

    host adminputer {  
      hardware ethernet 00:08:02:fa:b3:e5;  
      option host-name "adminputer";  
      ddns-hostname "adminputer";  
    }
  

• Next worst: add a static host entry to /etc/dhcp/dhcpd.conf. This means the client will always have the same IP as well as hostname. Look at this page to see what IP range to use.

  Example:

    host adminputer {  
      hardware ethernet 00:08:02:fa:b3:e5;  
      option host-name "adminputer";  
      ddns-hostname "adminputer";  
      fixed-address 10.0.0.32;
    }
  

• Worst option: configure your device with a static IP. Look at this page to see what IP ranges to use. Add DNS forward/reverse lookup entries to the files in /var/cache/bind/.

EXIM4 Mail Transport Agent

exim4 is currently configured to run as a smarthost agent of the mail.internode.on.net smart relay with localmail sent to Maildirs in home directories.

Local Mail

Local mail is delivered to ~/Maildir for each user. You can access this with mutt -f ~/Maildir, other mail user agents can be made available if needed, but it's unlikely that it will be used very much.

External Mail

External mail is sent via mail.internode.on.net with the domain name masked to ppp59-167-142-245.static.internode.on.net. Note: there is currently no return mail configured.

Routing for other hosts

This is currently disabled. If other machines need to send mail this may be reconsidered, but for now there's no use case.

Configuration Setup

The exim config is currently managed by Debian's update-exim4.conf utility with the /etc/update-exim4.conf.conf file as the basic config tool.

Web Server

There are two apache virtual web hosts configured:

• /etc/apache2/sites-available/default is an internal-only web site (webroot /var/www), available at http://morphia/ but only from inside the space. This host has mhvdb and munin monitoring, etc.

• /etc/apache2/sites-available/public is an external-facing web site (webroot /var/www-public) that can be viewed at http://space.makehackvoid.com/

Apache is configured for UserDirs, so if you create a directory called "public_html" it will be accessible at http://space.makehackvoid.com/~your_username/. You'll need sudo-level access to anything more complex to either host.

SMB Fileserver

SMB (Windows) fileserver configured via /etc/samba/smb.conf.

Two shares:

• 'general' is read/write by anyone. For general sharing of files. Local path /opt/shares/general (world-writable)

• 'MHV' is read-only by guests, writable by committee members. For "official" MHV stuff. Local path /opt/shares/mhv

SMB authentication is currently separate from "normal" login authentication. You can set an SMB password with 'sudo smbpasswd -a '. Once set, users can change their own with 'smbpasswd'.

Print Server

CUPS admin interface is available inside the local network, http://morphia:631 .

CUPS is configured to re-share the network LaserJet and also the label printer attached to the admin computer (when it's turned on.) Maybe more printers/plotters to come...

Samba is also configured to share the printers to Windows clients, although this hasn't been tested.

Monitoring

Munin is generating reports at http://morphia/munin (accessible from inside the space only.)

Some basic email monitoring also runs - smartd (/etc/smartd.conf), mdadm (/etc/mdadm/mdadm.conf) monitor disks. A weekly RAID check is kicked off from /etc/cron.weekly. These are configured to send email to root. If you're an admin and would like to see system emails, add your desired address to the aliases for 'root' in /etc/aliases.

Network Booting

TFTP server root is /var/lib/tftpboot

By default, DHCP clients are given PXE boot information for LTSP. See the LTSP workstation documentation.

LTSP Workstations

See LTSP Workstations page.

Backups

rsnapshot runs from /etc/cron.daily/rsnapshot-daily & /etc/cron.weekly/rsnapshot-weekly to mount /mnt/backup (donated 500Gb hard disk) and perform incremental backups.

There is currently no automatic checking of backups, if someone wants to fix that (so it emails on failure) it would be awesome. :)

Space Probe

The space probe controller is installed in /opt/spaceprobe/. The Bluetooth link is at /dev/rfcomm0.

There is a spaceprobe user which the Lua process runs as. At startup, it is launched in a detached screen session from /etc/rc.local.

To see spaceprobe output, if you have sudo access you can run 'sudo screen -r spaceprobe/' to see the output.

If you want to fix this to be (even) less hacky, please do. :)

Reattaching the probe

Due to the vagaries of $10 Bluetooth dongles, the space probe sometimes drops its link or gets confused otherwise. First step to fixing it is just to try and unbind and rebind the /dev/rfcomm0 device. (all following commands should be sudo-ed or run from a root shell.)

rfcomm release rfcomm0
killall lua # this might be a bit harsh, maybe better to find the 'lua main.lua' process and kill that
rfcomm bind rfcomm0

If that doesn't work, whole thing may need repairing (sometimes it 'forgets' the pairing if there's a power outage, happens every ~3 months.) Thanks to our particular bodgy $10 BT<->serial board, this process is very insecure. Please don't hijack our space probe, or we might need to spend another $10 on a better adapter!

rfcomm release rfcomm0
killall lua # as above, this might be a bit harsh, just kill 'lua main.lua' in ps aux output
hcitool scan # this is just to check the server can see the dongle, it should show up as 'linvor' in the results
bluetooth-agent 1234 &
hcitool cc 00:10:08:24:01:03
hcitool auth 00:10:08:24:01:03
hcitool con # the device should show up at this stage
rfcomm bind rfcomm0