Files
Controls-docs/infrastructure-guide/home.md
T

69 lines
2.4 KiB
Markdown

# Infrastructure Systems
List of systems and their primary role:
* [pxeserv01](pxeserv01) - 129.129.190.59 - TFTP server for PXE booting
* [boot00](boot00) - 129.129.160.210 - Runs sysdb, providing the dynamic iPXE, Grub and kickstart files
* [puppet01](puppet01) - 129.129.160.118 - Runs the puppet server for the RHEL7 infra
* [repo00](repo00) - 129.129.160.212 - RPM/Yum repository server for RHEL7
* [repo01](repo01) - 129.129.190.190 - RPM/Yum repository server for RHEL8
* [reposync](reposync) - 129.129.161.222 - RPM/Yum repository server for RHEL8
* [lxweb00](lxweb00) - 129.129.190.46 - Exports further repositories from AFS
* [login](login) - 129.129.190.131 129.129.190.132 129.129.190.133 - Shell login service for users
* [influx00](influx00) - 129.129.190.225 - Influx database server
* [metrics00](metrics00) - 129.129.190.226 - Grafana frontend for Influx
* [lxsup00](lxsup00) - 129.129.190.24 - Shell for linux support, primarily to run bob
* [satint](satint) - 129.129.160.114 - PSI Satellite server
![](overview_linux.drawio.svg)
## Misc
There is a keepass file with passwords (Heinz or Edgar)
Access to the redhat.com knowledge base:
Login: kbaccess
Passwort: Kb4cc3ss
## Metrics
* [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_pli&var-host=boot00.psi.ch&var-host=influx00.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch&var-host=pxeserv01.psi.ch&var-host=repo00.psi.ch&var-host=reposync.psi.ch)
# Procedures
* [Adding a new RHEL version to the RHEL7 install mechanism](newver)
* [How to grant access to RHEL7 infrastructure](https://git.psi.ch/linux-infra/user-ca/blob/master/README.md#automated-with-ansible-for-pli-infrastructure-systems-of-rhel-7)
* [Grant new person right for bob/sysdb](newbob)
* [How to reinstall a machine](howtoreinstall)
# Tools
* [SSH config](sshconf)
# HTTPS Certificates
* [HTTPS Certificates](https://linux.psi.ch/admin-guide/operations/certificates.html)
# SSH Certificates / Signing Public User Keys
Use the ca certificate that is on the "Kai special USB stick" (the certificate permissions needs to be 600 !)
The signing is done like this:
```bash
ssh-keygen -s user-ca -I <username> -n <username> -V +55w id_ed25519.pub
```
More details on how this works can be found in this article: https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/