Nasqueron Agora - User contributions [en]

Eglide

2023-07-20T19:37:20Z

Sandlayth: /* IP connectivity */

'''Eglide''' is a shell server donated by Sandlayth for an independant shell project.

== Responsibilities and involvement ==

* Eglide is an independent shell project free to use
* Nasqueron supports the infrastructure and ITC management
* Wolfplex Hackerspace gives support to users @ Libera Chat #wolfplex (there is also a channel #eglide)

== Networking ==
=== IP connectivity ===
'''IPv4''': 51.159.150.221

'''IPv6''': 2001:470:1f13:896:0:c0de:15:11fe

IPv6 is provided by an HE tunnel, our range is 2001:470:1f13:896::/64.

It's possible to reserve an IP for a service, and customize reverse DNS. Also, if we move from one ISP to another, or from one DC to another, this block moves with us while IPv4 will probably change.

Working network configuration state can be found on [https://devcentral.nasqueron.org/P343 Devcentral].

=== Ports ===
{| class="wikitable sortable"
|-
! Port !! User !! Service !! Configuration source
|-
| 22 || root || OpenSSH || /etc/ssh/sshd_config
|-
| 80 || www-data || nginx || /etc/nginx/sites-enabled/default
|-
| 443 || www-data || nginx || /etc/nginx/sites-enabled/default
|-
| 12000 || bitlbee || bitlbee || {{Ops file|roles/shellserver/userland-software/files/etc__init.d__bitlbee}}
|}

== Policies ==
See [[Eglide/Policies]].

== See also ==
* [[Operations grimoire/Create and revoke user accounts on Salt servers]]
* [[Operations grimoire/Deploy with Salt]] (Eglide is purely managed through rOPS and Salt)
* [[Operations grimoire/Eglide]]

[[Category:Servers]]

Eglide

2023-07-20T19:36:04Z

Sandlayth: /* IP connectivity */ Add network configuration link

'''Eglide''' is a shell server donated by Sandlayth for an independant shell project.

== Responsibilities and involvement ==

* Eglide is an independent shell project free to use
* Nasqueron supports the infrastructure and ITC management
* Wolfplex Hackerspace gives support to users @ Libera Chat #wolfplex (there is also a channel #eglide)

== Networking ==
=== IP connectivity ===
'''IPv4''': 51.159.150.221

'''IPv6''': 2001:470:1f13:896:0:c0de:15:11fe

IPv6 is provided by an HE tunnel, our range is 2001:470:1f13:896::/64.

It's possible to reserve an IP for a service, and customize reverse DNS. Also, if we move from one ISP to another, or from one DC to another, this block moves with us while IPv4 will probably change.

Working network configuration state can be found on [Devcentral|https://devcentral.nasqueron.org/P343]

=== Ports ===
{| class="wikitable sortable"
|-
! Port !! User !! Service !! Configuration source
|-
| 22 || root || OpenSSH || /etc/ssh/sshd_config
|-
| 80 || www-data || nginx || /etc/nginx/sites-enabled/default
|-
| 443 || www-data || nginx || /etc/nginx/sites-enabled/default
|-
| 12000 || bitlbee || bitlbee || {{Ops file|roles/shellserver/userland-software/files/etc__init.d__bitlbee}}
|}

== Policies ==
See [[Eglide/Policies]].

== See also ==
* [[Operations grimoire/Create and revoke user accounts on Salt servers]]
* [[Operations grimoire/Deploy with Salt]] (Eglide is purely managed through rOPS and Salt)
* [[Operations grimoire/Eglide]]

[[Category:Servers]]

User:Sandlayth

2017-03-29T20:22:35Z

Sandlayth:

{{User
| Full name = Yassine Hadj messaoud
| Presentation = Amateur des technologies informatiques à temps plein, joueur de basket-ball à mes heures perdues, je suis de ceux qui promouvoient le partage de la science. En constante recherche de nouvelles connaissances pour alimenter ma soif de savoir insatiable.
| Projects = [https://docker.nasqueron.org Docker images]<br />[[Operations grimoire|Ops]]<br />[http://www.eglide.org Eglide]
| DevCentral user feed = Sandlayth
| DevCentral user board = user-sandlayth
| GitHub = sandlayth
| Personal site = [https://hadjmessaoud.com/ hadjmessaoud.com]
}}

PuTTY with SSH key tutorial

2016-08-31T10:07:59Z

Sandlayth: Created page with "File:PuTTY_Key_Generator_2.png File:PuTTY_Key_Generator.png File:PuTTY_Key_Generator_3.png File:Session_Panel_on_PuTTY.png File:Data_Panel_on_PuTTY.png..."

[[File:PuTTY_Key_Generator_2.png]]

[[File:PuTTY_Key_Generator.png]]

[[File:PuTTY_Key_Generator_3.png]]

[[File:Session_Panel_on_PuTTY.png]]

[[File:Data_Panel_on_PuTTY.png]]

[[File:Authentication_Panel_on_PuTTY.png]]

[[File:Session_Panel_on_PuTTY_2.png]]

[[File:Session_Panel_on_PuTTY_3.png]]

Dwellers

2016-01-22T08:02:05Z

Sandlayth: /* Ports table */

'''Dwellers''' is an VMWare EXSi instance installed on [[Stormshear]].

The goal of this server is to provide a Docker / OpenShift / Geard CentOS PaaS service.

== Basic information ==
* '''IPs:'''
** 212.129.32.223
** 2001:470:1f13:ce7:ca5:cade:fab:1e
* '''Hostname:''' dwellers.nasqueron.org
* '''Homepage:''' http://dwellers.nasqueron.org/
* '''Configuration:'''Access to 3.5 GB RAM and 4 core, burstable on request to 8 cores/+-6 Gb (to be negotiated according [[Ysul]] use)
* '''OS:''' CentOS 7
* '''ISP:''' [http://www.online.net Online] (FR)
* '''Network:''' Illiad (FR)
* '''Status:''' Installing.
* '''Policy:''' Access for any Nasqueron or Wolfplex project
* '''Started:''' 2014-07-13

== Services ==
* SSH (*:22)
* Docker
* OpenShift

== Containers ==
=== Ports table ===

Ø indicates an unmapped port. In such cases, it's accessible logging in Dwellers, and connecting locally to the current mutable container IP variable and the immutable specified port.

Ports are not exposed on world, as only listen to 22, 25, 80 and 443.

Most ports on —80 are served by nginx and so accessible on :80/:443.
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''URL'''
| align="center" style="background:#f0f0f0;"|'''Container name'''
| align="center" style="background:#f0f0f0;"|'''Container image'''
| align="center" style="background:#f0f0f0;"|'''Prefix'''
| align="center" style="background:#f0f0f0;"|'''Service'''
| align="center" style="background:#f0f0f0;"|'''Internal port'''
| align="center" style="background:#f0f0f0;"|'''External port'''
|-
| builds.nasqueron.org||tommy||dereckson/tommy||24||ruby / sinatra||4567||24080
|-
| Not running||Not running||grafana/grafana||27||||3000||27080
|-
| Not running||Not running||(phragile must be built)||28||||||28080
|-
| Not running||Not running||nikfoundas/etcd-viewer or henszey/etcd-browser||29||||||29080
|-
| Not running||Not running||shipyard/shipyard ||30||Apache||80||30080
|-
| phabricator.nasqueron.org||devcentral||nasqueron/phabricator||31||nginx||443||Ø
|-
| ||||||||nginx||80||31080
|-
| forum.nasqueron.org||forum||local_discourse/forum||32||nginx||80||32080
|-
| Not running (previously bugzilla.espace-win.org) ||Not running||dklawren/docker-bugzilla ||33||SSH||22||Ø
|-
| ||||||||Apache||80||33080
|-
| "pad.wolfplex.be
|-
| pad.nasqueron.org"||etherpad||nasqueron/etherpad||34||Node.js||9001||34080
|-
| phabricator.wolfplex.be||wolphab||nasqueron/phabricator||35||nginx||443||Ø
|-
| ||||||||nginx||80||35080
|-
| Not running (previously code.zed.dereckson.be)||Not running||yesnault/docker-phabricator:latest ||36||SSH||22||Ø
|-
| ||||||||Apache||80||36080
|-
| notifications.nasqueron.org ||hungry_hoover||nasqueron/notifications||37||nginx||80||37080
|-
| status.nasqueron.org||cachet||nasqueron/cachet||39||nginx||443||Ø
|-
| ||||||||nginx||80||39080
|-
| ci.nasqueron.org||ci||jenkinsci/jenkins||38||Swarm port control for slave servers||50000||50000
|-
| ||||||||Jetty||8080||38080
|-
| Ø ||aowne||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||apsile||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||acquisitariat||nasqueron/mysql||Ø ||MySQL server||3306||Ø
|-
| Ø ||silly_bardeen (temporary)||nasqueron/jenkins-slave-php||Ø||SSH||22||32769
|-
| Ø||aphlict||nasqueron/aphlict||Ø||||22280-22281||22280-22281
|-
| white-rabbit.nasqueron.org||white-rabbit||nasqueron/rabbitmq||Ø||epmd||4369||4369
|-
| ||||||Ø||Erlang distribution||25762||25762
|-
| ||||||Ø||AMQP||5672||5672
|-
| ||||||Ø||AMQP with TLS||5671||5671
|-
| ||||||Ø||Plugin management||15672||15672
|-
| ||||||Ø||STOMP||61613||61613
|-
| ||||||Ø||||61614||61614
|-
| ||||||Ø||MQTT||1883||1883
|-
| ||||||Ø||||8883||8883
|-
|
|}

=== phabricator.nasqueron.org ===
'''Port prefix:''' 31

Provides a Phabricator instance for Nasqueron projects at [http://phabricator.nasqueron.org http://phabricator.nasqueron.org].

To run a new container:
docker run -p 31080:80 nasqueron-phabricator

'''Known issues'''

* At startup, we need to set the base URI: ./bin/config set phabricator.base-uri 'http://devcentral.nasqueron.org/'

=== forum.nasqueron.org ===
'''Port prefix:''' 32

Provides a Discourse instance, to be used as a forum at http://forum.nasqueron.org/

First, update the configuration:
cd /data/discourse/app/
#ensure you have id_zr in the SSH agent with ssh-add -l
#if not, and if you have trouble with an agent, alias ssh "ssh -i /root/.ssh/id_zr" should work
make update

Then, launch db and cache containers:
docker run -d -v /data/discourse/postgres:/var/lib/postgresql -e LC_ALL=C.UTF-8 --name=discourse-postgres postgres
docker run -d --name discourse-redis redis

Finally, launch web container:
docker run -d -v /data/discourse/app:/data/config -p 32000:3000 -p 32080:80 --link discourse-postgres:db --link discourse-redis:cache --name discourse-web nasqueron/discourse

At launch time, the web container can perform some tasks. Erase the dotfiles in /data/discourse/app/ to force them:
* rake db:migrate if .database-initialized is not found
* rake assets:precompile if .database-initialized is not found
* regenerate language configuration and files if .language-set not found and a language file contains a language string

So to switch from English to French for example:
echo fr > language
rm .language-set

Also at launch time, the web container will populate config directory with missing config files before to create symlinks of these files to the Discourse web config folder. So, if you found a Discourse instance trying to find a database at localhost, don't forget to generate from discourse.conf.tmpl a discourse.conf file following instructions given above in update the configuration step.

=== Shipyard ===
'''Port prefix:''' 30

Provides a shipyard instance to manage Dwellers (and potentially other Docker installation) at http://dwellers.nasqueron.org:30080

To run RethinkDB for the storage and launch shipyard:
docker run -it -d --name shipyard-rethinkdb-data --entrypoint /bin/bash shipyard/rethinkdb -l
docker run -it -P -d --name shipyard-rethinkdb --volumes-from shipyard-rethinkdb-data shipyard/rethinkdb
docker run -it -p 30080:8080 -d --name shipyard --link shipyard-rethinkdb:rethinkdb shipyard/shipyard

To control shipyard instance, launch the CLI (also in a container):
docker run -it shipyard/shipyard-cli

Documentation is at http://shipyard-project.com/docs/usage/cli/

== Administration tasks ==
=== Acquisitariat (MySQL server) ===

To connect to the MySQL server, you can run a temporary container linked to our production server.

ssh -t ops@dwellers.nasqueron.org mysql-acquisitariat-client

If you need more control tweak this line:

docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'

If you need to work with SQL files, connect directly to the server:

docker exec -it acquisitariat bash

Finally, some containers allow. From a Phabricator container, for example, you can get a MySQL client with:

/opt/phabricator/bin/storage shell

You could contribute a MySQL client image with only a MySQL client, and tools to perform operations like a dump for backup purpose.

== Troubleshoot ==
=== How to point a domain here? ===
For your domains:
* subdomain.domain.tld A 212.129.32.223
* subdomain.domain.tld AAAA 2001:470:1f13:ce7:ca5:cade:fab:1e

To request a DNS update for domains using extensively the Nasqueron servers infrastructure:
* subdomain.nasqueron.org CNAME www3.nasqueron.org
* subdomain.espace-win.org CNAME www2.espace-win.org

=== How to access by SSH to an instance? ===
See the ports table to check if a port is assigned. We don't assign port if there is no reason general public got access to the VM by SSH. We assign port each time a stable address is needed (for example to talk with a Git server)

If the port is mapped:

ssh -p <port> username@dwellers.nasqueron.org

If the port is unmapped, you can from Dwellers:

docker ps
docker inspect <instance id> #gets the local IP
ssh <IP 172.*>

If you don't see the IP with docker inspect, check you use the instance id, not the image name.

'''Note: with recent Docker versions, you don't need to SSH anymore: you can use docker exec -it <container name> <your favorite shell> instead.'''

=== No network at boot time ===
Access the machine on the hypervisor, then:

;Check the interface is up:
ip addr
ifup ens192 # to bring it up

;If you've reset the configuration and need to add again the IP:
ip addr add 212.129.32.223/32 dev ens192

;Routing is probably the issue:
ip route add 62.210.76.1 dev ens192
ip route add default via 62.210.76.1

;Same for the case we can ping/ssh (slowly) from [[Ysul]] but not from the world:
ip route change 62.210.76.1 dev ens192
ip route change default via 62.210.76.1

;Reconfigure the IPv6 tunnel

At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work.

ip tunnel del he-ipv6
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:ce7::2/64
ifconfig sit1 inet6 add 2001:470:1f13:ce7:ca5:cade:fab:1e/64
route -A inet6 add ::/0 dev sit1

=== A port on the host doesn't reply (but does in Docker) ===
You can reset the iptables configuration. A script has been provided for that.

$ systemctl stop docker
$ /root/[[reset-iptables]]
$ systemctl start docker

If you're willing to restrict ports, you can use instead /root/reset-iptables-dwellers

=== From Docker and LXC, it's not possible to connect outside ===

It could be the net.ipv4.ip_forward switched from 1 to 0:

$ sysctl net.ipv4.ip_forward=1

Or it could be an issue with iptables:

$ iptables -t nat -F POSTROUTING
$ iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE

If you need to recreate the forwarding map ([http://devcentral.nasqueron.org/P91 P91]):

$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 25 -j DNAT --to-destination 10.0.3.8:25
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 21080 -j DNAT --to-destination 10.0.3.8:80
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 110 -j DNAT --to-destination 10.0.3.8:110
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 143 -j DNAT --to-destination 10.0.3.8:143
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 465 -j DNAT --to-destination 10.0.3.8:465
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 587 -j DNAT --to-destination 10.0.3.8:587
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 993 -j DNAT --to-destination 10.0.3.8:993
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 995 -j DNAT --to-destination 10.0.3.8:995

[[Category:Dwellers]]

Dwellers

2016-01-22T08:00:12Z

Sandlayth: /* Ports table */

'''Dwellers''' is an VMWare EXSi instance installed on [[Stormshear]].

The goal of this server is to provide a Docker / OpenShift / Geard CentOS PaaS service.

== Basic information ==
* '''IPs:'''
** 212.129.32.223
** 2001:470:1f13:ce7:ca5:cade:fab:1e
* '''Hostname:''' dwellers.nasqueron.org
* '''Homepage:''' http://dwellers.nasqueron.org/
* '''Configuration:'''Access to 3.5 GB RAM and 4 core, burstable on request to 8 cores/+-6 Gb (to be negotiated according [[Ysul]] use)
* '''OS:''' CentOS 7
* '''ISP:''' [http://www.online.net Online] (FR)
* '''Network:''' Illiad (FR)
* '''Status:''' Installing.
* '''Policy:''' Access for any Nasqueron or Wolfplex project
* '''Started:''' 2014-07-13

== Services ==
* SSH (*:22)
* Docker
* OpenShift

== Containers ==
=== Ports table ===

Ø indicates an unmapped port. In such cases, it's accessible logging in Dwellers, and connecting locally to the current mutable container IP variable and the immutable specified port.

Ports are not exposed on world, as only listen to 22, 25, 80 and 443.

Most ports on —80 are served by nginx and so accessible on :80/:443.
{| {{table}}
| align="center" style="background:#f0f0f0;"|'''URL'''
| align="center" style="background:#f0f0f0;"|'''Container name'''
| align="center" style="background:#f0f0f0;"|'''Container image'''
| align="center" style="background:#f0f0f0;"|'''Prefix'''
| align="center" style="background:#f0f0f0;"|'''Service'''
| align="center" style="background:#f0f0f0;"|'''Internal port'''
| align="center" style="background:#f0f0f0;"|'''External port'''
|-
| builds.nasqueron.org||tommy||dereckson/tommy||24||ruby / sinatra||4567||24080
|-
| Not running||Not running||grafana/grafana||27||||3000||27080
|-
| Not running||Not running||(phragile must be built)||28||||||28080
|-
| Not running||Not running||nikfoundas/etcd-viewer or henszey/etcd-browser||29||||||29080
|-
| Not running||Not running||shipyard/shipyard ||30||Apache||80||30080
|-
| phabricator.nasqueron.org||devcentral||nasqueron/phabricator||31||nginx||443||Ø
|-
| ||||||||nginx||80||31080
|-
| forum.nasqueron.org||forum||local_discourse/forum||32||nginx||80||32080
|-
| Not running||Not running||dklawren/docker-bugzilla ||33||SSH||22||Ø
|-
| ||||||||Apache||80||33080
|-
| "pad.wolfplex.be
|-
| pad.nasqueron.org"||etherpad||nasqueron/etherpad||34||Node.js||9001||34080
|-
| phabricator.wolfplex.be||wolphab||nasqueron/phabricator||35||nginx||443||Ø
|-
| ||||||||nginx||80||35080
|-
| Not running||Not running||yesnault/docker-phabricator:latest ||36||SSH||22||Ø
|-
| ||||||||Apache||80||36080
|-
| notifications.nasqueron.org ||hungry_hoover||nasqueron/notifications||37||nginx||80||37080
|-
| status.nasqueron.org||cachet||nasqueron/cachet||39||nginx||443||Ø
|-
| ||||||||nginx||80||39080
|-
| ci.nasqueron.org||ci||jenkinsci/jenkins||38||Swarm port control for slave servers||50000||50000
|-
| ||||||||Jetty||8080||38080
|-
| Ø ||aowne||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||apsile||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||acquisitariat||nasqueron/mysql||Ø ||MySQL server||3306||Ø
|-
| Ø ||silly_bardeen (temporary)||nasqueron/jenkins-slave-php||Ø||SSH||22||32769
|-
| Ø||aphlict||nasqueron/aphlict||Ø||||22280-22281||22280-22281
|-
| white-rabbit.nasqueron.org||white-rabbit||nasqueron/rabbitmq||Ø||epmd||4369||4369
|-
| ||||||Ø||Erlang distribution||25762||25762
|-
| ||||||Ø||AMQP||5672||5672
|-
| ||||||Ø||AMQP with TLS||5671||5671
|-
| ||||||Ø||Plugin management||15672||15672
|-
| ||||||Ø||STOMP||61613||61613
|-
| ||||||Ø||||61614||61614
|-
| ||||||Ø||MQTT||1883||1883
|-
| ||||||Ø||||8883||8883
|-
|
|}

=== phabricator.nasqueron.org ===
'''Port prefix:''' 31

Provides a Phabricator instance for Nasqueron projects at [http://phabricator.nasqueron.org http://phabricator.nasqueron.org].

To run a new container:
docker run -p 31080:80 nasqueron-phabricator

'''Known issues'''

* At startup, we need to set the base URI: ./bin/config set phabricator.base-uri 'http://devcentral.nasqueron.org/'

=== forum.nasqueron.org ===
'''Port prefix:''' 32

Provides a Discourse instance, to be used as a forum at http://forum.nasqueron.org/

First, update the configuration:
cd /data/discourse/app/
#ensure you have id_zr in the SSH agent with ssh-add -l
#if not, and if you have trouble with an agent, alias ssh "ssh -i /root/.ssh/id_zr" should work
make update

Then, launch db and cache containers:
docker run -d -v /data/discourse/postgres:/var/lib/postgresql -e LC_ALL=C.UTF-8 --name=discourse-postgres postgres
docker run -d --name discourse-redis redis

Finally, launch web container:
docker run -d -v /data/discourse/app:/data/config -p 32000:3000 -p 32080:80 --link discourse-postgres:db --link discourse-redis:cache --name discourse-web nasqueron/discourse

At launch time, the web container can perform some tasks. Erase the dotfiles in /data/discourse/app/ to force them:
* rake db:migrate if .database-initialized is not found
* rake assets:precompile if .database-initialized is not found
* regenerate language configuration and files if .language-set not found and a language file contains a language string

So to switch from English to French for example:
echo fr > language
rm .language-set

Also at launch time, the web container will populate config directory with missing config files before to create symlinks of these files to the Discourse web config folder. So, if you found a Discourse instance trying to find a database at localhost, don't forget to generate from discourse.conf.tmpl a discourse.conf file following instructions given above in update the configuration step.

=== Shipyard ===
'''Port prefix:''' 30

Provides a shipyard instance to manage Dwellers (and potentially other Docker installation) at http://dwellers.nasqueron.org:30080

To run RethinkDB for the storage and launch shipyard:
docker run -it -d --name shipyard-rethinkdb-data --entrypoint /bin/bash shipyard/rethinkdb -l
docker run -it -P -d --name shipyard-rethinkdb --volumes-from shipyard-rethinkdb-data shipyard/rethinkdb
docker run -it -p 30080:8080 -d --name shipyard --link shipyard-rethinkdb:rethinkdb shipyard/shipyard

To control shipyard instance, launch the CLI (also in a container):
docker run -it shipyard/shipyard-cli

Documentation is at http://shipyard-project.com/docs/usage/cli/

== Administration tasks ==
=== Acquisitariat (MySQL server) ===

To connect to the MySQL server, you can run a temporary container linked to our production server.

ssh -t ops@dwellers.nasqueron.org mysql-acquisitariat-client

If you need more control tweak this line:

docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'

If you need to work with SQL files, connect directly to the server:

docker exec -it acquisitariat bash

Finally, some containers allow. From a Phabricator container, for example, you can get a MySQL client with:

/opt/phabricator/bin/storage shell

You could contribute a MySQL client image with only a MySQL client, and tools to perform operations like a dump for backup purpose.

== Troubleshoot ==
=== How to point a domain here? ===
For your domains:
* subdomain.domain.tld A 212.129.32.223
* subdomain.domain.tld AAAA 2001:470:1f13:ce7:ca5:cade:fab:1e

To request a DNS update for domains using extensively the Nasqueron servers infrastructure:
* subdomain.nasqueron.org CNAME www3.nasqueron.org
* subdomain.espace-win.org CNAME www2.espace-win.org

=== How to access by SSH to an instance? ===
See the ports table to check if a port is assigned. We don't assign port if there is no reason general public got access to the VM by SSH. We assign port each time a stable address is needed (for example to talk with a Git server)

If the port is mapped:

ssh -p <port> username@dwellers.nasqueron.org

If the port is unmapped, you can from Dwellers:

docker ps
docker inspect <instance id> #gets the local IP
ssh <IP 172.*>

If you don't see the IP with docker inspect, check you use the instance id, not the image name.

'''Note: with recent Docker versions, you don't need to SSH anymore: you can use docker exec -it <container name> <your favorite shell> instead.'''

=== No network at boot time ===
Access the machine on the hypervisor, then:

;Check the interface is up:
ip addr
ifup ens192 # to bring it up

;If you've reset the configuration and need to add again the IP:
ip addr add 212.129.32.223/32 dev ens192

;Routing is probably the issue:
ip route add 62.210.76.1 dev ens192
ip route add default via 62.210.76.1

;Same for the case we can ping/ssh (slowly) from [[Ysul]] but not from the world:
ip route change 62.210.76.1 dev ens192
ip route change default via 62.210.76.1

;Reconfigure the IPv6 tunnel

At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work.

ip tunnel del he-ipv6
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:ce7::2/64
ifconfig sit1 inet6 add 2001:470:1f13:ce7:ca5:cade:fab:1e/64
route -A inet6 add ::/0 dev sit1

=== A port on the host doesn't reply (but does in Docker) ===
You can reset the iptables configuration. A script has been provided for that.

$ systemctl stop docker
$ /root/[[reset-iptables]]
$ systemctl start docker

If you're willing to restrict ports, you can use instead /root/reset-iptables-dwellers

=== From Docker and LXC, it's not possible to connect outside ===

It could be the net.ipv4.ip_forward switched from 1 to 0:

$ sysctl net.ipv4.ip_forward=1

Or it could be an issue with iptables:

$ iptables -t nat -F POSTROUTING
$ iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE

If you need to recreate the forwarding map ([http://devcentral.nasqueron.org/P91 P91]):

$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 25 -j DNAT --to-destination 10.0.3.8:25
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 21080 -j DNAT --to-destination 10.0.3.8:80
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 110 -j DNAT --to-destination 10.0.3.8:110
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 143 -j DNAT --to-destination 10.0.3.8:143
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 465 -j DNAT --to-destination 10.0.3.8:465
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 587 -j DNAT --to-destination 10.0.3.8:587
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 993 -j DNAT --to-destination 10.0.3.8:993
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 995 -j DNAT --to-destination 10.0.3.8:995

[[Category:Dwellers]]

Dwellers

2016-01-21T21:23:26Z

Sandlayth: /* Ports table */

'''Dwellers''' is an VMWare EXSi instance installed on [[Stormshear]].

The goal of this server is to provide a Docker / OpenShift / Geard CentOS PaaS service.

== Basic information ==
* '''IPs:'''
** 212.129.32.223
** 2001:470:1f13:ce7:ca5:cade:fab:1e
* '''Hostname:''' dwellers.nasqueron.org
* '''Homepage:''' http://dwellers.nasqueron.org/
* '''Configuration:'''Access to 3.5 GB RAM and 4 core, burstable on request to 8 cores/+-6 Gb (to be negotiated according [[Ysul]] use)
* '''OS:''' CentOS 7
* '''ISP:''' [http://www.online.net Online] (FR)
* '''Network:''' Illiad (FR)
* '''Status:''' Installing.
* '''Policy:''' Access for any Nasqueron or Wolfplex project
* '''Started:''' 2014-07-13

== Services ==
* SSH (*:22)
* Docker
* OpenShift

== Containers ==
=== Ports table ===

Ø indicates an unmapped port. In such cases, it's accessible logging in Dwellers, and connecting locally to the current mutable container IP variable and the immutable specified port.

Ports are not exposed on world, as only listen to 22, 25, 80 and 443.

Most ports on —80 are served by nginx and so accessible on :80/:443.

Copy & Paste Excel-to-Wiki Converter

format header
result

{| {{table}}
| align="center" style="background:#f0f0f0;"|'''URL'''
| align="center" style="background:#f0f0f0;"|'''Container name'''
| align="center" style="background:#f0f0f0;"|'''Container image'''
| align="center" style="background:#f0f0f0;"|'''Prefix'''
| align="center" style="background:#f0f0f0;"|'''Service'''
| align="center" style="background:#f0f0f0;"|'''Internal port'''
| align="center" style="background:#f0f0f0;"|'''External port'''
|-
| builds.nasqueron.org||tommy||dereckson/tommy||24||Apache||4567||24080
|-
| phabricator.nasqueron.org||devcentral||nasqueron/phabricator||31||Apache||443||Ø
|-
| ||||||||Apache||80||31080
|-
| forum.nasqueron.org||forum||local_discourse/forum||32||Apache||80||39080
|-
| "etherpad.wolfplex.be
|-
| etherpad.nasqueron.org"||etherpad||nasqueron/etherpad||34||Apache||9001||34080
|-
| phabricator.wolfplex.be||wolphab||nasqueron/phabricator||35||Apache||443||Ø
|-
| ||||||||Apache||80||35080
|-
| notifications.nasqueron.org ||hungry_hoover||nasqueron/notifications||37||Apache||80||37080
|-
| status.nasqueron.org||cachet||nasqueron/cachet||39||Apache||443||Ø
|-
| ||||||||Apache||80||39080
|-
| ci.nasqueron.org||ci||jenkinsci/jenkins||38||Slave servers||50000||50000
|-
| ||||||||Apache||8080||38080
|-
| Ø ||aowne||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||apsile||nasqueron/jenkins-slave||Ø||SSH||22||Ø
|-
| Ø ||reverent_euclid||nasqueron/arcanist||Ø ||Arc||Ø ||Ø
|-
| Ø ||acquisitariat||nasqueron/mysql||Ø ||MySQL server||3306||Ø
|-
| nasqueron.org||pensive_chandrasekhar||nasqueron/nginx-php-fpm||Ø||SSH||22||Ø
|-
| ||||||||Nginx||80||80
|-
| Ø ||silly_bardeen||nasqueron/jenkins-slave-php||Ø||SSH||22||32769
|-
| Ø||aphlict||nasqueron/aphlict||Ø||||22280-22281||22280-22281
|-
| white-rabbit.nasqueron.org||white-rabbit||nasqueron/rabbitmq||Ø||epmd||4369||4369
|-
| ||||||Ø||Erlang distribution||25762||25762
|-
| ||||||Ø||AMQP||5672||5672
|-
| ||||||Ø||AMQP with TLS||5671||5671
|-
| ||||||Ø||Plugin Management||15672||15672
|-
| ||||||Ø||STOMP||61613||61613
|-
| ||||||Ø||||61614||61614
|-
| ||||||Ø||MQTT||1883||1883
|-
| ||||||Ø||||8883||8883
|-
|
|}

=== phabricator.nasqueron.org ===
'''Port prefix:''' 31

Provides a Phabricator instance for Nasqueron projects at [http://phabricator.nasqueron.org http://phabricator.nasqueron.org].

To run a new container:
docker run -p 31080:80 nasqueron-phabricator

'''Known issues'''

* At startup, we need to set the base URI: ./bin/config set phabricator.base-uri 'http://devcentral.nasqueron.org/'

=== forum.nasqueron.org ===
'''Port prefix:''' 32

Provides a Discourse instance, to be used as a forum at http://forum.nasqueron.org/

First, update the configuration:
cd /data/discourse/app/
#ensure you have id_zr in the SSH agent with ssh-add -l
#if not, and if you have trouble with an agent, alias ssh "ssh -i /root/.ssh/id_zr" should work
make update

Then, launch db and cache containers:
docker run -d -v /data/discourse/postgres:/var/lib/postgresql -e LC_ALL=C.UTF-8 --name=discourse-postgres postgres
docker run -d --name discourse-redis redis

Finally, launch web container:
docker run -d -v /data/discourse/app:/data/config -p 32000:3000 -p 32080:80 --link discourse-postgres:db --link discourse-redis:cache --name discourse-web nasqueron/discourse

At launch time, the web container can perform some tasks. Erase the dotfiles in /data/discourse/app/ to force them:
* rake db:migrate if .database-initialized is not found
* rake assets:precompile if .database-initialized is not found
* regenerate language configuration and files if .language-set not found and a language file contains a language string

So to switch from English to French for example:
echo fr > language
rm .language-set

Also at launch time, the web container will populate config directory with missing config files before to create symlinks of these files to the Discourse web config folder. So, if you found a Discourse instance trying to find a database at localhost, don't forget to generate from discourse.conf.tmpl a discourse.conf file following instructions given above in update the configuration step.

=== Shipyard ===
'''Port prefix:''' 30

Provides a shipyard instance to manage Dwellers (and potentially other Docker installation) at http://dwellers.nasqueron.org:30080

To run RethinkDB for the storage and launch shipyard:
docker run -it -d --name shipyard-rethinkdb-data --entrypoint /bin/bash shipyard/rethinkdb -l
docker run -it -P -d --name shipyard-rethinkdb --volumes-from shipyard-rethinkdb-data shipyard/rethinkdb
docker run -it -p 30080:8080 -d --name shipyard --link shipyard-rethinkdb:rethinkdb shipyard/shipyard

To control shipyard instance, launch the CLI (also in a container):
docker run -it shipyard/shipyard-cli

Documentation is at http://shipyard-project.com/docs/usage/cli/

== Administration tasks ==
=== Acquisitariat (MySQL server) ===

To connect to the MySQL server, you can run a temporary container linked to our production server.

ssh -t ops@dwellers.nasqueron.org mysql-acquisitariat-client

If you need more control tweak this line:

docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'

If you need to work with SQL files, connect directly to the server:

docker exec -it acquisitariat bash

Finally, some containers allow. From a Phabricator container, for example, you can get a MySQL client with:

/opt/phabricator/bin/storage shell

You could contribute a MySQL client image with only a MySQL client, and tools to perform operations like a dump for backup purpose.

== Troubleshoot ==
=== How to point a domain here? ===
For your domains:
* subdomain.domain.tld A 212.129.32.223
* subdomain.domain.tld AAAA 2001:470:1f13:ce7:ca5:cade:fab:1e

To request a DNS update for domains using extensively the Nasqueron servers infrastructure:
* subdomain.nasqueron.org CNAME www3.nasqueron.org
* subdomain.espace-win.org CNAME www2.espace-win.org

=== How to access by SSH to an instance? ===
See the ports table to check if a port is assigned. We don't assign port if there is no reason general public got access to the VM by SSH. We assign port each time a stable address is needed (for example to talk with a Git server)

If the port is mapped:

ssh -p <port> username@dwellers.nasqueron.org

If the port is unmapped, you can from Dwellers:

docker ps
docker inspect <instance id> #gets the local IP
ssh <IP 172.*>

If you don't see the IP with docker inspect, check you use the instance id, not the image name.

'''Note: with recent Docker versions, you don't need to SSH anymore: you can use docker exec -it <container name> <your favorite shell> instead.'''

=== No network at boot time ===
Access the machine on the hypervisor, then:

;Check the interface is up:
ip addr
ifup ens192 # to bring it up

;If you've reset the configuration and need to add again the IP:
ip addr add 212.129.32.223/32 dev ens192

;Routing is probably the issue:
ip route add 62.210.76.1 dev ens192
ip route add default via 62.210.76.1

;Same for the case we can ping/ssh (slowly) from [[Ysul]] but not from the world:
ip route change 62.210.76.1 dev ens192
ip route change default via 62.210.76.1

;Reconfigure the IPv6 tunnel

At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work.

ip tunnel del he-ipv6
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:ce7::2/64
ifconfig sit1 inet6 add 2001:470:1f13:ce7:ca5:cade:fab:1e/64
route -A inet6 add ::/0 dev sit1

=== A port on the host doesn't reply (but does in Docker) ===
You can reset the iptables configuration. A script has been provided for that.

$ systemctl stop docker
$ /root/[[reset-iptables]]
$ systemctl start docker

If you're willing to restrict ports, you can use instead /root/reset-iptables-dwellers

=== From Docker and LXC, it's not possible to connect outside ===

It could be the net.ipv4.ip_forward switched from 1 to 0:

$ sysctl net.ipv4.ip_forward=1

Or it could be an issue with iptables:

$ iptables -t nat -F POSTROUTING
$ iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE

If you need to recreate the forwarding map ([http://devcentral.nasqueron.org/P91 P91]):

$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 25 -j DNAT --to-destination 10.0.3.8:25
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 21080 -j DNAT --to-destination 10.0.3.8:80
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 110 -j DNAT --to-destination 10.0.3.8:110
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 143 -j DNAT --to-destination 10.0.3.8:143
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 465 -j DNAT --to-destination 10.0.3.8:465
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 587 -j DNAT --to-destination 10.0.3.8:587
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 993 -j DNAT --to-destination 10.0.3.8:993
$ iptables -t nat -I PREROUTING -i ens192 -p TCP -d 212.129.32.223/32 --dport 995 -j DNAT --to-destination 10.0.3.8:995

[[Category:Dwellers]]