Introduction

OSCI maintained services are maintained using the OSAS/community-cage-infra-ansible repository on GitLab. Contributions are welcome.

Deployment

This repository contains Ansible playbooks to deploy VMs and configure hosts to provide the service. Only a few secrets (tokens, or emails to avoid SPAM) are kept private using Ansible Vault.

Some communities (RDO, oVirt…) possess their own ressources with an internal Infra team; in this case the deployment rules are hosted in their own repositories.

Along with these rules we might need specific packages for certain softwares. For example we use the Mailman 3 repository maintained by a fellow developper in the mailman3 Ansible role. We also maintain our own repository for important fixes.

Network

VLANs

Name ID IP Ranges Gateway Purpose
OSAS-Public 190 8.43.85.193-222
8.43.85.225-238
8.43.85.254 direct Internet access
OSAS-Provisioning 430 172.24.30.1-249 172.24.30.254 provisioning of new hosts
OSAS-Management 431 172.24.31.1-249 172.24.31.254 equipments administration
OSAS-Internal 432 172.24.32.1-249 172.24.32.254 machines behind a reverse proxy (security, saves IPs…)

Hardware List

Rackable Equipments

Name Location Size Network Interfaces Access Description Purpose
Catatonic RDU2 3C-B04 U01 6U CMM1/CMM2: VLAN 431
A1/A2: Ex0/60 trunk VLAN 190,430-432
CMM master: cmm-catatonic.adm.osci.io
A1: switch-a1-catatonic.adm.osci.io
A2: switch-a2-catatonic.adm.osci.io
Supermicro Microblade MBE-628E-816 with 2 redundant management modules MBM-CMM-001 and two independant network modules MBM-XEM-002 Fedora Cloud, VM host, backup, monitoring
Conserve RDU2 3C-B02 U21 1U eth0: VLAN 431 conserve.adm.osci.io Digi CM console server Emergency console access
Guido RDU2 3C-B02 U19 1U eth0: VLAN 190
eth1: trunk VLAN 430-432
guido.adm.osci.io IBM System x3550 M2, 4x Intel Xeon E5530 2.40GHz, 34GB RAM, LSILOGIC SAS1068E 160GB RAID 1, 600GB soft RAID 1 with 2 spares VM host
Speedy RDU2 3C-B02 U20 1U eth0: VLAN 190
eth1: trunk VLAN 430-432
speedy.adm.osci.io IBM System x3550 M2, 4x Intel Xeon E5530 2.40GHz, 34GB RAM, LSILOGIC SAS1068E 160GB RAID 1, 600GB soft RAID 1 with 2 spares VM host
TempusFugit RDU2 3C-B02 U38 1U eth0: VLAN 432 tempusfugit.int.osci.io Tempus LX CDMA Secure time provider

(the U indicated in the location is the bottom one where the equipment seats)

Blades

Name Server Location Network Interfaces Purpose
fedora-node-1 Catatonic A5 admin: 172.24.31.24
eth0(A1-Ex0/9): VLAN 430
eth1(A2-Ex0/9):
eth2(A1-Ex0/10):
eth3(A2-Ex0/10):
Fedora Cloud node

Administration Access

Direct Access

All machines with a public IP address are currently reachable through SSH with keys. OSAS admins keys are automatically installed via Ansible, user root access may also be available on a case-by-case basis. We plan to build bastion hosts to harden security, but this is not done yet (hardware is on the way…).

Management Access

All bare metal machines or equipments are accessible for administration tasks via the management VLAN:

  • SSH gives access to a shell or a CLI (for switches or CMM)
  • CMM or blade admin interfaces both allow web UI and IPMI access

Fallback Access

In case we totally break network/SSH configuration on bare metal hosts, access via a console server is not possible. Each host is accessible by connecting via SSH on conserve.adm.osci.io on a specific port:

SSH Port Host
7001 Speedy
7002 Guido
7003 Catatonic Switch A1
7004 Catatonic Switch A2
7005 Catatonic CMM 2
7006 Catatonic CMM 1
7007 TempusFugit

You first need to authenticate with your console server account, and then you can access a direct console on the host.

Using Ctrl-z (even via SSH) allows you to access a menu and quit.

OSAS admins can login as root via SSH to the standard port to access a UNIX shell. The portaccessmenu command allows you to list available machines and connect to them. Be aware that you need to authenticate with your console server account first even if you’re already logged in. The configmenu command is used to setup the device (users, groups, ports, ACLs…). The device configuration has been saved (manually) on file.rdu.redhat.com:/mnt/share/OSAS/backups/Conserve/ so please update it if needed.