https://wiki.csclub.uwaterloo.ca/api.php?action=feedcontributions&user=Jxpryde&feedformat=atomCSCWiki - User contributions [en]2024-03-28T10:59:26ZUser contributionsMediaWiki 1.39.4https://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4164How to IRC2018-03-20T03:10:48Z<p>Jxpryde: </p>
<hr />
<div>= Chatting with us =<br />
<br />
We self-host [https://mattermost.csclub.uwaterloo.ca/ Mattermost] now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on Freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted Mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in Mattermost.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]<br />
<br />
The benefit of Mattermost over Slack and family is that Slack stores all your information on Slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but Slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
For iOS users, Mattermost's mobile app is also a superior option if you wish to receive push notifications as it supports Apple's native push via iCloud/APN.<br />
<br />
= IRC Setup =<br />
<br />
[[File:Glowing-bear-screencap.png|alt=glowing-bear screen capture of #csc IRC channel|right|thumbnail|450px|A screen capture of the #csc IRC channel, as seen from glowing-bear client]]<br />
<br />
[[File:Weechat-Android-screenshot.png|alt=Weechat Android screen capture of #csc IRC channel|right|thumbnail|A screen capture of the #csc IRC channel, as seen from Weechat Android client]]<br />
<br />
This method will establish a persistent IRC sessions that you can connect to with different clients. A weechat server program running on a CSClub server will remain connected to IRC networks at all times, and simply connecting to your weechat server program will give you all the chat history upon connection.<br />
<br />
To set up your weechat server program:<br />
<ol><br />
<li>Log in to a CS Club general-use server, such as taurine.csclub.uwaterloo.ca, and run `weechat` in such a way that it will keep running after you log out</li><br />
<br />
Replace ctdalek with your username<br />
<br />
$ ssh ctdalek@taurine.csclub.uwaterloo.ca<br />
$ screen -U weechat<br />
<br />
A "WeeChat" window should have opened up. Type the following commands into this window, replacing [yourpassword] with a password of your choice and [yourport] with a number in the range of [28100-28400]:<br />
<br />
> /set relay.network.password [yourpassword]<br />
> /relay add weechat [yourport]<br />
> /save<br />
<br />
Once you have entered in all these commands, you don't need your terminal anymore. You can close your ssh window!<br />
<br />
<li>Your personal WeeChat server is set up. Now connect to it using a pretty client:</li><br />
<br />
[http://www.glowing-bear.org/ glowing-bear] is a free and open source web-based weechat client. It works well as a desktop client, and on iOS. To connect using glowing-bear, fill in "Connection Settings" with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`. Make sure to use the http version of the website with this guide! HTTPS only works if you set up encryption. That's not covered here.<br />
<br />
'''Recommended''': [https://play.google.com/store/apps/details?id=com.ubergeek42.WeechatAndroid Weechat Android] is a free and open source android weechat client. It gives notifications when your receive a direct message or your name is mentioned in one of the channels you are in. To connect using Weechat Android, fill in Settings > Connection with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`.<br />
<br />
<li>Join the #csc IRC channel</li><br />
<br />
In your weechat client (e.g. glowing-bear or Weechat Android), switch to the 'Freenode' tab and type:<br />
<br />
> /server add freenode chat.freenode.net/7000 -ssl -autoconnect<br />
> /set irc.server.freenode.autojoin "#csc"<br />
> /save<br />
> /connect freenode<br />
<br />
You're now connected to the main IRC network! Connected by an SSL connection, so you're super sneaky as well. Way to go.<br />
<br />
Now, to join the CSC channel!<br />
<br />
In your client, you'll now have two buffers that you can switch to. One is called "weechat" and the other is "freenode".<br />
<br />
Switch to the "freenode" buffer and type:<br />
<br />
> /join #csc<br />
<br />
Congratulations you win!<br />
<br />
<li>Know some IRC commands</li><br />
<br />
Welcome to the channel! Go ahead and say something, like<br />
<br />
> Good morning ctdalek http://www.total-knowledge.com/~ilya/mips/ugt.html<br />
<br />
If you want to privately message someone, use <br />
> /q [nick] [optional message] <br />
which will open a new tab with that person. For example `/q pj2melan ping pong`.<br />
<br />
If you want to join another channel, use <br />
> /join [channel]<br />
For example `/join #csc`.<br />
</ol><br />
''Note about CSClub server restarts:'' If taurine or any server you're using to run the weechat program on is restarted for any reason (we'll email you if it does), Make sure to run `screen -U weechat` again to start your server. You won't have to reconfigure weechat (step 2) though.<br />
<br />
== Securing Glowing Bear - SSL/TLS Setup ==<br />
<br />
With the default setup, when you log in to your weechat relay using a client such as glowing-bear or Weechat Android ''your password is sent in the clear''. If you believe this to be a bad thing, follow these steps to enable SSL encryption between you and your weechat relay running on taurine.<br />
<br />
<ol><br />
<li>Log in to caffeine.csclub.uwaterloo.ca to generate an SSL certificate:<br />
<br />
<pre><br />
$ ssh caffeine.csclub.uwaterloo.ca<br />
$ mkdir ~/.weechat/ssl<br />
$ cd ~/.weechat/ssl<br />
$ openssl req -nodes -newkey rsa:4096 -keyout relay.pem -x509 -days 365 -out relay.pem # Fill in the fields as it asks<br />
$ exit<br />
</pre><br />
</li><br />
<br />
<li>Tell weechat to use the new certificate you generated, and add a new relay with a different password (since your old password was likely compromised):<br />
<br />
<p>In your weechat client (glowing-bear, or Weechat Android), run</p><br />
<br />
<pre><br />
> /set relay.network.password [newpassword]<br />
> /relay sslcertkey<br />
> /relay del weechat<br />
> /relay add ssl.weechat [yourport]<br />
</pre><br />
</li><br />
<br />
<li>Tell your client to connect to your relay using SSL:<br />
<br />
<p>For glowing-bear, refresh and simply check the "Encryption. Check settings for help." checkbox when logging in with your new password.</p><br />
<br />
<p>For Weechat Android, in Settings > Connection, change Connection type to WeeChat SSL and change your Relay password.</p><br />
</li><br />
<br />
</ol><br />
<br />
Enjoy fully encrypted communication!<br />
<br />
You might have warnings about untrusted certificates, but since you made the certificate yourself you can trust yourself and add required security exceptions.<br />
<br />
== Quick SSH-based Setup ==<br />
<br />
1. Open up an IRC client, i.e. irssi. Launch irssi in a screen session, which you<br />
can return to later.<br />
<br />
$ ssh taurine.csclub.uwaterloo.ca<br />
$ screen -U irssi<br />
<br />
2. In irssi, connect to the freenode network and join our channel. <br />
<br />
/server add -auto -net freenode -ssl -ssl_verify chat.freenode.net 6697<br />
/save<br />
/connect freenode<br />
/join #csc<br />
<br />
3. Please set your nickname to your Quest ID so we know who you are. <br />
<br />
/nick $YOUR_QUEST_ID<br />
/save<br />
<br />
You can register your nickname on the freenode network by messaging NickServ.<br />
<br />
/msg NickServ REGISTER password email <br />
<br />
4. Close your screen session, which you can return to later.<br />
<br />
CTRL-A CTRL-D<br />
<br />
5. Return to your screen session. You will have remained connected to the channel. <br />
<br />
$ ssh taurine.csclub.uwaterloo.ca -t "screen -Urd"</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4163How to IRC2018-03-20T03:08:32Z<p>Jxpryde: </p>
<hr />
<div>= Chatting with us =<br />
<br />
We self-host [https://mattermost.csclub.uwaterloo.ca/ Mattermost] now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on Freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted Mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in Mattermost.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]<br />
<br />
The benefit of Mattermost over Slack and family is that Slack stores all your information on Slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but Slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
For iOS users, Mattermost's mobile app is also a superior option if you wish to receive push notifications as it supports Apple's native push via iCloud/APN.<br />
<br />
= IRC Setup =<br />
<br />
[[File:Glowing-bear-screencap.png|alt=glowing-bear screen capture of #csc IRC channel|right|thumbnail|450px|A screen capture of the #csc IRC channel, as seen from glowing-bear client]]<br />
<br />
[[File:Weechat-Android-screenshot.png|alt=Weechat Android screen capture of #csc IRC channel|right|thumbnail|A screen capture of the #csc IRC channel, as seen from Weechat Android client]]<br />
<br />
This method will establish a persistent IRC sessions that you can connect to with different clients. A weechat server program running on a CSClub server will remain connected to IRC networks at all times, and simply connecting to your weechat server program will give you all the chat history upon connection.<br />
<br />
To set up your weechat server program:<br />
<ol><br />
<li>Log in to a CS Club general-use server, such as taurine.csclub.uwaterloo.ca, and run `weechat` in such a way that it will keep running after you log out</li><br />
<br />
Replace ctdalek with your username<br />
<br />
$ ssh ctdalek@taurine.csclub.uwaterloo.ca<br />
$ screen -U weechat<br />
<br />
A "WeeChat" window should have opened up. Type the following commands into this window, replacing [yourpassword] with a password of your choice and [yourport] with a number in the range of [28100-28400]:<br />
<br />
> /set relay.network.password [yourpassword]<br />
> /relay add weechat [yourport]<br />
> /save<br />
<br />
Once you have entered in all these commands, you don't need your terminal anymore. You can close your ssh window!<br />
<br />
<li>Your personal WeeChat server is set up. Now connect to it using a pretty client:</li><br />
<br />
[http://www.glowing-bear.org/ glowing-bear] is a free and open source web-based weechat client. It works well as a desktop client, and on iOS. To connect using glowing-bear, fill in "Connection Settings" with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`. Make sure to use the http version of the website with this guide! HTTPS only works if you set up encryption. That's not covered here.<br />
<br />
'''Recommended''': [https://play.google.com/store/apps/details?id=com.ubergeek42.WeechatAndroid Weechat Android] is a free and open source android weechat client. It gives notifications when your receive a direct message or your name is mentioned in one of the channels you are in. To connect using Weechat Android, fill in Settings > Connection with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`.<br />
<br />
<li>Join the #csc IRC channel</li><br />
<br />
In your weechat client (e.g. glowing-bear or Weechat Android), switch to the 'Freenode' tab and type:<br />
<br />
> /server add freenode chat.freenode.net/7000 -ssl -autoconnect<br />
> /set irc.server.freenode.autojoin "#csc"<br />
> /save<br />
> /connect freenode<br />
<br />
You're now connected to the main IRC network! Connected by an SSL connection, so you're super sneaky as well. Way to go.<br />
<br />
Now, to join the CSC channel!<br />
<br />
In your client, you'll now have two buffers that you can switch to. One is called "weechat" and the other is "freenode".<br />
<br />
Switch to the "freenode" buffer and type:<br />
<br />
> /join #csc<br />
<br />
Congratulations you win!<br />
<br />
<li>Know some IRC commands</li><br />
<br />
Welcome to the channel! Go ahead and say something, like<br />
<br />
> Good morning ctdalek http://www.total-knowledge.com/~ilya/mips/ugt.html<br />
<br />
If you want to privately message someone, use <br />
> /q [nick] [optional message] <br />
which will open a new tab with that person. For example `/q pj2melan ping pong`.<br />
<br />
If you want to join another channel, use <br />
> /join [channel]<br />
For example `/join #csc`.<br />
</ol><br />
''Note about CSClub server restarts:'' If taurine or any server you're using to run the weechat program on is restarted for any reason (we'll email you if it does), Make sure to run `screen -U weechat` again to start your server. You won't have to reconfigure weechat (step 2) though.<br />
<br />
== Securing Glowing Bear - SSL/TLS Setup ==<br />
<br />
With the default setup, when you log in to your weechat relay using a client such as glowing-bear or Weechat Android ''your password is sent in the clear''. If you believe this to be a bad thing, follow these steps to enable SSL encryption between you and your weechat relay running on taurine.<br />
<br />
<ol><br />
<li>Log in to caffeine.csclub.uwaterloo.ca to generate an SSL certificate:<br />
<br />
<pre><br />
$ ssh caffeine.csclub.uwaterloo.ca<br />
$ mkdir ~/.weechat/ssl<br />
$ cd ~/.weechat/ssl<br />
$ openssl req -nodes -newkey rsa:4096 -keyout relay.pem -x509 -days 365 -out relay.pem # Fill in the fields as it asks<br />
$ exit<br />
</pre><br />
</li><br />
<br />
<li>Tell weechat to use the new certificate you generated, and add a new relay with a different password (since your old password was likely compromised):<br />
<br />
<p>In your weechat client (glowing-bear, or Weechat Android), run</p><br />
<br />
<pre><br />
> /set relay.network.password [newpassword]<br />
> /relay sslcertkey<br />
> /relay del weechat<br />
> /relay add ssl.weechat [yourport]<br />
</pre><br />
</li><br />
<br />
<li>Tell your client to connect to your relay using SSL:<br />
<br />
<p>For glowing-bear, refresh and simply check the "Encryption. Check settings for help." checkbox when logging in with your new password.</p><br />
<br />
<p>For Weechat Android, in Settings > Connection, change Connection type to WeeChat SSL and change your Relay password.</p><br />
</li><br />
<br />
</ol><br />
<br />
Enjoy fully encrypted communication!<br />
<br />
You might have warnings about untrusted certificates, but since you made the certificate yourself you can trust yourself and add required security exceptions.<br />
<br />
== Quick SSH-based Setup ==<br />
<br />
1. Open up an IRC client, i.e. irssi. Launch irssi in a screen session, which you<br />
can return to later.<br />
<br />
$ ssh taurine.csclub.uwaterloo.ca<br />
$ screen -U irssi<br />
<br />
2. In irssi, connect to the freenode network and join our channel. <br />
<br />
/connect chat.freenode.net<br />
/join #csc<br />
<br />
3. Please set your nickname to your Quest ID so we know who you are. <br />
<br />
/nick $YOUR_QUEST_ID<br />
<br />
You can register your nickname on the freenode network by messaging NickServ.<br />
<br />
/msg NickServ REGISTER password email <br />
<br />
4. Close your screen session, which you can return to later.<br />
<br />
CTRL-A CTRL-D<br />
<br />
5. Return to your screen session. You will have remained connected to the channel. <br />
<br />
$ ssh taurine.csclub.uwaterloo.ca -t "screen -Urd"</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4162How to IRC2018-03-20T03:02:35Z<p>Jxpryde: Added back IRC setup.</p>
<hr />
<div>= Chatting with us =<br />
<br />
We self-host [https://mattermost.csclub.uwaterloo.ca/ Mattermost] now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on Freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in mattermost.<br />
<br />
The benefit of mattermost over slack and family is that slack stores all your information on slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]<br />
<br />
= IRC Setup =<br />
<br />
[[File:Glowing-bear-screencap.png|alt=glowing-bear screen capture of #csc IRC channel|right|thumbnail|450px|A screen capture of the #csc IRC channel, as seen from glowing-bear client]]<br />
<br />
[[File:Weechat-Android-screenshot.png|alt=Weechat Android screen capture of #csc IRC channel|right|thumbnail|A screen capture of the #csc IRC channel, as seen from Weechat Android client]]<br />
<br />
This method will establish a persistent IRC sessions that you can connect to with different clients. A weechat server program running on a CSClub server will remain connected to IRC networks at all times, and simply connecting to your weechat server program will give you all the chat history upon connection.<br />
<br />
To set up your weechat server program:<br />
<ol><br />
<li>Log in to a CS Club general-use server, such as taurine.csclub.uwaterloo.ca, and run `weechat` in such a way that it will keep running after you log out</li><br />
<br />
Replace ctdalek with your username<br />
<br />
$ ssh ctdalek@taurine.csclub.uwaterloo.ca<br />
$ screen -U weechat<br />
<br />
A "WeeChat" window should have opened up. Type the following commands into this window, replacing [yourpassword] with a password of your choice and [yourport] with a number in the range of [28100-28400]:<br />
<br />
> /set relay.network.password [yourpassword]<br />
> /relay add weechat [yourport]<br />
> /save<br />
<br />
Once you have entered in all these commands, you don't need your terminal anymore. You can close your ssh window!<br />
<br />
<li>Your personal WeeChat server is set up. Now connect to it using a pretty client:</li><br />
<br />
[http://www.glowing-bear.org/ glowing-bear] is a free and open source web-based weechat client. It works well as a desktop client, and on iOS. To connect using glowing-bear, fill in "Connection Settings" with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`. Make sure to use the http version of the website with this guide! HTTPS only works if you set up encryption. That's not covered here.<br />
<br />
'''Recommended''': [https://play.google.com/store/apps/details?id=com.ubergeek42.WeechatAndroid Weechat Android] is a free and open source android weechat client. It gives notifications when your receive a direct message or your name is mentioned in one of the channels you are in. To connect using Weechat Android, fill in Settings > Connection with `taurine.csclub.uwaterloo.ca`, `[yourport]`, and `[yourpassword]`.<br />
<br />
<li>Join the #csc IRC channel</li><br />
<br />
In your weechat client (e.g. glowing-bear or Weechat Android), switch to the 'Freenode' tab and type:<br />
<br />
> /server add freenode chat.freenode.net/7000 -ssl -autoconnect<br />
> /set irc.server.freenode.autojoin "#csc"<br />
> /save<br />
> /connect freenode<br />
<br />
You're now connected to the main IRC network! Connected by an SSL connection, so you're super sneaky as well. Way to go.<br />
<br />
Now, to join the CSC channel!<br />
<br />
In your client, you'll now have two buffers that you can switch to. One is called "weechat" and the other is "freenode".<br />
<br />
Switch to the "freenode" buffer and type:<br />
<br />
> /join #csc<br />
<br />
Congratulations you win!<br />
<br />
<li>Know some IRC commands</li><br />
<br />
Welcome to the channel! Go ahead and say something, like<br />
<br />
> Good morning ctdalek http://www.total-knowledge.com/~ilya/mips/ugt.html<br />
<br />
If you want to privately message someone, use <br />
> /q [nick] [optional message] <br />
which will open a new tab with that person. For example `/q pj2melan ping pong`.<br />
<br />
If you want to join another channel, use <br />
> /join [channel]<br />
For example `/join #csc`.<br />
</ol><br />
''Note about CSClub server restarts:'' If taurine or any server you're using to run the weechat program on is restarted for any reason (we'll email you if it does), Make sure to run `screen -U weechat` again to start your server. You won't have to reconfigure weechat (step 2) though.<br />
<br />
== Advanced, But Recommended SSL Setup ==<br />
<br />
With the default setup, when you log in to your weechat relay using a client such as glowing-bear or Weechat Android ''your password is sent in the clear''. If you believe this to be a bad thing, follow these steps to enable SSL encryption between you and your weechat relay running on taurine.<br />
<br />
<ol><br />
<li>Log in to caffeine.csclub.uwaterloo.ca to generate an SSL certificate:<br />
<br />
<pre><br />
$ ssh caffeine.csclub.uwaterloo.ca<br />
$ mkdir ~/.weechat/ssl<br />
$ cd ~/.weechat/ssl<br />
$ openssl req -nodes -newkey rsa:4096 -keyout relay.pem -x509 -days 365 -out relay.pem # Fill in the fields as it asks<br />
$ exit<br />
</pre><br />
</li><br />
<br />
<li>Tell weechat to use the new certificate you generated, and add a new relay with a different password (since your old password was likely compromised):<br />
<br />
<p>In your weechat client (glowing-bear, or Weechat Android), run</p><br />
<br />
<pre><br />
> /set relay.network.password [newpassword]<br />
> /relay sslcertkey<br />
> /relay del weechat<br />
> /relay add ssl.weechat [yourport]<br />
</pre><br />
</li><br />
<br />
<li>Tell your client to connect to your relay using SSL:<br />
<br />
<p>For glowing-bear, refresh and simply check the "Encryption. Check settings for help." checkbox when logging in with your new password.</p><br />
<br />
<p>For Weechat Android, in Settings > Connection, change Connection type to WeeChat SSL and change your Relay password.</p><br />
</li><br />
<br />
</ol><br />
<br />
Enjoy fully encrypted communication!<br />
<br />
You might have warnings about untrusted certificates, but since you made the certificate yourself you can trust yourself and add required security exceptions.<br />
<br />
== Quick SSH-based Setup ==<br />
<br />
1. Open up an IRC client, i.e. irssi. Launch irssi in a screen session, which you<br />
can return to later.<br />
<br />
$ ssh taurine.csclub.uwaterloo.ca<br />
$ screen -U irssi<br />
<br />
2. In irssi, connect to the freenode network and join our channel. <br />
<br />
/connect chat.freenode.net<br />
/join #csc<br />
<br />
3. Please set your nickname to your Quest ID so we know who you are. <br />
<br />
/nick $YOUR_QUEST_ID<br />
<br />
You can register your nickname on the freenode network by messaging NickServ.<br />
<br />
/msg NickServ REGISTER password email <br />
<br />
4. Close your screen session, which you can return to later.<br />
<br />
CTRL-A CTRL-D<br />
<br />
5. Return to your screen session. You will have remained connected to the channel. <br />
<br />
$ ssh taurine.csclub.uwaterloo.ca -t "screen -Urd"</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4161How to IRC2018-03-20T02:58:24Z<p>Jxpryde: </p>
<hr />
<div>= IRC Setup =<br />
<br />
We self-host [https://mattermost.csclub.uwaterloo.ca/ Mattermost] now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on Freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in mattermost.<br />
<br />
The benefit of mattermost over slack and family is that slack stores all your information on slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4160How to IRC2018-03-20T02:57:32Z<p>Jxpryde: /* IRC Setup */</p>
<hr />
<div>= IRC Setup =<br />
<br />
We self-host Mattermost now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on Freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in mattermost.<br />
<br />
The benefit of mattermost over slack and family is that slack stores all your information on slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4159How to IRC2018-03-20T02:56:54Z<p>Jxpryde: </p>
<hr />
<div>= IRC Setup =<br />
<br />
We self-host mattermost now, it's easier to use if you're not familiar with IRC. If you know how to use IRC, we're #csc on freenode and there should be a #csc bridge that relays messages between #csc and our Mattermost instance.<br />
<br />
Both #csc on Freenode ([http://webchat.freenode.net/?channels=%23csc&uio=d4 Freenode Webchat] or via IRC clients e.g. irssi, weechat) and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in mattermost.<br />
<br />
The benefit of mattermost over slack and family is that slack stores all your information on slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=How_to_IRC&diff=4158How to IRC2018-03-20T02:51:31Z<p>Jxpryde: </p>
<hr />
<div>= IRC Setup =<br />
<br />
We self-host mattermost now, it's easier to use. If you know how to use IRC, we're #csc on freenode and there may or may not be a #csc bridge that relays messages between #csc and our mattermost. Both #csc on Freenode and ~freenode-csc on Mattermost are official channels to interact with CSC members!<br />
<br />
= Mattermost Setup =<br />
<br />
[[File:Mattermost-phone-sample.jpg|alt=Mattermost android screenshot of #csc channel|200px|right|thumbnail|A screen capture of the #csc channel, as seen from Mattermost Android client]]<br />
<br />
Make an account at [https://mattermost.csclub.uwaterloo.ca/signup_email our self-hosted mattermost]. For username, you can put your questid (i.e. your CSC username), although you can always set your full name as it will appear in mattermost.<br />
<br />
The benefit of mattermost over slack and family is that slack stores all your information on slack's servers, wherever they are in the US. They do this so they can sell your data back to you (e.g. not allowing you to see old messages), but slack is also closed-source even though it was derived from IRC. Mattermost is open-source and hosted on CSC servers.<br />
<br />
[[File:Mattermost-csc-sample.png|alt=Mattermost #csc screen capture, including a conversation between members of the channel|600px|left|thumbnail|A screen capture of the #csc channel, as seen from Mattermost desktop]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Printing&diff=4153Printing2018-03-15T15:10:23Z<p>Jxpryde: typo</p>
<hr />
<div>= Setting up printers =<br />
<br />
We support the MathSoc printer on our office terminals. Users may also wish to print to uPrint via their browsers.<br />
<br />
== MathSoc Printer ==<br />
<br />
The new MathSoc Printer is a Brother MFC-L8900CDW. Its hostname is lp-mc3038.mathsoc.uwaterloo.ca and its IP is 172.19.4.99/28, the CSC manages the 172.19.4.96/28 subnet/VLAN for printers and other similar devices. The IP address is assigned by our DHCP server and the port is assigned to the correct VLAN for this subnet. If MathSoc upgrades their printer, they will have to contact us to reconfigure the port/DHCP.<br />
<br />
The CSC's office terminals' CUPS servers have these printers configured to use the "Brother MFC9840CDW Foomatic/Postscript" driver. It seems to work fine.<br />
<br />
= Setting up CUPS, the printing subsystem =<br />
# Install <tt>cups</tt>.<br />
# Go to <tt>http://localhost:631/</tt>. Go to 'Add Printer'. You may need to supply the root username/password.<br />
# Click 'Internet Printing Protocol (ipp)'. CSC doesn't have any local printers, chances are all printers are connected via LAN. If it is LAN, then it is ipp.<br />
# Enter connection, name, and description of the printer.<br />
<br />
If there is a machine with printing already properly set up, you may copy the file /etc/cups/printers.conf to the corresponding location on machines that aren't set up. Ensure that you stop CUPS (sudo service cups stop) on the fresh machine before copying over printers.conf (and don't forget to start it again afterward).</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Printing&diff=4152Printing2018-03-15T15:05:38Z<p>Jxpryde: /* Setting up printers */</p>
<hr />
<div>= Setting up printers =<br />
<br />
We support the MathSoc printer on our office terminals. Users may also wish to print to uPrint via their browsers.<br />
<br />
== MathSoc Printer ==<br />
<br />
The new MathSoc Printer is an Brother MFC-L8900CDW. Its hostname is lp-mc3038.mathsoc.uwaterloo.ca and its IP is 172.19.4.99/28, the CSC manages the 172.19.4.96/28 subnet/VLAN for printers and other similar devices. The IP address is assigned by our DHCP server and the port is assigned to the correct VLAN for this subnet. If MathSoc upgrades their printer, they will have to contact us to reconfigure the port/DHCP.<br />
<br />
The CSC's office terminals' CUPS servers have these printers configured to use the "Brother MFC9840CDW Foomatic/Postscript" driver. It seems to work fine.<br />
<br />
= Setting up CUPS, the printing subsystem =<br />
# Install <tt>cups</tt>.<br />
# Go to <tt>http://localhost:631/</tt>. Go to 'Add Printer'. You may need to supply the root username/password.<br />
# Click 'Internet Printing Protocol (ipp)'. CSC doesn't have any local printers, chances are all printers are connected via LAN. If it is LAN, then it is ipp.<br />
# Enter connection, name, and description of the printer.<br />
<br />
If there is a machine with printing already properly set up, you may copy the file /etc/cups/printers.conf to the corresponding location on machines that aren't set up. Ensure that you stop CUPS (sudo service cups stop) on the fresh machine before copying over printers.conf (and don't forget to start it again afterward).</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Printing&diff=4151Printing2018-03-15T15:04:36Z<p>Jxpryde: /* ljp_3016 printer */</p>
<hr />
<div>= Setting up printers =<br />
<br />
We usually support the MathSoc and MFCF printers on our office terminals.<br />
<br />
== MathSoc Printer ==<br />
<br />
The new MathSoc Printer is an Brother MFC-L8900CDW. Its hostname is lp-mc3038.mathsoc.uwaterloo.ca and its IP is 172.19.4.99/28, the CSC manages the 172.19.4.96/28 subnet/VLAN for printers and other similar devices. The IP address is assigned by our DHCP server and the port is assigned to the correct VLAN for this subnet. If MathSoc upgrades their printer, they will have to contact us to reconfigure the port/DHCP.<br />
<br />
The CSC's office terminals' CUPS servers have these printers configured to use the "Brother MFC9840CDW Foomatic/Postscript" driver. It seems to work fine.<br />
<br />
= Setting up CUPS, the printing subsystem =<br />
# Install <tt>cups</tt>.<br />
# Go to <tt>http://localhost:631/</tt>. Go to 'Add Printer'. You may need to supply the root username/password.<br />
# Click 'Internet Printing Protocol (ipp)'. CSC doesn't have any local printers, chances are all printers are connected via LAN. If it is LAN, then it is ipp.<br />
# Enter connection, name, and description of the printer.<br />
<br />
If there is a machine with printing already properly set up, you may copy the file /etc/cups/printers.conf to the corresponding location on machines that aren't set up. Ensure that you stop CUPS (sudo service cups stop) on the fresh machine before copying over printers.conf (and don't forget to start it again afterward).</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Printing&diff=4150Printing2018-03-15T15:04:12Z<p>Jxpryde: /* MathSoc Printer (new) */</p>
<hr />
<div>= Setting up printers =<br />
<br />
We usually support the MathSoc and MFCF printers on our office terminals.<br />
<br />
== MathSoc Printer ==<br />
<br />
The new MathSoc Printer is an Brother MFC-L8900CDW. Its hostname is lp-mc3038.mathsoc.uwaterloo.ca and its IP is 172.19.4.99/28, the CSC manages the 172.19.4.96/28 subnet/VLAN for printers and other similar devices. The IP address is assigned by our DHCP server and the port is assigned to the correct VLAN for this subnet. If MathSoc upgrades their printer, they will have to contact us to reconfigure the port/DHCP.<br />
<br />
The CSC's office terminals' CUPS servers have these printers configured to use the "Brother MFC9840CDW Foomatic/Postscript" driver. It seems to work fine.<br />
<br />
== ljp_3016 printer ==<br />
<br />
# Printer Connection: <pre>ipp://print.cs.uwaterloo.ca/printers/ljp_3016</pre><br />
# Name: ljp_3016<br />
# Description: Main Math Printers<br />
# Location: MC 3016<br />
# Brand: HP<br />
# Make: LaserJet 4250 Foomatic/Postscript<br />
# Default options: make sure that two-sided printing is set to long-edge<br />
<br />
'''NOTE: If the brand/make is not available for selection, don't download any third-party drivers. These drivers are available in apt. Find them there.'''<br />
<br />
Print quota is done via IST's XAS system, which can be accessed here: [http://strobe.uwaterloo.ca/ist/services/index.php?service=62] or [https://ist-xas.uwaterloo.ca/xas/]<br />
<br />
= Setting up CUPS, the printing subsystem =<br />
# Install <tt>cups</tt>.<br />
# Go to <tt>http://localhost:631/</tt>. Go to 'Add Printer'. You may need to supply the root username/password.<br />
# Click 'Internet Printing Protocol (ipp)'. CSC doesn't have any local printers, chances are all printers are connected via LAN. If it is LAN, then it is ipp.<br />
# Enter connection, name, and description of the printer.<br />
<br />
If there is a machine with printing already properly set up, you may copy the file /etc/cups/printers.conf to the corresponding location on machines that aren't set up. Ensure that you stop CUPS (sudo service cups stop) on the fresh machine before copying over printers.conf (and don't forget to start it again afterward).</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Printing&diff=4149Printing2018-03-15T15:03:56Z<p>Jxpryde: /* MathSoc Printer (new) */</p>
<hr />
<div>= Setting up printers =<br />
<br />
We usually support the MathSoc and MFCF printers on our office terminals.<br />
<br />
== MathSoc Printer (new) ==<br />
<br />
The new MathSoc Printer is an Brother MFC-L8900CDW. Its hostname is lp-mc3038.mathsoc.uwaterloo.ca and its IP is 172.19.4.99/28, the CSC manages the 172.19.4.96/28 subnet/VLAN for printers and other similar devices. The IP address is assigned by our DHCP server and the port is assigned to the correct VLAN for this subnet. If MathSoc upgrades their printer, they will have to contact us to reconfigure the port/DHCP.<br />
<br />
The CSC's office terminals' CUPS servers have these printers configured to use the "Brother MFC9840CDW Foomatic/Postscript" driver. It seems to work fine.<br />
<br />
== ljp_3016 printer ==<br />
<br />
# Printer Connection: <pre>ipp://print.cs.uwaterloo.ca/printers/ljp_3016</pre><br />
# Name: ljp_3016<br />
# Description: Main Math Printers<br />
# Location: MC 3016<br />
# Brand: HP<br />
# Make: LaserJet 4250 Foomatic/Postscript<br />
# Default options: make sure that two-sided printing is set to long-edge<br />
<br />
'''NOTE: If the brand/make is not available for selection, don't download any third-party drivers. These drivers are available in apt. Find them there.'''<br />
<br />
Print quota is done via IST's XAS system, which can be accessed here: [http://strobe.uwaterloo.ca/ist/services/index.php?service=62] or [https://ist-xas.uwaterloo.ca/xas/]<br />
<br />
= Setting up CUPS, the printing subsystem =<br />
# Install <tt>cups</tt>.<br />
# Go to <tt>http://localhost:631/</tt>. Go to 'Add Printer'. You may need to supply the root username/password.<br />
# Click 'Internet Printing Protocol (ipp)'. CSC doesn't have any local printers, chances are all printers are connected via LAN. If it is LAN, then it is ipp.<br />
# Enter connection, name, and description of the printer.<br />
<br />
If there is a machine with printing already properly set up, you may copy the file /etc/cups/printers.conf to the corresponding location on machines that aren't set up. Ensure that you stop CUPS (sudo service cups stop) on the fresh machine before copying over printers.conf (and don't forget to start it again afterward).</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=4012Web Hosting2016-08-02T16:50:55Z<p>Jxpryde: /* .htaccess Config */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP If you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers. You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines. Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca[mailto:syscom@csclub.uwaterloo.ca]</tt> or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffeine.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port (but campus firewalled, i.e. NOT Ports 28000-28500).<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn] in the same way.<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file (e.g. if you were running your app at ~ctdalek/python-app, put the .htaccess in ~ctdalek/www/python-app alongside the static files). Replace HOST with localhost if running on Caffeine or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=4011Web Hosting2016-08-02T16:46:56Z<p>Jxpryde: /* Reverse Proxy (Python, Ruby, Perl, etc.) */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP If you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers. You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines. Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca[mailto:syscom@csclub.uwaterloo.ca]</tt> or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffeine.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port (but campus firewalled, i.e. NOT Ports 28000-28500).<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn] in the same way.<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffeine or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Machine_List&diff=3992Machine List2016-07-18T16:17:59Z<p>Jxpryde: /* Specs */</p>
<hr />
<div>= Web Server =<br />
You are highly encouraged to avoid running anything that's not directly related to your CSC webspace on our web server. We have plenty of general-use machines; please use those instead. You can even edit web pages from any other machine--usually the only reason you'd *need* to be on caffeine is for database access.<br />
<br />
== ''caffeine'' ==<br />
<br />
Caffeine is the Computer Science Club's web server. It serves websites, databases for websites, and a large amount of other services. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* Club and member web sites with [[Apache]]<br />
* [[MySQL]] databases<br />
* [[PostgreSQL]] databases<br />
* [[ceo]] daemon<br />
* mail was migrated to [[#mail|mail]]<br />
<br />
= General-Use Servers =<br />
<br />
These machines can be used for (nearly) anything you like (though be polite and remember that these are shared machines). Recall that when you signed the Machine Usage Agreement, you promised not to use these machines to generate profit (so no bitcoin mining).<br />
<br />
Most people use either taurine and clones or (high-fructose-)corn-syrup. hfcs is probably our beefiest machine at the moment, if you are wanting to do some heavy computation. Again, if you have a long-running computationally intensive job, it's good to<br />
nice[https://en.wikipedia.org/wiki/Nice_(Unix)] your process, and possibly let syscom know too.<br />
<br />
== ''corn-syrup'' ==<br />
<br />
PowerEdge 2950<br />
<br />
==== Specs ====<br />
<br />
* 2 × Intel Xeon E5405 (2.00 GHz, 4 cores each)<br />
* 32 GB RAM<br />
* eth0 ("Gb0") mac addr 00:24:e8:52:41:27<br />
* eth1 ("Gb1") mac addr 00:24:e8:52:41:29<br />
* IPMI mac addr 00:24:e8:52:41:2b<br />
* 3 &times; Western-Digital 160GB SATA hard drive (445 GB software RAID0 array)<br />
<br />
==== Notes ====<br />
<br />
* Use eth0/Gb0 for the mathstudentorgsnet connection<br />
* has ipmi on corn-syrup-impi.csclub.uwaterloo.ca.<br />
<br />
==== Services ====<br />
<br />
* Hosts 1 TB <tt>[[scratch|/scratch]]</tt> and exports via NFS (sec=krb5)<br />
<br />
== ''high-fructose-corn-syrup'' ==<br />
<br />
High-fructose-corn-syrup (or hfcs) is our more powerful version of corn-syrup. It's been in CSC service since April 2012.<br />
<br />
==== Specs ====<br />
<br />
* 4x AMD Opteron 6272 (2.4 GHz, 16 cores each)<br />
* 192 GB RAM<br />
* Supermicro H8QGi+-F Motherboard Quad 1944-pin Socket [http://csclub.uwaterloo.ca/misc/manuals/motherboard-H8QGI+-F.pdf (Manual)]<br />
* 500 GB Seagate Barracuda<br />
* Supermicro Case Rackmount CSE-748TQ-R1400B 4U [http://csclub.uwaterloo.ca/misc/manuals/SC748.pdf (Manual)]<br />
<br />
== ''taurine'' ==<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 8GB RAM<br />
* 136 GB LVM volume group<br />
<br />
==== Services ====<br />
<br />
* Virtual machines<br />
* BitlBee IRC instant messaging gateway (localhost only)<br />
* [[ident]] server to maintain high connection cap to freenode<br />
* Runs ssh on ports 21,22,53,80,81,443,8000,8080 for user's convenience.<br />
<br />
== ''sucrose'' ==<br />
<br />
sucrose is a [[#taurine|taurine]] clone donated by CSCF.<br />
<br />
==== Specs ====<br />
<br />
== ''potassium-citrate'' ==<br />
<br />
Potassium-citrate is a dual-processor Alpha machine. It is on extended loan from pbarfuss.<br />
<br />
It is temporarily decommissioned pending the reinstallation of a supported operating system (such as OpenBSD).<br />
<br />
==== Specs ====<br />
* Alphaserver CS20 (2 833MHz EV68al CPUs)<br />
* 512MB RAM<br />
* 36 GB Seagate SCSI hard drive<br />
<br />
== ''potassium-nitrate'' ==<br />
<br />
It is a Sun Fire E2900 from a decommissioned MFCF compute cluster, on loan for an extended period. It has a SPARC architecture and runs OpenBSD, unlike many of our other systems which are x86/x86-64 and Linux/Debian.<br />
<br />
It is available for general use. Due to an "interesting" SSH server configuration, Kerberos authentication is '''required''' to access this machine. This means that from a CSC machine, run 'kinit -p' to obtain credentials before SSH'ing in. From a non-CSC machine, follow the instructions on [[Kerberos#Running_Kerberos_Locally|running Kerberos locally]].<br />
<br />
The name is from saltpetre, because sparks.<br />
<br />
==== Specs ====<br />
<br />
* 24 CPUs<br />
* 90GB main memory<br />
* 400GB scratch disk local storage in /scratch-potassium-nitrate<br />
<br />
There is a [[Sun 2900 Strategy Guide|setup guide]] available for this machine.<br />
<br />
See also [[Sun 2900]].<br />
<br />
= Office Terminals =<br />
<br />
It's possible to SSH into these machines, but we discourage you from trying to use these machines when you're not sitting in front of them. They are bounced at least every time our login manager, lightdm, throws a tantrum (which is several times a day). These are for use inside our physical office.<br />
<br />
== ''bit-shifter'' ==<br />
<br />
bit-shifter is an office terminal.<br />
<br />
==== Specs ====<br />
<br />
* Intel(R) Core(TM)2 Quad CPU Q8300<br />
* 4GB RAM<br />
* Nvidia GeForce GT 440<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* Jacob Parker's Firewire Card<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''gwem'' ==<br />
<br />
gwem is an office terminal that was created because AMD donated a graphics card. It entered CSC service in February 2012.<br />
<br />
=== Specs ===<br />
<br />
* AMD FX-8150 3.6GHz 8-Core CPU<br />
* 16 GB RAM<br />
* AMD Radeon 6870 HD 1GB GPU<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ga-990fxa-ud7_e.pdf Gigabyte GA-990FXA-UD7] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
== ''maltodextrin'' ==<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
Maltodextrin is an office terminal. It was upgraded in Spring 2014 after an unidentified failure.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core i3-4130 @ 3.40 GHz<br />
* 8GB RAM<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E8425_H81I_PLUS.pdf ASUS H81-PLUS] Motherboard<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''natural-flavours'' ==<br />
<br />
Natural-flavours is an office terminal; it used to be our mirror.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core 2 Duo E6300 @ 1.86 GHz<br />
* 2x1GB RAM<br />
* Nvidia GeForce GT 440<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E2737_p5l-mx.pdf ASUS P5L-MX] Motherboard<br />
* DVD Burner<br />
<br />
== ''nullsleep'' ==<br />
<br />
nullsleep is an [http://csclub.uwaterloo.ca/misc/manuals/ASRock_ION_330.pdf ASRock ION 330] machine given to us by CSCF and funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel® Dual Core Atom™ 330<br />
* 2GB RAM<br />
* NVIDIA® ION™ graphics<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* DVD Burner<br />
<br />
==== Speakers ====<br />
Nullsleep has the office speakers (a pair of nice studio monitors) currently connected to it.<br />
<br />
==== Services ====<br />
Nullsleep runs MPD for playing music. Control of MPD is available only to users in the "audio" group.<br />
Music is located in /music on the office terminals<br />
<br />
== ''strombola''==<br />
It is named after Gordon Strombola.<br />
<br />
==== Specs ====<br />
* Intel Core2 Quad Q8200 @ 2.33GHz<br />
* 4 GB RAM<br />
* nVidia GeForce 8600 GTS<br />
* [http://csclub.uwaterloo.ca/misc/manuals/strombola.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
==== Speakers ====<br />
Strombola used to have integrated 5.1 channel sound before we got new speakers and moved audio stuff to nullsleep.<br />
<br />
= Syscom Only =<br />
<br />
The following systems may only be accessible to members of the [[Systems Committee]] for a variety of reasons; the most common of which being that some of these machines host [[Kerberos]] authentication services for the CSC.<br />
== ''aspartame'' ==<br />
<br />
aspartame is a taurine clone donated by CSCF. It currently is our primary file server, serving as the gateway interface to space on phlogiston. It also used to host the [[#auth1|auth1]] container, which has been temporarily moved to [[#dextrose|dextrose]]. The lxc files are still present and should not be started up, or else the two copies of auth1 will collide.<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 10GB RAM<br />
<br />
==== Notes ====<br />
<br />
* It currently cannot route the 10.0.0.0/8 block to a misconfiguration on the NetApp. This should be fixed at some point.<br />
<br />
== ''dextrose'' ==<br />
<br />
dextrose is a [[#taurine|taurine]] clone donated by CSCF. It currently hosts [[#mathnews|the mathNEWS server]], [[#auth1|auth1]], [[#rt|rt]] and [[#munin|munin]].<br />
<br />
==== Specs ====<br />
<br />
* 2 72GB drives in RAID1 (LVM dextrose)<br />
* 2 1TB drives in RAID1 (LVM dextrose2)<br />
<br />
== ''auth1'' ==<br />
<br />
Container on [[#dextrose|dextrose]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] master<br />
* [[Kerberos]] master<br />
<br />
== ''cobalamin'' ==<br />
<br />
Dell PowerEdge 2950 donated to us by FEDS. Located in the Science machine room on the first floor of Physics. Will act as a backup server for many things.<br />
<br />
==== Specs ====<br />
<br />
* 1 × Intel Xeon E5420 (2.50 GHz, 4 cores)<br />
* 16GB RAM<br />
* Broadcom NetworkXtreme II<br />
* 2x73GB Hard Drives, hardware RAID1<br />
** Soon to be 2x1TB in MegaRAID1<br />
* http://www.dell.com/support/home/ca/en/cabsdt1/product-support/servicetag/51TYRG1/configuration<br />
<br />
==== Services ====<br />
<br />
* Containers: [[#auth2|auth2]]<br />
<br />
==== Notes ====<br />
<br />
* The network card requires non-free drivers. Be sure to use an installation disc with non-free.<br />
<br />
* We have separate IP ranges for cobalamin and its containers because the machine is located in a different building. They are:<br />
** VLAN ID 504 (csc-ipmi): 172.19.5.26/29; gateway 172.19.5.25; mask 255.255.255.248<br />
** VLAN ID 505 (csc-data): 129.97.16.96/29; gateway 129.97.16.96; mask 255.255.255.248<br />
<br />
* For some reason, the keyboard is shit. Try to avoid having to use it. It's doable, but painful. IPMI works now, and then we don't need to bug about physical access so it's better anyway.<br />
<br />
== ''auth2'' ==<br />
<br />
Container on [[#cobalamin|cobalamin]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] slave<br />
* [[Kerberos]] slave<br />
<br />
== ''glomag'' ==<br />
<br />
Glomag is a newish server (as of Fall 2009) which hosts [[#caffeine|caffeine]]. Only syscom are allowed to SSH in here directly, though SSH to caffeine is permitted to all members.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon X3450 @ 2.67 GHz<br />
* 6 GB RAM<br />
* vg0: 465 GB software RAID1 (contains root partition):<br />
** 750 GB Seagate Barracuda SATA hard drive<br />
** 500 GB Western-Digital Caviar Blue SATA hard drive<br />
* vg1: 596 GB software RAID1 (contains caffeine):<br />
** 2 &times; 640 GB Western-Digital Caviar Blue SATA hard drive<br />
<br />
==== Services ====<br />
<br />
* [[Virtualization#Linux_Container|Linux containers]]; see [[#caffeine|caffeine]], [[#mail|mail]], [[#munin|munin]]<br />
<br />
== ''mail'' ==<br />
<br />
mail is the CSC's mail server. It hosts mail delivery, imap(s), smtp(s), and mailman. It is also syscom-only. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* [[Mail]] services<br />
* mailman (web interface at [http://mailman.csclub.uwaterloo.ca/])<br />
* [[Webmail]]<br />
* [[ceo]] daemon<br />
<br />
== ''psilodump'' ==<br />
<br />
psilodump is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling phlogiston, host disk shelves exported as iSCSI block devices.<br />
<br />
==== Specs ====<br />
<br />
== ''phlogiston'' ==<br />
<br />
phlogiston is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling psilodump, host disk shelves exported as iSCSI block devices.<br />
<br />
phlogiston is turned off and should remain that way. It is misconfigured to have its drives overlap with those owned by psilodump, and if it is turned on, it will likely cause irreparable data loss.<br />
<br />
==== Specs ====<br />
<br />
== ''sodium-benzoate'' ==<br />
<br />
Sodium-benzoate is our previous mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon Quad Core E5405 @ 2.00 GHz<br />
* 16GB RAM<br />
* vg0: 228 GB block device behind DELL PERC 6/i (contains root partition)<br />
* mirror: ~14 TB block device behind DELL PERC 6/i (contains mirror)<br />
** 8 &times; 2 TB hard drive (RAID-5)<br />
<br />
After several disk failures and RMAs, the mirror array was accidentally rebuilt using some of the 4TB drives purchased for the new mirror. They do not work properly with sodium-benzoate because the RAID controller does not support 4TB drives and only exposes part of the storage. At some point we will need to rebuild the array using the 2TB disks again.<br />
<br />
Space disks are currently in the office underneath maltodextrin.<br />
<br />
== ''potassium-benzoate'' ==<br />
<br />
potassium-benzoate is our mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
Coming soon.<br />
<br />
Drives: See [[Potassium-Benzoate_Drives|Potassium-Benzoate Drives]]<br />
<br />
==== Network Connections ====<br />
<br />
potassium-benzoate has two connections to our network:<br />
<br />
* 1gbps to our switch (used for management)<br />
* 10gbps to cs-mc2 (this places it basically at the campus backbone and is used for mirror's IP addresses)<br />
<br />
Mirror's bandwidth is limited to 1gpbs on each of the 4 campus internet links. Mirror's bandwidth is not limited on campus.<br />
<br />
==== Services ====<br />
<br />
* [[Mirror]]<br />
* [[Talks]] mirror<br />
* [[Debian_Repository|CSClub packages repository]]<br />
<br />
== ''munin'' ==<br />
<br />
munin is a syscom-only monitoring and accounting machine. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#dextrose|dextrose]]<br />
<br />
==== Services ====<br />
<br />
* [http://munin.csclub.uwaterloo.ca munin] systems monitoring daemon<br />
<br />
= Other =<br />
<br />
== ''goto80'' ==<br />
<br />
This is a small ARM machine we picked up in order to have similar hardware to the Real Time Operating Systems (CS 452) course. It has a [[TS-7800_JTAG|JTAG]] interface. Located in the office on the top shelf above strombola.<br />
<br />
==== Specs ====<br />
<br />
* 500 MHz Feroceon (ARM926ej-s compatible) processor<br />
* ARMv5TEJ architecture<br />
<br />
Use -march=armv5te -mtune=arm926ej-s options to GCC.<br />
<br />
For information on the TS-7800's hardware see here:<br />
http://www.embeddedarm.com/products/board-detail.php?product=ts-7800<br />
<br />
== ''binaerpilot'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Tobi expansion board. It is currently attached to corn-syrup in the machine room and even more currently turned off until someone can figure out what is wrong with it.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''anamanaguchi'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Chestnut43 expansion board. It is currently in the hardware drawer in the CSC.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''digital cutter'' ==<br />
<br />
See [[Digital Cutter|here]].<br />
<br />
== ''mathnews'' ==<br />
<br />
[[#dextrose|dextrose]] hosts a container which serves as the mathNEWS webserver. It is administered by mathNEWS, as a pilot for providing containers to select groups who have more specialized demands than the general-use infrastructure can meet.<br />
<br />
= Decommissioned =<br />
<br />
== ''Lisp machine'' ==<br />
<br />
A Symbolics XL1200 Lisp machine. Donated to a new home when we couldn't get it working.<br />
<br />
http://www.globalnerdy.com/2008/12/03/symbolics-xl1200-lisp-machine-free-to-a-good-home/ for some history on this hardware.<br />
<br />
==== Specs ====<br />
<br />
Currently inoperable due to (at least) a missing console cable.<br />
<br />
== ''ginseng'' ==<br />
<br />
Ginseng used to be our fileserver, before aspartame and the netapp took over.<br />
<br />
==== Specs ====<br />
<br />
* Intel Pentium Dual Core E2180<br />
* 8GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/s3000ah_tps_1_1.pdf Intel S3000AHV Motherboard]<br />
* 4 &times; 640 GB Western-Digital Caviar Blue in [http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_10_.28RAID_1.2B0.29 RAID 10] behind a [http://www.3ware.com/products/serial_ata2-9650.asp 3ware 9650SE RAID card].<br />
[[Category:Hardware]]<br />
<br />
== ''calum'' ==<br />
<br />
The server from back before recorded memory.<br />
<br />
== ''paza'' ==<br />
<br />
An iMac G3 that was used as a dumb terminal.<br />
<br />
==== Specs ====<br />
<br />
* 233Mhz PowerPC 740/750<br />
* 96 MB RAM<br />
<br />
== ''romana'' ==<br />
<br />
Romana was a BeBox that has been in the CSC's possession since long before BeOS became defunct.<br />
<br />
Confirmed on March 19th, 2016 to be fully functional. An SSHv1 compatible client was installed from http://www.abstrakt.ch/be/ and a compatible firewalled daemon was started on Sucrose (living in /root, prefix is /root/ssh-romana). The insecure daemon is to be used a bastion host to jump to hosts only supporting >=SSHv2. The mail daemon on the BeBox has also been configured to send mail through mail.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 2 PowerPC based processors<br />
* Stylish Blinken processor-load lights<br />
<br />
== ''sodium-citrate'' ==<br />
<br />
Sodium-citrate was an SGI O2 machine.<br />
<br />
In order to net boot you need to set /proc/sys/net/ipv4/ip_no_pmtu_disc to 1. When the O2 boots, hit F5 at the boot menu and type bootp():.<br />
<br />
==== Specs ====<br />
* SGI O2 MIPS processor<br />
* 423 MB (?) RAM<br />
* 2 &times; 2 GB hard drive<br />
<br />
== ''acesulfame-potassium'' ==<br />
<br />
An old office terminal.<br />
<br />
==== Specs ====<br />
* Intel Pentium 4 2.67GHz<br />
* 1GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ABIT_VT7.pdf ABIT VT7] Motherboard<br />
* ATI Radeon 7000<br />
<br />
== ''skynet'' ==<br />
<br />
skynet was a Sun E6500 machine donated by Sanjay Singh. It was never fully set up.<br />
<br />
==== Specs ====<br />
<br />
* 15 full CPU/memory boards<br />
** 2x UltraSPARC II 464MHz / 8MB Cache Processors<br />
** ??? RAM?<br />
* 1 I/O board (type=???)<br />
** ???x disks?<br />
* 1 CD-ROM drive<br />
<br />
* [http://mirror.csclub.uwaterloo.ca/csclub/sun_e6500/ent6k.srvr/ e6500 documentation (hosted on mirror, currently dead link)]<br />
* [http://docs.oracle.com/cd/E19095-01/ent6k.srvr/ e6500 documentation (backup link)]<br />
* [http://www.e6500.com/ e6500]<br />
<br />
== ''freebsd'' ==<br />
<br />
FreeBSD was a virtual machine with FreeBSD installed.<br />
<br />
==== Services ====<br />
<br />
* Newer software<br />
<br />
== ''rainbowdragoneyes'' ==<br />
<br />
Rainbowdragoneyes was our Lemote Fuloong MIPS machine. This machine is aliased to rde.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 800MHz MIPS Loongson 2f CPU<br />
<br />
== ''denardo'' ==<br />
<br />
Due to some instability, general uselessness, and the acquisition of a more powerful SPARC machine from MFCF, denardo was decommissioned in February 2015.<br />
<br />
==== Specs ====<br />
<br />
* Sun Fire V210<br />
* TI UltraSparc IIIi (Jalapeño)<br />
* 2 GB RAM<br />
* 160 GB RAID array<br />
* ALOM on denardo-alom.csclub can be used to power machine on/off<br />
<br />
<br />
== ''artificial-flavours'' ==<br />
<br />
Artificial-flavours was our secondary (backup services) server. It used to be an office terminal. It was decommissioned in February 2015 and transferred to the ownership of Women in Computer Science (WiCS).<br />
<br />
==== Specs ====<br />
<br />
* Intel Celeron 3.2GHz<br />
* 2GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/Biostar_P4M80-M4.pdf Biostar P4M80-M4] Motherboard<br />
* Western-Digital 80 GB ATA hard drive<br />
<br />
= UPS =<br />
<br />
All of the machines in the machine room are connected to one of our UPSs.<br />
<br />
Two of our UPSs can be monitored via CSCF:<br />
<br />
* mc-3015-g7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=722)<br />
* mc-3015-h7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=723)<br />
<br />
If these two UPSs throw alerts, the CSCF helpdesk will be alerted and they should alert us. Their status can be monitored via [[SNMP]].</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Machine_List&diff=3991Machine List2016-07-18T16:17:33Z<p>Jxpryde: /* cobalamin */</p>
<hr />
<div>= Web Server =<br />
You are highly encouraged to avoid running anything that's not directly related to your CSC webspace on our web server. We have plenty of general-use machines; please use those instead. You can even edit web pages from any other machine--usually the only reason you'd *need* to be on caffeine is for database access.<br />
<br />
== ''caffeine'' ==<br />
<br />
Caffeine is the Computer Science Club's web server. It serves websites, databases for websites, and a large amount of other services. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* Club and member web sites with [[Apache]]<br />
* [[MySQL]] databases<br />
* [[PostgreSQL]] databases<br />
* [[ceo]] daemon<br />
* mail was migrated to [[#mail|mail]]<br />
<br />
= General-Use Servers =<br />
<br />
These machines can be used for (nearly) anything you like (though be polite and remember that these are shared machines). Recall that when you signed the Machine Usage Agreement, you promised not to use these machines to generate profit (so no bitcoin mining).<br />
<br />
Most people use either taurine and clones or (high-fructose-)corn-syrup. hfcs is probably our beefiest machine at the moment, if you are wanting to do some heavy computation. Again, if you have a long-running computationally intensive job, it's good to<br />
nice[https://en.wikipedia.org/wiki/Nice_(Unix)] your process, and possibly let syscom know too.<br />
<br />
== ''corn-syrup'' ==<br />
<br />
PowerEdge 2950<br />
<br />
==== Specs ====<br />
<br />
* 2 × Intel Xeon E5405 (2.00 GHz, 4 cores each)<br />
* 32 GB RAM<br />
* eth0 ("Gb0") mac addr 00:24:e8:52:41:27<br />
* eth1 ("Gb1") mac addr 00:24:e8:52:41:29<br />
* IPMI mac addr 00:24:e8:52:41:2b<br />
* 3 &times; Western-Digital 160GB SATA hard drive (445 GB software RAID0 array)<br />
<br />
==== Notes ====<br />
<br />
* Use eth0/Gb0 for the mathstudentorgsnet connection<br />
* has ipmi on corn-syrup-impi.csclub.uwaterloo.ca.<br />
<br />
==== Services ====<br />
<br />
* Hosts 1 TB <tt>[[scratch|/scratch]]</tt> and exports via NFS (sec=krb5)<br />
<br />
== ''high-fructose-corn-syrup'' ==<br />
<br />
High-fructose-corn-syrup (or hfcs) is our more powerful version of corn-syrup. It's been in CSC service since April 2012.<br />
<br />
==== Specs ====<br />
<br />
* 4x AMD Opteron 6272 (2.4 GHz, 16 cores each)<br />
* 192 GB RAM<br />
* Supermicro H8QGi+-F Motherboard Quad 1944-pin Socket [http://csclub.uwaterloo.ca/misc/manuals/motherboard-H8QGI+-F.pdf (Manual)]<br />
* 500 GB Seagate Barracuda<br />
* Supermicro Case Rackmount CSE-748TQ-R1400B 4U [http://csclub.uwaterloo.ca/misc/manuals/SC748.pdf (Manual)]<br />
<br />
== ''taurine'' ==<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 8GB RAM<br />
* 136 GB LVM volume group<br />
<br />
==== Services ====<br />
<br />
* Virtual machines<br />
* BitlBee IRC instant messaging gateway (localhost only)<br />
* [[ident]] server to maintain high connection cap to freenode<br />
* Runs ssh on ports 21,22,53,80,81,443,8000,8080 for user's convenience.<br />
<br />
== ''sucrose'' ==<br />
<br />
sucrose is a [[#taurine|taurine]] clone donated by CSCF.<br />
<br />
==== Specs ====<br />
<br />
== ''potassium-citrate'' ==<br />
<br />
Potassium-citrate is a dual-processor Alpha machine. It is on extended loan from pbarfuss.<br />
<br />
It is temporarily decommissioned pending the reinstallation of a supported operating system (such as OpenBSD).<br />
<br />
==== Specs ====<br />
* Alphaserver CS20 (2 833MHz EV68al CPUs)<br />
* 512MB RAM<br />
* 36 GB Seagate SCSI hard drive<br />
<br />
== ''potassium-nitrate'' ==<br />
<br />
It is a Sun Fire E2900 from a decommissioned MFCF compute cluster, on loan for an extended period. It has a SPARC architecture and runs OpenBSD, unlike many of our other systems which are x86/x86-64 and Linux/Debian.<br />
<br />
It is available for general use. Due to an "interesting" SSH server configuration, Kerberos authentication is '''required''' to access this machine. This means that from a CSC machine, run 'kinit -p' to obtain credentials before SSH'ing in. From a non-CSC machine, follow the instructions on [[Kerberos#Running_Kerberos_Locally|running Kerberos locally]].<br />
<br />
The name is from saltpetre, because sparks.<br />
<br />
==== Specs ====<br />
<br />
* 24 CPUs<br />
* 90GB main memory<br />
* 400GB scratch disk local storage in /scratch-potassium-nitrate<br />
<br />
There is a [[Sun 2900 Strategy Guide|setup guide]] available for this machine.<br />
<br />
See also [[Sun 2900]].<br />
<br />
= Office Terminals =<br />
<br />
It's possible to SSH into these machines, but we discourage you from trying to use these machines when you're not sitting in front of them. They are bounced at least every time our login manager, lightdm, throws a tantrum (which is several times a day). These are for use inside our physical office.<br />
<br />
== ''bit-shifter'' ==<br />
<br />
bit-shifter is an office terminal.<br />
<br />
==== Specs ====<br />
<br />
* Intel(R) Core(TM)2 Quad CPU Q8300<br />
* 4GB RAM<br />
* Nvidia GeForce GT 440<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* Jacob Parker's Firewire Card<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''gwem'' ==<br />
<br />
gwem is an office terminal that was created because AMD donated a graphics card. It entered CSC service in February 2012.<br />
<br />
=== Specs ===<br />
<br />
* AMD FX-8150 3.6GHz 8-Core CPU<br />
* 16 GB RAM<br />
* AMD Radeon 6870 HD 1GB GPU<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ga-990fxa-ud7_e.pdf Gigabyte GA-990FXA-UD7] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
== ''maltodextrin'' ==<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
Maltodextrin is an office terminal. It was upgraded in Spring 2014 after an unidentified failure.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core i3-4130 @ 3.40 GHz<br />
* 8GB RAM<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E8425_H81I_PLUS.pdf ASUS H81-PLUS] Motherboard<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''natural-flavours'' ==<br />
<br />
Natural-flavours is an office terminal; it used to be our mirror.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core 2 Duo E6300 @ 1.86 GHz<br />
* 2x1GB RAM<br />
* Nvidia GeForce GT 440<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E2737_p5l-mx.pdf ASUS P5L-MX] Motherboard<br />
* DVD Burner<br />
<br />
== ''nullsleep'' ==<br />
<br />
nullsleep is an [http://csclub.uwaterloo.ca/misc/manuals/ASRock_ION_330.pdf ASRock ION 330] machine given to us by CSCF and funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel® Dual Core Atom™ 330<br />
* 2GB RAM<br />
* NVIDIA® ION™ graphics<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* DVD Burner<br />
<br />
==== Speakers ====<br />
Nullsleep has the office speakers (a pair of nice studio monitors) currently connected to it.<br />
<br />
==== Services ====<br />
Nullsleep runs MPD for playing music. Control of MPD is available only to users in the "audio" group.<br />
Music is located in /music on the office terminals<br />
<br />
== ''strombola''==<br />
It is named after Gordon Strombola.<br />
<br />
==== Specs ====<br />
* Intel Core2 Quad Q8200 @ 2.33GHz<br />
* 4 GB RAM<br />
* nVidia GeForce 8600 GTS<br />
* [http://csclub.uwaterloo.ca/misc/manuals/strombola.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
==== Speakers ====<br />
Strombola used to have integrated 5.1 channel sound before we got new speakers and moved audio stuff to nullsleep.<br />
<br />
= Syscom Only =<br />
<br />
The following systems may only be accessible to members of the [[Systems Committee]] for a variety of reasons; the most common of which being that some of these machines host [[Kerberos]] authentication services for the CSC.<br />
== ''aspartame'' ==<br />
<br />
aspartame is a taurine clone donated by CSCF. It currently is our primary file server, serving as the gateway interface to space on phlogiston. It also used to host the [[#auth1|auth1]] container, which has been temporarily moved to [[#dextrose|dextrose]]. The lxc files are still present and should not be started up, or else the two copies of auth1 will collide.<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 10GB RAM<br />
<br />
==== Notes ====<br />
<br />
* It currently cannot route the 10.0.0.0/8 block to a misconfiguration on the NetApp. This should be fixed at some point.<br />
<br />
== ''dextrose'' ==<br />
<br />
dextrose is a [[#taurine|taurine]] clone donated by CSCF. It currently hosts [[#mathnews|the mathNEWS server]], [[#auth1|auth1]], [[#rt|rt]] and [[#munin|munin]].<br />
<br />
==== Specs ====<br />
<br />
* 2 72GB drives in RAID1 (LVM dextrose)<br />
* 2 1TB drives in RAID1 (LVM dextrose2)<br />
<br />
== ''auth1'' ==<br />
<br />
Container on [[#dextrose|dextrose]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] master<br />
* [[Kerberos]] master<br />
<br />
== ''cobalamin'' ==<br />
<br />
Dell PowerEdge 2950 donated to us by FEDS. Located in the Science machine room on the first floor of Physics. Will act as a backup server for many things.<br />
<br />
==== Specs ====<br />
<br />
* 1 × Intel Xeon E5420 (2.50 GHz, 4 cores)<br />
* 16GB RAM<br />
* Broadcom NetworkXtreme II<br />
* 2x73GB Hard Drives, hardware RAID1<br />
* Soon to be 2x1TB in MegaRAID1<br />
* http://www.dell.com/support/home/ca/en/cabsdt1/product-support/servicetag/51TYRG1/configuration<br />
<br />
==== Services ====<br />
<br />
* Containers: [[#auth2|auth2]]<br />
<br />
==== Notes ====<br />
<br />
* The network card requires non-free drivers. Be sure to use an installation disc with non-free.<br />
<br />
* We have separate IP ranges for cobalamin and its containers because the machine is located in a different building. They are:<br />
** VLAN ID 504 (csc-ipmi): 172.19.5.26/29; gateway 172.19.5.25; mask 255.255.255.248<br />
** VLAN ID 505 (csc-data): 129.97.16.96/29; gateway 129.97.16.96; mask 255.255.255.248<br />
<br />
* For some reason, the keyboard is shit. Try to avoid having to use it. It's doable, but painful. IPMI works now, and then we don't need to bug about physical access so it's better anyway.<br />
<br />
== ''auth2'' ==<br />
<br />
Container on [[#cobalamin|cobalamin]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] slave<br />
* [[Kerberos]] slave<br />
<br />
== ''glomag'' ==<br />
<br />
Glomag is a newish server (as of Fall 2009) which hosts [[#caffeine|caffeine]]. Only syscom are allowed to SSH in here directly, though SSH to caffeine is permitted to all members.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon X3450 @ 2.67 GHz<br />
* 6 GB RAM<br />
* vg0: 465 GB software RAID1 (contains root partition):<br />
** 750 GB Seagate Barracuda SATA hard drive<br />
** 500 GB Western-Digital Caviar Blue SATA hard drive<br />
* vg1: 596 GB software RAID1 (contains caffeine):<br />
** 2 &times; 640 GB Western-Digital Caviar Blue SATA hard drive<br />
<br />
==== Services ====<br />
<br />
* [[Virtualization#Linux_Container|Linux containers]]; see [[#caffeine|caffeine]], [[#mail|mail]], [[#munin|munin]]<br />
<br />
== ''mail'' ==<br />
<br />
mail is the CSC's mail server. It hosts mail delivery, imap(s), smtp(s), and mailman. It is also syscom-only. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* [[Mail]] services<br />
* mailman (web interface at [http://mailman.csclub.uwaterloo.ca/])<br />
* [[Webmail]]<br />
* [[ceo]] daemon<br />
<br />
== ''psilodump'' ==<br />
<br />
psilodump is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling phlogiston, host disk shelves exported as iSCSI block devices.<br />
<br />
==== Specs ====<br />
<br />
== ''phlogiston'' ==<br />
<br />
phlogiston is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling psilodump, host disk shelves exported as iSCSI block devices.<br />
<br />
phlogiston is turned off and should remain that way. It is misconfigured to have its drives overlap with those owned by psilodump, and if it is turned on, it will likely cause irreparable data loss.<br />
<br />
==== Specs ====<br />
<br />
== ''sodium-benzoate'' ==<br />
<br />
Sodium-benzoate is our previous mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon Quad Core E5405 @ 2.00 GHz<br />
* 16GB RAM<br />
* vg0: 228 GB block device behind DELL PERC 6/i (contains root partition)<br />
* mirror: ~14 TB block device behind DELL PERC 6/i (contains mirror)<br />
** 8 &times; 2 TB hard drive (RAID-5)<br />
<br />
After several disk failures and RMAs, the mirror array was accidentally rebuilt using some of the 4TB drives purchased for the new mirror. They do not work properly with sodium-benzoate because the RAID controller does not support 4TB drives and only exposes part of the storage. At some point we will need to rebuild the array using the 2TB disks again.<br />
<br />
Space disks are currently in the office underneath maltodextrin.<br />
<br />
== ''potassium-benzoate'' ==<br />
<br />
potassium-benzoate is our mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
Coming soon.<br />
<br />
Drives: See [[Potassium-Benzoate_Drives|Potassium-Benzoate Drives]]<br />
<br />
==== Network Connections ====<br />
<br />
potassium-benzoate has two connections to our network:<br />
<br />
* 1gbps to our switch (used for management)<br />
* 10gbps to cs-mc2 (this places it basically at the campus backbone and is used for mirror's IP addresses)<br />
<br />
Mirror's bandwidth is limited to 1gpbs on each of the 4 campus internet links. Mirror's bandwidth is not limited on campus.<br />
<br />
==== Services ====<br />
<br />
* [[Mirror]]<br />
* [[Talks]] mirror<br />
* [[Debian_Repository|CSClub packages repository]]<br />
<br />
== ''munin'' ==<br />
<br />
munin is a syscom-only monitoring and accounting machine. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#dextrose|dextrose]]<br />
<br />
==== Services ====<br />
<br />
* [http://munin.csclub.uwaterloo.ca munin] systems monitoring daemon<br />
<br />
= Other =<br />
<br />
== ''goto80'' ==<br />
<br />
This is a small ARM machine we picked up in order to have similar hardware to the Real Time Operating Systems (CS 452) course. It has a [[TS-7800_JTAG|JTAG]] interface. Located in the office on the top shelf above strombola.<br />
<br />
==== Specs ====<br />
<br />
* 500 MHz Feroceon (ARM926ej-s compatible) processor<br />
* ARMv5TEJ architecture<br />
<br />
Use -march=armv5te -mtune=arm926ej-s options to GCC.<br />
<br />
For information on the TS-7800's hardware see here:<br />
http://www.embeddedarm.com/products/board-detail.php?product=ts-7800<br />
<br />
== ''binaerpilot'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Tobi expansion board. It is currently attached to corn-syrup in the machine room and even more currently turned off until someone can figure out what is wrong with it.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''anamanaguchi'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Chestnut43 expansion board. It is currently in the hardware drawer in the CSC.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''digital cutter'' ==<br />
<br />
See [[Digital Cutter|here]].<br />
<br />
== ''mathnews'' ==<br />
<br />
[[#dextrose|dextrose]] hosts a container which serves as the mathNEWS webserver. It is administered by mathNEWS, as a pilot for providing containers to select groups who have more specialized demands than the general-use infrastructure can meet.<br />
<br />
= Decommissioned =<br />
<br />
== ''Lisp machine'' ==<br />
<br />
A Symbolics XL1200 Lisp machine. Donated to a new home when we couldn't get it working.<br />
<br />
http://www.globalnerdy.com/2008/12/03/symbolics-xl1200-lisp-machine-free-to-a-good-home/ for some history on this hardware.<br />
<br />
==== Specs ====<br />
<br />
Currently inoperable due to (at least) a missing console cable.<br />
<br />
== ''ginseng'' ==<br />
<br />
Ginseng used to be our fileserver, before aspartame and the netapp took over.<br />
<br />
==== Specs ====<br />
<br />
* Intel Pentium Dual Core E2180<br />
* 8GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/s3000ah_tps_1_1.pdf Intel S3000AHV Motherboard]<br />
* 4 &times; 640 GB Western-Digital Caviar Blue in [http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_10_.28RAID_1.2B0.29 RAID 10] behind a [http://www.3ware.com/products/serial_ata2-9650.asp 3ware 9650SE RAID card].<br />
[[Category:Hardware]]<br />
<br />
== ''calum'' ==<br />
<br />
The server from back before recorded memory.<br />
<br />
== ''paza'' ==<br />
<br />
An iMac G3 that was used as a dumb terminal.<br />
<br />
==== Specs ====<br />
<br />
* 233Mhz PowerPC 740/750<br />
* 96 MB RAM<br />
<br />
== ''romana'' ==<br />
<br />
Romana was a BeBox that has been in the CSC's possession since long before BeOS became defunct.<br />
<br />
Confirmed on March 19th, 2016 to be fully functional. An SSHv1 compatible client was installed from http://www.abstrakt.ch/be/ and a compatible firewalled daemon was started on Sucrose (living in /root, prefix is /root/ssh-romana). The insecure daemon is to be used a bastion host to jump to hosts only supporting >=SSHv2. The mail daemon on the BeBox has also been configured to send mail through mail.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 2 PowerPC based processors<br />
* Stylish Blinken processor-load lights<br />
<br />
== ''sodium-citrate'' ==<br />
<br />
Sodium-citrate was an SGI O2 machine.<br />
<br />
In order to net boot you need to set /proc/sys/net/ipv4/ip_no_pmtu_disc to 1. When the O2 boots, hit F5 at the boot menu and type bootp():.<br />
<br />
==== Specs ====<br />
* SGI O2 MIPS processor<br />
* 423 MB (?) RAM<br />
* 2 &times; 2 GB hard drive<br />
<br />
== ''acesulfame-potassium'' ==<br />
<br />
An old office terminal.<br />
<br />
==== Specs ====<br />
* Intel Pentium 4 2.67GHz<br />
* 1GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ABIT_VT7.pdf ABIT VT7] Motherboard<br />
* ATI Radeon 7000<br />
<br />
== ''skynet'' ==<br />
<br />
skynet was a Sun E6500 machine donated by Sanjay Singh. It was never fully set up.<br />
<br />
==== Specs ====<br />
<br />
* 15 full CPU/memory boards<br />
** 2x UltraSPARC II 464MHz / 8MB Cache Processors<br />
** ??? RAM?<br />
* 1 I/O board (type=???)<br />
** ???x disks?<br />
* 1 CD-ROM drive<br />
<br />
* [http://mirror.csclub.uwaterloo.ca/csclub/sun_e6500/ent6k.srvr/ e6500 documentation (hosted on mirror, currently dead link)]<br />
* [http://docs.oracle.com/cd/E19095-01/ent6k.srvr/ e6500 documentation (backup link)]<br />
* [http://www.e6500.com/ e6500]<br />
<br />
== ''freebsd'' ==<br />
<br />
FreeBSD was a virtual machine with FreeBSD installed.<br />
<br />
==== Services ====<br />
<br />
* Newer software<br />
<br />
== ''rainbowdragoneyes'' ==<br />
<br />
Rainbowdragoneyes was our Lemote Fuloong MIPS machine. This machine is aliased to rde.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 800MHz MIPS Loongson 2f CPU<br />
<br />
== ''denardo'' ==<br />
<br />
Due to some instability, general uselessness, and the acquisition of a more powerful SPARC machine from MFCF, denardo was decommissioned in February 2015.<br />
<br />
==== Specs ====<br />
<br />
* Sun Fire V210<br />
* TI UltraSparc IIIi (Jalapeño)<br />
* 2 GB RAM<br />
* 160 GB RAID array<br />
* ALOM on denardo-alom.csclub can be used to power machine on/off<br />
<br />
<br />
== ''artificial-flavours'' ==<br />
<br />
Artificial-flavours was our secondary (backup services) server. It used to be an office terminal. It was decommissioned in February 2015 and transferred to the ownership of Women in Computer Science (WiCS).<br />
<br />
==== Specs ====<br />
<br />
* Intel Celeron 3.2GHz<br />
* 2GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/Biostar_P4M80-M4.pdf Biostar P4M80-M4] Motherboard<br />
* Western-Digital 80 GB ATA hard drive<br />
<br />
= UPS =<br />
<br />
All of the machines in the machine room are connected to one of our UPSs.<br />
<br />
Two of our UPSs can be monitored via CSCF:<br />
<br />
* mc-3015-g7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=722)<br />
* mc-3015-h7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=723)<br />
<br />
If these two UPSs throw alerts, the CSCF helpdesk will be alerted and they should alert us. Their status can be monitored via [[SNMP]].</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3987Web Hosting2016-07-13T15:15:00Z<p>Jxpryde: /* [Deprecated] Using WSGI */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP If you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers. You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines. Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca[mailto:syscom@csclub.uwaterloo.ca]</tt> or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3986Web Hosting2016-07-13T15:14:03Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP If you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers. You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines. Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca[mailto:syscom@csclub.uwaterloo.ca]</tt> or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3985Web Hosting2016-07-13T15:13:11Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP (if you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers). You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca[mailto:syscom@csclub.uwaterloo.ca]</tt> or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3984Web Hosting2016-07-13T15:12:15Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP (if you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers). You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
If you need help, email <tt>syscom@csclub.uwaterloo.ca</tt>, or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3983Web Hosting2016-07-13T15:11:41Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP (if you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers). You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers, if you do this we recommend using git.uwaterloo.ca as your upstream repository.<br />
<br />
Email <tt>syscom@csclub.uwaterloo.ca</tt> if you need help, or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3982Web Hosting2016-07-13T15:10:16Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP (if you run Windows use https://winscp.net/eng/index.php, if you use OS X use https://cyberduck.io/?l=en, and Linux users can directly access SFTP by using ssh:// urls in their GUI file managers). You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers.<br />
<br />
Email <tt>syscom@csclub.uwaterloo.ca</tt> if you need help, or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3981Web Hosting2016-07-13T15:09:19Z<p>Jxpryde: /* How do I make a website? */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== How do I make a website? ==<br />
<br />
If this is your first time making a website, this section may be useful to you.<br />
<br />
To build your website, CS Club suggests you use http://blog.getpelican.com/ (Python) or https://jekyllrb.com/ (Ruby). They generate static sites and are faster, simpler and more secure than CMSs like WordPress (dynamic and written in PHP) for small sites. We routinely disable WordPress sites that are more than a few weeks out of date (or if a critical security flaw is disclosed).<br />
<br />
You can transfer files to the CS Club via SFTP (if you run Windows use https://winscp.net/eng/index.php and if you use OS X use https://cyberduck.io/?l=en, Linux can directly access SFTP by using ssh:// urls in their GUI file managers). You can use SSH for direct shell access, just run <tt>ssh ctdalek@corn-syrup.csclub.uwaterloo.ca</tt> or look at https://wiki.csclub.uwaterloo.ca/Machine_List for our other machines Please do not connect to caffeine (the actual web server) unless you need to debug code. You can also just create your site on our servers or in our office to avoid having to shuffle files around. Your home directory is distributed everywhere via NFS. Bonus points if you use Git to sync your own computer with our servers.<br />
<br />
Email <tt>syscom@csclub.uwaterloo.ca</tt> if you need help, or come to the CS Club office on the MC 3rd floor across from the Mathsoc CnD.<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
Note that this means you ''do not'' have to register a domain name to be able to use our services. You can just put a website at <tt>http://csclub.uwaterloo.ca/~userid</tt>.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
If you are interested in receiving mail or having other records on your domain, the apex of your domain cannot be a CNAME. If this is the case, then your domain should contain an "A" record of <tt>129.97.134.17</tt> and a (optional, but recommended) "AAAA" record of <tt>2620:101:f000:4901:c5c::caff:e12e</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$" "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory><br />
<br />
=== Expired Websites ===<br />
<br />
There is a cron job running hourly on caffeine which disables expired member's websites (and re-enables them when they've renewed their membership).<br />
<br />
The script is here: http://git.csclub.uwaterloo.ca/?p=public/expire-sites.git;a=summary<br />
<br />
Some highlights:<br />
<br />
* The script provides a 1-month grace period (corresponding to the grace period of pam-csc)<br />
* The expired page returns HTTP status code of 503 (Service Unavailable)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3961Potassium-Benzoate Drives2016-05-05T21:41:19Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|March 03, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMC5C0E85V5W<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdac<br />
|<br />
|In Limited Warranty, till 08/04/2016<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 05/08/2019<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/16/2019<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 01/16/2019<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/02/2019<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/02/2019<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 01/16/2019<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3960Potassium-Benzoate Drives2016-05-05T21:37:10Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|In Limited Warranty, till 09/28/2020<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMC5C0E85V5W<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdac<br />
|<br />
|In Limited Warranty, till 08/04/2016<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 05/08/2019<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/16/2019<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 01/16/2019<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/02/2019<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/02/2019<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 01/16/2019<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|In Limited Warranty, till 04/10/2019<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3959Potassium-Benzoate Drives2016-05-05T21:33:34Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|In Limited Warranty, till 09/28/2020<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMC5C0E85V5W<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdac<br />
|<br />
|In Limited Warranty, till 08/04/2016<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3958Potassium-Benzoate Drives2016-05-05T21:33:21Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|In Limited Warranty, till 09/28/2020<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMC5C0E85V5W<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdac<br />
|<br />
|In Limited Warranty, till 08/04/2016<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3957Potassium-Benzoate Drives2016-05-05T20:22:19Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|In Limited Warranty, till 09/28/2020<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMC5C0E85V5W<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdac<br />
|<br />
|In Limited Warranty, till 08/04/2016<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3956Potassium-Benzoate Drives2016-05-05T20:18:10Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|In Limited Warranty, till 02/24/2017<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|In Limited Warranty, till 09/28/2020<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|Out of Limited Warranty<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3955Potassium-Benzoate Drives2016-05-05T20:11:53Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|<br />
|<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdab<br />
|<br />
|<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3954Potassium-Benzoate Drives2016-05-05T20:11:18Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00038506<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaa<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMAY00051320<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WMAY04103330<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdae<br />
|<br />
|<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdab<br />
|<br />
|<br />
|-<br />
|WMAY00038370<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WCC1P3AERRKP<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdz<br />
|<br />
|<br />
|-<br />
|WCAVY4493756<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdy<br />
|<br />
|<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|<br />
|/dev/md2, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3953Potassium-Benzoate Drives2016-05-05T19:54:28Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Potassium-Benzoate_Drives&diff=3952Potassium-Benzoate Drives2016-05-05T19:53:49Z<p>Jxpryde: </p>
<hr />
<div>{| class="wikitable"<br />
!width="22%"|Serial Number<br />
!width="15%"|Capacity<br />
!width="9%"|Slot<br />
!width="11%"|Array<br />
!width="13%"|Purchased Date<br />
!width="41%"|Warranty Information<br />
|-<br />
|WCC133RRT8S8<br />
|2TB<br />
|Rear, Row 2, Col 2<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC130E6753L<br />
|2TB<br />
|Rear, Row 0, Col 1<br />
|/dev/md2<br />
|Jan. 20, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D26CT4<br />
|2TB<br />
|Front, Row 3, Col 1<br />
|/dev/md2<br />
|May. 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WMC6N0D1WSND<br />
|2TB<br />
|Rear, Row 2, Col 1<br />
|/dev/md2<br />
|May. 05, 2016<br />
|3 years—Direct Replacement through Canada Computers<br />
|-<br />
|WCC130901028<br />
|4TB<br />
|Front, Row 5, Col 1<br />
|/dev/md3, /dev/sdj<br />
|<br />
|<br />
|-<br />
|WCC1F0325570<br />
|4TB<br />
|Front, Row 4, Col 1<br />
|/dev/md3, /dev/sdk<br />
|<br />
|<br />
|-<br />
|WCC130780854<br />
|4TB<br />
|Front, Row 1, Col 3<br />
|/dev/md3, /dev/sdl<br />
|<br />
|<br />
|-<br />
|WCC130563920<br />
|4TB<br />
|Front, Row 0, Col 0<br />
|/dev/md3, /dev/sdaf<br />
|<br />
|<br />
|-<br />
|WMC1F0569416<br />
|4TB<br />
|Front, Row 0, Col 1<br />
|/dev/md3, /dev/sdag<br />
|<br />
|<br />
|-<br />
|WMC1F0448028<br />
|4TB<br />
|Front, Row 0, Col 2<br />
|/dev/md3, /dev/sdah<br />
|<br />
|<br />
|-<br />
|WCC5DAA68911<br />
|4TB<br />
|Front, Row 0, Col 3<br />
|/dev/md3, /dev/sdai<br />
|<br />
|<br />
|-<br />
|WMC1F0221100<br />
|4TB<br />
|Rear, Row 0, Col 2<br />
|/dev/md3, /dev/sdaj<br />
|<br />
|<br />
|-<br />
|WCC1F0327357<br />
|4TB<br />
|Rear, Row 0, Col 3<br />
|/dev/md3, /dev/sdak<br />
|<br />
|<br />
|}<br />
<br />
== Warranty Information ==<br />
<br />
=== Direct Replacement through Canada Computers ===<br />
<br />
For warranties listed as “Direct Replacement through Canada Computers”, the failed drive can be brought to Canada Computers for a replacement.</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Machine_List&diff=3946Machine List2016-03-20T17:56:01Z<p>Jxpryde: /* romana */</p>
<hr />
<div>= Web Server =<br />
You are highly encouraged to avoid running anything that's not directly related to your CSC webspace on our web server. We have plenty of general-use machines; please use those instead. You can even edit web pages from any other machine--usually the only reason you'd *need* to be on caffeine is for database access.<br />
<br />
== ''caffeine'' ==<br />
<br />
Caffeine is the Computer Science Club's web server. It serves websites, databases for websites, and a large amount of other services. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* Club and member web sites with [[Apache]]<br />
* [[MySQL]] databases<br />
* [[PostgreSQL]] databases (not backed up.)<br />
* [[ceo]] daemon<br />
* mail was migrated to [[#mail|mail]]<br />
<br />
= General-Use Servers =<br />
<br />
These machines can be used for (nearly) anything you like (though be polite and remember that these are shared machines). Recall that when you signed the Machine Usage Agreement, you promised not to use these machines to generate profit (so no bitcoin mining).<br />
<br />
Most people use either taurine and clones or (high-fructose-)corn-syrup. hfcs is probably our beefiest machine at the moment, if you are wanting to do some heavy computation. Again, if you have a long-running computationally intensive job, it's good to<br />
nice[https://en.wikipedia.org/wiki/Nice_(Unix)] your process, and possibly let syscom know too.<br />
<br />
== ''corn-syrup'' ==<br />
<br />
PowerEdge 2950<br />
<br />
==== Specs ====<br />
<br />
* 2 × Intel Xeon E5405 (2.00 GHz, 4 cores each)<br />
* 32 GB RAM<br />
* eth0 ("Gb0") mac addr 00:24:e8:52:41:27<br />
* eth1 ("Gb1") mac addr 00:24:e8:52:41:29<br />
* IPMI mac addr 00:24:e8:52:41:2b<br />
* 3 &times; Western-Digital 160GB SATA hard drive (445 GB software RAID0 array)<br />
<br />
==== Notes ====<br />
<br />
* Use eth0/Gb0 for the mathstudentorgsnet connection<br />
* has ipmi on corn-syrup-impi.csclub.uwaterloo.ca.<br />
<br />
==== Services ====<br />
<br />
* Hosts 1 TB <tt>[[scratch|/scratch]]</tt> and exports via NFS (sec=krb5)<br />
<br />
== ''high-fructose-corn-syrup'' ==<br />
<br />
High-fructose-corn-syrup (or hfcs) is our more powerful version of corn-syrup. It's been in CSC service since April 2012.<br />
<br />
==== Specs ====<br />
<br />
* 4x AMD Opteron 6272 (2.4 GHz, 16 cores each)<br />
* 192 GB RAM<br />
* Supermicro H8QGi+-F Motherboard Quad 1944-pin Socket [http://csclub.uwaterloo.ca/misc/manuals/motherboard-H8QGI+-F.pdf (Manual)]<br />
* 500 GB Seagate Barracuda<br />
* Supermicro Case Rackmount CSE-748TQ-R1400B 4U [http://csclub.uwaterloo.ca/misc/manuals/SC748.pdf (Manual)]<br />
<br />
== ''taurine'' ==<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 8GB RAM<br />
* 136 GB LVM volume group<br />
<br />
==== Services ====<br />
<br />
* Virtual machines<br />
* BitlBee IRC instant messaging gateway (localhost only)<br />
* [[ident]] server to maintain high connection cap to freenode<br />
* Runs ssh on ports 21,22,53,80,81,443,8000,8080 for user's convenience.<br />
<br />
== ''sucrose'' ==<br />
<br />
sucrose is a [[#taurine|taurine]] clone donated by CSCF.<br />
<br />
==== Specs ====<br />
<br />
== ''potassium-citrate'' ==<br />
<br />
Potassium-citrate is a dual-processor Alpha machine. It is on extended loan from pbarfuss.<br />
<br />
It is temporarily decommissioned pending the reinstallation of a supported operating system (such as OpenBSD).<br />
<br />
==== Specs ====<br />
* Alphaserver CS20 (2 833MHz EV68al CPUs)<br />
* 512MB RAM<br />
* 36 GB Seagate SCSI hard drive<br />
<br />
== ''potassium-nitrate'' ==<br />
<br />
It is a Sun Fire E2900 from a decommissioned MFCF compute cluster, on loan for an extended period. It has a SPARC architecture and runs OpenBSD, unlike many of our other systems which are x86/x86-64 and Linux/Debian.<br />
<br />
It is available for general use. Due to an "interesting" SSH server configuration, Kerberos authentication is '''required''' to access this machine. This means that from a CSC machine, run 'kinit -p' to obtain credentials before SSH'ing in. From a non-CSC machine, follow the instructions on [[Kerberos#Running_Kerberos_Locally|running Kerberos locally]].<br />
<br />
The name is from saltpetre, because sparks.<br />
<br />
==== Specs ====<br />
<br />
* 24 CPUs<br />
* 90GB main memory<br />
* 400GB scratch disk local storage in /scratch-potassium-nitrate<br />
<br />
There is a [[Sun 2900 Strategy Guide|setup guide]] available for this machine.<br />
<br />
See also [[Sun 2900]].<br />
<br />
= Office Terminals =<br />
<br />
It's possible to SSH into these machines, but we discourage you from trying to use these machines when you're not sitting in front of them. They are bounced at least every time our login manager, lightdm, throws a tantrum (which is several times a day). These are for use inside our physical office.<br />
<br />
== ''bit-shifter'' ==<br />
<br />
bit-shifter is an office terminal.<br />
<br />
==== Specs ====<br />
<br />
* Intel(R) Core(TM)2 Quad CPU Q8300<br />
* 4GB RAM<br />
* Nvidia GeForce GT 440<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* Jacob Parker's Firewire Card<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''gwem'' ==<br />
<br />
gwem is an office terminal that was created because AMD donated a graphics card. It entered CSC service in February 2012.<br />
<br />
=== Specs ===<br />
<br />
* AMD FX-8150 3.6GHz 8-Core CPU<br />
* 16 GB RAM<br />
* AMD Radeon 6870 HD 1GB GPU<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ga-990fxa-ud7_e.pdf Gigabyte GA-990FXA-UD7] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
== ''maltodextrin'' ==<br />
* [http://csclub.uwaterloo.ca/misc/manuals/motherboard_manual_ga-ep45-ud3l.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
Maltodextrin is an office terminal. It was upgraded in Spring 2014 after an unidentified failure.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core i3-4130 @ 3.40 GHz<br />
* 8GB RAM<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E8425_H81I_PLUS.pdf ASUS H81-PLUS] Motherboard<br />
<br />
==== Services ====<br />
<br />
* [http://csclub.uwaterloo.ca/office/webcam Office webcam]<br />
<br />
== ''natural-flavours'' ==<br />
<br />
Natural-flavours is an office terminal; it used to be our mirror.<br />
<br />
==== Specs ====<br />
<br />
* Intel Core 2 Duo E6300 @ 1.86 GHz<br />
* 2x1GB RAM<br />
* Nvidia GeForce GT 440<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* [http://csclub.uwaterloo.ca/misc/manuals/E2737_p5l-mx.pdf ASUS P5L-MX] Motherboard<br />
* DVD Burner<br />
<br />
== ''nullsleep'' ==<br />
<br />
nullsleep is an [http://csclub.uwaterloo.ca/misc/manuals/ASRock_ION_330.pdf ASRock ION 330] machine given to us by CSCF and funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel® Dual Core Atom™ 330<br />
* 2GB RAM<br />
* NVIDIA® ION™ graphics<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
* DVD Burner<br />
<br />
==== Speakers ====<br />
Nullsleep has the office speakers (a pair of nice studio monitors) currently connected to it.<br />
<br />
==== Services ====<br />
Nullsleep runs MPD for playing music. Control of MPD is available only to users in the "audio" group.<br />
Music is located in /music on the office terminals<br />
<br />
== ''strombola''==<br />
It is named after Gordon Strombola.<br />
<br />
==== Specs ====<br />
* Intel Core2 Quad Q8200 @ 2.33GHz<br />
* 4 GB RAM<br />
* nVidia GeForce 8600 GTS<br />
* [http://csclub.uwaterloo.ca/misc/manuals/strombola.pdf Gigabyte GA-EP45-UD3L] Motherboard<br />
* 1x 64GB SanDisk SDSSDP064G SSD<br />
<br />
==== Speakers ====<br />
Strombola used to have integrated 5.1 channel sound before we got new speakers and moved audio stuff to nullsleep.<br />
<br />
= Syscom Only =<br />
<br />
The following systems may only be accessible to members of the [[Systems Committee]] for a variety of reasons; the most common of which being that some of these machines host [[Kerberos]] authentication services for the CSC.<br />
== ''aspartame'' ==<br />
<br />
aspartame is a taurine clone donated by CSCF. It currently is our primary file server, serving as the gateway interface to space on phlogiston. It also used to host the [[#auth1|auth1]] container, which has been temporarily moved to [[#dextrose|dextrose]]. The lxc files are still present and should not be started up, or else the two copies of auth1 will collide.<br />
<br />
==== Specs ====<br />
<br />
* 2 AMD Opteron 2218 CPUs<br />
* 10GB RAM<br />
<br />
==== Notes ====<br />
<br />
* It currently cannot route the 10.0.0.0/8 block to a misconfiguration on the NetApp. This should be fixed at some point.<br />
<br />
== ''dextrose'' ==<br />
<br />
dextrose is a [[#taurine|taurine]] clone donated by CSCF. It currently hosts [[#mathnews|the mathNEWS server]] and [[#auth1|auth1]].<br />
<br />
==== Specs ====<br />
<br />
== ''auth1'' ==<br />
<br />
Container on [[#aspartame|aspartame]]. Temporarily relocated to [[#dextrose|dextrose]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] master<br />
* [[Kerberos]] master<br />
<br />
== ''cobalamin'' ==<br />
<br />
Dell PowerEdge 2950 donated to us by FEDS. Located in the Science machine room on the first floor of Physics. Will act as a backup server for many things.<br />
<br />
* ssh host keys need to be correctly configured (some removed?)<br />
<br />
==== Specs ====<br />
<br />
* 1 × Intel Xeon E5420 (2.50 GHz, 4 cores)<br />
* 16GB RAM<br />
* Broadcom NetworkXtreme II<br />
* 2x73GB Hard Drives, hardware RAID1<br />
* http://www.dell.com/support/home/ca/en/cabsdt1/product-support/servicetag/51TYRG1/configuration<br />
<br />
==== Services ====<br />
<br />
* Containers: [[#auth2|auth2]]<br />
<br />
==== Notes ====<br />
<br />
* The network card requires non-free drivers. Be sure to use an installation disc with non-free.<br />
<br />
* We have separate IP ranges for cobalamin and its containers because the machine is located in a different building. They are:<br />
** VLAN ID 504 (csc-ipmi): 172.19.5.26/29; gateway 172.19.5.25; mask 255.255.255.248<br />
** VLAN ID 505 (csc-data): 129.97.16.96/29; gateway 129.97.16.96; mask 255.255.255.248<br />
<br />
* For some reason, the keyboard is shit. Try to avoid having to use it. It's doable, but painful. IPMI works now, and then we don't need to bug about physical access so it's better anyway.<br />
<br />
== ''auth2'' ==<br />
<br />
Container on [[#cobalamin|cobalamin]].<br />
<br />
==== Services ====<br />
<br />
* [[LDAP]] slave<br />
* [[Kerberos]] slave<br />
<br />
== ''glomag'' ==<br />
<br />
Glomag is a newish server (as of Fall 2009) which hosts [[#caffeine|caffeine]]. Only syscom are allowed to SSH in here directly, though SSH to caffeine is permitted to all members.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon X3450 @ 2.67 GHz<br />
* 6 GB RAM<br />
* vg0: 465 GB software RAID1 (contains root partition):<br />
** 750 GB Seagate Barracuda SATA hard drive<br />
** 500 GB Western-Digital Caviar Blue SATA hard drive<br />
* vg1: 596 GB software RAID1 (contains caffeine):<br />
** 2 &times; 640 GB Western-Digital Caviar Blue SATA hard drive<br />
<br />
==== Services ====<br />
<br />
* [[Virtualization#Linux_Container|Linux containers]]; see [[#caffeine|caffeine]], [[#mail|mail]], [[#munin|munin]]<br />
<br />
== ''mail'' ==<br />
<br />
mail is the CSC's mail server. It hosts mail delivery, imap(s), smtp(s), and mailman. It is also syscom-only. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* [[Mail]] services<br />
* mailman (web interface at [http://mailman.csclub.uwaterloo.ca/])<br />
* [[Webmail]]<br />
* [[ceo]] daemon<br />
<br />
== ''psilodump'' ==<br />
<br />
psilodump is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling phlogiston, host disk shelves exported as iSCSI block devices.<br />
<br />
==== Specs ====<br />
<br />
== ''phlogiston'' ==<br />
<br />
phlogiston is a NetApp FAS3000 series fileserver donated by CSCF. It, along with its sibling psilodump, host disk shelves exported as iSCSI block devices.<br />
<br />
phlogiston is turned off and should remain that way. It is misconfigured to have its drives overlap with those owned by psilodump, and if it is turned on, it will likely cause irreparable data loss.<br />
<br />
==== Specs ====<br />
<br />
== ''sodium-benzoate'' ==<br />
<br />
Sodium-benzoate is our previous mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
* Intel Xeon Quad Core E5405 @ 2.00 GHz<br />
* 16GB RAM<br />
* vg0: 228 GB block device behind DELL PERC 6/i (contains root partition)<br />
* mirror: ~14 TB block device behind DELL PERC 6/i (contains mirror)<br />
** 8 &times; 2 TB hard drive (RAID-5)<br />
<br />
After several disk failures and RMAs, the mirror array was accidentally rebuilt using some of the 4TB drives purchased for the new mirror. They do not work properly with sodium-benzoate because the RAID controller does not support 4TB drives and only exposes part of the storage. At some point we will need to rebuild the array using the 2TB disks again.<br />
<br />
Space disks are currently in the office underneath maltodextrin.<br />
<br />
== ''potassium-benzoate'' ==<br />
<br />
potassium-benzoate is our mirror server, funded by MEF.<br />
<br />
==== Specs ====<br />
<br />
Coming soon.<br />
<br />
Drives: See [[Potassium-Benzoate_Drives|Potassium-Benzoate Drives]]<br />
<br />
==== Services ====<br />
<br />
* [[Mirror]]<br />
* [[Talks]] mirror<br />
* [[Debian_Repository|CSClub packages repository]]<br />
<br />
== ''munin'' ==<br />
<br />
munin is a syscom-only monitoring and accounting machine. It is a [[Virtualization#Linux_Containers|Linux container]] at present.<br />
<br />
==== Specs ====<br />
<br />
* currently hosted on [[#glomag|glomag]]<br />
<br />
==== Services ====<br />
<br />
* [http://munin.csclub.uwaterloo.ca munin] systems monitoring daemon<br />
<br />
= Other =<br />
<br />
== ''goto80'' ==<br />
<br />
This is a small ARM machine we picked up in order to have similar hardware to the Real Time Operating Systems (CS 452) course. It has a [[TS-7800_JTAG|JTAG]] interface. Location unknown.<br />
<br />
==== Specs ====<br />
<br />
* 500 MHz Feroceon (ARM926ej-s compatible) processor<br />
* ARMv5TEJ architecture<br />
<br />
Use -march=armv5te -mtune=arm926ej-s options to GCC.<br />
<br />
For information on the TS-7800's hardware see here:<br />
http://www.embeddedarm.com/products/board-detail.php?product=ts-7800<br />
<br />
== ''binaerpilot'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Tobi expansion board. It is currently attached to corn-syrup in the machine room and even more currently turned off until someone can figure out what is wrong with it.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''anamanaguchi'' ==<br />
<br />
This is a Gumstix Overo Tide CPU on a Chestnut43 expansion board. It is currently in the hardware drawer in the CSC.<br />
<br />
==== Specs ====<br />
<br />
* TI OMAP 3530 750Mhz (ARM Cortex-A8)<br />
* 512MB RAM<br />
<br />
== ''digital cutter'' ==<br />
<br />
See [[Digital Cutter|here]].<br />
<br />
== ''mathnews'' ==<br />
<br />
[[#dextrose|dextrose]] hosts a container which serves as the mathNEWS webserver. It is administered by mathNEWS, as a pilot for providing containers to select groups who have more specialized demands than the general-use infrastructure can meet.<br />
<br />
= Decommissioned =<br />
<br />
== ''Lisp machine'' ==<br />
<br />
A Symbolics XL1200 Lisp machine. Donated to a new home when we couldn't get it working.<br />
<br />
http://www.globalnerdy.com/2008/12/03/symbolics-xl1200-lisp-machine-free-to-a-good-home/ for some history on this hardware.<br />
<br />
==== Specs ====<br />
<br />
Currently inoperable due to (at least) a missing console cable.<br />
<br />
== ''ginseng'' ==<br />
<br />
Ginseng used to be our fileserver, before aspartame and the netapp took over.<br />
<br />
==== Specs ====<br />
<br />
* Intel Pentium Dual Core E2180<br />
* 8GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/s3000ah_tps_1_1.pdf Intel S3000AHV Motherboard]<br />
* 4 &times; 640 GB Western-Digital Caviar Blue in [http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_10_.28RAID_1.2B0.29 RAID 10] behind a [http://www.3ware.com/products/serial_ata2-9650.asp 3ware 9650SE RAID card].<br />
[[Category:Hardware]]<br />
<br />
== ''calum'' ==<br />
<br />
The server from back before recorded memory.<br />
<br />
== ''paza'' ==<br />
<br />
An iMac G3 that was used as a dumb terminal.<br />
<br />
==== Specs ====<br />
<br />
* 233Mhz PowerPC 740/750<br />
* 96 MB RAM<br />
<br />
== ''romana'' ==<br />
<br />
Romana was a BeBox that has been in the CSC's possession since long before BeOS became defunct.<br />
<br />
Confirmed on March 19th, 2016 to be fully functional. An SSHv1 compatible client was installed from http://www.abstrakt.ch/be/ and a compatible firewalled daemon was started on Sucrose (living in /root, prefix is /root/ssh-romana). The insecure daemon is to be used a bastion host to jump to hosts only supporting >=SSHv2. The mail daemon on the BeBox has also been configured to send mail through mail.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 2 PowerPC based processors<br />
* Stylish Blinken processor-load lights<br />
<br />
== ''sodium-citrate'' ==<br />
<br />
Sodium-citrate was an SGI O2 machine.<br />
<br />
In order to net boot you need to set /proc/sys/net/ipv4/ip_no_pmtu_disc to 1. When the O2 boots, hit F5 at the boot menu and type bootp():.<br />
<br />
==== Specs ====<br />
* SGI O2 MIPS processor<br />
* 423 MB (?) RAM<br />
* 2 &times; 2 GB hard drive<br />
<br />
== ''acesulfame-potassium'' ==<br />
<br />
An old office terminal.<br />
<br />
==== Specs ====<br />
* Intel Pentium 4 2.67GHz<br />
* 1GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/ABIT_VT7.pdf ABIT VT7] Motherboard<br />
* ATI Radeon 7000<br />
<br />
== ''skynet'' ==<br />
<br />
skynet was a Sun E6500 machine donated by Sanjay Singh. It was never fully set up.<br />
<br />
==== Specs ====<br />
<br />
* 15 full CPU/memory boards<br />
** 2x UltraSPARC II 464MHz / 8MB Cache Processors<br />
** ??? RAM?<br />
* 1 I/O board (type=???)<br />
** ???x disks?<br />
* 1 CD-ROM drive<br />
<br />
* [http://mirror.csclub.uwaterloo.ca/csclub/sun_e6500/ent6k.srvr/ e6500 documentation (hosted on mirror, currently dead link)]<br />
* [http://docs.oracle.com/cd/E19095-01/ent6k.srvr/ e6500 documentation (backup link)]<br />
* [http://www.e6500.com/ e6500]<br />
<br />
== ''freebsd'' ==<br />
<br />
FreeBSD was a virtual machine with FreeBSD installed.<br />
<br />
==== Services ====<br />
<br />
* Newer software<br />
<br />
== ''rainbowdragoneyes'' ==<br />
<br />
Rainbowdragoneyes was our Lemote Fuloong MIPS machine. This machine is aliased to rde.csclub.uwaterloo.ca.<br />
<br />
==== Specs ====<br />
<br />
* 800MHz MIPS Loongson 2f CPU<br />
<br />
== ''denardo'' ==<br />
<br />
Due to some instability, general uselessness, and the acquisition of a more powerful SPARC machine from MFCF, denardo was decommissioned in February 2015.<br />
<br />
==== Specs ====<br />
<br />
* Sun Fire V210<br />
* TI UltraSparc IIIi (Jalapeño)<br />
* 2 GB RAM<br />
* 160 GB RAID array<br />
* ALOM on denardo-alom.csclub can be used to power machine on/off<br />
<br />
<br />
== ''artificial-flavours'' ==<br />
<br />
Artificial-flavours was our secondary (backup services) server. It used to be an office terminal. It was decommissioned in February 2015 and transferred to the ownership of Women in Computer Science (WiCS).<br />
<br />
==== Specs ====<br />
<br />
* Intel Celeron 3.2GHz<br />
* 2GB RAM<br />
* [http://csclub.uwaterloo.ca/misc/manuals/Biostar_P4M80-M4.pdf Biostar P4M80-M4] Motherboard<br />
* Western-Digital 80 GB ATA hard drive<br />
<br />
= UPS =<br />
<br />
All of the machines in the machine room are connected to one of our UPSs.<br />
<br />
Two of our UPSs can be monitored via CSCF:<br />
<br />
* mc-3015-g7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=722)<br />
* mc-3015-h7-ups-1.cs.uwaterloo.ca (http://cacti.cscf.uwaterloo.ca/cacti/graph_view.php?action=tree&tree_id=11&leaf_id=723)<br />
<br />
If these two UPSs throw alerts, the CSCF helpdesk will be alerted and they should alert us. Their status can be monitored via [[SNMP]].</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=IPMI101&diff=3897IPMI1012016-01-03T10:03:53Z<p>Jxpryde: </p>
<hr />
<div>= Guide to IPMI (IPMI 101) =<br />
<br />
IPMI is a necessary evil. Let’s learn to make the best of it.<br />
<br />
== Setting up IPMI ==<br />
<br />
# Install ipmitool<br />
<br />
<pre># apt-get install ipmitool</pre><br />
<ol start="2" style="list-style-type: decimal;"><br />
<li>Load IPMI modules (they are included in most upstream kernels)</li></ol><br />
<br />
You may also need a kernel module specific to your motherboard’s manufacture as some BMC/LOMs do not conform to IPMI spec and thus need a translation layer.<br />
<br />
<pre># modprobe ipmi_*</pre><br />
<ol start="3" style="list-style-type: decimal;"><br />
<li>Locally connect to the <code>/dev/ipmi</code> interface</li></ol><br />
<br />
<pre># ipmitool shell<br />
&gt; help<br />
&gt; mc info</pre><br />
== Securing IPMI ==<br />
<br />
Note that root on the machine is root on the BMC and vice versa.<br />
<br />
# User administration<br />
<br />
(re)set the password, rename the admin account to root and delete any extra users as they can have surprising privilege. You may have to use the BMC’s web interface delete accounts.<br />
<br />
<pre># ipmitool shell<br />
&gt; user list 1<br />
ID Name ...<br />
2 ADMIN ...<br />
&gt; user set password 2<br />
User id 2: *******<br />
User id 2: *******<br />
&gt; user set username 2 root<br />
&gt; user disable $other_user_ids</pre><br />
<ol start="2" style="list-style-type: decimal;"><br />
<li>Disable NULL password and cipher suite 0</li></ol><br />
<br />
Note that the $channel is usually 0 but can range from 0-10 and there can be multiple NICs and so multiple channels to fix.<br />
<br />
<pre># ipmitool shell<br />
&gt; lan print $channel<br />
&gt; lan set $channel auth ADMIN MD5<br />
&gt; lan set $channel auth CALLBACK MD5<br />
&gt; lan set $channel auth USER MD5<br />
&gt; lan set $channel auth OPERATOR MD5<br />
&gt; lan set $channel cipher_privs XXXaXXXXXXXXXXX<br />
&gt; lan print $channel</pre><br />
== Configuring networking ==<br />
<br />
Note once again that there are sometimes multiple channels, to find the correct channel it is helpful to use either trial and error and/or an ARP scanner to find the correct MAC address. Usually the channel is 0 but I have seen 1, 8 and 17. Especially when there are multiple NICs.<br />
<br />
<pre># ipmitool shell<br />
&gt; lan print $channel<br />
&gt; lan set $channel ipsrc static<br />
&gt; lan set $channel ipaddr 10.15.134.?<br />
&gt; lan set $channel defgw ipaddr 10.15.134.1<br />
&gt; lan set $channel netmask 255.255.255.0<br />
// if you have vlan tagging enabled on the switch port, useful for a shared NIC<br />
&gt; lan set $channel vlan id 520</pre><br />
== Configuring Serial over LAN ==<br />
<br />
To enable serial over LAN you need to ensure that it is enabled in your BIOS or EFI setup utility and further note the baud rate. 115200 is used as an example below. Note that GRUB is the only boot loader that takes input via serial properly, in my experience. Syslinux failed horribly on corn-syrup.<br />
<br />
In /etc/default/grub include:<br />
<br />
<pre>GRUB_CMDLINE_LINUX=&quot;console=tty1 console=ttyS1,115200n8&quot;<br />
<br />
GRUB_TERMINAL_INPUT=&quot;console serial&quot;<br />
GRUB_TERMINAL_OUTPUT=&quot;console serial&quot;<br />
GRUB_SERIAL_COMMAND=&quot;serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1&quot;</pre><br />
and then run:<br />
<br />
<pre>// on debian based distros<br />
// Yay, Debian magic :\<br />
# update-grub<br />
// on upstream packages (Arch, Fedora, etc.)<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
# reboot</pre></div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=IPMI101&diff=3896IPMI1012016-01-03T10:01:49Z<p>Jxpryde: First draft of IPMI101</p>
<hr />
<div>= Guide to IPMI (IPMI 101) =<br />
<br />
IPMI is a necessary evil. Let’s learn to make the best of it.<br />
<br />
== Setting up IPMI ==<br />
<br />
# Install ipmitool<br />
<br />
<pre># apt-get install ipmitool</pre><br />
<ol start="2" style="list-style-type: decimal;"><br />
<li>Load IPMI modules (they are included in most upstream kernels)</li></ol><br />
<br />
You may also need a kernel module specific to your motherboard’s manufacture as some BMC/LOMs do not conform to IPMI spec and thus need a translation layer.<br />
<br />
<pre># modprobe ipmi_*</pre><br />
<ol start="3" style="list-style-type: decimal;"><br />
<li>Locally connect to the <code>/dev/ipmi</code> interface</li></ol><br />
<br />
<pre># ipmitool shell<br />
&gt; help<br />
&gt; mc info</pre><br />
== Securing IPMI ==<br />
<br />
Note that root on the machine is root on the BMC and vice versa.<br />
<br />
# User administration<br />
<br />
(re)set the password, rename the admin account to root and delete any extra users as they can have surprising privilege. You may have to use the BMC’s web interface delete accounts.<br />
<br />
<pre># ipmitool shell<br />
&gt; user list 1<br />
ID Name ...<br />
2 ADMIN ...<br />
&gt; user set password 2<br />
User id 2: *******<br />
User id 2: *******<br />
&gt; user set username 2 root<br />
&gt; user disable $other_user_ids</pre><br />
<ol start="2" style="list-style-type: decimal;"><br />
<li>Disable NULL password and cipher suite 0</li></ol><br />
<br />
Note that the $channel is usually 0 but can range from 0-10 and there can be multiple NICs and so multiple channels to fix.<br />
<br />
<pre># ipmitool shell<br />
&gt; lan print $channel<br />
&gt; lan set $channel auth ADMIN MD5<br />
&gt; lan set $channel auth CALLBACK MD5<br />
&gt; lan set $channel auth USER MD5<br />
&gt; lan set $channel auth OPERATOR MD5<br />
&gt; lan set $channel XXXaXXXXXXXXXXX<br />
&gt; lan print $channel</pre><br />
== Configuring networking ==<br />
<br />
Note once again that there are sometimes multiple channels, to find the correct channel it is helpful to use either trial and error and/or an ARP scanner to find the correct MAC address. Usually the channel is 0 but I have seen 1, 8 and 17. Especially when there are multiple NICs.<br />
<br />
<pre># ipmitool shell<br />
&gt; lan print $channel<br />
&gt; lan set $channel ipsrc static<br />
&gt; lan set $channel ipaddr 10.15.134.?<br />
&gt; lan set $channel defgw ipaddr 10.15.134.1<br />
&gt; lan set $channel netmask 255.255.255.0<br />
// if you have vlan tagging enabled on the switch port, useful for a shared NIC<br />
&gt; lan set $channel vlan id 520</pre><br />
== Configuring Serial over LAN ==<br />
<br />
To enable serial over LAN you need to ensure that it is enabled in your BIOS or EFI setup utility and further note the baud rate. 115200 is used as an example below. Note that GRUB is the only boot loader that takes input via serial properly, in my experience. Syslinux failed horribly on corn-syrup.<br />
<br />
In /etc/default/grub include:<br />
<br />
<pre>GRUB_CMDLINE_LINUX=&quot;console=tty1 console=ttyS1,115200n8&quot;<br />
<br />
GRUB_TERMINAL_INPUT=&quot;console serial&quot;<br />
GRUB_TERMINAL_OUTPUT=&quot;console serial&quot;<br />
GRUB_SERIAL_COMMAND=&quot;serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1&quot;</pre><br />
and then run:<br />
<br />
<pre>// on debian based distros<br />
// Yay, Debian magic :\<br />
# update-grub<br />
// on upstream packages (Arch, Fedora, etc.)<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
# reboot</pre></div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Main_Page&diff=3895Main Page2016-01-03T09:43:18Z<p>Jxpryde: /* Guides */</p>
<hr />
<div>This is the Wiki of the [[Computer Science Club]]. Feel free to start adding pages and information.<br />
<br />
[[Special:AllPages]]<br />
<br />
== Guides ==<br />
<div style="-webkit-column-count:3; -moz-column-count:3; column-count:3;"><br />
* [[ New Member Guide]]<br />
* [[Budget Guide]]<br />
* [[Club Hosting]]<br />
* [[Web Hosting]]<br />
* [[Exec Manual]]<br />
* [[Imapd Guide]]<br />
* [[MEF Guide]]<br />
* [[Office Policies]]<br />
* [[Office Staff]]<br />
* [[How to IRC]]<br />
* [[Talks Guide]]<br />
* [[SCS Guide]]<br />
* [[Kerberos | Password Reset ]]<br />
* [[Disk Drive RMA Process]]<br />
* [[ IPMI101 ]]<br />
</div><br />
<br />
== News and Events ==<br />
<div style="-webkit-column-count:3; -moz-column-count:3; column-count:3;"><br />
* [[Meetings]]<br />
* [[Talks]]<br />
* [[Projects]]<br />
* [[Industry Opportunities]]<br />
</div><br />
<br />
== Machine/System Documentation ==<br />
<div style="-webkit-column-count:3; -moz-column-count:3; column-count:3;"><br />
* [[Authentication]]<br />
* [[Backups]]<br />
* [[ceo]]<br />
* [[DNS]]<br />
* [[Debian Repository]]<br />
* [[Digital Cutter]]<br />
* [[Directory Services]]<br />
* [[Electronics]]<br />
* [[Hardware]]<br />
* [[Kerberos]]<br />
* [[Machine List]]<br />
* [[Mail]]<br />
* [[Mailing Lists]]<br />
* [[Mirror]]<br />
* [[Music]]<br />
* [[MySQL]]<br />
* [[NetApp]]<br />
* [[Network]]<br />
* [[New CSC Machine]]<br />
* [[NFS/Kerberos]]<br />
* [[OID Assignment]]<br />
* [[Printing]]<br />
* [[Pulseaudio]]<br />
* [[Robot Arm]]<br />
* [[Scratch]]<br />
* [[SNMP]]<br />
* [[Serial Connections]]<br />
* [[SSL]]<br />
* [[Switches]]<br />
* [[Syscom Todo]]<br />
* [[Systems Committee]]<br />
* [[UID/GID Assignment]]<br />
* [[Webcams]]<br />
* [[Webmail]]<br />
* [[Website]]<br />
* [[Virtualization (LXC Containers)]]<br />
</div><br />
<br />
== Miscellaneous ==<br />
<div style="-webkit-column-count:3; -moz-column-count:3; column-count:3;"><br />
* [[Budget]]<br />
* [[Executive]]<br />
* [[Past Executive]]<br />
* [[Frosh]]<br />
* [[History]]<br />
* [[Library]]<br />
* [[MEF Proposals]]<br />
* [[Term Notes]]<br />
</div> __NOTOC__</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=NetApp&diff=3890NetApp2015-12-17T02:45:59Z<p>Jxpryde: Raid correction</p>
<hr />
<div>As of Fall 2013, the CSC has a NetApp FAS3000 series which is capable of hosting network shares. It was donated to us by CSCF. It is also pretty old. Like, Pentium IV old.<br />
<br />
==Documentation==<br />
All the manuals are hosted in ~sysadmin/netapp-docs/<br />
<br />
Relevant docs for storage modification are: smg.pdf, sysadmin.pdf<br />
<br />
iSCSI documentation is in ontop/bsag.pdf<br />
<br />
==Background==<br />
While the NetApp supports both NFS and CIFS, neither of these export options provide the versatility nor the options we desire of a network fileshare (for instance, no device authentication is supported). Instead, we have configured the NetApp to export iSCSI block devices to be mounted on aspartame. Therefore, aspartame now replaces ginseng as the primary CSC fileserver.<br />
<br />
===Terminology===<br />
* '''Filer:''' the controller unit for the NetApp. Currently psilodump.<br />
* '''Disk shelf:''' where the physical disks live. Can be plugged into a filer or directly into another machine.<br />
* '''RAID:''' "Redundant Array of Independent Disks", used to improve reliability and protect against disk failures.<br />
* '''RAID-DP:''' "Double Parity" RAID, similar to RAID6 (this is probably RAID4 with two parity disks, but the result is the same). It uses two parity disks and can survive up to two disk failures before degradation.<br />
* '''aggr:''' An aggregate of disks. This is a list of physical disks, similar to selecting the physical devices used for LVM.<br />
* '''vol:''' A volume consisting of some space on an aggregate. In general, we use the whole aggregate for a volume. RAID level is set at the volume. Similar to an LVM volume group.<br />
* '''lun:''' "Logical Unit Number" The LUN is a device addressed by the SCSI protocol, and looks like a disk to the user. We usually use the whole volume for a single LUN. This is similar to an LVM logical volume.<br />
<br />
===Common Commands===<br />
aggr status -r aggr_name<br />
Shows aggregate status<br />
disk show -v<br />
Shows disks, and which filer they are owned by (currently all by psilodump)<br />
storage<br />
storage related things<br />
disk assign<br />
Assigns orphaned disks to a filer<br />
vol<br />
Volume stuffs<br />
<br />
==NetApp Configuration==<br />
Should aspartame get totally hosed, or stability is long enough such that all sysadmin folk at the time have graduated, here is how to access, configure, and complete set up iSCSI on the NetApp+aspartame.<br />
<br />
===Access===<br />
Configuration mechanisms are accessible via SSH or serial interface, but through aspartame only, which the machine is directly plugged into. The NetApp is not visible on 134net at all.<br />
<br />
The private IP is 10.15.134.130, only available from aspartame on the interface with IP 10.15.134.1. You may have to remove the default route from the routing table in order to successfully contact the machine with ssh.<br />
<br />
===Disk information===<br />
* shelf 1<br />
** 14x136GB 10,000RPM FibreChannel disks<br />
** Currently disconnected, could be connected to psilodump or directly to another machine.<br />
* shelf 2<br />
** 14x136GB 10,000RPM FibreChannel disks<br />
** Currently assigned to psilodump<br />
* shelf 3<br />
** 14x500GB 7,200RPM ATA disks<br />
** Currently assigned to psilodump<br />
* shelf 4<br />
** 14x500GB 7,200RPM ATA disks<br />
** Currently assigned to psilodump<br />
<br />
====Aggregates====<br />
* aggr0<br />
** Root aggregate volume, in RAID-DP<br />
* aggr1<br />
** Music aggregate volume, in RAID-DP<br />
* aggr2<br />
** Users aggregate volume, in RAID-DP<br />
* aggr3<br />
** Backups volume for CSC videos, in RAID-DP<br />
<br />
====Volumes====<br />
* /vol/vol0<br />
** Root volume.<br />
* /vol/vol1music<br />
** Music volume. This volume is not accessible via NFS or CIFS. It contains only the iSCSI LUN /vol/vol1music/lun0 .<br />
* /vol/vol2users<br />
** Users volume. This volume is not accessible via NFS or CIFS. It contains only the iSCSI LUN /vol/vol2users/lun0 .<br />
* /vol/vol3backup<br />
** Backup volume for videos. This volume is not accessible via NFS or CIFS. It contains only the iSCSI LUN /vol/vol3backup/lun0 .<br />
<br />
===Enabling iSCSI and Auth (one-time setup)===<br />
<br />
Enable iSCSI and configure default authentication.<br />
<br />
options iscsi.enable on<br />
iscsi nodename iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
iscsi security default -s CHAP -p yoursecurepassword -n psilodump<br />
<br />
where yoursecurepassword is more secure. For iSCSI hosts, the target will be on node iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca with username psilodump and password yoursecurepassword.<br />
<br />
===Setting up a new disk aggregate, volume, and LUN===<br />
<br />
1. Login to the NetApp. You'll either need access to the physical serial console or to ssh as root to psilodump's private IP (10.15.134.130). Credentials are stored in /users/sysadmin .<br />
<br />
2. To get information on the available disks, run the command:<br />
aggr status -r<br />
This command will return three lists: Active aggregates with their assigned disks, spare disks, and disks managed by the partner. An aggregate is roughly equivalent to an LVM volume group: It is a collection of physical disks, possibly across multiple disk shelves and with various RAID levels applied, which may host one or more logical volumes.<br />
Do not proceed if there are fewer than three spare disks of each type available. Refer to the NetApp documentation to add more disks or release disks from existing aggregates.<br />
<br />
3. Choose a list of disks for your new aggregate. The available space will be approximately 2/3 of the total disk space.<br />
<br />
4. Create the aggregate as follows:<br />
aggr create aggrN -t raid_dp -d [disk-list]<br />
<br />
where [disk-list] is a list of the form AA:BB CC:DD ... containing the identifiers for the disks you wish to use to create the aggregate.<br />
<br />
5. Retrieve the aggregate information. You will need to know the available space for the next step.<br />
aggr show_space aggrN<br />
<br />
6. Create a volume in the aggregate:<br />
vol create volNfoo -s volume aggrN XXXK<br />
<br />
where XXX is the total available space in aggrN. You may need to choose a smaller number due to hidden size constraints and rounding. If you can't seem to find the right size, pick one much smaller, and then use the command <br />
<br />
vol size volNfoo +XXX<br />
<br />
to grow the volume. This command will tell you how much available space remains, unlike `vol create`, so you don't need to keep guessing.<br />
<br />
7. Disable snapshotting and access time update. Neither will be needed for exporting an iSCSI LUN.<br />
vol options volNfoo no_atime_update on<br />
vol options volNfoo nosnap on<br />
snap reserve volNfoo 0<br />
<br />
8. Create a LUN on your volume:<br />
lun create -s XXXK -t linux /vol/volNfoo/lun0<br />
<br />
where XXXK is the amount of available space on the volume, as shown by the command df.<br />
<br />
9. Create an iSCSI initiator group and add all of your hosts to it:<br />
igroup create -i -t linux volNfoo_group<br />
igroup add volNfoo_group iqn.1993-08.org.debian:01:123456789<br />
igroup add volNfoo_group iqn.1993-08.org.debian:01:981287231<br />
...<br />
<br />
The node identifiers given to the igroup add command will soon be able to access the iSCSI LUN you created above.<br />
<br />
10. Map the LUN to the iSCSI initiator group:<br />
lun map /vol/volNfoo/lun0 volNfoo_group<br />
<br />
You're done! Any host in the initiator group should now be able to access the LUN you've created as a block device.<br />
<br />
==Host Configuration==<br />
<br />
<br />
===aspartame Configuration===<br />
Install open-iscsi:<br />
apt-get install open-scsi<br />
<br />
Edit /etc/iscsi/iscsid.conf:<br />
node.startup = manual<br />
discovery.sendtargets.auth.authmethod=CHAP<br />
discovery.sendtargets.auth.username=username<br />
discovery.sendtargets.auth.password=password<br />
node.session.auth.authmethod=CHAP<br />
node.session.auth.username=username<br />
node.session.auth.password=password<br />
<br />
Start open-iscsi service:<br />
service open-iscsi start<br />
<br />
Scan for iSCSI devices from the NetApp:<br />
iscsiadm --mode discovery --type st --portal psilodump<br />
<br />
This should dump out a ton of information, for example:<br />
[fe80::XXXX:XXXX:XXXX:XXXX]:3260,2001 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
[fe80::XXXX:XXXX:XXXX:XXXX]:3260,2000 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
[fe80::XXXX:XXXX:XXXX:XXXX]:3260,2002 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
[fe80::XXXX:XXXX:XXXX:XXXX]:3260,1000 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
10.15.134.131:3260,2002 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
129.97.134.131:3260,2001 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
10.15.134.130:3260,2000 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
129.97.134.130:3260,1000 iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca<br />
<br />
The .130 IPs correspond to one filer, and the .131 IPs correspond to the other filer. Currently we are only using one of the filers (psilodump).<br />
<br />
This also populates the /etc/iscsi/nodes/iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca directory with all possible ways to access the NetApp. For testing purposes (i.e. node.startup = manual), this is okay.<br />
<br />
Test to see if you can get the iSCSI device to show up correctly:<br />
iscsiadm --mode node --targetname "iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca" --portal 10.15.134.130:3260 --login<br />
<br />
This should produce output similar to:<br />
Logging in to [iface: default, target: iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca, portal: 10.15.134.130,3260]<br />
Login to [iface: default, target: iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca, portal: 10.15.134.130,3260]: successful<br />
<br />
Check /dev/disk/by-path/ip* to ensure new disks show up:<br />
# ls -l /dev/disk/by-path/ip*<br />
/dev/disk/by-path/ip-10.15.134.130:3260-iscsi-iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca-lun-0 -> ../../sda<br />
/dev/disk/by-path/ip-10.15.134.130:3260-iscsi-iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca-lun-0-part1 -> ../../sda1<br />
/dev/disk/by-path/ip-10.15.134.130:3260-iscsi-iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca-lun-1 -> ../../sdb<br />
/dev/disk/by-path/ip-10.15.134.130:3260-iscsi-iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca-lun-1-part1 -> ../../sdb1<br />
<br />
If this fails, check all your configuration again.<br />
<br />
If this succeeds, you are now ready to try autoconnecting the iSCSI device.<br />
<br />
Delete all extraneous entries from /etc/iscsi/nodes/iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca . This prevents the startup script from (a) hanging, and (b) being very upset. All that is left should be the interface you intend to connect through:<br />
# ls -l /etc/iscsi/nodes/iqn.1992-08.com.netapp:psilodump.csclub.uwaterloo.ca/<br />
10.15.134.130,3260,2000<br />
<br />
Edit /etc/iscsi/iscsid.conf:<br />
node.startup = automatic<br />
<br />
For the init.d script to work correctly (i.e. properly mount things) we need to add a sleep to allow the device to settle:<br />
Edit /etc/init.d/open-iscsi roughly around line 127 to add a "sleep 1":<br />
...<br />
# Now let's mount<br />
sleep 1<br />
log_daemon_msg "Mounting network filesystems"<br />
MOUNT_RESULT=1<br />
if mount -a -O _netdev >/dev/null 2>&1; then<br />
MOUNT_RESULT=0<br />
break<br />
fi<br />
log_end_msg $MOUNT_RESULT<br />
...<br />
<br />
Now we can restart the service:<br />
service open-iscsi restart<br />
<br />
Now you can configure partitions and mountpoints.<br />
<br />
===Exporting Kerberized NFS from Debian Sid===<br />
<br />
The default kernel in Debian sid (stable, 2.6.32) does not support the necessary crypto suites to export kerberized NFS to newer kernels. You MUST upgrade the kernel, nfs-common, and nfs-kernel-server packages to AT LEAST squeeze-backports.<br />
<br />
===iSCSI block device mount optimizations===<br />
<br />
tmyklebu made some changes to /sys/block/sda/queue. The following is now in /etc/rc.local on aspartame:<br />
<br />
echo 2048 > /sys/block/sda/queue/read_ahead_kb<br />
echo 32768 > /sys/block/sda/queue/max_sectors_kb<br />
echo 4096 > /sys/block/sda/queue/nr_requests<br />
echo noop > /sys/block/sda/queue/scheduler<br />
<br />
We should increase the iSCSI configs node.session.queue_depth and node.session.cmds_max during next maintenance window.<br />
<br />
===Transferring old files from ginseng===<br />
<br />
====Method A====<br />
<br />
* On ginseng, use parted to set up the mounted iscsi drive as an ext4 primary partition (setting up a partition of size >2TB requires care and a GPT)<br />
* Compiled star in /root on ginseng<br />
* Transferred files with the following Makefile (assuming original user directories in /export/users, destination volume in /mnt/iscsi, make -j8):<br />
foo := $(wildcard /export/users/*)<br />
bar := $(patsubst /export/users/%,/mnt/iscsi/%,$(foo))<br />
all: $(bar)<br />
/mnt/iscsi/%: /export/users/%<br />
# echo $@ $<<br />
~/star-1.5.2/star/OBJ/x86_64-linux-cc/star \<br />
-copy -p -acl artype=exustar \<br />
-C /export/users $(notdir $<) /mnt/iscsi<br />
<br />
====Method B====<br />
<br />
* On ginseng, authenticate with iSCSI target (psilodump.csclub.uwaterloo.ca lun0).<br />
* Umount /dev/mapper/vg0-users<br />
* Copy users filesystem directly to iSCSI target:<br />
dd if=/dev/mapper/vg0-users of=/path/to/psilodump:lun0 bs=8M<br />
* Resize users filesystem on destination partition to fit:<br />
resize2fs /path/to/psilodump:lun0</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=SNMP&diff=3886SNMP2015-12-16T18:21:45Z<p>Jxpryde: /* UPS */</p>
<hr />
<div>= UPS =<br />
<br />
We can monitor two of our UPSs via SNMP from any host on our 10.15.134.0/24 subnet (see [[Machine_List#UPS|Machine List]]):<br />
<br />
== Debian Setup ==<br />
<br />
Install snmp and snmp-mibs-downloader (note: snmp-mibs-downloader is not available in stretch repository, so just download the deb from sid).<br />
<br />
Download https://nagios.cscf.uwaterloo.ca/kiosk/powernet416.mib and place it in /usr/share/snmp/mibs<br />
<br />
Run `download-mibs`<br />
<br />
== Getting Status ==<br />
<br />
snmpget -v 1 -c MSO mc-3015-h7-ups-1.cs.uwaterloo.ca PowerNet-MIB::upsBasicOutputStatus.0<br />
<br />
This will return something like:<br />
<br />
PowerNet-MIB::upsBasicOutputStatus.0 = INTEGER: onLine(2)</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Network&diff=3881Network2015-12-16T16:40:29Z<p>Jxpryde: /* 10.15.134.0/24 (VLAN: 520) */</p>
<hr />
<div>Networks assigned to Math Student Org Net.<br />
<br />
== Assigned Subnets ==<br />
<br />
=== 129.97.134.0/24 (VLAN: 134) ===<br />
<br />
* General use<br />
* Internet accessible<br />
<br />
=== 172.19.134.0/24 (VLAN: ???) ===<br />
<br />
''Does not appear to be trunked to our switches''<br />
<br />
* General use<br />
* Routing restricted to University of Waterloo campus<br />
<br />
=== 10.15.134.0/24 (VLAN: 520) ===<br />
<br />
* Private network:<br />
** Lights Out Management<br />
** Insecure devices (e.g. PDUs, KVMs, and PSUs)<br />
* Our expectation was for this to be internal traffic only, no routing to or from other subnets (this was the case up until Monday, Dec. 14 when VLAN was added to 10Gig switch for mirror transition)<br />
** jxpryde: My personal expectation was that no router had a routing table entry for this subnet, you had to be link-local. Thus, no ACL's would be necessary.<br />
<br />
=== 10.0.134.0/24 (VLAN: ???) ===<br />
<br />
''Network not listed on switch's VLAN list''<br />
<br />
A network we apparently have, that was supposed to be used for LOM.<br />
<br />
''Not currently needed, if network is laid out as we previously understood the network layout (see: 10.15.134.0/24)''</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Network&diff=3880Network2015-12-16T16:39:23Z<p>Jxpryde: /* 10.15.134.0/24 (VLAN: 520) */</p>
<hr />
<div>Networks assigned to Math Student Org Net.<br />
<br />
== Assigned Subnets ==<br />
<br />
=== 129.97.134.0/24 (VLAN: 134) ===<br />
<br />
* General use<br />
* Internet accessible<br />
<br />
=== 172.19.134.0/24 (VLAN: ???) ===<br />
<br />
''Does not appear to be trunked to our switches''<br />
<br />
* General use<br />
* Routing restricted to University of Waterloo campus<br />
<br />
=== 10.15.134.0/24 (VLAN: 520) ===<br />
<br />
* Private network:<br />
** Lights Out Management<br />
** Insecure devices (e.g. PDUs, KVMs, and PSUs)<br />
* Our expectation was for this to be internal traffic only, no routing to or from other subnets (this was the case up until Monday, Dec. 14 when VLAN was added to 10Gig switch for mirror transition)<br />
** jxpryde: My personal expectation was that no router had a routing table entry for this subnet, you had to be link-local.<br />
<br />
=== 10.0.134.0/24 (VLAN: ???) ===<br />
<br />
''Network not listed on switch's VLAN list''<br />
<br />
A network we apparently have, that was supposed to be used for LOM.<br />
<br />
''Not currently needed, if network is laid out as we previously understood the network layout (see: 10.15.134.0/24)''</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Network&diff=3879Network2015-12-16T16:24:34Z<p>Jxpryde: /* 10.15.134.0/24 (VLAN: 520) */</p>
<hr />
<div>Networks assigned to Math Student Org Net.<br />
<br />
== Assigned Subnets ==<br />
<br />
=== 129.97.134.0/24 (VLAN: 134) ===<br />
<br />
* General use<br />
* Internet accessible<br />
<br />
=== 172.19.134.0/24 (VLAN: ???) ===<br />
<br />
''Does not appear to be trunked to our switches''<br />
<br />
* General use<br />
* Routing restricted to University of Waterloo campus<br />
<br />
=== 10.15.134.0/24 (VLAN: 520) ===<br />
<br />
* Private network:<br />
** Lights Out Management<br />
** Insecure devices (e.g. PDUs, KVMs, and PSUs)<br />
* Our expectation was for this to be internal traffic only, no routing to or from other subnets (this was the case up until Monday, Dec. 14 when VLAN was added to 10Gig switch for mirror transition)<br />
<br />
=== 10.0.134.0/24 (VLAN: ???) ===<br />
<br />
''Network not listed on switch's VLAN list''<br />
<br />
A network we apparently have, that was supposed to be used for LOM.<br />
<br />
''Not currently needed, if network is laid out as we previously understood the network layout (see: 10.15.134.0/24)''</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Syscom_Todo&diff=3870Syscom Todo2015-12-04T06:26:32Z<p>Jxpryde: /* When in the Machine Room */</p>
<hr />
<div>These are things that syscom should do eventually:<br />
<br />
==General==<br />
* Prepare for `sodium-benzoate` upgrades/replacement.<br />
** new-mirror has like 30 disk shelves so we can just do a live sync on the 2TB disks and then insert the 4TB ones<br />
* `/users` backups<br />
* Disaster recovery plan<br />
* Get an IP/KVM for the machine room which doesn't suck?<br />
* Sort through keyboards in the office<br />
* Clean up wiki vandalism<br />
* Fix debian.csclub, aka our personal Debian repo which serves the CEO package<br />
* Fix audio auth: audio is both a system group and an LDAP group and this has bad consequences for audio authorization<br />
* Centralized repo for various configs: NFS, PAM auth with kerb, LDAP and Kerb5, routing/interfaces files<br />
** Private subnet routing is broken on every machine ''except'' corn-syrup, taurine (see 'ethcrazy')<br />
<br />
== Wiki Updates ==<br />
<br />
* Update the following wiki pages<br />
** [[Backups]]<br />
** [[Ceo]], also related to "debian.csclub is broken"<br />
** somehow merge [[Conserver]]/[[Serial Connections]]/[[Console Configuration]]<br />
** [[Cscbot]]<br />
** [[DNS]]<br />
** [[Hardware]]<br />
** [[Machine List]]<br />
** [[Mirror]] including that rsyncd needs to be re-started after reboot. (systemctl start rsync)<br />
** [[Music]] and possibly link to [[Pulseaudio]]<br />
** [[MySQL]] mentions a-f replica<br />
** [[NFS/Kerberos]] should probably by merged with an existing page<br />
** [[NetApp]]<br />
** [[Netboot]] (might want to merge with [[New CSC Machine]])<br />
** [[OID Assignment]] and [[UID/GID Assignment]] should be merged with LDAP and replaced with a redirect<br />
** Merge [[Point Of Sale]] and [[Point of Sale System]]<br />
** [[Projects]]<br />
** [[Scratch]]<br />
** Merge [[Sun 2900]] and [[Sun 2900 Strategy Guide]]<br />
** Add more info to [[Switches]]<br />
** [[Virtualization]]<br />
** [[Webcams]] needs a serious update<br />
** [[Wireless]]<br />
<br />
==When in the Machine Room==<br />
* Set up binaerpilot.<br />
* Set up rainbowdragoneyes<br />
* Pick up paperclip to install a new OS<br />
* Make sure that the console connections are correct, up-to-date, and working.<br />
* Fix psilodump's and aspartame's IPs and routing<br />
** psilodump should not be routable outside aspartame. This is currently accomplished by fuckery. This *should* be fixed to use the net.ipv4.conf.all.arp_filter sysctl.<br />
<br />
==Science Machine Room==<br />
* Set up remote syslog2</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=NFS/Kerberos&diff=3869NFS/Kerberos2015-12-04T06:20:50Z<p>Jxpryde: /* NFS */</p>
<hr />
<div>Our user-data is stored in /users on [[Machine_List#psilodump|psilodump]] on an ISCSI volume exported to [[Machine_List#aspartame|aspartame]], which exports /users/ via NFS. Plans to add a layer of LVM abstraction so as to support regular snapshot backups of /users/ are currently in-place, but not yet fully implemented. All of our systems NFS mount /users, and most of them do so using [[Kerberos]] for authentication.<br />
<br />
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.<br />
<br />
= NFS =<br />
<br />
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.<br />
<br />
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.<br />
<br />
In November 2015, we made another attempt at mounting with NFSv4 in the office. This was a huge time suck and failed sporadically. As a result, we have returned to mounting with NFSv3. NFSv4 ACLs/mapping seem to be the culprit. NFSv4, '''just not ready'''.<br />
<br />
== Troubleshooting ==<br />
<br />
* If NFS refuses to mount, with a message similar to "Incorrect mount option was specified", ensure that the "nfs-common" service is running. This is required for Kerberos authentication with NFS.<br />
<br />
= ZFS =<br />
<br />
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page]<br />
<br />
[[Category:Services]]<br />
[[Category:Software]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=NFS/Kerberos&diff=3868NFS/Kerberos2015-12-04T06:19:57Z<p>Jxpryde: /* NFS */</p>
<hr />
<div>Our user-data is stored in /users on [[Machine_List#psilodump|psilodump]] on an ISCSI volume exported to [[Machine_List#aspartame|aspartame]], which exports /users/ via NFS. Plans to add a layer of LVM abstraction so as to support regular snapshot backups of /users/ are currently in-place, but not yet fully implemented. All of our systems NFS mount /users, and most of them do so using [[Kerberos]] for authentication.<br />
<br />
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.<br />
<br />
= NFS =<br />
<br />
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.<br />
<br />
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.<br />
<br />
In November 2015, we made another attempt at mounting with NFSv4 in the office. This was a huge time suck and failed sporadically. As a result, we have returned to mounting with NFSv3. NFSv4 ACLs/mapping seem to be the culprit. NFSv4, just not ready.<br />
<br />
== Troubleshooting ==<br />
<br />
* If NFS refuses to mount, with a message similar to "Incorrect mount option was specified", ensure that the "nfs-common" service is running. This is required for Kerberos authentication with NFS.<br />
<br />
= ZFS =<br />
<br />
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page]<br />
<br />
[[Category:Services]]<br />
[[Category:Software]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=NFS/Kerberos&diff=3867NFS/Kerberos2015-12-04T06:18:06Z<p>Jxpryde: /* NFS */</p>
<hr />
<div>Our user-data is stored in /users on [[Machine_List#psilodump|psilodump]] on an ISCSI volume exported to [[Machine_List#aspartame|aspartame]], which exports /users/ via NFS. Plans to add a layer of LVM abstraction so as to support regular snapshot backups of /users/ are currently in-place, but not yet fully implemented. All of our systems NFS mount /users, and most of them do so using [[Kerberos]] for authentication.<br />
<br />
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.<br />
<br />
= NFS =<br />
<br />
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.<br />
<br />
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.<br />
<br />
In November 2015, we made another attempt at mounting with NFSv4 in the office. This was a huge time suck and failed sporadically. As a result, we have returned to mounting with NFSv3. NFSv4 ACLs/mapping seem to be the culprit.<br />
<br />
== Troubleshooting ==<br />
<br />
* If NFS refuses to mount, with a message similar to "Incorrect mount option was specified", ensure that the "nfs-common" service is running. This is required for Kerberos authentication with NFS.<br />
<br />
= ZFS =<br />
<br />
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page]<br />
<br />
[[Category:Services]]<br />
[[Category:Software]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=NFS/Kerberos&diff=3866NFS/Kerberos2015-12-04T06:17:41Z<p>Jxpryde: </p>
<hr />
<div>Our user-data is stored in /users on [[Machine_List#psilodump|psilodump]] on an ISCSI volume exported to [[Machine_List#aspartame|aspartame]], which exports /users/ via NFS. Plans to add a layer of LVM abstraction so as to support regular snapshot backups of /users/ are currently in-place, but not yet fully implemented. All of our systems NFS mount /users, and most of them do so using [[Kerberos]] for authentication.<br />
<br />
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.<br />
<br />
= NFS =<br />
<br />
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.<br />
<br />
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.<br />
<br />
On December 3, 2015, we made another attempt at mounting with NFSv4 in the office. This was a huge time suck and failed sporadically. As a result, we have returned to mounting with NFSv3. NFSv4 ACLs/mapping seem to be the culprit.<br />
<br />
== Troubleshooting ==<br />
<br />
* If NFS refuses to mount, with a message similar to "Incorrect mount option was specified", ensure that the "nfs-common" service is running. This is required for Kerberos authentication with NFS.<br />
<br />
= ZFS =<br />
<br />
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page]<br />
<br />
[[Category:Services]]<br />
[[Category:Software]]</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Syscom_Todo&diff=3865Syscom Todo2015-12-04T06:13:43Z<p>Jxpryde: /* When in the Machine Room */</p>
<hr />
<div>These are things that syscom should do eventually:<br />
<br />
==General==<br />
* Prepare for `sodium-benzoate` upgrades/replacement.<br />
** new-mirror has like 30 disk shelves so we can just do a live sync on the 2TB disks and then insert the 4TB ones<br />
* `/users` backups<br />
* Disaster recovery plan<br />
* Get an IP/KVM for the machine room which doesn't suck?<br />
* Sort through keyboards in the office<br />
* Clean up wiki vandalism<br />
* Fix debian.csclub, aka our personal Debian repo which serves the CEO package<br />
* Fix audio auth: audio is both a system group and an LDAP group and this has bad consequences for audio authorization<br />
* Centralized repo for various configs: NFS, PAM auth with kerb, LDAP and Kerb5, routing/interfaces files<br />
** Private subnet routing is broken on every machine ''except'' corn-syrup, taurine (see 'ethcrazy')<br />
<br />
== Wiki Updates ==<br />
<br />
* Update the following wiki pages<br />
** [[Backups]]<br />
** [[Ceo]], also related to "debian.csclub is broken"<br />
** somehow merge [[Conserver]]/[[Serial Connections]]/[[Console Configuration]]<br />
** [[Cscbot]]<br />
** [[DNS]]<br />
** [[Hardware]]<br />
** [[Machine List]]<br />
** [[Mirror]] including that rsyncd needs to be re-started after reboot. (systemctl start rsync)<br />
** [[Music]] and possibly link to [[Pulseaudio]]<br />
** [[MySQL]] mentions a-f replica<br />
** [[NFS/Kerberos]] should probably by merged with an existing page<br />
** [[NetApp]]<br />
** [[Netboot]] (might want to merge with [[New CSC Machine]])<br />
** [[OID Assignment]] and [[UID/GID Assignment]] should be merged with LDAP and replaced with a redirect<br />
** Merge [[Point Of Sale]] and [[Point of Sale System]]<br />
** [[Projects]]<br />
** [[Scratch]]<br />
** Merge [[Sun 2900]] and [[Sun 2900 Strategy Guide]]<br />
** Add more info to [[Switches]]<br />
** [[Virtualization]]<br />
** [[Webcams]] needs a serious update<br />
** [[Wireless]]<br />
<br />
==When in the Machine Room==<br />
* Set up binaerpilot.<br />
* Set up rainbowdragoneyes<br />
* Pick up paperclip to install a new OS<br />
* Make sure that the IPMI/console connections are correct, up-to-date, and working.<br />
* Fix psilodump's and aspartame's IPs and routing<br />
** psilodump should not be routable outside aspartame. This is currently accomplished by fuckery. This *should* be fixed to use the net.ipv4.conf.all.arp_filter sysctl.<br />
<br />
==Science Machine Room==<br />
* Set up remote syslog2</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Syscom_Todo&diff=3864Syscom Todo2015-12-04T06:12:57Z<p>Jxpryde: /* General */</p>
<hr />
<div>These are things that syscom should do eventually:<br />
<br />
==General==<br />
* Prepare for `sodium-benzoate` upgrades/replacement.<br />
** new-mirror has like 30 disk shelves so we can just do a live sync on the 2TB disks and then insert the 4TB ones<br />
* `/users` backups<br />
* Disaster recovery plan<br />
* Get an IP/KVM for the machine room which doesn't suck?<br />
* Sort through keyboards in the office<br />
* Clean up wiki vandalism<br />
* Fix debian.csclub, aka our personal Debian repo which serves the CEO package<br />
* Fix audio auth: audio is both a system group and an LDAP group and this has bad consequences for audio authorization<br />
* Centralized repo for various configs: NFS, PAM auth with kerb, LDAP and Kerb5, routing/interfaces files<br />
** Private subnet routing is broken on every machine ''except'' corn-syrup, taurine (see 'ethcrazy')<br />
<br />
== Wiki Updates ==<br />
<br />
* Update the following wiki pages<br />
** [[Backups]]<br />
** [[Ceo]], also related to "debian.csclub is broken"<br />
** somehow merge [[Conserver]]/[[Serial Connections]]/[[Console Configuration]]<br />
** [[Cscbot]]<br />
** [[DNS]]<br />
** [[Hardware]]<br />
** [[Machine List]]<br />
** [[Mirror]] including that rsyncd needs to be re-started after reboot. (systemctl start rsync)<br />
** [[Music]] and possibly link to [[Pulseaudio]]<br />
** [[MySQL]] mentions a-f replica<br />
** [[NFS/Kerberos]] should probably by merged with an existing page<br />
** [[NetApp]]<br />
** [[Netboot]] (might want to merge with [[New CSC Machine]])<br />
** [[OID Assignment]] and [[UID/GID Assignment]] should be merged with LDAP and replaced with a redirect<br />
** Merge [[Point Of Sale]] and [[Point of Sale System]]<br />
** [[Projects]]<br />
** [[Scratch]]<br />
** Merge [[Sun 2900]] and [[Sun 2900 Strategy Guide]]<br />
** Add more info to [[Switches]]<br />
** [[Virtualization]]<br />
** [[Webcams]] needs a serious update<br />
** [[Wireless]]<br />
<br />
==When in the Machine Room==<br />
* Set up binaerpilot.<br />
* Set up rainbowdragoneyes<br />
* Pick up paperclip to install a new OS<br />
* Locate electrons<br />
** Electrons, aka the giant power bar, is sitting somewhere *near* the rack. I can't remember why it was taken down. -ehashman<br />
* Make sure that the IPMI/console connections are correct, up-to-date, and working.<br />
* Fix psilodump's and aspartame's IPs and routing<br />
** psilodump should not be routable outside aspartame. This is currently accomplished by fuckery. This *should* be fixed to use the net.ipv4.conf.all.arp_filter sysctl.<br />
* Look into expanding /scratch and using RAID using spare disks in the office.<br />
<br />
==Science Machine Room==<br />
* Set up remote syslog2</div>Jxprydehttps://wiki.csclub.uwaterloo.ca/index.php?title=Web_Hosting&diff=3858Web Hosting2015-11-05T01:04:53Z<p>Jxpryde: /* Reverse Proxy (Python, Ruby, Perl, etc.) */</p>
<hr />
<div>The CSC offers web hosting for [[Club Hosting|clubs]] and [http://csclub.uwaterloo.ca/about/ our members] in accordance with our [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. This is a quick guide for the kinds of hosting we offer on our webserver, <tt>csclub.uwaterloo.ca</tt>, also known as [[Machine List#caffeine|caffeine]].<br />
<br />
We run an Apache httpd webserver and we offer you the use of a [[MySQL|MySQL database]].<br />
<br />
== What can I host on my website? ==<br />
<br />
Web hosting is provided in accordance with the CSC [http://csclub.uwaterloo.ca/services/machine_usage Machine Usage Agreement]. As a reminder, you are '''not permitted''' to host any of the following:<br />
<br />
* '''Ads.''' Advertisements are not permitted because using our machines for commercial purposes is forbidden by university policy.<br />
* '''Your start-up's website.''' Again, commercial use of our hosting is not permitted.<br />
* '''Unauthorized copyrighted materials.''' Violating the law is a violation of our Machine Usage Agreement.<br />
<br />
Please note that '''this is not an exhaustive list. Websites may be taken down ''without notice''''' at the discretion of the Systems Committee. (We will always let you know that we took your site down, but if it is breaking our shared environment, we can't provide an advance warning.)<br />
<br />
Some great examples of things members host on our webserver:<br />
<br />
* Academic projects!<br />
* A personal website or blog!<br />
* [[Club Hosting|Club websites!]]<br />
<br />
== DNS and Your Domain Name ==<br />
<br />
You can serve files without any additional configuration by placing them in your <tt>www</tt> directory and accessing them at <tt>http://csclub.uwaterloo.ca/~userid</tt>, where <tt>userid</tt> is your CSC user ID. However, many of our members and clubs prefer to use a custom domain name.<br />
<br />
=== uwaterloo.ca domain Names ===<br />
<br />
If you represent a UWaterloo organization, you may be eligible for a custom <tt>uwaterloo.ca</tt> domain name, such as <tt>csclub.uwaterloo.ca</tt>. We can request this on your behalf.<br />
<br />
In order to do so, we must have verified that the organization is a legitimate UWaterloo-affiliated group, and that you, the representative, are authorized to request a domain name on their behalf. This all takes place when you request [[Club Hosting|club hosting]] with the Computer Science Club.<br />
<br />
Once you register as a club representative of your particular organization, you can send an email from your official club account to syscom@csclub.uwaterloo.ca to request the domain <tt>yourdomain.uwaterloo.ca</tt>. Assuming it is available, we will file a ticket and request the domain in your name.<br />
<br />
=== Your personal domain name ===<br />
<br />
These virtual hosts must be approved by the Executive and Systems Committee. If interested, send syscom@csclub.uwaterloo.ca an email. If your request is approved, the Systems Committee will direct you to create a CNAME record for your domain and point it at <tt>csclub.uwaterloo.ca</tt>.<br />
<br />
== Static Sites ==<br />
<br />
You can place all your static content into your web directory, <tt>/users/userid/www</tt>.<br />
<br />
If you have been approved for a virtual host, you can access this content using your personal domain once the Systems Committee makes the appropriate configuration changes. Here is an example configuration file:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
DocumentRoot /users/userid/www/<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
</VirtualHost><br />
<br />
== Dynamic Sites ==<br />
<br />
If you require use of a database, we offer you the sole choice of MySQL. See [[MySQL|this guide]] for how to create your database and connect to MySQL.<br />
<br />
=== ***NOTICE*** ===<br />
<br />
We '''STRONGLY''' discourage the use of content management systems such as<br />
WordPress. These packages are notorious for the number of security<br />
vulnerabilities they contain and pose a threat to our systems if they are not<br />
kept up to date. The Systems Committee '''WILL,''' at its discretion, disable<br />
any website using a package such as WordPress that is not updated to the latest<br />
version or that is found to contain exploitable security flaws. In such a case,<br />
the member or club serving that site will be notified of the termination; the<br />
site will not be re-enabled until the issues are addressed.<br />
<br />
=== Using PHP ===<br />
<br />
Because we use Apache, it's as simple as placing your <tt>index.php</tt> file in your <tt>/users/userid/www</tt>. That's it!<br />
<br />
You can even include rewrite rules in an <tt>.htaccess</tt> file in your web directory.<br />
<br />
=== Reverse Proxy (Python, Ruby, Perl, etc.) ===<br />
<br />
(In progress... Cliff Notes below)<br />
<br />
If computationally expensive, please run the server on a general-use server and proxy to Caffiene.<br />
<br />
If Python, (1) use a [http://docs.python-guide.org/en/latest/dev/virtualenvs/ virtual environment] (2) host your app (within the virtualenv) with [http://gunicorn.org/ Gunicorn] on a high port, bound to localhost<br />
<br />
If Ruby (Note, I've never used Ruby so take this with a grain of salt), use [http://unicorn.bogomips.org/ Unicorn]<br />
<br />
==== .htaccess Config ====<br />
<br />
Put the following in the appropriate .htaccess file. Replace HOST with localhost if running on Caffiene or the hostname if running elsewhere; replace port with your chosen port number.<br />
<br />
<pre><br />
Options +FollowSymLinks<br />
RewriteEngine On<br />
RewriteCond %{SCRIPT_FILENAME} !-d<br />
RewriteCond %{SCRIPT_FILENAME} !-f<br />
RewriteRule "^(.*)$ "http://HOST:RANDOM_PORT/$1" [P]<br />
</pre><br />
<br />
=== ['''Deprecated'''] Using WSGI ===<br />
<br />
We newly support <tt>mod_wsgi</tt> for dynamic frameworks you may not want to run through FCGI, such as Django. If you'd like to set up one of these sites, you'll need Systems Committee approval and assistance with the configuration. You will be responsible for setting up the site in your home directory and all the associated WSGI scripts.<br />
<br />
Here is a sample configuration file for a Django site:<br />
<br />
<VirtualHost *:80><br />
ServerName foobar.uwaterloo.ca<br />
ServerAlias *.foobar.uwaterloo.ca foobar<br />
ServerAdmin your@email.here.tld<br />
<br />
ErrorLog /var/log/apache2/luser-userid-error.log<br />
CustomLog /var/log/apache2/luser-userid-access.log combined<br />
<br />
WSGIDaemonProcess process_name python-path=your/path/here/:possibly:/users/userid/site:/users/userid/.env/...<br />
WSGIScriptAlias / /path/to/your/wsgi/script<br />
WSGIProcessGroup process_name<br />
<br />
Alias /robots.txt /path/if/necessary/robots.txt<br />
Alias /favicon.ico /path/if/necessary/favicon.ico<br />
<br />
<Directory /path/to/your/wsgi/script><br />
<Files wsgi.py><br />
Require all granted<br />
</Files><br />
</Directory><br />
</VirtualHost><br />
<br />
== Syscom ==<br />
<br />
=== Disabling insecure or infringing sites ===<br />
<br />
To disable a webspace that has known security vulnerabilities add the following snippet to `/etc/apache2/conf-available/disable-vuln-site.conf`. This rewrites all accesses of the directory or its children to the given file. Note that our disable page uses PHP to always return HTTP status code 503. (TODO: move files to somewhere in /srv)<br />
<br />
<Directory /users/$BADUSER/www><br />
AllowOverride None<br />
RewriteEngine On<br />
RewriteRule . /~sysadmin/insecure/index.php [L]<br />
</Directory></div>Jxpryde