Hacklab 2.0 Infrastructure: Difference between revisions
(→DNS) |
(→DNS) |
||
Line 17: | Line 17: | ||
= DNS = | = DNS = | ||
The Domain Name System is how computers find each other's IP address from their name. The current name for the on-premises Hacklab server is [shell.hacklab.to], which currently points to the power usage monitor through NAT (Network Address Translation). A local DNS server in the lab at [http://ns.hacklab.to] takes care of the internal lab network, for devices such as [http://laser.hacklab.to]. We are changing the internal domains to a new format like this: [http://laser.in.hacklab.to]. The external / public DNS records are served by Paul's nameserver in the Netherlands, but we still have control over the root DNS records. | The Domain Name System is how computers find each other's IP address from their name. The current name for the on-premises Hacklab server is [shell.hacklab.to], which currently points to the power usage monitor through NAT (Network Address Translation). A local DNS server in the lab at [http://ns.hacklab.to ns.hacklab.to] takes care of the internal lab network, for devices such as [http://laser.hacklab.to laser.hacklab.to]. We are changing the internal domains to a new format like this: [http://laser.in.hacklab.to laser.in.hacklab.to]. The external / public DNS records are served by Paul's nameserver in the Netherlands, but we still have control over the root DNS records. | ||
= The Hacklab Server = | = The Hacklab Server = |
Revision as of 08:19, 16 January 2019
Below is described Hacklab 2.0 (1266 Queen St. W.) infrastructure as of Jan 2019.
Overview
Hacklab.to is hosted in the Netherlands by Paul. The main webpage / blog is powered by Wordpress, a content management system (CMS). Those familiar with Wordpress usage will know where to find the login page. After logging in with your usual Hacklab Credentials, you can make changes to the public website.
Lab Network
The lab internal network is accessible to members via the members only Wifi, or by connecting to an Ethernet cable. The subnet is 192.168.111.0/24, meaning all of the IP addresses inside the lab's network will be like 192.168.111.xxx. The DHCP server is responsible for dynamically assigning addresses to devices.
LDAP
Lightweight Directory Access Protocol (LDAP) is how the lab keeps track of members and allows them to log in everywhere with the same credentials. It's a little harder to use than just a simple MySQL database of users, but it already integrates smoothly into many different software products so we continue to use it.
Hacklab.to Blog
The blog (the public facing website) uses a Wordpress plugin to check LDAP credentials of users trying to log in. The LDAP in Wordpress is set to localhost, which is just a passthough for the master LDAP which is hosted at the actual Hacklab premises (accessible though [shell.hacklab.to]).
The Wikis
The public and private wikis are hosted in the Netherlands. The PHP code, config files, plugins, media, and MySQL database are all on the Dutch server. The public wiki is currently overflowing with harmless spam accounts, which need to be deleted directly from the SQL database.
DNS
The Domain Name System is how computers find each other's IP address from their name. The current name for the on-premises Hacklab server is [shell.hacklab.to], which currently points to the power usage monitor through NAT (Network Address Translation). A local DNS server in the lab at ns.hacklab.to takes care of the internal lab network, for devices such as laser.hacklab.to. We are changing the internal domains to a new format like this: laser.in.hacklab.to. The external / public DNS records are served by Paul's nameserver in the Netherlands, but we still have control over the root DNS records.
The Hacklab Server
The physical on-premises Hacklab server is a 1U unit donated to the lab by Av. It contains 4 hard drives with about 1TB of capacity. The hard drives use the Z File system (ZFS). It contains a separate processor which takes care of physically managing the server unit (power / cooling fans / etc...) and is accessible over a web interface. It is plugged in via an uninterruptible power supply (UPS), which is a big battery to keep the server running during outages. For longer outages, the UPS is programmed to send the server a signal to shutdown gracefully, before the battery in the UPS dies. The server runs Centos 4 or 5 and run a number of Linux virtual machines using the KVM software component. Each virtual machine has a specific task, such as running the local DNS, controlling Betsy, or managing the power monitor.
Accessing the Lab Network from outside the Lab
Normally, the Lab's internal network can only be accessed from inside the lab, by connecting to the members only Wifi or plugging into an ethernet cable. We are hoping to set up a virtual private network (VPN) in Hacklab 3.0. In the meantime, you can ssh tunnel into the lab network.