Systems

From popdata
Jump to: navigation, search

Back to Systems & Security

General

A-H I-R S-Z

Machines

This list is a static copy generated at => https://pds.popdata.bc.ca/hardware/

Popdata Id: Hostname: Active: Vendor: Model: Memory (GB): Processor: Num Processors: Disk: Task: Old Task:
pd19 amundsen True HP DL360G6 28 Xeon 5540 2.52GHz 8 2x146GB KVM Server SRE/RTL/SRTL (sre49) vmware / KVM
beare False KVM 2 1 80GB + 100GB Redzone AD
cabot True KVM 4 1 80GB + 250GB (SAN) Admin: syspulse,nessus,securid,cfengine,syslog
pd1 cartier True HP DL360G5 4 Xeon 5110 1.6GHz 2 4x146GB Web: wiki, docshare, web
pd40 cartier2 True HP DL380G5 16 Xeon E5335 2.0GHz 8 2x36GB Outside Web (drupal, wordpress) bought from auction
pd6 champlain True HP DL360G5 2 Xeon 5110 1.6GHz 2 2x72GB LDAP/DNS/DHCP/Sympa cook/secondary dns/ldap, devel
pd33 cheadle True Supermicro 12 Xeon W3530 2.8GHz 4 2x2TB+22x3TB RZ Backup server
pd5 cook True HP DL360G5 16 Xeon 5160 3.0GHz 2 4x146GB KVM Server(finlay) / secondary DNS/LDAP/ DC ericsson alfresco
pd20 cortereal True HP DL360G6 64 Xeon 5540 2.52GHz 8 2x146GB+2x300GB KVM Server SRE/RTL/SRTL (sre15-18; rtl1-4) vmware
pd34 defuca True HP DL360G7 24 Xeon E5649 2.53GHz 12 2x300GB RZ Raw Data/Linkage
pd17 delasalle False HP DL360G5 16 Xeon 5420 2.5GHz 8 2x72GB+2x146GB RZ VMware
pd36 drake True HP DL360G7 128 Xeon E5649 2.53GHz 12 4x1TB SSD KVM Server SRE/SRTL (sre30-35; srtl1-18) vmware
pd44 ericsson True HP DL360G8 40 Xeon E5-2609 2.4GHz 4 2x300GB RZ Linkage
pd32 fidler True Supermicro 12 Xeon W3530 2.8GHz 4 2x2TB+22x3TB YZ Backup server
pd11 franklin True HP DL360G5 4 Xeon 5160 3.0GHz 4 2x72GB RZ Terminal Server / file server verrazzano
pd41 fraser True HP DL380G5 16 Xeon E5335 2.0GHz 8 2x36GB SRE fileserver/transfer bought from auction
pd15 frobisher False HP DL360G5 3 Xeon 5110 1.6GHz 2 2x146GB RZ Quantum Fileserver old yz backup server
pd23 george True Supermicro 8 Xeon X5355 2.6GHz 8 6x146GB RZ Content
pd45 george2 True HP DL360G6 64 Xeon 5540 2.52GHz 8 2x450GB Content Server bought from off-lease
gilbert True KVM 4 1 100GB + 1.4TB Active Directory, DNS, Group Policies
pd35 hearne True HP DL360G7 128 Xeon E5649 2.53GHz 12 4x600GB RZ KVM : extract15; link10-15,17; prepare10-12,14-17; red6-8 (red9 shutoff) verendrye SRE
pd29 hemlock False Supermicro 1 P4 2.8GHz 2 1x40GB CHSPR web
pd3 hudson True HP DL360G5 2 Xeon 5110 1.6GHz 2 2x72GB install server devel
isbister True KVM 1 1 86 GB CHSPR Websites
pd12 joliet False HP DL380G4 12 Xeon 7130 3.2GHz 8 2x72GB RZ Misc. Services/Wiki was Vmware for RZ, then RZ KVM
pd37 kelsey True HP DL360G7 24 Xeon E5649 2.53GHz 12 4x300GB Network Services KVM Server
larsen True KVM 4 1 200GB Redzone AD
pd4 mackenzie True HP DL360G5 4 Xeon 5110 1.6GHz 2 2x72GB+1TB(SAN) RZ Net: dns,dhcp,ldap,sypulse,cfengine old fraser/ old champlain
pd24 maple False Supermicro 4 Xeon 3.0GHz 4 2x72GB+6x144GB RZ web, dev, mail
pd31 milo True Supermicro 2 Xeon 3.0GHz 2 12x500GB CHSPR RZ storage
pd46 new 2 True HP DL360G6 64 Xeon 5540 2.52GHz 8 2x450GB Future fraser bought from off-lease
pd18 nicollet False HP DL360G5 12 Xeon 5420 2.5GHz 4 4x146GB Herb
pd39 noyon True HP DL360G8 160 Xeon E5-2640 2.5GHz 12 8x1TB SSD KVM Server SRE/RTL/SRTL (sre1-16)
pd10 old defuca False HP DL360G5 12 Xeon 5160 3.0GHz 2 2x72GB RZ Vmware old defuca
pd2 old kelsey False HP DL360G5 12 Xeon 5110 1.6GHz 2 0 spare kelsey
pd14 old mackenzie False HP DL360G5 3 Xeon 5110 1.6GHz 2 2x72GB spare mackenzie
pd8 old vancouver False HP DL360G5 2 Xeon 5110 1.6GHz 2 0 spare vancouver/fw
pd13 old-hearne False HP DL380G4 12 Xeon 7130 3.2GHz 12 2x72GB spare fraser vm sre1-9
pd26 old-lily False Supermicro 16 Xeon X5355 2.6GHz 8 6x146GB Spare
pd30 old-sasamat False Supermicro 1 P4 2.5GHz 2 2x144GB CHSPR Journyx
pd7 oldcabot False HP DL360G5 4 Xeon 5110 1.6GHz 2 4x146GB Admin: syspulse,nessus,install,cfengine,syslog,hwdb
pd21 pd-san3 True Supermicro 8 Xeon E5405 4 2x2TB+18x1.5TB SAN storage
pd22 pd-san4 True Supermicro 12 Xeon W3530 4 2x2TB+22x3TB SAN storage
pd27 rae True Supermicro 16 Xeon X5355 2.6GHz 8 2x146GB SRE linux client fox
sasamat True KVM 4 1 60GB Journyx
pd25 sherry False Supermicro 16 Xeon X5355 2.6GHz 8 2x146GB Pharma
pd42 sitka True Supermicro 8 Xeon 7130 3.2GHz 4 1x72GG (pre) SRE linux
pd38 stefansson True HP DL360G7 48 Xeon E5649 2.53GHz 12 4x300GB RZ KVM: extract1-5,10-15; larsen; red13; vmware
sullivan True KVM 2 1 236 GB Local Web Apps Production
thompson True KVM 2 1 42GB + 4TB Development
thompson2 True KVM 2 1 86 GB Development
pd9 vancouver True HP DL360G5 8 Xeon 5110 1.6GHz 4 2x72GB RZ Firewall franklin
pd43 verendrye True HP DL360G8 140 Xeon E5-2640 2.5GHz 12 4*1TB SSD KVM SRE/SRTL/RTL (sre17-29) was hearne
pd16 verrazzano True HP DL360G5 12 Xeon 5420 2.5GHz 8 6x146GB Email drake sre9-12

Virtual Machines

Machine: Serial: Active: Task: Vendor: Model: # Procs Processor: Memory: Disk: Used to be:
gilbert True Active Directory, DNS, Group Policies KVM 1 4 100GB + 1.4TB
thompson True Development KVM 1 2 42GB + 4TB
thompson2 True Development KVM 1 2 86 GB
isbister True CHSPR Websites KVM 1 1 86 GB
sullivan True Local Web Apps Production KVM 1 2 236 GB
beare False Redzone AD KVM 1 2 80GB + 100GB
larsen True Redzone AD KVM 1 4 200GB
cabot True Admin: syspulse,nessus,securid,cfengine,syslog KVM 1 4 80GB + 250GB (SAN)
sasamat True Journyx KVM 1 4 60GB


Virtual IPs on Web Servers (2013-09-18 DL subject to change; check external addresses)

  • Cartier2: 10.80.40.100 (cartier2); 10.80.40.101 (no rDNS); 10.80.40.102 (ihdln.org)
  • Cartier: 10.80.40.10 (cartier...); ...11 (info...); ...14 (cartier.local); ...12 (cartier.local); ...13 (alpha.earlylearning.ubc.ca); ...15 (secure...); ...16 (www.snag.ubc.ca); ...17 (secure...); ...18 (faculty.chspr.ubc.ca); ...19 (cahspr.ca); ...21 (cartier.local);

Notes:


Original order:

Firewall Redzone	1 CPU, Mirrored 36GB Disk, 2GB	1	phlo8	vancovuer	firewall
Firewall Partners	1 CPU, Mirrored 36GB Disk, 2GB	1	phlo6	cook	        more playground
IDS	                1 CPU, Mirrored 72GB Disk, 2GB	1	phlo3	hudson	        playground
IDS Redzone	        1 CPU, Mirrored 72GB Disk, 2GB	1	phlo9	       
Net services	        1 CPU, Mirrored 72GB Disk, 2GB	1	phlo4	champlain	dns, dhcp, chat, ldap
Net services Redzone	1 CPU, Mirrored 72GB Disk, 2GB	1	phlo14	mackenzie	dns, dhcp, ldap, syspulse, cfengine       
PHLO Monitoring	        1 CPU, 4 x 146GB Disk, 4GB	2	phlo7	cabot	        syspulse, nessus, install server, cfengine, syslog, hw db
PHLO Web	        1 CPU, 4 x 146GB Disk, 4GB	2	phlo1	cartier	        wiki, docshare
IMU	                2 CPU, Mirrored 72GB Disk, 8GB	4	phlo10	defuca          IMU
Admin Devel	        2 CPU, 4 x 146GB Disk, 4GB	3	phlo5	ericsson	devel, testing
PHLO Email	        2 CPU, 4 x 146GB Disk, 4GB	3	phlo11	verrazzano      email
Terminal Server Redzone 4 Dual-Core, Mirrored 72GB 12GB	5	phlo12	franklin        LTSP
Collaboratory           4 Dual-Core, Mirrored 72GB 12GB	5	phlo13	fraser	        Collaboratory
Video Server	        1 CPU, 4 x 146GB Disk, 4GB	2	phlo2		
Backup Server	        1 CPU, 4 x 146GB Disk, 4GB	2	phlo15	frobisher       backup

Configs:

  1. DL360G5 5110 1 Dual-Core 1.6GHz, 4MB cache, 2GB Memory, 2x72GB Disk
  2. DL360G5 5110 1 Dual-Core 1.6GHz, 4MB cache, 4GB Memory, 4x146GB Disk
  3. DL360G5 5160 1 Dual-Core 3.0GHz, 4MB cache, 4GB Memory, 4x146GB Disk
  4. DL360G5 5160 1 Dual-Core 3.0GHz, 4MB cache, 8GB Memory, 2x72GB Disk
  5. DL380G4 X7130M 4 Dual-Core 3.2GHz, 4MB cache, 12GB Memory, 2x72GB Disk
  6. DL360G5 5420 2 Quad-Core 2.5GHz 12MB cache, 12GB Memory, 2x72GB Disk
  • Missing 1GB: hudson, cook

Performance

CPUs we have: (from http://www.cpubenchmark.net/high_end_cpus.html)

CPU Benchmark Example
Servers
Intel Xeon 7130 @ 3.20GHz 787 sitka
Intel Xeon 5110 @ 1.60GHz 971 cartier
Intel Xeon 5160 @ 3.00GHz 1,963 defuca
Intel Xeon E5335 @ 2.00GHz 2,576 Auction DL380G5
Intel Xeon X5355 @ 2.66GHz 3,502 rae
Intel Xeon E5420 @ 2.50GHz 3,718 drake
Intel Xeon E5540 @ 2.53GHz 4,308 amundsen
Intel Xeon E5649 @ 2.53GHz 7,628 dl360g7 (drake)
Intel Xeon E5-2640 @ 2.50GHz 9,725 dl360g8 (noyon)
Intel Xeon E5-2660 @ 2.20GHz 11,981 SFU nodes
Intel Xeon E5-2690v2 @ 3.00GHz 17,347 dl360g8 (hubbard)
Intel Xeon E5-2680v4 @ 2.40GHz 19,953 dl360g9 (payette)
Desktops
Intel Core2 Duo U9400 @ 1.40GHz 967 Dell E4200
Intel Pentium Dual E2200 @ 2.20GHz 1,247 charles
Intel Core2 Duo E6700 @ 2.66GHz 1,652 mine
Intel Core i3 540 @ 3.07GHz 2,844 old philby
Intel Core i5-2520M @ 2.50GHz 3,608 Dell E6320
Intel Core i5-2400 @ 3.10GHz 6,143 Desktops 2012
Intel Core i7 950 @ 3.07GHz 6,364 fast5
Intel core i5-6500 @ 3.20GHz 7,231 mlengle
Intel Core i7-7700HQ @ 2.80GHz 8,871 trillian
Intel Core i7-2600 @ 3.40GHz 8,943 fast3
Intel Core i7-4790K @ 4.00GHz 11,245 fast1

Server issues

System network issues

system-tcp-issues For example Verrazzano (zimbra mailserver) connection count

Workstation Connectivity issues - DNS and firewall

DNS issues appear as connectivity problems - someone complains "I can't connect to X".

Diagnostics

The use of short hostnames (ex: SRE6) as opposed to fully-qualified (ex: SRE6.popdata.bc.ca) adds to convenience, but sometimes leads to confusion. The local network configuration may specify a default domain suffix (or several) to be appened to short hostnames, and windows machines have a special system for managing the names of other Windows machines (SMB and WINS).

  • Windows, Mac or Unix:
    • ping HOSTNAME : as a side effect, the first line will show the local resolving of hostname to IP address. The actual ping result is often irrelevant, as many firewalls and computers block ping tests. Ping uses the same DNS resolving and caching service (provided by local system) as applications (e.g. browser) do.
    • nslookup HOSTNAME_OR_IP : as a side effect, the first line will show the primary DNS resolver in the local configuration. The last lines should show what a direct DNS query (bypassing WINS and local caching) would see.
    • error message from browser : "can't find server" usually indicates a DNS resolving problem, while "connection has timed out" is usually a firewall problem (see exception below where DNS gave wrong address).
  • Windows
    • nbtstat -a SHORTNAME : Microsoft lookup (SMB broadcasts or WINS queries) by name (first line shows your address)
  • Unix
    • sudo nmap -n -sP 1.2.3.4/24 : arp scan of specified IP range (local subnet only). Omit -n to show DNS reverse lookups. Note that firewalls (either stand-alone or local system) can suppress response to ping or any particular port, but arp only fails on really dead systems.
    • sudo nmap -v -Pn HOST scan a thousand favourite TCP ports on HOST, ignoring Ping.

Tricks

  • use FQDN instead of short name (e.g. sre6.popdata.bc.ca instead of sre6)
  • use IP address
  • Note that when Cisco AnyConnect is used to VPN server access.popdata.bc.ca, it temporarily modifies workstation network setup:
    1. change DNS to Champlain, which has special local entries for popdata.bc.ca servers, and normal entries for rest of Internet).
    2. split tunnelling is allowed: routing to Popdata servers (many IP addresses starting with 10, e.g. 10.80.40.15 portal.popdata.bc.ca) is forced through VPN tunnel, while leaving unchanged access to services local to workstation and default route to rest of Internet. The AnyConnect preference "Enable Local LAN access" is not required for "Split Tunnelling" to work -- tested using "netstat -r".

Sample incidents

2011-06-20 Owen Lo: 4th floor shared workstation in HELP

  • browser message is "The connection has timed out. The server at www.popdata.bc.ca is taking too long to respond."
  • "ping popdata.bc.ca" reports 137.82.131.55
  • ipconfig reports "DHCP Server: 10.80.20.80" , "DNS Servers: 142.103.199.1", "Primary WINS Server: 142.103.199.2"

Some shared computers in HELP on the 4th floor have an internal IP address, but for DNS use an external server (other than Champlain.popdata.bc.ca, which is the only one that knows about internal addresses for PopData servers). In particular this computer (10.50.10.191 HELPLibrary05 )described by Owen as "the middle one on the right side if we are facing the kitchen" resolves portal.popdata.bc.ca as 137.82.131.55 (the external address) instead of 10.80.40.15 (the internal address as resolved by Champlain). HELPLibrary05 uses 142.103.199.1 (helpsvr1) as DNS resolver, overriding the DHCP setting of Champlain set by Champlain. 2011-06-22: HELP computer support (Alvin till Matthew comes back) to remove the override).


2011-02 Amber Bielecki in Ontario can connect to SRE using IP address but not names. 2011-03-23 "We resolved the DNS issue by uninstalling the ISA 2004 Firewall Client." This Windows server was acting as firewall, and apparently instructing the Windows desktop client to not use Champlain as DNS server. A performance problem also disappeared without that firewall software. Amber also had problems with the java-based tcp performance test at www.bc.net/sonar because of both DNS and outbound firewall rules. Finally she had problems with installing anyconnect, which were eventually overcome.

Windows installer for AnyConnect version 2.4: release notes www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/release/notes/anyconnect24rn.html explicitly includes Windows 7(32-bit and 64-bit). Download from https://download.popdata.bc.ca/anyconnect-win-2.4.1012-web-deploy-k9.exe

  • 2017-07-25 New user Andy Hong has trouble with credentials on RDC but not VPN. Verify that correct username was entered. If foreign keyboard used, dashes (-) might look the same but have different code. See OTRS Chinese Keyboard
    Check on Gilbert which account was used: ssh cabot; U="guiyunli"; D="2017-09-13"; cd /home/logs; grep $U $D/gilbert/local4 | head+tail
    Look for "Failure Audit" or "Success Audit" ; "Source Workstation:" is the RDC client computer's self-assigned name (ex: BILL_LAPTOP); alternately search for local IP address (10.80..) from PDS VPN login.
    • Make sure passphrase updated for secondary account. Check prefix "popdata\" before username. Note that if wrong domain is prefixed (ex: PODPATA), it will not appear in Gilbert log.