IRC Infrastructure

From Whiteboard

Jump to navigationJump to search

The WTPA IRC server is at irc.wherestheparty.at. Mike and Matt administer the server. Shell accounts are provided on request and the IRC server itself is publicly accessible. Here is some information on managing the infrastructure.

The IRC server and shell box both live on a single host, ipad.wherestheparty.at. Mike and Matt have access to this server.

The IRC server (irc.wherestheparty.at) and shell host (mosquitoes.wherestheparty.at) are both FreeBSD jails, sharing the same physical host.

They maintain a todo list on ipad in ~root/TODO.

SSH

Only matthoran.com and mike-burns.com have access to ipad and irc, and their ssh port is 8022. In order to connect from a host other than matthoran.com or mike-burns.com, the following may be added to ~/.ssh/config

Host ipad.wherestheparty.at ipad
  Hostname ipad.wherestheparty.at
  ProxyCommand ssh -W %h:%p matthoran.com
  Port 8022
Host irc.wherestheparty.at irc
  Hostname irc.wherestheparty.at
  ProxyCommand ssh -W %h:%p matthoran.com
  Port 8022

SSH to mosquitoes is protected by sshguard, which writes to /etc/hosts.allow.

SSH key fingerprints:

256 e8:2a:1a:6a:a6:d2:a2:a9:54:9c:a0:af:03:a1:0e:1a  root@ipad.wherestheparty.at (ECDSA)
256 56:a2:5e:f0:e7:8f:9c:b6:dc:7b:56:12:12:af:32:43  root@irc.wherestheparty.at (ECDSA)
256 8d:c3:d6:85:90:16:06:5b:5d:e6:c7:e0:1a:50:70:0e  root@mosquitoes.wherestheparty.at (ECDSA)

Base

To update the base system, freebsd-update(8) may be used.

To update ipad, run freebsd-update fetch install.

To update the jails, run freebsd-update fetch install from ipad with the -b option:

 freebsd-update -b /usr/local/jails/$JAIL.wherestheparty.at/ fetch install

You should set jail_enable="NO" in /etc/rc.conf on ipad so that jails do not autostart after reboot.

Run the three freebsd-updates, then reboot and finalize it (freebsd-update install, three times).

To perform a major upgrade, follow the Handbook, ensuring that jail_enable="NO" is set on ipad before rebooting.

Once ipad has been upgraded, the jails may be upgraded. The UNAME_r environment variable must be set to the previous release version before the upgrade will continue.

 UNAME_r=10.0-RELEASE freebsd-update -r 9.1-RELEASE -b /usr/local/jails/$JAIL.wherestheparty.at/ upgrade

Ports and Packages

Use packages instead of ports for all except a special case on irc. For ipad run pkg update upgrade. For irc and mosquiotes run pkg -j $JAIL update upgrade. It is safe to run that even on irc

irc uses a mix of packages and ports because /etc/make.conf has settings required for ircd-ratbox-devel. ircd-ratbox-devel has been locked to prevent accidental package upgrade via pkg lock ircd-ratbox-devel.

To manage ports on irc, simply SSH in and run portsnap fetch update. Then use portmaster(8) to update ports.

Upgrading Using Ansible

Parts of the upgrade can be scripted.

In the special case where you know ahead of time that the upgrade will not require a reboot, and that you only need to run a series of freebsd-update and pkg commands, use this set up:

Inventory

In hosts:

 [shell_hosts]
 ipad.wherestheparty.at
 
 [shell_hosts:vars]
 ansible_python_interpreter=/usr/local/bin/python2.7

Playbook

In simple-upgrade.yml:

 ---
 - hosts: shell_hosts
   become: yes
 
   tasks:
     - name: fetch host OS upgrades
       command: /usr/sbin/freebsd-update fetch --not-running-from-cron
       register: host_fetch_output
     - name: install host OS upgrades
       command: /usr/sbin/freebsd-update install
       when: host_fetch_output.stdout.find('No updates needed') == -1
 
     - name: fetch irc OS upgrades
       command: /usr/sbin/freebsd-update -b /usr/local/jails/irc.wherestheparty.at/ fetch --not-running-from-cron
       register: irc_fetch_output
     - name: install irc OS upgrades
       command: /usr/sbin/freebsd-update -b /usr/local/jails/irc.wherestheparty.at/ install
       when: irc_fetch_output.stdout.find('No updates needed') == -1
 
     - name: fetch mosquitoes OS upgrades
       command: /usr/sbin/freebsd-update -b /usr/local/jails/mosquitoes.wherestheparty.at/ fetch --not-running-from-cron
       register: mosquitoes_fetch_output
     - name: install mosquitoes OS upgrades
       command: /usr/sbin/freebsd-update -b /usr/local/jails/mosquitoes.wherestheparty.at/ install
       when: mosquitoes_fetch_output.stdout.find('No updates needed') == -1
 
     - name: update host packages
       command: /usr/sbin/pkg update
     - name: upgrade host pkgng package
       command: /usr/sbin/pkg upgrade -y pkg
     - name: show host package upgrade plan
       command: /usr/sbin/pkg upgrade -n
       register: host_package_upgrade_plan
     - name: confirm package upgrade plan
       debug: var=host_package_upgrade_plan.stdout_lines
     - pause: prompt="To continue with upgrade, ^c then c. To abort, ^c then a"
     - name: upgrade host packages
       command: /usr/sbin/pkg upgrade -y
 
     - name: update irc packages
       command: /usr/sbin/pkg -j irc update
     - name: upgrade irc pkgng package
       command: /usr/sbin/pkg -j irc upgrade -y pkg
     - name: show irc package upgrade plan
       command: /usr/sbin/pkg -j irc upgrade -n
       register: irc_package_upgrade_plan
     - name: confirm package upgrade plan
       debug: var=irc_package_upgrade_plan.stdout_lines
     - pause: prompt="To continue with upgrade, ^c then c. To abort, ^c then a"
     - name: upgrade host packages
       command: /usr/sbin/pkg -j irc upgrade -y
 
     - name: update mosquitoes packages
       command: /usr/sbin/pkg -j mosquitoes update
     - name: upgrade mosquitoes pkgng package
       command: /usr/sbin/pkg -j mosquitoes upgrade -y pkg
     - name: show mosquitoes package upgrade plan
       command: /usr/sbin/pkg -j mosquitoes upgrade -n
       register: mosquitoes_package_upgrade_plan
     - name: confirm package upgrade plan
       debug: var=mosquitoes_package_upgrade_plan.stdout_lines
     - pause: prompt="To continue with upgrade, ^c then c. To abort, ^c then a"
     - name: upgrade host packages
       command: /usr/sbin/pkg -j mosquitoes upgrade -y

Run it

To run that playbook:

 ansible-playbook simple-upgrade.yml -ihosts -K

The -K is only required if you need to type your password to become root using sudo(8).

This playbook will prompt you before upgrading the packages on each subsystem, but will otherwise run unattended.