Version 31 (modified by 14 years ago) ( diff ) | ,
---|
System admin for the BRICCS infrastructure
BRICCS page in the RCS wiki : https://rcs-manage-1.star.le.ac.uk/wiki/index.php5/BRICCS
A list of the systems we have available, and what software they are running.
Hospital systems
On the hospital side, the machines are created within the UHL server facility managed by IM&T. We currently have four VMs, visible only from within the hospital environment.
Mail: System needs to be able to manage local and outgoing mail. 'smarthost' used for everything else: smtp.xuhl-tr.nhs.uk
ClamAV: Put the following in cron.weekly and chmod 755:
clamscan -ri --exclude-dir=/sys\|/proc\|/dev / | mail -s "ClamAV Scan Results for date +%D
" email@…
All UHL machines need to be able to access the internet for updates, etc. For this they need to be 'allowed by rule' through the BlueCoat firewall. This is arranged by UHL IM&T (Geoff Harrison)
briccs
- Hostname : briccs.xuhl-tr.nhs.uk
- Location : UHL 10.156.254.207
- Subnet - 255.255.255.128, Gateway - 10.156.254.129
- DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166)
- Hardware : Virtual machine
- Software : Ubuntu 9.10
- Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb build-essential clamav
- Services
- Onyx and dependencies, including the pmi lookup
- webmin to port 10000 (HTTPS)
- byobu for multiple terminals if desired
- Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx.
briccsdb
- Hostname : briccsdb.xuhl-tr.nhs.uk
- Location : UHL 10.156.254.206
- Subnet - 255.255.255.128, Gateway - 10.156.254.129
- DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166)
- Hardware : Virtual machine
- Software : Ubuntu 9.10
- Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav
- Services
- MySQL database for Onyx
- phpmyadmin at /phpmyadmin/
- webmin to port 10000 (HTTPS)
- byobu for multiple terminals if desired
briccsdev
- Hostname : uhlbriccsdev.xuhl-tr.nhs.uk
- Location : UHL 10.147.126.57
- Subnet - 255.255.255.128, Gateway - 10.147.126.1
- DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
- Hardware : Virtual machine
- Software : Ubuntu 10.04
- Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav
- Services
- OnyxTestSystem and dependencies, including the test pmi lookup
briccsdbdev
- Hostname : uhlbriccsdbdev.xuhl-tr.nhs.uk
- Location : UHL 10.147.126.56
- Subnet - 255.255.255.128, Gateway - 10.147.126.1
- DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
- Hardware : Virtual machine
- Software : Ubuntu 10.04
- Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav
- Services
- MySQL database for OnyxTestSystem
University systems
On the University side, the systems are provided by RCS.
briccs-1
- Hostname : briccs-1.rcs.le.ac.uk
- Location : RCS
- Hardware : ?
- Software : OpenSuse
- Services
- Host VirtualBox system for sandbox VMs
- ex-Live deployment of BriccsLabelsWebapp (not used)
- ex-Test deployment of CaTissue (not used)
- Accessing the VirtualBox GUI Control Panel:
ssh -X briccs-1.rcs.le.ac.uk
nrh11@briccs-1:~> echo $DISPLAY
localhost:13.1
nrh11@briccs-1:~> sudo su -
nrh11's password:
briccs-1:~ # export DISPLAY=localhost:13.1
briccs-1:~ # xauth merge ~nrh11/.Xauthority
briccs-1:~ # VirtualBox
- VMs currently provisioned:
briccs-4.rcs.le.ac.uk 02:01:8F:D2:AA:8C 143.210.170.140
briccs-5.rcs.le.ac.uk 02:01:8F:D2:AA:8D 143.210.170.141
briccs-6.rcs.le.ac.uk 02:01:8F:D2:AA:8E 143.210.170.142
briccs-7.rcs.le.ac.uk 02:01:8F:D2:AA:8F 143.210.170.143
Settings
IP mask : 255.255.255.0 Gateway : 143.210.170.1 DNS one : 143.210.12.152 DNS two : 143.210.12.154
VBoxManage man page: http://www.virtualbox.org/manual/ch08.html
Note: when rebuilding a VM, the ssh key will change. On local machines use "ssh-keygen -R hostname" and "ssh-keygen -R IP" to remove them and then reconnect.
briccs-2
- Hostname : briccs-2.rcs.le.ac.uk
- Location : RCS
- Hardware : VirtualBox virtual machine
- Software : OpenSuse
- Services
- Subversion (svn) repository
briccs-3
- Hostname : briccs-3.rcs.le.ac.uk
- Location : RCS
- Hardware : VirtualBox virtual machine
- Software : OpenSuse
- Services
- Test deployment of CaTissue (evaluation by lab staff)
VMs on briccs-1
- The VMs on briccs-1 are transitory, however please check with the listed owner before destruction.
briccs-4
- Hostname : briccs-4.rcs.le.ac.uk
- Ownership:
- Location : briccs-1
- Hardware : VirtualBox virtual machine
- Software :
- Services
briccs-5
- Hostname : briccs-5.rcs.le.ac.uk
- Ownership: JL
- Location : briccs-1
- Hardware : VirtualBox virtual machine
- Software : CentOS
- Services
- Test deployment of i2b2
briccs-6
- Hostname : briccs-6.rcs.le.ac.uk
- Ownership: JL
- Location : briccs-1
- Hardware : VirtualBox virtual machine
- Software : CentOS
- Services
- Deployment of caTissue p5 for API client testing
briccs-7
- Hostname : briccs-7.rcs.le.ac.uk
- Ownership:
- Location : briccs-1
- Hardware : VirtualBox virtual machine
- Software : CentOS 5.5 (64bit)
- Services
- Trac system
- Maven repository
- Data repository
sparrow
- Hostname : sparrow.briccs.org.uk
- Location : SliceHost
- Hardware : Xen virtual machine, Quad core Opteron, 256M RAM, 10G HD
- Software : CentOS 5.5 (32bit)
- Services
- No longer running any live services.
- All services now migrated to briccs-7.
- Scheduled to be shutdown once migrated services have been tested.
BRICCS Server Security
The following should be considered the standard specification for BRICCS Server Security:
ClamAV: Put the following in cron.weekly and chmod 755:
clamscan -ri --exclude-dir=/sys\|/proc\|/dev / | mail -s "ClamAV Scan Results for date +%D
" email@…
fail2ban
- Note: If installing on a CentOS machine, fail2ban is only available from the EPEL repo: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
logwatch
NagiOS
chkrootkit
Snort
What else?