[tog] 8-10 old computers

Schrodinger schrodinger at konundrum.org
Thu Jun 30 10:33:20 CEST 2016


On 2016/06/29 23:01, Sergiusz Bazański via tog wrote:

> On 06/29/2016 05:28 PM, Schrodinger via tog wrote:
> > On 2016/06/29 16:02, Ben Field via tog wrote:
> >> Not yet, it's in the plans. If you want to get involved in the infra stuff then
> >> let's talk directly and take it off list.
> > 
> > Why?
> > 
> > It's TOG related. Be nice to have an open discussion here for all to
> > chime in on the intended design, hardware and software that's going to
> > be used.
> > 
> > Where people may not chime in it might be nice to have the discussion
> > for people to read and witness what might be formed organically.
> 
> Chiming in as another person wanting to help with the infra (but still
> without access to the internal Tog mailing list ...).
> 
> Here's what I'd like to do:
> 
>  - bring up a router/NAT (APU2 C4 with PFSense/OpenBSD/whatever, it's
>    ordered, should be here next Monday)

I'd be more of a fan of OpenBSD but Pfsense might make things easier for
other members that aren't used to editting pf rules. Everyone has their
own way of doing things and it can be confusing for people. Whatever is
easiest is "better" ;) I switched from native OpenBSD to FreeBSD a
while back because there were somethings in the ports on FreeBSD which
weren't available with OpenBSD. I had some issues getting, whatever it
was, to compile. Gave up. For me it was quicker to switch to FreeBSD
than to patch the software for OpenBSD.

The APU2 C4 look really nice and low power which is great and was
always a sore point for people hearing that a full server was running
24x7 in the space. The trade off was that some people pay more on their
membership to accomodate for the power consumption. That's not so
necessary anymore but it's what happened in the first few years to pay
for members running kit all the time.

>  - do physical cable runs from ISP CPE to rack, and from rack to LAN
>    drops / AP locations

Definitely needed. I hate wireless in general and much prefer to cabled
into the network. And as you point out it will be required for the
wireless APs.

We could do with another fully managed 1Gb switch. We have one but it's
not enough. I'd like to get another - somewhere... You don't find too
many people throwing out a fully managed 1Gb switch. The main 1Gb switch
in TOG is Cisco. Then there is another 10/100Mb Cisco. We have far too
many 10/100Mb switches in TOG. We need more 1Gb. We need 10Gb ;) But all
managed so we can do useful things with them and GRAPH ALL THE THINGS!
:D

>  - start up a few extra APs (we still need them, anyone want to buy
>    some abgn/ac Ubnts/Mikrotiks/TPLinks with OpenWRT?)

We have two Ubnts. I have one at home as I was looking at hacking their
discovery protocol for snitchz and giggles. The only other decent APs in
the belong to a member for his wireless hacking workshop. But I'm happy
to look at buying some TPLinks as I think they're decent. Ubnts can be
expensive, €50 a piece IIRC.

>  - network & power cabling of rack

I'd very much like to build a new rack and comms storage. The current
rack I owe to a very good friend of mine for donating it to TOG years
ago. I thank him very much. The rack is fine in general but the wheels
have collapsed and it's hard to drag around. A load of IKEA Lack racks
which break down would be nice. Short deptch for comms and the longer
ones for servers.

>  - start bringing up servers, hopefully starting off with one that
>    would run a CM system (Chef/Puppet/Salt/whatever)

PUPPET! :) We can have this debate another time.

>  - bring up basic services, I was thinking of:
>    - OpenLDAP & Kerberos (FreeIPA? manually on a BSD/Linux box?)

Man after my own heart. I've had an OpenLDAP scheme created for TOG for
about 5 years now and it's never really gotten off the group because of
a lack of interface for what was previously the committee to provision
members and manage groups: admin, fullmember, probationary, etc... Also
it needs a nice UI for members to be able to edit their own details and
password resets.

I'll put yhe ldap on my github later on today when I dig it out. It was
just a first run at it but I had LDIF to define even the physical TOG
locations and the rooms in TOG - not just the people.

I'm a big fan of the provisioning method that the Amsterdam hackerspace
designed. https://wiki.techinc.nl/index.php/LDAP

Their way to use it for services is very much what I had wanted back in
the day. https://wiki.techinc.nl/index.php/Ldap.ti

The main idea being one account to rule them all. The provisioning
method is designed to try and secure the member data as much as
possible. Privacy and all that jazz that so many people don't care about
;)

>    - some sort of storage (NAS for users, iSCSI for boxen)

There is a HP Microserver that we can throw four spinning disks into and
turn it into a storage box. It should do the job just fine?

>    - some sort of virtualization/containerization infrastructure
>      (something basic like dokku at first will probably be enough)

Yes, yes indeed. I have wanted to buy, TOG to buy, a *modern* server or
piece of hardware for VMs. This would cut down hugely on the need for
full servers. Most members don't need anything beefy, it's mostly
messing around. A modern box would be a lot more green in terms of power
consumption.

>  - document stuff on the Wiki (once I get access...) as we go

If you're not putting it on the wiki you're doing it wrong ;)

Also on my todo list has always been SpaceNet and SpaceFed. And
dn42.net.

Schrodinger.
-- 
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.tog.ie/pipermail/tog/attachments/20160630/8cd52a4f/attachment-0001.sig>


More information about the tog mailing list