TheLab.ms Wiki

User Tools

Site Tools

infra

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infra [2025/01/02 15:31] ctoinfra [2025/03/07 22:37] (current) ef2d127d-e37b-942b-aad0-6145e54b0c61
Line 1: Line 1:
 # IT Infrastructure # IT Infrastructure
  
-## Network+----
  
-TheLab has a MikroTik router with a handful of APsand Cisco switch for PoE and extra ports.+**Please don't tinker with the infra - daily operations of the space depend on it! If you want to change somethingask someone who's been around for while first.**
  
-The network is divided up into a few subnets, each on their own vlan. +----
- +
-Members: 10.200.1.0/24 +
-Members Static IPs: 10.200.0.0/24 +
-Infrastructure: 10.200.10.0/24 +
-Cameras: 10.200.20.0/24 +
-- Access Control: 10.220.4.0/24 +
- +
-Management points: +
- +
-- 10.200.10.1: Mikrotik router web interface +
-- 10.200.10.2: Cisco network switch +
- +
-### Switch Ports +
- +
-The switch has 4 obvious bays of ports, each assigned to a VLAN like: +
- +
-- Cameras +
-- Members +
-- Infrastructure +
-- Access Control+
  
 ## Servers ## Servers
  
-### foobar.thelab.ms+<nspages :servers -customTitle="{title}" -textPages="" -tree>
  
-Foobar is the main internet-facing server running [Conway](https://github.com/TheLab-ms/conway) and [Dokuwiki](https://docs.thelab.ms).+## Cloudflare
  
-#### Provisioning Process+We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it's worth knowing that it exists.
  
-- Azure Standard_B1s running Ubuntu 24.04 in southcentralus. +Cloudflare tunnels are used for all ingress to our servers no need to worry about rotating TLS certs, free DDoS protection, etc.
-- Enable daily Azure backups during provisioning. +
-- Manually populate IP in Cloudflare dns record (foobar.thelab.ms) +
-- The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal. +
-- Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand. +
-  Make sure to run as a service i.e. `cloudflared service install` +
-- Run `make ansible`!+
  
-Here's the cloudflared config at the time of provisioning: 
  
-```yaml +## Github
-tunnel: 496df05d-fb69-4164-8f85-25d9805d028b +
-credentials-file: /root/.cloudflared/496df05d-fb69-4164-8f85-25d9805d028b.json+
  
-originRequest: +Any active members working on code-related projects can be added as a member of TheLab's Github orghttps://github.com/TheLab-ms.
-  connectTimeout10s+
  
-ingress: 
-  - hostname: members.thelab.ms 
-    service: http://localhost:8080 
  
-  - hostname: docs.thelab.ms +## Monitoring
-    service: http://localhost:8081+
  
-  - servicehttp_status:404 +We have a shared [cronitor](https://cronitor.io) account used for uptime checks. Failing checks are posted to #it and visible publicly at https://status.thelab.ms
-```+
  
-### baz.thelab.ms+## Network
  
-Baz is the main on-prem server at TheLab.+TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.
  
-#### Provisioning Process+The network is divided up into a few subnets, each on their own vlan.
  
-Dell 16 core by 96gb r710 with a bunch of SSDs +Members: **10.200.1.0/24** 
-- Manually configure the RAID controller with a keyboard/monitor +Members Static IPs: **10.200.0.0/24** 
-  - One RAID group for the first two disks (boot/os drive) +Infrastructure**10.200.10.0/24** 
-  One RAID group for the rest +Cameras: **10.200.20.0/24** 
-- Make sure the system option is set to turn on when power is lost +Access Control: **10.220.4.0/24**
-- Install Ubuntu 24 from a flash drive +
-  Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234 +
-  Mount the data drive to /mnt/data +
-Make the default username "cto" with a reasonable password +
-- Run `make ansible`!+
  
-Here's the cloudflared config at the time of provisioning:+Management points:
  
-```yaml +- **10.200.10.1**: Mikrotik router web interface (get creds from acting CTO) 
-tunnelef56e4b9-3eb1-4525-8b77-dcc2625247bd +- **10.200.10.2**Cisco network switch 
-credentials-file: /root/.cloudflared/ef56e4b9-3eb1-4525-8b77-dcc2625247bd.json+  `ssh [email protected] -c aes256-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1 -o PubkeyAcceptedAlgorithms=+ssh-rsa -o HostKeyAlgorithms=+ssh-rsa`
  
-originRequest: +### Switch Ports
-  connectTimeout: 10s+
  
-ingress: +The switch has 4 obvious bays of ports, each assigned to a VLAN like:
-  - hostname: frigate.thelab.ms +
-    service: http://127.0.0.1:8971+
  
-  service: http_status:404 +Cameras 
-```+- Members 
 +- Infrastructure 
 +- Access Control
  
infra.1735831872.txt.gz · Last modified: 2025/01/02 15:31 by cto
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki