kkoch
commented
6 years ago Might be in vm-land and moot but I have: 64.9.208.36 | coordinating committee, GLEAM, etc. 64.9.208.34 | geonetwork (which you already have for SOS)
Closed tslawecki closed 6 years ago
kkoch
commented
6 years ago Might be in vm-land and moot but I have: 64.9.208.36 | coordinating committee, GLEAM, etc. 64.9.208.34 | geonetwork (which you already have for SOS)
tslawecki
commented
6 years ago OK, we would like to go ahead and move (turns out that it'll be to a /29 subnet. OTC would like us to do this Thursday 3/8, let's talk tomorrow about logistics. I'm thinking @gcutrell can verify IP assignments for each of the machines, and maybe someone at RPS (@kknee, would @cheryldmorse or @benjwadams perhaps be the right people) can think about what we should be scared about. I'm assuming that we don't have to adjust any of the internal IPs ...
tslawecki
commented
6 years ago The attached spreadsheet has an updated list of moves - it includes Kathy's GLEAM/CC addition, and also adds some details - namely which ifcfg file needs to be updated. Open questions both for RPS and LTI-IT (cc'd externally) - (1) can we leave the internal IPs (192.168.x) as is? and (2) what should DNS be set to? Also, we should review all /etc/hosts files as we update, and also on the helper VMs db1,db2, process1, mon, and storage (@gcutrell, maybe)? @kknee, anyone in particular at RPS to engage in this planning?
tslawecki
commented
6 years ago kkoch
commented
6 years ago How is this going to affect logins and access?
Bobfrat
commented
6 years ago it shouldn't affect logins because the user management database lives next to the UI
tslawecki
commented
6 years ago @kknee, @Bobfrat - we may need to refresh firewall rules ... please provide IP range to open up on firewall for your access.
tslawecki
commented
6 years ago We have tentatively scheduled cutover to start at 9:30 AM Thursday. Please put up a notice on portal.
tslawecki
commented
6 years ago tslawecki
commented
6 years ago We're physically switched, slowly working our way towards getting individual machines and products working. @cheryldmorse, could you look at THREDDS server please? It's up and pingable, THREDDS service is running, ifconfig shows new address (64.9.201.71), but it refuses to connect from browser. @kknee copied FYI.
This is also good to confirm you can ssh to new IPs ...
tslawecki
commented
6 years ago I'm not sure that the myglos and boaters docker containers are properly restarting. Symptom is http://boaters.glos.us reports a 404, which I'm thinking may be because the docker couldn't start correctly because of data issues upstream (e.g. on a different GLOS server). @Bobfrat or @benjwadams, any thoughts?
http://portal.glos.us still points to maintenance page for now.
@kknee copied FYI
cheryldmorse
commented
6 years ago @tslawecki - I'm not able to ssh into tds.glos.us
tslawecki
commented
6 years ago I assume you were previously able to? Can you provide the IP address range you'd be coming in from and I'll see how quickly the hosting center can turn around the request?
From: cheryldmorse notifications@github.com Sent: Thursday, March 8, 2018 1:28 PM To: glos/myglos Cc: Tad Slawecki; Mention Subject: Re: [glos/myglos] Move to /29 subnet (#196)
@tslaweckihttps://github.com/tslawecki - I'm not able to ssh into tds.glos.us
- You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/glos/myglos/issues/196#issuecomment-371578573, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AE-3PlBmuews6OKPeaBMIN87KvXVordJks5tcXg0gaJpZM4SOUq6.
Bobfrat
commented
6 years ago I cant ssh into portal.glos.us either
Bobfrat
commented
6 years ago i take it back, when I use the new IP instead of portal.glos.us I can get in
tslawecki
commented
6 years ago @cheryldmorse, maybe try direct to 64.9.201.71?
cheryldmorse
commented
6 years ago @tslawecki - That is what I was using and the connection times out. IP is 184.180.13.92
tslawecki
commented
6 years ago @cheryldmorse - not sure why tds is rejecting us from outside, rules look good. But I can ssh from portal (64.9.201.72) to .71. Do you have credentials for that one? If not, maybe @Bobfrat can set you up (trying to avoid sending passwords)
tslawecki
commented
6 years ago @cheryldmorse - Alternately, you can RDP to 64.9.201.73, Windows server if you have credentials.
tslawecki
commented
6 years ago @cheryldmorse - I take that back about rules, not 100% sure of what I'm looking that but this is in iptables -S ...
-A BLACKLIST -s 184.180.13.92/32 -j DROP
Not sure why that's in there ...
benjwadams
commented
6 years ago Are you running fail2ban or similar? Some programs will add IP addresses to a blacklist after a certain number of failed attempts. i.e. pgrep -fl fail2ban
cheryldmorse
commented
6 years ago @tslawecki - still no luck logging in. My connection to RDP fails. I can get on to portal.glos.us but the password that I have for glosea is not working. Any luck removing our network from the blacklist?
tslawecki
commented
6 years ago @cheryldmorse - I did a couple of iptable DROP commands to get rid of all BLACKLIST entries, try again?
Bobfrat
commented
6 years ago The docker containers on portal.glos.us weren't starting correctly because the system time was not synced correctly. I had to sync the time using ntpdate pool.ntp.org in order to fetch resources from S3. This is the same issue we had on Dec 23.
It's up and running here: https://64.9.201.72/
Boaters tool is up too: https://boaters.glos.us/
tslawecki
commented
6 years ago Thanks, @Bobfrat! I'm guessing Boaters' Tool isn't showing models in legend because TDS isn't working right yet??
cheryldmorse
commented
6 years ago @tslawecki Can give access to this IP: 216.65.201.140
tslawecki
commented
6 years ago @cheryldmorse - give it a shot, added
ACCEPT tcp -- 216.65.201.140 anywhere tcp dpt:ssh
tslawecki
commented
6 years ago @cheryldmorse - BTW, buoys are missing again in portal, I'm guessing the MTRI harvest messed us up again. Can @gcutrell help clean this up?
tslawecki
commented
6 years ago @cheryldmorse - I'm guessing you won't be able to get in from your 216 IP address, we'd have to add the rule to the firewall. I've instead reset the password for glosea on myglos (.72) to the same as for tds.glos.us.
cheryldmorse
commented
6 years ago @tslawecki - I was able to get in from another server
cheryldmorse
commented
6 years ago @tslawecki - TDS is back up. The configuration for nginx had to be updated
gcutrell
commented
6 years ago Thanks Cheryl. I'll be away from a computer for a bit longer. Could you remove the corrupted file?
Get Outlook for Androidhttps://aka.ms/ghei36
From: cheryldmorse Sent: Thursday, March 8, 4:25 PM Subject: Re: [glos/myglos] Move to /29 subnet (#196) To: glos/myglos Cc: Greg Cutrell, Mention
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/glos/myglos/issues/196#issuecomment-371629603, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AWmg1C66k8YYjgMKAnueSyT6_s3lh86hks5tcaHFgaJpZM4SOUq6.
tslawecki
commented
6 years ago Thanks, @cheryldmorse! I should have looked a little harder and found nginx under /usr/local instead of /etc.
tslawecki
commented
6 years ago I think we're done here.
Online Tech (rack space provider) wants to know GLOS's IP addresses. I have the following from DNS:
A | 64.9.200.105 | ftp A | 64.9.200.109 | data, dev A | 64.9.200.114 | slrfvm A | 64.9.200.121 | basex, tiles, wms A | 64.9.200.124 | habs A | 64.9.208.34 | sos A | 64.9.208.35 | tds A | 64.9.208.40 | boaters, newportal, portal
Any others anyone is aware of? Starting with @kknee ...