[[span(style=background: yellow,!!!!PLEASE DO NOT EDIT!!!!)]] [[span(style=background: yellow,THIS PAGE HAS BEEN MIGRATED TO THE [https://docs.google.com/document/d/1GgjOS4o1cy6KgPrV39T8ShYL0xFMhPB8XDNqt7uLdW0/edit Dev Google Drive])]] [[span(style=background: yellow,!!!!PLEASE DO NOT EDIT!!!!)]] [[PageOutline(1-10,Contents,inline,unnumbered)]] = CVEs = * Log4Shell: [https://nvd.nist.gov/vuln/detail/CVE-2021-44228 CVE-2021-44228] * https://www.lunasec.io/docs/blog/log4j-zero-day/ * https://www.randori.com/blog/cve-2021-44228/ * [https://logs.clarin.eu/app/kibana#/dashboard/b2f00120-feb1-11e8-830e-37e705122c01?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(darkTheme:!f,hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(vis:(defaultColors:('0%20-%200.25':'rgb(247,252,245)','0.25%20-%200.5':'rgb(229,245,224)','0.5%20-%200.75':'rgb(199,233,192)','0.75%20-%201':'rgb(161,217,155)','1%20-%201.25':'rgb(116,196,118)','1.25%20-%201.5':'rgb(65,171,93)','1.5%20-%201.75':'rgb(35,139,69)','1.75%20-%202':'rgb(0,109,44)'),legendOpen:!t)),gridData:(h:20,i:'1',w:48,x:0,y:25),id:ab691fe0-feb1-11e8-830e-37e705122c01,panelIndex:'1',type:visualization,version:'6.5.2'),(embeddableConfig:(vis:(legendOpen:!f)),gridData:(h:8,i:'2',w:48,x:0,y:0),id:'8333c070-feb6-11e8-830e-37e705122c01',panelIndex:'2',type:visualization,version:'6.5.2'),(embeddableConfig:(),gridData:(h:8,i:'3',w:48,x:0,y:8),id:cf0ec6b0-ffac-11e8-8982-85e773172619,panelIndex:'3',type:visualization,version:'6.5.2'),(embeddableConfig:(),gridData:(h:9,i:'4',w:48,x:0,y:63),id:'73591230-0fe7-11e9-8982-85e773172619',panelIndex:'4',type:visualization,version:'6.5.2'),(embeddableConfig:(),gridData:(h:9,i:'5',w:48,x:0,y:16),id:'600e1820-15ae-11e9-8982-85e773172619',panelIndex:'5',type:visualization,version:'6.5.2'),(embeddableConfig:(),gridData:(h:12,i:'6',w:48,x:0,y:72),id:d2bdce40-4724-11e9-b286-01d4787d596c,panelIndex:'6',type:visualization,version:'6.5.4'),(embeddableConfig:(),gridData:(h:18,i:'7',w:48,x:0,y:45),id:'43f87fe0-56d6-11e9-b286-01d4787d596c',panelIndex:'7',type:visualization,version:'6.5.4'),(embeddableConfig:(),gridData:(h:10,i:'8',w:48,x:0,y:84),id:'402fba70-dae0-11e9-a043-cfc36c31ded9',panelIndex:'8',type:visualization,version:'6.5.4')),query:(language:lucene,query:'*jndi*'),timeRestore:!f,title:'Proxy%20requests',viewMode:view) Attempts in Kibana] * https://wiki.surfnet.nl/display/SURFcert/SURFcert+factsheet+-+log4j+rce = Tickets = [[TicketQuery(col=ticket|priority|summary|owner|created|modified,component=System administration,order=modified,desc=true,table,status!=closed)]] # Hosts # ## Internally managed ## ### Production (clarin.eu) ### {{{#!table style="white-space: nowrap;" ||= '''Canonical FQDN''' =||= '''Aliases''' =|| '''Services''' || '''Ports''' || '''Service Type''' ||= '''IPv4-address''' =||= '''OS''' =||= '''(v)CPUs''' =||= '''Memory\\(GiB)''' =||= '''Storage\\(GiB)''' =||= '''Hoster''' =|| '''Type''' ||= '''Responsible''' =||= '''Support''' =||= '''Collectd''' =|| '''Fluentd''' || '''Docker''' || '''Compose''' || || clarinvm.cesnet.cz || catalog.clarin.eu[[BR]]docker.clarin.eu[[BR]]nexus.clarin.eu[[BR]]office.clarin.eu || [https://gitlab.com/CLARIN-ERIC/compose_netkernel Netkernel][[BR]]CLARIN EU trac[[BR]]CLARIN NL trac [[BR]]SVN[[BR]]Metrics[[BR]][https://gitlab.com/CLARIN-ERIC/compreg-prod Component Registry][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin_discovery Discovery service] || || PRODUCTION[[BR]]PRODUCTION[[BR]]PRODUCTION[[BR]]PRODUCTION[[BR]]PRODUCTION[[BR]]PRODUCTION[[BR]]PRODUCTION || 78.128.216.72 || CentOS[[BR]]7.1.1503 || 8|| 32|| 500|| [./Hosters/CESNET CESNET] || || sysops@clarin.eu || cesnet-virtual@cesnet.cz || 5.5 || n/a || 1.8.2 || n/a || || 149-210-236-86.colo.transip.net || clarineu-vps2 || [https://gitlab.com/CLARIN-ERIC/compose_clarin_proxy Reverse proxy] || 80, 443 || PRODUCTION (Primary) || 149.210.236.86[[BR]]Priv. net.: 192.168.1.3 || CentOS[[BR]]7-5.1804.4.el7 || 2|| 4|| 150|| [./Hosters/TransIP TransIP] || VPS X4[[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.0 || td-agent[[BR]]1.2.2 || 18.06.0 || 1.22.0 || || 136-144-215-36.colo.transip.net || clarineu-vps6[[BR]](clarineu-vps5) original || [https://gitlab.com/CLARIN-ERIC/compose_clarin_proxy Reverse proxy] || 80, 443 || PRODUCTION (Backup) || 136.144.215.36[[BR]]Priv. net.: 192.168.1.1 || CentOS[[BR]]7-5.1804.4.el7 || 2|| 4|| 150|| [./Hosters/TransIP TransIP] || VPS X4[[BR]]@RTM0 (Delft) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.0 || td-agent[[BR]]1.2.2 || 18.06.0 || 1.22.0 || || 149-210-250-181.colo.transip.net || clarineu-vps9[[BR]][https://www.clarin.eu www.clarin.eu] || [https://gitlab.com/CLARIN-ERIC/compose_clarin-drupal Main Website] || 44305 || PRODUCTION (Primary) || 149.210.250.181 || CentOS[[BR]]7-9.2009.1.el7 || 4|| 8|| 300|| [./Hosters/TransIP TransIP] || VPS X8[[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.1 || td-agent[[BR]]1.11.5 || 20.10.7 || 1.29.2 || || 136-144-221-254.colo.transip.net || clarineu-vps8[[BR]][https://www.clarin.eu www.clarin.eu] || [https://gitlab.com/CLARIN-ERIC/compose_clarin-drupal Main Website] || 44305 || PRODUCTION (Backup) || 136.144.221.254 || CentOS[[BR]]7-9.2009.1.el7 || 4|| 8|| 300|| [./Hosters/TransIP TransIP] || VPS X8[[BR]]@RTM0 (Delft) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.1 || td-agent[[BR]]1.11.5 || 20.10.7 || 1.29.2 || || 37.97.220.172.colo.transip.net || clarineu-vps5[[BR]](clarineu-vps) original || [https://gitlab.com/CLARIN-ERIC/compose_clarin_discovery Discovery service][[BR]][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin_spf Infra SPF MD pipelines][[BR]][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin-nginx-infra Infra static webserver][[BR]][[BR]][https://gitlab.com/CLARIN-ERIC/compose_idm Unity IDM (2.8.x)] || 8444[[BR]]44344, 44345[[BR]]44343 || PRODUCTION 2[[BR]]PRODUCTION 1[[BR]]PRODUCTION 1[[BR]]PRODUCTION || 37.97.220.172 || CentOS[[BR]]7-5.1804.4.el7 || 4|| 8|| 150[[BR]](300 but needs growfs)|| [./Hosters/TransIP TransIP] || VPS X8[[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.0 || td-agent[[BR]]1.2.2 || 18.06.0 || 1.22.0 || || 136-144-199-95.colo.transip.net || clarineu-vps7[[BR]](clarineu-vps6) original[[BR]]stats.clarin.eu[[BR]]switchboard.clarin.eu || [https://gitlab.com/CLARIN-ERIC/compose_clarin-piwik Matomo][[BR]][[Centre Registry]][[BR]]Switchboard || 8082, 4425[[BR]]44335[[BR]]44399 || PRODUCTION (Primary)[[BR]]PRODUCTION (Primary)[[BR]]PRODUCTION || 136.144.199.95 || CentOS[[BR]]7-9.2009.1.el7 || 4|| 8|| 150[[BR]](300 available but FS not grown)|| [./Hosters/TransIP TransIP] || VPS X8[[BR]]@RTM0 (Delft) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.1 || td-agent[[BR]]1.11.15 || 23.0.4 || 1.24.1 || || 136-144-208-88.colo.transip.net || clarineu-backups[[BR]](clarineu-vps7) original || BACKUPS || || PRODUCTION || 136.144.208.88 || CentOS || 1|| 1|| 2TB|| [./Hosters/TransIP TransIP] || VPS X1[[BR]][[BR]]@RTM0 (Delft) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.1 || td-agent 1.3.3 || || || || CLARINEU-HAIP || High available IP address || || || || 136.144.144.150 || - || - || - || - || [./Hosters/TransIP TransIP] || || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || - || - || - || - || || CLARINEU-HAIP-DEV || High available IP address || || || || 136.144.144.52 || || - || - || - || [./Hosters/TransIP TransIP] || || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || - || - || - || - || || clarin-vcr.ids-mannheim.de || collections.clarin.eu || [https://gitlab.com/CLARIN-ERIC/compose_vcr/-/tree/production VCR] || 443 || PRODUCTION || 193.196.8.26 || CentOS || 4 || 8 || 100 || IDS || || sysops@clarin.eu || Oliver Schonefeld[[BR]]CLARIN Slack || || || || || || hetzner-vps3 || vlo.clarin.eu || [https://gitlab.com/CLARIN-ERIC/compose_vlo/ VLO][[BR]][https://gitlab.com/CLARIN-ERIC/compose_curation_module_linkchecker Curation module/linkchecker] || || PRODUCTION || 157.90.1.116 || CentOS 7 || 24 || 128 || 1800GB || Hetzner || AX61-NVMe || sysops@clarin.eu || https://robot.your-server.de/server || || || || || || hetzner-vps4 || || [https://gitlab.com/CLARIN-ERIC/compose_clarin_spf Infra SPF MD pipelines][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin-nginx-infra Infra static webserver][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin-piwik Matomo][[BR]][https://gitlab.com/CLARIN-ERIC/compose_clarin_centre-registry Centre Registry] || 8082, 44344, 44345[[BR]]44343[[BR]]44325[[BR]]44335 || PRODUCTION 2[[BR]]PRODUCTION 2[[BR]]PRODUCTION (Backup)[[BR]]PRODUCTION (Backup) || 95.216.225.96 || CentOS 7 || 8 || 64 || 512GB || Hetzner || EX42-NVMe[[BR]][[BR]](Finland) || sysops@clarin.eu || https://robot.your-server.de/server || 5.8.1 || td-agent 1.11.5 || 20.10.12 || 1.29.2 || || transip-vps10 || || [https://gitlab.com/CLARIN-ERIC/compose_idm Unity IDM (3.x.x)] || || PRODUCTION || 37.97.132.227 || AlmaLinux 8 || 4 || 8 || 300GB || [./Hosters/TransIP TransIP] || VPS X8[[BR]][[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl\\Status: [http://www.transipnoc.nl/ TransNOC] || 5.9.0 || td-agent 1.11.5 || 23.0.0 || 2.2.3 || }}} ### Beta / Development (clarin-dev.eu) ### {{{#!table style="white-space: nowrap;" ||= '''Canonical FQDN''' =||= '''Aliases''' =|| '''Services''' || '''Ports''' || '''Service Type''' ||= '''IPv4-address''' =||= '''OS''' =||= '''(v)CPUs''' =||= '''Memory\\(GiB)''' =||= '''Storage\\(GiB)''' =||= '''Hoster''' =|| '''Type''' ||= '''Responsible''' =||= '''Support''' =||= '''Collectd''' =|| '''Fluentd''' || '''Docker''' || '''Compose''' || || 37-97-154-156.colo.transip.net || clarineu-vps3[[BR]][https://dev-www.clarin.eu dev-www.clarin.eu][[BR]] || Main Website (dev primary)[[BR]]idm[[BR]]idm-delegation-pilot || 4430, 4431[[BR]]4432[[BR]]2443, 1000 || DEVELOPMENT[[BR]]DEVELOPMENT[[BR]]BETA || 37.97.154.156[[BR]]Priv. net. dev: 192.168.2.3 || CentOS[[BR]]7.9.2009 || 2 || 4 || 150 || [./Hosters/TransIP TransIP] || VPS X4[[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl[[BR]]Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.0 || td-agent[[BR]]1.2.6 || 20.10.12 || 2.2.3 || || 37-97-184-230.colo.transip.net || clarineu-vps4[[BR]][https://legacy-d8b3-www.clarin-dev.eu legacy-d8b3-www.clarin-dev.eu][[BR]]centres-staging.clarin.eu [[BR]]alpha-d4-centres.clarin.eu || [https://gitlab.com/CLARIN-ERIC/compose_clarin-drupal Main Website] (legacy reference instance: Drupal 8 Bootstrap 3)[[BR]]idm[[BR]][[Centre Registry]][[BR]][[BR]]!GitLab runners || 44305[[BR]][[BR]]44335[[BR]]44334 || DEVELOPMENT[[BR]]DEVELOPMENT[[BR]]DEVELOPMENT[[BR]]DEVELOPMENT[[BR]]TOOL || 37.97.184.230[[BR]]Priv. net. dev: 192.168.2.4 || !AlmaLinux[[BR]]8.5-4.el8 || 4 || 8 || 300 || [./Hosters/TransIP TransIP] || VPS X8[[BR]]@AMS0 (Amsterdam) || sysops@clarin.eu || [https://www.transip.nl/cp/vps/prm/57087/ CP], 2^nd^ best: support@transip.nl[[BR]]Status: [http://www.transipnoc.nl/ TransNOC] || 5.8.1 || td-agent[[BR]]1.11.5 || 20.10.7 || 1.29.2 || || 193.144.46.251 || eosc-cesga-vps1[[BR]][https://legacy-d7b3-www.clarin-dev.eu legacy-d7b3-www.clarin-dev.eu][[BR]][https://dev-www.clarin.eu dev-www.clarin.eu][[BR]][https://beta-switchboard.clarin.eu beta-switchboard.clarin.eu][[BR]][https://nextcloud.clarin-dev.eu/ nextcloud.clarin-dev.eu][[BR]] || [https://gitlab.com/CLARIN-ERIC/compose_clarin-drupal Main Website] (legacy reference instance: Drupal 7 Bootstrap 3)[[BR]]Main Website (dev backup)[[BR]]Switchboard beta[[BR]]Nextcloud instance with direct SSH access on port 22422 (B2Drop Switchoboard plugin dev)[[BR]](OPENSTACK BASED - Non Standard MTU) || [[BR]]44305[[BR]]44315[[BR]]44399[[BR]]44355[[BR]]22422 || || 193.144.46.251 || CentOS[[BR]]7.5.1804 || 12 || 24 || 800 || CESGA || || sysops@clarin.eu || https://fedcloud-osservices.egi.cesga.es/ [[BR]](Login via EGI sso)[[BR]][[BR]]Ruben Diez: rdiez@cesga.es || 5.8.1 || td-agent[[BR]]1.2.2 || 18.09.0 || 1.24.1 || || 78.128.250.25 || eosc-cesnet-vps1[[BR]]logs.clarin.eu || [[SystemAdministration/Monitoring/Kibana|Elastic search/Kibana]][[BR]][https://78.128.250.25:44332/ | Digital Object Gate][[BR]](OPENSTACK BASED - Non Standard MTU) || || [[BR]] 44332 || 78.128.250.25 || || 12 || 64 || 1000 || CESNET || || sysops@clarin.eu || https://dashboard.cloud.muni.cz/auth/login/?next=/ [[BR]][[BR]](Select EGI checkin, then login via EGI sso) || || || || || || hetzner-vps1 || beta-vlo.clarin.eu[[BR]]beta-collections.clarin.eu[[BR]]-[[BR]]fcs.clarin-dev.eu[[BR]]-[[BR]]- || VLO beta and curation beta[[BR]][https://gitlab.com/CLARIN-ERIC/compose_vcr/-/tree/beta VCR Beta][[BR]]Discovery service Alpha[[BR]]FCS[[BR]]Netkernel[[BR]]Gitlab Runners || || BETA[[BR]]BETA[[BR]]DEVELOPMENT[[BR]]BETA[[BR]]?[[BR]]TOOL || 168.119.38.169 || CentOS 7 || 12 || 128 || 934GB || Hetzner || EX52-NVMe[[BR]](Germany) || sysops@clarin.eu || https://robot.your-server.de/server || - || - || - || - || || hetzner-vps2 || alpha-vlo.clarin.eu[[BR]]alpha-curation.clarin.eu[[BR]]alpha-collections.clarin.eu[[BR]]europeana-oai.clarin.eu || VLO alpha and curation alpha[[BR]][[BR]][https://gitlab.com/CLARIN-ERIC/compose_vcr/-/tree/alpha VCR Alpha][[BR]][https://europeana-oai.clarin.eu/ Europeana OAI-PMH aggregator] || || DEVELOPMENT[[BR]]DEVELOPMENT || 136.243.133.121 || CentOS 7 || 12 || 128 || 934GB || Hetzner || EX52-NVMe[[BR]](Germany) || sysops@clarin.eu || https://robot.your-server.de/server || || || || || || hetzner-vps5 || || || || DEVELOPMENT || 65.108.201.6 || AlmaLinux 8 || 16 || 64 || 8000GB || || AX51 (Helsinki) || sysops@clarin.eu || https://robot.your-server.de/server || || || || || }}} ## Externally managed, with central services ## ||= '''Canonical FQDN''' =||= '''Aliases''' =||= '''IPv4-address''' =||= '''OS''' =||= '''Docker''' =||= '''(v)CPUs''' =||= '''Memory\\(GiB)''' =||= '''Storage\\(GiB)''' =||= '''Hoster''' =||= '''Responsible''' =|| || [./Hosts/vz07-clarin-list.im.hum.uu.nl vz07-clarin-list].im.hum.uu.nl || [wiki:lists.clarin.eu]\\newlists.clarin.eu || 131.211.143.192 || Debian\\6 || n/a || ?|| ?|| ?|| [./Hosters/UU UU] || ictenmedia@uu.nl - Official (generic)[[BR]]r.vanvalkenburg@uu.nl - Direct to René van Valkenburg || || [./Hosts/fsd-cloud22.zam.kfa-juelich.de fsd-cloud22].zam.kfa-juelich.de|| monitoring.clarin.eu || 134.94.199.42 || Ubuntu 14.04.4 LTS || n/a || || || || [./Hosters/FZJ FZJ] || CLARIN-support@fz-juelich.de || || [./Hosts/clarin.fz-juelich.de clarin].fz-juelich.de || - || 134.94.199.71 || || n/a || || || || [./Hosters/FZJ FZJ] || CLARIN-support@fz-juelich.de || || [./Hosts/clarin.ids-mannheim.de clarin].ids-mannheim.de || clarin.ids-mannheim.de || 193.196.8.17 || CentOS\\7.4 || n/a || 4 || 16 || 64 || [./Hosters/IDS IDS] || schonefeld@ids-mannheim.de || || [./Hosts/weblicht.sfs.uni-tuebingen.de weblicht].sfs.uni-tuebingen.de || weblicht.sfs.uni-tuebingen.de || 130.183.206.38 || Ubuntu\\16.04 || 1.12.3 || 4 || 64 || 500 || [./Hosters/UTU UTU] || emanuel.dima@uni-tuebingen.de || || spraakbanken.gu.se/ws/fcs/2.0/aggregator/ || contentsearch.clarin.eu || 130.241.42.13 || || || || || || Språkbanken || leif-joran.olsson@svenska.gu.seadded aa || ## Decommissioned ## ||= '''Canonical FQDN''' =||= ''Aliases'' =||= '''IPv4-address''' =||= '''OS''' =||= '''Docker''' =||= '''Hoster''' =||= '''Decommisioning notes''' =|| || dev-idp-clarin.esc.rzg.mpg.de || dev-idp.clarin.eu[[BR]]dev-sp.clarin.eu || 130.183.206.39 || Scientific Linux[[BR]]7.5 || 18.09.0 || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || alpha-vlo-clarin.esc.rzg.mpg.de || || 130.183.206.35 || Scientific Linux[[BR]]7.4 || n/a || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || [./Hosts/beta-vlo-clarin.esc.rzg.mpg.de beta-vlo-clarin].esc.rzg.mpg.de || beta-vlo.clarin.eu || 130.183.206.198 || Scientific Linux[[BR]]7.2 || 17.05.0-ce || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || [./Hosts/idp1-clarin.esc.rzg.mpg.de idp1-clarin].esc.rzg.mpg.de || idm.clarin.eu || 130.183.206.196 || Scientific Linux[[BR]]7.4 || 18.06.0 || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || centres-clarin.esc.rzg.mpg.de || staging-centres.clarin.eu || 130.183.206.32 || Scientific Linux[[BR]]7.5 || 18.09.0 || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || centres2-clarin.esc.rzg.mpg.de || centres.clarin.eu || 130.183.206.32 || Scientific Linux[[BR]]7.5 || 18.09.0 || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || idp2-clarin.esc.rzg.mpg.de || - || 130.183.206.33 || Scientific Linux[[BR]]7.4 || 18.06.0 || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || clarinvm.ics.muni.cz || || 147.251.9.199 || CentOS[[BR]]7.1.1503 || ?? || [./Hosters/CESNET CESNET] || sysops@clarin.eu || || [./Hosts/ems04.mpi.nl ems04].mpi.nl || || 192.87.79.165 || Ubuntu[[BR]]12.04.5 LTS || n/a || [./Hosters/MPI-PL MPI-PL] || sysops@clarin.eu || || [./Hosts/idp-clarin.esc.rzg.mpg.de idp-clarin].esc.rzg.mpg.de || - || 130.183.206.37 || SLES[[BR]]11.3 || n/a || [./Hosters/MPCDF MPCDF] || sysops@clarin.eu || || [./Hosts/stoor146.meta.zcu.cz stoor146].meta.zcu.cz ||- || 147.228.242.146 || CentOS[[BR]]7.1.1503 || 1.5.0|| [./Hosters/CESNET CESNET] || sysops@clarin.eu || || [./Hosts/catalog-clarin.esc.rzg.mpg.de catalog-clarin].esc.rzg.mpg.de || || 192.87.79.171 || SLES[[BR]]11.2 || n/a || [./Hosters/MPI-PL MPI-PL] || sysops@clarin.eu || || [./Hosts/im-linux-clarin-eu.im.hum.uu.nl im-linux-clarin-eu].im.hum.uu.nl || www.clarin.eu || 131.211.143.212 || Debian[[BR]]8 || n/a || [./Hosters/UU UU] || [mailto:webmaster@clarin.eu web team]\\ [mailto:sander@clarin.eu Sander Maijers]\\ [mailto:ictenmedia@uu.nl] || || im-linux-dev-clarin-eu.hum.uu.nl || - || 131.211.143.192 || Debian[[BR]]8 || n/a || [./Hosters/UU UU] || [mailto:webmaster@clarin.eu web team]\\ [mailto:sander@clarin.eu Sander Maijers]\\ [mailto:ictenmedia@uu.nl] || || [./Hosts/vz07-clarin-eu.im.hum.uu.nl vz07-clarin-eu].im.hum.uu.nl || - || 131.211.143.186 || Debian[[BR]]8 || n/a || [./Hosters/UU UU] || [mailto:webmaster@clarin.eu web team]\\ [mailto:sander@clarin.eu Sander Maijers]\\ [mailto:ictenmedia@uu.nl] || || lvps83-169-5-155.dedicated.hosteurope.de || || 83.169.5.155 || CentOS || n/a || [./Hosters/HostEurope HostEurope] || Decommissioned per 31.05.2018 || || [./Hosts/lvps92-51-161-129.dedicated.hosteurope.de lvps92-51-161-129].dedicated.hosteurope.de || vlo.clarin.eu || 92.51.161.129 || CentOS[[BR]]7.1.1503 || n/a || [./Hosters/HostEurope HostEurope] || Decomissioned per 31-10-2018 || || cloud-90-147-170-203.cloud.ba.infn.it || eosc-recas-vps1 || 90.147.170.203 || CentOS || || RECAS || Fatal Crash April 2021, never recommissioned || || [./Hosts/rs238144.rs.hosteurope.de rs238144.rs].hosteurope.de || vlo.clarin.eu || 91.250.82.71 || CentOS || || [./Hosters/HostEurope HostEurope] || Decomissioned July 2021 || || [./Hosts/rs236235.rs.hosteurope.de rs236235.rs].hosteurope.de || alpha-vlo.clarin.eu[[BR]][https://gitlab.com/CLARIN-ERIC/compose_vcr Virtual Collection Registry][[BR]][https://gitlab.com/CLARIN-ERIC/compose_vlo Virtual Language Observatory][[BR]]docker-runner-hosteurope-1[[BR]]docker-runner-hosteurope-2[[BR]]discovery[[BR]]FCS beta || 91.250.80.240 || CentOS || || [./Hosters/HostEurope HostEurope] || Decomissioned July 2021 || || 249811.rs.hosteurope.de || Link Checker || 5.35.250.44 || CentOS || || [./Hosters/HostEurope HostEurope] || Decomissioned July 2021 || # DNS entries and TLS certificates # Hosted by [https://www.transip.eu/ TransIP] admins: [mailto:dieter@clarin.eu Dieter Van Uytvanck], [mailto:andre@clarin.eu Andre Moreira], [mailto:willem@clarin.eu Willem Elbers] # Getting access # Shell access to the CLARIN hosts is only possible via key-based SSH. Contact sysops@clarin.eu to request access to a host. Make sure to include your public SSH key. Instructions and guidelines on how to create your OpenSSH key pair can be found [wiki:./Security/OpenSSH here]. ## [wiki:./Security] ## # Default VM setup # These [wiki:./Default_VM_setup instructions] describe how we install/provision/configure each host by default. ## Connections ## || '''service''' || '''port''' || '''type''' || '''direction''' || || ssh || 22 || tcp || incoming || || ssh || 22 || tcp || outgoing to gitlab.com || || collectd || 25826 || tcp || outgoing || || fluentd || 24224 || tcp || outgoing || ## Centos / Scientific Linux ## Some [./Centos notes] on administering Centos / Scientific linux hosts. ## SLES 11 ## We are in the process of migration our SLES 11 machines to CentOS/Scientific Linux. We collect some [./SUSE notes] on administering SLES hosts. ## Ubuntu ## We are in the process of migration our Ubuntu machines to CentOS/Scientific Linux. # Deploying and running services # Repositories: * Deploy script: https://gitlab.com/CLARIN-ERIC/deploy-script * Control script: https://gitlab.com/CLARIN-ERIC/control-script ## Deploy a service ## In the ''deploy'' users home directory (''/home/deploy''): {{{ sh deploy.sh --name service-name --git git-repo-name --tag 1.0.0 }}} Updates are performed by running the same command with a different tag and then using the ''control.sh'' script to restart the service. ## Initialize a service ## In the ''deploy'' users home directory (''/home/deploy''): {{{ sh control.sh service-name init }}} Customize ''/.env'' as needed. ## Start the service ## In the ''deploy'' users home directory (''/home/deploy''): {{{ sh control.sh service-name start }}} Other commands available: stop, restart, backup, restore, ... # Infrastructure and service status information # A manually curated service status overview including planned maintenance is kept at [https://www.clarin.eu/status clarin.eu/status]. Service availability statistics (sourced by [http://statuscake.com StatusCake]) are available at [http://status.clarin.eu status.clarin.eu]. Incidents are also posted automatically to the private [https://clarineric.slack.com/archives/sysalert sysalert] channel on Slack. Maintainers of services, in particular '''core services and A-services''' are requested to [https://goo.gl/forms/Mqzeu7Td0NXQ4UPP2 submit] '''expected downtime''' information timely. For more information, see [[./Monitoring/ServiceStatusGuidelines|Service status guidelines]]. # Documents # * [https://docs.google.com/presentation/d/1Y5VKItOqXtl18Mzhc7StGF-LYwQnYv8sluhmH5Zbm6c CLARIN Infrastructure Overview] * [https://docs.google.com/document/d/1FnQzBE64KsTUj4INXocFJ4mLsGvOwPgi8BvgHPpVFDw/edit?usp=sharing Docker Workflow and best practices] * Proposal: [https://docs.google.com/document/d/1G5sW8z7soEmosqm2xRooqwsZQbc2fTAzf0rEXYHWxk0 High Availability for the CLARIN infrastructure] * [https://docs.google.com/document/d/1EpW_z81s1vgUDDYEFVatRco7zyGmTcyiVsrVHxks02Y/ Sysops - infrastructure management] # Services # * [./CEArchive CE Archive] # Updates # ## Schedule ## The schedule is kept in this [https://docs.google.com/document/d/1iOQmGt7Q7Eekca2b7Eig1RzE9lgXcI5PiaxVTYy4CkM/edit Google Doc]. Don't forget to check the last field once you've done the updates. ## Workflow ## 1. Install security updates for beta servers on the monday. Reboot if neccessary, no announcement required 1. Install security updates for production servers on Tuesday. If a reboot is neccessary make a proper announcement for the Thursday. In exceptional cases spread the update over two weeks. Half of the servers in week 1, the other half on week 2.These cases include: * exceptionally many updates * updates to the kernel (might affect the docker daemon) * updates to the docker daemon ## Usefull commands ## || '''Task''' || CentOS (yum) || !AlmaLinux (dnf) || || List all available || `yum updateinfo list available` || `dnf list available` || || List available security updates || `yum updateinfo list security` || `dnf updateinfo list --security` || || || || `dnf updateinfo list --security --sec-severity [Severity]` || || Install all available secutiry updates || `yum update --security` || `dnf upgrade --security` || || Install specific CVE || `yum update --cve ` || `dnf upgrade --cve CVE-xxxx-xxxx,CVE-yyyy-yyyy` || || Check if a reboot is required || `needs-restarting -r` || `dnf needs-restarting -r` || Check for kernel and docker updates, pay special attention and exclude in case of doubt. # Metrics # ## Latency Checks ## ### Latency dashboard ### The latency check dashboard is available here: https://metrics.clarin.eu/d/000000019/latency ### Managing latency checks ### On transip-vps6 there is a collectd configuration in place that pings some of our VPSes. Ideally one for each provider / geographical area. To edit the latency checks edit /etc/collectd.d/ping.conf: {{{ LoadPlugin ping         Host "rs238144.rs.hosteurope.de"   Host "clarinvm.cesnet.cz" Host "idp1-clarin.esc.rzg.mpg.de" Host "clarin-vcr.ids-mannheim.de" Host "hetzner-vps1" }}} If a host is not properly reachable via a hostname, add a IP to hostname mapping in /etc/hosts. E.g.: {{{ 168.119.38.169 hetzner-vps1 }}} # Known issues # ## Docker ## ### dial tcp: lookup index.docker.io: no such host ### #### Error #### {{{ dial tcp: lookup index.docker.io: no such host }}} #### Symptoms #### While using Docker a user is unable to perform tasks such as pull new image or search for new images while the following error message appears: {{{ # docker pull debian:8 Pulling repository debian FATA[0053] Get https://index.docker.io/v1/repositories/library/debian/images: dial tcp: lookup index.docker.io: no such host }}} #### Solution #### No good solution available at this time. #### References #### * https://linuxconfig.org/docker-dial-tcp-lookup-index-docker-io-no-such-host-fix * https://robinwinslow.uk/2016/06/23/fix-docker-networking-dns/ * https://stackoverflow.com/questions/29266560/docker-container-can-reach-dns-but-not-resolve-hosts * https://github.com/moby/moby/issues/13381 # !GitLab # ## Managing a git repository on a server with a deploy key ## 1. Enable deploy key in gitlab reository * Goto Settings - Repository * Expand "Deploy Keys" * Enable the CLARIN keys (make sure to not use the public ones!) 2. Configure a ssh connection for gitlab on the service * Add the private part of the deploy key to /home/deploy/.ssh/id_rsa_gitlab_deploy * Edit /home/deploy/.ssh/config * Add: {{{ #Deploys Host gitlab.com User git HostName gitlab.com IdentityFile ~/.ssh/id_rsa_gitlab_deploy }}} 3. Use the SSH location to clone the repository * Example {{{ git clone git@gitlab.com:CLARIN-ERIC/compose_transip_vps5.git }}}