Operations

From Hack Manhattan Wiki
Jump to: navigation, search


Administrivia

Operations Contact List

Name Email Phone
Hack Manhattan Space VoIP Phone info@hackmanhattan.com +1-646-513-4503

Passwords

Every board member should have access to most of the relevant passwords. Some passwords for financial accounts are only held by a couple of board members.

IRC

At the moment only guan, rmd6502, and jacolatern have AFRefiorstv mode on #hackmanhattan on Freenode. obscurite has fo but that's a really weird setup.

Out of House Infrastructure and Utilities

Verizon FiOs

The building pays for 150/150 Mbps at $200 monthly.

Digital Ocean

We have a virtual machine with Digital Ocean. Backups are done with ? (I can't hear Guan over all this noise and heard something along the lines of dupe or rsync or something with two machines). This machine runs our website, wiki, building website, building wiki, and mailing lists. This is accomplished with a traditional LAMP stack (Apache, MySQL/MariaDB, PHP). We accomplish having multiple websites on the same host with Nginx. The machine's IP is 162.243.60.59. The typical username is hackmanhattan apparently. hackmanhattan.com points to a WordPress installation. wiki.hackmanhattan.com is a MediaWiki installation. ratpark.nyc is also another WordPress setup. wiki.ratpark.nyc is of course, MediaWiki. list.hackmanhattan is Postfix and Mailman, for mailing lists.

members.hackmanhattan.com, our in-house payment system, is a custom ?. For some reason list.hackmanhattan.com responds to requests to that hostname. Why?

Comodo

So we have SSL certs for every hostname currently involved except for ratpark.nyc, which keeps presenting hackmanhattan.com's instead. They're issued by Comodo. I would've thought we'd have had wildcard card certs for both major domains but apparently this is not the case (for *.hackmanhattan.com and *.ratpark.nyc).

Google Apps

@hackmanhattan.com (and therefore not @list.hackmanhattan.com) addresses are with Google Apps.

Network Infrastructure

IP and DHCP Information

The previous plan called for a private Class A block (10/8). After much thought, it was decided this was unreasonable.

This new plan will use a Class C subnet: 192.168.42.0/23. This gives us a theoretical maximum of 510 IPs. The main router also handle DHCP requests for both wired and wireless clients, assigning IPs from the range 192.168.43.1 to 192.168.43.254. Wired and wireless machines will be able to set up static IPs in the 192.168.42.1 to 192.168.42.255 range. Sure, one could set up VLANs, but since we don't intend on complicating our setup, a /23 is a reasonable thing to do.

Information for statically assigned IPs.
Variable Value Comment
IP Address n/a Be allocated one. Typically incremental. See the allocation table.
Subnet Mask 255.255.254.0
Gateway 192.168.42.1
DNS 192.168.42.1

Machine and IP Allocation Table

IP Hostname Device Maintainer Comment (Location)
n/a n/a Alcatel I-211M-K Operations ONT and Modem for Verizon FiOs
192.168.42.1 rtr1.ratpark.net TP-Link TL-WDR4300 v1 Operations Main router. Also does DNS, DHCP. Channel 1. Nonstandard port for external connections. Nonstandard password. (Hack Manhattan)
n/a n/a Netgear JGS516 Operations 16 Port Gigabit Switch
n/a n/a  ? Operations 8 Port Switch
n/a n/a  ? Operations 4 Port Switch
192.168.42.2 rtr2.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (2rd Floor Hallway)
192.168.42.3 rtr3.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 6. (3rd Floor Hallway)
192.168.42.4 rtr4.ratpark.net TP-Link TL-WDR4300 v1 Operations Channel 11. (Elevator Machine Room)
surv-frontdoor.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (First Floor)
surv-main.ratpark.net WRTnode Guan Yang Operates wirelessly. Can we change that? (Hack Manhattan)
wrtnode-hmdoor.ratpark.net WRTnode? Guan Yang Controls door strike. (First Floor)
octopi.ratpark.net Raspberry Pi Allows for unattended (no computer needed) printing. Username hackmanhattan. Canonical password. (Hack Manhattan)
boiler-wired.ratpark.net WRTnode Guan Yang Boiler controller and sensor. Is it still in use? (Where in the 3rd floor is the boiler?)
hackmanhattan.club  ? Guan Yang Is it still in use? (Where is it?)
wr703n.ratpark.net TP-Link TL-WR703N  ? We definitely do not need this. (Hack Manhattan)
quinn.ratpark.net What is this? (Where is it?)
ai-stem.ratpark.net What is this? (Where is it?)
kiosk.ratpark.net What is this? (Where is it?)
 !?!?!? The list goes on and on.
192.168.43.0 Operations DHCP Allocation Block
192.168.43.255 Operations Broadcast

Network Diagram

Current

parent_device
|(physical port on parent_device)-(physical port on child_device)child_device

null can be used where applicable (device only has 1 port, etc.)
? can be used for incomplete data that could not be obtained due to security reasons or other.

fiosmodem
|(null)-(wan)rtr1
             |(1)-(1)jgs516 # Netgear JGS516
                     |(7)-(null)big-box # Octopi, Big-Box, and Backup_Terminal
                     |(8)-(8)teg580g # Treadnet TEG-580g 8 port switch on Laptopia
                     |(9)-(null)gxp400 # IP Phone
                     |(15)-(1)rtr2
                              |(2)-(1)rtr3 # light pink cable that gets painted over on it's way up
                                      |(2)-(null)wrtnode # boiler wrtnode
                              |(3)-(?)firstfloor # goes into box, don't want to break it open
                              |(4)-(null)null # long blue cable that goes to nothing
                              |(wan)-(5)tlsg1005d # TP-Link TL-SG1005D
                                        |(4)-(null)ds215j # Synology DS215j
                                        |(1)-(null)null # goes into gray cable that goes to nothing
                     |(16)-(1)rtr4
                              |(2)-(null)null # black cable, goes to front of building
                              |(3)-(null)gx # grandstream telephone line modem/device, need model number
                              |(4)-(null)null # short blue cable, goes to nothing

I'm not going to use proprietary diagramming tools or bother writing some script to graph this. Text is enough and more than sufficient for our purposes.

Expected

Fiber Modem
|-rtr1.ratpark.net
  |-Netgear JGS516
    |-IP Phone
    |-8 Port Switch On Laptopia
    |-Area with octopi, bigbox, and backup terminal?
  |-rtr2.ratpark.net
    |-First Floor 4 Port Switch
  |-rtr3.ratpark.net
    |-Stuff in the boiler room?
  |-rtr4.ratpark.net?
    |-Stuff in the elevator machine room?

Security and Liability

It would be in our best interests to not homebrew hardware and instead use known commercial hardware. Ubiquiti comes to mind. They have the Unifi series of cameras, the UVC-Micro, UVC, UVC-Dome, and the UVC-Pro. One would use their appliance, which they provide free access to the packages for so you don't need to buy their hardware appliance and instead deploy it on your own machine.

Given that the UVC and the UVC-Micro run for ~100 each, it'd be great to cover the first floor, space, machine area, and roof with them. A separate webcam would be used for the public space webcam, and access to the appliance would be limited to the board and trusted members of the space. For about 400 dollars, we can cover the four spaces and we're not locked into some crappy online "cloud"-based DVR system.

Incidents

  • 2016-05-31: The space VoIP phone was reported to have no networking. A troubleshooting monkey was dispatched, and it was found that if one plugs said phone in the inappropriate holes, it will not work. RESOLVED.
  • 2016-05-23: Since our wrtnodes that run our streams operate within that band, our space stream was no longer accessible (but the front door still was?). This has been rectified by having it connect as a client to a different access point. Resolved.
  • 2016-05-23: Whilst performing hotfixes to rectify the 2016-05-23 network problem, one of our volunteer monkeys disabled the wireless interfaces on our space access point, and they are currently still down. Whack the main space stream once this is fixed. UNRESOLVED.
  • 2016-05-23: A building community member reported failure to obtain a DHCP lease on all over our access points' 2.4 GHz networks, which is extremely odd since they're all on the same VLAN and on the same hardware as their 5GHz radio interfaces. Regardless, volunteers attempted to look at the problem, which was magically gone by 2016-05-27. Unable to reproduce. Resolved.