Fixing 7 year old Infrastructure (and breaking everything along the way)
This will serve as an impromptu post for a writeup on OSIRIS infrastructure. I need a place to write this stuff down before problems start occurring again.
Gateway
OSIRIS uses this an ancient Debian 8 host called pakhet. Specs of this machine are below:
| Component | Hardware | |
|---|---|---|
| CPU | AMD Opteron(tm) Processor 275 | Duo-Core 4 CPU @ 2.20GHz |
| Memory | DIMM DDR memory | 12gb DDR1 @ 400Mhz |
| Storage | disk drive | 64gb 50mbps I/O Speed |
There’s nothing much to look at. It’s an old, degraded Dell Proliant server from 2009 that somehow manages all the inbound connections to the inside clusters. When the infrastructure was handed to me, accessing the internal hosts meant port-forwarding the hypervisor web interface through SSH! This needs to be more secure. Perhaps a VPN service that goes to a firewall first.
Internal
Internally, there are 4 online hosts in the RG227 server room running the Proxmox hypervisor v6.14, several versions out of date. For the hypervisor upgrade, I recommend migrating over to the more reliable vmWare ESXI.
Services
There were few services left up when I was handed the infrastructure: a recruitment web page, a buggy, no-certificate security class materials page, and a few VPN endpoints. The existing NAS was offline. LDAP hasn’t worked for several years, and a few of the hosts haven’t been powered down for over a year.
Hosts
The newest host machine available is a Dell Poweredge R710 server from 2009. It’s configured with a PERC 6/i RAID controller and used for data redundancy.
Thoughts
To be honest, I think the infrastructure can last probably 3-4 years till someone recognizes that it’s not worth keeping around or finds some better way to network it. They’d probably have to go through a lot of IT hoops as well.