Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 44
» Latest member: C.o.r.a.l
» Forum threads: 91
» Forum posts: 137

Full Statistics

Online Users
There are currently 3 online users.
» 0 Member(s) | 3 Guest(s)

Latest Threads
Club Meeting 2/9/2018 - I...
Forum: Announcements
Last Post: ITZach
02-06-2018, 08:37 PM
» Replies: 0
» Views: 64
Small Scale Internet on O...
Forum: General On Topic
Last Post: ITZach
02-05-2018, 01:41 AM
» Replies: 0
» Views: 34
OpenStack virtual hangout...
Forum: Announcements
Last Post: ITZach
01-30-2018, 07:42 PM
» Replies: 0
» Views: 49
A visual guide to OpenSta...
Forum: Tutorials
Last Post: ITZach
01-30-2018, 01:20 AM
» Replies: 1
» Views: 69
New images coming to the ...
Forum: General On Topic
Last Post: ITZach
01-25-2018, 05:58 PM
» Replies: 0
» Views: 34
New Member's Group Meetin...
Forum: Announcements
Last Post: ITZach
01-24-2018, 02:23 PM
» Replies: 0
» Views: 60
Winter 2018 Kickoff Meeti...
Forum: Announcements
Last Post: ITZach
01-17-2018, 05:45 PM
» Replies: 0
» Views: 91
Service Outage Alert: Ope...
Forum: Announcements
Last Post: ITZach
01-06-2018, 07:29 PM
» Replies: 0
» Views: 134
Console services are live...
Forum: Announcements
Last Post: ITZach
12-01-2017, 10:47 AM
» Replies: 0
» Views: 114
Pizza party on friday!
Forum: Announcements
Last Post: ITZach
11-29-2017, 03:19 AM
» Replies: 0
» Views: 159

 
  Fall Term Member Meeting - Week 8
Posted by: ITZach - 11-04-2017, 10:57 PM - Forum: Announcements - Replies (1)

On November 15th we will hold our first ever Member Meeting. These meetings are when all official voting will happen as well as when members will gain voting rights for the term. This is an important meeting for us and gives us a chance to talk about what's going in the club and what will be coming up in the club. This is also where any constitutional amendments must be introduced in order to be considered and voted on by the club.

When: Wednesday November 15th (11/15/2017) From 12pm to 3pm
Where: Covell Hall room 221



We understand that not everyone is available at the same times for regular meetings so to try and combat this we will have a 3 hour period for this member meeting in the middle of the day instead of at night. This should give everyone an easy opportunity to come meet with us for a few minutes at least to hear any important information and gain voting rights for the next meeting. If you cannot make that time period or you have a heavy schedule and you are not certain you will be able to make it please email either myself or one of the other officers before the meeting takes place. We will then make arrangements to grant you voting rights for the next term.

All members who do not attend the meeting or do not make arrangements with an officer will be removed from the club at the end of the term and any resource access they may have will be removed as well. This is not a disciplinary action, it is simply a way for us to maintain the most accurate and current records of participating members. If you are one of the members that are removed from the club you are welcome and encouraged to join again. If you do happen to miss the meeting and forget to make arrangements before hand, we may accepts arrangements to keep you as a current member without removing you. However no voting rights will be granted to anyone who does not attend the meeting or make arrangements before the meeting, no exceptions. Keep in mind that in order to use your voting rights you must be physically in attendance at the meeting the vote takes place.

We encourage everyone to read through the constitution to become more familiar with how the club operates. If you have any questions about member meetings please ask an officer and we will be happy to answer any questions!

Hope to see you all there! Smile

Print this item

  Analyze Suspicious Network Traffic
Posted by: semexanb - 11-03-2017, 01:42 PM - Forum: Get Help - Replies (2)

I'm doing the NSA Codebreaker challenge, and a challenge is to identify all TLS sessions associated with potentially malicious actors.
I am using wireshark to look at the pack, but I am not sure what a malicious actor looks like.

Print this item

  OpenStack Command Line Basics Part 2 - Creating VMs
Posted by: ITZach - 10-30-2017, 05:16 PM - Forum: Tutorials - No Replies

This is part two of my OpenStack tutorial on getting started with the basics. If you have not yet read part one please do so now because we will use some things we set up in that tutorial in this one. While using the web portal is much easier for someone just getting start with OpenStack, the command line client offers a lot more power and is much lighter weight.

To get started we first need to authenticate with OpenStack. If you are continuing directly from part one and have already done this once in your shell session then you can skip this step. If you have trouble with 403 errors then authenticate again just to be sure.

First set your credentials using the login-openrc file we created in the first tutorial.

[HackerMan@PentagonServer1]$ . login-openrc

Then request a token from OpenStack:

[HackerMan@PentagonServer1]$ openstack token issue

You should now have an authentication token and you will be able to create and manage your VMs. Before we can get started creating VMs we need to learn a few things about the resources available to us and set up a few other things.

The first and most important thing we will do is create a secure SSH key that we can later use to securely log in to our VMs without a password. This is very easy to do, but if you are operating from within the OpenStack shell and not a standard bash shell you should exit to the bash shell to make copying the key easy. From a standard shell it is easy to create a key using:

[HackerMan@PentagonServer1]$ openstack keypair create mykey > mykey.pem

Ok so what all just happened there? The first three parts of the command are openstack directives telling it that we want to create a new keypair for use by our VMs. The next bit sets the name for the key. Almost all objects in OpenStack can be named for easy management. The output of those first four words is the actual RSA key that is generated. It's not useful to us being printed on the screen so we need to capture it in a file to make use of it later, that is where the magic of linux command piping comes in to play. The last part of that command tells the linux operating system to take the output of the command and put it in a file called mykey.pem. If you look at the file that is created you will see the actual RSA key that was generated. It is very important to keep track of this key! Once a key has been generated in OpenStack it cannot be retrieved! That means if you lose a key there is no way to recover it and you will have to create a new one and rebuild all the instances that used the missing key.

One super critical detail with that key file is the permissions. If the permissions on that file are too open ssh will actually reject the key and you will not be able to log in. To fix this you simply need to change the permissions on the file:

[HackerMan@PentagonServer1]$ chmod go-rwx mykey.pem

This removes all permissions for all groups and all users. It makes it so that you are the only one who can view the file which makes it a much more secure key.

Next you will want to modify the default security group to allow ICMP traffic to your VMs (so you can ping your VMs) and TCP traffic on port 22 for SSH. To do this use the following command:

[HackerMan@PentagonServer1]$ openstack security group rule create --remote-ip 0.0.0.0/0 --protocol icmp --description "Allow ping" default
[HackerMan@PentagonServer1]$ openstack security group rule create --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 22 --description "Allow SSH" default

This tells openstack to add a new rule to the security group 'default' that allows all icmp traffic from any remote IP address. This way you will be able to ping your VM from the controller as well as from other VMs on the network. 

All the basic setup is done at this point but we still need to learn a few things before we can create our VMs. First we need to know what flavors are available to us. A flavor is a way to tell OpenStack how much of a resource to give to a VM. Flavors control the number of processor cores and amount of RAM a VM gets, as well as how much storage space to give it. Creating flavors allows administrators to better control the usage of resources within a system while still allowing users to be flexible. We can view the list of available flavors for our VMs with:

[HackerMan@PentagonServer1]$ openstack flavor list

The output should look something like this:
Code:
+--------------------------------------+----------+------+------+-----------+-------+-----------+
| ID                                   | Name     |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+----------+------+------+-----------+-------+-----------+
| 61cf8f44-10a7-4f56-b512-fed9cb851fe8 | m1.small | 2048 |   20 |         0 |     1 | True      |
| 806b21b9-ca6a-4495-9afc-5099db118745 | m1.tiny  |  512 |    1 |         0 |     1 | True      |
| d71b93db-366a-4cae-94c4-a8720ce97b9a | m1.mini  | 1024 |   10 |         0 |     1 | True      |
+--------------------------------------+----------+------+------+-----------+-------+-----------+

This shows you that there are three flavors available and what resources are available to each. We will have to chose one of these flavors when we actually create our VM.

The last thing we need to do before we can spawn our instance is to get a list of the boot images that are available. This is essentially like picking which installation disk to put in after we have built our computer. Our system has some of the more common operating systems already installed and ready to create and we can list them with:

[HackerMan@PentagonServer1]$ openstack image list

Which should produce something similar to:

Code:
+--------------------------------------+-------------------------------+--------+
| ID                                   | Name                          | Status |
+--------------------------------------+-------------------------------+--------+
| 90188f76-aeb2-456c-a78c-f5800de1bca7 | CentOS 7 Cloud                | active |
| 156f8398-e83d-47f6-9b08-059fb8da47fb | Cirros                        | active |
| b66f0bd0-aead-4247-b60c-b7577a12ca42 | Ubuntu Server 16.04 LTS Cloud | active |
+--------------------------------------+-------------------------------+--------+


At the time of writing this there are only three images available for use on the club servers. Each of these are specialized images that are meant to be run in cloud architectures. They have special features that allow them to be easily configured at startup without having to go through lengthy installation processes. If you just want to play around with creating VMs I would highly suggest Cirros as it is very small (it can run on m1.tiny with ease) and it does not require SSH keys to log in.

Now that we have our SSH key pair, modified our security group, listed flavors, and viewed our images, we can actually create or "spawn" an instance!

Creating instances is much easier than it seems. All that is required is simply:

[HackerMan@PentagonServer1]$ openstack server create --image Cirros --flavor m1.tiny --key-name mykey MyFirstServer

That command will return a large chunk of data about the instance that was just created. It's not important to save this information as you can retrieve information about any instance you own at any time. The build process takes a little time depending on the image, but you can check the progress of your VMs by running:

[HackerMan@PentagonServer1]$ openstack server list

Code:
+--------------------------------------+---------------+--------+------------------------+------------+
| ID                                   | Name          | Status | Networks               | Image Name |
+--------------------------------------+---------------+--------+------------------------+------------+
| 73a6d7fd-9f45-4ad2-9ea9-eaca1929ec62 | MyFirstServer | ACTIVE | provider=192.168.11.13 | Cirros     |
+--------------------------------------+---------------+--------+------------------------+------------+


This will show you some brief details about each instance you own within OpenStack. The two most important details are in the Status and Networks columns. The Status will tell you if your instance was created properly and is 'ACTIVE' or if it failed at startup. It will also tell you if your VM has been shutdown or is restarting. The networks column gives you a list of the IP addresses assigned to your VM. This is the IP address that you will use to log in to your VM to make changes or perform any tasks you may wish to perform.

Congrats! You now should have a running virtual machine within OpenStack! But we're not done quite yet. Now that you have a VM, how do you access it?

By default most cloud images only allow access through SSH with keys and no passwords. But that's not a problem since you should have created a keypair and assigned it to your VM. So all you need to do to log in to your new VM is provide a few extra options to SSH. So for example lets say that I want to log in to the newly created Cirros image. I know that the IP address of the instance is 192.168.11.13 and through a little google searching I can find that the default username for Cirros is simply cirros (usually with cloud images the admin account is named after the OS, so Ubuntu or Centos etc). I also remember that I have created a private key and saved it in a file called mykey.pem. So to log in to this newly running VM all I would have to do is run:

[HackerMan@PentagonServer1]$ ssh cirros@192.168.11.13 -i mykey.pem

It will ask you if you want to use the key provided, and then if everything works right you should be logged in to Cirros.

To start and stop your VM from OpenStack you can use:

[HackerMan@PentagonServer1]$ openstack server stop MyFirstServer

or

[HackerMan@PentagonServer1]$ openstack server start MyFirstServer

To reboot your VM you can use:

[HackerMan@PentagonServer1]$ openstack server reboot MyFirstServer

You can supply the reboot command with either --hard or --soft to tell it to soft or hard reboot the VM which can be useful for runaway VMs.

Each project within OpenStack has a resource quota that cannot be exceeded. This allows administrators to set a hard limit for resource use so that there are never more resources in use than what the hardware can provide. In our environment each project is allowed 2 VCPUs and 2048MB of RAM since we are limited on hardware. As our resources grow these quotas may increase and it may become useful to view your usage. Unfortunately I cannot remember the command to view quota status but I will update it when I find it again.

If at any time you want to delete your VM it is easy to do. Keep in mind that when you delete a VM all of its data will be deleted and cannot be recovered. It will not ask you to verify it so be sure that when you delete a VM you're sure you want to actually delete it. Once you are sure all you have to do is:

[HackerMan@PentagonServer1]$ openstack server delete MyFirstServer

That just about wraps up the basics of creating and managing VMs with OpenStack command line tools! If you have any additions or find any errors or issues please let me know so I can fix them!

Print this item

  OpenStack Play Date - Week 6 Meeting
Posted by: ITZach - 10-30-2017, 02:45 PM - Forum: Announcements - No Replies

Our OpenStack servers are live and ready for tenants to use! Unfortunately my previous demonstration about using the OpenStack dashboard no longer applies so that means I need to give a demo on using the command line interface. So that means having a meeting this week! This week I'm going to try something different and actually do two meetings back to back, one on Wednesday and one on Thursday. Hopefully this will allow more people to participate as well as give some grace for my short planning times (sorry guys, running a club is hard). So lets get down to brass tacks!

What: OpenStack Play Date - Hands on learning and account creation
When: Wednesday and Thursday (11/01/2017 and 11/02/2017) at 6pm
Where: STAG 260 both nights

We will be creating user accounts at this meeting so if you want to use our OpenStack servers please come to this meeting if you can. It will be easier for us to create a bunch of accounts at once and troubleshoot any issues in person before the demo. So if you plan to participate please bring a laptop or a tablet with a keyboard (you'll hate yourself if you try and run all the commands without a keyboard, trust me).

We're really excited to see how these resources get used, so if you do something cool please show it off!

Important Note: You must be an OSU student and be registered with the IT Club through SLI in order to gain access to our systems.

Print this item

  OpenStack Command Line Basics Part 1 - Logging in
Posted by: ITZach - 10-30-2017, 12:43 PM - Forum: Tutorials - No Replies

OpenStack can be a bit challenging to use even with a GUI and unfortunately we don't have GUI access. That means everything has to be done from the OpenStack command line client. This tutorial will help you get set up to use the command line interface effectively for creating and managing virtual instances in the OpenStack infrastructure.

The first step in getting things running is to get logged in to the control server from SSH. Server details will be given to members at the time of their credential creation.

Once you are logged in to the control server the most important step is getting authenticated with the OpenStack auth service. To do this you must create a file in your home directory that contains your login credentials. This file can be called anything but it MUST end in "-openrc" in order to work properly. A good name to pick would be "login-openrc". Place the following lines in this file replacing the username and project name with those provided to you after your account was created.


export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=<PROJECT NAME>
export OS_USERNAME=<USERNAME>
export OS_AUTH_URL=http://localhost:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
echo "Please enter your OpenStack password for user $OS_USERNAME"
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT

This file will be used every time you log in to OpenStack and can be used by running the command:


[HackerMan@PentagonServer1]$ . login-openrc

or

[HackerMan@PentagonServer1]$ ./login-openrc

Once that is done you can formally log in to the OpenStack command line.

All OpenStack operations rely on the user having an authentication token. This is a way of verifying that the user has logged in properly and has authorization to use the services. To create this token run the command:


[HackerMan@PentagonServer1]$ openstack token issue

It will ask you for your OpenStack password which is given to you after your account is created. It should then inform you that a token has been created and you will see details about the token. You are now logged in to OpenStack and can begin creating or managing your instances and services.

OpenStack commands can be run as standalone commands in the form of arguments to the shell command 'openstack' or they can be run directly in interactive mode by running 'openstack' without any arguments. The following will produce and new command prompt that looks like:

(openstack)

Once you have your token issued and are able to access the command line interface it is very important to change your password! You should never use a temporary password for more than the initial login. Your password should be secure with letters, numbers, and symbols and should not contain dictionary words. Once you have your OpenStack token you can change your password with the following command:

[HackerMan@PentagonServer1]$ openstack user password set

It will initially ask you for your OpenStack password, and then again for your current password (the same password twice). It will then ask you to enter your new password and verify it. Once that is done you should issue a new token.
You are now free to explore OpenStack! I will work on a follow up to this tutorial on how to actually create and spawn virtual instances from the command line and how to manage them.

Print this item

  IRC, Dischord, or Telegram Group Chat
Posted by: codysseus - 10-29-2017, 12:12 PM - Forum: General Off Topic - Replies (1)

It seems to me that all the cool kids are on any one of these three. Which do you think we should use?

Print this item

  No meeting this week - week 5
Posted by: ITZach - 10-24-2017, 06:03 PM - Forum: Announcements - No Replies

There will be no meeting this week as we try to get the OpenStack cluster prepared for use by members. Next week we will have multiple meeting times to get people registered and oriented with the OpenStack cluster so watch for those details. The previous demo I did for using OpenStack is unfortunately not applicable to our current set of services so I will need to give a new orientation on the operation of our cluster for those interested.

Print this item

  OpenStack is live!
Posted by: ITZach - 10-23-2017, 10:43 PM - Forum: Announcements - Replies (1)

This morning myself and my two officers undertook the task of deploying our OpenStack servers into the Kelley Engineering data center! These servers will run 24/7 and after a final setup will be available to club members registered through SLI. Unfortunately we are unable to provide the web dashboard service for OpenStack at this time which means all operations must be done through command line calls to OpenStack directly. This is something we were not anticipating and as such there are some preparations we must make before we can allow access to the resources. I'm hoping to have this all sorted out by the end of the week at which time officially registered members will begin to be granted access to the servers. We have been given access to the web interface which will allow members to use OpenStack from the dashboard or the command line. At this time we do not have web console access so all access to VMs must be done from the console. We are currently working to allow the web console and we will update this post once that is done. This is a big step forward for us and we are excited to see how these new resources will be put to use!

I will update this post with more information once the system is fully ready to begin receiving traffic.

Update 1: The system is now ready to start handling traffic and we will begin creating logins at the club meeting this week (week 6). It also looks like we will be getting web access to the system after all which will make things a lot easier for us and for you.

Update 2: The web services are live and ready to start handling traffic. Web services are only accessible from within the OSU network and from the SDS VPN. The web portal can be accessed from https://fw-it-club.eecs.oregonstate.edu.

Update 3: We have begun to create accounts for those interested in using OpenStack. In order to gain an account you must be a current student registered through SLI. Please contact myself or one of the other officers to request an account if you are interested. Information about logging in and accessing the system will be given to you after your account has been created.

Print this item

  Anyone wanna play EVE Online?
Posted by: ITZach - 10-19-2017, 05:54 PM - Forum: General Off Topic - Replies (1)

So does anyone want to play EVE Online? I used to play a lot and I have a character with really high mining skills. They recently made it free to play up to a certain point so you can always try it out too. It's pretty fun to play with a bunch of people so it would be cool to get some people from the club playing.

If anyone wants to chat at me on the Discord server in the gaming channel. Could be fun!

Print this item

  PSA: WPA2 has been cracked - security updates available
Posted by: ITZach - 10-17-2017, 12:07 PM - Forum: General On Topic - No Replies

In the past days it has come out that WPA2, the predecessor to WEP, has been cracked and is now considered vulnerable. WPA2 is a widely used form of WiFi encryption and was considered secure until recently. Most vendors have already released security patches for this vulnerability and a list can be found here. If you are using WPA2 for your WiFi networks please update immediately!

Print this item