The DAQ Server

                                                         @@@@@@@@@@@@
                                                     @@@@@@@@   =@@@
                                                  @@@@@+       +@@@
                                                @@@@     %@%-@@@@=
                                               @@@   *#@+  =@@@@
                                          @@@@@@%  @:   +@@@@@
                                    @@@@@@@@@@@@ +*+@@@@@@@@@
                               %@@@@@@-    .@@@@@@@@@@@@: @@@@@@@
                            %@@@@@      .@@@@@@@@@@           @@@@@@
                          @@@@@      +@@@         =@+..===:.     =@@@@-
                        @@@@=    .: @@=     .:..   :..    ...       @@@@:
                      @@@@     .  :-=     :.......    .....::...      @@@@
                    +@@@.             .:. .................:.:.         @@@@
                   +@@@             .:  .:...............        @@@@@   :@@@
                  +@@@  .:           :::.................  =@@@@#    %@   :@@@            .::
                 @@@    .           :::..............:-  .=.     *@@@       @@@@@@@@@@@@@@@@@@@@
                #@@@   .:          :.:................:  :*@@@@:@@@@@@ @@@@@         .@==*--@@@
                @@*              :::..............      .    @  :%@@@@@@@@:    @@@@   @@* @@@@
               %@@=  ..   --...:-:...................:...        @@@@  @@   @@@@  *@=  @@@@@@
              .@@*   .: =+ .--:.:.............:....:::..   .@@@@@:   @@     @@   @@@    =@@@
              @@@   .::::.....................:-=---:    @@@@+.-#@%   +@+    @@=@@       @
              @@@   ..:.:..................:...        @@@         @@@@       @@       @@
              @@@  ..::::::....:::...  :::.         -@@@          @@     @     @@@   .@@
              @@@     ..............:.        @@@@@@@@            @@#*@@@@@@   @@-  @@%
              @@@    ................:.   @@@@@-@@@@         @@@   -@@    @@@     %@@
              @@@   ..:......:::....   .@@@%:   @@             @*      @@@@+    .@@
              @@@   ..........   :   @@@@@@@@@@@@      @@   @@@@@    @@@@      @@@
               @@@  :........:--:.#@@@#..    +@@.      @@@@@@   @@@         @@@@@:
              @@@@+  .........  .:--      +@@@@@@        @      *@@      -@@@*@@@
             @  @@@    -:::.            =@@@@@@@@        @@@ ..        @@@@  #@@.
           @@    @@@   .......  .     #@@@@@@@@@@@+       @@      *@@@@@    *@@@
          @@     @@@@       .--.    -@@@@@@@@@@@@@@@@        =@@@@@@:   : -#@@@
        @@@        @@@=          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    -+-=  @@@@
       @@@          @@@%. .  +@@@@# -:.*@@@@@@@@@@@%@@@@@@@@@@  -%#*+:  -@@@@
      @@@@            @@@@@@@@@+-:-:+*#@@@@@@@*     %@@@@@@@:  --==    %@@@
     @@@+            =@%*=*=-=====--@@@@.        -@@@@@@@+   +###+.  @@@@@
    @@+@@      .@@@@@@=-+++--:..-@@@@*  .=-=+-+@@@@@@@    -+*=     @@@@@
    @@=+@@@@@@@@%=--+**+:-%@@@@@@*     =+*#*+@@@@@     .-=-    .*@@@@%
    @@+==--.:+##*===+@@@@@@= +@@@@@=         .      -:.     -@@@@@@
    #@@@@%#%@##@@@@@@@@         *@@@@@@@@%             #@@@@@@@@
       @@@@@@@@@-                   .@@@@@@@@@@@@@@@@@@@@@@@

Contribution

This page documents how to properly contribute to this documentation.

Our documentation uses an open source tool called mdbook. This is a lightweight commandline tool that allows us to write almost everything in markdown with a lot of quality of life features. If you are not familiar with this commandline tool, I recommend downloading it and playing around with it on your own computer. The mdbook command is very easy to learn. You only need to learn a single command to start contributing to this documentation: mdbook serve.

mdbook serve creates a localhost server on port 3000 that will display your local version of the documentation. This helps you to avoid the need to push your update to the remote main branch everytime you make an edit to your local repository. You will be able to see the edit immeidately showing up in your browser if you have the the website opened.

When to contribute

If you see typo, incorrect grammar, missing steps, or anything that you felt is unclear to you, you should try fixing them. If you want to add new documentation related to the DAQ server that is also a valid reason to contribute to the DAQ server documentation.

How to contribute

Clone the documentation’s Git repository.
Edit your local repository of the documentation to whatever you want.
Try using the Git commit convention for your commit messages.
- It’s totally fine if you don’t want to follow it.
Push the code to the remote main branch.
And wait. Github Action will see that the main branch is updated and run some scripts to automatically update the main DAQ server documentation that is hosted on our Github Page domain.

Getting Started

Remote Access

To access the DAQ server remotely we will be using SSH and UCR’s VPN. If you need to use the user with root permission on the server, please ask the DAQ lead for permissions. All programs that you need are already installed, so to prevent human errors occurring on the server because of typos or other misinputs, we have decided to limit the people getting root access on the server.

Connect to VPN

Please create an UCR engineer account first.

Follow this guide.

You can follow the UCR’s VPN guide to connect to the BCOE network–which is where our server’s LAN is located. If you don’t want to read the UCR guide, we have created a TLDR below that you can follow. If you are a Linux user or you want an open-source-only option, we have provided a guide for that below as well.

TLDR

Make sure:
- you can login into UCR’s CISCO Anyconnect VPN using vpn.ucr.edu (username and password should be the same as how you log into R’web)
- you have an engineer account.
Log into vpn.ucr.edu, and click on continue.
You will see instructions telling you how to install CISCO Anyconnect VPN client.
Download the client and install it.
Open the client and enter vpn.ucr.edu as the VPN endpoint where the client will connect to.
Login using the same username and password from vpn.ucr.edu
Click “Connect” and you should be connected to the UCR VPN after a few seconds.

Open source option

First, you need to download the command openconnect.
- Arch Linux: sudo pacman -S openconnect
Make sure:
- curl is avaliable in your PATH environment variable.
- you can login into UCR’s CISCO Anyconnect VPN using vpn.ucr.edu (username and password should be the same as how you log into R’web)
- you have an engineer account.
Download vpn.sh and fill out your USERNAME and PASSWORD inside of the file on line 3 and 4.
cd into where vpn.sh is located and make it executable chmod +x vpn.sh.
Run vpn.sh with ./vpn.sh
This script will ask for you to approve the login attempt on DUO application everytime you run it.

This is the content of vpn.sh:

#!/bin/env sh

USERNAME=""
PASSWORD=""
DOMAIN="https://vpn.ucr.edu"

#echo -n "Enter DUO Passcode: "
#read DUO_PASSCODE
DUO_PASSCODE="1"

echo Getting the \`tg\` cookie
VAR_tg=$(curl -s -v "${DOMAIN}/+CSCOE+/logon.html?tgroup=FTD_VPN" 2>&1 | grep -i "Set-Cookie:" | grep -oP '(?<=tg=)[^;]+')

echo Getting CSRFtoken cookie
CSRF_TOKEN=$(curl -s "${DOMAIN}/+CSCOE+/logon.html" | grep CSRFtoken | awk -F'"' '{print $4}')

# Random stuff that are required
curl -s "${DOMAIN}/+CSCOE+/logon.html" \
  -H "Cookie: tg=${VAR_tg}" \
  -H "Referer: ${DOMAIN}/" > /dev/null

curl -s "${DOMAIN}/+CSCOE+/blank.html" \
  -H "Cookie: tg=${VAR_tg}; webvpnlogin=1; webvpnLang=en; CSRFtoken=${CSRF_TOKEN}" \
  -H "Referer: ${DOMAIN}/+CSCOE+/logon.html" > /dev/null

echo Login using username and password
LOGIN_PAGE=$(curl -X POST -s "${DOMAIN}/+webvpn+/index.html" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Cookie: tg=${VAR_tg}; webvpnlogin=1; webvpnLang=en; CSRFtoken=${CSRF_TOKEN}" \
  -H "Referer: ${DOMAIN}/+CSCOE+/logon.html" \
  --data "tgroup=" \
  --data "next=" \
  --data "tgcookieset=" \
  --data "csrf_token=${CSRF_TOKEN}" \
  --data "username=${USERNAME}" \
  --data "password=${PASSWORD}" \
  --data "Login=Logon")

AUTH_HANDLE=$(echo $LOGIN_PAGE | sed -n 's/.*&auth_handle=\([^"]*\)".*/\1/p')
VAR_a1=$(echo $LOGIN_PAGE | sed -n 's/.*&a1=\([^"]*\)".*/\1/p')

# DUO challenge
HOME_PAGE=$(curl -X POST -v -s "${DOMAIN}/+webvpn+/login/challenge.html" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Referer: ${DOMAIN}/+CSCOE+/logon.html?reason=7&a0=2&a1=${VAR_a1}&a2=&a3=0&next=&auth_handle=${AUTH_HANDLE}&status=2&username=${UESRNAME}&serverType=0&challenge_code=0" \
  -H "Cookie: tg=${VAR_tg}; webvpnlogin=1; webvpnLang=en; CSRFtoken=${CSRF_TOKEN}" \
  -v \
  --data "next=" \
  --data "auth_handle=${AUTH_HANDLE}" \
  --data "status=2" \
  --data "username=${USERNAME}" \
  --data "challenge_code=0" \
  --data "csrf_token=${CSRF_TOKEN}" \
  --data "password=${DUO_PASSCODE}" 2>&1)

if [[ "$HOME_PAGE" != *"doStart"* ]]; then
  # failed to login
  echo failed to login
  exit 1
fi

WEBVPN_COOKIE=$(echo $HOME_PAGE | grep "Set-Cookie:" | sed -n 's/.*webvpn=\([^;]*\);.*/\1/p')

echo Sucessfully logged in. Connecting to VPN...

sudo openconnect --protocol=anyconnect -C "webvpn=${WEBVPN_COOKIE}" vpn.ucr.edu

The reason why this script is needed is because sudo openconnect --protocol=anyconnect vpn.ucr.edu by itself is not currently compatible with vpn.ucr.edu. What this script does is it extracts the login session cookie from vpn.ucr.edu and use it with openconnect.

SSH Access

For regular members, you should be using the user without root access. We want to reduce the amount of human errors that can happen on the machine. If you really need root access, please ask the DAQ lead.

After you are connected to the BCOE network, you can access the server through SSH.

Server IP: 169.235.18.162
Username: highlander
Password: hsp

ssh highlander@169.235.18.162

Keyboard shortcuts

DAQ Server