This manual is for System Operators running a pyCluster node.
It is intended to be closer in spirit to traditional DX cluster administration documentation: task-oriented, operator-focused, and separated from normal user docs.
A System Operator is responsible for:
- node identity and presentation
- local users and system operators
- access control
- blocked users
- peer links
- protocol health
- posting and operator tools
- security visibility
- deployment and service health
In practice that means a sysop should be able to:
- control what users see when they log in
- manage passwords and privileges
- define and troubleshoot peers
- understand protocol health without raw protocol spelunking
- respond to abuse or repeated bad logins
System Operator access exists in two places:
- telnet, through
sysop/* - the System Operator web console
Sysop telnet sessions use:
N0CALL-1#
System Operator web login requires:
- a local password
System Operatorprivilege on the node
Typical privileged telnet session:
login: N0CALL
password:
Welcome to pyCluster on N0CALL-1
N0CALL-1#
The # prompt is the main visual indicator that the session is privileged.
Use the Node Settings section of the sysop web console to manage:
- node call and alias
- owner name
- QTH and grid
- branding and welcome text
- telnet ports
- MOTD
- support contact
- website URL
- telnet login behavior such as post-MOTD status display
Typical uses of this section:
- updating the MOTD for maintenance or contest weekends
- changing telnet ports during a migration
- updating support contact and public branding
- changing welcome text before opening the node to new users
See:
pyCluster keeps local user administration inside the node itself.
Main tasks:
- create users
- update profile data
- set or clear passwords
- assign
System Operatoraccess - block and unblock users
- set access policy by channel/capability
Key ideas:
Blockedis separate from normal users- system operators are shown separately from ordinary local users
- access matrix controls where users can log in and what they may post
Common workflow: create or update a user
- open
Users - click
New Useror select an existing record - fill in profile details
- choose the access level
- click
Save User
Common workflow: block a user
- open the user record
- change
Access LeveltoBlocked - add a short note or block reason
- save the record
That block applies to the base callsign and matching SSID variants.
Useful telnet commands:
sysop/users
sysop/sysops
sysop/showuser N0CALL
sysop/password N0CALL newpass
sysop/clearpassword N0CALL
sysop/privilege N0CALL sysop
sysop/blocklogin N0CALL on
sysop/access N0CALL
sysop/setaccess N0CALL web login on
Use telnet for these actions when:
- you are working from a terminal-only environment
- you want a quick one-off operator action
- you want to verify privilege-gated behavior directly
pyCluster separates:
- transport address
- cluster family
This avoids conflating:
- how to connect
- how to behave after connection
Peer roles:
Dial-outAccepted
Operational tasks:
- define saved peers
- connect or disconnect peers
- view live traffic and health
- inspect policy drops
- adjust retry behavior
Typical outbound-peer workflow:
- click
New Peer - enter:
- peer name
- transport address
- cluster family
- optionally set a peer password
- save the peer
- connect it
Important distinction:
Transport Address- how pyCluster opens the connection
Cluster Family- how pyCluster behaves once the connection is established
See:
The Protocol Health area is where operators inspect:
- tracked peers
- health state
- alerts
- acknowledgements
- policy drops
- protocol history
It also controls thresholds such as:
- stale minutes
- flap score
- flap window
Useful telnet commands:
show/proto
show/protohistory
show/protoalerts
show/protoacks
show/policydrop
Typical troubleshooting flow:
- inspect
show/linksor the web peer table - check protocol summary health
- inspect policy drops
- review protocol history
- only then decide whether thresholds need adjustment
Spot review note:
- pyCluster now ingests plausible spot calls even when they are not recognized by the currently loaded prefix dataset
- suspicious calls are flagged in the System Console spot table with a
Reviewbadge - the app log records these as
spot call review: ...entries so sysops can audit which peer and callsign triggered the review signal
pyCluster uses layered security:
- callsign/password auth
- per-user access control
- blocked users
- structured auth-failure logging
fail2banintegration
The sysop web Security section shows:
- recent auth failures
- current bans
Typical login-abuse workflow:
- review recent auth failures
- see whether
fail2banhas already banned the source - block the callsign locally if needed
- adjust user access if the issue is capability abuse rather than login abuse
This is meant to keep the operator informed without requiring direct log-tail-only workflows.
See:
The Telemetry section groups:
- runtime stats
- recent spots
- recent audit
- security events
Useful telnet commands:
sysop/audit
sysop/services
sysop/restart telnet
show/log
show/users
show/links
Use audit and telemetry when:
- you need to know who changed a setting
- you need to confirm an operator action happened
- you need to understand recent runtime or security events quickly
Supported operational scripts:
deploy/install.shdeploy/upgrade.shdeploy/repair.shdeploy/uninstall.shdeploy/doctor.sh
Services:
pycluster.servicepyclusterweb.servicepycluster-cty-refresh.timer
Healthy baseline:
- core service active
- public web service active
- CTY refresh timer active
- wpxloc.raw configured and current if you use DXSpider-style WPX/location data
- database present
- security logging and
fail2banfunctioning
See:
For detailed command coverage, use:
Dataset status is visible in the System Operator Console Node Settings view and in telnet show/configuration. Use that before treating unknown prefixes as suspicious; stale CTY or missing wpxloc.raw data can make review cues less reliable.