User Information

Migration to the new machine is still only half-complete, so not everything is here yet and you should check the known issues section.

SSH to login.waffle.tech.

Incidentally, login.waffle.tech is special as it has complete direct access from the internet. This allows you to run various things like game servers and have them be accessible from the internet via the hostname login.waffle.tech. Generally speaking, all other machines are behind a restrictive firewall and usually also NAT due to IPv4 addresses being hard to get in any two-digit quantity.

When connected to login.waffle.tech, run 'kinit' and log into Kerberos to allow convenient no-auth SSH to other waffle.tech machines.

The new waffle.tech (read in the same voice as New Coke) is a single physical machine with dual 4-core Xeons (with HT), 128 GB RAM, 1TB of moderate performance (for SSDs) solid-state storage mirrored for redundancy, and 4TB of spinning platter storage also mirrored for redundancy. It is located in a shared rack in a mid-tier data center in Las Vegas, NV. The internet connection is very fast but is capped at tens of TB of transfer per month.

The basic platform is the open-source enterprise virtualization engine Proxmox. Most virtual machines run CentOS 8, but login.waffle.tech runs Fedora Server 32 to offer more recent versions. Access control is centralized by FreeIPA and, soon, Keycloak for SAML and oauth. All virtual machines share an internal network in reserved IP space, and the VM host forwards connections on many ports to various VMs. Some VMs (such as login) have an additional network interface which is directly on the internet with a public IP.

  • Website auth (this website) is not against LDAP yet, due to some configuration issues.
  • The mail server has occasionally been very slow due to filesystem performance issues. This seems to be fixed but I'm not counting my chicks yet.
  • The Kubernetes environment needs some polish so that it's more usable - e.g. a way of distributing keys for kubectl.
  • Last modified: 2020/08/01 02:05
  • by jesse