Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
users:start [2020/07/21 03:02] jesseusers:start [2020/07/21 04:08] jesse
Line 14: Line 14:
  
 Incidentally, login.waffle.tech is special as it has complete direct access from the internet. This allows you to run various things like game servers and have them be accessible from the internet via the hostname login.waffle.tech. Generally speaking, all other machines are behind a restrictive firewall and usually also NAT due to IPv4 addresses being hard to get in any two-digit quantity. Incidentally, login.waffle.tech is special as it has complete direct access from the internet. This allows you to run various things like game servers and have them be accessible from the internet via the hostname login.waffle.tech. Generally speaking, all other machines are behind a restrictive firewall and usually also NAT due to IPv4 addresses being hard to get in any two-digit quantity.
 +
 +When connected to login.waffle.tech, run 'kinit' and log into Kerberos to allow convenient no-auth SSH to other waffle.tech machines.
  
 ===== Basic platform info ===== ===== Basic platform info =====
Line 21: Line 23:
 The basic platform is the open-source enterprise virtualization engine Proxmox. Most virtual machines run CentOS 8, but login.waffle.tech runs Fedora Server 32 to offer more recent versions. Access control is centralized by FreeIPA and, soon, Keycloak for SAML and oauth. All virtual machines share an internal network in reserved IP space, and the VM host forwards connections on many ports to various VMs. Some VMs (such as login) have an additional network interface which is directly on the internet with a public IP. The basic platform is the open-source enterprise virtualization engine Proxmox. Most virtual machines run CentOS 8, but login.waffle.tech runs Fedora Server 32 to offer more recent versions. Access control is centralized by FreeIPA and, soon, Keycloak for SAML and oauth. All virtual machines share an internal network in reserved IP space, and the VM host forwards connections on many ports to various VMs. Some VMs (such as login) have an additional network interface which is directly on the internet with a public IP.
  
-* [[users:IPAM|IPAM]]+===== Engineering ===== 
 + 
 + 
 +  * [[users:IPAM|IPAM]]