Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
users:start [2020/07/21 03:02] jesseusers:start [2020/08/01 02:05] jesse
Line 1: Line 1:
 ====== User Information ====== ====== User Information ======
  
-Note: some of these URLs might change as the migration finishes, basically iron.waffle.tech is just a temporary way to get to the new machine and will be replaced by just waffle.tech once the main webserver is totally moved over.+**Migration to the new machine is still only half-complete, so not everything is here yet and you should check the known issues section.**
  
 ===== Services ===== ===== Services =====
Line 14: Line 14:
  
 Incidentally, login.waffle.tech is special as it has complete direct access from the internet. This allows you to run various things like game servers and have them be accessible from the internet via the hostname login.waffle.tech. Generally speaking, all other machines are behind a restrictive firewall and usually also NAT due to IPv4 addresses being hard to get in any two-digit quantity. Incidentally, login.waffle.tech is special as it has complete direct access from the internet. This allows you to run various things like game servers and have them be accessible from the internet via the hostname login.waffle.tech. Generally speaking, all other machines are behind a restrictive firewall and usually also NAT due to IPv4 addresses being hard to get in any two-digit quantity.
 +
 +When connected to login.waffle.tech, run 'kinit' and log into Kerberos to allow convenient no-auth SSH to other waffle.tech machines.
  
 ===== Basic platform info ===== ===== Basic platform info =====
Line 21: Line 23:
 The basic platform is the open-source enterprise virtualization engine Proxmox. Most virtual machines run CentOS 8, but login.waffle.tech runs Fedora Server 32 to offer more recent versions. Access control is centralized by FreeIPA and, soon, Keycloak for SAML and oauth. All virtual machines share an internal network in reserved IP space, and the VM host forwards connections on many ports to various VMs. Some VMs (such as login) have an additional network interface which is directly on the internet with a public IP. The basic platform is the open-source enterprise virtualization engine Proxmox. Most virtual machines run CentOS 8, but login.waffle.tech runs Fedora Server 32 to offer more recent versions. Access control is centralized by FreeIPA and, soon, Keycloak for SAML and oauth. All virtual machines share an internal network in reserved IP space, and the VM host forwards connections on many ports to various VMs. Some VMs (such as login) have an additional network interface which is directly on the internet with a public IP.
  
-* [[users:IPAM|IPAM]]+===== Engineering ===== 
 + 
 + 
 +  * [[users:IPAM|IPAM]] 
 + 
 +===== Known Issues ===== 
 + 
 +  * Website auth (this website) is not against LDAP yet, due to some configuration issues. 
 +  * The mail server has occasionally been very slow due to filesystem performance issues. This seems to be fixed but I'm not counting my chicks yet. 
 +  * The Kubernetes environment needs some polish so that it's more usable - e.g. a way of distributing keys for kubectl.