[tech] Flame VM (was Re: Reducing entropy on mooneye )

Andrew Williams andrew at ucc.gu.uwa.edu.au
Wed Apr 22 00:33:31 AWST 2020 

Wow, that's pretty impressive...


On 2020-04-20 10:48 PM, Mark Tearle wrote:

> Since your message, here's the progress:
> 
>   * A new VM (maculatus) has been created on UCC's Proxmox cluster (1G
>     RAM, 10G disk)
>   * Background behind the name here - https://wiki.ucc.asn.au/Maculatus

I can't reach that, I get an immediate connection closed - is it 
firewalled to UWA or UCC?

>   * Aside from the DNS and initial install, it has been provisioned with
>     the ucc-ansible-soe
>   * Wheel SSH keys + Andrews ssh keys have been copied to this machine
>     for root

I just tried logging in.

When I SSHed to mooneye, and then did 'ssh maculatus', I got prompted 
for "flame at maculatus's password", and that account presumably doesn't 
have a password. When I did 'ssh andrew at maculatus' I got asked for 
"andrew at maculatus's password", but the password I used to get into 
mooneye doesn't work, so I guess it's not using LDAP (or whatever).

I had a look at my .ssh/authorized_keys file on mooneye - it was 
ancient, the only key in there was for 'wotho', a physics machine 
decommissioned 15 years ago. I've just updated it with keys for the 
machines I'm using now - if you could copy it to my account (and 
flame's), that would be great. Add my public key on mooneye, because I 
(currently) can't SSH directly into maculatus, I need to go through 
mooneye, and it'll save me from forwarding keys.


>  7. Installs ttyd, and configures nginx proxy for web to telnet gateway,
>     at https://tty.flame.ucc.asn.au/

I'd forgotten that existed...

>  8. Install nginx proxy for flame web server at
>     https://www.flame.ucc.asn.au/  (Currently firewalled to UCC local
>     network only as the flame webserver is slightly broken)

I don't think I ever knew that flame had a webserver. I'm guessing it's 
written in LPC, and runs inside the mudlib? Fixing it will be painful, 
and I'm not sure it's worth it with all the hassle UCC is having now 
over UWA network policy changes.

>  2. A cron job needs to be added to drop a backup of flame into
>     /home/other/flame (so it gets picked up by the normal UCC backups),
>     and any other backups need to be tested and made working

I'll get my nightly backup running to the new instance, so the live copy 
stays up to date.

>  4. Email delivery to flame can probably be made to work again with an
>     appropriate bind mount added on the machine (and included in the
>     ansible role)

Flame can receive email? Really?

>  6. I attempted to compile a copy of the driver source that was in the
>     flame directory - gcc barfs out of the box due to changes in
>     varargs.   There looks like there are some modern forks of the code
>     out there, but would require further investigation by someone other
>     than me

I found FluffOS (https://github.com/fluffos/fluffos), a modern LPmud 
driver codebase with discowrld features, with backwards support back to 
'MudOS v22', but I have no idea what version we're running (I only have 
the driver binary on my machine, not the source).

>  7. Fixing up the flame webserver - again someone other than me
>  8. Setting up a web to gopher gateway to access the flame gopher server

Do we really need to fix the gopher server? Gopher isn't really a thing 
any more.

>  9. Fixing up UCC's finger installation (including finger flame at ucc)

What did that do?

> Anyhow, items 1 and 2 are the most pressing as these will enable things 
> to be moved off of mooneye. Suggestions on how to co-ordinate this?

I can copy the mudlib over, once my account is working. Then we can swap 
the DNS over whenever the firewall allows connections from outside UWA.

> Ps.  How do I reset my flame password cleanly? (for sparky)

Done, your password is now 'mark' - change it with the 'passwd' command 
when you log in.

Andrew

More information about the tech mailing list