[tech] Flame VM (was Re: Reducing entropy on mooneye )

Mark Tearle mtearle at ucc.asn.au
Wed Apr 22 11:46:33 AWST 2020 

On Wed, 22 Apr 2020, at 12:33 AM, Andrew Williams wrote:
> 
> Wow, that's pretty impressive...
> 

Thanks :)

> On 2020-04-20 10:48 PM, Mark Tearle wrote:
> 
> > Since your message, here's the progress:
> > 
> >   * A new VM (maculatus) has been created on UCC's Proxmox cluster (1G
> >     RAM, 10G disk)
> >   * Background behind the name here - https://wiki.ucc.asn.au/Maculatus
> 
> I can't reach that, I get an immediate connection closed - is it 
> firewalled to UWA or UCC?
> 

There's been various server upgrades happening across UCC over the past 24 hours, that link should now work (again)

> >   * Aside from the DNS and initial install, it has been provisioned with
> >     the ucc-ansible-soe
> >   * Wheel SSH keys + Andrews ssh keys have been copied to this machine
> >     for root
> 
> I just tried logging in.
> 
> When I SSHed to mooneye, and then did 'ssh maculatus', I got prompted 
> for "flame at maculatus's password", and that account presumably doesn't 
> have a password. When I did 'ssh andrew at maculatus' I got asked for 
> "andrew at maculatus's password", but the password I used to get into 
> mooneye doesn't work, so I guess it's not using LDAP (or whatever).
> 
> I had a look at my .ssh/authorized_keys file on mooneye - it was 
> ancient, the only key in there was for 'wotho', a physics machine 
> decommissioned 15 years ago. I've just updated it with keys for the 
> machines I'm using now - if you could copy it to my account (and 
> flame's), that would be great. Add my public key on mooneye, because I 
> (currently) can't SSH directly into maculatus, I need to go through 
> mooneye, and it'll save me from forwarding keys.
> 

I've copied those newer keys of yours to the right places, and adjusted any firewall rules that may have been catching the machine.

If you run a modern ssh, I suggest using the jump flag, for example:

ssh -J motsugo.ucc.asn.au flame at maculatus.ucc.asn.au

> 
> >  7. Installs ttyd, and configures nginx proxy for web to telnet gateway,
> >     at https://tty.flame.ucc.asn.au/
> 
> I'd forgotten that existed...
> 

You're not going senile, that's new :)

> >  8. Install nginx proxy for flame web server at
> >     https://www.flame.ucc.asn.au/  (Currently firewalled to UCC local
> >     network only as the flame webserver is slightly broken)
> 
> I don't think I ever knew that flame had a webserver. I'm guessing it's 
> written in LPC, and runs inside the mudlib? Fixing it will be painful, 
> and I'm not sure it's worth it with all the hassle UCC is having now 
> over UWA network policy changes.

I believe so, it listens on port 3552.   A project for an enthusiastic flame denizen?

> >  2. A cron job needs to be added to drop a backup of flame into
> >     /home/other/flame (so it gets picked up by the normal UCC backups),
> >     and any other backups need to be tested and made working
> 
> I'll get my nightly backup running to the new instance, so the live copy 
> stays up to date.

Excellent, let me know what that's up and working

> >  4. Email delivery to flame can probably be made to work again with an
> >     appropriate bind mount added on the machine (and included in the
> >     ansible role)
> 
> Flame can receive email? Really?
> 

Yes, the mail config on mooneye was dropping mbox format files into yakk's flame directory

> >  6. I attempted to compile a copy of the driver source that was in the
> >     flame directory - gcc barfs out of the box due to changes in
> >     varargs.   There looks like there are some modern forks of the code
> >     out there, but would require further investigation by someone other
> >     than me
> 
> I found FluffOS (https://github.com/fluffos/fluffos), a modern LPmud 
> driver codebase with discowrld features, with backwards support back to 
> 'MudOS v22', but I have no idea what version we're running (I only have 
> the driver binary on my machine, not the source).
> 

In 2000, it would have been Debian slink or potato, and we could see if we could spin up an isolated VM of that release and see if we could build our existing driver off the LPmud sources we have ....

> >  7. Fixing up the flame webserver - again someone other than me
> >  8. Setting up a web to gopher gateway to access the flame gopher server
> 
> Do we really need to fix the gopher server? Gopher isn't really a thing 
> any more.
> 

Probably not

> >  9. Fixing up UCC's finger installation (including finger flame at ucc)
> 
> What did that do?
> 

https://www.ucc.asn.au/cgi-bin/finger?flame

> > Anyhow, items 1 and 2 are the most pressing as these will enable things 
> > to be moved off of mooneye. Suggestions on how to co-ordinate this?
> 
> I can copy the mudlib over, once my account is working. Then we can swap 
> the DNS over whenever the firewall allows connections from outside UWA.

Excellent.  Let me know how you go.   If I'm at the computer, finding me on the UCC discord is probably the easiest.
https://discord.gg/aPpvXGy

> > Ps.  How do I reset my flame password cleanly? (for sparky)
> 
> Done, your password is now 'mark' - change it with the 'passwd' command 
> when you log in.
> 
> Andrew
>

Thank you, much appreciated.

Mark
--
Mark Tearle <mtearle at ucc.asn.au>

More information about the tech mailing list