[tech] Flame VM (was Re: Reducing entropy on mooneye )

Mark Tearle mtearle at tearle.com
Sat Apr 25 22:15:49 AWST 2020 

Hi Andrew

Just touching base, any joy with copying flame over?

Mark

-- 
Mark Tearle <mtearle at tearle.com>

On Wed, 22 Apr 2020, at 11:46 AM, Mark Tearle wrote:
> On Wed, 22 Apr 2020, at 12:33 AM, Andrew Williams wrote:
> > 
> > Wow, that's pretty impressive...
> > 
> 
> Thanks :)
> 
> > On 2020-04-20 10:48 PM, Mark Tearle wrote:
> > 
> > > Since your message, here's the progress:
> > > 
> > >   * A new VM (maculatus) has been created on UCC's Proxmox cluster (1G
> > >     RAM, 10G disk)
> > >   * Background behind the name here - https://wiki.ucc.asn.au/Maculatus
> > 
> > I can't reach that, I get an immediate connection closed - is it 
> > firewalled to UWA or UCC?
> > 
> 
> There's been various server upgrades happening across UCC over the past 
> 24 hours, that link should now work (again)
> 
> > >   * Aside from the DNS and initial install, it has been provisioned with
> > >     the ucc-ansible-soe
> > >   * Wheel SSH keys + Andrews ssh keys have been copied to this machine
> > >     for root
> > 
> > I just tried logging in.
> > 
> > When I SSHed to mooneye, and then did 'ssh maculatus', I got prompted 
> > for "flame at maculatus's password", and that account presumably doesn't 
> > have a password. When I did 'ssh andrew at maculatus' I got asked for 
> > "andrew at maculatus's password", but the password I used to get into 
> > mooneye doesn't work, so I guess it's not using LDAP (or whatever).
> > 
> > I had a look at my .ssh/authorized_keys file on mooneye - it was 
> > ancient, the only key in there was for 'wotho', a physics machine 
> > decommissioned 15 years ago. I've just updated it with keys for the 
> > machines I'm using now - if you could copy it to my account (and 
> > flame's), that would be great. Add my public key on mooneye, because I 
> > (currently) can't SSH directly into maculatus, I need to go through 
> > mooneye, and it'll save me from forwarding keys.
> > 
> 
> I've copied those newer keys of yours to the right places, and adjusted 
> any firewall rules that may have been catching the machine.
> 
> If you run a modern ssh, I suggest using the jump flag, for example:
> 
> ssh -J motsugo.ucc.asn.au flame at maculatus.ucc.asn.au
> 
> > 
> > >  7. Installs ttyd, and configures nginx proxy for web to telnet gateway,
> > >     at https://tty.flame.ucc.asn.au/
> > 
> > I'd forgotten that existed...
> > 
> 
> You're not going senile, that's new :)
> 
> > >  8. Install nginx proxy for flame web server at
> > >     https://www.flame.ucc.asn.au/  (Currently firewalled to UCC local
> > >     network only as the flame webserver is slightly broken)
> > 
> > I don't think I ever knew that flame had a webserver. I'm guessing it's 
> > written in LPC, and runs inside the mudlib? Fixing it will be painful, 
> > and I'm not sure it's worth it with all the hassle UCC is having now 
> > over UWA network policy changes.
> 
> I believe so, it listens on port 3552.   A project for an enthusiastic 
> flame denizen?
> 
> > >  2. A cron job needs to be added to drop a backup of flame into
> > >     /home/other/flame (so it gets picked up by the normal UCC backups),
> > >     and any other backups need to be tested and made working
> > 
> > I'll get my nightly backup running to the new instance, so the live copy 
> > stays up to date.
> 
> Excellent, let me know what that's up and working
> 
> > >  4. Email delivery to flame can probably be made to work again with an
> > >     appropriate bind mount added on the machine (and included in the
> > >     ansible role)
> > 
> > Flame can receive email? Really?
> > 
> 
> Yes, the mail config on mooneye was dropping mbox format files into 
> yakk's flame directory
> 
> > >  6. I attempted to compile a copy of the driver source that was in the
> > >     flame directory - gcc barfs out of the box due to changes in
> > >     varargs.   There looks like there are some modern forks of the code
> > >     out there, but would require further investigation by someone other
> > >     than me
> > 
> > I found FluffOS (https://github.com/fluffos/fluffos), a modern LPmud 
> > driver codebase with discowrld features, with backwards support back to 
> > 'MudOS v22', but I have no idea what version we're running (I only have 
> > the driver binary on my machine, not the source).
> > 
> 
> In 2000, it would have been Debian slink or potato, and we could see if 
> we could spin up an isolated VM of that release and see if we could 
> build our existing driver off the LPmud sources we have ....
> 
> > >  7. Fixing up the flame webserver - again someone other than me
> > >  8. Setting up a web to gopher gateway to access the flame gopher server
> > 
> > Do we really need to fix the gopher server? Gopher isn't really a thing 
> > any more.
> > 
> 
> Probably not
> 
> > >  9. Fixing up UCC's finger installation (including finger flame at ucc)
> > 
> > What did that do?
> > 
> 
> https://www.ucc.asn.au/cgi-bin/finger?flame
> 
> > > Anyhow, items 1 and 2 are the most pressing as these will enable things 
> > > to be moved off of mooneye. Suggestions on how to co-ordinate this?
> > 
> > I can copy the mudlib over, once my account is working. Then we can swap 
> > the DNS over whenever the firewall allows connections from outside UWA.
> 
> Excellent.  Let me know how you go.   If I'm at the computer, finding 
> me on the UCC discord is probably the easiest.
> https://discord.gg/aPpvXGy
> 
> > > Ps.  How do I reset my flame password cleanly? (for sparky)
> > 
> > Done, your password is now 'mark' - change it with the 'passwd' command 
> > when you log in.
> > 
> > Andrew
> >
> 
> Thank you, much appreciated.
> 
> Mark
> --
> Mark Tearle <mtearle at ucc.asn.au>
> _______________________________________________
> List Archives: http://lists.ucc.asn.au/pipermail/tech
> 
> Unsubscribe here: 
> https://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au

More information about the tech mailing list