KYAULABS:Schema: Difference between revisions

From Wiki³
mNo edit summary
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:{{TitleIcon|kyau=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{DISPLAYTITLE:{{TitleIcon|kyaulabs=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{Home|break=false}}
{{Back|KYAULABS}}
<div id="tocalign">__TOC__</div>
= {{Icon|sitemap}} KYAU Network =
KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//kyaulabs.com KYAU Labs]. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a [//www.wireguard.com Wireguard] VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using [//gitlab.com/kyaulabs/aarch kyaulabs/aarch].
== {{Icon|notebook}} Security & Reliability ==
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
{{Note|We are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server}}
<div style="display:inline;float:right;padding-top:30px">{{MachineSpecs
<div style="display:inline;float:right;padding-top:30px">{{MachineSpecs
|title=SyS: E5v2-SAT-1-16
|title=NEUTRON
|motherboard=Supermicro X9SRi-3F ATX Server Board
|case=InWin R400-03N Open-Bay 4U Server Case
|chipset=Intel C606
|motherboard=Supermicro X9DR3-F ATX Server Board
|cpu=Intel Xeon E5-1620 v2; Ivy Bridge EP (3.7GHz, 10M Cache)
|cpu=2x Intel Xeon E5-2650 v2; (20M Cache, 2.6GHz, 8.0 GT/s QPI)
|memory=Samsung 16GB DDR3 1866 ECC/REG CL13 <!-- M393B1G73QH0-CMA -->
|memory=6x SAMSUNG 8GB PC3L-10600R (2Rx4, 1.35V, ECC Registered)
|graphic-card=Matrox G200eW 16MB DDR2 Graphics
|memory2=4x SAMSUNG 4GB PC3L-10600R (2Rx4, 1.5V, ECC Registered)
|ssd=Hitachi Ultrastar 7K4000 2TB 6.0Gb/s (7200RPM, 64MB) <!-- HUS724020ALA640 -->
|graphic-card=EVGA GeForce GTX 960
|drive=Hitachi Ultrastar 7K4000 2TB 6.0Gb/s (7200RPM, 64MB) <!-- HUS724020ALA640 -->
|raid-card=LSI 9207-8i SAS Host Bus Adapter
|network=Intel i350 Dual Port 1Gb/s
|ssd=SAMSUNG SSD 830 Series 128GB
|bandwidth=250Mb/s (unmetered)
|drive=2x HGST Ultrastar C10K900 600GB 2.5" SAS2 10000RPM
|linux=Arch Linux x64_86
|drive2=2x Seagate Barracuda 5TB 2.5" SATA 6Gb/s
}}<br/>
|fan=2x Noctua NH-U9DX i4 CPU Fan
<div class="mw-collapsible mw-collapsed" style="float:right;margin-right:16px;display:inline-block;width:350px;" data-expandtext="{{int:show}}" data-collapsetext="{{int:hide}}"><span style="float:right;display:inline-block;margin-right:8px;">'''OLD Dedicated Servers'''</span>
|fan2=2x Noctua NF-R8 redux Case Fan
<div class="mw-collapsible-content">{{MachineSpecs
|bandwidth=1Gb/s (unmetered)
|title=OVH: KS-8G
|motherboard=Intel Desktop Board DH61AG Thin Mini-ITX
|chipset=Intel H61 Express
|cpu=Intel Core i3-2130; Sandy Bridge (3.5GHz)
|memory=Kingston 8GB DDR3 1333
|graphic-card=Intel HD 3000 Graphics
|drive=Toshiba 2TB 6.0Gb/s (7200RPM, 64MB Buffer)
|bandwidth=100Mb/s (2TB limit, then 10Mb/s)
|linux=Arch Linux x64_86
|linux=Arch Linux x64_86
}}</div>
}}</div>
</div></div>
== {{Icon|notebook}} Why Arch Linux? ==
Wiki³ is run on-top of [//www.archlinux.org Arch Linux] at [//www.ovh.com/us/ OVH]. The machine, as seen on the right, is from their dedicated server line and located at their Beauharnois, CA facility in datacenter [//weathermap.ovh.net/#beauharnois6 BHS6]. The wiki itself runs [//www.mediawiki.org MediaWiki] on-top of [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates configured to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
Arch Linux was an in-house decision not taken lightly, in 2013 the switch from FreeBSD to Arch Linux was made without regret. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about [[ArchLinux:Security|security]] and keep on top of [//security.archlinux.org/advisory advisories]. That being said we do not live in a perfect world, and server logs are proof of that.
 
Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about [[ArchLinux:Security|security]] and keep on top of [//security.archlinux.org/advisory advisories]. That being said we do not live in a perfect world, and my server logs are proof of that. However since 2013 when I switched my servers over from FreeBSD to Arch Linux I have yet to have a single intrusion.
== {{Icon|notebook}} History ==
== {{Icon|notebook}} History ==
{{margin}}
{{margin}}
{{Changelog|2017-08-15|Migration to E5v2-SAT-1-16 complete.}}
{{Changelog|2020-03-03|KYAU Labs main server rebuild.}}
{{Changelog|2017-08-13|E5v2-SAT-1-16 setup complete: [[ArchLinux:OVH|OVH: Custom Installation]], [[ArchLinux:Security|Hardening Arch Linux]], [[ArchLinux:KVM|KVM on Arch Linux]]}}
{{Changelog|2018-11-27|Purchased 3 VPS servers off of VirMach's Black Friday specials.}}
{{Changelog|2017-07-29|E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.}}
{{Changelog|2018-04-25|Services have been relocated to KYAU Labs.}}
{{Changelog|2017-07-24|VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.}}
{{Changelog|2017-08-15|<s>Migration to E5v2-SAT-1-16 complete.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-12-10|KS-8G dedicated server purchased from OVH in their BHS datacenter.}}
{{Changelog|2017-08-13|<s>E5v2-SAT-1-16 setup complete: [[ArchLinux:OVH|OVH: Custom Installation]], [[ArchLinux:Security|Hardening Arch Linux]], [[ArchLinux:KVM|KVM on Arch Linux]]</s> ''{{Red|Terminated}}''}}
{{Changelog|2017-07-29|<s>E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.</s> ''{{Red|Terminated}}''}}
{{Changelog|2017-07-24|<s>VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-12-10|<s>KS-8G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
== {{Icon|notebook}} Network ==
== {{Icon|notebook}} Network ==
The following is the complete network setup for everything that runs {{mono|kyau.net}}. While some things could be setup better, this setup was optimized for running everything on one large box doing in-house virtualization instead of running each on a separate VPS and letting someone else do the virtualization for me. In my experience, it can be very beneficial to have bare metal access when things go wrong.
The following is the complete network setup for everything that the KYAU Network is currently running.
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
|+ style="padding-bottom:4px"| Network Overview
|+ style="padding-bottom:4px"| Network Overview
|+ style="caption-side:bottom;padding-top:4px;font-weight:normal"| {{Red|* Denotes the IPv4 address location, all IPv6 reside in CA.}}
|-
|-
! Machine/VM
! Machine/VM
! OS
! OS
! Hostname
! Hostname
! vMAC
! Location
! Location*
! IPv4
! IPv4
! IPv6
! Description
|-
|-
| ''E5v2-SAT-1-16''
| SERVER
| Arch Linux
| Arch Linux
| neutron.kyau.net
| neutron.wa
| ∞
| KYAULABS-42A
| CA
| xx.x.xx.xx{{White|/32}}
| 158.69.253.213{{White|/32}}
| Dual Xeon E5-2650v2
| 2607:5300:120:dd5::{{White|/32}}
|-
|-
| bind
| VM
| Arch Linux
| Arch Linux
| dwarf.kyau.net
| pulsar.wa
| 02:00:00:72:47:2b
| KYAULABS-42A
| US<br/>CA
| xx.x.xx.xx{{White|/32}}
| 142.44.172.223/32<br/>142.44.169.173{{White|/32}}
| Grafana/InfluxDB (Monitoring)
| 2607:5300:120:dd5::1{{White|/32}}
|-
|-
| sql
| VM
| Arch Linux
| Arch Linux
| nova.kyau.net
| unifi.wa
| 02:00:00:4d:3b:3b
| KYAULABS-42A
| US
| xx.x.xx.xx{{White|/32}}
| 142.44.152.32{{White|/32}}
| UniFi Controller
| 2607:5300:120:dd5::2{{White|/32}}
|-
|-
| nginx
| VM
| Arch Linux
| Arch Linux
| pulsar.kyau.net
| dragon.wa
| 02:00:00:bc:c2:b7
| KYAULABS-42A
| US
| xx.x.xx.xx{{White|/32}}
| 142.44.172.255{{White|/32}}
| Minecraft Server / VPN Endpoint
| 2607:5300:120:dd5::3{{White|/32}}
|-
|-
| shell
| VM
| OpenBSD
| Arch Linux
| proto.kyau.net
| void.wa
| ??
| KYAULABS-42A
| CA
| xx.x.xx.xx{{White|/32}}
| 167.114.151.176{{White|/29}}
| Development
| 2607:5300:120:dd5::5{{White|/32}}
|-
|-
| devel
| VM
| Arch Linux
| Arch Linux
| dev.kyau.net
| vpn.wa
| ??
| KYAULABS-42A
| ??
| xx.x.xx.xx{{White|/32}}
| ??
| VPN Endpoint
| ??
|-
|-
| ''VPS-SSD1''
| VM
| Arch Linux
| Arch Linux
| chaos.kyau.net
| voidbbs.wa
|
| KYAULABS-42A
| CA
| xx.x.xx.xx{{White|/32}}
| 158.69.196.14{{White|/32}}
| VOID BBS
| 2607:5300:201:3100::2dac{{White|/32}}
|}
One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with [//www.slackware.com/ Slackware], which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding [//docs.eggheads.org/mainDocs/botnet.html#what-is-a-botnet botnet] scripts for [//www.eggheads.org/ eggdrop] in TCL.
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
|+ style="padding-bottom:4px"| Shell Box
|+ style="caption-side:bottom;padding-top:4px;font-weight:normal"| {{Red|* Denotes the IPv4 address location, all IPv6 reside in CA.}}
|-
|-
! VHost
| VM
! IPv4
| Arch Linux
! IPv6
| web.wa
! Source
| KYAULABS-42A
|-
| xx.x.xx.xx{{White|/32}}
| proto.kyau.net
| Web Server + VPN Endpoint
| 167.114.151.176{{White|/32}}
| 2607:5300:120:dd5::5{{White|/32}}
| ∞
|-
| ??
| 167.114.151.177{{White|/32}}
| 2607:5300:120:dd5::6{{White|/32}}
| ∞
|-
| ??
| 167.114.151.178{{White|/32}}
| 2607:5300:120:dd5::7{{White|/32}}
| ∞
|-
| ??
| 167.114.151.179{{White|/32}}
| 2607:5300:120:dd5::8{{White|/32}}
| ∞
|-
| ??
| 167.114.151.180{{White|/32}}
| 2607:5300:120:dd5::9{{White|/32}}
| ∞
|-
| ??
| 167.114.151.181{{White|/32}}
| 2607:5300:120:dd5::a{{White|/32}}
| ∞
|-
| ??
| 167.114.151.182{{White|/32}}
| 2607:5300:120:dd5::b{{White|/32}}
| ∞
|-
| ??
| 167.114.151.183{{White|/32}}
| 2607:5300:120:dd5::c{{White|/32}}
|
|}
|}


[[Category:Wiki3]]
== {{Icon|notebook}} Shell Box ==
''The shell box was decommissioned on April 25th, 2018 when all of our services were brought in-house. It is possible that it might be revived at a later date, but don't count on it.''
 
[[Category:KYAULABS]]

Latest revision as of 21:59, 27 November 2020

Icon  Back to Category:KYAULABS

Icon KYAU Network

KYAU Network is powered by Arch Linux and KYAU Labs. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a Wireguard VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using kyaulabs/aarch.

Icon Security & Reliability

Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on DNS Spy. Our web server, running nginx with Let's Encrypt SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on SSL Labs.

IconWe are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server
Icon Arch Linux x64_86
NEUTRON
Icon Supermicro X9DR3-F ATX Server Board
Icon 2x Intel Xeon E5-2650 v2; (20M Cache, 2.6GHz, 8.0 GT/s QPI)
Icon 2x Noctua NH-U9DX i4 CPU Fan
Icon 2x Noctua NF-R8 redux Case Fan
Icon 6x SAMSUNG 8GB PC3L-10600R (2Rx4, 1.35V, ECC Registered)
Icon 4x SAMSUNG 4GB PC3L-10600R (2Rx4, 1.5V, ECC Registered)
Icon EVGA GeForce GTX 960
Icon LSI 9207-8i SAS Host Bus Adapter
Icon SAMSUNG SSD 830 Series 128GB
Icon 2x HGST Ultrastar C10K900 600GB 2.5" SAS2 10000RPM
Icon 2x Seagate Barracuda 5TB 2.5" SATA 6Gb/s
Icon InWin R400-03N Open-Bay 4U Server Case
Icon 1Gb/s (unmetered)

Icon Why Arch Linux?

Arch Linux was an in-house decision not taken lightly, in 2013 the switch from FreeBSD to Arch Linux was made without regret. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about security and keep on top of advisories. That being said we do not live in a perfect world, and server logs are proof of that.

Icon History

 
2020-03-03 : KYAU Labs main server rebuild.
2018-11-27 : Purchased 3 VPS servers off of VirMach's Black Friday specials.
2018-04-25 : Services have been relocated to KYAU Labs.
2017-08-15 : Migration to E5v2-SAT-1-16 complete. Terminated
2017-08-13 : E5v2-SAT-1-16 setup complete: OVH: Custom Installation, Hardening Arch Linux, KVM on Arch Linux Terminated
2017-07-29 : E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G. Terminated
2017-07-24 : VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials. Terminated
2013-12-10 : KS-8G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-05-31 : SP 16G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-01-13 : KS1 dedicated server purchased from OVH in their BHS datacenter. Terminated

Icon Network

The following is the complete network setup for everything that the KYAU Network is currently running.

Network Overview
Machine/VM OS Hostname Location IPv4 Description
SERVER Arch Linux neutron.wa KYAULABS-42A xx.x.xx.xx/32 Dual Xeon E5-2650v2
VM Arch Linux pulsar.wa KYAULABS-42A xx.x.xx.xx/32 Grafana/InfluxDB (Monitoring)
VM Arch Linux unifi.wa KYAULABS-42A xx.x.xx.xx/32 UniFi Controller
VM Arch Linux dragon.wa KYAULABS-42A xx.x.xx.xx/32 Minecraft Server / VPN Endpoint
VM Arch Linux void.wa KYAULABS-42A xx.x.xx.xx/32 Development
VM Arch Linux vpn.wa KYAULABS-42A xx.x.xx.xx/32 VPN Endpoint
VM Arch Linux voidbbs.wa KYAULABS-42A xx.x.xx.xx/32 VOID BBS
VM Arch Linux web.wa KYAULABS-42A xx.x.xx.xx/32 Web Server + VPN Endpoint

Icon Shell Box

The shell box was decommissioned on April 25th, 2018 when all of our services were brought in-house. It is possible that it might be revived at a later date, but don't count on it.

Retrieved from "https://kyau.net/w/index.php?title=KYAULABS:Schema&oldid=4532"