KYAULABS:Schema: Difference between revisions

From Wiki³
mNo edit summary
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:{{TitleIcon|kyau=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{DISPLAYTITLE:{{TitleIcon|kyau=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{Home|break=false}}
{{Home|break=false}}
<div id="tocalign">__TOC__</div>
= {{Icon|sitemap}} KYAU Network =
KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//www.ovh.com/us/ OVH]. The machine, as seen on the right, is from their essential dedicated server line and is located in their Beauharnois, CA facility, more specifically in datacenter [//weathermap.ovh.net/#beauharnois6 BHS6]. We are utilizing Kernel-based Virtual Machines (KVM) to separate our services onto separate virtual machines (VMs). All VM images are built in-house using [//www.packer.io Packer] and then tested extensively with [///www.vagrantup.com/ Vagrant]. The service VMs themselves are run using [//www.libvirt.org Libvirt] with the disk volumes sitting on LVM thin volumes on-top of RAID10(far2).
== {{Icon|notebook}} Security & Reliability ==
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
{{Note|We are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server}}
<div style="display:inline;float:right;padding-top:30px">{{MachineSpecs
<div style="display:inline;float:right;padding-top:30px">{{MachineSpecs
|title=SyS: E5v2-SAT-1-16
|title=SyS: E5v2-SAT-1-16
Line 12: Line 18:
|network=Intel i350 Dual Port 1Gb/s
|network=Intel i350 Dual Port 1Gb/s
|bandwidth=250Mb/s (unmetered)
|bandwidth=250Mb/s (unmetered)
|linux=Arch Linux x64_86
}}<br/>
<div class="mw-collapsible mw-collapsed" style="float:right;margin-right:16px;display:inline-block;width:350px;" data-expandtext="{{int:show}}" data-collapsetext="{{int:hide}}"><span style="float:right;display:inline-block;margin-right:8px;">'''OLD Dedicated Servers'''</span>
<div class="mw-collapsible-content">{{MachineSpecs
|title=OVH: KS-8G
|motherboard=Intel Desktop Board DH61AG Thin Mini-ITX
|chipset=Intel H61 Express
|cpu=Intel Core i3-2130; Sandy Bridge (3.5GHz)
|memory=Kingston 8GB DDR3 1333
|graphic-card=Intel HD 3000 Graphics
|drive=Toshiba 2TB 6.0Gb/s (7200RPM, 64MB Buffer)
|bandwidth=100Mb/s (2TB limit, then 10Mb/s)
|linux=Arch Linux x64_86
|linux=Arch Linux x64_86
}}</div>
}}</div>
</div></div>
== {{Icon|notebook}} Why Arch Linux? ==
Wiki³ is run on-top of [//www.archlinux.org Arch Linux] at [//www.ovh.com/us/ OVH]. The machine, as seen on the right, is from their dedicated server line and located at their Beauharnois, CA facility in datacenter [//weathermap.ovh.net/#beauharnois6 BHS6]. The wiki itself runs [//www.mediawiki.org MediaWiki] on-top of [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates configured to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
Arch Linux was an in-house decision we did not take lightly, in 2013 we switched from FreeBSD to Arch Linux and have not looked back. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about [[ArchLinux:Security|security]] and keep on top of [//security.archlinux.org/advisory advisories]. That being said we do not live in a perfect world, and our server logs are proof of that.
 
Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about [[ArchLinux:Security|security]] and keep on top of [//security.archlinux.org/advisory advisories]. That being said we do not live in a perfect world, and my server logs are proof of that. However since 2013 when I switched my servers over from FreeBSD to Arch Linux I have yet to have a single intrusion.
== {{Icon|notebook}} History ==
== {{Icon|notebook}} History ==
{{margin}}
{{margin}}
Line 36: Line 28:
{{Changelog|2017-07-29|E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.}}
{{Changelog|2017-07-29|E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.}}
{{Changelog|2017-07-24|VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.}}
{{Changelog|2017-07-24|VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.}}
{{Changelog|2013-12-10|KS-8G dedicated server purchased from OVH in their BHS datacenter.}}
{{Changelog|2013-12-10|<s>KS-8G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
== {{Icon|notebook}} Network ==
== {{Icon|notebook}} Network ==
The following is the complete network setup for everything that runs {{mono|kyau.net}}. While some things could be setup better, this setup was optimized for running everything on one large box doing in-house virtualization instead of running each on a separate VPS and letting someone else do the virtualization for me. In my experience, it can be very beneficial to have bare metal access when things go wrong.
The following is the complete network setup for everything that the KYAU Network is currently running.
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
|+ style="padding-bottom:4px"| Network Overview
|+ style="padding-bottom:4px"| Network Overview
|+ style="caption-side:bottom;padding-top:4px;font-weight:normal"| {{Red|* Denotes the IPv4 address location, all IPv6 reside in CA.}}
|-
|-
! Machine/VM
! Machine/VM
Line 49: Line 40:
! Hostname
! Hostname
! vMAC
! vMAC
! Location*
! Location
! IPv4
! IPv4
! IPv6
! IPv6
Line 57: Line 48:
| neutron.kyau.net
| neutron.kyau.net
| ∞
| ∞
| CA
| OVH.CA
| 158.69.253.213{{White|/32}}
| 158.69.253.213{{White|/32}}
| 2607:5300:120:dd5::{{White|/32}}
| 2607:5300:120:dd5::{{White|/64}}
|-
|-
| bind
| bind
Line 65: Line 56:
| dwarf.kyau.net
| dwarf.kyau.net
| 02:00:00:72:47:2b
| 02:00:00:72:47:2b
| US<br/>CA
| OVH.CA
| 142.44.172.223/32<br/>142.44.169.173{{White|/32}}
| 142.44.172.223{{White|/32}}<br/>142.44.169.173{{White|/32}}
| 2607:5300:120:dd5::1{{White|/32}}
| 2607:5300:120:dd5::1{{White|/64}}
|-
|-
| sql
| sql
Line 73: Line 64:
| nova.kyau.net
| nova.kyau.net
| 02:00:00:4d:3b:3b
| 02:00:00:4d:3b:3b
| US
| OVH.CA
| 142.44.152.32{{White|/32}}
| 142.44.152.32{{White|/32}}
| 2607:5300:120:dd5::2{{White|/32}}
| 2607:5300:120:dd5::2{{White|/64}}
|-
|-
| nginx
| nginx
Line 81: Line 72:
| pulsar.kyau.net
| pulsar.kyau.net
| 02:00:00:bc:c2:b7
| 02:00:00:bc:c2:b7
| US
| OVH.CA
| 142.44.172.255{{White|/32}}
| 142.44.172.255{{White|/32}}
| 2607:5300:120:dd5::3{{White|/32}}
| 2607:5300:120:dd5::3{{White|/64}}
|-
| backup
| Arch Linux
| blackhole.kyau.net
| 02:00:00:2a:70:29
| OVH.CA
| 142.44.179.213{{White|/32}}
| 2607:5300:120:dd5::4{{White|/64}}
|-
|-
| shell
| shell
| OpenBSD
| OpenBSD
| proto.kyau.net
| raptr.kyaulabs.com
| ??
| 02:00:00:6a:8a:64
| CA
| OVH.CA
| 167.114.151.176{{White|/29}}
| 167.114.151.176{{White|/29}}
| 2607:5300:120:dd5::5{{White|/32}}
| 2607:5300:120:dd5::5{{White|/64}}
|-
|-
| devel
| devel
Line 97: Line 96:
| dev.kyau.net
| dev.kyau.net
| ??
| ??
| ??
| OVH.CA
| ??
| ??
| ??
| ??
|-
|-
| ''VPS-SSD1''
| ''512MB SKVMS''
| Arch Linux
| Arch Linux
| chaos.kyau.net
| ecko.kyaulabs.com
|
| 00:16:3c:c9:e4:db
| CA
| RamNode (SEA)
| 158.69.196.14{{White|/32}}
| 107.191.104.151{{White|/32}}
| 2607:5300:201:3100::2dac{{White|/32}}
| 2604:180:1:447::2{{White|/64}}
|}
|}
One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with [//www.slackware.com/ Slackware], which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding [//docs.eggheads.org/mainDocs/botnet.html#what-is-a-botnet botnet] scripts for [//www.eggheads.org/ eggdrop] in TCL.
 
== {{Icon|notebook}} Shell Box ==
The shell box is our on-going experiment/education in security. It is powered by [//www.openbsd.org OpenBSD] and is open to anyone, provided they are willing to go through the application process. More details should be available soon.
{{Warning|The Shell Box is still currently in development and as such, is not available yet!}}
''"One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with [//www.slackware.com/ Slackware], which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding [//docs.eggheads.org/mainDocs/botnet.html#what-is-a-botnet botnet] scripts for [//www.eggheads.org/ eggdrop] in TCL." ~Kyau''
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
|+ style="padding-bottom:4px"| Shell Box
|+ style="padding-bottom:4px"| Shell Box
|+ style="caption-side:bottom;padding-top:4px;font-weight:normal"| {{Red|* Denotes the IPv4 address location, all IPv6 reside in CA.}}
|-
|-
! VHost
! VHost
Line 119: Line 121:
! Source
! Source
|-
|-
| proto.kyau.net
| raptr.kyaulabs.com
| 167.114.151.176{{White|/32}}
| 167.114.151.176{{White|/32}}
| 2607:5300:120:dd5::5{{White|/32}}
| 2607:5300:120:dd5::5{{White|/32}}
Line 129: Line 131:
| ∞
| ∞
|-
|-
| ??
| quantum.protoco.de
| 167.114.151.178{{White|/32}}
| 167.114.151.178{{White|/32}}
| 2607:5300:120:dd5::7{{White|/32}}
| 2607:5300:120:dd5::7{{White|/32}}
| ∞
| ∞
|-
|-
| ??
| ansi.bbs.io
| 167.114.151.179{{White|/32}}
| 167.114.151.179{{White|/32}}
| 2607:5300:120:dd5::8{{White|/32}}
| 2607:5300:120:dd5::8{{White|/32}}
| ∞
| ∞
|-
|-
| ??
| openbsd.efnet.de
| 167.114.151.180{{White|/32}}
| 167.114.151.180{{White|/32}}
| 2607:5300:120:dd5::9{{White|/32}}
| 2607:5300:120:dd5::9{{White|/32}}

Revision as of 12:17, 18 April 2018

Icon  Back to Main Page

Icon KYAU Network

KYAU Network is powered by Arch Linux and OVH. The machine, as seen on the right, is from their essential dedicated server line and is located in their Beauharnois, CA facility, more specifically in datacenter BHS6. We are utilizing Kernel-based Virtual Machines (KVM) to separate our services onto separate virtual machines (VMs). All VM images are built in-house using Packer and then tested extensively with Vagrant. The service VMs themselves are run using Libvirt with the disk volumes sitting on LVM thin volumes on-top of RAID10(far2).

Icon Security & Reliability

Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on DNS Spy. Our web server, running nginx with Let's Encrypt SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on SSL Labs.

IconWe are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server
Icon Arch Linux x64_86
SyS: E5v2-SAT-1-16
Icon Supermicro X9SRi-3F ATX Server Board
Icon Intel C606
Icon Intel Xeon E5-1620 v2; Ivy Bridge EP (3.7GHz, 10M Cache)
Icon Samsung 16GB DDR3 1866 ECC/REG CL13
Icon Matrox G200eW 16MB DDR2 Graphics
Icon Hitachi Ultrastar 7K4000 2TB 6.0Gb/s (7200RPM, 64MB)
Icon Hitachi Ultrastar 7K4000 2TB 6.0Gb/s (7200RPM, 64MB)
Icon Intel i350 Dual Port 1Gb/s
Icon 250Mb/s (unmetered)

Icon Why Arch Linux?

Arch Linux was an in-house decision we did not take lightly, in 2013 we switched from FreeBSD to Arch Linux and have not looked back. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about security and keep on top of advisories. That being said we do not live in a perfect world, and our server logs are proof of that.

Icon History

 
2017-08-15 : Migration to E5v2-SAT-1-16 complete.
2017-08-13 : E5v2-SAT-1-16 setup complete: OVH: Custom Installation, Hardening Arch Linux, KVM on Arch Linux
2017-07-29 : E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.
2017-07-24 : VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.
2013-12-10 : KS-8G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-05-31 : SP 16G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-01-13 : KS1 dedicated server purchased from OVH in their BHS datacenter. Terminated

Icon Network

The following is the complete network setup for everything that the KYAU Network is currently running.

Network Overview
Machine/VM OS Hostname vMAC Location IPv4 IPv6
E5v2-SAT-1-16 Arch Linux neutron.kyau.net OVH.CA 158.69.253.213/32 2607:5300:120:dd5::/64
bind Arch Linux dwarf.kyau.net 02:00:00:72:47:2b OVH.CA 142.44.172.223/32
142.44.169.173/32
2607:5300:120:dd5::1/64
sql Arch Linux nova.kyau.net 02:00:00:4d:3b:3b OVH.CA 142.44.152.32/32 2607:5300:120:dd5::2/64
nginx Arch Linux pulsar.kyau.net 02:00:00:bc:c2:b7 OVH.CA 142.44.172.255/32 2607:5300:120:dd5::3/64
backup Arch Linux blackhole.kyau.net 02:00:00:2a:70:29 OVH.CA 142.44.179.213/32 2607:5300:120:dd5::4/64
shell OpenBSD raptr.kyaulabs.com 02:00:00:6a:8a:64 OVH.CA 167.114.151.176/29 2607:5300:120:dd5::5/64
devel Arch Linux dev.kyau.net ?? OVH.CA ?? ??
512MB SKVMS Arch Linux ecko.kyaulabs.com 00:16:3c:c9:e4:db RamNode (SEA) 107.191.104.151/32 2604:180:1:447::2/64

Icon Shell Box

The shell box is our on-going experiment/education in security. It is powered by OpenBSD and is open to anyone, provided they are willing to go through the application process. More details should be available soon.

IconWARNING: The Shell Box is still currently in development and as such, is not available yet!

"One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with Slackware, which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding botnet scripts for eggdrop in TCL." ~Kyau

Shell Box
VHost IPv4 IPv6 Source
raptr.kyaulabs.com 167.114.151.176/32 2607:5300:120:dd5::5/32
?? 167.114.151.177/32 2607:5300:120:dd5::6/32
quantum.protoco.de 167.114.151.178/32 2607:5300:120:dd5::7/32
ansi.bbs.io 167.114.151.179/32 2607:5300:120:dd5::8/32
openbsd.efnet.de 167.114.151.180/32 2607:5300:120:dd5::9/32
?? 167.114.151.181/32 2607:5300:120:dd5::a/32
?? 167.114.151.182/32 2607:5300:120:dd5::b/32
?? 167.114.151.183/32 2607:5300:120:dd5::c/32