Difference between revisions of "Cloud"

Ever wanted to learn about cloud computing, but were worried about monthly costs or confusing product options?

Wanted something new to learn that's stay-at-home compatible?

Hacksburg has computing resources on-site which members can use from anywhere.

What Hacksburg Offers

• Member Virtual Machines
  • 2 cores, 6GiB RAM, 64GiB hard drive space
  • Private IP address on Hacksburg's network. Laptops, Raspberry Pis, etc. can all communicate directly with each other.
  • Public IPv6, so anyone on the Internet can connect to your server (subject to our firewall rules).
  • Gigabit Internet connection
  • *.<name>.cloud.hacksburg.org DNS wildcard
  • HTTP(S) for DNS wildcard to your server(s)
• Colocation (bring your own server/Pi/etc.)
  • Subject to power limits (please don't blow the breaker)
  • Colocated servers also on Hacksburg network
• VPN
  • Access your projects on Hacksburg's network from anywhere.

Hacksburg wants all members to explore computational projects using our resources. If there's something you think we can offer that isn't shown here, come to an open meeting or email board@hacksburg.org to discuss.

Want access?

• To get a virtual machine, make sure you're an active Hacksburg member, then email board@hacksburg.org
  • VPN access will only be given if you are a board member, have a VM, or have some other reason. Email board@hackburg.org to request VPN access.

Hacksburg Physical Hardware

• Main Server
  • HP ProLiant DL370 G6
  • 2x Xeon E5530, 8 Core / 16 Thread
  • 48GB of memory
  • 4x Gigabit Ports
  • 2x 10G SFP+ cages
  • Fibre channel
  • 8x 146GB 10K SAS in RAIDZ1 configuration (Total space reported: 1.06TB)
  • Runs ProxMox VM hosting software
• Second Server
  • IBM System x3650 M3
  • 2x Xeon X5675, 12 Core / 24 Thread
  • 96GB of memory
  • 10x Gigabit Ports
  • 2x Fibre channel
  • Hard Drives TBD
  • Will run ProxMox VM hosting software
• Sun Servers 1 and 2
  • SunFire X4200
  • Do not turn on the Sun Servers because they are unacceptably loud.
• Switch
  • tp-link 8-port Gigabit switch, TL-SG108

Hacksburg Network Layout

• pfSense Router
  • Internet comes in here
  • 192.168.15.1
• Main Server
  • ProxMox web interface for the main server. This is where you go to interact with your VMs.
  • How to access: https://cloud.hacksburg.org
  • Where it's located: 192.168.15.2
• Docker Host
  • Runs NGINX reverse proxy. All HTTP(S) traffic at Hacksburg runs through this NGINX reverse proxy. Members can request forwarding to their containers.
  • 192.168.15.3
  • Containers:
    • Jitsi Meet
      • https://meet.hacksburg.org
      • Hosts our open meetings and classes
    • PeerTube
      • https://video.hacksburg.org
      • Hosts recordings of our classes
• OctoPrint
  • Control interface for our 3D printer.
  • How to access: https://printer.hacksburg.org
  • Where it's located: 192.168.15.4

VPN

VPN allows direct access to the Hacksburg network from anywhere else that has access to the public Internet. Email board@hacksburg.org to get your username and password.

Connection Instructions

Windows 10

These instructions may also work for Windows 8.1, 7, Vista, etc.

1. Download the Hacksburg certificate: http://hacksburg.org/Hacksburg+CA.crt.

2. Right-click and choose "Install certificate".

3. Choose "Local Machine" (second option) and click Next.

4. Choose "Place all certificates in the following store" (second option).

5. In the window that comes up, choose "Trusted Root Certification Authorities" (second option). Click OK.

6. Click Next.

7. Click Finish.

8. It should say that importing the certificate was successful. Click OK.

9. Open an administrator PowerShell and run the following commands:

 Add-VpnConnection -Name "Hacksburg" -ServerAddress "cloud.hacksburg.org" –TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling –AllUserConnection
 Add-VpnConnectionRoute -ConnectionName "Hacksburg" -DestinationPrefix 192.168.15.0/24 -PassThru -AllUserConnection

You should now have a VPN named Hacksburg. Click the network icon in taskbar tray, click Hacksburg, and connect with the provided username and password.

Linux (and friends)

Setup

Install strongswan. If you use NetworkManager (Ubuntu), you can use these instructions [1] and fill in the following values:

VPN Server IP: 216.252.204.76

VPN Username: Email board@hacksburg.org to request

VPN Password: Email board@hacksburg.org to request

If you do not use NetworkManager, add the following rows to your ipsec.conf file. On Arch Linux, this file is located at /etc/ipsec.conf:

conn Hacksburg
        keyexchange=ikev2
        dpdaction=clear
        dpddelay=30s
        eap_identity="<USERNAME>"
        leftauth=esp-mschapv2
        left=%defaultroute
        leftsourceip=%config
        right=cloud.hacksburg.org
        rightauth=pubkey
        rightsubnet=0.0.0.0/0
        rightid=%any
        rightca=<CACERT>
        type=tunnel
        auto=add

Where <CACERT> is replaced by the path to this file: http://hacksburg.org/Hacksburg+CA.crt and <USERNAME> is replaced by the username issued to you by emailing board@hacksburg.org. Then, create the file /etc/ipsec.secrets and include the following line:

<USERNAME> : EAP "<PASSWORD>"

Where the username and password are issued to you by emailing board@hacksburg.org. Then, run

# ipsec auto --add Hacksburg

Then, make sure /etc/xl2tpd/xl2tpd.conf has the following contents:

lac Hacksburg]
lns = 216.252.204.76
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

And /etc/ppp/options.l2tpd.client has the following contents:

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
connect-delay 5000
name <USERNAME>
password <PASSWORD>

Again using the username and password you received from the board.

Start VPN

You can start the VPN by running:

# systemctl start strongswan
# swanctl -i -c Hacksburg