Hardware

• 1U Asrock X470D4U AMD Ryzen Server short depth
• AMD 3900X 3.8ghz 12-core
• RAM 128GB DDR4 2666 ECC
• NVMe: 2TB Sabrent Rocket
• NVMe: 2TB Samsung 970 EVO Plus Plus

Access

Network configuration

• IP: 204.13.164.62
• Gateway: 204.13.164.1
• Netmask: 255.255.255.0
• DNS 1: 204.13.164.4
• DNS 2: 198.252.153.253

LUKS prompt

• The Linux Kernel is unable to show the LUKS prompt in multiple outputs.
• Iguana is currently configured to show the LUKS prompt in its "console", which is accessible through the HTTPS web interface (see below), under "Remote Control" -> "Launch KVM".
• The reason for choosing console instead of serial for now is that only one serial connection is allowed and sometimes we lose access to the BMC through the serial console, and then need to access it through HTTPS anyway.

IPMI Access

IPMI access is made through Riseup's jumphost[1] using binaries from freeipmi-tools[2].

[1] https://we.riseup.net/riseup+colo/ipmi-jumphost-user-docs [2] https://we.riseup.net/riseup+tech/ipmi-jumphost#jump-host-software-configuration

To access IPMI power menu:

make ipmi-power

To access IPMI console through the SoL interface:

make ipmi-console

To access IPMI through the web interface:

make ipmi-https

TLS Certificate of IPMI web interface

The certificate stored in ipmi-https-cert.pem is the one found when I fist used the IPMI HTTPS interface (see the Makefile for more). We can eventually replace it for our own certificate if we want.

Dropbear SSH access

You can unlock the LUKS device through SSH when Dropbear starts after grub boots.

To see Dropbear SSH fingerprints:

make dropbear-fingerprints

To connect to Dropbear and get a password prompt that redirects to the LUKS prompt automatically:

make dropbear-unlock

To open a shell using Dropbear SSH:

make dropbear-ssh

SSH Fingerprints

To see fingerprints for the SSH server installed in the machine:

make ssh-fingerprints