|
Size: 4355
Comment:
|
Size: 1950
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Deleuze = | #pragma section-numbers off |
| Line 3: | Line 3: |
| This machine donated by Justin Leitgeb seems real nice. Buffered disk throughput is about 1.5 GB/s. Raw disk reads are 60 MB/s for the two 36 GB disks and 120 MB/s for the 4-disk array. Not bad at all. | This contains a list of pages that are of interest to the admins. |
| Line 5: | Line 5: |
| == Tasks done == | <<TableOfContents>> |
| Line 7: | Line 7: |
| * Removed excessive packages, cleaned up the system * Installed ''changetrack'' to monitor all config file changes. The program uses ''rcs'' and automatically keeps previous revisions. It is ran from ''cron'' on a daily basis. * Installed ''debsums'' to monitor file md5sums * Installed Courier IMAP and IMAP-SSL * Installed LDAP for user authentication. The system is currently configured to use LDAP and fallback to the usual ''/etc/'' files. Admin users will be added locally on all machines and will be able to log in even when LDAP is not operational. * Installed MIT Kerberos 5 * Fixed date/time on the system. Installed ''ntpd'' * Installed TLS support for LDAP. Certificate file is ''/etc/ldap/server.pem'', and ldap/ldaps ports are 389/636. * Installed Linux 2.6.18.3-grsec with 2.6.18-mm3 patches (2) for megaraid. * The patches and source tree installed, along with the .deb generated, is under /usr/src/ntk2. I set up sockets groups as on fyodor (7070-7072). SMP, with hyperthreading enhancements, is enabled. I also installed a bunch of packages that someone were uninstalled while I was gone (e.g., gcc). I also fixed the sudoers, wheel group, and admin home directories. --NathanKennedy |
= Planning = |
| Line 18: | Line 9: |
| == TODO == | * OnSiteVisits: Records of visits by HCoop volunteers to our colocation facilities * RoadMaps: Detailed plans for future events. * '''Responsibilities''' * TaskDistribution: What each sysadmin is responsible for. * VolunteerResponsePolicy: Guidelines for responding to requests and email. * '''Records''' * IpAddresses: Listing of IPs that we use. * [[Hardware]]: Information on HCoop hardware. * HcoopAddresses: Physical addresses relevant to us. * AdminGroup: Listing of people who can delete pages and despam pages on the wiki. |
| Line 20: | Line 20: |
| In order of implementation (soonest first): | = Sysadmin Stuff = |
| Line 22: | Line 22: |
| * Get Kerberos and LDAP working completely. There's just ''some small bit'' to do to get everything working. -- DavorOcelic * Fix resolv.conf on both servers to have multiple good DNS servers for now, set it to use localhost once BIND is running and configured. * Install AFS (need to repeat the reading on AFS and how it really works. Also it will influence the decision how to format ''/dev/sdb'' in the system) -- DavorOcelic * Install MySQL and PostgreSQL (input from AFS step and admin discussion needed to see how to exactly configure this) -- DavorOcelic * Install BIND -- DavorOcelic * Review kernel configuration and install testnet. -- DavorOcelic * See why db4.2 recover takes a long time on LDAP restart if anything is modified in the directory -- DavorOcelic * Install and configure Apache, to serve static web content only. * Get domtool2 working (this to be done concurrent with mire). |
* AndrewFileSystem: Using our shared filesystem. * AuthenticationScheme: How authentication works on our systems. * DomTool: Administering and using domtool. |
| Line 32: | Line 26: |
| == Problems == | == General Sysadmin == |
| Line 34: | Line 28: |
| * When executing '''kinit; ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms''', instead of the correct answer, LDAP server dumps "Cannot open /etc/sasldb2" in error logs. This is a Berkeley DB file used when SASL assumes plain text identification, but here this is not the case (we want Kerberos authentication). I think the problem is in the lack of "{KERBEROS}" password type in userPassword LDAP field. I need to see if the problem simply consists of adding this option in the schema, or its unavailability suggests that LDAP can't do that. -- DavorOcelic * With ''debsums'', once you break md5sum of a config file, the file keeps being reported as mismatching even if you completely regenerate md5sums for a package!! -- DavorOcelic * The logical volume for /dev/sdb is supposed to be a 4-drive raid array, each drive ~73GB. Right now it seems to be configured as RAID1 mirroring the two drives, for a capacity of ~146G (see dmesg, for instance). This would be faster and the volume would be 73G bigger if it was set up as RAID5. I might need to do this from console, and I need to talk to Justin about it, since he set up the logical volumes and I thought he said that sdb was RAID5. --NathanKennedy |
* BackupInfo: Information on how to recover deleted files from our off-site backups. * CertificateAuthority: How to sign user SSL certificates and the like. * ChangingAdminPassword: How admins can change their UNIX passwords. * SetupNewMachines: How to put the basic hcoop AFS/Kerberos client config on a newly acquired machine. * DebianPackaging: How to make custom HCoop Debian packages. * KvmAccess: How to use the remove KVM and avoid going on site. |
| Line 38: | Line 35: |
| = Custom software = | == Specific Services/Tasks == * DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.). * SetupNewAfsServer: How to set up a new AFS server. * MemberFreezing: How to freeze and unfreeze members who get behind on dues |
| Line 40: | Line 40: |
| * DomtoolTwo * Vmail tools * Web portal * Watchdog process to kill resource hogs |
== Specific Machines == * RebootingDeleuze: Steps to take after rebooting deleuze. * RebootingMireSp: How to reboot mire using its SP interface. |
| Line 45: | Line 44: |
| These are my responsibility. Right now, I'm waiting for the more traditional stuff to be set up and stable before beginning. --AdamChlipala = Global TODO = * Make ca@hcoop.net e-mail address working. It's the address used in the certificate files. = Global Notes = * To edit LDAP database from a GUI tool, use ''gq'' program * To connect to hcoop's ldap server using ''gq'', create a SSH tunnel: ''' ssh -p 2222 -f -N -L 389:localhost:389 USERNAME@69.90.123.51''', and then connect to ''localhost:389'' in ''gq''. |
= Historical = * SoftwareArchitecturePlans: Plans for software installation. * SystemArchitecturePlans: Plans regarding our hardware. |
This contains a list of pages that are of interest to the admins.
Contents
Planning
OnSiteVisits: Records of visits by HCoop volunteers to our colocation facilities
RoadMaps: Detailed plans for future events.
Responsibilities
TaskDistribution: What each sysadmin is responsible for.
VolunteerResponsePolicy: Guidelines for responding to requests and email.
Records
IpAddresses: Listing of IPs that we use.
Hardware: Information on HCoop hardware.
HcoopAddresses: Physical addresses relevant to us.
AdminGroup: Listing of people who can delete pages and despam pages on the wiki.
Sysadmin Stuff
AndrewFileSystem: Using our shared filesystem.
AuthenticationScheme: How authentication works on our systems.
DomTool: Administering and using domtool.
General Sysadmin
BackupInfo: Information on how to recover deleted files from our off-site backups.
CertificateAuthority: How to sign user SSL certificates and the like.
ChangingAdminPassword: How admins can change their UNIX passwords.
SetupNewMachines: How to put the basic hcoop AFS/Kerberos client config on a newly acquired machine.
DebianPackaging: How to make custom HCoop Debian packages.
KvmAccess: How to use the remove KVM and avoid going on site.
Specific Services/Tasks
DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.).
SetupNewAfsServer: How to set up a new AFS server.
MemberFreezing: How to freeze and unfreeze members who get behind on dues
Specific Machines
RebootingDeleuze: Steps to take after rebooting deleuze.
RebootingMireSp: How to reboot mire using its SP interface.
Historical
SoftwareArchitecturePlans: Plans for software installation.
SystemArchitecturePlans: Plans regarding our hardware.