welcome: please sign in

Diff for "AdminArea"

Differences between revisions 41 and 120 (spanning 79 versions)
Revision 41 as of 2007-03-05 03:34:57
Size: 5106
Editor: MichaelOlson
Comment: imap proxy is set up
Revision 120 as of 2009-08-22 21:13:57
Size: 1950
Editor: RichardDarst
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Introduction = #pragma section-numbers off
Line 3: Line 3:
[[TableOfContents]] This contains a list of pages that are of interest to the admins.
Line 5: Line 5:
= Special topic pages about migration and new set-up = <<TableOfContents>>
Line 7: Line 7:
 * AndrewFileSystem: Using our new shared filesystem
 * DaemonAdmin: Daemon-specific pages aimed at admins
 * DomTool: Administering and using the new domtool
 * NewSystemHardware: Information on the new hardware
 * TaskDistribution: What each sysadmin is responsible for
 * SoftwareArchitecturePlans: Plans for software installation
 * SystemArchitecturePlans: Plans regarding our hardware
= Planning =
Line 15: Line 9:
The following are outdated:  * OnSiteVisits: Records of visits by HCoop volunteers to our colocation facilities
 * RoadMaps: Detailed plans for future events.
 * '''Responsibilities'''
   * TaskDistribution: What each sysadmin is responsible for.
   * VolunteerResponsePolicy: Guidelines for responding to requests and email.
 * '''Records'''
   * IpAddresses: Listing of IPs that we use.
   * [[Hardware]]: Information on HCoop hardware.
   * HcoopAddresses: Physical addresses relevant to us.
 * AdminGroup: Listing of people who can delete pages and despam pages on the wiki.
Line 17: Line 20:
 * ColocationNextSteps: Listing of things to do after getting the hardware. = Sysadmin Stuff =
Line 19: Line 22:
= To-do list =  * AndrewFileSystem: Using our shared filesystem.
 * AuthenticationScheme: How authentication works on our systems.
 * DomTool: Administering and using domtool.
Line 21: Line 26:
== Before beginning to migrate members == == General Sysadmin ==
Line 23: Line 28:
 * Get Apache dynamic content execution on mire working with AFS.
 * Get Exim filter execution on deleuze working with AFS.
 * Get Courier execution on deleuze working with AFS.
 * Mailman?
 * Make ca@hcoop.net e-mail address working. It's the address that will be used in the certificate files.
 * Fix resolv.conf on both servers to have multiple good DNS servers for now, set it to use localhost once BIND is running and configured.
 * Figure out how to use Dell OMSA or other tools to monitor RAID and other hardware.
 * Configure Exim on mire to use deleuze as a smarthost. --MichaelOlson
 * Do performance testing on the new configuration, by having admins or other users monitor performance on mire (using vmstat, top, mytop, etc) and having one or more (perhaps multi-threaded) scripts requesting web pages from somewhere off of the Peer 1 network.
 * BackupInfo: Information on how to recover deleted files from our off-site backups.
 * CertificateAuthority: How to sign user SSL certificates and the like.
 * ChangingAdminPassword: How admins can change their UNIX passwords.
 * SetupNewMachines: How to put the basic hcoop AFS/Kerberos client config on a newly acquired machine.
 * DebianPackaging: How to make custom HCoop Debian packages.
 * KvmAccess: How to use the remove KVM and avoid going on site.
Line 33: Line 35:
== During migration == == Specific Services/Tasks ==
 * DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.).
 * SetupNewAfsServer: How to set up a new AFS server.
 * MemberFreezing: How to freeze and unfreeze members who get behind on dues
Line 35: Line 40:
 * Watchdog process to kill resource hogs
 * Migrate ejabberd mnesia db just before the dns switchover.
 * Set up back-up regime, possibly using [http://rsync.net/ rsync.net].
 * Get miscellaneous web stuff ported, like membership application, vmail password change, publicly-viewable statistics on membership, bandwidth usage stats, ....
== Specific Machines ==
 * RebootingDeleuze: Steps to take after rebooting deleuze.
 * RebootingMireSp: How to reboot mire using its SP interface.
Line 40: Line 44:

= Global Notes =

 * To edit LDAP database from a GUI tool, use ''gq'' program
 * To connect to hcoop's ldap server using ''gq'', create a SSH tunnel: ''' ssh -p 2222 -f -N -L 389:localhost:389 USERNAME@69.90.123.67''', and then connect to ''localhost:389'' in ''gq''.
 * For the description of the actual authentication scheme, see AuthenticationScheme.

= Tasks done =

== Deleuze ==

This machine donated by Justin Leitgeb seems real nice. Buffered disk throughput is about 1.5 GB/s. Raw disk reads are 60 MB/s for the two 36 GB disks and 120 MB/s for the 4-disk array. Not bad at all.

 * Removed excessive packages, cleaned up the system
 * Installed ''changetrack'' to monitor all config file changes. The program uses ''rcs'' and automatically keeps previous revisions. It is ran from ''cron'' on a daily basis.
 * Installed ''debsums'' to monitor file md5sums
 * Installed Courier IMAP and IMAP-SSL
 * Installed LDAP for user authentication. The system is currently configured to use LDAP and fallback to the usual ''/etc/'' files. Admin users will be added locally on all machines and will be able to log in even when LDAP is not operational.
 * Installed MIT Kerberos 5
 * Fixed date/time on the system. Installed ''ntpd''
 * Installed TLS support for LDAP. Certificate file is ''/etc/ldap/server.pem'', and ldap/ldaps ports are 389/636.
 * Installed Linux 2.6.18.3-grsec with 2.6.18-mm3 patches (2) for megaraid.
  * The patches and source tree installed, along with the .deb generated, is under /usr/src/ntk2. I set up sockets groups as on fyodor (7070-7072). SMP, with hyperthreading enhancements, is enabled. I also installed a bunch of packages that someone were uninstalled while I was gone (e.g., gcc). I also fixed the sudoers, wheel group, and admin home directories. --NathanKennedy
 * Kerberos + LDAP works.
 * Compiled requisite kernel modules, compiled and installed new OpenIPMI package, and installed dellomsa. Dell OMSA is now working. --NathanKennedy
 * Install SSH.
 * Permit new admins to log in by copying their SSH keys to their newly-created (empty) home directories.
 * Install AFS (need to repeat the reading on AFS and how it really works. Also it will influence the decision how to format ''/dev/sdb'' in the system) -- DavorOcelic
 * Install MySQL and PostgreSQL (input from AFS step and admin discussion needed to see how to exactly configure this).
 * Install BIND.
 * Install and configure Apache, to serve static web content only. --MichaelOlson
 * Review kernel configuration and install testnet. -- DavorOcelic
 * Configure exim4. --MichaelOlson
 * Configure Courier IMAP daemons, reviewing fyodor's config. --MichaelOlson
 * Migrate squirrelmail configuration settings from fyodor.
 * Configure Squirrel``Mail to use imapproxyd, which should give speed improvements once we migrate to deleuze. --MichaelOlson

= Mire =

 * Installed new second SCSI hard drive, reinstalled debian, and configured the drives with software RAID-1. --NathanKennedy
 * Configured Mire to work as a proper krb/ldap/afs client machine. --DavorOcelic

= Custom software =

 * DomtoolTwo
 * Vmail tools
 * Web portal
= Historical =
 * SoftwareArchitecturePlans: Plans for software installation.
 * SystemArchitecturePlans: Plans regarding our hardware.

This contains a list of pages that are of interest to the admins.

Planning

Sysadmin Stuff

General Sysadmin

Specific Services/Tasks

  • DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.).

  • SetupNewAfsServer: How to set up a new AFS server.

  • MemberFreezing: How to freeze and unfreeze members who get behind on dues

Specific Machines

Historical

AdminArea (last edited 2020-08-23 22:16:03 by ClintonEbadi)