| Size: 5106 Comment: imap proxy is set up | Size: 2778 Comment: fix link to ListOfVolunteers | 
| Deletions are marked like this. | Additions are marked like this. | 
| Line 1: | Line 1: | 
| = Introduction = | #pragma section-numbers off | 
| Line 3: | Line 3: | 
| [[TableOfContents]] | This contains a list of pages that are of interest to the admins. | 
| Line 5: | Line 5: | 
| = Special topic pages about migration and new set-up = | <<TableOfContents>> | 
| Line 7: | Line 7: | 
| * AndrewFileSystem: Using our new shared filesystem * DaemonAdmin: Daemon-specific pages aimed at admins * DomTool: Administering and using the new domtool * NewSystemHardware: Information on the new hardware * TaskDistribution: What each sysadmin is responsible for * SoftwareArchitecturePlans: Plans for software installation * SystemArchitecturePlans: Plans regarding our hardware | = Planning = * OnSiteVisits: Records of visits by HCoop volunteers to our colocation facilities * RoadMaps: Detailed plans for future events. * '''Responsibilities''' * TaskDistribution: What each sysadmin is responsible for. * VolunteerResponsePolicy: Guidelines for responding to requests and email. * AdminArea/ListOfVolunteers who can help us do stuff... * '''Records''' * IpAddresses: Listing of IPs that we use. * [[Hardware]]: Information on HCoop hardware. * HcoopAddresses: Physical addresses relevant to us. * AdminGroup: Listing of people who can delete pages and despam pages on the wiki. | 
| Line 15: | Line 20: | 
| The following are outdated: | = Sysadmin Stuff = * AndrewFileSystem: Using our shared filesystem. * AuthenticationScheme: How authentication works on our systems. * DomTool: Administering and using domtool. * TipsAndTricks * DaemonFileSecurity | 
| Line 17: | Line 27: | 
| * ColocationNextSteps: Listing of things to do after getting the hardware. | == General Sysadmin == * BackupInfo: Information on how to recover deleted files from our off-site backups. * SetupNewMachines: How to put the basic hcoop AFS/Kerberos client config on a newly acquired machine. * DebianPackaging: How to make custom HCoop Debian packages. * KvmAccess: How to use the remove KVM and avoid going on site. * KvmInfo * UserManagement only talks about adduser/deluser right now. * ResourceLimits * InstalledSoftware lists non-debian installed software. * SystemAuthentication lists authentication * UsingResourceLimits If this is still accurate, we should move it to MemberManual area. | 
| Line 19: | Line 39: | 
| = To-do list = | == Specific Services/Tasks == * DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.). * MailMan contains no information... * SetupNewAfsServer: How to set up a new AFS server. * MemberFreezing: How to freeze and unfreeze members who get behind on dues * AdminUserSetup lists steps to create (blank), delete, and change passwords of admin users. * ChangingAdminPassword: How admins can change their UNIX passwords. * CertificateAuthority: How to sign user SSL certificates and the like. * ZoneTransfers is also mostly blank. * PrincipalsForNonHumans talks about kerberos for automated tasks. * SpamAssassinAdmin | 
| Line 21: | Line 51: | 
| == Before beginning to migrate members == | == Specific Machines == * PowerEdge2850 is about '''deleuze''' * RebootingDeleuze: Steps to take after rebooting deleuze. * RebootingMireSp: How to reboot mire using its SP interface. * HopperServiceProcessor * KrunkInfoz | 
| Line 23: | Line 58: | 
| * Get Apache dynamic content execution on mire working with AFS. * Get Exim filter execution on deleuze working with AFS. * Get Courier execution on deleuze working with AFS. * Mailman? * Make ca@hcoop.net e-mail address working. It's the address that will be used in the certificate files. * Fix resolv.conf on both servers to have multiple good DNS servers for now, set it to use localhost once BIND is running and configured. * Figure out how to use Dell OMSA or other tools to monitor RAID and other hardware. * Configure Exim on mire to use deleuze as a smarthost. --MichaelOlson * Do performance testing on the new configuration, by having admins or other users monitor performance on mire (using vmstat, top, mytop, etc) and having one or more (perhaps multi-threaded) scripts requesting web pages from somewhere off of the Peer 1 network. == During migration == * Watchdog process to kill resource hogs * Migrate ejabberd mnesia db just before the dns switchover. * Set up back-up regime, possibly using [http://rsync.net/ rsync.net]. * Get miscellaneous web stuff ported, like membership application, vmail password change, publicly-viewable statistics on membership, bandwidth usage stats, .... = Global Notes = * To edit LDAP database from a GUI tool, use ''gq'' program * To connect to hcoop's ldap server using ''gq'', create a SSH tunnel: ''' ssh -p 2222 -f -N -L 389:localhost:389 USERNAME@69.90.123.67''', and then connect to ''localhost:389'' in ''gq''. * For the description of the actual authentication scheme, see AuthenticationScheme. = Tasks done = == Deleuze == This machine donated by Justin Leitgeb seems real nice. Buffered disk throughput is about 1.5 GB/s. Raw disk reads are 60 MB/s for the two 36 GB disks and 120 MB/s for the 4-disk array. Not bad at all. * Removed excessive packages, cleaned up the system * Installed ''changetrack'' to monitor all config file changes. The program uses ''rcs'' and automatically keeps previous revisions. It is ran from ''cron'' on a daily basis. * Installed ''debsums'' to monitor file md5sums * Installed Courier IMAP and IMAP-SSL * Installed LDAP for user authentication. The system is currently configured to use LDAP and fallback to the usual ''/etc/'' files. Admin users will be added locally on all machines and will be able to log in even when LDAP is not operational. * Installed MIT Kerberos 5 * Fixed date/time on the system. Installed ''ntpd'' * Installed TLS support for LDAP. Certificate file is ''/etc/ldap/server.pem'', and ldap/ldaps ports are 389/636. * Installed Linux 2.6.18.3-grsec with 2.6.18-mm3 patches (2) for megaraid. * The patches and source tree installed, along with the .deb generated, is under /usr/src/ntk2. I set up sockets groups as on fyodor (7070-7072). SMP, with hyperthreading enhancements, is enabled. I also installed a bunch of packages that someone were uninstalled while I was gone (e.g., gcc). I also fixed the sudoers, wheel group, and admin home directories. --NathanKennedy * Kerberos + LDAP works. * Compiled requisite kernel modules, compiled and installed new OpenIPMI package, and installed dellomsa. Dell OMSA is now working. --NathanKennedy * Install SSH. * Permit new admins to log in by copying their SSH keys to their newly-created (empty) home directories. * Install AFS (need to repeat the reading on AFS and how it really works. Also it will influence the decision how to format ''/dev/sdb'' in the system) -- DavorOcelic * Install MySQL and PostgreSQL (input from AFS step and admin discussion needed to see how to exactly configure this). * Install BIND. * Install and configure Apache, to serve static web content only. --MichaelOlson * Review kernel configuration and install testnet. -- DavorOcelic * Configure exim4. --MichaelOlson * Configure Courier IMAP daemons, reviewing fyodor's config. --MichaelOlson * Migrate squirrelmail configuration settings from fyodor. * Configure Squirrel``Mail to use imapproxyd, which should give speed improvements once we migrate to deleuze. --MichaelOlson = Mire = * Installed new second SCSI hard drive, reinstalled debian, and configured the drives with software RAID-1. --NathanKennedy * Configured Mire to work as a proper krb/ldap/afs client machine. --DavorOcelic = Custom software = * DomtoolTwo * Vmail tools * Web portal | = Historical = * SoftwareArchitecturePlans: Plans for software installation. * SystemArchitecturePlans: Plans regarding our hardware. * InstallationLog contains ancient (~2005) records of installation of software and hardware | 
This contains a list of pages that are of interest to the admins.
Contents
Planning
- OnSiteVisits: Records of visits by HCoop volunteers to our colocation facilities 
- RoadMaps: Detailed plans for future events. 
- Responsibilities - TaskDistribution: What each sysadmin is responsible for. 
- VolunteerResponsePolicy: Guidelines for responding to requests and email. 
- AdminArea/ListOfVolunteers who can help us do stuff... 
 
- Records - IpAddresses: Listing of IPs that we use. 
- Hardware: Information on HCoop hardware. 
- HcoopAddresses: Physical addresses relevant to us. 
 
- AdminGroup: Listing of people who can delete pages and despam pages on the wiki. 
Sysadmin Stuff
- AndrewFileSystem: Using our shared filesystem. 
- AuthenticationScheme: How authentication works on our systems. 
- DomTool: Administering and using domtool. 
General Sysadmin
- BackupInfo: Information on how to recover deleted files from our off-site backups. 
- SetupNewMachines: How to put the basic hcoop AFS/Kerberos client config on a newly acquired machine. 
- DebianPackaging: How to make custom HCoop Debian packages. 
- KvmAccess: How to use the remove KVM and avoid going on site. 
- UserManagement only talks about adduser/deluser right now. 
- InstalledSoftware lists non-debian installed software. 
- SystemAuthentication lists authentication 
- UsingResourceLimits If this is still accurate, we should move it to MemberManual area. 
Specific Services/Tasks
- DaemonAdmin: How to set up various daemons (subpages for various services, should be linked from here.). 
- MailMan contains no information... 
- SetupNewAfsServer: How to set up a new AFS server. 
- MemberFreezing: How to freeze and unfreeze members who get behind on dues 
- AdminUserSetup lists steps to create (blank), delete, and change passwords of admin users. 
- ChangingAdminPassword: How admins can change their UNIX passwords. 
- CertificateAuthority: How to sign user SSL certificates and the like. 
- ZoneTransfers is also mostly blank. 
- PrincipalsForNonHumans talks about kerberos for automated tasks. 
Specific Machines
- PowerEdge2850 is about deleuze 
- RebootingDeleuze: Steps to take after rebooting deleuze. 
- RebootingMireSp: How to reboot mire using its SP interface. 
Historical
- SoftwareArchitecturePlans: Plans for software installation. 
- SystemArchitecturePlans: Plans regarding our hardware. 
- InstallationLog contains ancient (~2005) records of installation of software and hardware 
