1. Deleuze

This machine donated by Justin Leitgeb seems real nice. Buffered disk throughput is about 1.5 GB/s. Raw disk reads are 60 MB/s for the two 36 GB disks and 120 MB/s for the 4-disk array. Not bad at all.

1.1. Tasks done

• Removed excessive packages, cleaned up the system

• Installed changetrack to monitor all config file changes. The program uses rcs and automatically keeps previous revisions. It is ran from cron on a daily basis.

• Installed debsums to monitor file md5sums

• Installed Courier IMAP and IMAP-SSL

• Installed LDAP for user authentication. The system is currently configured to use LDAP and fallback to the usual /etc/ files. Admin users will be added locally on all machines and will be able to log in even when LDAP is not operational.

• Installed MIT Kerberos 5

• Fixed date/time on the system. Installed ntpd

• Installed TLS support for LDAP. Certificate file is /etc/ldap/server.pem, and ldap/ldaps ports are 389/636.

• Installed Linux 2.6.18.3-grsec with 2.6.18-mm3 patches (2) for megaraid.

  • The patches and source tree installed, along with the .deb generated, is under /usr/src/ntk2. I set up sockets groups as on fyodor (7070-7072). SMP, with hyperthreading enhancements, is enabled. I also installed a bunch of packages that someone were uninstalled while I was gone (e.g., gcc). I also fixed the sudoers, wheel group, and admin home directories. --NathanKennedy

• Kerberos works.

• Compiled requisite kernel modules, compiled and installed new OpenIPMI package, and installed dellomsa. Dell OMSA is now working. --NathanKennedy

1.2. TODO

In order of implementation (soonest first):

• LDAP working with kerberos. Documentation on this is lacking. -- DavorOcelic

• Fix resolv.conf on both servers to have multiple good DNS servers for now, set it to use localhost once BIND is running and configured.

• Install AFS (need to repeat the reading on AFS and how it really works. Also it will influence the decision how to format /dev/sdb in the system) -- DavorOcelic

• Install MySQL and PostgreSQL (input from AFS step and admin discussion needed to see how to exactly configure this) -- DavorOcelic

• Install BIND -- DavorOcelic

• Review kernel configuration and install testnet. -- DavorOcelic

• Install and configure Apache, to serve static web content only.
• Get domtool2 working (this to be done concurrent with mire).
• Figure out how to use Dell OMSA or other tools to monitor RAID and other hardware.

1.3. Problems

• With debsums, once you break md5sum of a config file, the file keeps being reported as mismatching even if you completely regenerate md5sums for a package!! -- DavorOcelic

• The logical volume for /dev/sdb is supposed to be a 4-drive raid array, each drive ~73GB. Right now it seems to be configured as RAID1 mirroring the two drives, for a capacity of ~146G (see dmesg, for instance). This would be faster and the volume would be 73G bigger if it was set up as RAID5. I might need to do this from console, and I need to talk to Justin about it, since he set up the logical volumes and I thought he said that sdb was RAID5. --NathanKennedy

  • Spoke to Justin about this. Nonproblem--it is RAID10 and intended to be so. I will let admins decide the merits of RAID5 vs. RAID10. --NathanKennedy

2. Custom software

• DomtoolTwo

• Vmail tools
• Web portal
• Watchdog process to kill resource hogs

These are my responsibility. Right now, I'm waiting for the more traditional stuff to be set up and stable before beginning. --AdamChlipala

3. Global TODO

• Make ca@hcoop.net e-mail address working. It's the address used in the certificate files.

4. Global Notes

• To edit LDAP database from a GUI tool, use gq program

• To connect to hcoop's ldap server using gq, create a SSH tunnel: ssh -p 2222 -f -N -L 389:localhost:389 USERNAME@69.90.123.51, and then connect to localhost:389 in gq.