I am Clinton Ebadi. I am the reluctant President of the coop (someone has to do it), and the current lead sysadmin / DomTool maintainer / lo-fi AdamChlipala replacement. = Board Statements = See [[/BoardStatements]] = General Coop Goals = Unstructured musing on when/what I think the coop ought to be. * (./) January 2013: New website online, navajos and bog both up with new members using them * February 2013->June 2014: Big push for new members. New website should make us seem more alive, we've finally fixed about 3/4 of the "temporary" hacks from when we first moved to Peer1, etc. (./) mire is gone (less work: we just have to get people off of it), but also work toward getting rid of deleuze. Web services first (low hanging fruit), even if it means punting on fully converting to domtool managed sites (at least packaged and documented). AFAICT other than those we're just left with: * DomTool dispatcher * Master DNS * Exim * IMAP (might have to patch courier-authdaemon) * (./) A few straggling openafs volumes (+ AFSDB records?) * Backups * MailMan * The portal * {x} FTP (''support for plain ftp removed'') * Webalizer * March 2014: Rekey the afs cell * July/August 2014: Catch the sales on the last generation Dell 2U/2-socket machines and create a clean counterpart to fritz. * See NewServerDiscussion2013 * Minimal KVM host setup for base OS. We might run the KDC and OpenAFS on the bare metal, not entirely certain. * Create new wheezy based VMs, duplicating (and turning into master) services hosted in VMs on fritz * For the first time, this is realistic: all of those months packaging our configuration pay off by sparing future-me from herculean efforts. * March 2014->July 2014: Transition remaining services off of deleuze onto KernelVirtualMachine``s on new kvm host * Winter 2014: Assuming 150+ members, perhaps more bandwidth is in order * Spring 2015: Ponies for everyone. * IPv6, mediagoblin, diaspora, gitorious, (./) xmpp works again (and ability to use vanity domains), ... = Contact = * <> (Email) * unknownlamer (AOL Instant Messenger) * <> (Jabber) * unknown_lamer on [[http://freenode.net|freenode]] (IRC) in #hcoop * +1 443 538 8058 (Phone, SMS preffered) = Websites = * http://unknownlamer.org '''Personal Homepage''' * http://lazybastard.net = Immediate Tasks = * Rekey the cell * Unsuck mail (bounces, `DefaultAlias = user`) * Networked domtool-tail * Possible donations for new server * Backups (blocked by lack of hardware) * Spec out new server * Consolidate web stuff onto navajos * Upgrade squirrelmail * webdav/svn * Can we support gssapi negotiate? Seems like it should be trivial on the server side. = Admin Stuff = == fastcgi setup notes == Notes to self about configuring fastcgi for at least php http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html * Depend on `libapache2-mod-fcgid` * `a2enmod fcgid` in postinst (the package seems to enable itself, but en/dis anyway) * Need to install our own `mods-available/fcgid.conf` * Do NOT enable `fcgid-script` script hander by default, require use of `fastCgiExtension` in DomTool * `FcgidFixPathinfo 1` to let php work properly (seems to not affect anything else) * Need to configure process limits (expire fairly quickly to prevent issues with tokens/memory exhaustion) * Have to write a wrapper shell script to exec `php5-cgi`, placed within `/afs/hcoop.net/` (but where?) * Wrapper script needs to gain kerberos/afs credentials... but `$USER` is not available (`whoami` works however) * suexec also wants the file to be owned by the user... hrm. * Mailing list posts elsewhere indicate fcgi workers are not allocated by the apache worker -- we might need to use an `FCgidWrapper` that grabs tokens and there may be token leakage from reuse of workers? http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives WSGI looks much easier to set up, at least enough for moin. We could get away with enabling it and supporting only `WSGIScriptAlias` initially. Not sure about interaction with mod_waklog. == etc. == * default DirectoryIndex does not include index.shtml, should this be changed? == Website == (create Website bugzilla product and move these there) * Convert hcoop.net into domtool config (looks trivial, a few rewrites... except for userdir support?) * On the topic of user dirs: allow members to register a redirect for hcoop.net/~foo?) * Perhaps: Move userdirs to `http://users.hcoop.net/~foo` (302ing from `hcoop.net/~foo`) * Replace `000default` with something other than the hcoop web page? * Replace facebook links with other "get to know the members" text * Inspire members to join the planet * Make the locations tool usable again (something we can use with Openstreetmap). * Give BtTempleton and LaurenMcNees write access as needed === Wiki === * [[http://moinmo.in/MacroMarket/ChildPages|child pages macro]] for listing the section of the member manual in the sidebar? == domtool plans == * Feature backlog * Networked domtool-tail * Enhance easy_domain `DefaultAlias` to default to `user -> user`, but also allow dropping all or catch-all. * `default CSymbol = Value` for binding default environment variable settings * Expands the scope of extensions that can be written in pure DomTool, slight flexibility gains * vmail helper for the portal `VMailPasswdChange $user $oldpass $newpass` (restricted to users with `vmailadmin` permissions) * Improve `fwtool` as needs become clearer (FirewallTool) == Major Sysadmin Tasks for 2014 == * Acquire and install new server, cleaning up the back of the rack in the process * Get everything off of deleuze * Clean up keytabs (at least `$user.mail` for mail delivery, sync to as few nodes as needed, etc.) * Overhaul mail delivery * Revisit routing/transport; the current routing config has too many entry and exit points making changes extremely complicated (i.e. likely to break mail delivery) * Take advantage of new exim features like DKIM. * Secondary MX * The great DES to AES openafs rekeying * ~~(Major pain: we have to upgrade all client and servers machines to openafs 1.6.5)~~ = Board Stuff = * What address should we be using for the "owner" of hcoop services? It's a mix of the current treasurer, registered agent, and data center right now... is the registered agent correct? Do we need to get a PO Box or something? * We need a private wiki of some sort for filing sensitive information like welcome emails for services and various credentials... is it safe enough to do that using the public moin and acls? I'm not sure sure... ---- CategoryHomepage