welcome: please sign in

Diff for "ToDo"

Differences between revisions 6 and 11 (spanning 5 versions)
Revision 6 as of 2012-12-07 14:58:30
Size: 3276
Editor: ClintonEbadi
Comment: updating to reflect current realities
Revision 11 as of 2014-04-18 13:36:00
Size: 3479
Editor: Sajith
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
== Replacinging Mire == == Replacinging Old Machines ==
Line 9: Line 9:
Mire is a crufty old ... mire of a machine. See FritzVirtualization for details on its replacement.
Line 11: Line 10:
Mire is being split into two machines: [[ServerNavajos|navajos]] and [[ServerBog|bog]]. Navajos will run apache/cgi programs, bog will be the general shell and daemon server. === Deleuze ===
Line 13: Line 12:
 Status:: New web server kvm has been installed, hcoop web services are being migrated before opening to members. After getting a few services moved over and ensuring the firewall request system works properly, bog will be spun up as a bare member shell server.
 ETA:: ''December 2012''		 Although still serving us well, Deleuze's Debian install is hopelessly obsolete, and its total horsepower equals about 1/8th of a modern low cost server.

The quickest way to replace it will be to acquire a new kvm server, and then spin up a pair of KernelVirtualMachine``s to serve the few remaining services on Deleuze:

 * base node (on the metal): AndrewFileSystem servers that can be made redunant (read only copies of common volumes, ptsserver, ...), possibly MitKerberos KDC slave
 * [[ServerMccarthy|mccarthy]]: domtool-server, general admin node (for e.g. building packages, creating users)
 * ''unnamed'': courier imap, exim

Things deleuze does: (incomplete, probably)

 * Generated webalizer pages
 * Portal hosting
 * domtool-server
 * Mail delivery and filtering (exim, exim filters, procmail)
 * Mail access (courier imap/pop)
 * Mailman
   * List delivery/archiving (stored locally!)
   * Web serving of list archives/management interfaces
 * Web serving hcoop.net
   * Cannot easily convert to domtool config because of `mod_userdir`
 * Squirrelmail hosting
 * AndrewFileSystem servers
   * bos, vos, maybe others.

== New Server / Rack Cleanup ==

See NewServerDiscussion2013. We also completed some cleanup during [[OnSiteVisits/20130626]] and [[OnSiteVisits/20130627]].
Line 20: Line 44:
   * SrikanthSastry has volunteered to do front line support and handle OnSiteVisits.
Line 21: Line 46:
 * '''ASAP''' Work out physical access situation
   * RichardDarst officially resigned all duties and decided to leave the coop. This leaves us with no one to perform maintenance at the data center. There ''are'' technicians on-site, but they can't do more than accept packages and minor tasks (rebooting a machine, swapping a failed hard drive) and are expensive. In order to expand we'll need to find someone who can go on-site for major maintenance events (new drives, new servers, removing old machines, etc.).
 * December 2012: Get new web services VM online (see FritzVirtualization)
 * January 2013: Get new member shell / daemon VM online (see FritzVirtualization)		    * HeartbleedAftermath - 2014 spring security clean-up.
Line 28: Line 51:
 * Spring 2013: Kill mire
 * Summer 2013: Kill deleuze
 * Fall 2013: Acquire more disk space
 * Spring/Summer 2013: Acquire IPMI Console
 * Fall 2013: Acquire another 8-core monstrosity (KVM server, redundantly serving everything on fritz?)		  * Summer/Fall 2013: Acquire install Power``Edge R515
 * Fall/Winter 2013: Kill deleuze
 * Winter 2013: Upgrade to AndrewFileSystem 1.6, rekey cell
 * Spring 2014: Upgrade member services to wheezy

This page is meant to be an aid to our bug-tracker, in the case where several tasks are woven together via dependencies. Within a section, tasks are listed in order of which needs to be done first.

If you'd like to help, just join and email the administrators mailing list! No offer of free labor shall be refused.

Replacinging Old Machines

Deleuze

Although still serving us well, Deleuze's Debian install is hopelessly obsolete, and its total horsepower equals about 1/8th of a modern low cost server.

The quickest way to replace it will be to acquire a new kvm server, and then spin up a pair of KernelVirtualMachines to serve the few remaining services on Deleuze:

  • base node (on the metal): AndrewFileSystem servers that can be made redunant (read only copies of common volumes, ptsserver, ...), possibly MitKerberos KDC slave

  • mccarthy: domtool-server, general admin node (for e.g. building packages, creating users)

  • unnamed: courier imap, exim

Things deleuze does: (incomplete, probably)

  • Generated webalizer pages
  • Portal hosting
  • domtool-server
  • Mail delivery and filtering (exim, exim filters, procmail)
  • Mail access (courier imap/pop)
  • Mailman
    • List delivery/archiving (stored locally!)
    • Web serving of list archives/management interfaces
  • Web serving hcoop.net

    • Cannot easily convert to domtool config because of mod_userdir

  • Squirrelmail hosting

  • AndrewFileSystem servers

    • bos, vos, maybe others.

New Server / Rack Cleanup

See NewServerDiscussion2013. We also completed some cleanup during OnSiteVisits/20130626 and OnSiteVisits/20130627.

Immediate Tasks

  • ASAP Find new admins

    • ClintonEbadi is the only active admin (DavorOcelic still assists with emergency tasks and processing of permissions requests -- ClintonEbadi 2012-09-04 05:28:39). This is problematic because ClintonEbadi is only one person, can fake being a sysadmin most days but has holes in his knowledge, and the coop would be screwed should his bicycle and a bus meet.

    • SrikanthSastry has volunteered to do front line support and handle OnSiteVisits.

    • It's hard to become an HCoop sysadmin, but a lot of work has been done in 2012 to make it easier... if you're interested please mail the administrators list! Anyone with experience administering exim and courier imap would be extremely helpful as of September 2012.

    • HeartbleedAftermath - 2014 spring security clean-up.

Long Term

  • Summer/Fall 2013: Acquire install PowerEdge R515

  • Fall/Winter 2013: Kill deleuze

  • Winter 2013: Upgrade to AndrewFileSystem 1.6, rekey cell

  • Spring 2014: Upgrade member services to wheezy

Neglected tasks

  • BackupInfo situation really, really sucks. I'd use stronger language if children weren't around.

  • Services need updating to latest versions (lots of config merging and testing):
    • Exim
    • IMAP (courier authdaemon needs [or needed] a patch to work properly, converting to Dovecot has its own set of difficulties)
    • Mailman (not clear how to have mailman stuff generated on a machine other than the mail delivery node)

Tasks which non-admins can do, too

See HcoopVolunteerTasks for a list of things non-admins can help with.

CategorySystemAdministration

ToDo (last edited 2014-04-18 13:36:00 by Sajith)