welcome: please sign in
Edit

WebServicesAdmin

We try to set up common services in a consistent manner. Generally, a shared service should live in /afs/hcoop.net/common/app/$app, and be configured to track a release branch in the upstream version control to make updates easy. Review all hosted applications at least quarterly.

Make sure system:anyuser has as little access as needed and restrict the things service keytabs can modify.

todo: explains acls etc. more consistent formatting.

1. roundcube mail

https://webmail.hcoop.net

Root = /afs/hcoop.net/common/app/roundcube/app. Logs are written to $root/logs, temp files in $root/temp. Main source is in $root/roundcubemail, tracking the release-1.2 branch.

Runs as pts user roundcube.

The configuration is stored in $root/config/config.inc.php. It is regrettably not synchronized with the upstream defaults, so on every update make sure to git diff -p config/config.inc.php.dist and scan for any relevant changes to the default config we should adopt.

1.1. Upgrading

Additional libraries are managed by composer and not under git control, run php composer.phar update --no-dev each upgrade.

You will also beend to run $root/app/bin/update.sh after each update to ensure that database tables are updated. It's a bit complicated due to our use of ident for postgres auth, and must be run from the webserver:

YOU$ sudo -u roundcube bash
# all commands are in the roundcube bash
roundcube$ unset KRB5CCNAME
roundcube$ kinit YOU && aklog # must be member of system:administrators to write
roundcube$ ./bin/update.sh

This should advise if any changes to the config/environment are needed, and upgrade the postgres schema.

2. phpmyadmin

Root = /afs/hcoop.net/common/app/phpmyadmin/. Git source in $root/phpmyadmin, tracking the STABLE branch.

Runs as pts user phpmyadmin.

3. Other Services

Some services have more detailed maintenance documentation:


CategorySystemAdministration

WebServicesAdmin (last edited 2018-11-05 04:12:57 by ClintonEbadi)