Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Difference between revisions of "Discussion Agenda archive 1"

From Livedoc - The Documentation Repository
Jump to: navigation, search
(ipv6)
m (categorize)
 
(38 intermediate revisions by 7 users not shown)
Line 1: Line 1:
If there is anything that needs to be/should be discussed in a sysadmin meeting, please list it here - also, if you add something to a topic, remember to add your username to the section:
+
If there is anything that needs to be/should be discussed in a sysadmin meeting, please list it here.
  
==Passwords/Access==
+
Topics are arranged by priority with the most important at the top.
  William,
 
  Remind me on Monday to talk about passwords/access in TA -- clearly we need to be able to login when
 
  stuff breaks (like the network connection, or auth, both of which have happened in the past week), but
 
  there were reasons we moved away from widespread access (people changing stuff without notice or log)
 
  which we still need to address.
 
  Thanks,
 
  Mr. Torbert
 
  
==CSL keytabs (why not?)== --[[User:William Yang|wyang]]
+
==Northrop Grumman donation==
 +
*Moving the Sun rack?
 +
*Specifications of Itanium nodes (use as VM hosts?)
 +
*Cabling provided - power, Infiniband, ethernet
 +
*Switches provided - just ethernet?
 +
*Power requirements? Cooling?
 +
*When would we get the equipment?
  
==Weekly Meetings==
+
==Sun equipment==
[[User:Brandon Vargo|bvargo]], [[User:Trey Repetski|srepetsk]]
+
*<s>Support contract</s>
*<del>Whether it is possible to restart the weekly meetings, and if so, when they will take place</del>
+
*Kiosk deployment - status?
**Weekly Meetings will be replaced by TA meetings every Monday.
+
*Smartcards with or instead of student IDs
 +
*Move to L1 because of NG grant?
 +
**Power & networking requirements
 +
*Sun Ray donation from Chantilly HS
  
==Service Distribution==
+
==Budget & purchases==
[[User:Brandon Vargo|bvargo]]
+
*10 GigE uplink to main switch - when?
*specifically what services, if any, will go onto the "new" servers
+
*48 port GigE module?
 +
*Consolidate and update servers
 +
**Itanium nodes as VM hosts? hard drives included?
  
==Future of Livedoc== --[[User:Brandon Vargo|bvargo]]
+
==RFID housekeeping==
*Update software
+
*RFID cards MIA with graduated students
**latest version of mediawiki
+
*Current list of owners
**move to something more structured (like twiki, or something similiar)
 
*If we move to something more structured, it should have a WYSIWYG editor - I ([[User:Brandon Vargo|bvargo]] for one, would update livedoc a lot more if it was more structured, and had a WYSIWYG editor in it (most of the WYSIWYG editors for mediawiki have had security issues, so I would steer clear of them)
 
  
==Virtualization ideas== --[[User:Brandon Vargo|bvargo]], [[User:William Yang|wyang]]
+
==Password card access==
*What services to start to virtualize, as a proof of concept and/or permanent installation*
+
*SSH keys when needed; root only for lead admins?
**Dev hosts - each developer gets their own host to setup and configure as they wish for whatever they are doing (currently being implemented on humboldt for iodine developemnt, as well as development of the new school website)
+
*LDAP sysadmin auth for servers
**remote and oldremote (until it goes away) - separate configuration for each, without needing to commit a workstation or server to that configuration - also prevents users from gaining access to production servers
 
**DNS - bind has not had a great security record, it would be best to put bind in an isolated environment, making a vm perfect - if this is not going to be done for awhile, bind should at least be chrooted
 
**etc
 
*Data storage methods to employ for virtualization
 
**Central storage on one or more servers, provides HA (something like storage arrays with both data and VMs)
 
**Distributed storage, using something like AoE
 
**Local storage with backup - vm is stored locally, with another copy somewhere else that is updated periodically, but is not turned on unless needed
 
**Some other storage scheme
 
  
==Cleanup of AFS== --[[User:Brandon Vargo|bvargo]]
+
==Backups==
*While we are auditing AFS permissions, and removing @local.tjhsst.edu users, we should do a few other things
+
*Full backup system that handles most (all if possible) data in the lab - "protect the data"
 +
**Mainly a policy about how often the backup should be run.
 +
*AFS Backups (more than .backup volumes)
 +
**Integrate with the big backup system, or run separately?
 +
*"Off-site" backups?
 +
**Would actually need to be "offsite," not ten feet from the edge of the lab (119s).
 +
 
 +
==Cleanup of AFS==
 
*Clean the service directory
 
*Clean the service directory
 
**Archive everything that is no longer in use
 
**Archive everything that is no longer in use
 
**Archive everything that is no longer useful
 
**Archive everything that is no longer useful
 +
*One home directory per user
 +
*Web-docs volumes?
 
*Audit permissions on all directories, including web, etc
 
*Audit permissions on all directories, including web, etc
*Other cleanup tasks (I'll add more when I have more time)
+
*Other cleanup tasks
  
==Security issues== --[[User:Brandon Vargo|bvargo]]
+
==Additional "Services" To offer==
*Separation of services
+
*Postgresql (?)
**Services should be separated for security, if one is compromised, all services should not be compromised
 
***fiordland comes to mind as something that should be fixed
 
***One solution is to put services into virtual machines - good security, with additional management benefits - want to move what host a service runs on, just move the vm with a simple command
 
*Logging - do we look at the logs for anything anymore, and if not, how can we go about accomplishing this, so we know what is happening on our systems
 
*More issues added as I have more time to add them to this list
 
  
==High availability / load balancing== --[[User:Brandon Vargo|bvargo]], [[User:Trey Repetski|srepetsk]]
+
==Enable Dynamic Power Savings Mode on Intel HPs==
*Currently we have almost zero high availability for most services, this needs to change - also, we need to test high availability functions for services in which it supposedly should work
 
*Mysql
 
*Apache
 
*Kerberos (does it work?)
 
*Iodine
 
*Remote and oldremote (until it goes away) - loadbalanced and high availability
 
*Workstation service ip, so I can ssh to workstation, and it will redirect me to the workstation with the lowest load?
 
*Zimbra (can we make it work, even though the "community" edition does not include it)
 
*Load balancing for LTSP - login to "LTSP" or something, and have it redirect you to either "Rockhopper" or "Bottom"
 
*Other services
 
 
 
==Rack Configuration== --[[User:Brandon Vargo|bvargo]]
 
*Find a place for the 7 "new" servers we just received
 
*Find a place for the machines sitting behind the rack (tess and alpha)
 
*Organize machines by machine type (e.g. the penguins together, the hp's together, the new hp's together, the 7 1u servers together)?
 
*Relabel machines because most are incorrect, due to the new ip scheme (the labels have the old ip addresses)
 
 
 
==Backups== --[[User:Brandon Vargo|bvargo]], [[User:Trey Repetski|srepetsk]]
 
*Off-site backup -- possibly in the room outside the library, or the closet in the guys locker room that's used for the PA system (I think) [[User:Trey Repetski|srepetsk]]
 
*Online backups for AFS (yesterday directory)
 
*Offline backups for AFS, how it is implemented, and what we have to do to get it to work (following emperor's troubles)
 
 
 
==Additional "services" to offer in the lab== --[[User:Brandon Vargo|bvargo]], [[User:Trey Repetski|srepetsk]], [[User:William Yang|wyang]]
 
*Yesterday directory for all home directories
 
*Postgresql
 
*Bugzilla or TRAC for issues users encounter in the lab
 
*Form submission on tjhsst.edu/admin/ or tjhsst.edu/syslab or papers on the wall for web accounts, mysql stuff, etc. (talk to lkearsle)
 
 
 
==Stuff that needs to be fixed== --[[User:Brandon Vargo|bvargo]]
 
*Yesterday directory on old afs directories (stopped working at the start of February)
 
*Timely processing of user service request form - Do we need a new system for handling these requests (see online form submission in the services section above)?
 
*The workstation agammemnon should be agamemnon, someone misspelled when typing in the hostname
 
 
 
==Lost and Found==
 
[[User:Trey Repetski|srepetsk]], [[User:Brandon Vargo|bvargo]]
 
*<del>At this time, I ([[User:Trey Repetski|srepetsk]]) think there are currently two options</del>
 
**<del>Start our own lost and found so we have a place to put all the random stuff sitting around the lab</del>
 
***There is currently a lost and found of sorts hidden in the bookshelf by the systems monitor --bvargo
 
**Take all the stuff in the lab "lost and found" and take it down to the lost and found by the security office
 
 
 
==SCT/Old Rockhopper== --[[User:Trey Repetski|srepetsk]]
 
*SCT/Old Rockhopper
 
**We currently have no use for these two old servers, as the processors in them are 333MHz
 
**Both are taking up space in the lab - one on the floor, one on a desk that could be moved out
 
*I would also like to address the carts:
 
**The cart with the two old Macs
 
**The smaller gray cart with the random junk on it
 
**The cart with the UPS batteries (batteries could be moved into the back of the admin closet
 
*All the other random junk laying around on the floor, etc.
 
 
 
==Enable Dynamic Power Savings Mode on Intel HPs== --[[User:William Yang|wyang]]
 
 
*Note to Lee: I have had no bad experiences with laptop power savings features (from an ancient P1 Toshiba to a 1-2 yr old IBM) and I was unable to find any problems online (either with laptops or with HP's) after a quick Google search.  Please provide some links.  FYI it is OS-independent.
 
*Note to Lee: I have had no bad experiences with laptop power savings features (from an ancient P1 Toshiba to a 1-2 yr old IBM) and I was unable to find any problems online (either with laptops or with HP's) after a quick Google search.  Please provide some links.  FYI it is OS-independent.
 
*[http://h18004.www1.hp.com/products/servers/management/ilo/power-regulator.html HP's website]
 
*[http://h18004.www1.hp.com/products/servers/management/ilo/power-regulator.html HP's website]
 
+
[[Category:Obsolete Page]]
==IPv6== --[[User:Brandon Vargo|bvargo]]
 
*Currently, all machines (unless they don't support it, or are otherwise disabled) on our csl network (even vpn users) have ipv6 addresses (actually two of them, a link address and a global address) - apparently our router hands out the network prefix, thus hosts are able to generate the remaining 64bits of the address based off the mac address, if a mac address is not available, the address is automatically generated each time the link comes up.
 
**Does anyone know how the router is configured - the only thing that I know is that the addresses are Abilene intranet2 addresses, and that the router magically responds to ipv6 requests to give hosts these addresses
 
**To test to see if a host is using ipv6, goto http://www.kame.net/ - if the turtle is dancing (i.e. animated), then you are using ipv6 to connect to their web server
 
*Do we want to put ipv6 addresses in DNS, so that most traffic in the lab is running over ipv6? The only AAAA record that we currently have is for ns1, so dns lookups over ipv6 work. This would work for all "hardware" addresses, as they are the same every time the link comes up, but DDNS would have to be used to update DNS each time a link with an autogenerated address comes up (or we just statically configure all links that are not associated with a MAC).
 
*Should we make ipv6 addresses for service ips?
 
*Do we want to give new vm's ipv6 addresses?
 
*Is the firewall protecting our ipv6 addresses, in addition to the ipv4 addresses?
 

Latest revision as of 15:48, 26 February 2016

If there is anything that needs to be/should be discussed in a sysadmin meeting, please list it here.

Topics are arranged by priority with the most important at the top.

Northrop Grumman donation

  • Moving the Sun rack?
  • Specifications of Itanium nodes (use as VM hosts?)
  • Cabling provided - power, Infiniband, ethernet
  • Switches provided - just ethernet?
  • Power requirements? Cooling?
  • When would we get the equipment?

Sun equipment

  • Support contract
  • Kiosk deployment - status?
  • Smartcards with or instead of student IDs
  • Move to L1 because of NG grant?
    • Power & networking requirements
  • Sun Ray donation from Chantilly HS

Budget & purchases

  • 10 GigE uplink to main switch - when?
  • 48 port GigE module?
  • Consolidate and update servers
    • Itanium nodes as VM hosts? hard drives included?

RFID housekeeping

  • RFID cards MIA with graduated students
  • Current list of owners

Password card access

  • SSH keys when needed; root only for lead admins?
  • LDAP sysadmin auth for servers

Backups

  • Full backup system that handles most (all if possible) data in the lab - "protect the data"
    • Mainly a policy about how often the backup should be run.
  • AFS Backups (more than .backup volumes)
    • Integrate with the big backup system, or run separately?
  • "Off-site" backups?
    • Would actually need to be "offsite," not ten feet from the edge of the lab (119s).

Cleanup of AFS

  • Clean the service directory
    • Archive everything that is no longer in use
    • Archive everything that is no longer useful
  • One home directory per user
  • Web-docs volumes?
  • Audit permissions on all directories, including web, etc
  • Other cleanup tasks

Additional "Services" To offer

  • Postgresql (?)

Enable Dynamic Power Savings Mode on Intel HPs

  • Note to Lee: I have had no bad experiences with laptop power savings features (from an ancient P1 Toshiba to a 1-2 yr old IBM) and I was unable to find any problems online (either with laptops or with HP's) after a quick Google search. Please provide some links. FYI it is OS-independent.
  • HP's website