Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Discussion Agenda archive 1

From Livedoc - The Documentation Repository
Revision as of 22:33, 4 March 2007 by Brandon Vargo (talk | contribs) (fixed format so it is formatted as I intended and didn't have weird stuff - it could be better, but it is better than what it was - also switched remaining usernames to include link to user page)
Jump to: navigation, search

If there is anything that needs to be/should be discussed in a sysadmin meeting, please list it here - also, if you add something to a topic, remember to add your username to the section:

==CSL keytabs (why not?)== --wyang ==Whether it is possible to restart the weekly meetings, and if so, when they will take place== --bvargo ==Service distribution, specifically what services, if any, will go onto the "new" servers== --bvargo ==Future of Livedoc== --bvargo

  • Update software
    • latest version of mediawiki
    • move to something more structured (like twiki, or something similiar)
  • If we move to something more structured, it should have a WYSIWYG editor - I (bvargo for one, would update livedoc a lot more if it was more structured, and had a WYSIWYG editor in it (most of the WYSIWYG editors for mediawiki have had security issues, so I would steer clear of them)

==Virtualization ideas== --bvargo

  • What services to start to virtualize, as a proof of concept and/or permanent installation*
    • Dev hosts - each developer gets their own host to setup and configure as they wish for whatever they are doing (currently being implemented on humboldt for iodine developemnt, as well as development of the new school website)
    • remote and oldremote (until it goes away) - separate configuration for each, without needing to commit a workstation or server to that configuration - also prevents users from gaining access to production servers
    • DNS - bind has not had a great security record, it would be best to put bind in an isolated environment, making a vm perfect - if this is not going to be done for awhile, bind should at least be chrooted
    • etc
  • Data storage methods to employ for virtualization
    • Central storage on one or more servers
    • Distributed storage, using something like AoE
    • Local storage with backup - vm is stored locally, with another copy somewhere else that is updated periodically, but is not turned on unless needed
    • Some other storage scheme

==Cleanup of AFS== --bvargo

  • While we are auditing AFS permissions, and removing @local.tjhsst.edu users, we should do a few other things
  • Clean the service directory
    • Archive everything that is no longer in use
    • Archive everything that is no longer useful
  • Audit permissions on all directories, including web, etc
  • Other cleanup tasks (I'll add more when I have more time)

==Security issues== --bvargo

  • Separation of services
    • Services should be separated for security, if one is compromised, all services should not be compromised
      • fiordland comes to mind as something that should be fixed
      • One solution is to put services into virtual machines - good security, with additional management benefits - want to move what host a service runs on, just move the vm with a simple command
  • Logging - do we look at the logs for anything anymore, and if not, how can we go about accomplishing this, so we know what is happening on our systems
  • More issues added as I have more time to add them to this list

==High availability / load balancing== --bvargo

  • Currently we have almost zero high availability for most services, this needs to change - also, we need to test high availability functions for services in which it supposedly should work
  • Mysql
  • Apache
  • Kerberos (does it work?)
  • Iodine
  • Remote and oldremote (until it goes away) - loadbalanced and high availability
  • Workstation service ip, so I can ssh to workstation, and it will redirect me to the workstation with the lowest load?
  • Zimbra (can we make it work, even though the "community" edition does not include it)
  • Other services

==Backups== --bvargo srepetsk

  • Off-site backup -- possibly in the room outside the library, or the closet in the guys locker room that's used for the PA system (I think) srepetsk
  • Online backups for AFS (yesterday directory)
  • Offline backups for AFS, how it is implemented, and what we have to do to get it to work (following emperor's troubles)

==Additional "services" to offer in the lab== --bvargo srepetsk

  • Yesterday directory for all home directories
  • Postgresql
  • Bugzilla for issues users encounter in the lab
  • Form submission on tjhsst.edu/admin/ or tjhsst.edu/syslab or papers on the wall for web accounts, mysql stuff, etc.

==Stuff that needs to be fixed== --bvargo

  • Yesterday directory on old afs directories (stopped working at the start of February)
  • Timely processing of user service request form - Do we need a new system for handling these requests (see online form submission in the services section above)?