diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-October/000019.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-October/000019.html | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-October/000019.html b/zarb-ml/mageia-sysadm/2010-October/000019.html new file mode 100644 index 000000000..090f8d919 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-October/000019.html @@ -0,0 +1,134 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] Infos about the machines + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Infos%20about%20the%20machines&In-Reply-To=%3C20101008142930.GS21938%40mars-attacks.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000018.html"> + <LINK REL="Next" HREF="000021.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] Infos about the machines</H1> + <B>nicolas vigier</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Infos%20about%20the%20machines&In-Reply-To=%3C20101008142930.GS21938%40mars-attacks.org%3E" + TITLE="[Mageia-sysadm] Infos about the machines">boklm at mars-attacks.org + </A><BR> + <I>Fri Oct 8 16:29:30 CEST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000018.html">[Mageia-sysadm] Infos about the machines +</A></li> + <LI>Next message: <A HREF="000021.html">[Mageia-sysadm] some news about the servers +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#19">[ date ]</a> + <a href="thread.html#19">[ thread ]</a> + <a href="subject.html#19">[ subject ]</a> + <a href="author.html#19">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Fri, 08 Oct 2010, Michael Scherer wrote: + +><i> > +</I>><i> > Later, the machines in the datacenter can be used for this : +</I>><i> > - Server1: bugzilla/nagios/dns1/sql/ldap/api/mail/mailling/pastebin/wiki/planet +</I>><i> John have working on updating planet on zarb.org, i guess he will be +</I>><i> able to transfer that. +</I> +Good ! + +><i> +</I>><i> > - Server2: svn/git/BS scheduler/hdlists/primary mirror +</I>><i> is this were the key to sign packages will be kept ? +</I> +Yes, at least for Cooker. + +><i> +</I>><i> > - Server3: BS node +</I>><i> > - Server4: BS node +</I>><i> +</I>><i> Does people have direct access on both ? +</I> +I think that for security, we should not allow people to log in to the +build nodes and Server2 (which replace kenobi). Except minimal access +with restricted commands to allow "mdvsys submit" to work. + +About servers for packagers to test package builds, I think we should +have separate servers. + +With current Mandriva build system, any contributor (even apprentice +without submit rights) can easily become root with iurt (or using a +security issue in any package, because any package from the repository +can be installed), access the mandrake account and then login to almost +any server in the BS using mandrake ssh key, and then silently replace +packages on the repository. We can probably trust long time +contributors, but it's difficult to trust people we don't know who asked +for an apprentice account. + +><i> +</I>><i> > If you have any other ideas, comments or questions, don't hesitate to +</I>><i> > reply. +</I>><i> +</I>><i> No backup server ? No postfix ( primary and secondary ) ? No wiki ? +</I>><i> Would all web applications be hosted on the same server ( ie epoll, +</I>><i> transifex and other applications ? ) +</I> +Yes, backup server is still missing. We will maybe need to buy one, or +find an other server to do it. For now, maybe the servers can backup +each others. + +For the wiki and all web apps, yes they will be on the same server. I +think the server is quite fast. + +><i> We should have a secondary ldap. I would also add a ticket system which +</I>><i> is not bugzilla ( as infrastructure as a product would be weird ). +</I> +Do you have some suggestions for the ticket system ? + +><i> +</I>><i> And we may need somewhere to write the doc, if possible something that +</I>><i> can be used offline. +</I> +So something other than the wiki ? + +><i> +</I>><i> We also need to discuss what is our responsibility and what is not ( ie, +</I>><i> who is root on what server, mainly the website one, and who decide of +</I>><i> the various setting, mainly php/apache ). I would propose that we +</I>><i> leverage a VCS + some soft like cfengine/puppet to delegate some part +</I>><i> ( like some vhosts settings on some server ) to some others groups ( and +</I>><i> this would also provides tracability, ie, no direct root access ). +</I> +Yes, good idea. We should also send commit logs to this mailing so we +know when something is changed. + +Nicolas + +</PRE> + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000018.html">[Mageia-sysadm] Infos about the machines +</A></li> + <LI>Next message: <A HREF="000021.html">[Mageia-sysadm] some news about the servers +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#19">[ date ]</a> + <a href="thread.html#19">[ thread ]</a> + <a href="subject.html#19">[ subject ]</a> + <a href="author.html#19">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |