diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-October/000045.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-October/000045.html | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-October/000045.html b/zarb-ml/mageia-sysadm/2010-October/000045.html new file mode 100644 index 000000000..691636293 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-October/000045.html @@ -0,0 +1,154 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] planning for sysadmin task + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20planning%20for%20sysadmin%20task&In-Reply-To=%3C1288004735.31779.27.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000044.html"> + <LINK REL="Next" HREF="000056.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] planning for sysadmin task</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20planning%20for%20sysadmin%20task&In-Reply-To=%3C1288004735.31779.27.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] planning for sysadmin task">misc at zarb.org + </A><BR> + <I>Mon Oct 25 13:05:35 CEST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000044.html">[Mageia-sysadm] planning for sysadmin task +</A></li> + <LI>Next message: <A HREF="000056.html">[Mageia-sysadm] planning for sysadmin task +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#45">[ date ]</a> + <a href="thread.html#45">[ thread ]</a> + <a href="subject.html#45">[ subject ]</a> + <a href="author.html#45">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le lundi 25 octobre 2010 à 10:24 +0100, Buchan Milne a écrit : +><i> On Sunday, 24 October 2010 11:58:26 Olivier Thauvin wrote: +</I>><i> > * Michael Scherer (<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>) wrote: +</I>><i> > > Hi, +</I>><i> > > +</I>><i> > > so now the server are in place, we have to install them. Here is a +</I>><i> > > proposal of the needed services : +</I>><i> > > +</I>><i> > > Then we need to deploy the basic infrastructure for us. Again, I assume +</I>><i> > > that no one is against apache : +</I>><i> > > - ldap ( valstar or alamut ? ) +</I>><i> +</I>><i> At this stage, I am thinking that we may want 3 servers running LDAP: +</I>><i> -Master LDAP server, which is primarily not used by read-only clients. I +</I>><i> haven't tested referrals yet in my app, so for now CatDap will probably need +</I>><i> to use it. Could possibly be used as fall-back for either of the slaves +</I>><i> -1 slave used primarily for infrastructure support, but not exposed to much +</I>><i> external traffic. Mostly nss_ldap/pam_ldap on build hosts, and any other +</I>><i> infrastructure stuff which we decide to put in LDAP. If the total userbase is +</I>><i> too large we could consider a partial replica (e.g. only posixAccount +</I>><i> entries), though we may need to test this a bit ... +</I>><i> -1 slave used primarily for external traffic, e.g. forum, wiki etc. This could +</I>><i> be the web server running some of these applications. +</I>><i> +</I>><i> If this is excessive, we could consider combining master and internal read +</I>><i> access on one server (but I would prefer to have at least one fall-back +</I> +For the moment, we have 5 servers, so for the beggining, it may indeed +be too much. So basically, ldap master on valstar ( ie, svn hdlist, +etc ) and external on alamut ? + +And later, a ldap slave on the server used for forum ? + +><i> > May I suggest to setup all our web on same server, especially since a +</I>><i> > lot use perl-Catalyst (buchan's one, epoll and the one I did to manage +</I>><i> > mirror). +</I>><i> > +</I>><i> > May I also suggest all our web be installed using RPM ? +</I>><i> > Notice I got some issue using catalyst in fcgi mod, but it works fine in +</I>><i> > server mode + apache as proxy. +</I>><i> +</I>><i> I will try and create a package today. I think all the dependencies should be +</I>><i> available for Mdv2010.0 and up. However, if we want to have any contributions +</I>><i> (skinning work from web team, localisations) with quick testing, it may be +</I>><i> useful to run one instance from an svn checkout. +</I> +Ie, have a production instance and a devel instance ? + +Nothing prevent us from doing rpm from svn snapshot at regular interval +too. + +><i> BTW., do we want to run these apps on separate virtual hosts? Should I ship +</I>><i> vhost definition in apache config (e.g. for identity.mageia.org)? +</I> +I would say "yes" + +><i> > > - create account for us. +</I>><i> +</I>><i> Set up host authentication to LDAP first? We will need SSL certificates for +</I>><i> LDAP hosts as well. Self-signed certs or certs from self-signed CA are fine. +</I> +Ok. + +><i> > Yup, especially if we have to work on them :) +</I>><i> +</I>><i> I have created some accounts in LDAP, and I am happy to create any we need to +</I>><i> proceed to the point where the account registration portion of CatDap is +</I>><i> running. However, I think we may want to get internal use of it (for +</I>><i> registration) before opening the gates ... +</I>><i> +</I>><i> Also, I probably need to start work on the admin features, for now I am +</I>><i> planning: +</I>><i> -user modification (e.g. add posixAccount to existing user account, modify any +</I>><i> attributes necessary manually, +</I>><i> -group management (add groups, modify group membership etc.) +</I>><i> +</I>><i> Please let me know what other features are important sooner than later. +</I> +ssh keys support ( as I think we will use it for us ) ? After a second +tought, we can do it by hand, + +I also think notification of subscription could be interesting, but +again, we may not need it now. + +><i> > > then the rest is less prioritary : +</I>><i> > > - postfix ( alamut ) +</I>><i> > > - migrate to sympa ( alamut ) +</I>><i> > > - enter everybody in the ldap +</I>><i> > > - nagios/munin ( or similar ) ( alamut ) +</I>><i> +</I>><i> xymon? +</I> +yup, why, as long it is packaged, i am ok. + + +-- +Michael Scherer + +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000044.html">[Mageia-sysadm] planning for sysadmin task +</A></li> + <LI>Next message: <A HREF="000056.html">[Mageia-sysadm] planning for sysadmin task +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#45">[ date ]</a> + <a href="thread.html#45">[ thread ]</a> + <a href="subject.html#45">[ subject ]</a> + <a href="author.html#45">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |