1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Infos about the machines
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Infos%20about%20the%20machines&In-Reply-To=%3C20101008142930.GS21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000018.html">
<LINK REL="Next" HREF="000021.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Infos about the machines</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Infos%20about%20the%20machines&In-Reply-To=%3C20101008142930.GS21938%40mars-attacks.org%3E"
TITLE="[Mageia-sysadm] Infos about the machines">boklm at mars-attacks.org
</A><BR>
<I>Fri Oct 8 16:29:30 CEST 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000018.html">[Mageia-sysadm] Infos about the machines
</A></li>
<LI>Next message: <A HREF="000021.html">[Mageia-sysadm] some news about the servers
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#19">[ date ]</a>
<a href="thread.html#19">[ thread ]</a>
<a href="subject.html#19">[ subject ]</a>
<a href="author.html#19">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Fri, 08 Oct 2010, Michael Scherer wrote:
><i> >
</I>><i> > Later, the machines in the datacenter can be used for this :
</I>><i> > - Server1: bugzilla/nagios/dns1/sql/ldap/api/mail/mailling/pastebin/wiki/planet
</I>><i> John have working on updating planet on zarb.org, i guess he will be
</I>><i> able to transfer that.
</I>
Good !
><i>
</I>><i> > - Server2: svn/git/BS scheduler/hdlists/primary mirror
</I>><i> is this were the key to sign packages will be kept ?
</I>
Yes, at least for Cooker.
><i>
</I>><i> > - Server3: BS node
</I>><i> > - Server4: BS node
</I>><i>
</I>><i> Does people have direct access on both ?
</I>
I think that for security, we should not allow people to log in to the
build nodes and Server2 (which replace kenobi). Except minimal access
with restricted commands to allow "mdvsys submit" to work.
About servers for packagers to test package builds, I think we should
have separate servers.
With current Mandriva build system, any contributor (even apprentice
without submit rights) can easily become root with iurt (or using a
security issue in any package, because any package from the repository
can be installed), access the mandrake account and then login to almost
any server in the BS using mandrake ssh key, and then silently replace
packages on the repository. We can probably trust long time
contributors, but it's difficult to trust people we don't know who asked
for an apprentice account.
><i>
</I>><i> > If you have any other ideas, comments or questions, don't hesitate to
</I>><i> > reply.
</I>><i>
</I>><i> No backup server ? No postfix ( primary and secondary ) ? No wiki ?
</I>><i> Would all web applications be hosted on the same server ( ie epoll,
</I>><i> transifex and other applications ? )
</I>
Yes, backup server is still missing. We will maybe need to buy one, or
find an other server to do it. For now, maybe the servers can backup
each others.
For the wiki and all web apps, yes they will be on the same server. I
think the server is quite fast.
><i> We should have a secondary ldap. I would also add a ticket system which
</I>><i> is not bugzilla ( as infrastructure as a product would be weird ).
</I>
Do you have some suggestions for the ticket system ?
><i>
</I>><i> And we may need somewhere to write the doc, if possible something that
</I>><i> can be used offline.
</I>
So something other than the wiki ?
><i>
</I>><i> We also need to discuss what is our responsibility and what is not ( ie,
</I>><i> who is root on what server, mainly the website one, and who decide of
</I>><i> the various setting, mainly php/apache ). I would propose that we
</I>><i> leverage a VCS + some soft like cfengine/puppet to delegate some part
</I>><i> ( like some vhosts settings on some server ) to some others groups ( and
</I>><i> this would also provides tracability, ie, no direct root access ).
</I>
Yes, good idea. We should also send commit logs to this mailing so we
know when something is changed.
Nicolas
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000018.html">[Mageia-sysadm] Infos about the machines
</A></li>
<LI>Next message: <A HREF="000021.html">[Mageia-sysadm] some news about the servers
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#19">[ date ]</a>
<a href="thread.html#19">[ thread ]</a>
<a href="subject.html#19">[ subject ]</a>
<a href="author.html#19">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
