1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] planning for sysadmin task
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20planning%20for%20sysadmin%20task&In-Reply-To=%3C1288004735.31779.27.camel%40akroma.ephaone.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000044.html">
<LINK REL="Next" HREF="000056.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] planning for sysadmin task</H1>
<B>Michael Scherer</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20planning%20for%20sysadmin%20task&In-Reply-To=%3C1288004735.31779.27.camel%40akroma.ephaone.org%3E"
TITLE="[Mageia-sysadm] planning for sysadmin task">misc at zarb.org
</A><BR>
<I>Mon Oct 25 13:05:35 CEST 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000044.html">[Mageia-sysadm] planning for sysadmin task
</A></li>
<LI>Next message: <A HREF="000056.html">[Mageia-sysadm] planning for sysadmin task
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#45">[ date ]</a>
<a href="thread.html#45">[ thread ]</a>
<a href="subject.html#45">[ subject ]</a>
<a href="author.html#45">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le lundi 25 octobre 2010 à 10:24 +0100, Buchan Milne a écrit :
><i> On Sunday, 24 October 2010 11:58:26 Olivier Thauvin wrote:
</I>><i> > * Michael Scherer (<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>) wrote:
</I>><i> > > Hi,
</I>><i> > >
</I>><i> > > so now the server are in place, we have to install them. Here is a
</I>><i> > > proposal of the needed services :
</I>><i> > >
</I>><i> > > Then we need to deploy the basic infrastructure for us. Again, I assume
</I>><i> > > that no one is against apache :
</I>><i> > > - ldap ( valstar or alamut ? )
</I>><i>
</I>><i> At this stage, I am thinking that we may want 3 servers running LDAP:
</I>><i> -Master LDAP server, which is primarily not used by read-only clients. I
</I>><i> haven't tested referrals yet in my app, so for now CatDap will probably need
</I>><i> to use it. Could possibly be used as fall-back for either of the slaves
</I>><i> -1 slave used primarily for infrastructure support, but not exposed to much
</I>><i> external traffic. Mostly nss_ldap/pam_ldap on build hosts, and any other
</I>><i> infrastructure stuff which we decide to put in LDAP. If the total userbase is
</I>><i> too large we could consider a partial replica (e.g. only posixAccount
</I>><i> entries), though we may need to test this a bit ...
</I>><i> -1 slave used primarily for external traffic, e.g. forum, wiki etc. This could
</I>><i> be the web server running some of these applications.
</I>><i>
</I>><i> If this is excessive, we could consider combining master and internal read
</I>><i> access on one server (but I would prefer to have at least one fall-back
</I>
For the moment, we have 5 servers, so for the beggining, it may indeed
be too much. So basically, ldap master on valstar ( ie, svn hdlist,
etc ) and external on alamut ?
And later, a ldap slave on the server used for forum ?
><i> > May I suggest to setup all our web on same server, especially since a
</I>><i> > lot use perl-Catalyst (buchan's one, epoll and the one I did to manage
</I>><i> > mirror).
</I>><i> >
</I>><i> > May I also suggest all our web be installed using RPM ?
</I>><i> > Notice I got some issue using catalyst in fcgi mod, but it works fine in
</I>><i> > server mode + apache as proxy.
</I>><i>
</I>><i> I will try and create a package today. I think all the dependencies should be
</I>><i> available for Mdv2010.0 and up. However, if we want to have any contributions
</I>><i> (skinning work from web team, localisations) with quick testing, it may be
</I>><i> useful to run one instance from an svn checkout.
</I>
Ie, have a production instance and a devel instance ?
Nothing prevent us from doing rpm from svn snapshot at regular interval
too.
><i> BTW., do we want to run these apps on separate virtual hosts? Should I ship
</I>><i> vhost definition in apache config (e.g. for identity.mageia.org)?
</I>
I would say "yes"
><i> > > - create account for us.
</I>><i>
</I>><i> Set up host authentication to LDAP first? We will need SSL certificates for
</I>><i> LDAP hosts as well. Self-signed certs or certs from self-signed CA are fine.
</I>
Ok.
><i> > Yup, especially if we have to work on them :)
</I>><i>
</I>><i> I have created some accounts in LDAP, and I am happy to create any we need to
</I>><i> proceed to the point where the account registration portion of CatDap is
</I>><i> running. However, I think we may want to get internal use of it (for
</I>><i> registration) before opening the gates ...
</I>><i>
</I>><i> Also, I probably need to start work on the admin features, for now I am
</I>><i> planning:
</I>><i> -user modification (e.g. add posixAccount to existing user account, modify any
</I>><i> attributes necessary manually,
</I>><i> -group management (add groups, modify group membership etc.)
</I>><i>
</I>><i> Please let me know what other features are important sooner than later.
</I>
ssh keys support ( as I think we will use it for us ) ? After a second
tought, we can do it by hand,
I also think notification of subscription could be interesting, but
again, we may not need it now.
><i> > > then the rest is less prioritary :
</I>><i> > > - postfix ( alamut )
</I>><i> > > - migrate to sympa ( alamut )
</I>><i> > > - enter everybody in the ldap
</I>><i> > > - nagios/munin ( or similar ) ( alamut )
</I>><i>
</I>><i> xymon?
</I>
yup, why, as long it is packaged, i am ok.
--
Michael Scherer
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000044.html">[Mageia-sysadm] planning for sysadmin task
</A></li>
<LI>Next message: <A HREF="000056.html">[Mageia-sysadm] planning for sysadmin task
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#45">[ date ]</a>
<a href="thread.html#45">[ thread ]</a>
<a href="subject.html#45">[ subject ]</a>
<a href="author.html#45">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
