[Systems] Upcoming sysadmin tasks (Was: My Sugar Labs Membership)

[David Farning]

On Tue, Oct 6, 2009 at 4:17 PM, Bernie Innocenti <bernie at codewiz.org> wrote:
> Oops, my fingers slipped on ctrl+enter while I was typing furiously.
> I'm late for a math class.
>
> El Tue, 06-10-2009 a las 16:53 -0400, Bernie Innocenti escribió:
>> Provisioning is starting to become a problem: creating accounts on
>> multiple machines and distributing ssh keys does not scale well.  I
>> think we should investigate a centralized solution such as ssh+lpk or a
>> distrib
>
> ...distribution system for the public keys.
>
> We could also employ secured NFSv4 (or perhaps CIFS with the POSIX
> extensions) to share specific home directories between sunjammer and
> beamrider.  Not all users of sunjammer would have a shell account on
> beamrider, only those who need to admin specific applications.  We'd
> still use POSIX groups to reduce the number of people which need root
> access to a reasonable minimum.
>
>
>> Finally, I'd like to move the master nameserver and LDAP
>
> ...to a new VM hosted on treehouse (working name "atombender", after the
> bad guy in Impossible Mission).  This machine would be higher security,
> with only 3 or 4 admins and no user accounts or web applications.
>
> Munin should also move away from sunjammer, perhaps on treehouse.
>
> The number of machines is growing fast.  Sascha proposed adopting Bcfg2
> <http://trac.mcs.anl.gov/projects/bcfg2> to centrally manage them.  He
> will investigate and report back.
>
> I feel that the Infrastructure Team is also growing large enough that
> we'd have to resume the weekly Infrastructure Team meetings.  It would
> be great if someone less busy and more reliable than me took the role of
> chairing our meetings.  Perhaps Henry or Dogi would like to offer their
> experience as OLPC VIG coordinators?


>> > I thank you for the offer, I managed to point the domains
>> > (somosazucar.org+.com+.net)
>> > to SL nameservers.
>
> Ok, I'll add zones for them later today.
>
>
>> > What I'd like to do is have a wiki at pe.sugarlabs and point the new
>> > domains there to begin with. Let me know how I can help with this. Also,
>> > should I go register a new google apps account for emails, or do we add the new domains to
>> > the sugarlabs google apps account? Let me know whatever is less work for you.
>
> Let's discuss how to setup the wiki instance on IRC later tonight if
> you're available.
>
> For Google Apps, David has always done the initial work and then passed
> administratorship to me.  I'll ask him.

Let me know what you would like for google apps. You can either use
the primary @sugarlabs.org or we can set up a separate
@pe.sugarlabs.org .  A separate instance gives you the ability to
administer your own stuff locally.  I just need to fill some paperwork
with Google to upgrade you to the education edition so you get all the
features for free.

david

>   // Bernie Innocenti - http://codewiz.org/
>  \X/  Sugar Labs       - http://sugarlabs.org/
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>