[Systems] [Fwd: Re: Sugar Labs hosting at RIT]
Bernie Innocenti
bernie at codewiz.org
Wed Jan 13 12:36:38 EST 2010
Luke,
this is where we stand. As of Jan 09, Paul Mezzanini still did not get
the final approval.
We should ask them if it is ok to rack 3 machines, 1U each, in addition
(or instead of) the originally planned 2U server.
Please, keep systems@ and myself on cc in your followups. And thanks.
-------- Forwarded Message --------
From: Paul Mezzanini <pfmeec at rit.edu>
To: Bernie Innocenti <bernie at codewiz.org>
Cc: Stephen Jacobs <sxjics at rit.edu>, Charles J Gruener <cjg9411 at rit.edu>
Subject: Re: [Fwd: Re: [Systems] [SLOBS] Hosting at RIT]
Date: Sat, 09 Jan 2010 08:02:40 -0500
> So I guess we're still GO on our original plans.
>
I still need to get all the official approval and the sla if that
works out.
-------- Forwarded Message --------
From: Bernie Innocenti <bernie at codewiz.org>
To: Paul Mezzanini <pfmeec at rit.edu>
Cc: Stephen Jacobs <sxjics at rit.edu>, David Farning
<dfarning at sugarlabs.org>, Charles J Gruener <cjg9411 at rit.edu>
Subject: Re: Sugar Labs hosting at RIT
Date: Thu, 17 Dec 2009 13:18:43 -0500
On Thu, 2009-12-17 at 10:19 -0500, Paul Mezzanini wrote:
> I can make a case to have *.sugarlabs.org hosted here. The existing
> relationship with RIT makes it possible.
>
Awesome, thanks!
> > sonal domains (somosazucar.org, radian.org, sandboxing.org, etc)
> We can not support having personal domains hosted here.
I see. No problem, we can move these elsewhere.
> This brings up another important question regarding access to the
> hosted machine(s). Who, on your end, will have access to these
> machines?
Besides me, we gave root access to a few trusted members of Sugar Labs,
all of which are unpaid volunteers. Our "Join" page states that all
sysadmins are required to digitally sign the SAGE Code of Ethics
(http://www.sage.org/ethics/), but so far I didn't make anyone sign it
because I trust all them personally. We can come up with a stricter
policy if required by RIT, but to me personal trust is worth more than
a thousand junk contracts ;-)
Besides these, we have a few people in charge of specific bits of
infrastructure, with no root privileges. We also have developer and
member accounts, but these live on http://people.sugarlabs.org/ ,
which is hosted by the FSF.
> There is an RIT policy for server security that all these machines
> would need to conform to (http://security.rit.edu/server.html).
I think we would already conform, except for displaying trespassing
banners at login, which we could certainly add.
> I would also like an RIT individual to have at least a basic
> understanding of the configuration and access in case of an
> emergency. (Otherwise the course of action would to be turn
> the network port off)
This would be very welcome.
My impression is that we're all pretty conscious about security, but
we're running a variety of non trivial web services and thus our
attack surface is rather large.
>> We would also need a few more globally accessible IPs for the
>> virtual
> This is not likely to happen. I can't guarantee more then a
> small handful of IP addresses. My initial impression was
> that you would require only two or three.
Me bad. Our initial thought was to move over there just
activities.sugarlabs.org, for which one public IPv4 address would have
been sufficient.
I'll talk with the other admins to find out how much we want to rely
on separate virtual machines (and thus separate IPs) for the other
services.
> > * do we have IPv6, or working 6to4?
> Not at the moment. If I remember correctly, there are technical
> issues with one of our upstream providers.
We use IPv6 mostly to reduce the number of IPs we need. For example,
our build farm has 6 machines reachable only over IPv6.
We're not currently planning to move over such services, but being
able to reach them from our main server would be useful.
> * are there on-site sysadmins to help us with hardware and
> network problems?
> As we currently sit, help would be via best effort.
>
> If we do come to an agreement, we would require a SLA / MoU
> outlining all of the details.
I guess best effort would be fine, as long as there are enough people
with physical access to the building during holidays and week-ends.
We'll bother only those who agree to be bothered, of course.
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
More information about the Systems
mailing list