Difference between revisions of "SAC Service Status"

From OSGeo
Jump to navigation Jump to search
Line 24: Line 24:
 
** DNS - Shawn Barnes
 
** DNS - Shawn Barnes
 
** SVN - Howard Butler ([[Subversion|info]])
 
** SVN - Howard Butler ([[Subversion|info]])
 +
** IPTABLES - Shawn Barnes
 
** general Unix support upon demand - Martin Spott
 
** general Unix support upon demand - Martin Spott
 
* Virtual Hosts
 
* Virtual Hosts

Revision as of 06:36, 27 August 2007

Infrastructure of OSGeo System Administration Committee (SAC)

System List

WE NEED TO DO OUR HOMEWORK AND COMPLETE THIS PAGE.

SVN and Trac are utilizing our central OSGeo LDAP server for authentication - a start towards the dream of one OSGeo userid/password for a variety of services and projects. We also have the capacity to capture project history in a migration to SVN for folks using CVS now.

Buildbot, for those not familiar with it, is used to do automated builds of software packages from svn, run tests suites, and provide a status web page indicating how it is working. An example is at:

 http://buildbot.osgeo.org:8500/

The download server is just a server providing http download from a directory tree, but it is on a high speed network (telascience.org) with lots of bandwidth.

Server osgeo.org

  • Hardware - sbarnes, Howard Butler, Tyler Mitchell, Frank Warmderdam
  • Software:
    • Web pages - Tyler Mitchell, ... (info)
    • postfix - Tyler Mitchell, ...
    • Linux updates - Tyler Mitchell, ... (info)
    • LDAP - ? (info)
    • backup - Shawn Barnes
    • SSL certificate - Shawn Barnes (configuration)
    • DNS - Shawn Barnes
    • SVN - Howard Butler (info)
    • IPTABLES - Shawn Barnes
    • general Unix support upon demand - Martin Spott
  • Virtual Hosts
    • trac.osgeo.org - Howard Butler (info)
    • lists.osgeo.org - Tyler Mitchell (info)
    • buildbot.osgeo.org - Howard Butler (info)
    • download.osgeo.org - Mateusz Loskot (info)

Emergency plans:

  • ISP/DNS problem: what to do? do we need to call anyone?
  • hardware reset: Shawn Barnes (+1 613.565.5056 - Ottawa business hours), Howard Butler, Tyler Mitchell, Frank Warmderdam (+1 613.754.2041 - anytime). One option is a power cycle on the UPS to restart osgeo.org, using the "Reboot Immediate" item on the UPS.

OSGeo Wiki (wiki.osgeo.org)

  • Maintained at and by terrestris.de
  • Responsible: XXX

Emergency plan: ...

Currently working on migration to telascience (http://trac.osgeo.org/osgeo/ticket/103)

Telascience Blades

This page only describes some of the core systems and is not a full description of the telascience reality in any way

  • xblade11-2 (198.202.74.216) FC4
    • new server: new install, ldap enabled, yum updated July 20th/2006.
    • geodata.telascience.org; Assigned for geodata work for now, and to be named dev.geodata.osgeo.org or something similar. Binaries on geodata:
      • all GIS binaries are installed into /usr/local/*
      • /usr/local/lib was added to /etc/ld.so.conf
  • xblade12-2 (198.202.74.217) FC4
    • new server: new install, no ldap or remotely mounted home.
    • This machine is allocated to Kids GIS Portal
  • xblade13-2 (198.202.74.218) FC4
    • shell.telascience.org: Lots of software installed, general use.
    • Also used for DevelopmentDrupalInstance - contact Kanhaiya Kale.
  • xblade15-2 (198.202.74.220) FC4
    • ldap.telascience.org: Fedora Directory Server. LDAP server.
    • osgeo.telascience.org: Plone
    • txtmob.telascience.org: SMS Smart Mob system
    • gpstrack.telascience.org: Plone GPS / APRS / Cell tracking .... wishing ;)
    • mediawiki.telascience.org (wiki.osgeo.org migration in progress)
    • ISO mirroring
  • sparcblade8 (198.202.74.213) Solaris 2.9
    • civicspace.telascience.org: experimental community portal

Services

Known Issues

  • .216/.217/.218/.219: need Admin group in sudoers file.
  • .74.220 is not using ldap authentication for shell access.
  • Access to LDAP server needs to be restricted to specific machines somehow?
  • We have to create userids on the LDAP server manually, can't be done through plone without a lot of work.
  • Plone instance is not using LDAP for authentication.

Service Groups

Currently, shell access is limited to users in the LDAP schema under the "Shell" group. No further group authorization/granularity exists at this time. It is desireable to have "Shell" be broken into groups like "Database", "Subversion Admin", etc to distribute the administration of those tasks.