Infrastructure of OSGeo System Administration Committee (SAC)

System List

WE NEED TO DO OUR HOMEWORK AND COMPLETE THIS PAGE.

SVN and Trac are utilizing our central OSGeo LDAP server for authentication - a start towards the dream of one OSGeo userid/password for a variety of services and projects. We also have the capacity to capture project history in a migration to SVN for folks using CVS now.

Buildbot, for those not familiar with it, is used to do automated builds of software packages from svn, run tests suites, and provide a status web page indicating how it is working. An example is at:

 http://buildbot.osgeo.org:8500/

The download server is just a server providing http download from a directory tree, but it is on a high speed network (telascience.org) with lots of bandwidth.

Server osgeo.org

• Hardware - Shawn Barnes, Howard Butler, Tyler Mitchell, Frank Warmderdam
  • osgeo.org servers are monitored by HTTP monitoring scripts, notification goes to Frank Warmerdam, Shawn Barnes and Daniel Morissette
• Software:
  • Web pages - Tyler Mitchell, ... (info)
  • postfix - Tyler Mitchell, ...
  • Linux updates - Tyler Mitchell, ... (info)
  • LDAP - ? (info)
  • backup - PEER1 is doing daily tape backup of entire system - Shawn Barnes
  • SSL certificate - Shawn Barnes (configuration)
  • DNS - Shawn Barnes
  • SVN - Howard Butler (info)
  • IPTABLES - Shawn Barnes
  • support on demand - Martin Spott
• Virtual Hosts
  • trac.osgeo.org - Howard Butler (info)
  • lists.osgeo.org - Tyler Mitchell (info)
  • buildbot.osgeo.org - Howard Butler (info)
  • download.osgeo.org - Mateusz Loskot (info)
  • virtual hosts: lists and trac are the same system as www.osgeo.org; buildbot is the same as download

Emergency plans:

• ISP/DNS problem: what to do? do we need to call anyone?
• hardware reset: Shawn Barnes (+1 613.565.5056 - Ottawa business hours), Howard Butler, Tyler Mitchell, Frank Warmderdam (+1 613.754.2041 - anytime). One option is a power cycle on the UPS to restart osgeo.org, using the "Reboot Immediate" item on the UPS.

OSGeo Wiki (wiki.osgeo.org)

• Maintained at and by terrestris.de
• Responsible: XXX

Emergency plan: ...

Currently working on migration to telascience (http://trac.osgeo.org/osgeo/ticket/103)

Telascience Blades

This page only describes some of the core systems and is not a full description of the telascience reality in any way

• HyperCube for geodata
• xblade10-2 (198.202.74.215) FC4
  • new server: new install, ldap enabled, yum updated Nov 5th/2006.
  • mapbender.telascience.org; Postgres MySQL running
    • http://mapbender.telascience.org/
    • https://198.202.74.215/phpMyAdmin/
    • https://198.202.74.215/phpPgAdmin/

• xblade11-2 (198.202.74.216) FC4
  • new server: new install, ldap enabled, yum updated July 20th/2006.
  • geodata.telascience.org; Assigned for geodata work for now, and to be named dev.geodata.osgeo.org or something similar. Binaries on geodata:
    • all GIS binaries are installed into /usr/local/*
    • /usr/local/lib was added to /etc/ld.so.conf

• xblade12-2 (198.202.74.217) FC4
  • new server: new install, no ldap or remotely mounted home.
  • This machine is allocated to Kids GIS Portal

• xblade13-2 (198.202.74.218) FC4
  • shell.telascience.org: Lots of software installed, general use.
  • Also used for DevelopmentDrupalInstance - contact Kanhaiya Kale.

• xblade14-2 (198.202.74.219) FC4
  • new server: new install, ldap enabled, yum updated July 19th/2006.
  • using for Frank and Mateusz' experiments with OSGeo BuildBot Configuration.
  • Using for Community Mapbuilder Continuum Builds.
  • Using for Download Server.

• xblade15-2 (198.202.74.220) FC4
  • ldap.telascience.org: Fedora Directory Server. LDAP server.
  • osgeo.telascience.org: Plone
  • txtmob.telascience.org: SMS Smart Mob system
  • gpstrack.telascience.org: Plone GPS / APRS / Cell tracking .... wishing ;)
  • mediawiki.telascience.org (wiki.osgeo.org migration in progress)
  • ISO mirroring

• sparcblade8 (198.202.74.213) Solaris 2.9
  • civicspace.telascience.org: experimental community portal

Services

• LDAP (on .74.220)
• Plone (on .74.220)
• HTTPD (on .74.220)
• OSGeo GeoNetwork Installation

Known Issues

• .216/.217/.218/.219: need Admin group in sudoers file.
• .74.220 is not using ldap authentication for shell access.
• Access to LDAP server needs to be restricted to specific machines somehow?
• We have to create userids on the LDAP server manually, can't be done through plone without a lot of work.
• Plone instance is not using LDAP for authentication.

Service Groups

Currently, shell access is limited to users in the LDAP schema under the "Shell" group. No further group authorization/granularity exists at this time. It is desireable to have "Shell" be broken into groups like "Database", "Subversion Admin", etc to distribute the administration of those tasks.