[Mageia-sysadm] planning for sysadmin task
misc at zarb.org
Mon Oct 25 13:05:35 CEST 2010
Le lundi 25 octobre 2010 à 10:24 +0100, Buchan Milne a écrit :
> On Sunday, 24 October 2010 11:58:26 Olivier Thauvin wrote:
> > * Michael Scherer (misc at zarb.org) wrote:
> > > Hi,
> > >
> > > so now the server are in place, we have to install them. Here is a
> > > proposal of the needed services :
> > >
> > > Then we need to deploy the basic infrastructure for us. Again, I assume
> > > that no one is against apache :
> > > - ldap ( valstar or alamut ? )
> At this stage, I am thinking that we may want 3 servers running LDAP:
> -Master LDAP server, which is primarily not used by read-only clients. I
> haven't tested referrals yet in my app, so for now CatDap will probably need
> to use it. Could possibly be used as fall-back for either of the slaves
> -1 slave used primarily for infrastructure support, but not exposed to much
> external traffic. Mostly nss_ldap/pam_ldap on build hosts, and any other
> infrastructure stuff which we decide to put in LDAP. If the total userbase is
> too large we could consider a partial replica (e.g. only posixAccount
> entries), though we may need to test this a bit ...
> -1 slave used primarily for external traffic, e.g. forum, wiki etc. This could
> be the web server running some of these applications.
> If this is excessive, we could consider combining master and internal read
> access on one server (but I would prefer to have at least one fall-back
For the moment, we have 5 servers, so for the beggining, it may indeed
be too much. So basically, ldap master on valstar ( ie, svn hdlist,
etc ) and external on alamut ?
And later, a ldap slave on the server used for forum ?
> > May I suggest to setup all our web on same server, especially since a
> > lot use perl-Catalyst (buchan's one, epoll and the one I did to manage
> > mirror).
> > May I also suggest all our web be installed using RPM ?
> > Notice I got some issue using catalyst in fcgi mod, but it works fine in
> > server mode + apache as proxy.
> I will try and create a package today. I think all the dependencies should be
> available for Mdv2010.0 and up. However, if we want to have any contributions
> (skinning work from web team, localisations) with quick testing, it may be
> useful to run one instance from an svn checkout.
Ie, have a production instance and a devel instance ?
Nothing prevent us from doing rpm from svn snapshot at regular interval
> BTW., do we want to run these apps on separate virtual hosts? Should I ship
> vhost definition in apache config (e.g. for identity.mageia.org)?
I would say "yes"
> > > - create account for us.
> Set up host authentication to LDAP first? We will need SSL certificates for
> LDAP hosts as well. Self-signed certs or certs from self-signed CA are fine.
> > Yup, especially if we have to work on them :)
> I have created some accounts in LDAP, and I am happy to create any we need to
> proceed to the point where the account registration portion of CatDap is
> running. However, I think we may want to get internal use of it (for
> registration) before opening the gates ...
> Also, I probably need to start work on the admin features, for now I am
> -user modification (e.g. add posixAccount to existing user account, modify any
> attributes necessary manually,
> -group management (add groups, modify group membership etc.)
> Please let me know what other features are important sooner than later.
ssh keys support ( as I think we will use it for us ) ? After a second
tought, we can do it by hand,
I also think notification of subscription could be interesting, but
again, we may not need it now.
> > > then the rest is less prioritary :
> > > - postfix ( alamut )
> > > - migrate to sympa ( alamut )
> > > - enter everybody in the ldap
> > > - nagios/munin ( or similar ) ( alamut )
yup, why, as long it is packaged, i am ok.
More information about the Mageia-sysadm