[Mageia-sysadm] [LONG] new server to name and password handling

Michael Scherer misc at zarb.org
Mon Jan 3 02:00:40 CET 2011


Hi,
Good news, since we have all been good boys and girls ( at least, I
was ), some presents were left under Christmas tree ( or whatever is
used for your local celebration if any ).

Anne just told me that a new server will be donated, sponsored by
Online.net, thanks to Raphael Gertz efforts. The specs ( in french, I
can translate if Babelfish is not enough ) are here :
http://www.online.net/serveur-dedie/offre-dedibox-pro.xhtml

Primary use would likely be "iso creation", a task that requires some
disk and memory ( and is quite important to do ).

So this bring us some problems :

- the name. Last person to choose was Olivier Blin for friteuse, the
forum vm ( that still didn't got installed, for those that want to
know ) and the next one should be decided by Buchan Milne. 

So Buchan it is up to you, and you need to design your successor from
the list of 1 person, Olivier Thauvin, who is the last remaining admin
in my list. And then, we start to 0 again, aka the full list.


- the installation. I volunteered to install it, and add it to puppet
( and while on it, document it on the wiki ), but I would wish some
input on the partition table :

 - use raid 1 or raid 0 ( or both as suggested by Nanar, ie raid 1+0 ) ?
 - lvm, or no lvm, or partial lvm ? 
 - raid or lvm stripping, mirroring ?
 - ext4, others ? 

One of the issue is that the web panel do not support lvm. So I propose
this :

- 20g, no lvm, for the main system, on ext4 
- the rest as a big raid 0, or raid 1+0 array. 
in the array, we add a big lvm, splitted among
 - mirror of rpm, around 50 go
 - swap, around 5 go
 - iso, around X go per run. ( with X to be calculated later or asked to
someone who know ).


Why raid 0 ( or 1+0 ) ? The server main use will be iso creation ( for
now ), which mean "lots of I/O". And that's the main and only reason to
use raid 0. But if we can have also some redundancy to avoid issue that
plagued mandriva iso creation ( aka, cascade failure of the iso creation
server ), it could be nice.

Why lvm ? For flexibility, if we decide to add other services to the
server ( think virtualisation, there is 8 CPU and there is maybe a 2nd
ip ). But adding others services on raid 0 may not be a smart idea on
the other hand, so maybe using raid 1+0 would be nice too.


- the access to the web interface. As the server is hosted at online.net
datacenter and we do not have access, we need to use the web panel to
reboot and so one ( or IPMI ). We ( ie, anne and me ) have a
login/password for that. So we need to store it somewhere so members of
a strictly defined group ( likely admins, but surely also member of the
board/council ) can access, and no one else can. This mean that the
password is changed when a member of the group leave the group, and
something like every year, to avoid problem in case of password
theft/lose. 

While I trust everybody who will receive it to not misuse the password,
I am not trusting people who could steal the laptop, or people who could
unlawfully access to it. I do use encrypted partition on my laptop, I
know not everybody do ( for obvious reason like "this reduce my battery
life by 1 hour" and "this is broken on installation on mdv" and others
good reason ).

So we need to :
- define the list of login/password/url to store there. On top of my
head, I would say :
  - web interface for online.net ( anne and I )
  - impi interface password ( not set yet )
  - bios password, if any, ( I think we didn't set them )
  - drac interface of alamut ( I think we did set them, and so damien,
boklm, me and potentially maat know it )
  - root password of servers ( can be changed )
  - dns domain at gandi.net, ( romain should have it )

- decide who should have access. Maybe more than one group should be
required. I would also add a similar system for the access to outside
services, like twitter account, etc. ( and that's one more reason to
prefer hosted service ). While such services are important, losing
facebook account would be less a problem than the dns name. 

- decide how often we change the passwords ( for those that ca be
changed remotely ), and a process to make sure it was done. Maybe
somewhere to note when it was done. Or decide to not change it if this
is too tedious.

- find a system to store them
 - must be usable offline
 - should not requires to distribute a master password
 - must store everything encrypted ( in case of compromission )
 - must be able to be transmitted over a unsecure channel ( ie, the
internet )
 - should be as seamless as possible ( ie, if we requires people to
download a file, majority will forget to do it ).
 - must be free software, using a good encryption system ( like not
3DES ), etc, etc.
 - a nice addition would be to use our ldap, or ssh keys
I haven't looked, nor do I have much ideas on that part, so do not be
shy, express yourself, what do people use in their job ( or
assimilated ).

At my first mission, we had physical access everywhere so the password
handling was not a big issue, and used a gpg password file on 2 servers
( and we used some memory trick to keep the root password of the 20
servers ).
 
On another job, we used a php interface for that. I lost the name of the
web application. It was hosted in our office, with a shared password
given to employees.

And for zarb.org, we use a quite complex system with a file password.gpg
encrypted with a key given to admin, with a pass phrase meaning "apple
pie with cream" in navajo or chinese, something like that.

Obviously, no procedures were set to change any password nowhere :)
( or at least, not disclosed to me )

-- 
Michael Scherer



More information about the Mageia-sysadm mailing list