[sf-lug] Notes re last night's SF-LUG meeting about the colo box

[jim stockford]

Here follow notes from last night's SF-LUG meeting about
the colo box (a computer at the ServePath facility on Spear
Street that hosts the sf-lug.com web site and soon the
BALUG web site, too).

* Jim claims the colo has given us 4 IP addresses. Michael
wants one for BALUG. BUT:
Upon review, it looks like three of the four IP addresses are
dedicated to a VLAN setup: i.e. only one IP address is
available for use.

* Michael proposes each LUG has scripts with an identifying
suffix, notably startup scripts for daemons.

* Administrators will use the wiki for most documentation,
but there will be a /home/admin directory that contains flat
files with some policy and how-to information. We must set
up a structure to divide issues about the box itself, SF-LUG
issues, and BALUG issues (e.g. how each LUG wants to
manage its web pages).

* Remote backup. Jim proposed NFS-over-internet. Michael
proposes rsync over ssh, which is what we'll use to back
some data to a remote location.

* sudoers: currently pretty much anyone who has a ssh
login account has been put in the sudoers file.
THIS WILL CHANGE! if you have a ssh account on
the box, take note. <--------------------------------------------------
We'll remove all but people with administrative duties.
If you want an account, we'll gladly give it. If you want
extended privileges, ask and we'll see what we can do
short of full root privileges.

* Michael proposes reviewing the contacts for box
administrators. Nathan has listed pager monkeys to include
Nathan and Jim. Michael will the our newest pager monkey.
Probably three persons is enough, though having a second
BALUGer would be good.

* We need policies for maintenance. These will be on the
wiki primarily. Anything that might reveal security flaws
should be doc'ed in /home/admin.
When are good times to bring the box down for hardware
changes (other than as soon as possible after something
breaks)?

We have nagios and osiris running on the box, with thanks
to Nathan. Should we have hours of business, i.e. a service
agreement to guarantee box uptime during certain hours,
days...? Probably not, it seems, at least not at this time.

* Jim will ask ServePath if there's a means of getting console
access to the box: i.e., something other than ssh access in
the event the box goes down or nuts.
Currently we either ask the Spear Street staff to turn the box
back on or we drive down and do things.

* Jason (JT) has installed PHP BB. How shall we use it?
There was some discussion comparing the merits of Bulletin
Boards ("forums") against good ol' mail, which is archivable
and web accessible.

* Seems okay to "yummify" the box, at least with respect to
osiris and nagios. Policy currently is that administrators can
yum away whenever.

* There is an Apache restart nicely command of some sort
that minimizes httpd downtime (e.g. for re-reading a revised
config file).

* Nathan has got a DNS server working on the box. Currently
it works with respect to Nathan's universe and not with the
internet namespace as a matter of proof of concept. Given a
little testing and then getting access to a couple of internet
aware DNS servers up the stream, we can switch our DNS
server over to see the internet.