sonance.net technews

We (foo, iang, binsh, martin) got together at Philip’s place 2nd May and had another go at getting LDAP moved. Progress:

• extracted and modified for new home into Roy
• Loaded up and running
• Databases extracted…
• Tech tech fed and watered (thanks to Delfine)

Things left to do: resolve the Bind <–> LDAP connection, set up Roy as DNS, try it all…

today the blog-service of sonance was successfuly moved to another machine and upgraded to the lastest version of wordpress-mu.

happy blogging.

yours, bernhard

Present: iang, virtual-matthias-G

• Zentrix VM got hacked last friday night.
• Cleanup lasted minutes and it was hacked again by monday.
• vector of attack was either mod_perl or mod_php, no clarity on this point
• PHP was opened up again last September.
• Only active sysadms now have access, and new security policy is in place.
• subik moving dns to new VM with assistance from FF’s Wolfgang
• subik will solve ldap domains change problem.

Tech team

Present: binsh, foo, martin, suntzu, stefan
Also: pablo, julia

• Matthias G: It’s all done, Virtually speaking! VMs are set up awaiting…
• Admins should request SSH passwords on all services …
• Sonance core applications => Candy !!!! this is the area for Martin.
  Drupal, PHP5 only!!
  ISPagent also installed.
• install a new Mediawiki version on Candy.
  get it going with LDAP.
• Need an SVN repository. How to run it? … Stefan could experiment from summer.
  Onto candy.
• Instiki-wiki … Matthias can identify who top users are and tell them it is going to be shut off.
• Martin wants to be “taken off” Roy (DNS, LDAP, ISPman).
• Hoss (databases) is installed MySQL … running on localhost only so far.
• Users to get new passwords.
• How to move the users? Do the users move themselves….. Decide this when DNS is going, below ===>
• If they show no sign, they disappear?????…… If they show up on wednesday or move it themselves, we can help! Board decision or not?

• Talked to Subik, sent him all the stuff. List of VMs, plan of split services.
• Subik should be preparing the DNS.
  This is now a critical blocking action!!!
• DNS is to go onto Roy.
• Question to DNS/team: how are internal names set up like hoss and roy/ldap?
  Internal /etc/hosts file?
  ldap.sonance.net, mysql.sonance.net, ?

• Gernot for typo3
• But it needs ImageMagic
• ImageMagic needs fopen() which is what caused the hack.
• Therefore not on candy as yet!
• In 1.5 months exactly, Matthias G and Oliver will complete Stage 1 of
  the Streaming and Converting Booster rocket.
• onto adam/stream.
• Then we have to think about how to integrate it to drupal….
• Streaming server had Flash converter,
  streams video … can either embed Quicktime or use a Flash player …
  Only streaming tech that Flash supports is RTMP (sp?)
  only streaming service that is free/not open source is
  “Flash Streaming Server” and possibly Helix.
  This way we can stream video in flash.
  is useful because it supports Quicktime …
• But we shall instead wait 1.5 months and then it will be solved.
  The installed copy had a dodgy past…

• (Martin) Antony was mentioned by Martin, is PHP/UN/CC/BG.
  Can he be brought in … YES!
• (SunTzu) CAcert might ask for support from sonance when they bring in a new guy to manage system moves: machines, space, net, sysadms, etc. More as it develops.
• (binsh) Pooool migration work is done, moved to sing.
• Pooool main portal is PHP, wordpress, mediabase (problem security wise)
  Needs ISPman Management tool … on Sing
• Should go on Clem.
  ISPman

• blogs/
  • blog sign on is a problem
  • spammers are getting through the open-sign on.
  • maybe 1000 attempts a month
  • need an email address - use webmeister') //-->webmeister
  • we need a contract — terms & conditions, etc. ==> SunTzu
    
  • welcome text for new users
• need LDAP for MUworkpress
  • bernhard talking to Matthias
  • need LDAP sign-on site.
  • LDAP sign on / create new account is through evolve
  • need to rewrite the login page.
• evolve new account procedure
  • click on Login, under About Evolve, short graphical how to …
  • evolve should have a “Apply for Sonance Membership”
  • it is some work
  • Martin can do that
• streaming stuff
  • martin suggests: meeting / workshop
  • inviting tell people about theScreen
  • lucas is doing something with Ella
  • martin knows diete who is a painter that wants to do some live streaming
  • let’s email lukas and ella (marting talked to lukas)
• goten
  • no apache on goten — it is decided.
  • move mail long-term to the VM farm.
• database admin
  • philip might help us
  • “you guys keep it limping along until than”
• 3rd DNS server
  • Bernhard talked to sysadm on Hetzner…
  • could do 3rd DNS
  • not interesting at the moment coz still on goten
• programming web page
  • submission system
  • lots of stuff already there
  • It is like “changing the name of the new content button”
  • Martin … would not be the (sole?) programmer
  • next step is to write the requirements
• access to clem for iang ?

I’ve uploaded the techteam article that went into the re.sonance.007 catalogue. It’s called “sonance.techteam strides forth” and includes some photos by nuss when we were at lindabrunn.

Main point of this is to figure out what the structure of the evolve page is. Should this be used for all tech team doco in the future? We want to figure out the doco strategy for the future, and it seems that werkstattext wiki isn’t part of that future.

Comments?

present: foo, dreamer, iang. Also from the other teams:Pablo, Ruth,

• M1: Bonanza had a hardware / config error fixed
  • changed a network card, shut off BIOS/USB/Fireware
• M2: Blackadder is on the bench
  • ex pooool machine
  • how to use is a work in progress
• M3: is delivered
  • machine of games company, will
  • how to use this machine is also a work in progress.
  • We need a new name for this machine.  B-something?
• all old machines going to Matthias’ work place
  • zentrix there
  • mediatix is still at philip’s place
  • mx1 to be picked up from FF
  • simon leaving friday, back 25th, Matthias to pick up machines from simon’s place
• might have a request for some temporary machines from CAcert
• requested FF dropping of all additional contracts
  • should be now just Bonanza for Sonance
  • also CAcert 1+2 to be billed
• support telephone needs to be handed over
  • it will likely be dead while Simon is away
  • it is likely dead anyway
  • requested 300pm in next budget

From now on, we’ll try and do the protokol on the blog and see how it goes. Open Governance rocks.

The big Zentrix change marks the shift from old unsupported white machines to new supported black machines. It completes a process of hardware upgrades started about 18 months agoby the Sonance tech team.

Before, we had a smattering of white machines that were continually giving problems in late 2006. Although they pretty much performed flawlessly during 2007, we suffered from ever-present fear as these old constructed-from-old-parts machines rumbled and rattled on, always treating the next day as their last.

Now we have two primary systems in place: a new big black machine called Bonanza which operates as the host for lots of virtual machines, located here in Funkfeuer, and a remotely hosted machine in Germany for reliable mail transport.

Sonance is now in much better shape to offer serious services, as at least the hardware is solid. We still have a lot of software re-organisation to do, we want to gradually strip all the services out of the old core machine (Zentrix) and move them into separated virtual machines for independence and robustness.

Also, hardware will continue to grow. It looks like over the next year we will field another big VM machine, and possibly two. This will give us the ability to failover for critical VMs. We also would like to purchase an independent file server for the data, giving us even more flexibility. Budget willing!

Last night the migration of Zentrix into its new VM home happened, and we spent a fair amount of time last night chasing broken systems. The process is ongoing, stuff keeps turning up, so please keep your eyes open and file any bugs at the support') //-->support normal place.

Things that were broken and then got fixed: Imap webmail services, DNS, backups to /BKP.

There might be more problems, please send problems to support at lists.support.net

our new servers are heavly on track.
the great new virtual machine called bonanza is up and running.
the stream.sonance.net machine is allready transfered to it.
in germany we did install goten our new mail management system.
it’s up and running 2. more information out the progress you can also
find in our new publication, download and purchaseable via http://resonance007.sonance.net/