wiki:admin-training

Version 17 (modified by Jamie McClelland, 5 years ago) (diff)

--

Admin Training Manual

This page outlines the information needed to adminster May First/People Link servers.

  1. Politics and organization
    1. Review the statement of unity, member agreement, and intentionality statement
    2. Familiarize with current political campaigns of the organization and brief history of past campaigns (see MAGNet and US Social Forum, Allied Media project...).
    3. Politics of free software
    4. Mexican Coop and Media Jumpstart: legal structures
    5. Introduction to leadership committee and membership meeting process, as well as commissions, work teams, volunteers and staff
    6. The support team
  2. Identity: Many aspects of MF/PL system administration require a login which can be re-used in many places.
    1. Your OpenPGP key ensures that all members can communicate via private and authenticated email.
    2. Monkeysphere: converting your OpenPGP key into an ssh-enabled key allows us to grant you ssh access to servers easily and with a convenient method to revoke access if your key is compromised.
    3. May First/People Link accounts via the members control panel
      1. Create a membership: Creating your identity under your own membership allows you to continue with your identity even if you no longer provide system admin support
      2. Pick a user account to login to the control panel: this user account can be granted admin access - so you can access all accounts in the control panel. This password is the most sensitive - it should only be used for logging into the control panel. You might pick a username with a -cp suffix to it, like jamie-cp.
      3. Pick a user account as your public identity: via OpenID, you can re-use a single user account when logging into support.mayfirst.org or im.mayfirst.org and other services. Be sure to pick a good user account name and don't change it - since it will be public.
  3. Secrets - MF/PL strives to be transparent and public, however, certain information is restricted
    1. Control panel - by adding your chosen user account to a red_admin_access table in the control panel database, you will be able to view and edit all aspects of all memberships and their services.
    2. By adding your monkeysphere user id to our puppet configuration you can be added to the list of people with root on all servers. We have a set of guidelines for people with root access, an ssh security policy as well as a draft policy on granting root access
    3. You may also have your OpenPGP key added to our keyringer configuration, which will allow you to decrypt our password file, which contains disk encryption passphrases.
  4. Communication
    1. Once you join, you will be added to our CiviCRM outreach database automatically
    2. Join the support-team email list.
    3. Join the IRC Chat
    4. Install mumble and connect to our mumber server
    5. Ensure your browser works with live and mexcla.
  5. The control panel
  6. Ticket system
    1. Tips on answering tickets
    2. Find unassigned tickets
    3. How to create a wiki page
    4. How to translate wiki pages
  7. Physical layout: where are the servers? Where are the data centers?
    1. Nearly all servers are hosted in either Telehouse or XO, both in Manhattan.
    2. contact information for main providers
  8. What's a MOSH? How we organize services on servers

  1. Puppet: our system for managing servers and services
  2. Debugging common email problems
  3. Debugging common email list problems
  4. Debugging compromised web sites