= Admin Training Manual = This page outlines the information needed to adminster May First/People Link servers. 1. Politics and organization 1. Review the [https://mayfirst.org/unity statement of unity], [https://mayfirst.org/membership-agreement member agreement], and [https://mayfirst.org/intentionality intentionality statement] 1. Familiarize with current political campaigns of the organization and brief history of past campaigns (see [http://mag-net.org/ MAGNet] and [http://ussocialforum.net US Social Forum], [http://alliedmedia.org Allied Media project]...). 1. Politics of free software 1. Mexican Coop and Media Jumpstart: legal structures 1. Introduction to [https://mayfirst.org/leadership-committee leadership committee] and [https://support.mayfirst.org/wiki/projects/membership-meeting membership meeting process], as well as commissions, work teams, volunteers and staff 1. The [wiki:support-team support team] 1. Identity: Many aspects of MF/PL system administration require a login which can be re-used in many places. 1. Your [wiki:faq/email/openpgp OpenPGP] key ensures that all members can communicate via private and authenticated email. 1. [https://monkeysphere.info Monkeysphere]: converting your OpenPGP key into an ssh-enabled key allows us to grant you ssh access to servers easily and with a convenient method to revoke access if your key is compromised. 1. May First/People Link accounts via the [https://members.mayfirst.org/cp members control panel] 1. Create a membership: Creating your identity under your own membership allows you to continue with your identity even if you no longer provide system admin support 1. Pick a user account to login to the control panel: this user account can be granted admin access - so you can access all accounts in the control panel. This password is the most sensitive - it should only be used for logging into the control panel. You might pick a username with a -cp suffix to it, like jamie-cp. 1. Pick a user account as your public identity: via OpenID, you can re-use a single user account when logging into support.mayfirst.org or im.mayfirst.org and other services. Be sure to pick a good user account name and don't change it - since it will be public. 1. Secrets - MF/PL strives to be transparent and public, however, certain information is restricted 1. [https://members.mayfirst.org/cp Control panel] - by adding your chosen user account to a red_admin_access table in the control panel database, you will be able to view and edit all aspects of all memberships and their services. 1. By adding your monkeysphere user id to our [wiki:puppet puppet configuration] you can be added to the [wiki:support-team/all-servers-root-access list of people with root on all servers]. We have a set of [wiki:root-guidelines guidelines for people with root access], an [wiki:ssh_security_policy ssh security policy] as well as a draft [wiki:support-team/granting-root-access policy on granting root access] 1. You may also have your OpenPGP key added to our [wiki:keyringer keyringer] configuration, which will allow you to decrypt our password file, which contains disk encryption passphrases. 1. You will also need write access to our git repository. 1. Communication 1. Once you join, you will be added to our [wiki:civicrm-admin CiviCRM outreach database] automatically 1. Join the [https://lists.mayfirst.org/mailman/listinfo/support-team support-team email list]. 1. Join the [wiki:faq/chat IRC Chat] 1. Install [wiki:mumble mumble] and connect to our mumber server 1. Ensure your browser works with [https://live.mayfirst.org live] and [https://live.mayfirst.org/mexcla/1 mexcla]. 1. [wiki:faq/site-management/control-panel The control panel] 1. [https://support.mayfirst.org Ticket system] 1. Review our [wiki:faq FAQ] 1. Tips on [wiki:support-response-tips answering tickets] 1. Find [query:status=new&changetime=1week..now&group=priority&col=id&col=summary&col=changetime&col=status&col=reporter&desc=1&order=changetime unassigned tickets] 1. How to create a [wiki:structure wiki page] 1. How to [wiki:faq/translate/pages translate wiki pages] 1. Infrastructure Overview 1. Physical layout: where are the servers? Where are the data centers? Nearly all servers are hosted in either Telehouse or XO (about 5 - 8 physical servers in each location), both in Manhattan. [wiki:support-contact-providers See contact information for main providers] 1. Virtualization: almost all servers are KVM guests. 1. We have three types of guests 1. MOSH: This is an acronym that doesn't spell anything. It refers to guests that provide web and email hosting for most May First/People Members. These guests are connected to our control panel so members can easily add/modify/remove services. 1. Dedicated MOSHes. These are just like regular MOSHes except they are dedicated to a single member. The dedication allows them to run mod_php instead of running php via fcgid and suexec, which is necessary on a shared machine for security reasons. mod_php runs much faster 1. Single purpose: we have a number of guests that just provide one or a few dedicated services, such as our freeswitch server, DNS servers, etc. 1. [wiki:puppet Puppet]: our system for managing servers and services 1. Monitoring 1. [https://monitor.mayfirst.org/ Checking our Nagios Monitoring server] 1. [wiki:check_traffic_usage Cacti - our traffic analyzer] 1. [wiki:mfpl-piwik Our piwik] installation - monitors our web site traffic 1. [wiki:hct Here comes trouble] - using our status notification system (https://status.mayfirst.org) 1. [wiki:install_kvm How to install a new KVM guest] 1. [wiki:how-to/servers/add_ip_allocation How to allocate a new IP address] 1. Ross has automation scripts for creating guests. 1. Using Shared Varnish [wiki:faq/shared-varnish-server] 1. Accessing console of our servers 1. Accessing console on a virtual guest 1. Accessing console on a physical machine 1. [wiki:telehouse_serial_access Telehouse] 1. [wiki:xo_serial_access XO] 1. [wiki:webarchitects-serial-access Web architects] (jojobe) 1. Upgrading core version of Drupal 1. Extending Hard disks 1. [wiki:extend-logical-volume Extending a logical volume] 1. [wiki:extend-disk-on-kvm-guest Extending a disk for a guest] 1. Changing resources allocated to guests via kvm manager files 1. Debugging common problems 1. [wiki:debug-email-delivery email and email list problems] 1. Debugging compromised web sites 1. DNS problems