Version 33 (modified by 9 years ago) ( diff ) | ,
---|
Admin Training Manual
This page outlines the information needed to adminster May First/People Link servers.
- Politics and organization
- Review the statement of unity, member agreement, and intentionality statement
- Familiarize with current political campaigns of the organization and brief history of past campaigns (see MAGNet and US Social Forum, Allied Media project...).
- Politics of free software
- Mexican Coop and Media Jumpstart: legal structures
- Introduction to leadership committee and membership meeting process, as well as commissions, work teams, volunteers and staff
- The support team
- Identity: Many aspects of MF/PL system administration require a login which can be re-used in many places.
- Your OpenPGP key ensures that all members can communicate via private and authenticated email.
- Monkeysphere: converting your OpenPGP key into an ssh-enabled key allows us to grant you ssh access to servers easily and with a convenient method to revoke access if your key is compromised.
- May First/People Link accounts via the members control panel
- Create a membership: Creating your identity under your own membership allows you to continue with your identity even if you no longer provide system admin support
- Pick a user account to login to the control panel: this user account can be granted admin access - so you can access all accounts in the control panel. This password is the most sensitive - it should only be used for logging into the control panel. You might pick a username with a -cp suffix to it, like jamie-cp.
- Pick a user account as your public identity: via OpenID, you can re-use a single user account when logging into support.mayfirst.org or im.mayfirst.org and other services. Be sure to pick a good user account name and don't change it - since it will be public.
- Secrets - MF/PL strives to be transparent and public, however, certain information is restricted
- Control panel - by adding your chosen user account to a red_admin_access table in the control panel database, you will be able to view and edit all aspects of all memberships and their services.
- By adding your monkeysphere user id to our puppet configuration you can be added to the list of people with root on all servers. We have a set of guidelines for people with root access, an ssh security policy as well as a draft policy on granting root access
- You may also have your OpenPGP key added to our keyringer configuration, which will allow you to decrypt our password file, which contains disk encryption passphrases.
- You will also need write access to our git repository.
- Communication
- Once you join, you will be added to our CiviCRM outreach database automatically
- Join the support-team email list.
- Join the IRC Chat
- Install mumble and connect to our mumber server
- Ensure your browser works with live and mexcla.
- The control panel
- Ticket system
- Review our FAQ
- Tips on answering tickets
- Find unassigned tickets
- How to create a wiki page
- How to translate wiki pages
- Infrastructure Overview
- Physical layout: where are the servers? Where are the data centers? Nearly all servers are hosted in either Telehouse or XO (about 5 - 8 physical servers in each location), both in Manhattan. See contact information for main providers
- Virtualization: almost all servers are KVM guests.
- We have three types of guests
- MOSH: This is an acronym that doesn't spell anything. It refers to guests that provide web and email hosting for most May First/People Members. These guests are connected to our control panel so members can easily add/modify/remove services.
- Dedicated MOSHes. These are just like regular MOSHes except they are dedicated to a single member. The dedication allows them to run mod_php instead of running php via fcgid and suexec, which is necessary on a shared machine for security reasons. mod_php runs much faster
- Single purpose: we have a number of guests that just provide one or a few dedicated services, such as our freeswitch server, DNS servers, etc.
- Puppet: our system for managing servers and services
- servers.mayfirst.org - web front end for following servers and assigning servers to support team
- Monitoring
- Checking our Nagios Monitoring server
- Cacti - our traffic analyzer
- Our piwik installation - monitors our web site traffic
- Here comes trouble - using our status notification system (https://status.mayfirst.org)
- How to install a new KVM guest
- Using Shared Varnish faq/shared-varnish-server
- Accessing console of our servers
- Accessing console on a virtual guest
- Accessing console on a physical machine
- Telehouse
- XO
- Web architects (jojobe)
- Upgrading core version of Drupal
- Renewing x509 certificates
- Extending Hard disks
- Changing resources allocated to guests via kvm manager files
- Debugging common problems
- email and email list problems
- Debugging compromised web sites
- DNS problems
- Suggested tools
- Ross has automation scripts for creating KVM guests.
- clusterssh - for connecting to multiple servers simultaneously, helpful for doing upgrades.
- irssi - with screen for perpetual irc connection.
- nagstamon - desktop client for nagios monitors.
- mf-go scripts - Helps for ssh defaults with auto-complete for all servers and starts a screen session identified by your username, also connects to consoles with tab completion of the physical host. You can get the repo with (some assembly required):
git://lair.fifthhorseman.net/~rossg/mf-go
Note:
See TracWiki
for help on using the wiki.