New Blades - Initialization and tasking

Frank Warmerdam warmerdam at pobox.com
Wed Jul 19 11:04:20 EDT 2006 

Folks,

John has a bunch of shiny new blades setup now that kickstart is working
again.  /me ^5's John!

Anyways, I have LDAP enabled and yum updated 198.202.74.219 so I think it is
ready for folks with ldap shell access to log into.

I'd be happy to do the same for .216 and .217 as needed.

John has added lots of info in the system status page, and I've been
trying to keep some notes on what I've done.

   http://wiki.osgeo.org/index.php/SAC_Service_Status

I'm seeing a whole bunch of services (and DNS entries) for 198.202.74.220,
including the LDAP server.  This server also seems to be ldap enabled now.
I had been under the impression that we were planning to keep the LDAP
server as "most secure", with essentially no other services on it.  Has
that changed?  I do think we need to work out some policy on what goes
where, with security and stability vs. flexibility in mind.

For instance, we might designate something like:

  198.202.74.218 (shell.telascience.org)
     - Low security.
     - anyone with shell access can ssh login.
     - anyone with Admin access can sudo.
     - used by geodata for processing
     - setting up ephemeral services for experiments, etc.
     - buildbot slave.

  198.202.74.219
      - Medium security
      - anyone with Admin access can login, and sudo.
      - Various services we want to be dependable placed here like
          FOSS GIS Book Wiki
          SVN servers
          OSGeo Membership Application
          Buildbot master

  198.202.74.220 (ldap.osgeo.org)
      - Most secure.
      - does not use ldap service for authentication - only give out root as
        needed.
      - for now, just ldap server.  Perhaps a few other "high security"
        services later.

Other servers might be used for experiments, or possibly "live backups"
for now, with the intent to deploy stuff to them in the future as our
needs evolve.

Best regards,
-- 
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGF, http://osgeo.org

More information about the Sac mailing list