-------- Original Message -------- Subject: Re: [Box-Admins] Permissions From: Chris Muller asqueaker@gmail.com Date: Sat, February 05, 2011 11:25 am To: Squeak Hosting Support box-admins@lists.squeakfoundation.org
Göran, can you elaborate on the backup? What are we using now and what's broken about it.
HD's fail, backups are very important. Are you saying we're not backed up right now?
thanks..
Yes, right now there is no offsite backup. We have a local backup system for much content in case we just screw up but that doesn't help in the case of hard drive failure.
Goran provided an offsite backup for a long time but lost the facility when he changed jobs. I've asked for help with this in the past with little response. It has been a while and perhaps it is time to ask again.
Ken
2011/2/5 Göran Krampe goran@krampe.se:
On 02/04/2011 10:19 PM, Ken Causey wrote:
We already have this in some sense. Most individual projects are setup under their own home directories and to administer them it is generally sufficient to have access to the individual account, not superuser access. For example the webteam manages the website without superuser access and release teams can update the ftp site generally without superuser access. So for example if someone wanted to volunteer to work on bugs.squeak.org it would probably suffice to give them access to the mantis user account.
That said the use of sudo has been brought up before and it is worth looking into. My grand plans to setup new servers included every intention of making liberal use of sudo. But I simply haven't gotten around to it. I would welcome any insights anyone has on configuring sudo for our purposes.
Ken
IMHO the levels Ken describe are enough. If you are trusted with Linux admin stuff then root it is IMHO. Let's not complicate things :)
...and we really need to fix a running offsite scheduled backup. ASAP.
Sidenote: Btw, I now use Duplicity with Deja Dup on my laptop - works good even for large files onto a vfat external USB drive.
regards, Göran
Ok, so you're saying, we don't have a place to back-up to right now. How much space are we using? I'm wondering if whether each box-admin team member could simply rsync to a dedicated directory on home machines, perhaps on daily cron schedule?
OR, we could use a pay service, but it might not be a bad idea to just try to get ONE copy somewhere. We can't afford to lose source.squeak.org.
We won't procrastinate this anymore. I remember now that Ken and Goran researched the backup a few years ago. Did you guys end up using rsync?
I'll try to poke around on the box this weekend.
BTW, who (company or individual?) and where, physically, are the boxe(s) located now? Do we only have one box?
- Chris
On Sat, Feb 5, 2011 at 1:34 PM, Ken Causey ken@kencausey.com wrote:
-------- Original Message -------- Subject: Re: [Box-Admins] Permissions From: Chris Muller asqueaker@gmail.com Date: Sat, February 05, 2011 11:25 am To: Squeak Hosting Support box-admins@lists.squeakfoundation.org
Göran, can you elaborate on the backup? What are we using now and what's broken about it.
HD's fail, backups are very important. Are you saying we're not backed up right now?
thanks..
Yes, right now there is no offsite backup. We have a local backup system for much content in case we just screw up but that doesn't help in the case of hard drive failure.
Goran provided an offsite backup for a long time but lost the facility when he changed jobs. I've asked for help with this in the past with little response. It has been a while and perhaps it is time to ask again.
Ken
2011/2/5 Göran Krampe goran@krampe.se:
On 02/04/2011 10:19 PM, Ken Causey wrote:
We already have this in some sense. Most individual projects are setup under their own home directories and to administer them it is generally sufficient to have access to the individual account, not superuser access. For example the webteam manages the website without superuser access and release teams can update the ftp site generally without superuser access. So for example if someone wanted to volunteer to work on bugs.squeak.org it would probably suffice to give them access to the mantis user account.
That said the use of sudo has been brought up before and it is worth looking into. My grand plans to setup new servers included every intention of making liberal use of sudo. But I simply haven't gotten around to it. I would welcome any insights anyone has on configuring sudo for our purposes.
Ken
IMHO the levels Ken describe are enough. If you are trusted with Linux admin stuff then root it is IMHO. Let's not complicate things :)
...and we really need to fix a running offsite scheduled backup. ASAP.
Sidenote: Btw, I now use Duplicity with Deja Dup on my laptop - works good even for large files onto a vfat external USB drive.
regards, Göran
This is an excerpt of the notes we assembled for new board members about a year ago:
Community Servers ================= We currently only use a single physical box hosted by Hetzner, Germany:
Name: box2.squeakfoundation.org Primary IP: 85.10.195.197 OS: Debian Sarge
The box hosts many different sites including:
- www.squeak.org: the main website and download area - bugs.squeak.org: the Mantis bug tracker - lists.squeakfoundation.org: the mailman software - map.squeak.org: the main squeakmap server - source.squeak.org: the squeak source repository - wiki.squeak.org: the squeak wiki - ftp.squeak.org: file distribution via FTP/HTTP
This list is not exhaustive; for a complete and up-to-date list ask the box-admins team. We are also relying on several external sites:
- news.squeak.org: an alias to the weekly squeak (wordpress.com) - board.squeak.org: an alias to the squeak board blog (wordpress.com) - jobs.squeak.org: an alias for a dabbledb.com database - paste.squeak.org: an alias for the Lisp IRC paste bot
Administration ============== Administration is done by the box-admins team, requests should be directed there. However, for emergency purposes, the following users have root access on the box and can perform whatever actions are necessary:
root - Ken Causey, Göran Krampe, Cees de Groot, Avi Bryant, Marcus Denker, Craig Latta, Bert Freudenberg
Contact information: First start by emailing the team mailing list: box-admins@lists.squeakfoundation.org then fall back to contacting the team leader, Ken Causey's contact information is currently at
http://wiki.squeak.org/wiki/KenCausey
DNS is managed via tinydns and and the domain names are registered with their respective holders:
- squeak.org: Dan Ingalls - squeakfoundation.org: Cees de Groot
We currently do not hold any SSL certificates for any of our sites.
Daily backups (5 days deep) are kept locally for incidental mistakes and Göran Krampe backs us up remotely on a server he manages less frequently and on a longer timescale (tuned occasionally to manage space requirements).
Server Access ============= For giving community members access to the box the policy has been to be conservative about granting access but also conservative about removing access. As a result the access numbers have grown because people are not often removed.
For the most part access is granted to specific user accounts that can access relevant files. Access is granted by adding public keys to an account. Use of one account per person and sudo has been suggested and is probably a good idea for the future.
The box-admins team manages the details.
box-admins@lists.squeakfoundation.org