Closed
Bug 697251
Opened 13 years ago
Closed 12 years ago
new puppetized people server
Categories
(Infrastructure & Operations :: Infrastructure: Other, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cshields, Assigned: bhourigan)
References
()
Details
We need to replicate people.m.c (dm-peep01) in puppet so that we can build out a new server for scl3 and ditch the old. Not quite sure how to go about finding all of the "uses" of people, the installed rpm list might be a start (to catch stuff like irssi, screen, shells, etc) and apache with public_html is a must. Probably good to consult with oremj and see if the webapp module should be worked in to this, or if a one-off httpd setup in puppet for home dirs would be easier. Grab a VM to test with. Closer to SCL3 we will get new hw to install this on and migrate.
Just as a reminder from our discussion: we should use the new umask (0027) on this system by default (via puppet), and have setgid on /home/*/public_html for the web server to be able to access files that are copied there by default.
|
||
Comment 2•13 years ago
|
||
Also to note, this system, like all systems in the future will run the OSSEC HIDS agent. The current people server does not have OSSEC, so I just wanted to point this out. OSSEC will give us the ability to better monitor the server for attempted breakins.
|
Assignee | |
Comment 3•13 years ago
|
||
I've included ossec in the shellserver module. Ready for testing once a vm is setup.
|
|
Assignee | |
Comment 4•13 years ago
|
||
Still waiting for vm - once this is setup I can validate the people shell_server module
|
|
Assignee | |
Comment 5•13 years ago
|
||
I've puppetized the new people server. Included OSSEC and the new umask. Waiting for input from Jabba on how to ensure permissions on globbed patterns (*/public_html) people-test.dmz.sjc1.mozilla.com
|
Reporter | |
Comment 6•13 years ago
|
||
(In reply to Brian Hourigan [:digi] from comment #5) > I've puppetized the new people server. Included OSSEC and the new umask. > Waiting for input from Jabba on how to ensure permissions on globbed > patterns (*/public_html) > > people-test.dmz.sjc1.mozilla.com Next step would be to email infra-all@ and ask for people to test the new 'people'.. Meaning we should get proper netflows to this VM so that it is directly accessible from the outside. Such note (and probably MOTD) should dictate that any data saved on this VM will -not- be migrated to the new server. This is just a testbed to make sure that we have recreated the same functionality as the old people, and then we will rebuild in SCL3.
|
|
Assignee | |
Comment 7•13 years ago
|
||
The ldap_users stuff isn't done yet, I have a few open emails to Jabba about this. Once I can work with him to get this part completed it will truly be ready for testing Meanwhile I did file a netops bug and I added some info to MOTD
|
|
Assignee | |
Comment 8•13 years ago
|
||
I set this host up in Zeus as per Jabba, Zeus VIP added to DNS: people-test.mozilla.com
|
|
Assignee | |
Comment 9•13 years ago
|
||
I worked with Jabba and there is now a ldap users module attached, however, it's not loading because of execution timeout on the puppet master. Will need to wait for new puppetmaster until testing can proceed
|
|
Assignee | |
Updated•13 years ago
|
Whiteboard: Stalled. Waiting on new puppetmaster.
|
|
Assignee | |
Updated•13 years ago
|
Whiteboard: Stalled. Waiting on new puppetmaster. → Security input needed for public_html permissions
|
|
Assignee | |
Comment 10•13 years ago
|
||
Certificate updated from wildcard mozilla.org to allizom.org
|
|
Assignee | |
Comment 11•13 years ago
|
||
I reinstalled this system as I tore it up building rpms for another bug. I have a quick script to commit and testing may commence
|
|
Assignee | |
Updated•13 years ago
|
Whiteboard: Security input needed for public_html permissions
|
|
Assignee | |
Comment 12•13 years ago
|
||
Instead of branching Jabba's ldap users module I wrote a script to manage permissions, will complete testing and commit this today
|
||
Comment 13•12 years ago
|
||
The people-test.dmz.vmx vm is set to move, however it seems like it can be left behind. Can you confirm?
|
|
Assignee | |
Comment 14•12 years ago
|
||
people-test can be left behind
|
|
Reporter | |
Comment 15•12 years ago
|
||
new people server cutover will be on 5/12/12
Component: Server Operations → Server Operations: Infrastructure
QA Contact: cshields → jdow
|
||
Comment 16•12 years ago
|
||
Cutover complete, there are some minor issues, but this doesn't block scl3 anymore.
No longer blocks: scl3-move
|
|
Assignee | |
Comment 17•12 years ago
|
||
Cutover complete.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•