I have been going through all of this information, there is a lot to parse through. I will come up with a plan to start moving forward on these things. I will look into the wiki update. I am still ingesting everything that has been done and needs to be done with the servers.
I have not seen any replies from Dave unless I missed them before I joined the mailing list. I want to make sure we are not wasting time trying to work on the same things. --Bryan Vest On Mon, May 8, 2017 at 6:13 PM, Kevin A. McGrail <kmcgr...@apache.org> wrote: > Dave and Bryan, below is my latest attempt at the how to information for > sysadmins. > > Can one of you please take on incorporating this into the wiki? > > > Apache SpamAssassin SysAdmin How-To > > NOTE: This was written in April of 2017 to help modernize our system > records > > - Other records: See https://wiki.apache.org/spamassassin/DevelopmentStuff > - This document will likely be used to replace that page. > > - Wiki Access: > > Write access to the wiki is to anyone who has created a login name on the > wiki > whose name has been added to the page > https://wiki.apache.org/spamassassin/ContributorsGroup > > Write access to that page is to anyone whose wiki login name has been > added to > https://wiki.apache.org/spamassassin/AdminGroup > > - Members of SA SysAdmins (SASA): > Dave Jones - da...@apache.org > Kevin A. McGrail - 703-798-0171 - kmcgr...@apache.org > Bryan Vest - bv...@apache.org > > - Who's in Charge? > The PMC. There is no leadership hierarchy in the SpamAssassin SysAdmins. > > NOTE: As with any ASF role, if you follow The Apache Way, you should feel > empowered to Just Do It (TM Nike) > > For a SysAdmin, your solution works (Merit), it's well documented (Open) > and supports the project (Community), you're good to go though as a > SysAdmin you need to realize we have control over private data. All SASA > members have been asked to follow the LISA Code of Ethics. > > Tenants we Follow: > - The Apache Way, Shane Curcuru's post on this are a good point: > http://theapacheway.com/ > - LISA/Sage Code of Ethics, https://www.pccc.com/base.cgim > ?template=sage_code_of_ethics > > Important Resources: > > The ASF Infrastructure (Infra) Jira: https://issues.apache.org/jira > /secure/Dashboard.jspa - Sign up at Jira isn't single sign on enabled. > > SpamAssassin Bugzilla: https://bz.apache.org/SpamAssassin/ > > Short-hand Notes: > There are a lot of acronyms, even those that might be basic that will be > defined here if we find there is confusion to make it easier to bring new > sysadmin's onboard to make many hands make light work. > > Apache Software Foundation (ASF) > Bugzilla (BZ) > Apache SpamAssassin (SA) > PMC (Project Management Committee) > SVN (SubVersioN) > > Mailing Lists: > - There is a dedicated SASA Mailing list sysadmins@spamassassin.apache. > org. Additionally, our machines largely support the Rule QA process so > rul...@spamassassin.apache.org should be subscribed to. > > > Credentials: > - There are legacy shared credentials. These must be encrypted and > stored in SVN. > > OPIE: > - To sudo to root, you need to use OPIE - See > https://reference.apache.org/committer/opie > > DNS for SpamAssassin.org: > - The server creates DNS entries on the fly so we do not use the ASF > infrastructure for DNS. We have a hidden master that pushes to Hyperreal > and Sonic > Contact for HyperReal is Brian Behlendorf > Contact for Sonic is grant.kel...@sonic.com > > The information located here: > https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current > configuration information you will need. > > > > - Project Machines > > This is a short description of the machines involved including those that > USED to exist and why. > > OLD: > - Hyperion.Apache.org - ftp://ftp.ist.utl.pt/apache/de > v/machines.html#hyperion shows this was likely a solaris box that I had > access to when zones died and I had to recover data. > - SpamAssassin.zones.apache.org - DIED - was replaced with spamassassin-vm > - SpamAssassin.zones2.apache.org - deprecated by Infra > - spamassassin-vm.apache.org - deprecated by Infra > > CURRENT: > - incoming.apache.org - Donated by Sonic > - sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and zones2 > > - Other Aliases: buildbot, ruleqa (there might be more). > > Also, this is an ASF box for all committers: > > - Minotaur.apache.org aka People - This used to handle various build and > devel related tasks. Minotaur.apache.org for ssh (It appears that > minotaur is not the proper server anymore. I used home.apache.org per > some links that Sidney sent. (Home.apache.org and people.apache.org > resolve to the same IP.) > > > > - Backups: > > There are no backups of these machines save what is stored in SVN or that > KAM has made. > > Specifically, what backups does KAM have as of 2017/05/08: > > - Hyperion.apache.org - N/A > - Incoming.apache.org aka colo - Backup on KAM's Crashplan > - minotaur.apache.org (NOTE: Aka People) - N/A > - sa-vm1.apache.org - Backup on KAM's Crashplan > - Spamassassin-vm.apache.org - Backup on KAM's Crashplan - Mar 15, 2017 > - There is also a backup on sa-vm1 in /x1. > - spamassassin2.zones.apache.org - Backup on KAM's Crashplan from > Approximately Jun 2015 last backup. Also have an Rsync copy from June 3, > 2015 on PCCC TalonJR machine - And there is also a copy on sa-vm1 in /x1 > > - Ubuntu? > > Ubuntu is the ASF Infrastructures OS of choice. Supporting others is not > an option at this time. > > - How to get access to each machine: > > sa-vm1.apache.org (current as of 4/28/17) > - Open a Jira ticket with the availid of the person(s) you want to have > access. Note if they need sudo access or not. > - User self maintains their ssh-key at id.apache.org > - NOTE: if sudo access was requested, run and sets up 'ortpasswd' > > - Why all the boxes? > > The resources for Masscheck can be very intensive on CPU, Ram and disk I/O > intensive. Over the years, many boxes have been consolidated, donated, > lost, replaced, moved under ASF Infrastructure or just fell over and sank > into the swamp. > > - Some boxes are just names for other boxes > trap-proc.spamassassin.org. Sonic has scripts set up to archive > collected spam to that server. > > > > KAM Goals for SysAdmin: > > - For KAM, Apache SpamAssassin is a framework for writing goals. I deliver > goals to prove the code works but I don't view that the project has to > provide rules. Others may disagree but I don't see the value in masscheck, > ruleqa, etc. when there is not enough people using the data. > > - Once you have an account on Minotaur/Home/People, goto > people.apache.org/~kmcgrail and make a duplicate for you. NOTE: This is > documented SOMEWHERE but no idea where. > > GOAL: Get it so I have your PGP key and put the signature for your PGP key > into id.apache.org > > SVN: > - You need access to https://svn.apache.org/repos/asf/spamassassin/ for > sysadmin, dns and site. > - In the ASF, we use http for read-only access to a repo and https for > read-write. So if you are trying to checkout and modify a repo, make sure > you are using https:// > > Encrypted SVN: > - If you can, document things in the Wiki at > https://wiki.apache.org/spamassassin/DevelopmentStuff. If something is > sensitive, encrypt it and store it on the https://svn.apache.org/repos/a > sf/spamassassin/sysadmins repo and reference it on the Wiki. > > SSH: > The systems use One Password In Everything (OPIE) to elevate your access > via sudo. Some resources: https://reference.apache.org/committer/opie > and https://reference.apache.org/committer/otp-md5 > > > > > How to Onboard someone as a SysAdmin: > > - A PMC Member nominates a new SASA member as a committer since we store > items in SVN for configs > NOTE: If they later produce code, they should request that permission from > the PMC. > > - If the vote is successful, they then follow all the normal committer > guidelines to get them an Apache ID including an appropriate committer > license: https://www.apache.org/dev/new-committers-guide.html > > - Once they have an Apache ID, they should: > > - SASA Member signs up for an Infra Jira account at > https://issues.apache.org/jira/secure/Signup!default.jspa? > - SASA Member adds an SSH public key to id.apache.org > - Add your PGP public key. http://people.apache.org/~kmcgrail/ > - Create an account on our Wiki > - Email sysadmins-subscr...@spamassassin.apache.org > - Email sysadmins@spamassassin.apache.org and ask for karma to access > sa-vm1 with sudo access > - Email sysadmins@spamassassin.apache.org and ask for your account to > be added to https://wiki.apache.org/spamassassin/ContributorsGroup and > https://wiki.apache.org/spamassassin/AdminGroup > - Start looking at https://wiki.apache.org/spamassassin/DevelopmentStuff > under infrastruction > > - Someone with Karma needs to: > - Approve request to sysadmins mailing list > - Add them to ContributorsGroup and AdminGroup on Wikki > - Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to get > them access to our box > > -- > Kevin A. McGrail > Asst. Treasurer, Apache Software Foundation > Chair Emeritus Apache SpamAssassin Project > >
