On 5/12/2017 7:32 PM, Dave Jones wrote:
I have all of this information on
https://wiki.apache.org/spamassassin/InfraNotes2017 now. Please
review and comment/update as needed.
Overall, the organization and edits are very good. Thanks for fixing
Tenets, I knew that word looked wrong!
I added a goal section with my goal. I suggest you add your goal as
well and I've put this on the onboarding task list.
Rather than edit directly, I wanted to ask that you do it to look at
what I wrote and to explain why it's needed. NOTE: Some of these are
edited from the previous send as I look them over again.
*- Credentials:*
- There are legacy shared credentials for elevated access on older
machines. These must be encrypted and stored in SVN. The project is
slowly moving away from these concepts.
*- Under DNS, *List Hyperreal and that it is currently offline because
we can't get DJBDNS to transfer a record.
Contact for HyperReal is Brian Behlendorf
- I would also add this information for Sonic in case their IPs change, etc.
https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current
configuration information you will need.
I don't see this section and it will be important in the detective work
as you read scripts. Even I have to refer to it quite often when I come
across legacy documentation to figure out where something points to now.
*- Project Machines*
This is a short description of the machines involved including those
that USED to exist and why.
OLD:
- Hyperion.Apache.org -
ftp://ftp.ist.utl.pt/apache/dev/machines.html#hyperion shows this was
likely a solaris box that I had access to when zones died and I had to
recover data.
- SpamAssassin.zones.apache.org - DIED - was replaced with spamassassin-vm
- SpamAssassin.zones2.apache.org - deprecated by Infra
- spamassassin-vm.apache.org - deprecated by Infra
CURRENT:
- incoming.apache.org - Donated by Sonic
- sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and zones2
- Other Aliases: buildbot, ruleqa (there might be more).
Also, this is an ASF box for all committers:
- Minotaur.apache.org aka People - This used to handle various build and
devel related tasks. Minotaur.apache.org for ssh (It appears that
minotaur is not the proper server anymore. I used home.apache.org per
some links that Sidney sent. (Home.apache.org and people.apache.org
resolve to the same IP.)
*Under the standards,* I would add this as someone will ask if we can
use XYZ
- Ubuntu? Ubuntu is the ASF Infrastructures OS of choice. Supporting
others is not an option at this time.
*I think this section is important *especially because it needs others
added to it.
- How to get access to each machine:
sa-vm1.apache.org (current as of 4/28/17)
- Open a Jira ticket with the availid of the person(s) you want to
have access. Note if they need sudo access or not.
- User self maintains their ssh-key at id.apache.org
- NOTE: if sudo access was requested, run and sets up 'ortpasswd'
*I would add this:*
- Why all the boxes?
The resources for Masscheck can be very intensive on CPU, Ram and disk
I/O intensive. Over the years, many boxes have been consolidated,
donated, lost, replaced, moved under ASF Infrastructure or just fell
over and sank into the swamp.
- Some boxes are just names for other boxes
trap-proc.spamassassin.org. Sonic has scripts set up to archive
collected spam to that server.
*I would add this:*
SVN:
- You need access to https://svn.apache.org/repos/asf/spamassassin/ for
sysadmin, dns and site.
- In the ASF, we use http for read-only access to a repo and https for
read-write. So if you are trying to checkout and modify a repo, make
sure you are using https://
Encrypted SVN:
- If you can, document things in the Wiki at
https://wiki.apache.org/spamassassin/DevelopmentStuff. If something is
sensitive, encrypt it and store it on the
https://svn.apache.org/repos/asf/spamassassin/sysadmins repo and
reference it on the Wiki.
*The onboarding workflow *shouldn't include the important resources or
acronyms IMO. Those are good for everyone which ties into...
*The onboarding workflow *should have the extra steps added back not
just the pointer to important resources. I am making it self-fulfilled
and self-driven and trying to have a specific set of steps done so they
can get to work as quickly as possible.
- Once they have an Apache ID, they should:
- SASA Member signs up for an Infra Jira account at
https://issues.apache.org/jira/secure/Signup!default.jspa?
- SASA Member adds an SSH public key to id.apache.org
- Add your PGP public key. http://people.apache.org/~kmcgrail/
- Create an account on our Wiki
- Email sysadmins-subscr...@spamassassin.apache.org
- Email sysadmins@spamassassin.apache.org and ask for karma to
access sa-vm1 with sudo access
- Email sysadmins@spamassassin.apache.org and ask for your account
to be added to https://wiki.apache.org/spamassassin/ContributorsGroup
and https://wiki.apache.org/spamassassin/AdminGroup
- Start looking at
https://wiki.apache.org/spamassassin/DevelopmentStuff under infrastructure
- Update the Wiki with your Goals as a member of the SpamAssassin
SysAdmins
- Send an introduction email to the sysadmins mailing list. Typical
topics have been your history with computers, what you do now and
contact information.
- Someone with Karma needs to:
- Approve request to sysadmins mailing list
- Add them to ContributorsGroup and AdminGroup on Wikki
- Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to
get them access to our box