Sown-Auth Migration: Difference between revisions
From SUWS-wiki
DavidNewman (talk | contribs) (Fixed last website widget) |
DavidNewman (talk | contribs) (Fixed debsums checks) |
||
Line 8: | Line 8: | ||
#* This are now fixed from SOWN-Bot's end. | #* This are now fixed from SOWN-Bot's end. | ||
#* These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database. | #* These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database. | ||
# Move Debsums to auth2 and make sure | # <strike>Move passive Debsums cron job checks to auth2 and make sure all supporting files are also copied accross.</strike> (Priority 2) | ||
#* daveruss | #* daveruss has now done this and all the checks have gone OK. | ||
# <strike>Remove auth as a DNS server from all bind configuration.</strike> (Priority 2) | # <strike>Remove auth as a DNS server from all bind configuration.</strike> (Priority 2) | ||
#* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. | #* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. |
Revision as of 19:37, 20 May 2015
Priority Key: 1 = Fix ASAP, 2 = Not a big problem if takes a week or two to fix, 3 = Would like to fix but can be left to last.
- Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR. (Priority 3)
- This requires some iptables and syslog configuration.
- It would be useful if this could be documented, in case we want to move/add to another server in future.
- Morse is best placed to do this.
- Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. (Priority 2)
- daveruss will look into fixing this.
- This are now fixed from SOWN-Bot's end.
- These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database.
Move passive Debsums cron job checks to auth2 and make sure all supporting files are also copied accross.(Priority 2)- daveruss has now done this and all the checks have gone OK.
Remove auth as a DNS server from all bind configuration.(Priority 2)- daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records.
Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.(Priority 1)- daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252.
- Radius checks for Radmatrix need to be moved to auth2. (Priority 1)
- These have been moved, as has check_eapol script.
- eapol_test has been recompiled on auth2 and placed in the appropriate directory.
- /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface.
- Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work.
- Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/.
Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.(Priority 2)- daveruss has done this marking the commented out lines with "auth-based check".
Fix widgets on www.sown.org.uk homepage for host and service checks, etc. (Priority 1)- daveruss will look into this.
- Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working.
- Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken.
- This was due to the code not dealing very well with exactly one node being deployed and up.