Sown-Auth Migration: Difference between revisions
From SUWS-wiki
DavidNewman (talk | contribs) (Added SOWN auth's migration page) |
DavidNewman (talk | contribs) (Updated migration status) |
||
| Line 5: | Line 5: | ||
# Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. | # Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. | ||
#* daveruss will look into fixing this. | #* daveruss will look into fixing this. | ||
#* This are now fixed from SOWN-Bot's end. | |||
#* These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database. | |||
# Move Debsums to auth2 and make sure DEBSUMS checks run are run there. | # Move Debsums to auth2 and make sure DEBSUMS checks run are run there. | ||
#* daveruss will look into this | #* daveruss will look into this | ||
# Remove auth as a DNS server from all bind configuration. | # <strike>Remove auth as a DNS server from all bind configuration.</strike> | ||
#* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. | #* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. | ||
# Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server. | # <strike>Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.</strike> | ||
#* daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252. | #* daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252. | ||
# Radius checks for Radmatrix need to be moved to auth2. | # Radius checks for Radmatrix need to be moved to auth2. | ||
| Line 15: | Line 17: | ||
#* eapol_test has been recompiled on auth2 and placed in the appropriate directory. | #* eapol_test has been recompiled on auth2 and placed in the appropriate directory. | ||
#* /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface. | #* /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface. | ||
# Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth. | #* Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work. | ||
#* Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/. | |||
# <strike>Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.</strike> | |||
#* daveruss has done this marking the commented out lines with "auth-based check". | #* daveruss has done this marking the commented out lines with "auth-based check". | ||
# Fix widgets on www.sown.org.uk homepage for host and service checks, etc. | # Fix widgets on www.sown.org.uk homepage for host and service checks, etc. | ||
#* daveruss will look into this. | #* daveruss will look into this. | ||
#* Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working. | |||
#* Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken. | |||
Revision as of 08:41, 20 May 2015
- Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR.
- This requires some iptables and syslog configuration.
- It would be useful if this could be documented, in case we want to move/add to another server in future.
- Morse is best placed to do this.
- Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth.
- daveruss will look into fixing this.
- This are now fixed from SOWN-Bot's end.
- These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database.
- Move Debsums to auth2 and make sure DEBSUMS checks run are run there.
- daveruss will look into this
Remove auth as a DNS server from all bind configuration.- daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records.
Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.- daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252.
- Radius checks for Radmatrix need to be moved to auth2.
- These have been moved, as has check_eapol script.
- eapol_test has been recompiled on auth2 and placed in the appropriate directory.
- /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface.
- Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work.
- Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/.
Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.- daveruss has done this marking the commented out lines with "auth-based check".
- Fix widgets on www.sown.org.uk homepage for host and service checks, etc.
- daveruss will look into this.
- Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working.
- Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken.
