Sown-Auth Migration: Difference between revisions
From SUWS-wiki
DavidNewman (talk | contribs) (Updated migration status) |
DavidNewman (talk | contribs) (Added priortities) |
||
| Line 1: | Line 1: | ||
# Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR. | ''Priority Key: 1 = Fix ASAP, 2 = Not a big problem if takes a week or two to fix, 3 = Would like to fix but can be left to last.'' | ||
# Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR. (Priority 3) | |||
#* This requires some iptables and syslog configuration. | #* This requires some iptables and syslog configuration. | ||
#* It would be useful if this could be documented, in case we want to move/add to another server in future. | #* It would be useful if this could be documented, in case we want to move/add to another server in future. | ||
#* Morse is best placed to do this. | #* Morse is best placed to do this. | ||
# Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. | # Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. (Priority 2) | ||
#* daveruss will look into fixing this. | #* daveruss will look into fixing this. | ||
#* This are now fixed from SOWN-Bot's end. | #* This are now fixed from SOWN-Bot's end. | ||
#* These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database. | #* These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database. | ||
# Move Debsums to auth2 and make sure DEBSUMS checks run are run there. | # Move Debsums to auth2 and make sure DEBSUMS checks run are run there. (Priority 2) | ||
#* daveruss will look into this | #* daveruss will look into this | ||
# <strike>Remove auth as a DNS server from all bind configuration.</strike> | # <strike>Remove auth as a DNS server from all bind configuration.</strike> (Priority 2) | ||
#* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. | #* daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records. | ||
# <strike>Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.</strike> | # <strike>Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.</strike> (Priority 1) | ||
#* daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252. | #* daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252. | ||
# Radius checks for Radmatrix need to be moved to auth2. | # Radius checks for Radmatrix need to be moved to auth2. (Priority 1) | ||
#* These have been moved, as has check_eapol script. | #* These have been moved, as has check_eapol script. | ||
#* eapol_test has been recompiled on auth2 and placed in the appropriate directory. | #* eapol_test has been recompiled on auth2 and placed in the appropriate directory. | ||
#* /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface. | #* /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface. | ||
#* Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work. | #* Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work. | ||
#* Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/. | #* Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/. | ||
# <strike>Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.</strike> | # <strike>Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.</strike> (Priority 2) | ||
#* daveruss has done this marking the commented out lines with "auth-based check". | #* daveruss has done this marking the commented out lines with "auth-based check". | ||
# Fix widgets on www.sown.org.uk homepage for host and service checks, etc. | # Fix widgets on www.sown.org.uk homepage for host and service checks, etc. (Priority 1) | ||
#* daveruss will look into this. | #* daveruss will look into this. | ||
#* Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working. | #* Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working. | ||
#* Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken. | #* Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken. | ||
Revision as of 08:50, 20 May 2015
Priority Key: 1 = Fix ASAP, 2 = Not a big problem if takes a week or two to fix, 3 = Would like to fix but can be left to last.
- Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR. (Priority 3)
- This requires some iptables and syslog configuration.
- It would be useful if this could be documented, in case we want to move/add to another server in future.
- Morse is best placed to do this.
- Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. (Priority 2)
- daveruss will look into fixing this.
- This are now fixed from SOWN-Bot's end.
- These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database.
- Move Debsums to auth2 and make sure DEBSUMS checks run are run there. (Priority 2)
- daveruss will look into this
Remove auth as a DNS server from all bind configuration.(Priority 2)- daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records.
Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server.(Priority 1)- daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252.
- Radius checks for Radmatrix need to be moved to auth2. (Priority 1)
- These have been moved, as has check_eapol script.
- eapol_test has been recompiled on auth2 and placed in the appropriate directory.
- /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface.
- Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work.
- Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/.
Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth.(Priority 2)- daveruss has done this marking the commented out lines with "auth-based check".
- Fix widgets on www.sown.org.uk homepage for host and service checks, etc. (Priority 1)
- daveruss will look into this.
- Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working.
- Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken.
