Next Event: No events scheduled

Sown-Auth Migration

From SUWS-wiki
Revision as of 10:22, 22 May 2015 by DavidNewman (talk | contribs)

Priority Key: 1 = Fix ASAP, 2 = Not a big problem if takes a week or two to fix, 3 = Would like to fix but can be left to last.

  1. Move NWMONITOR/NAGIOS check to gw as that is a box that is know to be monitored by NWMONITOR. (Priority 3)
    • This requires some iptables and syslog configuration.
    • It would be useful if this could be documented, in case we want to move/add to another server in future.
    • Ported syslog-ng config. Need some manipulation as auth2 only running syslog-ng 2 (not 3).
    • Added iptables rule to /etc/rc.local (nasty).
    • Morse is best placed to do this.
  2. Fix SOWN-Bot's SVN/Git reminders so they don't depend or check SVNs on auth. (Priority 2)
    • daveruss will look into fixing this.
    • This are now fixed from SOWN-Bot's end.
    • This has been fixed on auth2 and monitor SVN/GIT repo end. SVN repos on dev have also been added with a new cron jobn on dev.
    • These will need fixing SVN/Git repo end with db credential; updates and new users / granted privileges in the database.
  3. Move passive Debsums cron job checks to auth2 and make sure all supporting files are also copied accross. (Priority 2)
    • daveruss has now done this and all the checks have gone OK.
  4. Remove auth as a DNS server from all bind configuration. (Priority 2)
    • daveruss has removed ns2 record associated with auth for ipv4 ipv6 and reverse records.
  5. Check all resolv.conf files for auth (10.13.0.252) still being used as a DNS server. (Priority 1)
    • daveruss has checked all the resolv.conf files and resolvconf.d files and removed all references to 10.13.0.252.
  6. Radius checks for Radmatrix need to be moved to auth2. (Priority 1)
    • These have been moved, as has check_eapol script.
    • eapol_test has been recompiled on auth2 and placed in the appropriate directory.
    • /etc/freeradius/proxy.conf needs updating for shared secrets. However, these will only work via sown-auth's ECS IP. It is probably worth switching this over to auth2 and having this as auth2 primary ECS interface and auth2's current IP on a virtual interface on the same physical interface.
    • One problem was that auth and auth2 have different radius shared secret, so when auth's config was copied over this needed to be changed.
    • auth2's /etc/network/interfaces set a gateway of eth0:1 (auth2's rather than auth's IP) which caused traffic to be routed out through the wrong interface/IP.
    • Still some issues with the checks for ECS/SOTON servers. Suspect this is a shared secret issue.
    • Reorganised the interfaces on auth2 but simply updating proxy.conf to what was running on auth does not work.
    • Could Morse look at proxy.conf (and proxy.conf.old and proxy.conf.new) on auth2 in /etc/freeradius/.
  7. Remove Icinga config (MySQL query to auth sown_data DB, service checks, service dependencies etc.) that are dependent on auth. (Priority 2)
    • daveruss has done this marking the commented out lines with "auth-based check".
  8. Fix widgets on www.sown.org.uk homepage for host and service checks, etc. (Priority 1)
    • daveruss will look into this.
    • Moved to sown-monitor and renamed directory status-icinga and updated the file_get_contents URLs on the public website, which are now mainly working.
    • Still having some problems with the generateNodeXML.php script which is probably the reason the map is currently broken.
      • This was due to the code not dealing very well with exactly one node being deployed and up.
Retrieved from ‘https://www.suws.org.uk/wiki/index.php?title=Sown-Auth_Migration&oldid=2827
Powered by MediaWiki
Powered by Semantic MediaWiki