Edinburgh Hacklab

User Tools

Site Tools

Trace:
sysadmin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
sysadmin [2020-05-23 11:02] – created timsysadmin [2022-04-22 13:47] (current) – [Technical Policies] tim
Line 1: Line 1:
 ====== System Administration ====== ====== System Administration ======
  
-This page will describe how we organise ourselves to operate the lab's network and server infrastructure.+===== What do we maintain? ===== 
 + 
 +^ What ^ Who ^ 
 +| Internet connection | Cameron, Simon | 
 +| Core network router and switches | Cameron, Simon | 
 +| WiFi access | Cameron | 
 +| Rack space and network service for member colo servers | Cameron, Simon | 
 +| Virtual machines for members | Cameron, Simon | 
 +| DNS & DHCP | Cameron, Simon | 
 +| Members registration and authentication | Ben, adq, Tim H | 
 +| Access management (doors, tools and lockers) | Tim H | 
 +| Shared services: shell, file storage, nextcloud | Cameron | 
 +| Mailing lists | Ben, Simon, Tim H | 
 + 
 +===== What don't we maintain? ===== 
 + 
 +  * Hacklab email - this is currently hosted on fastmail.com 
 +  * Domain registration - this is closely guarded. 
 +  * Internet of Things at the lab - this is a free-for-all. 
 +  * Members' servers - these are community-supported, or private. 
 + 
 +===== Communications ===== 
 + 
 +There is a //sysadmin// mailing list. We also use the Hacklab IRC channel //#edinhacklab// and //#edinhacklab-sysadmin//
 + 
 +Users can reach us at //sysadmin// at our usual domain. 
 + 
 +===== Access Privileges ===== 
 + 
 +Network: The //netadmin// LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management. 
 + 
 +Servers: The //sysadmin// LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins. 
 + 
 +Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately. 
 + 
 +===== Code of Conduct ===== 
 + 
 +We adopt the [[https://www.usenix.org/system-administrators-code-ethics|System Administrators' Code of Ethics]]. 
 + 
 +Of particular interest: 
 + 
 +> "I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally." 
 + 
 +This means use your powers only for good. You must not use them to annoy people. 
 + 
 +> "will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it." 
 + 
 +This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation. 
 + 
 +> "I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible." 
 +> "I will design and maintain each system in a manner to support the purpose of the system to the organization." 
 + 
 +This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared. 
 + 
 +===== Technical Policies ===== 
 + 
 +Server naming: 
 + 
 +  * Bare-metal servers and off-site VMs are named after chemical elements. 
 +  * On-site VMs are named by function, in the format ehl-vm-xxxxxxx. 
 + 
 +Configuration management: 
 + 
 +  * There is an [[https://gitea.ehlab.uk/hacklab/ansible-hacklab-server|ansible profile]] for low-level configuration. 
 +  * Use Docker for applications unless they are complex and require a dedicated host. 
 + 
 +Languages: 
 + 
 +  * We prefer Python. 
 +  * If a custom application is written for Hacklab then Python should be the default choice. 
 + 
 +===== More Pages ===== 
 + 
 +  * [[servers|List of servers]] 
 +  * [[network|Network]] 
 +  * [[wifi|WiFi]] 
 +  * [[ehana|Numbering]] 
 +  * https://netbox.ehlab.uk/ 
 +  * {{ :sysadmin:network-diagrams-20200701.pdf |Network Diagrams}} 
 + 
 +Pages under the sysadmin namespace (login is required to see these): 
 + 
 +<nspages sysadmin -h1 -textPages="" -simpleList> 
 +~~NOCACHE~~
  
sysadmin.txt · Last modified: 2022-04-22 13:47 by tim
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki