sysadmin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
sysadmin [2020-05-23 11:41] – tim | sysadmin [2020-05-24 07:54] – tim | ||
---|---|---|---|
Line 15: | Line 15: | ||
https:// | https:// | ||
+ | |||
+ | There is a netadmin unix group which provides access to network-infrastructure VMs and webapps. | ||
+ | |||
+ | There is a network password for router and switch access. | ||
===== Sysadmin ===== | ===== Sysadmin ===== | ||
https:// | https:// | ||
+ | |||
+ | There is a sysadmin unix group which provides access to most Linux servers. | ||
+ | |||
+ | There is a standard root password for most Linux servers, though it is likely to be disabled over SSH in favour of SSH keys. | ||
===== Restricted Access ===== | ===== Restricted Access ===== | ||
Line 40: | Line 48: | ||
* Contains VMs with personal data, and VM that belong to individual members. | * Contains VMs with personal data, and VM that belong to individual members. | ||
* Available to sysadmin unix group. | * Available to sysadmin unix group. | ||
- | * ganymede | + | * ganymede, shell server, radon: |
* Home directories. | * Home directories. | ||
+ | * Nextcloud storage. | ||
* Hosted on magnesium. | * Hosted on magnesium. | ||
* Available to sysadmin unix group. | * Available to sysadmin unix group. | ||
Tim's commentary: I would like to restructure these services so that the sysadmin team can be more inclusive. The members database will be moved to an external VM. I would like to adjust the expectations of privacy for home directories and members VMs so that more people can administrate the underlying host (magnesium). | Tim's commentary: I would like to restructure these services so that the sysadmin team can be more inclusive. The members database will be moved to an external VM. I would like to adjust the expectations of privacy for home directories and members VMs so that more people can administrate the underlying host (magnesium). | ||
+ | |||
+ | ===== Conduct ===== | ||
+ | |||
+ | What behaviour do we expect from members with access privileges? | ||
+ | |||
+ | * Respect personal data by only accessing it when legally or technically necessary, or when requested by the owner. | ||
+ | * Act in good faith. | ||
+ | * Co-operate with other group members. Don't change the technology choices or methods without discussing first. | ||
+ | |||
+ | Should we adopt an existing code of conduct? https:// | ||
+ | |||
+ | ===== Technical Policies ===== | ||
+ | |||
+ | Server naming: | ||
+ | |||
+ | * bare-metal servers are named after chemical elements | ||
+ | * VMs are named functionally, | ||
+ | |||
+ | Configuration management: | ||
+ | |||
+ | * There is an ansible profile for low-level configuration. | ||
+ | * Use Docker for applications unless they are complex and require a dedicated host. | ||
sysadmin.txt · Last modified: 2022-04-22 13:47 by tim