====== System Administration ====== ===== What do we maintain? ===== ^ What ^ Who ^ | Internet connection | Cameron, Simon | | Core network router and switches | Cameron, Simon | | WiFi access | Cameron | | Rack space and network service for member colo servers | Cameron, Simon | | Virtual machines for members | Cameron, Simon | | DNS & DHCP | Cameron, Simon | | Members registration and authentication | Ben, adq, Tim H | | Access management (doors, tools and lockers) | Tim H | | Shared services: shell, file storage, nextcloud | Cameron | | Mailing lists | Ben, Simon, Tim H | ===== What don't we maintain? ===== * Hacklab email - this is currently hosted on fastmail.com * Domain registration - this is closely guarded. * Internet of Things at the lab - this is a free-for-all. * Members' servers - these are community-supported, or private. ===== Communications ===== There is a //sysadmin// mailing list. We also use the Hacklab IRC channel //#edinhacklab// and //#edinhacklab-sysadmin//. Users can reach us at //sysadmin// at our usual domain. ===== Access Privileges ===== Network: The //netadmin// LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management. Servers: The //sysadmin// LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins. Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately. ===== Code of Conduct ===== We adopt the [[https://www.usenix.org/system-administrators-code-ethics|System Administrators' Code of Ethics]]. Of particular interest: > "I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally." This means use your powers only for good. You must not use them to annoy people. > "I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it." This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation. > "I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible." > "I will design and maintain each system in a manner to support the purpose of the system to the organization." This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared. ===== Technical Policies ===== Server naming: * Bare-metal servers and off-site VMs are named after chemical elements. * On-site VMs are named by function, in the format ehl-vm-xxxxxxx. Configuration management: * There is an [[https://gitea.ehlab.uk/hacklab/ansible-hacklab-server|ansible profile]] for low-level configuration. * Use Docker for applications unless they are complex and require a dedicated host. Languages: * We prefer Python. * If a custom application is written for Hacklab then Python should be the default choice. ===== More Pages ===== * [[servers|List of servers]] * [[network|Network]] * [[wifi|WiFi]] * [[ehana|Numbering]] * https://netbox.ehlab.uk/ * {{ :sysadmin:network-diagrams-20200701.pdf |Network Diagrams}} Pages under the sysadmin namespace (login is required to see these): ~~NOCACHE~~