System Administration

System Administration

What do we maintain?

What	Who
Internet connection	Cameron, Simon
Core network router and switches	Cameron, Simon
WiFi access	Cameron
Rack space and network service for member colo servers	Cameron, Simon
Virtual machines for members	Cameron, Simon
DNS & DHCP	Cameron, Simon
Members registration and authentication	Ben, adq, Tim H
Access management (doors, tools and lockers)	Tim H
Shared services: shell, file storage, nextcloud	Cameron
Mailing lists	Ben, Simon, Tim H

What don't we maintain?

Hacklab email - this is currently hosted on fastmail.com
Domain registration - this is closely guarded.
Internet of Things at the lab - this is a free-for-all.
Members' servers - these are community-supported, or private.

Communications

There is a sysadmin mailing list. We also use the Hacklab IRC channel #edinhacklab and #edinhacklab-sysadmin.

Users can reach us at sysadmin at our usual domain.

Access Privileges

Network: The netadmin LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management.

Servers: The sysadmin LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins.

Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately.

Code of Conduct

We adopt the System Administrators' Code of Ethics.

Of particular interest:

“I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.”

This means use your powers only for good. You must not use them to annoy people.

“I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.”

This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation.

“I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.”
“I will design and maintain each system in a manner to support the purpose of the system to the organization.”

This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared.

Technical Policies

Server naming:

Bare-metal servers and off-site VMs are named after chemical elements.
On-site VMs are named by function, in the format ehl-vm-xxxxxxx.

Configuration management:

There is an ansible profile for low-level configuration.
Use Docker for applications unless they are complex and require a dedicated host.

Languages:

We prefer Python.
If a custom application is written for Hacklab then Python should be the default choice.

Pages under the sysadmin namespace (login is required to see these):

No pages in this namespace.

Table of Contents