User Tools

Site Tools


sysadmin

System Administration

What do we maintain?

What Who
Internet connection Cameron, Simon
Core network router and switches Cameron, Simon
WiFi access Cameron
Rack space and network service for member colo servers Cameron, Simon
Virtual machines for members Cameron, Simon
DNS & DHCP Cameron, Simon
Members registration and authentication Ben, adq, Tim H
Access management (doors, tools and lockers) Tim H
Shared services: shell, file storage Cameron
Mailing lists Ben, Simon, Tim H

What don't we maintain?

  • Hacklab email - this is currently hosted on fastmail.com
  • Domain registration - this is closely guarded.
  • Internet of Things at the lab - this is a free-for-all.
  • Members' servers - these are community-supported, or private.

Communications

There is a sysadmin mailing list. We also use the Hacklab IRC channel #edinhacklab and #edinhacklab-sysadmin.

Users can reach us at sysadmin at our usual domain.

Access Privileges

Network: The netadmin LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management.

Servers: The sysadmin LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins.

Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately.

Code of Conduct

We adopt the System Administrators' Code of Ethics.

Of particular interest:

“I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.”

This means use your powers only for good. You must not use them to annoy people.

“I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.”

This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation.

“I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.”
“I will design and maintain each system in a manner to support the purpose of the system to the organization.”

This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared.

Technical Policies

Server naming:

  • Bare-metal servers and off-site VMs are named after chemical elements.
  • On-site VMs are named by function, in the format ehl-vm-xxxxxxx.

Configuration management:

  • There is an ansible profile for low-level configuration.
  • Use Docker for applications unless they are complex and require a dedicated host.

Languages:

  • We prefer Python.
  • If a custom application is written for Hacklab then Python should be the default choice.

More Pages

Pages under the sysadmin namespace (login is required to see these):

No pages in this namespace.

sysadmin.txt · Last modified: 2024-12-08 11:36 by tim

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki