Differences

This shows you the differences between two versions of the page.

--- sysadmin [2020-05-25 17:37] – removed tim
+++ sysadmin [2024-12-08 11:36] (current) – [What do we maintain?] tim
@@ Line 1: / Line 1: @@
+====== System Administration ======
+===== What do we maintain? =====
+^ What ^ Who ^
+| Internet connection | Cameron, Simon |
+| Core network router and switches | Cameron, Simon |
+| WiFi access | Cameron |
+| Rack space and network service for member colo servers | Cameron, Simon |
+| Virtual machines for members | Cameron, Simon |
+| DNS & DHCP | Cameron, Simon |
+| Members registration and authentication | Ben, adq, Tim H |
+| Access management (doors, tools and lockers) | Tim H |
+| Shared services: shell, file storage | Cameron |
+| Mailing lists | Ben, Simon, Tim H |
+===== What don't we maintain? =====
+  * Hacklab email - this is currently hosted on fastmail.com
+  * Domain registration - this is closely guarded.
+  * Internet of Things at the lab - this is a free-for-all.
+  * Members' servers - these are community-supported, or private.
+===== Communications =====
+There is a //sysadmin// mailing list. We also use the Hacklab IRC channel //#edinhacklab// and //#edinhacklab-sysadmin//.
+Users can reach us at //sysadmin// at our usual domain.
+===== Access Privileges =====
+Network: The //netadmin// LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management.
+Servers: The //sysadmin// LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins.
+Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately.
+===== Code of Conduct =====
+We adopt the [[https://www.usenix.org/system-administrators-code-ethics|System Administrators' Code of Ethics]].
+Of particular interest:
+> "I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally."
+This means use your powers only for good. You must not use them to annoy people.
+> "I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it."
+This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation.
+> "I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible."
+> "I will design and maintain each system in a manner to support the purpose of the system to the organization."
+This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared.
+===== Technical Policies =====
+Server naming:
+  * Bare-metal servers and off-site VMs are named after chemical elements.
+  * On-site VMs are named by function, in the format ehl-vm-xxxxxxx.
+Configuration management:
+  * There is an [[https://gitea.ehlab.uk/hacklab/ansible-hacklab-server|ansible profile]] for low-level configuration.
+  * Use Docker for applications unless they are complex and require a dedicated host.
+Languages:
+  * We prefer Python.
+  * If a custom application is written for Hacklab then Python should be the default choice.
+===== More Pages =====
+  * [[servers|List of servers]]
+  * [[network|Network]]
+  * [[wifi|WiFi]]
+  * [[ehana|Numbering]]
+  * https://netbox.ehlab.uk/
+  * {{ :sysadmin:network-diagrams-20200701.pdf |Network Diagrams}}
+Pages under the sysadmin namespace (login is required to see these):
+<nspages sysadmin -h1 -textPages="" -simpleList>
+~~NOCACHE~~