User Tools

Site Tools


sysadmin

This is an old revision of the document!


System Administration

At the time of writing, most of Hacklab's network and server infrastructure is maintained by two people. At least one of them wants an escape plan. We need a bigger sysadmin team.

What do we maintain?

  • Internet connection
  • Core network router and switches
  • WiFi access
  • Rack space and network service for member colo servers
  • Virtual machines for members
  • DNS & DHCP
  • Members registration and authentication
  • Access management (doors, tools and lockers)
  • Shared services: shell, file storage, nextcloud
  • Mailing lists

What don't we maintain?

  • Hacklab email - this is currently hosted on fastmail.com
  • Domain registration - this is closely guarded.
  • Internet of Things at the lab - this is a free-for-all.
  • Members' servers - these are community-supported, or private.

Communications

There is a sysadmin mailing list. We also use the main Hacklab IRC channel.

Users can reach us at sysadmin at our usual domain.

Access Privileges

Network: The netadmin LDAP group provides access to network-related servers. There is a network password for the router, switches, UniFi controller and anything else that doesn't have LDAP user management.

Servers: The sysadmin LDAP group will provide access to most other servers, with some sensitive systems excluded. There is a standard root password, but this is only used for console access and is generally disabled for SSH logins.

Team members will be expected to agree to the code of conduct before getting any privileges and may not receive all privileges immediately.

Code of Conduct

We adopt the System Administrators' Code of Ethics.

Of particular interest:

“I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.”

This means use your powers only for good. You must not use them to annoy people.

“I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.”

This is important because the sysadmin team has access to users' VM and stored data, and to personal data entrusted to the organisation.

“I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.”
“I will design and maintain each system in a manner to support the purpose of the system to the organization.”

This means that we need to co-operate as a team. The services we create should be maintainable after the person who created them has moved on. Technology choices should be shared.

Technical Policies

Server naming:

  • Bare-metal servers are named after chemical elements.
  • VMs are named functionally, in the format ehl-vm-xxxxxxx.

Configuration management:

  • There is an ansible profile for low-level configuration.
  • Use Docker for applications unless they are complex and require a dedicated host.

More Pages

Pages under the sysadmin namespace (login is required to see these):

No pages in this namespace.

sysadmin.1593625881.txt.gz · Last modified: 2020-07-01 17:51 by tim

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki