Meeting:2015/01/08

Meeting (to be) held on 2015/01/08 at 19:00 in Zepler CLS Lecture Room

Previous meeting: 7 January 2015 19:00:00 Next meeting: 28 January 2016 19:00:00

Agenda

Major Tasks for 2015

• Build new SOWN-Zepler (Probably just Zenler not Zacler)
  • Intel Dual Band Wireless-AC 7260 cards do not support 802.11ac in access point mode.
  • AzureWave Broadcom BCM94352HMB 802.11/ac/867Mbps WLAN + BT4.0 Half Mini PCI-E card does not currently have firmware that can support 5.8GHz (n or ac) in access point mode.
  • cmalton can explain further about the current status of both wireless cards access point functionality.
  • We could look into the Atheros cards to see if they are capable of access point mode in 5.8GHz for 802.11n and 802.11ac. Unfortunately this may only be possible with the ath11k driver which is not even in mainline yet.
  • We might look at whether things are easy if we run Debian or similar as an OS.
• Build SOWN[at]coordinates node
  • Mount a board of some description in an outdoor box on the dish
  • We have a 5GHz dish already!
    • But we'd need to have a 5GHz node first, so this idea probably is blocking on a moderately successful SOWN Zenler/Zacler
• Retire Auth
  • Majority (and probably all essential functionality) of Admin site has been migrated to Auth2
  • Should LDAP be migrated, how to we support systems that currently use if it is not?
  • Root login to other servers needs to be moved to Auth2
  • Backups collation needs to be moved to Auth2
  • What else does Auth provide that we need to migrate?

Icinga Alerts

• EAPOL-* checks
  • Convert ECS and SOTON checks for specific servers to be direct and have single checks for these domains that go via JANET
• Node NFSEN checks
  • Currently disabled whilst we sort out problems with nfcapd
• Node SYSLOG checks
• Node SSH-NODE-PASSWORD checks
  • Why does Dropbear (SSH) keep dying on various nodes?
  • morse has patched SSH on #263 to see if we can figure out what is wrong.
  • Can we produce an upgrade to check the the status of Dropbear and (re)start it if necessary?
  • If the problem turns out to be something we cannot fix we will add a hook to check and restart SSH when necessary.
• BACKUP3/BACKUPTRANSFER check timing out
  • BACKUP2/BACKUPTRANSFER has also timed out recently
  • Is there anything we can do to stop this happening or make it less likely
  • Surely cannot be a lack of available bandwidth.
  • Need to look at buiiding a more robust rsync script

Todo List

• Configure server-side openvpn tunnels to work with ipv6
• Check nfdump hack isn't losing data
• Improve security of our OpenWRT packages
• More regular usage cap checking for nodes
• Nagios Check Documentation
• Allow node for deployment to be changed from the web interface on auth2
• Get SNI working on auth2
• Allow node config to specify the DNS server it uses and make this configurable from the admin site
• update radius cert on auth
• Make radmatrix graphs available via public radmatrix
• Build sown-dev as a new-style package management server on its existing addresses
• Make graphs for node usage each month and node usage for each hour of the day for the last 30 days
• stop node:/etc/sown/firewall/setup.sh stopping hostap on remote fw config change
• Alter auth2:/etc/openvpn/update_openvpn to remove vpn config files for servers that are no longer configured
• swap 'sown' and 'atheros' packages trees on the public website once all nodes have the config
• Finish node_control node DNS generation
• Allow node admins to edit their deployment settings (e.g. usage cap).
• Make openvpn try to start each vpnserver config file independently
• remove new nodes dependency on sown-auth when installing
• Get node to detect modified config files
• Node-owner firewall control

AOB