Meeting:2016/01/07
From SOWNWiki
Meeting (to be) held on 2015/01/07 at 19:00 in Zepler CLS Lecture Room
Previous meeting: 20 November 2014 18:00:00 Next meeting: 8 January 2015 19:00:00
Agenda
Major Tasks for 2016
- New SOWN node firmware
- Running OpenWRT Designated Driver
- Cmalton has pretty much built all the firmware needed for at least 4 different pieces of hardware:
- Meraki Mini
- OM1P
- OM2P
- AR150
- Node setup infrastructure to make node setup easier using requests and returned tarballs to/from www.sown.org.uk.
- New server builds as VMs
- Create on Sown-vms using Kickstart and Puppet
- Need builds for the following:
- RADIUS
- Backup
- Admin site
- OpenVPN
- Bind
- Monitoring (Icinga)
- any more?
- Build new SOWN-Zepler (or Zacler)
- Using APU board and Wireless AC card from
- Another wireless b/g/n Mini PCI-e card
- Mini PCIe SSD drive
- SOWN[at]anywhere
- AR150s ideal for this purpose
- Build SOWN[at]coordinates node
- Dependent on mast project
- Mount a board of some description in an outdoor box on the dish
- We have a 5GHz dish already!
- But we'd need to have a 5GHz node first, so this idea probably is blocking on a moderately successful SOWN Zenler/Zacler
- SOWN Eduroam extender
- Use nodes as receiver for Eduroam back link when near campus.
Wiki Upgrade
- Wiki has been upgraded to MediaWiki 1.26.2
- Still a few teething problems with Semantic Forms.
Todo List
- Fix DNS for sown.org.uk, backup2.sown.org.uk and marconi.sown.org.uk on external DNS servers
- Figure out why Dropbear on nodes appears to be crashing since SSH password check has been introduced
- Figure out why nagios-apid sometimes stalls on monitor
- Figure out why backing up the database causes issues with RADIUS accounting
- Build new backup server using meshach black box
- Fix credentials script so that if client cert exists, but we're still in setup mode things don't fail
- Configure server-side openvpn tunnels to work with ipv6
- Check nfdump hack isn't losing data
- Unlang in auth:freeradius for @sown.org.uk users
- Configure our RADIUS server to disallow remote authentication of non-academic users, then open relevant ports
- Improve security of our OpenWRT packages
- More regular usage cap checking for nodes
- Some users can only login to www.sown.org.uk/secure and Icinga using username with uppercase first letter
- Create Monitor tasks to check that our public NS records are still what we think they should be.
- Fix firewalling on sown-vms so ping/ssh works for the IPv6 address on the SOWN interface
- download_package does not timeout or attempt retries
- Create certificate for auth2.sown.org.uk using StartSSL
- Nagios Check Documentation
- Look at whether apt-autoclean cron job can be quiet if there are no problems
- Figure out why date and time picker buttons are not appearing in Meetings Semantic form
- Add support for client isolation on wireless interface.
- Allow node config to specify additional DNS servers for selected domains and make this configurable from the admin site
- Review Icinga log file destinations
- Review mailbox check scripts and installation.
- Add regular task to gzip old icinga logs in monitor:/usr/local/icinga/var/archives
- Make radmatrix graphs available via public radmatrix
- Add all nrpe checks to the Git
- Investigate whether usage stats for deployments get deleted after 3 months?
- Build VM on sown-vms as a new-style package management server on its existing addresses
- Make graphs for node usage each month and node usage for each hour of the day for the last 30 days
- stop node:/etc/sown/firewall/setup.sh stopping hostap on remote fw config change
- Alter auth2:/etc/openvpn/update_openvpn to remove vpn config files for servers that are no longer configured
- swap 'sown' and 'atheros' packages trees on the public website once all nodes have the config
- Make openvpn try to start each vpnserver config file independently
- remove new nodes dependency on sown-auth when installing
- Check/add support for IPv6 on nodes where host network supports IPv6.
- Figure out why archive_radius.php fails to create temporary table at start of each month
- Move SOWN website from SVN (forge.ecs) to Git
- Make Icinga send both html and plain text emails
AOB
... more about "2016/01/07"