Meeting:2016/01/07

Meeting (to be) held on 2015/01/07 at 19:00 in Zepler CLS Lecture Room

Previous meeting: 20 November 2014 18:00:00 Next meeting: 8 January 2015 19:00:00

Agenda

Major Tasks for 2016

• New SOWN node firmware
  • Running OpenWRT Designated Driver
  • Cmalton has pretty much built all the firmware needed for at least 4 different pieces of hardware:
    • Meraki Mini
    • OM1P
    • OM2P
    • AR150
  • Node setup infrastructure to make node setup easier using requests and returned tarballs to/from www.sown.org.uk.

• New server builds as VMs
  • Create on Sown-vms using Kickstart and Puppet
  • Need builds for the following:
    • RADIUS
    • Backup
    • Admin site
    • OpenVPN
    • Bind
    • Monitoring (Icinga)
    • any more?

• Build new SOWN-Zepler (or Zacler)
  • Using APU board and Wireless AC card from
  • Another wireless b/g/n Mini PCI-e card
  • Mini PCIe SSD drive

• SOWN[at]anywhere
  • AR150s ideal for this purpose

• Build SOWN[at]coordinates node
  • Dependent on mast project
  • Mount a board of some description in an outdoor box on the dish
  • We have a 5GHz dish already!
    • But we'd need to have a 5GHz node first, so this idea probably is blocking on a moderately successful SOWN Zenler/Zacler

• SOWN Eduroam extender
  • Use nodes as receiver for Eduroam back link when near campus.

Wiki Upgrade

• Wiki has been upgraded to MediaWiki 1.26.2
  • Still a few teething problems with Semantic Forms.

Todo List

• Fix DNS for sown.org.uk, backup2.sown.org.uk and marconi.sown.org.uk on external DNS servers
• Figure out why Dropbear on nodes appears to be crashing since SSH password check has been introduced
• Figure out why nagios-apid sometimes stalls on monitor
• Figure out why backing up the database causes issues with RADIUS accounting
• Build new backup server using meshach black box
• Fix credentials script so that if client cert exists, but we're still in setup mode things don't fail
• Configure server-side openvpn tunnels to work with ipv6
• Check nfdump hack isn't losing data
• Unlang in auth:freeradius for @sown.org.uk users
• Configure our RADIUS server to disallow remote authentication of non-academic users, then open relevant ports
• Improve security of our OpenWRT packages
• More regular usage cap checking for nodes
• Some users can only login to www.sown.org.uk/secure and Icinga using username with uppercase first letter
• Create Monitor tasks to check that our public NS records are still what we think they should be.
• Fix firewalling on sown-vms so ping/ssh works for the IPv6 address on the SOWN interface
• download_package does not timeout or attempt retries
• Create certificate for auth2.sown.org.uk using StartSSL
• Nagios Check Documentation
• Look at whether apt-autoclean cron job can be quiet if there are no problems
• Figure out why date and time picker buttons are not appearing in Meetings Semantic form
• Add support for client isolation on wireless interface.
• Allow node config to specify additional DNS servers for selected domains and make this configurable from the admin site
• Review Icinga log file destinations
• Review mailbox check scripts and installation.
• Add regular task to gzip old icinga logs in monitor:/usr/local/icinga/var/archives
• Make radmatrix graphs available via public radmatrix
• Add all nrpe checks to the Git
• Investigate whether usage stats for deployments get deleted after 3 months?
• Build VM on sown-vms as a new-style package management server on its existing addresses
• Make graphs for node usage each month and node usage for each hour of the day for the last 30 days
• stop node:/etc/sown/firewall/setup.sh stopping hostap on remote fw config change
• Alter auth2:/etc/openvpn/update_openvpn to remove vpn config files for servers that are no longer configured
• swap 'sown' and 'atheros' packages trees on the public website once all nodes have the config
• Make openvpn try to start each vpnserver config file independently
• remove new nodes dependency on sown-auth when installing
• Check/add support for IPv6 on nodes where host network supports IPv6.
• Figure out why archive_radius.php fails to create temporary table at start of each month
• Move SOWN website from SVN (forge.ecs) to Git
• Make Icinga send both html and plain text emails

AOB