- Time: 11am onwards
- Place: Building 32 Level 4 Demo Room (meet outside North entrance if you do not have access to the building)
- Attendees: morse, Leth, daveruss, SjH and crwilliams.
- 1 Undertaken Tasks
- 1.1 Fixing Stag's Head Node node (morse)
- 1.2 Implementing `campus tunneled' node type (daveruss)
- 1.3 Add auth site to SVN (Leth)
- 1.4 Logging without the tunnel (SjH)
- 1.5 Update the Radius code on sown-auth (morse)
- 1.6 Integration mysql2.ecs database into SOWN database (daveruss)
- 1.7 Secure docpot on sown-auth (daveruss)
- 1.8 Bug reporting / account request from captive portal login page (Leth & crwilliams)
- 1.9 Moving dev from node type to node deployment
- 2 Unattempted Tasks
Fixing Stag's Head Node node (morse)
Implementing `campus tunneled' node type (daveruss)
This is not required. Open VPN attributes are now always be displayed if null/0 then assume there is no tunneling. The node type should not be used for defining whether a node is tunneled.
Node type is now only used for the purposes of statistics. It has no effect on authentication or anything else to do with setupnode system. The fields to use when trying to alter this are the chains for the node (JaNET,NET,SOWN) etc which dictate which functionallity users can gain on a node, and the Operating System type field so the system can make distribution specific decisions about config.
It would be a good idea to have the availibility to disable the use of openvpn in instances of nodes which are on the sown vlan. This should then allow any node to be handled separatelly.
Add auth site to SVN (Leth)
Logging without the tunnel (SjH)
Added. This now logs to SOWN-VPN over a tcp tunnel on its forward facing interface.
Update the Radius code on sown-auth (morse)
Integration mysql2.ecs database into SOWN database (daveruss)
Dump of mysql2.ecs database was taken. It contain 3 tables. noderequests table was moved to the main database on sown-auth and renamed node_requests. new user created on sown-auth mysql server that allows select/insert/update/delete on the node_requests table.
Other two tables were from a survey about wireless usage in May 2007. A dump of these tables were taken and were to be placed on secure docpot. However anyone with access to the ecs filestore would be able to view this sql dump. Therefore we decided to improve secure docpot by hosting it on sown-auth and proxying it to the ecs webserver.
docpot directory created in the root web directory. setting up proxying and passing on of authentication details still needs to be done.
Bug reporting / account request from captive portal login page (Leth & crwilliams)
Apache modules mod_rewrite and mod_proxy have been enabled on auth so that we can transparently proxy the contact web forms from www.sown.org.uk. HTTP GET Options need adding to the contact pages to better support this.
Moving dev from node type to node deployment
There is no dev type on node. Nodes can use dev as a vpn endpoint which may have caused some confusion. Probably the best solution is to use `private' flag on node_deployments for dev deployments. We need to check that appropriate places observe the `private' flag, i.e. in nagios, stats, etc.