From SOWNWiki
Jump to: navigation, search

Workshop (to be) held on 2021/09/11 at 14:00 in Other Room

Previous workshop: 21 February 2019 18:00:00 Next workshop: 20 November 2021 13:00:00

Task List

  • Upgrade Sown-auth2 to Ubuntu 18.04 and possible Ubuntu 20.04
    • TimStallard and DavidNewman worked on upgrading to Ubuntu 18.04. A number of problems were hit
    • FreeRadius was upgraded to version 3.0.16, so they needed to port and modify the old 2.x.y configuration to work with 3.0.
      • DavidNewman updated the details for the RADIUS servers on to reflect the correct version and otherwise make sure details were accurate.
      • We still need to look into whether we can safely re-enabled update_openvpn script.
    • OpenVPN was upgraded to 2.4.4. Fortunately, we had already configured the Admin Site to 2.4 configuration so we just switched over the update_openvpn script to use this.

  • Check VSTACK status on SOWN switch and other security hardening
    • DanTrickey looked into this and although VSTACK setting was OK be found a number of other security concerns that he fixed.

  • Fix slow SSH login to servers due to slow motd caching
    • Scorpia looked into this. After investigating MOTD and various other issues he resolved to this being something integral to the SSH server but could not narrow this now further.
    • The issue seems to only present once, typically after a reboot.
    • Upgrading from Ubuntu 18.04 to 20.04 does not fix the issue.

  • Investigate why AUTH2/EAPOL-EDUROAM and AUTH2/AUTH checks are failing
    • DavidNewman contacted Eduroam UK team to try to debug problems with RADIUS checks, which broke in June/July. This turned out to be us running an old (2.4 or earlier of WPA Supplicant) version of eapol_test, so he compiled the latest version (2.9 of WPA supplicant) and this meant both the checks to and the ODI started working again.
    • DavidNewman has made some changes to the checks to use the "University of Catford" CA certificate.

  • Investigate why AUTH2/SSH checks periodically goes warning
  • Renew SSL certificates for various nodes which expire in October
    • DavidNewman has renewed certificates for all the nodes that were online:
    • Following nodes still outstanding:
      • 304 is held by Josh but he replaced with his own hardware as he lost the node. Need to contact to get him to plug in.
      • 305 is held by DanTrickey. He needs to plug this in so it can have its certificate renewed or return the node.
      • 308 which expired a year or so ago. We need to try to get this back from Matt?
      • 444 is DavidYoung's node on his own hardware, so will probably just end this deployment when the certificate fully expires.
      • 912 is Cmalton's node. He will try to plug it back into the right VLAN of his home network so this development node's certificate can be renewed.

  • Investigate recent intermittent backup failures
    • TimStallard was going to investigate. One reason may have been the recent upgrade of NetBox software to 3.0.2. We need to just keep an eye on this, it may just be due to network flakiness.
... more about "2021/09/11"
14:00:00, 11 September 2021 +
18:00:00, 11 September 2021 +