[NCUC E-team] Hosting the NCUC E-Platform

Tapani Tarvainen ncuc at tapani.tarvainen.info
Tue Mar 5 19:48:36 CET 2013 

On Mar 05 10:19, David Cake (davecake at gmail.com) wrote:

> > And all admins should have their own logins rather
> > than using root directly, preferably using only
> > ssh with rsa authentication, and perhaps
> > even that limited to specific IPs.

> 	Unless those IPs are of intermediary servers (which would be a
> system that I would hate), limiting to specific IPs would quite
> likely be a problem, very inconvenient for those (like me) whose ISP
> might change static IP on them, but I can also imagine a situation
> in which all the team are travelling to the same meeting and so most
> or all may have difficulty accessing via the correct IPs.

OK. I guess IP limitation here doesn't really make sense
(and intermediate servers are indeed a hateful thing).

> I'm in favour of ssh with RSA, and happy to trust that for security.

Is everybody happy with ssh & RSA?

On Mar 05 10:22, David Cake (davecake at gmail.com) wrote:

> 	How are we going to deal with changes to config files?
> 	Rather than document individual changes, source code control
> seems sensible (though locally hosted would be fine, as long as
> there is some backup). Preferences? Git?

It'd have to be some system everybody is comfortable with -
we don't want things people need to learn just for this.
If people aren't using git (or whatever) regularly,
and only step in here irregularly, they're likely to forget
it when something needs to be done urgently.

So, if we go with real version control I'd indeed prefer git,
but for config files I think we could make do with just
emacs backups (using its version control and "indefinite"
number of backups in a dedicated directory).
(If there're heretics among us who don't like emacs, I've got 
a little hack to make vim, nano and whatnot use same backup scheme.)
This has worked well in a number of places where sysadmins with 
different levels of experience come and go.

But, if everybody here's a git lover, I'm fine with it.
Show of hands: who uses git regularly enough to remember
not only how to use it but also to actually use even when drunk? :-)

As for backup, we could use part of our Gandi disk space
for that (Gandi provides especially for that, allowing
some disk space to be allocated on a different location,
so it'll be safe even if one rack explodes).
Something like rsnapshot should work well enough.
I could also make an extra backup on my own
backup machine as an emergency fallback.

-- 
Tapani Tarvainen

More information about the E-team mailing list