Admin Tasks

From Van Essen Lab

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
* Update the SSL certificate on brainvis to remove warning when accessing brainvis through SSL/https.   
* Update the SSL certificate on brainvis to remove warning when accessing brainvis through SSL/https.   
-
Status: in process of testing a self-signed OpenSSL certificate to be used for 4 yrs, and is free instead of buying a 3yr cert thru  Thawte for $600.
+
Status: running a valid, self-signed OpenSSL certificate set to expire 2/11/2017 (free) and can be imported to users browser .
* Upgrade Brainvis to latest LTS release (10.04)
* Upgrade Brainvis to latest LTS release (10.04)
Status: replacing server so it is moot
Status: replacing server so it is moot
Line 7: Line 7:
Status: backburner as this would involve volume encrytpion and a performance penalty  
Status: backburner as this would involve volume encrytpion and a performance penalty  
* Upgrade mail server to support mail dir (which should help improve performance)
* Upgrade mail server to support mail dir (which should help improve performance)
-
Status: in process , testing
+
Status: complete
* Set up a single sign on system (LDAP) for all machines to make it easier to keep accounts and passwords in sync across all machines
* Set up a single sign on system (LDAP) for all machines to make it easier to keep accounts and passwords in sync across all machines
Status: lowered priority, initial authentication to be via /etc/passwd & /etc/shadow & PAM files.
Status: lowered priority, initial authentication to be via /etc/passwd & /etc/shadow & PAM files.
Proving problematic implementing openldap for the many diff. unix/linux clients in use in lab.  
Proving problematic implementing openldap for the many diff. unix/linux clients in use in lab.  
* Migrate wiki pages to new wiki on brainvis
* Migrate wiki pages to new wiki on brainvis
-
Status: testing an imported copy of the wiki/mysql database from 2010.
+
Status: completed
* Upgrade brainvis hardware, either by purchasing a machine from a well-known vendor or building a machine  
* Upgrade brainvis hardware, either by purchasing a machine from a well-known vendor or building a machine  
-
Status: complete, server is here
+
Status: completed
* Upgrade NFS shares to version 3 at minimum, and make sure permissions are set up so that all users can access files with appropriate permissions
* Upgrade NFS shares to version 3 at minimum, and make sure permissions are set up so that all users can access files with appropriate permissions
-
Status: NFSv4 filesystem in testing
+
Status: completed
* Continue to update and maintain build systems, as needed
* Continue to update and maintain build systems, as needed
Status: Jon to manage new build servers
Status: Jon to manage new build servers
* Migrate build servers to myelin2 (our secondary file server), running under virtual box (see both Tim and Jon for details)
* Migrate build servers to myelin2 (our secondary file server), running under virtual box (see both Tim and Jon for details)
-
Status: this is moot, as native build servers will replace VMs  
+
Status: native build servers (winbuild and linuxbuild)replaced the VMs  
* Migrate sumsdev to latest LTS release of ubuntu
* Migrate sumsdev to latest LTS release of ubuntu
Status: process, working to refine requirements with Ping  
Status: process, working to refine requirements with Ping  

Revision as of 20:04, 1 April 2013

  • Update the SSL certificate on brainvis to remove warning when accessing brainvis through SSL/https.

Status: running a valid, self-signed OpenSSL certificate set to expire 2/11/2017 (free) and can be imported to users browser .

  • Upgrade Brainvis to latest LTS release (10.04)

Status: replacing server so it is moot

  • Upgrade mail server to support encrypted files for extra security (in case disks are stolen)

Status: backburner as this would involve volume encrytpion and a performance penalty

  • Upgrade mail server to support mail dir (which should help improve performance)

Status: complete

  • Set up a single sign on system (LDAP) for all machines to make it easier to keep accounts and passwords in sync across all machines

Status: lowered priority, initial authentication to be via /etc/passwd & /etc/shadow & PAM files. Proving problematic implementing openldap for the many diff. unix/linux clients in use in lab.

  • Migrate wiki pages to new wiki on brainvis

Status: completed

  • Upgrade brainvis hardware, either by purchasing a machine from a well-known vendor or building a machine

Status: completed

  • Upgrade NFS shares to version 3 at minimum, and make sure permissions are set up so that all users can access files with appropriate permissions

Status: completed

  • Continue to update and maintain build systems, as needed

Status: Jon to manage new build servers

  • Migrate build servers to myelin2 (our secondary file server), running under virtual box (see both Tim and Jon for details)

Status: native build servers (winbuild and linuxbuild)replaced the VMs

  • Migrate sumsdev to latest LTS release of ubuntu

Status: process, working to refine requirements with Ping

  • Create and/or support development environment releases for 3rd party developers

Status: lowered priority

  • Create and maintain git servers, actively support granting access to outside developers where appropriate

Status: in process, admin piece working, maintenance piece training with Jon.

  • Maintain, and possibly upgrade the linux machines that are used by our rotating graduate students

Status: moved to backburner , will upgrade when it is required

  • Perform an inventory of all back up procedures and come up with a sensible back up policy that will ensure that all important files and data are backed up regularly

Status: completed, updated on PCinventory wiki page.

  • Perform an inventory of all equipment and machines. Attempt to standardize on certain versions linux/OSX/Windows where appropriate to make our systems easier to maintain

Status: Complete , updated on PCinventory wiki page.

  • Perform an inventory of our installed software. Ensure that all software is licensed properly. Also, manage site license programs, such as vmware's academic alliance, MSDN, and any other programs that require an administrative point of contact.

Status: completed , assumed point of contact for Vmware, provide licensing/media support for Adobe Suite, MS products ; OS, Office. Working with Mathworks for Matlab licensing changes.

  • As you perform an inventory of the hardware and software above, document all possible security threats or situations that could cause catastrophic failure (e.g. data loss, hardware failure, etc.). After coming up with this list, come up with strategies for tackling these issues and meet with the rest of the lab to discuss them.

Status: mostly complete, but ongoing watch. Tightend network security, particularly access to myelin1 and myelin2, added UPS units so all systems have battery backup. Host-firewalls turned on. Added lab systems and network switches, firewall to Nagios system management for remote monitoring of uptime status. Working on developing policies for root passwd rotation, limiting root access.

Document all procedures, inventories, and policies on the wiki, as necessary. Where policies are ambiguous (the rule, not the exception), meet with the rest of the tech and admin staff to develop sensible policies and procedures for usage of equipment.

Status: complete

  • Susan's iMac

Status: installed and Susan is using to disclose any issues.

  • Assist Ping with new system & OS for DB server

Status: complete , new system workbenchdb.wustl.edu installed, Ubuntu 12.04

  • Assist Ping with moving her old home dir. from now retired sums , mount old sums

disk on sumsdev. Status: complete

  • Copy CVS dir from sums to myelin1.

Status: complete

Personal tools
Sums Database