Thanks Bryan. I have not seen anything from David either. Sorry for the overload. I wanted to capture what I knew on paper.
I will be trying to hammer this more today at least to get a full rc done. Regards, KAM On May 10, 2017 10:17:50 AM EDT, Bryan Vest <[email protected]> wrote: >I have been going through all of this information, there is a lot to >parse >through. I will come up with a plan to start moving forward on these >things. I will look into the wiki update. >I am still ingesting everything that has been done and needs to be done >with the servers. > >I have not seen any replies from Dave unless I missed them before I >joined >the mailing list. I want to make sure we are not wasting time trying to >work on the same things. > >--Bryan Vest > >On Mon, May 8, 2017 at 6:13 PM, Kevin A. McGrail <[email protected]> >wrote: > >> Dave and Bryan, below is my latest attempt at the how to information >for >> sysadmins. >> >> Can one of you please take on incorporating this into the wiki? >> >> >> Apache SpamAssassin SysAdmin How-To >> >> NOTE: This was written in April of 2017 to help modernize our system >> records >> >> - Other records: See >https://wiki.apache.org/spamassassin/DevelopmentStuff >> - This document will likely be used to replace that page. >> >> - Wiki Access: >> >> Write access to the wiki is to anyone who has created a login name on >the >> wiki >> whose name has been added to the page >> https://wiki.apache.org/spamassassin/ContributorsGroup >> >> Write access to that page is to anyone whose wiki login name has been >> added to >> https://wiki.apache.org/spamassassin/AdminGroup >> >> - Members of SA SysAdmins (SASA): >> Dave Jones - [email protected] >> Kevin A. McGrail - 703-798-0171 - [email protected] >> Bryan Vest - [email protected] >> >> - Who's in Charge? >> The PMC. There is no leadership hierarchy in the SpamAssassin >SysAdmins. >> >> NOTE: As with any ASF role, if you follow The Apache Way, you should >feel >> empowered to Just Do It (TM Nike) >> >> For a SysAdmin, your solution works (Merit), it's well documented >(Open) >> and supports the project (Community), you're good to go though as a >> SysAdmin you need to realize we have control over private data. All >SASA >> members have been asked to follow the LISA Code of Ethics. >> >> Tenants we Follow: >> - The Apache Way, Shane Curcuru's post on this are a good point: >> http://theapacheway.com/ >> - LISA/Sage Code of Ethics, https://www.pccc.com/base.cgim >> ?template=sage_code_of_ethics >> >> Important Resources: >> >> The ASF Infrastructure (Infra) Jira: https://issues.apache.org/jira >> /secure/Dashboard.jspa - Sign up at Jira isn't single sign on >enabled. >> >> SpamAssassin Bugzilla: https://bz.apache.org/SpamAssassin/ >> >> Short-hand Notes: >> There are a lot of acronyms, even those that might be basic that >will be >> defined here if we find there is confusion to make it easier to bring >new >> sysadmin's onboard to make many hands make light work. >> >> Apache Software Foundation (ASF) >> Bugzilla (BZ) >> Apache SpamAssassin (SA) >> PMC (Project Management Committee) >> SVN (SubVersioN) >> >> Mailing Lists: >> - There is a dedicated SASA Mailing list >[email protected]. >> org. Additionally, our machines largely support the Rule QA process >so >> [email protected] should be subscribed to. >> >> >> Credentials: >> - There are legacy shared credentials. These must be encrypted and >> stored in SVN. >> >> OPIE: >> - To sudo to root, you need to use OPIE - See >> https://reference.apache.org/committer/opie >> >> DNS for SpamAssassin.org: >> - The server creates DNS entries on the fly so we do not use the ASF >> infrastructure for DNS. We have a hidden master that pushes to >Hyperreal >> and Sonic >> Contact for HyperReal is Brian Behlendorf >> Contact for Sonic is [email protected] >> >> The information located here: >> https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current >> configuration information you will need. >> >> >> >> - Project Machines >> >> This is a short description of the machines involved including those >that >> USED to exist and why. >> >> OLD: >> - Hyperion.Apache.org - ftp://ftp.ist.utl.pt/apache/de >> v/machines.html#hyperion shows this was likely a solaris box that I >had >> access to when zones died and I had to recover data. >> - SpamAssassin.zones.apache.org - DIED - was replaced with >spamassassin-vm >> - SpamAssassin.zones2.apache.org - deprecated by Infra >> - spamassassin-vm.apache.org - deprecated by Infra >> >> CURRENT: >> - incoming.apache.org - Donated by Sonic >> - sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and >zones2 >> >> - Other Aliases: buildbot, ruleqa (there might be more). >> >> Also, this is an ASF box for all committers: >> >> - Minotaur.apache.org aka People - This used to handle various build >and >> devel related tasks. Minotaur.apache.org for ssh (It appears that >> minotaur is not the proper server anymore. I used home.apache.org >per >> some links that Sidney sent. (Home.apache.org and people.apache.org >> resolve to the same IP.) >> >> >> >> - Backups: >> >> There are no backups of these machines save what is stored in SVN or >that >> KAM has made. >> >> Specifically, what backups does KAM have as of 2017/05/08: >> >> - Hyperion.apache.org - N/A >> - Incoming.apache.org aka colo - Backup on KAM's Crashplan >> - minotaur.apache.org (NOTE: Aka People) - N/A >> - sa-vm1.apache.org - Backup on KAM's Crashplan >> - Spamassassin-vm.apache.org - Backup on KAM's Crashplan - Mar 15, >2017 >> - There is also a backup on sa-vm1 in /x1. >> - spamassassin2.zones.apache.org - Backup on KAM's Crashplan from >> Approximately Jun 2015 last backup. Also have an Rsync copy from >June 3, >> 2015 on PCCC TalonJR machine - And there is also a copy on sa-vm1 in >/x1 >> >> - Ubuntu? >> >> Ubuntu is the ASF Infrastructures OS of choice. Supporting others is >not >> an option at this time. >> >> - How to get access to each machine: >> >> sa-vm1.apache.org (current as of 4/28/17) >> - Open a Jira ticket with the availid of the person(s) you want to >have >> access. Note if they need sudo access or not. >> - User self maintains their ssh-key at id.apache.org >> - NOTE: if sudo access was requested, run and sets up 'ortpasswd' >> >> - Why all the boxes? >> >> The resources for Masscheck can be very intensive on CPU, Ram and >disk I/O >> intensive. Over the years, many boxes have been consolidated, >donated, >> lost, replaced, moved under ASF Infrastructure or just fell over and >sank >> into the swamp. >> >> - Some boxes are just names for other boxes >> trap-proc.spamassassin.org. Sonic has scripts set up to archive >> collected spam to that server. >> >> >> >> KAM Goals for SysAdmin: >> >> - For KAM, Apache SpamAssassin is a framework for writing goals. I >deliver >> goals to prove the code works but I don't view that the project has >to >> provide rules. Others may disagree but I don't see the value in >masscheck, >> ruleqa, etc. when there is not enough people using the data. >> >> - Once you have an account on Minotaur/Home/People, goto >> people.apache.org/~kmcgrail and make a duplicate for you. NOTE: This >is >> documented SOMEWHERE but no idea where. >> >> GOAL: Get it so I have your PGP key and put the signature for your >PGP key >> into id.apache.org >> >> SVN: >> - You need access to https://svn.apache.org/repos/asf/spamassassin/ >for >> sysadmin, dns and site. >> - In the ASF, we use http for read-only access to a repo and https >for >> read-write. So if you are trying to checkout and modify a repo, make >sure >> you are using https:// >> >> Encrypted SVN: >> - If you can, document things in the Wiki at >> https://wiki.apache.org/spamassassin/DevelopmentStuff. If something >is >> sensitive, encrypt it and store it on the >https://svn.apache.org/repos/a >> sf/spamassassin/sysadmins repo and reference it on the Wiki. >> >> SSH: >> The systems use One Password In Everything (OPIE) to elevate your >access >> via sudo. Some resources: >https://reference.apache.org/committer/opie >> and https://reference.apache.org/committer/otp-md5 >> >> >> >> >> How to Onboard someone as a SysAdmin: >> >> - A PMC Member nominates a new SASA member as a committer since we >store >> items in SVN for configs >> NOTE: If they later produce code, they should request that permission >from >> the PMC. >> >> - If the vote is successful, they then follow all the normal >committer >> guidelines to get them an Apache ID including an appropriate >committer >> license: https://www.apache.org/dev/new-committers-guide.html >> >> - Once they have an Apache ID, they should: >> >> - SASA Member signs up for an Infra Jira account at >> https://issues.apache.org/jira/secure/Signup!default.jspa? >> - SASA Member adds an SSH public key to id.apache.org >> - Add your PGP public key. http://people.apache.org/~kmcgrail/ >> - Create an account on our Wiki >> - Email [email protected] >> - Email [email protected] and ask for karma to >access >> sa-vm1 with sudo access >> - Email [email protected] and ask for your account >to >> be added to https://wiki.apache.org/spamassassin/ContributorsGroup >and >> https://wiki.apache.org/spamassassin/AdminGroup >> - Start looking at >https://wiki.apache.org/spamassassin/DevelopmentStuff >> under infrastruction >> >> - Someone with Karma needs to: >> - Approve request to sysadmins mailing list >> - Add them to ContributorsGroup and AdminGroup on Wikki >> - Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to >get >> them access to our box >> >> -- >> Kevin A. McGrail >> Asst. Treasurer, Apache Software Foundation >> Chair Emeritus Apache SpamAssassin Project >> >>
