Thanks Bryan.  I have not seen anything from David either.  Sorry for the 
overload.  I wanted to capture what I knew on paper.

I will be trying to hammer this more today at least to get a full rc done.
Regards,
KAM

On May 10, 2017 10:17:50 AM EDT, Bryan Vest <[email protected]> wrote:
>I have been going through all of this information, there is a lot to
>parse
>through. I will come up with a plan to start moving forward on these
>things. I will look into the wiki update.
>I am still ingesting everything that has been done and needs to be done
>with the servers.
>
>I have not seen any replies from Dave unless I missed them before I
>joined
>the mailing list. I want to make sure we are not wasting time trying to
>work on the same things.
>
>--Bryan Vest
>
>On Mon, May 8, 2017 at 6:13 PM, Kevin A. McGrail <[email protected]>
>wrote:
>
>> Dave and Bryan, below is my latest attempt at the how to information
>for
>> sysadmins.
>>
>> Can one of you please take on incorporating this into the wiki?
>>
>>
>> Apache SpamAssassin SysAdmin How-To
>>
>> NOTE: This was written in April of 2017 to help modernize our system
>> records
>>
>> - Other records: See
>https://wiki.apache.org/spamassassin/DevelopmentStuff
>> - This document will likely be used to replace that page.
>>
>> - Wiki Access:
>>
>> Write access to the wiki is to anyone who has created a login name on
>the
>> wiki
>> whose name has been added to the page
>> https://wiki.apache.org/spamassassin/ContributorsGroup
>>
>> Write access to that page is to anyone whose wiki login name has been
>> added to
>> https://wiki.apache.org/spamassassin/AdminGroup
>>
>> - Members of SA SysAdmins (SASA):
>> Dave Jones -  [email protected]
>> Kevin A. McGrail - 703-798-0171 - [email protected]
>> Bryan Vest - [email protected]
>>
>> - Who's in Charge?
>> The PMC.  There is no leadership hierarchy in the SpamAssassin
>SysAdmins.
>>
>> NOTE: As with any ASF role, if you follow The Apache Way, you should
>feel
>> empowered to Just Do It (TM Nike)
>>
>> For a SysAdmin, your solution works (Merit), it's well documented
>(Open)
>> and supports the project (Community), you're good to go though as a
>> SysAdmin you need to realize we have control over private data.  All
>SASA
>> members have been asked to follow the LISA Code of Ethics.
>>
>> Tenants we Follow:
>>   - The Apache Way, Shane Curcuru's post on this are a good point:
>> http://theapacheway.com/
>>   - LISA/Sage Code of Ethics, https://www.pccc.com/base.cgim
>> ?template=sage_code_of_ethics
>>
>> Important Resources:
>>
>>   The ASF Infrastructure (Infra) Jira: https://issues.apache.org/jira
>> /secure/Dashboard.jspa - Sign up at Jira isn't single sign on
>enabled.
>>
>>   SpamAssassin Bugzilla: https://bz.apache.org/SpamAssassin/
>>
>> Short-hand Notes:
>>   There are a lot of acronyms, even those that might be basic that
>will be
>> defined here if we find there is confusion to make it easier to bring
>new
>> sysadmin's onboard to make many hands make light work.
>>
>>     Apache Software Foundation (ASF)
>>     Bugzilla (BZ)
>>     Apache SpamAssassin (SA)
>>     PMC (Project Management Committee)
>>     SVN (SubVersioN)
>>
>> Mailing Lists:
>>   - There is a dedicated SASA Mailing list
>[email protected].
>> org.  Additionally, our machines largely support the Rule QA process
>so
>> [email protected] should be subscribed to.
>>
>>
>> Credentials:
>>   - There are legacy shared credentials.  These must be encrypted and
>> stored in SVN.
>>
>> OPIE:
>> - To sudo to root, you need to use OPIE - See
>> https://reference.apache.org/committer/opie
>>
>> DNS for SpamAssassin.org:
>> - The server creates DNS entries on the fly so we do not use the ASF
>> infrastructure for DNS.  We have a hidden master that pushes to
>Hyperreal
>> and Sonic
>>   Contact for HyperReal is Brian Behlendorf
>>   Contact for Sonic is [email protected]
>>
>> The information located here:
>> https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current
>> configuration information you will need.
>>
>>
>>
>> - Project Machines
>>
>> This is a short description of the machines involved including those
>that
>> USED to exist and why.
>>
>> OLD:
>> - Hyperion.Apache.org - ftp://ftp.ist.utl.pt/apache/de
>> v/machines.html#hyperion shows this was likely a solaris box that I
>had
>> access to when zones died and I had to recover data.
>> - SpamAssassin.zones.apache.org - DIED - was replaced with
>spamassassin-vm
>> - SpamAssassin.zones2.apache.org - deprecated by Infra
>> - spamassassin-vm.apache.org - deprecated by Infra
>>
>> CURRENT:
>> - incoming.apache.org - Donated by Sonic
>> - sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and
>zones2
>>
>> - Other Aliases: buildbot, ruleqa (there might be more).
>>
>> Also, this is an ASF box for all committers:
>>
>> - Minotaur.apache.org aka People - This used to handle various build
>and
>> devel related tasks.   Minotaur.apache.org for ssh (It appears that
>> minotaur is not the proper server anymore.  I used home.apache.org
>per
>> some links that Sidney sent.  (Home.apache.org and people.apache.org
>> resolve to the same IP.)
>>
>>
>>
>> - Backups:
>>
>> There are no backups of these machines save what is stored in SVN or
>that
>> KAM has made.
>>
>> Specifically, what backups does KAM have as of 2017/05/08:
>>
>>   - Hyperion.apache.org - N/A
>>   - Incoming.apache.org aka colo - Backup on KAM's Crashplan
>>   - minotaur.apache.org (NOTE: Aka People) - N/A
>>   - sa-vm1.apache.org - Backup on KAM's Crashplan
>>   - Spamassassin-vm.apache.org - Backup on KAM's Crashplan - Mar 15,
>2017
>> - There is also a backup on sa-vm1 in /x1.
>>   - spamassassin2.zones.apache.org - Backup on KAM's Crashplan from
>> Approximately Jun 2015 last backup.  Also have an Rsync copy from
>June 3,
>> 2015 on PCCC TalonJR machine - And there is also a copy on sa-vm1 in
>/x1
>>
>> - Ubuntu?
>>
>> Ubuntu is the ASF Infrastructures OS of choice.  Supporting others is
>not
>> an option at this time.
>>
>> - How to get access to each machine:
>>
>> sa-vm1.apache.org (current as of 4/28/17)
>>   - Open a Jira ticket with the availid of the person(s) you want to
>have
>> access. Note if they need sudo access or not.
>>   - User self maintains their ssh-key at id.apache.org
>>   - NOTE: if sudo access was requested, run and sets up 'ortpasswd'
>>
>> - Why all the boxes?
>>
>> The resources for Masscheck can be very intensive on CPU, Ram and
>disk I/O
>> intensive.  Over the years, many boxes have been consolidated,
>donated,
>> lost, replaced, moved under ASF Infrastructure or just fell over and
>sank
>> into the swamp.
>>
>> - Some boxes are just names for other boxes
>>  trap-proc.spamassassin.org. Sonic has scripts set up to archive
>> collected spam to that server.
>>
>>
>>
>> KAM Goals for SysAdmin:
>>
>> - For KAM, Apache SpamAssassin is a framework for writing goals. I
>deliver
>> goals to prove the code works but I don't view that the project has
>to
>> provide rules.  Others may disagree but I don't see the value in
>masscheck,
>> ruleqa, etc. when there is not enough people using the data.
>>
>> - Once you have an account on Minotaur/Home/People, goto
>> people.apache.org/~kmcgrail and make a duplicate for you.  NOTE: This
>is
>> documented SOMEWHERE but no idea where.
>>
>> GOAL: Get it so I have your PGP key and put the signature for your
>PGP key
>> into id.apache.org
>>
>> SVN:
>> - You need access to https://svn.apache.org/repos/asf/spamassassin/
>for
>> sysadmin, dns and site.
>> - In the ASF, we use http for read-only access to a repo and https
>for
>> read-write.  So if you are trying to checkout and modify a repo, make
>sure
>> you are using https://
>>
>> Encrypted SVN:
>> - If you can, document things in the Wiki at
>> https://wiki.apache.org/spamassassin/DevelopmentStuff.  If something
>is
>> sensitive, encrypt it and store it on the
>https://svn.apache.org/repos/a
>> sf/spamassassin/sysadmins repo and reference it on the Wiki.
>>
>> SSH:
>> The systems use One Password In Everything (OPIE) to elevate your
>access
>> via sudo.  Some resources:
>https://reference.apache.org/committer/opie
>> and https://reference.apache.org/committer/otp-md5
>>
>>
>>
>>
>> How to Onboard someone as a SysAdmin:
>>
>> - A PMC Member nominates a new SASA member as a committer since we
>store
>> items in SVN for configs
>> NOTE: If they later produce code, they should request that permission
>from
>> the PMC.
>>
>> - If the vote is successful, they then follow all the normal
>committer
>> guidelines to get them an Apache ID including an appropriate
>committer
>> license: https://www.apache.org/dev/new-committers-guide.html
>>
>> - Once they have an Apache ID, they should:
>>
>>   - SASA Member signs up for an Infra Jira account at
>> https://issues.apache.org/jira/secure/Signup!default.jspa?
>>   - SASA Member adds an SSH public key to id.apache.org
>>   - Add your PGP public key.  http://people.apache.org/~kmcgrail/
>>   - Create an account on our Wiki
>>   - Email [email protected]
>>   - Email [email protected] and ask for karma to
>access
>> sa-vm1 with sudo access
>>   - Email [email protected] and ask for your account
>to
>> be added to https://wiki.apache.org/spamassassin/ContributorsGroup
>and
>> https://wiki.apache.org/spamassassin/AdminGroup
>>   - Start looking at
>https://wiki.apache.org/spamassassin/DevelopmentStuff
>> under infrastruction
>>
>> - Someone with Karma needs to:
>>   - Approve request to sysadmins mailing list
>>   - Add them to ContributorsGroup and AdminGroup on Wikki
>>   - Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to
>get
>> them access to our box
>>
>> --
>> Kevin A. McGrail
>> Asst. Treasurer, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>>
>>

Reply via email to