On 05/13/2017 08:13 AM, Kevin A. McGrail wrote:
On 5/12/2017 7:32 PM, Dave Jones wrote:
I have all of this information on
https://wiki.apache.org/spamassassin/InfraNotes2017 now. Please
review and comment/update as needed.
Overall, the organization and edits are very good. Thanks for fixing
Tenets, I knew that word looked wrong!
I added a goal section with my goal. I suggest you add your goal as
well and I've put this on the onboarding task list.
I am not sure about my goal since it may be in slight conflict with your
goal. :) I would like SA to be a little more toward a complete spam
filter out of the box so people don't have to spend years learning all
of the ins and outs to make it effective. I understand that SA can't be
complete out of the box for every mail environment is a little different
but I feel that it could be improved a little more with some default rules.
Rather than edit directly, I wanted to ask that you do it to look at
what I wrote and to explain why it's needed. NOTE: Some of these are
edited from the previous send as I look them over again.
*- Credentials:*
- There are legacy shared credentials for elevated access on older
machines. These must be encrypted and stored in SVN. The project is
slowly moving away from these concepts.
Got it.
*- Under DNS, *List Hyperreal and that it is currently offline because
we can't get DJBDNS to transfer a record.
Contact for HyperReal is Brian Behlendorf
Will do. I thought about leaving it out since we aren't using that DNS
server anymore.
- I would also add this information for Sonic in case their IPs change,
etc.
https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current
configuration information you will need.
This is a link in the "Hidden Slave" on the DNS Hosting table. I you
want it more prominent, then I can change the link to show the URL.
I don't see this section and it will be important in the detective work
as you read scripts. Even I have to refer to it quite often when I come
across legacy documentation to figure out where something points to now.
*- Project Machines*
This is a short description of the machines involved including those
that USED to exist and why.
OLD:
- Hyperion.Apache.org -
ftp://ftp.ist.utl.pt/apache/dev/machines.html#hyperion shows this was
likely a solaris box that I had access to when zones died and I had to
recover data.
- SpamAssassin.zones.apache.org - DIED - was replaced with spamassassin-vm
- SpamAssassin.zones2.apache.org - deprecated by Infra
- spamassassin-vm.apache.org - deprecated by Infra
CURRENT:
- incoming.apache.org - Donated by Sonic
Is the "incoming" server still around? I wasn't able to resolve it in
DNS yesterday or today.
- sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and zones2
- Other Aliases: buildbot, ruleqa (there might be more).
Also, this is an ASF box for all committers:
- Minotaur.apache.org aka People - This used to handle various build and
devel related tasks. Minotaur.apache.org for ssh (It appears that
minotaur is not the proper server anymore. I used home.apache.org per
some links that Sidney sent. (Home.apache.org and people.apache.org
resolve to the same IP.)
*Under the standards,* I would add this as someone will ask if we can
use XYZ
- Ubuntu? Ubuntu is the ASF Infrastructures OS of choice. Supporting
others is not an option at this time.
*I think this section is important *especially because it needs others
added to it.
- How to get access to each machine:
sa-vm1.apache.org (current as of 4/28/17)
- Open a Jira ticket with the availid of the person(s) you want to
have access. Note if they need sudo access or not.
- User self maintains their ssh-key at id.apache.org
- NOTE: if sudo access was requested, run and sets up 'ortpasswd'
Got it.
*I would add this:*
Will do.
- Why all the boxes?
The resources for Masscheck can be very intensive on CPU, Ram and disk
I/O intensive. Over the years, many boxes have been consolidated,
donated, lost, replaced, moved under ASF Infrastructure or just fell
over and sank into the swamp.
- Some boxes are just names for other boxes
trap-proc.spamassassin.org. Sonic has scripts set up to archive
collected spam to that server.
*I would add this:*
Will do.
SVN:
- You need access to https://svn.apache.org/repos/asf/spamassassin/ for
sysadmin, dns and site.
- In the ASF, we use http for read-only access to a repo and https for
read-write. So if you are trying to checkout and modify a repo, make
sure you are using https://
This is documented under the SVN section. The RO and RW should be self
explanatory to a sysadmin.
Encrypted SVN:
- If you can, document things in the Wiki at
https://wiki.apache.org/spamassassin/DevelopmentStuff. If something is
sensitive, encrypt it and store it on the
https://svn.apache.org/repos/asf/spamassassin/sysadmins repo and
reference it on the Wiki.
*The onboarding workflow *shouldn't include the important resources or
acronyms IMO. Those are good for everyone which ties into...
It's not under the Workflow section but parallel with the Onboarding so
new people would see it. After you read the acronymns once, you should
have them down.
*The onboarding workflow *should have the extra steps added back not
just the pointer to important resources. I am making it self-fulfilled
and self-driven and trying to have a specific set of steps done so they
can get to work as quickly as possible.
Do you want to document stuff twice and have to maintain it in two places?
- Once they have an Apache ID, they should:
- SASA Member signs up for an Infra Jira account at
https://issues.apache.org/jira/secure/Signup!default.jspa?
- SASA Member adds an SSH public key to id.apache.org
- Add your PGP public key. http://people.apache.org/~kmcgrail/
- Create an account on our Wiki
- Email sysadmins-subscr...@spamassassin.apache.org
- Email sysadmins@spamassassin.apache.org and ask for karma to
access sa-vm1 with sudo access
- Email sysadmins@spamassassin.apache.org and ask for your account
to be added to https://wiki.apache.org/spamassassin/ContributorsGroup
and https://wiki.apache.org/spamassassin/AdminGroup
- Start looking at
https://wiki.apache.org/spamassassin/DevelopmentStuff under infrastructure
- Update the Wiki with your Goals as a member of the SpamAssassin
SysAdmins
- Send an introduction email to the sysadmins mailing list. Typical
topics have been your history with computers, what you do now and
contact information.
Most of this is in the Important Resources but I will add the things
that are not.
- Someone with Karma needs to:
- Approve request to sysadmins mailing list
- Add them to ContributorsGroup and AdminGroup on Wikki
- Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to
get them access to our box
This is already in the Onboarding -> Workflow.
