This seemed like the best way to have an open dialog among all the candidates, and ensure that everyone received the same information regarding our server operations. Please take a moment to set up your email client and add [email protected] to your whitelist.
The current list of candidates are: Baird Cowan Brad Bardcom Steve Ball Darryl C. Noye Will Urbanski Charles Goldsmith I'd ask that each of you take a moment to introduce yourself to the list with some basic background on who you are and your experience with the technoligies discussed throughout this email. Please be sure to point out your experience with the server technologies This will also serve as a confirmation to me that you have received the email. The IT Committee Chairman reports to the Organizational Vice President, currently William Shrewsbury, who is on this listserv. William, please also introduce yourself. Next, note that I'm archiving the list so that if we pick up any new candidates along the way, they will be able to read everything that we've discussed and get caught up quickly. The archive can be found at http://lists.caves.org/mailman/private/it-chair-search/ Now for a basic summary of our set-up and common tasks. We're running a dedicated virtual private server (VPS) with MediaTemple [ http://mediatemple.net ]. uname -a Linux caves.org 2.6.9-023stab046.2-enterprise #1 SMP Mon Dec 10 15:22:33 MSK 2007 i686 i686 i386 GNU/Linux We just transitioned from 1&1 Internet Inc. to MediaTemple in August of 2008. At 1&1, there were 4 separate hosting accounts, with three of them being rsync'd to a central hosting account every 10 minutes. The reason was that each hosting account had a limitation on the number of FTP accounts that could be created. We offer hosting for a minimal price to all of our Internal Organizations (IOs) [ http://www.caves.org/webservices/index.shtml ]. There are over 100 FTP accounts with access to the server. The rsync process with 1&1 was a complete pain to our IOs, and we lost customers. Customers? Yes. NSS Web Server operations are completely paid for by the hosting and advertising on caves.org. Furthermore, our uptime with 1&1 was atrocious, and there customer support was completely lacking. MediaTemple customer support is attentive and responsive to any request, and their price is reasonable for our needs. I urge you not to even consider moving hosting companies. Background: The move to 1&1 occurred when a box housing the NSS Web Server at a colo in Florida crashed. That was before my time. Josh Bailey, my predecessor, had only been on the job for a couple of months and had to deal with that nightmare. When I came on board, all I heard were complaints about the rsync process as it wreaked havoc with PHP scripts such as image galleries etc. People were uploading pictures to the main hosting account, and then the files were deleted by the rsync. So then the rsync process got convoluted with a huge list of directory exceptions. Bleh. So, I'm happy at MediaTemple. I know our hosted IOs are much happier. I announced the end of the rsync, and there was much rejoicing. I think Alex Sproul would agree that we're better off, with one caveat. Alex is our webmaster, and he's on this listserv too. He takes care of all "official" content on the NSS site caves.org. He also administers the creation, removal, and maintenance of @caves.org email accounts. I'm sure he'll tell you more in his introduction. With 1&1, Alex also admin'd the creation, removal, and maintenance of FTP accounts. That is not currently possible via the Plesk control panel with our current server. Parallels has said that they are moving the interface in a direction that would allow that, but for right now, they only have a concept of "Web Users" with directories at ~/user-name. That just doesn't fly with our hosted IOs. And don't even think about symlinking all kinds of web user directories to hosted IO space. Symlinks are evil in a web server configuration. We're still cleaning out symlinks after the move to MediaTemple. find ./ -type l | wc -l 21 That's down from around 100. For the purposes of continuity, I have intentionally NOT made a lot of modifications to the server configuration. That was mainly so we wouldn't end up with a Frankenstein's monster. Basics: MySQL 5.0.22 Apache 2.2.3 PHP 5.2.6 Perl 5.8.8 Perl is not allowed for use by anyone other than in the central /cgi-bin/. Only official NSS operations are permitted to use the central /cgi-bin/. This is for security reasons, and I didn't want to have to maintain a Perl wrapper script. PHP is free to use by anyone on the server. The hosted IOs are jailed by PHP open_basedir directives. The Apache config is the default, managed by Plesk. It only takes a couple of keystrokes to request that Plesk rebuild the entire configuration, so I didn't want to risk my own personal config. Again, trying to keep things as close to the baseline install as possible. There is a tie-in to custom configuration files, and we do use those via the Apache Include directive. There are 21 MySQL databases. Some are used by hosted IOs, while others are used by nssbookstore.org and our member-search application. The server has two IP addresses, one used for caves.org and the other for nssbookstore.org. This is because both need SSL connections, and Apache hasn't really gotten Server Name Indication [ http://en.wikipedia.org/wiki/Server_Name_Indication ] completely right (although, admittedly, I run SNI at work in a development environment, I don't think it's ready for production use). Whew, alright, that should be enough of an appetizer. Feel free to make suggestions for the main course. And now for my brief introduction. I run the Enterprise Content Management System at Virginia Tech [ http://ensemble.cms.vt.edu/ ], and I work in Central IT Web Hosting Services [ http://www.hosting.vt.edu ]. I've been in my current job for almost two years. Before this, I wrote custom PHP/MySQL CMS apps for various departments around the campus. I like to think that my experience in hosting environments is what best qualifies me to act as IT Chairman. With that being said, let me add that I don't really want to resign my chair. IMHO, there's already been too much turn-over in the position. However, both of my parents have escalating health concerns, and I need to refocus on my family's needs. Due to a lack of members on the IT committee with Linux experience, I can't really delegate my duties to anyone else. So, where does that leave us? Well, I don't intend to leave the IT Committee. Additionally, with so many of you offering assistance, I would hope that you will consider becoming a part of the committee even if not selected as my successor. We have several projects in dire need of someone to guide them to completion. A few examples... 1. Complete caves.org redesign. We're talking look, feel, and navigation. It needs some serious work. I do have a contact here at VT that has offered to do the design work for us pro-bono. However, with all pro-bono work, you're at the discretion of the contributor. 2. Rewrite of all member joining/renewal scripts. These need to incorporate Credit Card processing up to the PCI standards. I've already mapped out the workflow for the scripts, but I just haven't had time to rework everything from our current Perl scripts into PHP. I'm trying to move away from Perl, because there's no reason to use a sledge hammer when a small mallet will due. 3. New scripts to handle billing for hosted IOs. Oy, the current billing method has resulted in a disconnect between the NSS Office, me, and Alex. This project is a must, but there's so much back-story that I'll have to save it until after we've selected the new chair. 3. Membership sign-in on caves.org (and eventually nssbookstore.org). Currently, the sign-in is an NSS membership number and zip code. I'm really not happy with that. I think we should be running OpenLDAP, and have an interface for users to reset passwords, etc. Then we could directly tie in for authentication/authorization via Apache, instead of the current PHP hack in place. This would also work well for membership renewals because the user's wouldn't have to re-enter all their information, we could just pull it from LDAP and let them update what's needed. Maybe that's a pipe-dream, but if we hope to be the premier caving organization, we need to start fulfilling our members' expectations. Yes, I know that's a lot to digest, but remember, this is just the appetizer. _______________________________________________ It-chair-search mailing list [email protected] http://lists.caves.org/mailman/listinfo/it-chair-search
