Workshop:2009/05/16

From SOWNWiki
Jump to: navigation, search


Undertaken Tasks

Fixing Stag's Head Node node (morse)

Implementing `campus tunneled' node type (daveruss)

This is not required. Open VPN attributes are now always be displayed if null/0 then assume there is no tunneling. The node type should not be used for defining whether a node is tunneled.

Node type is now only used for the purposes of statistics. It has no effect on authentication or anything else to do with setupnode system. The fields to use when trying to alter this are the chains for the node (JaNET,NET,SOWN) etc which dictate which functionallity users can gain on a node, and the Operating System type field so the system can make distribution specific decisions about config.

It would be a good idea to have the availibility to disable the use of openvpn in instances of nodes which are on the sown vlan. This should then allow any node to be handled separatelly.

Add auth site to SVN (Leth)

Added to an SVN on sown-auth in /srv/subversion/https-auth. The directory /srv/subversion was added to backups by morse.

Logging without the tunnel (SjH)

Added. This now logs to SOWN-VPN over a tcp tunnel on its forward facing interface.

Update the Radius code on sown-auth (morse)

Integration mysql2.ecs database into SOWN database (daveruss)

Dump of mysql2.ecs database was taken. It contain 3 tables. noderequests table was moved to the main database on sown-auth and renamed node_requests. new user created on sown-auth mysql server that allows select/insert/update/delete on the node_requests table.

Other two tables were from a survey about wireless usage in May 2007. A dump of these tables were taken and were to be placed on secure docpot. However anyone with access to the ecs filestore would be able to view this sql dump. Therefore we decided to improve secure docpot by hosting it on sown-auth and proxying it to the ecs webserver.

Secure docpot on sown-auth (daveruss)

docpot directory created in the root web directory. setting up proxying and passing on of authentication details still needs to be done.

Bug reporting / account request from captive portal login page (Leth & crwilliams)

Apache modules mod_rewrite and mod_proxy have been enabled on auth so that we can transparently proxy the contact web forms from www.sown.org.uk. HTTP GET Options need adding to the contact pages to better support this.

Moving dev from node type to node deployment

There is no dev type on node. Nodes can use dev as a vpn endpoint which may have caused some confusion. Probably the best solution is to use `private' flag on node_deployments for dev deployments. We need to check that appropriate places observe the `private' flag, i.e. in nagios, stats, etc.


Unattempted Tasks

  • Layman's guide to port-forwarding to a SOWN[at]HOME node
  • Permissions setup on helios for areas not developable from dev (eg: /wiki, /todo)
  • Updating wiki pages for ZeplerNode and StagsNode
  • Test watchdog on OpenWRT for kernel panics
  • Relogin page so that users can login from a different user account
Facts about "2009/05/16"
Has date16 May 2009 +
Has end date16 May 2009 +