spamassassin-sysadmins mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <kmcgr...@apache.org>
Subject Onboarding, Documentation, etc.
Date Mon, 08 May 2017 22:13:15 GMT
Dave and Bryan, below is my latest attempt at the how to information for 
sysadmins.

Can one of you please take on incorporating this into the wiki?


Apache SpamAssassin SysAdmin How-To

NOTE: This was written in April of 2017 to help modernize our system records

- Other records: See 
https://wiki.apache.org/spamassassin/DevelopmentStuff - This document 
will likely be used to replace that page.

- Wiki Access:

Write access to the wiki is to anyone who has created a login name on 
the wiki
whose name has been added to the page
https://wiki.apache.org/spamassassin/ContributorsGroup

Write access to that page is to anyone whose wiki login name has been 
added to
https://wiki.apache.org/spamassassin/AdminGroup

- Members of SA SysAdmins (SASA):
Dave Jones -  davej@apache.org
Kevin A. McGrail - 703-798-0171 - kmcgrail@apache.org
Bryan Vest - bvest@apache.org

- Who's in Charge?
The PMC.  There is no leadership hierarchy in the SpamAssassin SysAdmins.

NOTE: As with any ASF role, if you follow The Apache Way, you should 
feel empowered to Just Do It (TM Nike)

For a SysAdmin, your solution works (Merit), it's well documented (Open) 
and supports the project (Community), you're good to go though as a 
SysAdmin you need to realize we have control over private data.  All 
SASA members have been asked to follow the LISA Code of Ethics.

Tenants we Follow:
   - The Apache Way, Shane Curcuru's post on this are a good point: 
http://theapacheway.com/
   - LISA/Sage Code of Ethics, 
https://www.pccc.com/base.cgim?template=sage_code_of_ethics

Important Resources:

   The ASF Infrastructure (Infra) Jira: 
https://issues.apache.org/jira/secure/Dashboard.jspa - Sign up at Jira 
isn't single sign on enabled.

   SpamAssassin Bugzilla: https://bz.apache.org/SpamAssassin/

Short-hand Notes:
   There are a lot of acronyms, even those that might be basic that will 
be defined here if we find there is confusion to make it easier to bring 
new sysadmin's onboard to make many hands make light work.

     Apache Software Foundation (ASF)
     Bugzilla (BZ)
     Apache SpamAssassin (SA)
     PMC (Project Management Committee)
     SVN (SubVersioN)

Mailing Lists:
   - There is a dedicated SASA Mailing list 
sysadmins@spamassassin.apache.org.  Additionally, our machines largely 
support the Rule QA process so ruleqa@spamassassin.apache.org should be 
subscribed to.


Credentials:
   - There are legacy shared credentials.  These must be encrypted and 
stored in SVN.

OPIE:
- To sudo to root, you need to use OPIE - See 
https://reference.apache.org/committer/opie

DNS for SpamAssassin.org:
- The server creates DNS entries on the fly so we do not use the ASF 
infrastructure for DNS.  We have a hidden master that pushes to 
Hyperreal and Sonic
   Contact for HyperReal is Brian Behlendorf
   Contact for Sonic is grant.keller@sonic.com

The information located here:
https://wiki.sonic.net/wiki/Secondary_DNS_Service is the current
configuration information you will need.



- Project Machines

This is a short description of the machines involved including those 
that USED to exist and why.

OLD:
- Hyperion.Apache.org - 
ftp://ftp.ist.utl.pt/apache/dev/machines.html#hyperion shows this was 
likely a solaris box that I had access to when zones died and I had to 
recover data.
- SpamAssassin.zones.apache.org - DIED - was replaced with spamassassin-vm
- SpamAssassin.zones2.apache.org - deprecated by Infra
- spamassassin-vm.apache.org - deprecated by Infra

CURRENT:
- incoming.apache.org - Donated by Sonic
- sa-vm1.apache.org - Ubuntu box to replace spamassassin-vm and zones2

- Other Aliases: buildbot, ruleqa (there might be more).

Also, this is an ASF box for all committers:

- Minotaur.apache.org aka People - This used to handle various build and 
devel related tasks.   Minotaur.apache.org for ssh (It appears that 
minotaur is not the proper server anymore.  I used home.apache.org per 
some links that Sidney sent.  (Home.apache.org and people.apache.org 
resolve to the same IP.)



- Backups:

There are no backups of these machines save what is stored in SVN or 
that KAM has made.

Specifically, what backups does KAM have as of 2017/05/08:

   - Hyperion.apache.org - N/A
   - Incoming.apache.org aka colo - Backup on KAM's Crashplan
   - minotaur.apache.org (NOTE: Aka People) - N/A
   - sa-vm1.apache.org - Backup on KAM's Crashplan
   - Spamassassin-vm.apache.org - Backup on KAM's Crashplan - Mar 15, 
2017 - There is also a backup on sa-vm1 in /x1.
   - spamassassin2.zones.apache.org - Backup on KAM's Crashplan from 
Approximately Jun 2015 last backup.  Also have an Rsync copy from June 
3, 2015 on PCCC TalonJR machine - And there is also a copy on sa-vm1 in /x1

- Ubuntu?

Ubuntu is the ASF Infrastructures OS of choice.  Supporting others is 
not an option at this time.

- How to get access to each machine:

sa-vm1.apache.org (current as of 4/28/17)
   - Open a Jira ticket with the availid of the person(s) you want to 
have access. Note if they need sudo access or not.
   - User self maintains their ssh-key at id.apache.org
   - NOTE: if sudo access was requested, run and sets up 'ortpasswd'

- Why all the boxes?

The resources for Masscheck can be very intensive on CPU, Ram and disk 
I/O intensive.  Over the years, many boxes have been consolidated, 
donated, lost, replaced, moved under ASF Infrastructure or just fell 
over and sank into the swamp.

- Some boxes are just names for other boxes
  trap-proc.spamassassin.org. Sonic has scripts set up to archive 
collected spam to that server.



KAM Goals for SysAdmin:

- For KAM, Apache SpamAssassin is a framework for writing goals. I 
deliver goals to prove the code works but I don't view that the project 
has to provide rules.  Others may disagree but I don't see the value in 
masscheck, ruleqa, etc. when there is not enough people using the data.

- Once you have an account on Minotaur/Home/People, goto 
people.apache.org/~kmcgrail and make a duplicate for you.  NOTE: This is 
documented SOMEWHERE but no idea where.

GOAL: Get it so I have your PGP key and put the signature for your PGP 
key into id.apache.org

SVN:
- You need access to https://svn.apache.org/repos/asf/spamassassin/ for 
sysadmin, dns and site.
- In the ASF, we use http for read-only access to a repo and https for 
read-write.  So if you are trying to checkout and modify a repo, make 
sure you are using https://

Encrypted SVN:
- If you can, document things in the Wiki at 
https://wiki.apache.org/spamassassin/DevelopmentStuff.  If something is 
sensitive, encrypt it and store it on the 
https://svn.apache.org/repos/asf/spamassassin/sysadmins repo and 
reference it on the Wiki.

SSH:
The systems use One Password In Everything (OPIE) to elevate your access 
via sudo.  Some resources: https://reference.apache.org/committer/opie 
and https://reference.apache.org/committer/otp-md5




How to Onboard someone as a SysAdmin:

- A PMC Member nominates a new SASA member as a committer since we store 
items in SVN for configs
NOTE: If they later produce code, they should request that permission 
from the PMC.

- If the vote is successful, they then follow all the normal committer 
guidelines to get them an Apache ID including an appropriate committer 
license: https://www.apache.org/dev/new-committers-guide.html

- Once they have an Apache ID, they should:

   - SASA Member signs up for an Infra Jira account at 
https://issues.apache.org/jira/secure/Signup!default.jspa?
   - SASA Member adds an SSH public key to id.apache.org
   - Add your PGP public key.  http://people.apache.org/~kmcgrail/
   - Create an account on our Wiki
   - Email sysadmins-subscribe@spamassassin.apache.org
   - Email sysadmins@spamassassin.apache.org and ask for karma to access 
sa-vm1 with sudo access
   - Email sysadmins@spamassassin.apache.org and ask for your account to 
be added to https://wiki.apache.org/spamassassin/ContributorsGroup and 
https://wiki.apache.org/spamassassin/AdminGroup
   - Start looking at 
https://wiki.apache.org/spamassassin/DevelopmentStuff under infrastruction

- Someone with Karma needs to:
   - Approve request to sysadmins mailing list
   - Add them to ContributorsGroup and AdminGroup on Wikki
   - Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to 
get them access to our box

-- 
Kevin A. McGrail
Asst. Treasurer, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project	


Mime
View raw message