Bits from the Debian Systems Administration Team
-----BEGIN PGP SIGNED MESSAGE-----
Quite some time has passed since the last issue of 'Bits from the Debian
Systems Administration Team'. Find below a small report on our
activities over the last year or so, and a description of some of our
== Five Year Plan ==
As previously mentioned, we plan to incrementally move Debian's core
infrastructure from 'ad-hoc replacement' to 'proactively upgraded',
complete with active warranty or post-warranty support.
In an effort to reduce the complexity of our core environment, and to
better achieve our hardware plans, we are focussing on two activities:
consolidation and virtualization.
Debian is fortunate to have many generous hosting providers. That said,
over the past year, DSA has been consolidating core infrastructure into
three data centres: grnet, man-da and ubcece. While most of our
hosting providers are able to host a machine or two, these hosting
providers are able to provide a significant amount of bandwidth, power,
out-of-band management and rackspace to Debian.
DSA's intention is to leverage these data centres for the bulk of our
core infrastructure, primarily by deploying a standardized virtual
machine hosting infrastructure and migrating the majority of Debian's
core services onto virtual machines.
At present, 'standardized' means HP servers and storage at the physical
layer, Debian for the host and guest operating systems, and ganeti for
virtual machine management. Finally, in addition to virtualizing
physical machines, we will be migrating virtual machines from libvirt to
We value all our hosting providers. We continue to host machines with
many organizations, small and large, and are very appreciative of their
We are one year into our Five Year Plan and it is time to refresh it to
reflect the changes in the past year and several upcoming opportunities,
which we shall undertake during our Sprint in June.
In particular, we are very pleased to welcome Bytemark Hosting 
(hereafter 'bytemark') as a new hosting provider. They have agreed to
donate, host and maintain a fully populated HP c7000 Blade System
complete with significant storage arrays. Once deployed (in the next
month or so), Debian's infrastructure at bytemark will rival (if not
exceed) that at ubcece, providing us with greater geographical and
In the middle of this year we also plan to replace - at least parts of -
our gear hosted at grnet by newer machines. This will allow us to reduce
the amount of rack space currently in use, allowing us to host
additional equipment in the future.
== Systems Management ==
We have recently virtualized a number of physical machines, the most
notable being master.debian.org and udd.debian.org. Our experience with
ganeti virtualization, thus far, is very positive and we will continue
with our virtualization efforts.
We attempt to leverage donation opportunities as they present themselves
(bytemark), and we actively solicit donations when we are able. For
example, we worked with Arnaud Quette (maintainer of 'nut', employee of
Eaton) to source[D] Eaton uninterruptible power supplies and power
distribution units for our equipment at man-da and sil[E]. This UPS and
PDU gear will allow for greater availability of Debian's core
infrastructure to the community and ease administration for DSA. Our
goal is to have remote power and console capability in our core data
centres and this donation from Eaton goes a long way towards achieving
Going forward, several services are currently hosted on physical IBM
machines that are EOL. In next quarter, we intend to move those services
into dedicated VMs in our ganeti cluster at ubcece where needed. Those
services are: manpages.debian.net. dde.debian.net,
patch-tracker.debian.org and backports-master.debian.org
(backports-master is to be included into ftp-master by the corresponding
teams at the moment anyway). DSA will contact the service owners prior
to the migrations.
On several debian.org machines, services are currently located in the
/org directory. With the release of 'wheezy', DSA will no longer support
this directory and also begin removing existing symlinks from /org to
/srv. Please check which directory your service is currently using and
update your scripts/configuration where neccesary.
In the next months, Debian will build a ganeti cluster in the datacenter
of bytemark, and will move some services to this cluster. Downtimes of
those services will be announced as usual on
== Account Management ==
We have begun a rewrite of userdir-ldap and userdir-ldap-cgi using
django and django-ldapdb. The intent is to modernize the code base
by leveraging the components that a framework offers (an orm with
validators, etc.) while providing users with some additional features.
The plan is to run the old and the new instance in paralell for a while.
Also the web frontend (in its current form) will need face-lift. Your
participation with this rewrite is very welcome.
== Thanks ==
We would like to extend our thanks to
- - Eaton and Arnaud Quette for donating large UPS and PDU gear to
Debian at our man-da and sil data centres,
- - BrainFood for a decade's (a DECADE!) worth of hosting for
master.debian.org and for continuing to work with us to find other
opportunities for BrainFood to assist Debian,
- - the ganeti package maintainers[A], Iustin Pop and Guido Trotter, for
helping us overcome some of our libvirt to ganeti conversion
- - all our donors and hosting partners.
== DSA Team ==
We plan to hold a DSA Sprint in June (the exact date is not yet
confirmed, but we will attempt to hold it before DebConf13). The
intention of this sprint is to review our progress since the last
sprint, to plan our next year and to 'sprint' through some of our
The DSA Team has quite a few open 'construction sites' where we would
happily accept your help. Examples include: handling installation
requests on porter machines; development or enhancement of our tools;
consolidation of our scm environments; improvement of our documentation;
etc. Most of our code can be found at [B]. Most of our tools are written
in python, perl or shell. Being Debian Developer is helpful, but not
need for all of the above tasks.
As always, if you have comments or concerns, please contact us at
firstname.lastname@example.org (DSA + local/service admins) or
email@example.com (DSA only).
Luca Filipozzi and Martin Zobel-Helas
on behalf of the Debian Systems Administration Team
Martin Zobel-Helas <firstname.lastname@example.org> Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----