[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

state of the DSA nation

[note to -project readers:  this mail was written with -admin as an
 intended audience in mind and not you, but I figured I'd CC you
 anyways.  Please excuse the style and terseness of some items.]


just a short[post scriptum, a few hours later: hah.] overview of our
state/todo list/plans as I see it.  Feel free to comment/argue/etc.

= vancouver =

We got a nice msa2ki storage from HP at UBC/ECE.  Currently it's
resyncing/growing its raid because I want to see how it handles stuff.
Once this is done we can start moving stuff onto kvm domains on
dijkstra - the blade we also got.

Things I want to put there as a start:
	- an i386 or amd64 buildd or both, depending on what wbadm
	- move buildd/wannabuild from raff to a domain so we rely
	  less on FtC and old servers that are long out of warranty.

Luca also managed to get a system with lots of storage (on the order of
10 to 20t) from one of the Professors at UBC.  Unfortunately the system
itself is too old to have modern CPUs that do virtualisation stuff, and
it "only" has 6 or so gigs of ram.

We can use this for either backups (if we want to do more than what
bartok currently has), or - I'd prefer that - we ask Noel Koethe and
Paul Wise if they still want to do their sources.d.o and merge.d.o
services (see http://dsa.debian.org/hardware-wishlist/).  The system can
also be home for data.d.o and snapshot.d.o if the other things don't
work out.

= darmstadt =

Unger, the dl360 in darmstadt, germany, has two raid controllers.
Currently the disks are on the p400 controller which does not have a
battery backed cache.  We should move the disks to the p800 (see
RT#1129).  Once that is done we should move db.debian.org (i.e. our
ldap) onto a kvm domain on unger. unger already has one trusted system,
handel, our puppet master.

liszt is still on etch.  The upgrade ticket is owned by zobel who is
also listmaster, so that makes sense.

= helsinki =

On piatti the piuparts team got piuparts running again.  That means that
piatti now is quite loaded.

Piatti hosts udd, and it has bugs and packages mirrors tho I removed
them both from dns because piatti's load spiked into the hundreds.

Moving non-piuparts stuff of piatti and thereby dedicating piatti solely
to piuparts again is also preferable because piuparts does lots of stuff
as root, and so do its admins.

= ftc =

nagios from samosa should probably move to spohr, which appears to be
our "public dsa services that are not all that security critical"-box
these days.

That'll leave samosa free.  Once buildd is in vancouver, raff only has
keyring left, but that should be easy to move; and raff still has morgue
files from ftp-master, they can be moved elsewhere also.

So we could move udd from piatti to its own dedicated host (either raff
or samosa) - see #1241.  DDE can move onto the same host, away from
merkel, if desired by dde-adm.

= csail/mit =

Noahm at CSAIL/MIT still has 3 of the old HP servers we got two months
ago in his to-setup queue (they are from the same batch as the dl360
that is schein, now hosted at ISC and being security.us).

IIRC we will have two dl360 (senfl and rore) and one dl380 (carver).
Disk-wise I don't know/remember how they will be.  Probably at least 74g
(2x74g raid1) in the dl360s, and 180g (6x36g raid5) in the dl380.

Once they are online we should think of moving individual services

= munich =

verdi is a really really old box: dual pentium III 700mhz, 512mb of ram,
raid5 of 4 18g disks one of which failed half a year ago and hasn't been
replaced yet.  verdi hosts volatile-master.

volatile should maybe be integrated into the ftp archive proper - I sent
an email regarding that a few months back to the volatile folks.  If
that does not happen we need to move it to a new host, then we can
decommission verdi.

= karlsruhe =

wieck and schumann - dell servers from november or so - are sponsored by
1&1.  wieck is acting as a security mirror for a while now.

schumann has been made into a kvm host and is currently hosting one
domain: chopin.  chopin will become new security-master (currently
klecker) once the ftp folks are done setting stuff up.

we can setup another kvm domain on it (we have 2 more ip addresses) for
other security stuff.  fw mentioned a couple of months back that he
wants a place for security-tracker.d.n.  This could be it.  white
(steffen joeris) also wants a home for testing-security.d.n.  They can
probably live on the same kvm domain.

= minnesota =

saens isn't doing anything since we moved ftp.d.o to kassia.  We were
talking about making it a mail relay at one point, but it doesn't look
like there'll be any progress there any time soon, nor is it still
certain we want/need that.

maybe make seans part of security.us?

= nl =

Once security-master is on chopin, the only thing left on klecker will
be www-master (and www).

We do not have ilo access to klecker, tho if we had a piece of useful
(rackable) hardware with at least two ethernet ports we could probably
ask xs4all to put it next to klecker and we could access it that way.
If that ever works out we could re-install klecker with amd64 userland.

I see no reason why we would want to move www-master away from klecker

= osuosl =

rietz' storage subsystem is really weird.  It seems to hang for seconds
to minutes at times.  Maybe rietz is really really overloaded or the
hardware is not well.

rietz currently is bugs-master and syncproxy.na.

I suggest we move bugs-master to a kvm domain on dijkstra (don said
that'd be fine).

Once that happened we can re-setup it with amd64 userland, and then
re-setup syncproxy.na.  Ganneff said that'd be ok with him, tho we might
miss a mirrorpulse or two in the process.

= summary =

Services which could/should move or need a new home:
	[not sure we should move qa at all, but we could]
	qa.d.o - currently on merkel		-> new dl* at mit, or {raff,samosa} once empty
	bugs.qa - currently on merkel		-> new dl* at mit, or {raff,samosa} once empty
	packages.qa - currently on master	-> new dl* at mit, or {raff,samosa} once empty
	[qa probably needs a debian mirror tho, so maybe leaving
	 them on merkel or at least in FtC is not the worst idea]

	db.debian.org - from samosa		-> kvm domain on unger (darmstadt)
	nagios - from samosa			-> spohr

	udd - from piatti			-> {raff,samosa}
	dde - from merkel			-> {raff,samosa} (to udd)

	nm.d.o - currently on merkel		-> new dl* at mit, or {raff,samosa} once empty

	bugs mirror - from piatti		-> new dl* at mit, or {raff,samosa} once empty
	packages mirror - from piatti		-> new dl* at mit, or {raff,samosa} once empty

	volatile-master - from verdi - if it needs a new host.
						-> kvm domain on dijkstra (vancouver)
	buildd/wannabuild - from raff		-> kvm domain on dijkstra (vancouver)
	i386 buildd/amd64 buildd - NEW		-> kvm domain on dijkstra (vancouver)

	security-master - from klecker		-> chopin
	security-tracker.d.n - NEW		-> kvm domain on schumann
	testing-security.d.n - NEW		-> kvm domain on schumann

	security mirror - NEW			-> saens

	bugs-master - rietz			-> kvm domain on dijkstra (vancouver)

= snapshot =

still waiting for a summary from hw-don folks.

= durin =

durin is a non-debian.org box or xen domain in darmstadt iirc, run by
the german cabal.  zobel mentioned he'd like to move several services
off it onto debian.org systems.  Do we have a list somewhere?

= arch specific stuff =

== arm ==

elara and europe were arm buildds up until the lenny release.  Now they
are no longer needed as such.  Decide if we want to keep one as a porter
box in leu of agnesi (which has weird network).
(#1064, #1083, #1065)

== m68k ==

finally get rid of crest and kullervo (#1132).

== powerpc ==

bruckner is quite old and slow, and we got pescetti as a porterbox now.
Return to the owner?

== s390 ==

we have two porterboxes here.  zelenka is new and fast and has nice
network but is a little short on disk space.  raptor has more diskspace
but the network is too restricted - we can't even get to our puppet
master from it and the local admin is not helpful.  I suggest we ask
zelenka sponsors (zivit) nicely if we can have more disk, and we get rid
of raptor.

== hppa ==

new hpp buildd in the queue (#1177).  not as fast as peri and penalosa
but hopefully stable.  Also gives us location redundancy (peri and
penalosa are both at ftc.)

== sparc ==

waldi is still sitting on debian's t1000 at osuosl.  last status I heard
was that he wanted to install solaris on it.  I'm way past caring about
it by now.

fabbione brought up a potential t2000 a while ago (#1144) - ping him

= other stuff =

there are still a couple of porter chroots to upgrade.  feel free to do

not all that many hosts still on etch.

                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to: