Re: state of the DSA nation
On Sat, 28 Mar 2009, Peter Palfrader wrote:
> = vancouver =
>
> We got a nice msa2ki storage from HP at UBC/ECE. Currently it's
> resyncing/growing its raid because I want to see how it handles stuff.
> Once this is done we can start moving stuff onto kvm domains on
> dijkstra - the blade we also got.
>
> Things I want to put there as a start:
> - an i386 or amd64 buildd or both, depending on what wbadm
> needs.
> - move buildd/wannabuild from raff to a domain so we rely
> less on FtC and old servers that are long out of warranty.
dijkstra is now running geo2, brahms (amd64 buildd, pending setup by
buildd folks), duarte (bts mirror, to maybe become master), and valente
(to become volatile master)
> Luca also managed to get a system with lots of storage (on the order of
> 10 to 20t) from one of the Professors at UBC. Unfortunately the system
> itself is too old to have modern CPUs that do virtualisation stuff, and
> it "only" has 6 or so gigs of ram.
Still waiting on that.
> = darmstadt =
>
> Unger, the dl360 in darmstadt, germany, has two raid controllers.
> Currently the disks are on the p400 controller which does not have a
> battery backed cache. We should move the disks to the p800 (see
> RT#1129).
Still waiting on that.
> Once that is done we should move db.debian.org (i.e. our
> ldap) onto a kvm domain on unger. unger already has one trusted system,
> handel, our puppet master.
db.d.o moved to draghi, running on unger.
> liszt is still on etch. The upgrade ticket is owned by zobel who is
> also listmaster, so that makes sense.
zobel did most of the move recently. still pending puppetisation.
> = helsinki =
>
> On piatti the piuparts team got piuparts running again. That means that
> piatti now is quite loaded.
piatti is once again running just piuparts.
> Piatti hosts udd, and it has bugs and packages mirrors tho I removed
> them both from dns because piatti's load spiked into the hundreds.
udd moved to re-installed samosa after db.d.o was moved to dragi.
> Moving non-piuparts stuff of piatti and thereby dedicating piatti solely
> to piuparts again is also preferable because piuparts does lots of stuff
> as root, and so do its admins.
> = ftc =
>
> nagios from samosa should probably move to spohr, which appears to be
> our "public dsa services that are not all that security critical"-box
> these days.
done.
> That'll leave samosa free. Once buildd is in vancouver, raff only has
> keyring left, but that should be easy to move; and raff still has morgue
> files from ftp-master, they can be moved elsewhere also.
no change so far.
> So we could move udd from piatti to its own dedicated host (either raff
> or samosa) - see #1241. DDE can move onto the same host, away from
> merkel, if desired by dde-adm.
>
done, see above.
> = csail/mit =
>
> Noahm at CSAIL/MIT still has 3 of the old HP servers we got two months
> ago in his to-setup queue (they are from the same batch as the dl360
> that is schein, now hosted at ISC and being security.us).
>
> IIRC we will have two dl360 (senfl and rore) and one dl380 (carver).
> Disk-wise I don't know/remember how they will be. Probably at least 74g
> (2x74g raid1) in the dl360s, and 180g (6x36g raid5) in the dl380.
>
> Once they are online we should think of moving individual services
> around.
rore is packages mirror, carver is not running reliably (RT#1385), senfl
not racked/accessible/whatever.
> = munich =
>
> verdi is a really really old box: dual pentium III 700mhz, 512mb of ram,
> raid5 of 4 18g disks one of which failed half a year ago and hasn't been
> replaced yet. verdi hosts volatile-master.
>
> volatile should maybe be integrated into the ftp archive proper - I sent
> an email regarding that a few months back to the volatile folks. If
> that does not happen we need to move it to a new host, then we can
> decommission verdi.
zobel is preparing a move of volatile master to valente (running on
dijkstra in canada). archive integration stalled due to volatile and
ftp-master not communicating all that well.
> = karlsruhe =
>
> wieck and schumann - dell servers from november or so - are sponsored by
> 1&1. wieck is acting as a security mirror for a while now.
>
> schumann has been made into a kvm host and is currently hosting one
> domain: chopin. chopin will become new security-master (currently
> klecker) once the ftp folks are done setting stuff up.
still pending ftp-master love.
> we can setup another kvm domain on it (we have 2 more ip addresses) for
> other security stuff. fw mentioned a couple of months back that he
> wants a place for security-tracker.d.n. This could be it. white
> (steffen joeris) also wants a home for testing-security.d.n. They can
> probably live on the same kvm domain.
stalled due to no/missing input from testing-security folks.
> = minnesota =
>
> saens isn't doing anything since we moved ftp.d.o to kassia. We were
> talking about making it a mail relay at one point, but it doesn't look
> like there'll be any progress there any time soon, nor is it still
> certain we want/need that.
>
> maybe make seans part of security.us?
no change.
> = nl =
>
> Once security-master is on chopin, the only thing left on klecker will
> be www-master (and www).
>
> We do not have ilo access to klecker, tho if we had a piece of useful
> (rackable) hardware with at least two ethernet ports we could probably
> ask xs4all to put it next to klecker and we could access it that way.
> If that ever works out we could re-install klecker with amd64 userland.
>
> I see no reason why we would want to move www-master away from klecker
> tho.
no change.
> = osuosl =
>
> rietz' storage subsystem is really weird. It seems to hang for seconds
> to minutes at times. Maybe rietz is really really overloaded or the
> hardware is not well.
>
> rietz currently is bugs-master and syncproxy.na.
>
> I suggest we move bugs-master to a kvm domain on dijkstra (don said
> that'd be fine).
>
> Once that happened we can re-setup it with amd64 userland, and then
> re-setup syncproxy.na. Ganneff said that'd be ok with him, tho we might
> miss a mirrorpulse or two in the process.
made a bts mirror on dijkstra (duarte), to see how well it works.
> = summary =
>
> Services which could/should move or need a new home:
> [not sure we should move qa at all, but we could]
> qa.d.o - currently on merkel -> new dl* at mit, or {raff,samosa} once empty
> bugs.qa - currently on merkel -> new dl* at mit, or {raff,samosa} once empty
> packages.qa - currently on master -> new dl* at mit, or {raff,samosa} once empty
> [qa probably needs a debian mirror tho, so maybe leaving
> them on merkel or at least in FtC is not the worst idea]
>
> db.debian.org - from samosa -> kvm domain on unger (darmstadt)
> nagios - from samosa -> spohr
>
> udd - from piatti -> {raff,samosa}
> dde - from merkel -> {raff,samosa} (to udd)
>
> nm.d.o - currently on merkel -> new dl* at mit, or {raff,samosa} once empty
>
> bugs mirror - from piatti -> new dl* at mit, or {raff,samosa} once empty
> packages mirror - from piatti -> new dl* at mit, or {raff,samosa} once empty
>
> volatile-master - from verdi - if it needs a new host.
> -> kvm domain on dijkstra (vancouver)
> buildd/wannabuild - from raff -> kvm domain on dijkstra (vancouver)
> i386 buildd/amd64 buildd - NEW -> kvm domain on dijkstra (vancouver)
>
> security-master - from klecker -> chopin
> security-tracker.d.n - NEW -> kvm domain on schumann
> testing-security.d.n - NEW -> kvm domain on schumann
>
> security mirror - NEW -> saens
>
> bugs-master - rietz -> kvm domain on dijkstra (vancouver)
>
>
> = snapshot =
>
> still waiting for a summary from hw-don folks.
no change.
> = durin =
>
> durin is a non-debian.org box or xen domain in darmstadt iirc, run by
> the german cabal. zobel mentioned he'd like to move several services
> off it onto debian.org systems. Do we have a list somewhere?
stalled. no input from anyone.
> = arch specific stuff =
>
> == arm ==
>
> elara and europe were arm buildds up until the lenny release. Now they
> are no longer needed as such. Decide if we want to keep one as a porter
> box in leu of agnesi (which has weird network).
> (#1064, #1083, #1065)
no change.
> == m68k ==
>
> finally get rid of crest and kullervo (#1132).
done.
> == powerpc ==
>
> bruckner is quite old and slow, and we got pescetti as a porterbox now.
> Return to the owner?
done.
> == s390 ==
>
> we have two porterboxes here. zelenka is new and fast and has nice
> network but is a little short on disk space. raptor has more diskspace
> but the network is too restricted - we can't even get to our puppet
> master from it and the local admin is not helpful. I suggest we ask
> zelenka sponsors (zivit) nicely if we can have more disk, and we get rid
> of raptor.
done.
> == hppa ==
>
> new hpp buildd in the queue (#1177). not as fast as peri and penalosa
> but hopefully stable. Also gives us location redundancy (peri and
> penalosa are both at ftc.)
done.
> == sparc ==
>
> waldi is still sitting on debian's t1000 at osuosl. last status I heard
> was that he wanted to install solaris on it. I'm way past caring about
> it by now.
>
> fabbione brought up a potential t2000 a while ago (#1144) - ping him
> again.
no change.
> = other stuff =
>
> there are still a couple of porter chroots to upgrade. feel free to do
> that.
all done, I think.
> not all that many hosts still on etch.
even fewer left.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: