[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DPN: Debian System Administrators, What do you do?

On Tue, 2015-02-24 at 22:09 +0800, Paul Wise wrote:

> I'm working on a response to this, we'll discuss it and reply when done.

Hopefully the information below is useful, if there is anything more we
would suggest doing an interview, perhaps at DebConf.

The Debian System Administration (DSA) team is delegated to manage the
infrastructure of the Debian project, including machines, core services
and relationships with donors of equipment, services and hosting.

In practice, a nine person team gets to work through a deluge of email,
cron output, monitoring notifications, bouncing Debian member mail,
hoster/vendor notifications, spam, weird mail, misdirected questions,
hardware that fails to reboot, dying hardware, sick hardware, serial
consoles, disk replacements, hardware donations, hardware purchasing,
hardware sponsors, hosting sponsors, guest account requests, group
member changes, inter-release compatibility issues, service admin
prodding, security updates, inter-team co-ordination and much more.

Our tools of the trade include Debian stable (and some backports),
hardware capable of running amd64 VMs, entropy keys, ganeti, puppet,
icinga, munin, ikiwiki, git, postgresql, apache, openldap, gnupg,
openssh, bacula, ferm, sudo and a bunch of homegrown scripts.

We are interested in automation, reliability, speed, privacy, security,
resilience, longevity and try to balance these for the benefit of the
Debian project, members, users, derivatives and the wider world.

As we have a lot to deal with, we mostly leave the actual running of
services to service admins but provide general guidance as well as
specific guidance on a case-by-case basis.


A recent achievement was modifying the update-ca-certificates code to
allow for multiple X.509 certificate stores and adding puppet bits to
ensure the 3 certificate stores we wanted are consistent between hosts. 


An ongoing project is to replace our current old LDAP web/mail frontend
with a new one based on Django.


If anyone would like to reduce our workload, please take a look at and
fix the various bugs that we have filed.




Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: