Coin,
After the big bunch of upgrades during feast time, we plan a bit of
cleanup and a few other improvements ; fasten your seat belt :-).
=== Recent IRC problems ===
Our primary IRC server needed a restart in order to load the new SSL
certificates, unfortunately it was hit by a bug (Debian#714219) and is
OoS until then. Our IRC services got problems too, probably for the
same reason. Keep in mind that irc.milkypond.org is the IRC entry
point. It contains several hosts in order to have a backup when one
fail. You should not use another address unless you know what you are
doing (seems several users did not).
Unfortunately, SSL access on our secondary server was unusable due to
a misconfiguration, sorry, we found it out the hard way when the first
one went down
=== Upcoming Server's FS Layout Changes and Consequences ===
In order to cleanup and follow the FHS a bit more, we're planning to
move a few data in better places. This will mostly affect shell and
VCS users.
Mostly users data outside your own home directory will be relocated in
/srv, so you need not look around weird top directories anymore.
For web users:
/www will be relocated into /srv/www
/sites will be kept as a symlink ~1 month before being removed
For VCS users:
/rcs will be relocated into /src/vcs
=> all rcs-* websites will be renamed accordingly, with a redirection
until it seems unnecessary
For FTP Users with shell access:
/ftp will be relocated into /srv/ftp
For project members having data in /private on Toushirou:
/private/{projects,duckcorp,hurdfr} will be relocated into /srv/projects.
We're also trying to finish the ext3->ext4 migration, which is not
fully possible yet, but at least we'd like all data partitions to
switch. So we're gonna disconnect /home on Toushirou one day for just
a few minutes, which means no SSH access and user scripts (bots?) will
have to be shutdown as well. We will announce it on IRC, but if you
have such scripts, do not hesitate to contact us so we can coordinate
so you can restart them very fast.
Other changes should not have any consequences.
We plan to do this really soon.
=== Recent Web Hosting Upgrades ===
As previously said, and with a lot a delay, mod_ruby was removed. By
the way, mod_wsgi was removed too.
We are now using Passenger to provide a cleaner and less resource
intensive way of hosting webapps. The following languages are now
handled:
- Ruby
- Python (WSGI apps are very easy to adapt)
- NodeJS (new!)
You can still use CGI for very simple scripts, but beware FCGI (with
spawning processes) support will be removed soon.
As previously not announced, sorry, Ruby 1.8 support was removed and
Passenger now spawn Ruby apps using version 1.9 of the interpreter now.
Also, Apache moved to 2.4, which should not be a big deal for you
except for ACLs. There is a compatibility module to ensure everything
continues to work as before but we add surprises so… be sure to learn
the new way and adapt your .htaccess files using the following
documentation:
http://httpd.apache.org/docs/2.4/howto/auth.html
The compatibility module is to stay at least a few month but do not
wait until we announce the end of support.
ACLs also are tighter now, which means almost no global access to
files by default.
=== Recent SSH Security Upgrades ===
We recently enabled EDCSA host keys on all SSH servers, with updates
in the SSHFP DNS records.
=== Supervision is back ===
Daneel has been rebuilt, not fully yet, but it is able to monitor our
machines again. The configuration is quite not finished but the basics
are working. It was really difficult to run blindly so we're eager to
have again a good view of our service availability. As the software is
by the way upgraded, we should be able to monitor in deeper details.
Well, that is all for now. Assimilate these news well :-).
Have a pleasant year!
--
Marc Dequènes (Duck)
Coin,
After the big bunch of upgrades during feast time, we plan a bit of
cleanup and a few other improvements ; fasten your seat belt :-).
=== Recent IRC problems ===
Our primary IRC server needed a restart in order to load the new SSL
certificates, unfortunately it was hit by a bug (Debian#714219) and is
OoS until then. Our IRC services got problems too, probably for the
same reason. Keep in mind that irc.milkypond.org is the IRC entry
point. It contains several hosts in order to have a backup when one
fail. You should not use another address unless you know what you are
doing (seems several users did not).
Unfortunately, SSL access on our secondary server was unusable due to
a misconfiguration, sorry, we found it out the hard way when the first
one went down
=== Upcoming Server's FS Layout Changes and Consequences ===
In order to cleanup and follow the FHS a bit more, we're planning to
move a few data in better places. This will mostly affect shell and
VCS users.
Mostly users data outside your own home directory will be relocated in
/srv, so you need not look around weird top directories anymore.
For web users:
/www will be relocated into /srv/www
/sites will be kept as a symlink ~1 month before being removed
For VCS users:
/rcs will be relocated into /src/vcs
=> all rcs-* websites will be renamed accordingly, with a redirection
until it seems unnecessary
For FTP Users with shell access:
/ftp will be relocated into /srv/ftp
For project members having data in /private on Toushirou:
/private/{projects,duckcorp,hurdfr} will be relocated into /srv/projects.
Other changes should not have any consequences.
We plan to do this really soon.
=== Recent Web Hosting Upgrades ===
As previously said, and with a lot a delay, mod_ruby was removed. By
the way, mod_wsgi was removed too.
We are now using Passenger to provide a cleaner and less resource
intensive way of hosting webapps. The following languages are now
handled:
- Ruby
- Python (WSGI apps are very easy to adapt)
- NodeJS (new!)
You can still use CGI for very simple scripts, but beware FCGI (with
spawning processes) support will be removed soon.
As previously not announced, sorry, Ruby 1.8 support was removed and
Passenger now spawn Ruby apps using version 1.9 of the interpreter now.
Also, Apache moved to 2.4, which should not be a big deal for you
except for ACLs. There is a compatibility module to ensure everything
continues to work as before but we add surprises so… be sure to learn
the new way and adapt your .htaccess files using the following
documentation:
http://httpd.apache.org/docs/2.4/howto/auth.html
The compatibility module is to stay at least a few month but do not
wait until we announce the end of support.
ACLs also are tighter now, which means almost no global access to
files by default.
=== Recent SSH Security Upgrades ===
We recently enabled EDCSA host keys on all SSH servers, with updates
in the SSHFP DNS records.
=== Supervision is back ===
Daneel has been rebuilt, not fully yet, but it is able to monitor our
machines again. The configuration is quite not finished but the basics
are working. It was really difficult to run blindly so we're eager to
have again a good view of our service availability. As the software is
by the way upgraded, we should be able to monitor in deeper details.
Well, that is all for now. Assimilate these news well :-).
Have a pleasant year!
--
Marc Dequènes (Duck)
