[DC-Users] Happy New Year Ducklings!

DuckCorp Admin Team dc-admins at lists.duckcorp.org
Sat Jan 18 18:39:37 CET 2014


Coin,

After the big bunch of upgrades during feast time, we plan a bit of  
cleanup and a few other improvements ; fasten your seat belt :-).


=== Recent IRC problems ===

Our primary IRC server needed a restart in order to load the new SSL  
certificates, unfortunately it was hit by a bug (Debian#714219) and is  
OoS until then. Our IRC services got problems too, probably for the  
same reason. Keep in mind that irc.milkypond.org is the IRC entry  
point. It contains several hosts in order to have a backup when one  
fail. You should not use another address unless you know what you are  
doing (seems several users did not).

Unfortunately, SSL access on our secondary server was unusable due to  
a misconfiguration, sorry, we found it out the hard way when the first  
one went down


=== Upcoming Server's FS Layout Changes and Consequences ===

In order to cleanup and follow the FHS a bit more, we're planning to  
move a few data in better places. This will mostly affect shell and  
VCS users.

Mostly users data outside your own home directory will be relocated in  
/srv, so you need not look around weird top directories anymore.

For web users:
   /www will be relocated into /srv/www
   /sites will be kept as a symlink ~1 month before being removed

For VCS users:
   /rcs will be relocated into /src/vcs
=> all rcs-* websites will be renamed accordingly, with a redirection  
until it seems unnecessary

For FTP Users with shell access:
   /ftp will be relocated into /srv/ftp

For project members having data in /private on Toushirou:
   /private/{projects,duckcorp,hurdfr} will be relocated into /srv/projects.

We're also trying to finish the ext3->ext4 migration, which is not  
fully possible yet, but at least we'd like all data partitions to  
switch. So we're gonna disconnect /home on Toushirou one day for just  
a few minutes, which means no SSH access and user scripts (bots?) will  
have to be shutdown as well. We will announce it on IRC, but if you  
have such scripts, do not hesitate to contact us so we can coordinate  
so you can restart them very fast.

Other changes should not have any consequences.

We plan to do this really soon.


=== Recent Web Hosting Upgrades ===

As previously said, and with a lot a delay, mod_ruby was removed. By  
the way, mod_wsgi was removed too.

We are now using Passenger to provide a cleaner and less resource  
intensive way of hosting webapps. The following languages are now  
handled:
   - Ruby
   - Python (WSGI apps are very easy to adapt)
   - NodeJS (new!)

You can still use CGI for very simple scripts, but beware FCGI (with  
spawning processes) support will be removed soon.

As previously not announced, sorry, Ruby 1.8 support was removed and  
Passenger now spawn Ruby apps using version 1.9 of the interpreter now.

Also, Apache moved to 2.4, which should not be a big deal for you  
except for ACLs. There is a compatibility module to ensure everything  
continues to work as before but we add surprises so… be sure to learn  
the new way and adapt your .htaccess files using the following  
documentation:
   http://httpd.apache.org/docs/2.4/howto/auth.html
The compatibility module is to stay at least a few month but do not  
wait until we announce the end of support.
ACLs also are tighter now, which means almost no global access to  
files by default.


=== Recent SSH Security Upgrades ===

We recently enabled EDCSA host keys on all SSH servers, with updates  
in the SSHFP DNS records.


=== Supervision is back ===

Daneel has been rebuilt, not fully yet, but it is able to monitor our  
machines again. The configuration is quite not finished but the basics  
are working. It was really difficult to run blindly so we're eager to  
have again a good view of our service availability. As the software is  
by the way upgraded, we should be able to monitor in deeper details.


Well, that is all for now. Assimilate these news well :-).

Have a pleasant year!


-- 
Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <https://lists.duckcorp.org/mailman/private/dc-users/attachments/20140118/a350e801/attachment.sig>


More information about the DC-Users mailing list