Jump to: navigation, search
Άτομα: 4
Ώρα έναρξης: 19:00
Διάρκεια: 2 ώρες
Τόπος: UoC Radio

System services[edit]

We're going to stop leasing srv1, and we're losing access on 1 Dec 2017. We need to migrate everything on another server, and it's a good opportunity to modernize the infrastructure as we have discussed in previous meetings.

Hosted services[edit]

We host various sites that were needed from time to time (enoiko, csa etc) that don't seem to be used anymore. gkiagia will talk to some of the owners to see if we need to migrate these sites. The rest will be backed up (as will the rest of the server) and won't be migrated to the new setup.

Services[edit]

The following services will for sure be migrated to the new setup, using Docker:

  • LDAP
    • We will probably use another web UI than GoSa for managing it
    • We need to clean up many accounts that aren't used. In the future we will send multiple reminder e-mails to each account to see if they're used. The rest will be deleted, and we will find a way to auto-delete accounts that aren't used for a while.
  • All mail server components
    • There are images that have the whole stack ready: mail, spam filtering, virus scanning, settings auto-detection for clients etc
    • All emails of every account plus their attachments don't exceed 30GiB
  • Nextcloud
    • We need at least 120GiB since that's what we're using now

This list is incomplete because we didn't actually discuss about other services, but we won't stop providing a service that is needed. But just in case, there will also be a backup of the whole server before the migration; no data will be lost.

Hosting[edit]

Currently, except srv1 we only have orionis. It's a very old machine and we should replace it before it fails: it was a scrap brought when we moved to the new CSD building (2013), and it was used way before that so it might be like 10 years old. It's pretty easy to find a used rack unit for like €50-100 but it's very expensive to maintain it (e.g. to replace a failed drive) as they need special hardware. Another problem that we have is that it is hosted in the University's datacenter, so we don't have physical access to it, and asking for access regularly for making upgrades isn't easy. The other day we were discussing about the fact that we probably need to install a KVM too, which doesn't seem very likely to happen as well.

Having the above in mind, we would probably be better off if we used a regular, good, desktop computer and hosted the services inside τοLabάκι. We have Ethernet (most likely Gigabit), we wouldn't need special hardware or a KVM, and we will always have physical access if something goes wrong. It's probably going to be cheaper too, since we can either buy or find scrap/donated parts:

  • looselyrigorous recently brought an old motherboard that could be used
  • We have plenty of disks, and buying a good regular server (or even desktop) drive is cheap too
  • UoC Radio may be able to donate an unused computer. gkiagia will bring it up on their meeting to talk about it.

dzervas will lend us a VM in his server, since we need it ASAP to start migrating everything (we have 1.5 month before srv1 goes down). He can provide the necessary space (at least 200GiB), and since we'll be using Docker the migration from that VM to our final server will be pretty easy.

There is the issue that we will be using an IP owned by the University, which is difficult (and probably illegal) to set up services around. Something that was brought up was the use of a cheap VM or service that we could connect to the server via VPN and host the services using that IP. The subject was changed and we didn't decide on anything, but in any case more technical details need to be researched before finding a solution that suits us.

Domain and DNS[edit]

Currently the domain registration is done via Modulus.

  • gkiagia will talk with sque to move the domain to Papaki
    • We all have a Papaki account and we will see if it's possible to have multiple administrators for the domain
  • For now we'll use Papaki's DNS hosting instead of setting up bind ourselves (but if we need it we can set it up later of course)