#2205: OSGeo7 setup
---------------------------+-------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
I did the first pass of setting up OSGeo7 so it now has Ubuntu 18.04
installed on the SAMSUNG drive, ucfw firewall turned on only allowing
ports 22,80, 443 for inbound.
Our plan is here:
https://wiki.osgeo.org/wiki/Osgeo7
Next steps would be to get LDAP setup, I'll be happy to do this but need
someone to whitelist the osgeo7 (osgeo7.osgeo.osuosl.org
) ip - [140.211.15.30)
disable password login, root (I have to double check on this as I took
the default settings. I think password login is allowed, but root might
have been disabled by default)
After that would be the ZFS, LXD, NGINX setup which I would appreciate
someone with more experience do or be around when I do it.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2205: OSGeo7 setup
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
* root accounts don't exist on Ubuntu by default.
* I'm wondering if we need to resize the root partition to not be the
whole 512 GB drive, Chris does the caching require an unformatted
partition or a specific partition type?
* Should we write a Puppet/Ansible or other automation script to do these
essential tasks the same way (could be applied to containers and other
machines)? Store this in git.
* Did we get the usb removed to test if rebooting is working right? I can
offer to look at the bios with you make sure it's set right.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2205: OSGeo7 setup
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
I told whitehet it was okay to remove, but it doesn't matter anyway cause
he changed it to boot from the SAMSUNG.
When I did a soft reboot after installing updates and the firewall, it
didn't come up not sure why.
But when I did a hard-reboot - it came up and automatically booted to the
SamSUNG. The screen was showing the Grub menu option, perhaps longer than
we want it to. whitehet suggested reducing the GRUB menu time.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2205: OSGeo7 setup
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
We reboot so infrequently I think it's fine for grub to take 30 seconds,
we could reduce it to 10 if we want but that's really minor.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2205: OSGeo7 setup
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
I've also installed zfsutils-linux (needed to see zfs option in lxd) and
lxd.
I figure those were safe enough to install.
We still need to do the zfs pool setup and lxd init.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2205: OSGeo7 setup
---------------------------+---------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
OSGeo7I think is setup.
ZFS is working fine and have some containers setup e.g. nextcloud, docker.
The docker actually works fine I think so I think it's just some funkiness
with collabora why I couldn't use the docker image.
Only thing left is the setting up ssh login and backup.
Backup is in as a separate ticket. the ldap ssh login I'm not sure we
want people ldapping into osgeo7 directly. I'd like to keep that bare
bones and requiring key as it is now.
the debian-ldap-ssh lxd I am still having issue with getting ssh-ldap
authentication to work. But I'll log that as a separate ticket.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2205#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.