Service Wishlist¶
Here’s a list of services that the ACM would like to be able to provide, and some ways our current services could be improved. Some of these are good choices for independent study projects; some are just things to work on if you’re a bored admin with a free afternoon.
- Merge in the wiki: Most of the things on the wiki (excepting eg the quotes page) should be moved into an appropriate part of the notes.
- Set up an encrypted password manager for admins stuff
- Fix website infrastructure
- Upgrade Openstack
- Fix wintermute (and add HTTPS support via letsencrypt)
- Add a AFS storage backend for Openstack storage
- ACM web SSO with kerberos (talk to Ben Rosser about how Fedora did stuff like this, and then make a reverse proxy to do this via a web interface)
- Set up unattended-upgrades (and integrate with scripts to push out critical updates)
- new bug tracker (gitlab?)
- set up containerization of gitlab CI
- Fix email (spam stuff, roundcube)
- Install new R900 for Openstack Nova compute
- Make New web.vm
- Make Legit Shell Server
- Try out using erasure codes with ceph; consider moving to one osd per drive
- Nagios fun! Integrate it with the bug tracker. Fix the traffic light integration Improve/fix twitter integration. Upgrade to nagios4
- Try out cephfs
- Improved notes: As it stands, these notes are more “reminders for current admins” than “a manual for incoming admins”, much less “a manual for users”. There were plans to make the wiki into the latter, but the last major proponent of that plan graduated, so ha! Anyway, the wiki needs to be pulled into the userdoc section (which should be expanded to cover every service we offer to users, at the level they need to actually use those services); the admin section needs to be expanded so that someone can look at the right section of the notes and immediately understand what they need to in order to fix or upgrade or otherwise administer whatever system they’re working on. The whole thing, ideally, should also be cross-indexed; sphinx can create indices, but we don’t really make use of that capability. Oh, and automatic regeneration of the notes, while currently a thing, consists of three layers of terrible hacks and should really be cleaned up. This is a long-term task that anyone can usefully chip away at.
- Move away from mailman2: Mailman2 is hard to use, has at best a limitted understanding of “accounts” and “users”, and emails passwords in plaintext without asking! There is no current upgrade path to mailman3, but the fedora people managed to make it happen so it is doable. Failing that, we could always roll our own listserv, if someone wants to write one. We need to keep all of our old archives and mailing lists, of course, which is the main obstacle to both paths.
- kafs: Sometimes, the openafs kernel module stops working for a few versions. It’d be super nice (for us) if these failures blocked release of new versions of the linux kernel, because that would mean afs clients would generally be functional on any semi-modern linux kernel. It wouldn’t solve all our afs problems, but it would solve some of them. Good thing someone already did bring the afs module into the kernel! Except it doesn’t quite actually work. This is probably at least one independent-study-sized project for someone who wants to hack on the linux kernel; it might be two. You probably want to have taken OS or otherwise acquired experience hacking on the linux kernel before tackling this project.
- Work on unifying the ACM’s account structure.
- Some things need to be Kerberized:
- Openstack
- Bugtracker
- Nagios
- LDAPerize AFS (really fucking huge amount of work)
- Some things need to be Kerberized:
- Bugtracker more usable and/or smoothly integrated with our systems.