SIDEBAR
»
S
I
D
E
B
A
R
«
Kerberos
Mar 8th, 2013 by Tim Watts

We have just started the journey into the world of using Kerberos for authentication in conjunction with LDAP. Great day!

LDAP Server Upgrade – Friday 8th March 2013
Mar 8th, 2013 by Tim Watts

Success

It seems to be working OK. Had a bug with Mantis – now resolved and some bugs with subvserion, also, I believe, now resolved…

What’s happening?

I will be upgrading (replacing) the DDH LDAP server next Friday. This will happen at noon. We believe this to be a time of least potential impact on activities. There is risk of disruption to services (see below for details).

Why?

The old server is on it’s own server hardware and is at risk of failure. Also, the old LDAP server is not playing nicely with new versions of Confluence and JiRA which is blocking attempts to install/upgrade these.

What do you need to do?

Nothing in particular, except be ready to report any problems logging in. The actual switch over will be done by changing the DNS settings and will take a few minutes.

Your password should continue to work, and your username will remain the same but you will be asked to change your password in a few weeks once the new system is stable.

What might go wrong?

Due to the way the the LDAP (account) data is being restructured to keep Confluence happy, it is quite likely that a few accounts and a few websites or system services might be affected. This will be apparent by the fact that something may not let you log in, whereas is did previously.

I expect the majority of systems and majority of accounts (in particular, staff and PhD student accounts) to not have any problems.

If these assumptions remain good, then I will fix any individual problems on a case by case basis.

Whilst nothing that happens can actually destroy data, it is possible that you may not be able to save edits to some web forms hosted by DDH. The advice is to save your changes early and often on Friday.

What if it all goes horribly wrong?

Then I will abort the upgrade and reset the DNS back to the old system, which will remain running for the duration.

This Blog
Mar 6th, 2013 by Tim Watts

Hi.

I’ll be using this blog as a method of keeping everyone in DDH at King’s College London informed about upcoming work.

In addition, I will be dropping in odd snippets about what’s going on in the background.

All new and updated posts will appear on Twitter with the hashtag #kingsdh or you can use the Follow button on the left side, or subscribe to the RSS feed which is named “RSS Feed” on the right pane.

Update: Post update time is used to reset the published time so hopefully that will fix RSS issues and display orders. It will cause the permalinks to change but this usnot really the sort of blog that you’dwant to bookmark specific entries.

Tim Watts

Systems Manager

Computing Support
Mar 6th, 2013 by Tim Watts

Computing Support – DDH

How to request work

  1. Please enter all jobs or problem requests into Mantis: https://issuetracker.cch.kcl.ac.uk/ – it uses your DDH username and password. If it doesn’t let you in, email systems@lists.cch.kcl.ac.uk and I will make sure you have an account (it’s not automatic).
  2. Apart from that, if you email jobs in – it’s not that they will be ignored on purpose; it is just that they are liable to become buried and easily overlooked.
  3. Please make sure you Assign the job to me (twatts) or I may not see it and I definitely will not get an email from Mantis.
  4. If you are re-opening a Mantis ticket, please check that it is (re)Assigned to me and that you change Status to Assigned.
  5. If I’m not in the office (I could be in ULCC, the Strand, working at home or at an event) I will always check my email on a frequent basis. I am available by phone on 01580 848360 – that’s a VoIP number I use for work and it will be turned off out of hours, so there’s no harm in trying 🙂 Leave a message too – those get emailed to me.
  6. If I’m on holiday, it will be in Leaveplanner. I will try to email an advance warning of longer breaks as other colleagues do.

 What to include in your request

Problems with servers

  1. Please include a full URL to demonstrate the problem where appropriate. This allows rapid diagnostics and the ability to locate it back to the server and the part of the server responsible.
  2. If it used to work, it may be helpful to mention a date and time (approximately) when you knew it to be working – this helps in case I or a developer knows that something has changed between then and now.
  3. It’s worth mentioning which developer worked on it. I may need to confer with them.

New server requests

  1. Project name and name of project leader (internal)
  2. Background info – eg is this a new project or an upgrade of an existing one.
  3. Server technologies required, eg from: apache, django, tomcat and databases (please state MySQL or Postgresl or Postresql-GIS)
  4. Estimate of disk space required
  5. Any unusual requirements, eg might need more RAM or CPU. This and point 4 are easily adjustable later so don’t worry about getting it right first time.
  6. Firewall rules – how will people connect from offsite. TCP ports 80 and 443 are usual. SSH will usually be declined as everyone can route in via ssh.cch.kcl.ac.uk
  7. External domains (see next section).
  8. DEADLINE – when do you need it. We can usually turn around quickly (week or two) but if a rush comes it is helpful to be able to prioritise work.

Domain requests

  1. We can create any external (eg .org, .org.uk, .com) domain directly and without fuss if they are available.
  2. .ac.uk domains require a paragraph that your grandmother could understand describing the project. The better the JANET Naming Committee understand what it’s for, the more likely they are to approve it quickly.
  3. .kcl.ac.uk top level domains. Same as 2, only this will be an ITS committee deciding.

What we can do: Routine work

  • Maintain the department’s core infrastructure.
  • Create and maintain Debian Linux servers to the DDH standard with bare web services software ready for you to develop on.
  • Apache configs, in depth, debugging and advice on technical design.
  • Firewall management – local if applicable and liaise with College for the main border firewall.
  • Databases – Postgresql and MySQL. Creation and advice.
  • Linux tuning and diagnostics.
  • Advice on application integration with authentication services and email.
  • Local DDH account management.
  • DNS for our domains, including external ones.
  • Laptop and desktop network registration.
  • Install Windows 2008 for very special cases and ensure it auto patches and has the latest anti virus software. In depth MS Windows work is regrettably not possible at present and it is expected that that the development team requesting will provide the necessary expertise.
  • Advice on accessing local services from your desktop or laptop.

What we can do: Special projects

  • Potentially anything – but it’s likely to be time consuming so needs to be scheduled as far ahead as practical in order to fit in around other work.

What we can’t do:

  • Software installations on laptops or desktops. Email humsdts@kcl.ac.uk and they should be able to help here.
  • Debug legacy web applications beyond the boundary of Apache. If there is no local knowledge or documentation, it’s not likely to be successful. But I am very able to work with developer colleagues who have at least some familiarity with the technology in question.
  • Phone extentions – best to contact Susan.

Blogs server failed and restarted
Mar 4th, 2013 by Tim Watts

It ran out of memory at 12:01. I noticed the Nagios alert at 12:06 and restarted it. It is back online at 12:10.

Apologies for loss of service.

SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa