[7985] in Release_7.7_team
Re: Linerva transition meeting today
daemon@ATHENA.MIT.EDU (Alex Dehnert)
Wed Jan 29 05:03:03 2014
Date: Wed, 29 Jan 2014 05:02:50 -0500 (EST)
From: Alex Dehnert <adehnert@MIT.EDU>
To: Jonathon Weiss <jweiss@MIT.EDU>, jdreed@MIT.EDU
cc: Alex Chernyakhovsky <achernya@MIT.EDU>,
"linerva@mit.edu" <linerva@MIT.EDU>, release-team@MIT.EDU
In-Reply-To: <alpine.DEB.2.02.1401282108370.6544@the-other-woman.mit.edu>
Message-ID: <alpine.DEB.2.02.1401290347430.18657@novgorod.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Linerva crashed this evening, so we decided to do the transition early.
Documentation of the change is at http://web.mit.edu/linerva/www/. In the
process of writing that, I noticed some lacking documentation that I would
have liked to link to:
- Why doesn't athena.dialup work with ssh -k (there's okay docs on how to
use ssh -K instead, but I'd love to have something to link to for the
"why" behind the "no" answer to "Can I use athena.dialup without
delegating my tickets?"
- How can I use ssh public key authentication on athena.dialup?
https://athena10.mit.edu/trac/ticket/1216#comment:11 explains how to do
it, but is also clear that there should be some text about the issues with
it. I'm not really able to write that text at 4AM, and in any case I would
prefer somebody appropriate at IS&T write text they like, rather than me
trying to guess.
It would be awesome if somebody on the IS&T side (Jonathan?) produced
documentation for those.
Thanks,
Alex
On Tue, 28 Jan 2014, Jonathon Weiss wrote:
> Great, thanks, I will proceed with that solution in mind.
>
> I think Geoff's argument makes sense in the short term, but that in
> the long term it makes more sense to transition the name to an ops run
> server. How does this sound: deploy banners on linerva at some
> pre-determined time on Thursday (1pm?). That puts it inside linerva's
> declared window, and since I don't have to do a lot of work on the
> dialups to configure things Thursday rather than Friday shouldn't be a
> problem. Then sometime in the next week we can have a pre-set up ops
> run VM, and transfer the DNS seamlessly and without time pressure.
>
> Jonathon
>
> On Tue, 28 Jan 2014, Alex Dehnert wrote:
>
>> Having not heard heard objections from the Linerva side, we're okay with
>> the banner plan.
>>
>> Geoff points out it might be easier to have Linerva serve the redirect,
>> since then we don't need to deal with coordinating a DNS update, moving
>> keys around, etc.. I don't think keeping Linerva-banner running for a while
>> is going to be big problem.
>>
>> ~~Alex
>>
>> On Tue, 28 Jan 2014, Alex Chernyakhovsky wrote:
>>
>>> I'm fine with both.
>>>
>>> On Tue, Jan 28, 2014 at 3:59 PM, Alex Dehnert <adehnert@mit.edu> wrote:
>>>> I'm fine with the banner plan, with either Linerva or an Ops VM serving
>>>> the
>>>> error. I assume Geoff is as well. I think achernya and Anders are the
>>>> main
>>>> other people who have been caring about this -- are you okay with that
>>>> plan?
>>>>
>>>> ~~Alex
>>>>
>>>>
>>>> On Tue, 28 Jan 2014, Jonathon Weiss wrote:
>>>>
>>>>> I've confirmed with Garry that he's fine with this plan. He did
>>>>> suggest that we move the linerva/linux names to an ops run VM that
>>>>> served the re-direct messages. I would expect ops to run that VM at
>>>>> least through the end of the term. That would leave you with more
>>>>> flexibility about recycling the current VM and hypervisor.
>>>>>
>>>>> Because of the tight schedule of transitioning on Thrusday or Friday,
>>>>> (and the difference in the work required for the different plans) I'd
>>>>> like to know if there are any problems with this approach by 6pm
>>>>> today, if at all possible.
>>>>>
>>>>> Jonathon
>>>>>
>>>>>
>>>>> On Tue, 28 Jan 2014, Alex Dehnert wrote:
>>>>>
>>>>>> We met with Jonathon today to discuss how we would carry out the
>>>>>> linerva->athena.dialup transition. Tentative plan, assuming that the
>>>>>> rest of
>>>>>> Ops and Linerva maintainers are okay with it, is to replace the Linerva
>>>>>> sshds with something that rejects your login with a message about
>>>>>> athena.dialup, and to run a high-port sshd for recovering dead sessions
>>>>>> (aka
>>>>>> plan 2 in the notes).
>>>>>>
>>>>>> I've attached limited notes from the meeting.
>>>>>>
>>>>>> ~~Alex
>>>>>
>>>>>
>>>>
>>>
>>
>
>
> Jonathon
>