feat: further additions to the handover for the sr sysadmin
This commit is contained in:
parent
2b0400c8e5
commit
1573f0b57d
1 changed files with 85 additions and 3 deletions
|
|
@ -8,20 +8,102 @@ The purpose of this document is to assist the incoming Senior System Administrat
|
|||
- Maintaining existing hardware.
|
||||
- Sourcing new hardware.
|
||||
- Improving the software.
|
||||
- Promote the cluster's use
|
||||
- Oversee development of Skynet.
|
||||
- Oversee the Root team.
|
||||
- Oversee training for junior members of the Root team.
|
||||
- Oversee communications with ITD.
|
||||
- Help develop server related skills in the general membership.
|
||||
- Manages:
|
||||
* Linux Webhost for members
|
||||
* LDAP
|
||||
* DNS
|
||||
* [Gitlab][0]
|
||||
* [Nextcloud][1] (Selfhosted Google)
|
||||
* [VaultWarden][2] (password manager)
|
||||
|
||||
## Guide
|
||||
-
|
||||
- You are a society committee member, so you have a basic responsibility to look after society members and other committee members and make sure events are a fun and safe environment.
|
||||
### Baseline
|
||||
1. Dont be a dick.
|
||||
2. You are a society committee member, so you have a basic responsibility to look after society members and other committee members and make sure events are a fun and safe environment.
|
||||
3. The core goal of the Skynet cluster is to provide services for the society.
|
||||
* These are the more visible services like the linux host/gitlab/nextcloud/....
|
||||
* It also includes training for anyone who wants to get more hands on, both administration/hardware.
|
||||
* Its not your fiefdom, everything must improve it for others, even if it takes you out of your comfort zone.
|
||||
|
||||
### Onboarding
|
||||
#### New Committee
|
||||
1. Ensure that each committee member has a skynet account
|
||||
* If they dont then assist them through the process.
|
||||
2. Add their chosen usernames to the [nixos][3] under ``committee``
|
||||
3. Add them to the [Gitlab][4], prune non committee
|
||||
* Gitlab does have enterprise option to automagically do this, we dont have that yet
|
||||
4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2]
|
||||
* Separate but linked account is security feature, unavoidable.
|
||||
* They will gain access to the ``Compsoc`` collection of passwords.
|
||||
5. They will automatically gain access to the ``Compsoc`` folder on [nextcloud][1]
|
||||
|
||||
#### Root team - Trainee
|
||||
1. Ensure that each root member has a skynet account
|
||||
* If they dont then assist them through the process.
|
||||
2. Add their chosen usernames to the [nixos][3] under ``trainee``
|
||||
3. They will automatically gain access to the ``Skynet`` folder on [nextcloud][1]
|
||||
4. Provide training
|
||||
|
||||
#### Root team - Admin
|
||||
1. They will already have a skynet account.
|
||||
2. Add their chosen usernames to the [nixos][3] under ``admin``
|
||||
3. They will automatically gain access to the ``Skynet_Admin`` folder on [nextcloud][1]
|
||||
4. Run them through the process of gaining access to the password manager: [pw.skynet.ie][2]
|
||||
* Separate but linked account is security feature, unavoidable.
|
||||
* They will gain access to the ``Skynet`` collection of passwords.
|
||||
5. Contact ITD to get them added to the VPN.
|
||||
6. Provide training
|
||||
|
||||
#### Sr Sysadmin
|
||||
{need to figure out this process}
|
||||
|
||||
### Annual Events
|
||||
#### Sign up Fair
|
||||
{link to event guide/write up}
|
||||
|
||||
#### Renew Domains
|
||||
We have two domains, both with Blacknight.
|
||||
``skynet.ie`` is sponsored to us.
|
||||
``ulcompsoc.ie`` we have to pay for, renew for two years but check yearly.
|
||||
|
||||
#### Inform ITD that servers are up-to-date and patched
|
||||
Part of the agreement with ITD is to show them every semester that the server are patched and up to date.
|
||||
|
||||
### Regular Events
|
||||
#### Email
|
||||
I generally check all the email accounts for new mail once a day or so.
|
||||
There is a good chunk of spam but we do get a fair few mails from alumni trying to reactivate accounts.
|
||||
|
||||
#### Reactivate old accounts
|
||||
Alumni regularly get in contact to re-activate their skynet accounts.
|
||||
Be polite and respectful when dealing with them.
|
||||
|
||||
Much of this process is covered by [renew][5] and [recovery][6] however more documentation needs to be added on how to verify users.
|
||||
|
||||
## Summary
|
||||
|
||||
This has been mostly a managerial role, involving organisation and mentorship.
|
||||
The role looks really good on a CV/LinkedIn.
|
||||
|
||||
The roles that Skynet has played over the years has changed dramatically (as outlined in the [old history][7]).
|
||||
One of the main draws for it was the email and cloud storage.
|
||||
At one point it employed 5 admins, each in charge of their own servers.
|
||||
Now in this era of DevOps each admin can do so much more while also requiring more diverse knowledge.
|
||||
This change is exciting, stressful and rewarding.
|
||||
|
||||
Brendan Golden.
|
||||
Brendan Golden.
|
||||
|
||||
[0]: https://gitlab.skynet.ie
|
||||
[1]: https://nextcloud.skynet.ie
|
||||
[2]: https://pw.skynet.ie
|
||||
[3]: https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/blob/main/config/users.nix?ref_type=heads#L47
|
||||
[4]: https://gitlab.skynet.ie/groups/compsoc1/compsoc/-/group_members
|
||||
[5]: https://renew.skynet.ie/
|
||||
[6]: https://renew.skynet.ie/recovery/
|
||||
[7]: https://2016.skynet.ie/history.html
|
||||
Loading…
Reference in a new issue