[Debian-rtc-admin] system maintenance

gustavo panizzo gfa at zumbi.com.ar
Tue May 28 16:46:37 BST 2019 

Hello

[ I have no authority on this matter, this are just my findings after
being granted access to the debvoip ldap group and reading DSA's puppet
code ]

On Tue, May 28, 2019 at 01:15:24PM +0200, Jonas Smedegaard wrote:
>Quoting Jonas Smedegaard (2019-05-28 12:23:08)
>> Hi RTC team (cc Sam offering to help understand DSA-related matters),
>>
>> Can someone more knowledgeable than me explain how to administrate our
>> services at vogler and dillon?
>>
>> It seems DSA has now granted me membership of LDAP group debvoip
>> (checked by executing command "groups" after logging into either
>> vogler or dillon.
>>
>> I found notes abot one single concrete command that seems should be
>> usable for me, at
>> https://salsa.debian.org/rtc-team/rtc.debian.org/blob/master/README.txt
>>
>> ...but this fails for me with lots of failed permission errors:
>>
>>   DEBIAN_USER=js ./deb-web-publish

I just ran the same and saw the permission errors too

The problem is with this directories on which the debvoip team does not have write access

drwxr-xr-x 6 3228 debvoip   50 Aug 15  2014 /srv/rtc.debian.org/htdocs/font-awesome
drwxr-xr-x 2 3228 Debian    56 Aug 15  2014 /srv/rtc.debian.org/htdocs/font-awesome/css/
drwxr-xr-x 2 3228 Debian   149 Aug 15  2014 /srv/rtc.debian.org/htdocs/font-awesome/fonts/
drwxr-xr-x 2 3228 Debian  4096 Aug 15  2014 /srv/rtc.debian.org/htdocs/font-awesome/less/
drwxr-xr-x 2 3228 Debian  4096 Aug 15  2014 /srv/rtc.debian.org/htdocs/font-awesome/scss/
drwxr-xr-x 2 3228 debvoip 4096 Nov  5  2014 /srv/rtc.debian.org/htdocs/internationalization/
drwxr-xr-x 3 3228 debvoip 4096 Aug 13  2014 /srv/rtc.debian.org/htdocs/sounds/
drwxr-xr-x 2 3228 Debian  4096 Jun  4  2014 /srv/rtc.debian.org/htdocs/sounds/dialpad

DSA should be able to fix that, I'd wait until we have a list of what we
need from them and open a rt ticket.

>>
>>
>> It seems I have read access to e.g. /etc/prosody/prosody.cfg.lua on
>> vogler but not write access to that directory (e.g. making a copy of
>> that file to *.bak fails).

we only have write access (through ACLs) to /etc/prosody/conf.d/debian.org.cfg.lua
[1]

>>
>> How to proceed?
>
>Now after my sudo password is properly setupĀ¹ I can succesfully list
>available commands:
>
>On vogler:
>  * service {resiprocate-turn-server,repro} restart
>  * service prosody {restart,reload,stop,start}
>
>On dillon:
>  * static-update-component wnpp-by-tags.debian.net
>  * static-update-component mozilla.debian.net
>  * static-update-component rtc.debian.org
>

same for me

>So apparently the way to update website is _not_ what is documented in
>README of the git, but instead (after pushing changes to git) this:
>
>  ssh dillon.debian.org static-update-component rtc.debian.org
>

what do you mean with git? salsa? /srv/rtc.debian.org?

static-update-component just takes files from /srv/$service and pushes
them to the static web servers, dillon is the server were
non-DSA people have access in order to deploy the contents of the websites.

deb-web-publish in the rtc.debian.org git repo copies the local content
to dillon:/srv/rtc.debian.org and then calls static-update-component

[1] which I think is not enough to do a proper deployment but suffices to
do manual updates of the service configuration.

-- 
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

More information about the Debian-rtc-team mailing list