[H-SASIG] Proposed changes to Excalibur
Russell Stuart
russell-humbug at stuart.id.au
Thu Dec 3 02:01:15 EST 2009
On Thu, 2009-12-03 at 01:14 -0500, Robert Brockway wrote:
> We could buy an additional IP on the Linode for $1/month and bind the
> humbug sshd to the 2nd interface, thus allowing continued use of tcp/22.
> Not being able to ssh to excalibur directly from the meeting room sounds
> problematic.
My current plan is to follow Mark's suggestion to put it on both 24 and
563. I suspect port 563 will work.
Turns out all of us SysAdmin's that turn up to meetings have external
servers we go through first. Each of us has a different reason I think.
In any case, it means the port isn't an issue.
> With respect to the work already carried out, the chroot seems like an
> inelegent solution to me, requiring hacked startup scripts, etc.
Apart from the sshd port change, none of the files installed by Debian
are changed, so I am not sure you could say the startup scripts are
hacked.
All that happens is the VM's inittab isn't used (obviously), so the
existing init scripts are run via a different mechanism. I happen to
think the way it works is rather elegant - but each to their own.
> This
> sort of things costs resources (time) and isn't easy to maintain in the
> long term. I know this is only meant to be a temporary solution but how
> many of those last years?
You say this will be complicated and hard to support, so perhaps some
comparisons are required. Here are some line counts for non-standard
stuff we have on excalibur:
The shell scripts that do the chroot startup ..... 87 lines.
Firewall ......................................... 322 lines.
Backup system .................................... 2500 lines.
> Linux Australia was apparently in a position to provide a virtual system
> to LUGs. Did anyone approach them?
No.
> Russell you suggested some cheaper providers on IRC one day. Perhaps one
> of them would be a good option.
They were all container based, which is why they were so cheap. When I
mentioned that at club meetings everybody recoiled in horror, so I gave
up on the idea.
More information about the Sasig
mailing list