From SUWS-wiki

[[|]] | Current Workshop:



Workshop (to be) held from 11:00-17:00 on 2019/06/01 in Zepler CLS Lecture Room


SOWN Workshop

Task list

  • Look at how the SOWN works and consider how it can be modularised
    • Discuss how to implement SOWN login for SSH to SOWN servers.
    • Possible Modules
      • User Authentication
        • Possible abstract with implementation for first RADIUS and maybe later others and
      • Single Sign On (uses User authentication)
      • VPN (OpenVPN sits underneath)
      • Node setup
      • Node admin
      • Node config
      • Node firmware build
      • Node package management
      • Monitoring (nodes and servers)
      • Firewall
      • Routing
      • Usage accounting
    • May help with implementation of SSH login to individual servers for individual users described above.
  • Consider how we can expand SOWN coverage
    • More SOWN nodes
    • Make it easier to deploy eduroam on own hardware
  • Update keepalived on gateway servers
  • Renew CRLs for tunnelbroker
  • Investigate reboot issues with sown-auth2 where routes do not get setup as needed
  • Planning for what needs to be done before upgrading sown-auth2 OS
  • Update to SOWN firmware to fix known issue with dnsmasq amongst other bug fixes
  • Routing issues between sown-www and sown-monitor
    • Remove routes to force traffic to ECS DMZ servers, via the gateways' DMZ interface as ECS firewall changes should have been made
    • Switch SSH checks for sown-www and suws-marconi to be proxy checks using nrpe on sown-auth2
  • Upgrade sown-radius2 and sown-vpn2 to Ubuntu 18.04
    • Maybe worth installing from scratch and using Ansible playbooks to reinstall stuff.

Todo list tasks

It is unlikely we would actually do any of these tasks but they are useful to be aware of during our discussions of points in the main task list.