Workshop:2019/06/01: Difference between revisions
From SUWS-wiki
DavidNewman (talk | contribs) (Added update keepalived task) |
DavidNewman (talk | contribs) (Added todo list tasks) |
||
| Line 17: | Line 17: | ||
** Make it easier to deploy eduroam on own hardware | ** Make it easier to deploy eduroam on own hardware | ||
* Update keepalived on gateway servers | * Update keepalived on gateway servers | ||
* Renew CRLs for tunnelbroker | |||
* Investigate reboot issues with sown-auth2 where routes do not get setup as needed | * Investigate reboot issues with sown-auth2 where routes do not get setup as needed | ||
* Planning for what needs to be done before upgrading sown-auth2 OS | * Planning for what needs to be done before upgrading sown-auth2 OS | ||
** [[sown:todo:task/660|Fix eapol_test.so on www so works with PHP 7.0]] | |||
* Update to SOWN firmware to fix known issue with dnsmasq amongst other bug fixes | * Update to SOWN firmware to fix known issue with dnsmasq amongst other bug fixes | ||
* Remove routes to force traffic to ECS DMZ servers, via the gateways' DMZ interface as ECS firewall changes should have been made | * [[sown:todo:task/676|Routing issues between sown-www and sown-monitor]] | ||
* Switch SSH checks for sown-www and suws-marconi to be proxy checks using nrpe on sown-auth2 | ** Remove routes to force traffic to ECS DMZ servers, via the gateways' DMZ interface as ECS firewall changes should have been made | ||
** Switch SSH checks for sown-www and suws-marconi to be proxy checks using nrpe on sown-auth2 | |||
=== Todo list tasks === | |||
It is unlikely we would actually do any of these tasks but they are useful to bb aware of during our discussions of points in the main task list. | |||
* [[sown:todo:task/628|Munge check_eapol script to allow it to send RADIUS accounting start and stop messages to keep iSolutions happy]] | |||
* [[sown:todo:task/590|Consider how to setup openwrt git repo and branches so it can easily be pushed/pulled on buildroot and buildroot-dev]] | |||
* [[sown:todo:task/557|Consider the repercussions of allowing 3rd party configured nodes]] | |||
* [[sown:todo:task/593|Figure out how to setup LAN port on AR150 to passive passthrough]] | |||
* [[sown:todo:task/596|Provide a mechanism to prevent certain MAC addresses connecting to certain nodes without breaking eduroam for those MACs]] | |||
* [[sown:todo:task/647|Figure out why snmpd is missing on node303 and add it manually]] | |||
* [[sown:todo:task/483|Node-owner firewall control]] | |||
* [[sown:todo:task/549|Add support for client isolation on wireless interface.]] | |||
* [[sown:todo:task/626|Build a serial (DS9097E one wire) temperature sensor we can plug into a B32 server.]] | |||
* [[sown:todo:task/666|Figure out what to do with node UPGRADEABLE checks]] | |||
* [[sown:todo:task/469|Improve security of our OpenWRT packages]] | |||
* [[sown:todo:task/470|Build VM on sown-vms as a new-style package management server on its existing addresses]] | |||
* [[sown:todo:task/512|Check/add support for IPv6 on nodes where host network supports IPv6.]] | |||
* [[sown:todo:task/579|Review maintain_sown_tunnel script to see why old openvpn processes hang about]] | |||
* [[sown:todo:task/620|De-brick script for misconfigured nodes]] | |||
Revision as of 07:00, 30 May 2019
<< Meeting 30 May 2019 18:00:00 | Current Event: 1 June 2019 11:00:00 | Meeting 6 June 2019 18:00:00 >>
[[|]] | Current Workshop:
|
[[|]]
Workshop (to be) held from 11:00-17:00 on 2019/06/01 in Zepler CLS Lecture Room
SOWN Workshop
Task list
- Look at how the SOWN works and consider how it can be modularised
- Discuss how to implement SOWN login for SSH to SOWN servers.
- Possible first modules: RADIUS authentication and SSO to sit on top.
- May help with implementation of SSH login to individual servers for individual users described above.
- Consider how we can expand SOWN coverage
- More SOWN nodes
- Make it easier to deploy eduroam on own hardware
- Update keepalived on gateway servers
- Renew CRLs for tunnelbroker
- Investigate reboot issues with sown-auth2 where routes do not get setup as needed
- Planning for what needs to be done before upgrading sown-auth2 OS
- Update to SOWN firmware to fix known issue with dnsmasq amongst other bug fixes
- Routing issues between sown-www and sown-monitor
- Remove routes to force traffic to ECS DMZ servers, via the gateways' DMZ interface as ECS firewall changes should have been made
- Switch SSH checks for sown-www and suws-marconi to be proxy checks using nrpe on sown-auth2
Todo list tasks
It is unlikely we would actually do any of these tasks but they are useful to bb aware of during our discussions of points in the main task list.
- Munge check_eapol script to allow it to send RADIUS accounting start and stop messages to keep iSolutions happy
- Consider how to setup openwrt git repo and branches so it can easily be pushed/pulled on buildroot and buildroot-dev
- Consider the repercussions of allowing 3rd party configured nodes
- Figure out how to setup LAN port on AR150 to passive passthrough
- Provide a mechanism to prevent certain MAC addresses connecting to certain nodes without breaking eduroam for those MACs
- Figure out why snmpd is missing on node303 and add it manually
- Node-owner firewall control
- Add support for client isolation on wireless interface.
- Build a serial (DS9097E one wire) temperature sensor we can plug into a B32 server.
- Figure out what to do with node UPGRADEABLE checks
- Improve security of our OpenWRT packages
- Build VM on sown-vms as a new-style package management server on its existing addresses
- Check/add support for IPv6 on nodes where host network supports IPv6.
- Review maintain_sown_tunnel script to see why old openvpn processes hang about
- De-brick script for misconfigured nodes
