SUCS issueshttps://projects.sucs.org/sucs/sucs/-/issues2019-04-02T10:44:23Zhttps://projects.sucs.org/sucs/sucs/-/issues/46Move Fedora mirror process to quick-fedora-mirror2019-04-02T10:44:23ZThomas LakeMove Fedora mirror process to quick-fedora-mirrorOur current mirror uses rsync and report_mirror to download the latest updates and files from Fedora to our local mirror, and to report that we have those versions so that clients on or 'near' campus can access them.
This is quite slow a...Our current mirror uses rsync and report_mirror to download the latest updates and files from Fedora to our local mirror, and to report that we have those versions so that clients on or 'near' campus can access them.
This is quite slow and occasionally hits connection limits upstream.
The newer tool to streamline this is quick-fedora-mirror (https://pagure.io/quick-fedora-mirror), which we should try and switch to.https://projects.sucs.org/sucs/sucs/-/issues/47cgroups on silver2019-08-20T16:30:44ZImran Hussainimranh@sucs.orgcgroups on silverImplement cgroups on silver:
5% of cpu and memory capacity reserved for root owned procs.
Possibly another 5% reserved for mwserve.Implement cgroups on silver:
5% of cpu and memory capacity reserved for root owned procs.
Possibly another 5% reserved for mwserve.https://projects.sucs.org/sucs/sucs/-/issues/55Move Certbot challenges to DNS2020-12-16T18:30:06ZThomas LakeMove Certbot challenges to DNSUni firewall changes are restricting port 80 access to some machines (despite our previous request).
As there's little need for direct port 80 access (we just redirect to HTTPS), consider moving to dns-01 challenges for Let's Encrypt ins...Uni firewall changes are restricting port 80 access to some machines (despite our previous request).
As there's little need for direct port 80 access (we just redirect to HTTPS), consider moving to dns-01 challenges for Let's Encrypt instead of HTTP
We would need to configure BIND on Silver to accept updates, and then generate and store update keys on the relevant machines.
The BIND configuration on Silver can restrict each machine to only permit updates for it's specific challenge key.
Docs reference: https://certbot-dns-rfc2136.readthedocs.io/en/stable/Thomas LakeThomas Lake