All about Debian JP Project Administration
All about Debian JP Project
Administration
Fumitoshi UKAI
Debian developer: ukai@debian.org
Debian JP Project Leader: ukai@debian.or.jp
Japan Linux Association, President
(page 1)
All about Debian JP Admin
Today's Agenda
Lists of Debian JP's Machines
LDAP management --- *@debian.or.jp
rsync mirror --- *.jp.debian.org
ftp-master --- ftp.debian.or.jp
Bug Tracking System --- bugs.debian.or.jp
upload queue
Others
- mail, ML, archive, search, ftp, www, diary
(page 2)
All about Debian JP Admin
Lists of Debian JP's Machines
master - laser5 / OCN Economy
- Pentium MMX 233MHz 80M 6G+6G+8G
- queue
- PentiumIII 666MHz 384M 17.5G+17.5G
- MX, www
- PentiumIII 550MHz 256M 8G+70G(md)
- ftp, rsync
- PentiumIII 600MHz 512M 9G+80G
- DNS, LDAP, ftp-master
- Celeron 500MHz 256M 3G+6G+6G+6G+8.7G+4.1G+2G
- (cdimage)
(page 3)
All about Debian JP Admin
LDAP management
Each machines are distributed
- Account managed by LDAP
- Create files from LDAP
- in /org/db.debian.or.jp/db/
/ - passwd, shadow, group, .forward
- .ssh/authorized_keys
- in /org/db.debian.or.jp/db/
- Copy files via ssh
- to
:/var/lib/misc/ - build db using /var/lib/misc/Makefile
- to
- Using NSS db (libnss-db)
- passwd: compat db
- group: db compat
- shadow: compat db
(page 4)
All about Debian JP Admin
LDAP management
Why not using LDAP directly?
Communications over public Internet
- Snoop passwd?
- Copy over ssh
- Network trouble
- It's more safe than LDAP
- Anyway, it may be better to use LDAP replica
(page 5)
All about Debian JP Admin
LDAP management
Why not using LDAP directly? (2)
- It's not so fast
- Use nscd
- Secure communication
- Use TLS/SSL or ssh portforwarding
- Ssh RSA/DSA key management
- no LDAP support in ssh yet?
(page 6)
All about Debian JP Admin
LDAP management
debian.org -- userdir_ldap
- cvs.debian.org userdir_ldap
- Basically, same features
- Written in python (perl?)
- ssh hack
- GlobalRSAFile /var/lib/misc/ssh-rsa-shadow
- GlobalDSAFile /var/lib/misc/ssh-dsa-shadow
(page 7)
All about Debian JP Admin
LDAP management
TODO
https://db.debian.or.jp/
- management data in LDAP
- It was written in ePerl, now suspended
- eRuby?
(page 8)
All about Debian JP Admin
rsync mirror
*.jp.debian.org - official mirror site of *.debian.org
- ftp.jp.debian.org - debian package archive
- www.jp.debian.org - debian web pages
- ftp - pull mirror
- www - push mirror
(page 9)
All about Debian JP Admin
rsync mirror
push mirror
- kick from primary via ssh
- mirror site run rsync
(page 10)
All about Debian JP Admin
rsync mirror
push mirror
- primary
- create ssh key pair
- identity - secret
- identity.pub - public
- create ssh key pair
- mirror site (1)
- primary's identity.pub put in ~/.ssh/authorized_keys
- command="~/websync &" 1024 41 1095....159 archvsync@debian
- ~/websync execution only from archvsync@debian connection
- websync - rsync pull mirror
- websync.conf - configuration file
- primary's identity.pub put in ~/.ssh/authorized_keys
(page 11)
All about Debian JP Admin
rsync mirror
push mirror chain
- mirror site (1)
- create ssh key pair
- identity - secret
- identity.pub - public
- kick mirror(2) by signal.sh
- ssh -o"BatchMode yes" -o"user $2" "$1" -i $HOME/.ssh/identity sleep 1
- rsync daemon setup
- /etc/rsyncd.conf
- create ssh key pair
- mirror site (2)
- mirror(1)'s identity.pub put in ~/.ssh/authorized_keys
(page 12)
All about Debian JP Admin
ftp-master
dak (python + postgresql)
- cvs.debian.org dak
- katie
- madison
- melanie
- heidi
- natalie.py
(page 13)
All about Debian JP Admin
ftp-master
katie
install packages from incoming
- new version of dinstall
- run by cron
- /org/ftp-master.debian.or.jp/katie/cron.daily-jp
- katie -pak *.changes | direport
- check
- katie -n *.changes
- manual install
- katie *.changes
- manual reject
- katie -m *.changes
(page 14)
All about Debian JP Admin
ftp-master
madison
List versions and architectures of the package
- ./madison
- % ./madison ack
- ack | 1.3.9-3 | stable | i386, powerpc, sparc, source
- ack | 1.3.9-3 | testing | alpha, i386, m68k, powerpc, sparc, source
- ack | 1.3.9-3 | unstable | alpha, i386, m68k, powerpc, sparc, source
- postgresql read permission required
- % ./madison ack
(page 15)
All about Debian JP Admin
ftp-master
melanie
Delete package from archive
- ./melanie -d
-m " " -s unstable - -b
- binary only
- -a
- architecture
- -b
(page 16)
All about Debian JP Admin
ftp-master
heidi
List package in suites
- List packages in testing
- ./heidi -l testing
- Add package to testing
- ./heidi -a testing < list
- Delete package from unstable
- ./heidi -r unstable < list
(page 17)
All about Debian JP Admin
ftp-master
natalie.py
Manupilate override
- List override
- ./natalie.py -l
- Set new override
- ./natalie.py -S < override
(page 18)
All about Debian JP Admin
Bug Tracking System
debbugs package
- virtual domain required
- mail configuration
- cron configuration
- www configuration
(page 19)
All about Debian JP Admin
Bug Tracking System
mail configuration
postfix
- /etc/postfix/master.cf
- debbugs unix - n n - 1 pipe flags=F. user=debbugs argv=/usr/sbin/debbugs-receive $recipient
- /etc/postfix/transport
- bugs.debian.or.jp debbugs:
/usr/sbin/debbugs-receive
- put mail to /var/spool/debbugs/incoming/
(page 20)
All about Debian JP Admin
Bug Tracking System
cron configuration
- 23 7 * * 3 /usr/lib/debbugs/scripts/age-1
- 24 7 * * * /usr/lib/debbugs/scripts/expire >/dev/null
- 23 16 * * 5 /usr/lib/debbugs/scripts/mailsummary undone >/dev/null
- 23 16 * * 2 /usr/lib/debbugs/scripts/mailsummary bymaint >/dev/null
- /usr/lib/debbugs/scripts/processall
- from /var/spool/debbugs/incoming
- to /var/spool/debbugs/db/
.{log,report,status}
- /usr/lib/debbugs/scripts/html-control
- from /var/spool/debbugs/db/
- to /var/www/Bugs/
(page 21)
All about Debian JP Admin
Bug Tracking System
www configuration
- RewriteEngine on
- RewriteRule ^/$ http://www.debian.or.jp/Bugs/
- RewriteRule ^/([^[:digit:]][^/]+) http://www.debian.or.jp/Bugs/db/pa/l$1.html [L]
- RewriteRule ^/([[:digit:]][[:digit:]])([^/]+) http://www.debian.or.jp/Bugs/db/$1/$1$2.html [L]
(page 22)
All about Debian JP Admin
Bug Tracking System
TODO
Current JP Bug Tracking System is old
- tags
- Japanese hack...
Bug report coordination in Japanese
- Receive bug report in Japanese
- Review, translate and submit to bugs.debian.org
- Bug status onnection with bugs.debian.org?
(page 23)
All about Debian JP Admin
upload queue
on master.debian.or.jp
- ~ftp/pub/Incoming/upload
- upload to ftp-master
- ~ftp/pub/Incoming/upload-non-US
- upload to non-us
- ~ftp/pub/Incoming/upload-jp
- upload to hp.debian.or.jp
(page 24)
All about Debian JP Admin
upload queue
debianqueued program
- debian/project/misc/debianqueued-0.9.tar.gz
master:/home/admin/debianqueued*
- config
- $incoming, $keyring_archive
- $target, $targetlogin, $targetdir
- $maintainer_mail
(page 25)
All about Debian JP Admin
upload queue
user of debianqueued running
- scp to $targetlogin@$taget:$targetdir
- removal permission in $incoming dir
- passphrase required to run ./debianqueued
Periodically check $incoming and scp to $target*
- check signature of *.changes file
- automatically remove invalid files in $incoming
- FIFO
- cat status
(page 26)
All about Debian JP Admin
Next talk is www.debian.org translation by maehara@debian.org :)
(page 27)
