X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fponeys.creole;h=669cee2baa77d72c4b0812fdc394687c3b3bd9cc;hb=0721aced26a00ba57591c2f8a9e93a4860d51c40;hp=d1ad24c2b7d271672c0c3037359377278d77696b;hpb=4ca49dedd8a8a1e7044fef48658d3ead51dd8799;p=mirror%2Fdsa-wiki.git diff --git a/input/poneys.creole b/input/poneys.creole index d1ad24c..669cee2 100644 --- a/input/poneys.creole +++ b/input/poneys.creole @@ -4,14 +4,58 @@ Everything. -o user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it. -o service domain aliases files -o service domains whitelists/blacklists/neverusers/RBLs +* user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it. +* service domain aliases files +* service domains whitelists/blacklists/neverusers/RBLs -== make dns auto update on shutdowns == +== puppet poneys == -one day, when all these dynamic things are in their own dns, we imagine we -would just do shutdown -r 60 kernel and a nagios check or something will remove -the node from DNS automatically +* update external puppet modules +** concat used: 0.2.0, concat upstream: 2.0.0 +*** needs careful modules review, we use removed functions from 0.2.0 +*** module should move from modules/concat to 3rdparty/modules/concat +** stdlib usd: 2.2.1, stdlib upstream: 4.6.0 +*** needs careful modules review, not sure about deprecated use of this module +*** module should move from modules/stdlib to 3rdparty/modules/stdlib +** xinetd used: own module, maybe move to puppetlabs xinetd module +** rabbitmq used: own module, maybe move to puppetlabs rabbitmq module +* setup regression testing environment +== ud-ldap == +* Non-DD accounts: +** new object classes? Something to differentiate +** Would like to always add NM/DM/etc +** Possibly porter box access for NM/DM ? +* ud-cruft: +** Clean up old expired entries + +* scale ud-generate: +** ldap replication? + +* Security: +** LDAP query interface read-only with hidden master +** Privileged modify operations should only be allowed from lo. + +* Code base: +** Could we have one, please? + +== mail handling == +* move @d.o to MXes (different source IP to avoid RBL for important mail?) + +== DSA trainees == +* root everywhere, no authority to speak for team + +== Web auth == +* SSO for web apps (nagios, rt, wiki, etc) +* Tied to ud-ldap (but not LDAP password, dammit!) + +== Munin replacement == +* Something that is scriptable and scales + +== Nagios config == +* Way to have per user views. Doable with contacts, just needs to be done +* Way to test IPv6, without duplicating all of our config + +== DNS/SSHFP == +* It'd be nice if service names like db.d.o had sshfp records in DNS. This is tricky because some of the purpose service names are CNAMEs, but not all.