This page was created in April of 2017 to help modernize our system records and will likely replace https://wiki.apache.org/spamassassin/DevelopmentStuff.
SA SysAdmins
Goals
KAM: I view Apache SpamAssassin as a framework for writing goals. I deliver rules to prove the code works but I don't view that the project has to provide rules. I use this as a guidance in where I spend my focus.
Current Members
As of May 2017:
*Dave Jones - davej@apache.org
*Kevin A. McGrail - 703-798-0171 - kmcgrail@apache.org
*Bryan Vest - bvest@apache.org
Who's in Charge?
The PMC. There is no leadership hierarchy in the SpamAssassin SysAdmins.
NOTE: As with any ASF role, if you follow The Apache Way, you should feel empowered to Just Do It (TM Nike)
For a SysAdmin, your solution works (Merit), it's well documented (Open) and supports the project (Community), you're good to go though as a SysAdmin you need to realize we have control over private data. All SASA members have been asked to follow the LISA Code of Ethics.
Tenets we Follow
*The Apache Way Shane Curcuru's post has many good points.
*LISA/Sage Code of Ethics
Onboarding
Workflow
- A PMC Member nominates a new SASA member as a committer since we store items in SVN for configs.
NOTE: If they later produce code, they should request that permission from the PMC. - If the vote is successful, they then follow all the normal committer guidelines to get them an Apache ID including an appropriate committer license: New Committers Guide.
- After the Apache ID is setup and given to the new team member, see the Important Resources below to complete setup.
- Someone with Karma needs to:
*Approve request to sysadmins mailing list
*Add them to ContributorsGroup and AdminGroup
*Open a JIRA ticket at issues.apache.org similar to INFRA-14045 to get them access to SA servers
Acronymns
*ASF = Apache Software Foundation
*BZ = Bugzilla
*SA = Apache SpamAssassin
*PMC = Project Management Committee
*SVN = SubVersioN
Important Resources
Apache ID
Once your Apache ID is created and you receive email notification, setup a strong password, SSH keys, PGP keys, and mail forwarding at https://id.apache.org.
Mailing Lists
See Mailling Lists and subscribe with your user@apache.org address to:
sysadmins@spamassassin.apache.org - send email to sysadmins-subscribe-*user=apache.org@spamassassin.apache.org
ruleqa@spamassassin.apache.org - send email to ruleqa-subscribe-*user=apache.org@spamassassin.apache.org
SVN
Read-Only: http://svn.apache.org/repos/asf/spamassassin
Read-Write: https://svn.apache.org/repos/asf/spamassassin
Repo |
Contents |
Notes |
sysadmins |
Server and application configs |
Encrypt passwords and sensitive information – NEED TO SPECIFY HOW WE WANT TO DO THIS |
dns |
Configs and records related to spamasssassin.org |
Hosted by PowerDNS on sa-vm1.apache.org as hidden master |
site |
http://spamassassin.apache.org site contents |
|
Bugzilla
Jira
Sign up at Jira with your apache.org email address since it it doesn't use your password setup at https://id.apache.org.
ASF Infrastructure (Infra) Jira
Wiki
- Create an account at https://wiki.apache.org/spamassassin using your full name (i.e. Dave Jones). 2. Email sysadmins@spamassassin.apache.org to request update access to the wiki.
OPIE
OPIE is required to sudo to root. The basic idea is to setup an OPIE passphrase which is never entered into the ASF server but used to create a response to copy/paste at the sudo prompt.
*Apache reference: https://reference.apache.org/committer/opie
*Javascript client: https://reference.apache.org/committer/otp-md5
PGP Key
- Add your PGP key in https://id.apache.org.
- Setup your PGP key page at http://people.apache.org/~user:
*sftp://user@home.apache.org
*Create ~/public_html directory which is the DocumentRoot for /~user.
*Setup index.html with PGP key and link to PGP asc file. TIP: wget http://people.apache.org/~kmcgrail as a starting point
Infrastructure
DNS Hosting
Zone |
Server |
Contact |
Notes |
spamassassin.org |
ns2.pccc.com |
Kevin McGrail kevin.mcgrail@mcgrail.com, kmcgrail@apache.org |
Instant updates via NOTIFY |
|
ns2.ena.com |
Dave Jones djones@ena.com, davej@apache.org |
Instant updates via NOTIFY |
|
dns-master.sonic.net |
Grant Keller grant.keller@sonic.com |
Hidden slave, 5 to 10 min delay of public slaves after NOTIFY |
Standards
*Apache.org standard of Ubuntu 16.04 LTS
*Cron entries should be in new standard locations /etc/cron.d, /etc/cron.daily, etc. and avoid using user's crontab
*Custom scripts should reside in /usr/local/bin if they are not direcly related to SpamAssassin processing that should be in /usr/local/spamassassin
*Symlink scripts from /usr/local/bin to /etc/cron.d, /etc/cron.daily, or /etc/cron.weekly. This provides easy discovery and future management by others on the sysadmins team.
*Scripts and cron entries should mail output to the sysadmins mailing list
Servers
Hostname |
Function |
Software |
Configs/Location |
Resource/URL |
sa-vm1.apache.org |
DNS Hidden Master |
PowerDNS |
/etc/powerdns/pdns.d/pdns.local.conf |
spamassassin.org |
|
NightlyMasscheck |
Scripts |
|
|
Backups
An old backup exists in sa-vm1.apache.org:/usr/local/spamassassin/backups/spamassassin-vm. It's a large bzip'd tar file so make sure you don't extract it and fill up the filesystem.
We need to setup offsite backups that at least two of the SA sysadmins members can access. Crashplan is an option or we can setup BackupPC somewhere that can do backups via Rsync. BackupPC is a very simple backup tool with deduplication.
Specifically, what backups does KAM have as of 2017/05/08:
*Hyperion.apache.org - N/A
*Incoming.apache.org aka colo - Backup on KAM's Crashplan
*minotaur.apache.org (NOTE: Aka People) - N/A
*sa-vm1.apache.org - Backup on KAM's Crashplan
*Spamassassin-vm.apache.org - sa-vm1.apache.org:/usr/local/spamassassin/backups/spamassassin-vm Backup on KAM's Crashplan - Mar 15, 2017
*spamassassin2.zones.apache.org - sa-vm1.apache.org:/usr/local/spamassassin/backups/spamassassin-zones2 Backup on KAM's Crashplan from Approximately Jun 2015 last backup. Also have an Rsync copy from June 3, 2015 on PCCC TalonJR machine