Kosmos Upgrade and Cleanup September 2009

Overview

Kosmos has not been maintained very well lately, for several reasons, and for the common reasons: some have the abilities but lack the time, some have the time and interest but lack the skills. It’s about time to change this and to share skills and the time spent on server administration.

To do

Alstee has compiled a list of jobs which should be completed to make this server up to date.

Some of these are rather urgent (security) and are not part of daily system administration tasks, and also somewhat complex. So these should be taken on first. Once this is done, the remaining jobs shall be done by all of the current admins commonly, by means of skill/knowledge sharing sessions. Topics considered to be good for knowledge sharing are marked with KS.

  • (COMPLETE) Fix proxy settings
    Currently, at least APT is configured to use a proxy server (proxy.hh.ip2ip.net) to access the Internet:
    /etc/apt/apt.conf:Acquire::http::Proxy “http://217.114.68.254:3128/”;
    Unfortunately connections to this server time out:
      Err http://www.backports.org sarge-backports/main Packages
      Could not connect to 217.114.68.254:3128 (217.114.68.254), connection timed out
    

    Determine whether another proxy server should be used, or none, and configure APT accordingly.
    Done: the proxy server reference, which is most likely outdated, has been removed off /etc/apt/apt.conf
  • (COMPLETE) Correct the hostname and PTR record
    kosmos.indymedia.ORG, not kosmos.indymedia.DE
    Done: /etc/hosts has been adjusted; active apache virtual hosts and global config, tomcat config for active webapps and munin configuration have been updated accordingly; hosting provider has updated the reverse entry/PTR
  • (COMPLETE) Kernel update
    The current kernel was compiled in 2006. It should be replaced by a current Debian kernel image. A reboot will be neccessary.
    Done: The latest available kernel image on Debian Lenny (a 2.6.26) has been installed and grub is configured to boot off it; outdated, non-packaged kernels have been removed
  • (COMPLETE) Replace lilo by grub
    This is a matter of personal preference mostly, and thus totally open to debate.
    Done: the grub package is installed, its boot code has been written to all HDDs’ MBR, and the default kernel was set to the latest sarge kernel
  • (COMPLETE) Install all available updates for the current system (Debian Sarge)
    Done: In addition to upgrading existing packages, the following changes have been made:
Old package Replacement package
libnewt0 libnewt051
lynx-ssl lynx
tomcat5 old package remains
j2sdk1.4-bd package removed
sun-j2sdk1.5 sun-java5-jdk, sun-java5-jre
j2se-common package removed
libnkf-ruby package removed
libperl5.6 libperl5.8
kaffe-pthreads package removed
libpgsql2.1 package removed
apache package removed
libapache2-mod-jk package removed (apache2 uses mod-proxy now)
http-analyze package removed
  • (COMPLETE) Remove Apache !VirtualHosts which are not in use
    Done: The following !VirtualHosts have been removed:
VirtualHost Reason
indymedia.de Hostname points elsewhere, site is no longer used
indyvideo.ru Hostname points elsewhere, site is no longer used
subtv.org Domain is no longer registered, hostname points elsewhere, site is no longer used
ambazonia.indymedia.org prod.ambazonia.indymedia.org still points to kosmos, and so does the open posting form on ambazonia.indymedia.org, but according to the website the collective has resolved in 2007
beirut.indymedia.org Hostname points elsewhere, site is no longer used
ecuador.indymedia.org Hostname points elsewhere, site is no longer used
qollasuyu.indymedia.org Hostname points elsewhere, site is no longer used
romania.indymedia.org Hostname points elsewhere, site is no longer used
  • (COMPLETE) Upgrade operating system from Debian Sarge (now) to Etch (latest release + security updates)
  • (COMPLETE) Upgrade operating system from Debian Etch to Lenny (latest release + security updates)
  • (COMPLETE) Drop and archive unused databases; archive unused Mir production sites, templates and data
    Archive all data and configuration for ambazonia and beirut; notify imc-tech about the availability of these dumps. Remaining databases and files of all other IMCs but EH and PL can be removed without backups, since these have since moved to marieta and all data is available there.
    Done: Zapata has kindly archived all data for ambazonia and beirut at /var/backups/defunctmirdumps/. Databases of all other IMCs have been dropped.
    Outstanding: Delete all files of all IMCs other than ambazonia and beirut.
  • (COMPLETE) Sort out /var/lib/cvs
    This looks like it can be safely deleted, but better check twice.
  • Do offsite backups once