You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by Dave Jones <da...@apache.org> on 2017/05/28 21:29:49 UTC

What a mess!

I have been all day on the do-stable-update-with-scores script.  There 
is a build problem now that has me stumped.  All of these scripts are a 
mess!  They all do similar things in very different ways making it very 
hard to follow and troubleshoot.

I found a new-rule-score-gen directory in the backup under 
/home/updatesd/svn that is definitely not checked into the SA SVN. 
Maybe this will help me get past the part that is failing.

When I do finally get these script working, I hope this server is being 
backed up after all of this time spent on getting everything working again.

After the dust settles a little on all of this setup, I definitely want 
to go back and simply/standardize all of these script to be more modular 
to untangle all of this mess.

-- 
Dave Jones

Re: What a mess!

Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 5/28/2017 5:29 PM, Dave Jones wrote:
> I have been all day on the do-stable-update-with-scores script.  There 
> is a build problem now that has me stumped.  All of these scripts are 
> a mess!  They all do similar things in very different ways making it 
> very hard to follow and troubleshoot.
>
> I found a new-rule-score-gen directory in the backup under 
> /home/updatesd/svn that is definitely not checked into the SA SVN. 
> Maybe this will help me get past the part that is failing. 

Agreed.  Thank you for the time and energy on fixing this. Responding to 
your other email in a moment.

Re: Backups & Crashplan

Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/1/2017 9:30 AM, Dave Jones wrote:
> Where should I put the private key then?  If you are going to 
> personally see Greg, then it may make more sense for you to generate 
> it offline so the private key is not checked into SVN or emailed from 
> me to you. 
Sorry, I wasn't clear.  In my head, I had been thinking about giving him 
just the passphrase out of band.

If you generate a key pair with a ridiculously strong passphrase which 
you can relay over the phone, we can then email the private, passphrase 
protected key pair to Greg.  I'll follow-up with the passphrase in 
person.  Then once you and I confirm we have the private key off the 
server and safely onto our own network, we are safe enough I believe.

Then we should only need the public key in our key rings to encrypt it 
to that sysadmins@ account.

This matched what Greg discussed a week or 3 ago.

Regards,
KAM

Re: Backups & Crashplan

Posted by Dave Jones <da...@apache.org>.
On 06/01/2017 08:20 AM, Kevin A. McGrail wrote:
> On 5/31/2017 2:52 PM, Dave Jones wrote:
>> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>>
>>>> We should add /etc and /var/www and exclude 
>>>> /usr/local/spamassassin/backups since it's so large.
>>> Added/excluded as suggested. Thanks very much for the feedback
>>
>> Do we need to setup crashplan to run under supervisord and have monit 
>> email the sysadmins if it stops running again?
> Need? No, CP alerts me if it doesn't run a backup for a few days.  I 
> don't know why it stopped though...
>> Yes. They look fine.  I can create the recovery gpg key if you want me 
>> to then get it over to the infra team for long-term storage.  Then we 
>> would need to resign everything with it plus the current sysadmins' keys. 
> Yes, this would be good for June 14th when I can give the GPG key 
> personally to Greg.

Where should I put the private key then?  If you are going to personally 
see Greg, then it may make more sense for you to generate it offline so 
the private key is not checked into SVN or emailed from me to you.

Dave

Re: Backups & Crashplan

Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 5/31/2017 2:52 PM, Dave Jones wrote:
> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>
>>> We should add /etc and /var/www and exclude 
>>> /usr/local/spamassassin/backups since it's so large.
>> Added/excluded as suggested. Thanks very much for the feedback
>
> Do we need to setup crashplan to run under supervisord and have monit 
> email the sysadmins if it stops running again?
Need? No, CP alerts me if it doesn't run a backup for a few days.  I 
don't know why it stopped though...
> Yes. They look fine.  I can create the recovery gpg key if you want me 
> to then get it over to the infra team for long-term storage.  Then we 
> would need to resign everything with it plus the current sysadmins' keys. 
Yes, this would be good for June 14th when I can give the GPG key 
personally to Greg.

Re: Backups & Crashplan

Posted by Dave Jones <da...@apache.org>.
On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
> 
>> We should add /etc and /var/www and exclude 
>> /usr/local/spamassassin/backups since it's so large.
> Added/excluded as suggested. Thanks very much for the feedback

Do we need to setup crashplan to run under supervisord and have monit 
email the sysadmins if it stops running again?

>> We still need to create a recovery gpg key and re-sign everything with 
>> that key before we get too far down that road.
> I haven't forgotten.  It can be easily decrypted and resigned with that 
> key.  Have you looked at the accounts/*.README files I created?
> 

Yes. They look fine.  I can create the recovery gpg key if you want me 
to then get it over to the infra team for long-term storage.  Then we 
would need to resign everything with it plus the current sysadmins' keys.

> Regards,
> KAM

Dave

Re: Backups & Crashplan was Re: What a mess!

Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
> We should add /etc and /var/www and exclude 
> /usr/local/spamassassin/backups since it's so large.
Added/excluded as suggested. Thanks very much for the feedback
> We still need to create a recovery gpg key and re-sign everything with 
> that key before we get too far down that road.
I haven't forgotten.  It can be easily decrypted and resigned with that 
key.  Have you looked at the accounts/*.README files I created?

Regards,
KAM

Re: Backups & Crashplan was Re: What a mess!

Posted by Dave Jones <da...@apache.org>.
On 05/30/2017 12:07 PM, Kevin A. McGrail wrote:
> On 5/28/2017 5:29 PM, Dave Jones wrote:
>> I hope this server is being backed up after all of this time spent on 
>> getting everything working again. 
> 
> Your question asking about backups was important because no, I don't 
> know what backups exist of the machines.  Based on previous experience, 
> there are none.  So I have run Crashplan for just this reason.
> 
> Additionally, I got a notice CP wasn't running since the 26th so I just 
> started the service again. i.e. service crashplan start
> 
> I've added the credentials for the crashplan service to sysadmins/accounts.
> 
> *IMPORTANT: we are backing up /root, /home and /usr/local.  Is there 
> anything else we should be backing up > *

We should add /etc and /var/www and exclude 
/usr/local/spamassassin/backups since it's so large.

> 
> **
> Finally, could you look this over and add it to InfraNotes2017?
> 
> 

Certainly.

> Crashplan
> 
> Crashplan is sometimes used to backup SpamAssassin project machines as 
> an additional safety valve.
> 
> Credentials: 
> https://svn.apache.org/repos/asf/spamassassin/sysadmins/accounts/crash.pccc.com.enc.README 
> 

We still need to create a recovery gpg key and re-sign everything with 
that key before we get too far down that road.

> 
> To configure the client, choose what gets backed up, etc., you have to 
> interface with the client.  When working with remote machines, you can 
> install the client locally and use SSH to port forward to remotely 
> administer things.  They call this managing a headless box.
> 
> See 
> https://support.code42.com/CrashPlan/4/Configuring/Use_CrashPlan_on_a_headless_computer_version_4.2_and_earlier 
> for more details.
> 
> 
> Regards,
> 
> KAM
> 
>

Backups & Crashplan was Re: What a mess!

Posted by "Kevin A. McGrail" <km...@apache.org>.
On 5/28/2017 5:29 PM, Dave Jones wrote:
> I hope this server is being backed up after all of this time spent on 
> getting everything working again. 

Your question asking about backups was important because no, I don't 
know what backups exist of the machines.  Based on previous experience, 
there are none.  So I have run Crashplan for just this reason.

Additionally, I got a notice CP wasn't running since the 26th so I just 
started the service again. i.e. service crashplan start

I've added the credentials for the crashplan service to sysadmins/accounts.

*IMPORTANT: we are backing up /root, /home and /usr/local.  Is there 
anything else we should be backing up?
*

**
Finally, could you look this over and add it to InfraNotes2017?


Crashplan

Crashplan is sometimes used to backup SpamAssassin project machines as 
an additional safety valve.

Credentials: 
https://svn.apache.org/repos/asf/spamassassin/sysadmins/accounts/crash.pccc.com.enc.README

To configure the client, choose what gets backed up, etc., you have to 
interface with the client.  When working with remote machines, you can 
install the client locally and use SSH to port forward to remotely 
administer things.  They call this managing a headless box.

See 
https://support.code42.com/CrashPlan/4/Configuring/Use_CrashPlan_on_a_headless_computer_version_4.2_and_earlier 
for more details.


Regards,

KAM


-- 
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project