BoD starts: 7:20PM Members: mgasidlo sanjayk alanw wchan sherryg hanwei (*) (*) Not on BoD Motion to add hanwei to BoD seconded by mgasidlo all in favor: 5 Agenda: * Solaris * Disks * frb (Abusive user) Solaris security patches no longer free, need support contract, will cost ~$1500 for machines we need them for, ideally want 2. machines are pandemic, jaws, (possibly famine) Solaris advantageous for shares because of ZFS file systems, also highly secure, good for our web server May use BSD for webserver, but no documentation, may be harder to do. Sanjay: One option is to ask IST to help. Alan: What about INTS? Han: Why does the campus use Solaris? Sanjay: Because of the support and security. We should draft a letter to explain why we need Solaris (why we have two spark machines). We don't want security holes and we want to see if we could be a part of a support contract (or if they could forward us to someone who does have a contract). Worst case: suppose we can't do that. What do we want to do? Suppose we do buy support contract. Mike: You buy it for a machine, year-by-year (there is a discount if you buy a 3-year chunk). Sanjay: We do frequently have hardware problems so we might not want to invest in a machine that will go down frequently. Conquest and apocalypse (we won't have solaris log-ins on there). Will we move those to Debian? Mike: But those are Spark machines as well. Sanjay: We don't want it too central to our infrastructure. Han: What will activedirective be running on? Alan: Black boxes. Those are not Sparks. Sanjay: I think they're two-dual processors or opteronÉ Mike: I thought we were putting that on the Linux boxes. Alan: Active Directives will run on non-Spark machines. Pandemic holds a lot of stuff. Sanjay: Famine is a physical machine. Genevieve walks in. Sanjay: There is some room for manipulation because Debian and Linux generally haveÉ There will be a lot more room for exploits. Jaws is going to be a big file server. Alan: The only thing that won't need Solaris is pandemic. Sanjay: We don't want to lose the machine so we should try to appeal to IST and then look at what we can do if that doesn't work. Alan: We can ditch Solaris. If we did it, then we would be second-handing pandemic, which wouldn't be the best for pandemic. So we should at least get contracts for pandemic. Sanjay: We need to consider that pandemic will need to rebuilt. The VMS on it at least twice so far. Two ldaps have failed (flood and sandstorm). If we want to rebuild it, then we want to do it quickly. Alan: If we move off architecture, a lot users have stuff built specifically for that OS. That will be bad for users. Sanjay: There is no guarantee that stuff will work if we switch architectures. We might have to rebuild that share. If we put in Debian, we need an opt-share. There is some debate among staff about building stuff from packages. Mike: The sheer number of packages we run on the Debian system is not as efficient as app-get upgrade does. We don't run as many packages on Solaris. What real benefit does building from source provide you from installing from packages? Sanjay: It will be good for new staff. Do we want to start up a newÉ? I would keep opt-arch because there are some things I would like to build from start. Mike: I wouldn't want to put everything there. There are certain applications where it's useful, but I wouldn't make it the single source for software. I am tabling further discussion until someone writes a letter to INTS. Once we get a response from them we will continue. Sanjay: I will draft a basic letter, Alan will read it, and then Mike will look at it and give it to them. We'll CC it to people we know like Eric Claven and Mike Sinatra (?).*** Disks: Mike: I got the quote back for the six 1 TB drives. It will cost just over $2000, including shipping and taxes. We could also get 2 TB, but they are more expensive per TB (a little bit). The 2 TB gives us more space for future expansion because they take up less slots. We have a 4 x 3 array of slots and you can only put one kind of disk in each column, so you put in 1,2,3 with one left over. We can't put it in a different machine. Alan: This is only if we get 2 TB ones? Mike: This is no matter what the size is. We cannot mix SAS and SATA drives. We only have 8 open slots out of 12. Sanjay: We would have to buy 4 TB drives. Alan: I don't know if we wanted to lower the quantity. If we decided to get the 2 TB ones, how many would we get? Mike: Do we think we're ever going to max out the capacity that we already have? Sanjay: Right now our current account usage is 900 GB, which is about 16,000 users. If we give everyone 10 times more space, we will use at most 9 TB over the next 10 years. Our current space: 2.4 TB SAS Current usage/allocated: Homedirs/webdirs - ~1 TB/4.2 TB Mail - ~46 GB/688 GB /opt/* ~200 GB Sanjay: So we want to look at whether the space will increase 10-fold? Alan: We bought our last drives 1-2 years ago. Sanjay: If we do spend money on this, it should last at least 5 years. Even after we increased quota a while back, the amount of space taken up did not change. Mike: I don't think most of our users get as much spam as we do. Sanjay: But if they don't use it for a while it's still going to fill up. What will we gain by increase mail quotas? It's at a fairly manageable level. Mike: But it's only 10 MB. Do we want users to use our services? Maybe 100-150 MB. So we'd have to allocate maybe 1 TB. Alan: Why can't we just increase the quota but not change the allocation? Mike: If we do and it comes close to it, it will be difficult to deal with. Alan: If we're going for extra drives, we should have a spare TB. Sanjay: I think a first would probably figuring out how many people use our mail. Alan: Rather than increase disk quota, we should just increase mail quota. Sanjay: Maildirs will not work afterÉ alan: isn't that what other services do? Mike: We're rebuilding mail now and one of the things we're looking into is the backend. We're working on first getting a stable server running and then looking at mail. Getting things to work with AD is still a little rocky. Sanjay: We should track how much each user uses. Something we have to do anyway is a front-end to spam filtering. We need to by default if a person isn't using mail we need to redirect everything to devnel. Mike: We could make it part of the first log-in script. Sanjay: We should just have a make-email command. Alan: We just do it, default it and then people use it. Mike: It will be an opt-in email. Wy doesn't somebody go ask BWC how much they get spam? Sanjay: Where is the 46 GB coming from? We should ask DWC. Mike: If everyone was filling their email with spam, we would have 800 GB. How much could we save? Sanjay: If we make our mail servers useable, then Mike: We don't want to buy 1 TB and then find out later that we should have gotten the 2 TB. We also don't want to get the 2 TB ones and only use 1/4 of them. frb: Alan: FRB decided to spam our print servers. We attempted to contact them through their OCF email. They continued spamming and then Mike perma-banned them. Mike: "Sorry" means that their account is banned and can come in. "Perma-ban" means that BOD needs to overwrite the GM's. Sanjay: He thought it didn't work and that he was using only one printer. I collected the stack of papers that he printed and brought it to him. I would suggest denying them printing privileges, but I don't want to punish the group for it. It was completely unintentional. Alan: What do they use their account for? Sanjay: Printing out revolutionary material. Alan: Are we going to overrule Mike? Sanjay: I think we should deny printing privileges. They printed around 200 pages. I think he just went on Google and asked why lp doesn't work and put in a four-loop without understanding the implications. Mike: If he came into the lab, we could have looked over him. Alan: Are we going to go with Sanjay's ban of printing for life or leave them on perma-ban? Sherry: Why don't we ban him from making an account and then just ban printing for life for the student group and let them do what they want? Alan: So we'll use San Proposition by Sanjay: for the rest of their occupation of the OCF they will not get anymore printing. Seconded by Mike. Voting: 4 in favor, 1 abstain Motion passes. Sanjay will take care of the sentence. Mike: We're tabling disks until next BOD until more information has been collected. Meeting ends 8:25 PM.