Report on the Server Admin Team Sprint in Berlin (October 2016)
October 14, 2016
The third sprint of the TYPO3 Server Admin Team in 2016 took place during the weekend of September 30th - October 2nd in Berlin.
The location for this sprint was sponsored by SysEleven, located in the Kreuzberg district of Berlin. In total, 4 people from the TYPO3 community participated in the sprint locally: Andreas Beutel, Andri Steiner, Bastian Bringenberg and Dennis Nippold.
Michael Stucki and Steffen Gebert participated remotely.
During the sprint, the following topics were covered, of course, besides many smaller cleanups and could you just fix this and that thing tasks:
Server and Network Infrastructure
As a continuation of the work that was started during the first sprint this year, we worked further on a migration of the server infrastructure towards being centralized in one data center. We identified a way to migrate old legacy VMs from OpenVZ to KVM, and will do to trough the next few weeks. As we have quite a lot of services with many dependencies (e.g. mailing list & news server), this is still a ongoing task which will take some more time.
Furthermore, we tackled a problem regarding IPv6 reachability of our new infrastructure, which we could pinpoint to some system settings within the Debian image distributed by Hetzner. After verifying those changes, we sent them to Hetzner as well, and they could identify the issue and will update their image accordingly.
The new centralized LDAP service for TYPO3 applications was installed in production and is ready to use. Currently we are working on the integration to the current user database on the TYPO3.org website, and a new interface to give our users the possibility of self management of their user-data at a platform divided from TYPO3.org.
Because of an update in OpenLDAP we needed to configure everything as LDIF, and our already working solution with config files had to be rebuilt completely. The LDAP server is running now and all users are imported, however a few more tasks are still open. First of all, we need to import groups as well, plus we need to secure the server a little more than it is now. For example, only service accounts should be allowed to read the whole LDAP tree.
Now that LDAP is running, we need to change the Single-Signon functionality for TYPO3.org. For this, Andreas has built a TCEmain hook which syncs all information of the fe_user to LDAP. With this running, we are able to implement LDAP as new authentication system as a drop-in replacement.
Discourse Forum on Docker
Based on the new infrastructure mentioned above, we added a Docker container to run a Discourse forum for the TYPO3 core team. As a proof-of-concept, we subscribed two categories to their equivalent mailinglists as well, to get a better insight if we could replace the maillinglist/news server with a Discourse installation somewhen in the future.
The following sprint dates have been fixed:
Very likely, our friends from the typo3.org web site team will join us there.
We like to thank:
- Thomas Löffler for sponsoring dinner on Friday
- The TYPO3 Association for taking over expenses
- SysEleven for inviting us to their offices