Fully-Managed Server Hosting: Quick Start Guide for Linux Fully-Managed Servers
- The new sudo access can be found in this GitHub gist.
- The list of sudos can also be displayed on the host with the command 'list-sudo'.
Departmental Administrative Access
- SSH is open to the university campus network by default
- Two factor authentication is required (Duo or ssh keys)
- Two ssh connection methods
- ale03.oit.umn.edu - dedicated ssh gateway server
- Duo two factor authentication enforced VPN
- All users must have an Internet account (x.500).
- Sponsored Internet account (x.500) required for external collaborators.
- Users authenticate using Active Directory credentials
- Root access is reserved for OIT System Administrators.
- A specific set of sudo privileges has been predefined for common use cases. Please see this page for details.
- sudo based privileges are negotiated, allocated, and configured to address application requirements on a case-by-case basis.
Shared Application User
- swadm user. By default, a single shared user exists for the purpose of software administration. Appropriate departmental X500 accounts will have sudo access to this user.
- Additional shared service users can be created, if necessary.
Server Administration and Configuration
This section describes operating system configuration defaults. Changes will be negotiated, allocated, and configured to address application requirements on a case-by-case basis.
Operating System Version and Updates
- OS installation will consist of the latest stable version of 64-bit Red Hat Enterprise Linux at the time of VM deployment.
|System Updates (OS patching)||Chef Code Release (does not have specific day for releases)||Chef Converge Schedule|
|Development||Tuesday, 4:00 AM||Initial code release @ 9:00 AM||Every 30 minutes|
|Test/Staging||Wednesday, 4:00 AM||One day after development @ 9:00 AM||Every 30 minutes|
|QAT/Prod||Thursday, 4:00 AM||Two days after test @ 9:00 AM||Every 30 minutes|
- Operating System updates supplied from Red Hat will be automatically applied within 3 days of release.
OIT provides monitoring for all servers.
|Items Monitored||Check Method||Notification|
|Disk usage||% full||Page/email|
|Customer owned services||Service running/stopped||Page/email|
File System Layout
Below are the default partitioning schemes for the virtual machines.
|/swadm||10G||Owned by swadm user|
|/tmp||2G||Please limit use of /tmp|
|/var||35G||Owned by swadm user|
|/swadm||2G||Owned by swadm user|
|/tmp||1G||Please limit use of /tmp|
|/var/lib/mysql, /var/lib/pgsql||2G||Database file systems created if needed|
- All virtual machines are backed up with weekly full and daily differentials.
- The full backups are retained for one month. The differentials are retained for two weeks.
- Restore requests are fulfilled by OIT systems administrators. Requests can be sent to firstname.lastname@example.org.