MAG's Internet Services Estate

From Motorcycle Action Group Wiki
Jump to: navigation, search

Introduction

Over the last decade and a half, MAG has built up a number of customised services for use by and on behalf of the members to improve our internal and external communications and to power our campaigns. This is a brief summary of what those services are and some superficial details of how they are put together.

Founding Principles

Covered more fully in the page Why Self Host in essence MAG made a large effort to ensure that the bare minimum of outside organisations have the power to shut down all or part of MAG's online operations. There will always be external entities who can do this, but the effort is to minimise the number of these and the potential fallout if they do.

It is achieved by make all our main services follow this line:

  • Open source software used

Open source software does not need any form of license so cannot be remotely switched off if MAG is too skint to pay the license renewal

  • On MAG's own equipment

Hardware is getting cheaper and cheaper. If we only use machines wholly owned by MAG, they cannot be repossessed if we don't keep up the payments.

  • On MAG's own premises

The principle here is that the primary copy of any data is to be held on a MAG machine on MAG's premises. We already have servers running in 3rd party hosting centres, but they will be holding secondary copies of the information, the primary copy being held on central.mag-uk.org. This way if the deal with the hosting centre goes pear shaped and the summarily switch us off, the primary copy can be used to bring the service back up. (NB This is the intent but in some cases we have not yet closed the loop).

Main Servers

central.mag-uk.org

This is now operating with rather elderly versions of the operating software. The services still running on this machine are carefully being split off and moved to more modern hardware and operating system versions on the external hosting site in Cardiff.

fred.mag-uk.org

This is a modern tower server with sufficient power to run several virtual machines. fred.mag-uk.org's main purpose is to be a virtual machine server, this way the admins can connect to the consoles of the actual function servers for remote, low level maintenance. The current crop of servers on fred.mag-uk.org are:

ldap.mag-uk.org

This machine contains the MAG user account database. It is from this machine that all the other new generation MAG servers get their MAG usernames and passwords. This way once the member has a username and password, they can use it for all MAG's new generation services. If they change it, it changes for all the services. This avoids the situation of having to maintain dozens of separate username/password lists with the user confusion and admin workload that this would represent.

webhost.mag-uk.org

Most of the MAG web sites are still running on central.mag-uk.org. Webhost is the new platform to which these sites will be migrated. The intent is that they will all run on this machine in the end.

cloud.mag-uk.org

In order to bring the functions now covered by Dropbox in-house, a new server called cloud.mag-uk.org has been created to host an instance of ownCloud. This machine is accessible at https://cloud.mag-uk.org/

mailbox.mag-uk.org

This is the platform onto which MAG's email services will migrate.

diaspora.mag-uk.org

This is an experimental server to check out the relevance to MAG of the Diaspora "Facebook Replacement" application.

dc1.ds.mag-uk.org

This is an experimental platform to investigate whether using Samba version 4 in AD mode would be a useful addition to the infrastructure.

Services

Email

This is currently done by central.mag-uk.org but will eventually migrate to a new mail server on mailbox.mag-uk.org.

Role Based Email Aliases

This is currently done by central.mag-uk.org but will eventually migrate to a new mail server on mailbox.mag-uk.org.

Main Web Site

The main MAG web site http://www.mag-uk.org has been running on webhost.mag-uk.org since the autumn of 2015.

The test version of the new main web site was loaded onto webhost.mag-uk.org in December 2015.

Local and Regional Web Sites

This is currently done by central.mag-uk.org but is currently being migrated to webhost.mag-uk.org.

Members' Wiki (wiki.mag-uk.org)

This is a new generation service and is hosted on webhost.mag-uk.org.

It allows any member thus enabled to add and maintain pages of information for use by the members. This page as a example.

Administrators' Wiki (adminwiki.mag-uk.org)

This is a sister service to wiki.mag-uk.org but is only accessible and editable by nominated admins. It is for information that would be of use to those trying to break into our systems and that would be of little or no use to the general membership. It is hosted alongside wiki.mag-uk.org on webhost.mag-uk.org.

Proposed or In-Development Services

Mailbox Server (mailbox.mag-uk.org)

The existing mail service is provided by the somewhat elderly server central.mag-uk.org. It is proposed that a new mail server be built on the fred.mag-uk.org hosting server using modern versions of the operating system and the mail service packages. It would also take of the handling of the MAG the mailing lists. The software to be used would actually be the same as is already in use on central.mag-uk.org, with the exception that it would use Postfix mail server software instead of Sendmail mail server software. Once this is set up and established, the existing mail provision on central.mag-uk.org would be taken down and replaced with a mirror of the new mail server.

In the event of an outage at the Cardiff site, the mail routing would be switched back to this mirror on central.mag-uk.org. It would already have a current copy of all user mailboxes and would be switched to answer to the same login parameters and hostnames as for the Cardiff based main mail server. Once the outage has concluded the pointers would be switched back and the updated mailboxes synchronised back to the primary server in Cardiff.

Calendar Server (calendar.mag-uk.org)

This is proposed as an evolution of the existing events pages spread across the local and regional group sites and on the main web site. It is further proposed to use a very powerful open source package called [BedeWork]. It will accessible to anyone with a MAG Member Account and will be able to provide local group, regional and National event calendars, as well as a personal MAG calendar for every user to connect to via their phone/tablet/PC as either a web page or as a direct subscription into their online calendar app.

Rich Integrated Webmail/Calendar/Addressbook Portal (sogo.mag-uk.org)

As an alternative to configuring their own copy of a mail client on their PC/Phone/Tab this would be a one-stop webmail service with integrated calendar and address book. It is proposed that the powerful [SOGo] software suite be used for this purpose

Members Only Instant Messaging Server (xmpp.mag-uk.org)

Many people use text messages, facebook messenger, chat apps and such to send short messages to other members. For one thing these can cost money if using ordinary text and for another they are anything but closed and secure. Bearing in mind that MAG is a political pressure group, we might not appreciate the powers granted the very same local authorities we are often at odds with, to spy on our communications. This service would allow any Jabber/XMPP capable chat app (which is pretty much all of them) to connect securely to a MAG server and chat with other MAG members on an entirely closed and secure circuit. The end result is to all intents and purposes our own private text message service. The server software to be used would be [eJabberd] which is a very powerful and highly scalable XMPP/Jabber server. It is in fact a close relative of the software now used by the Facebook site for their chat service and uses exactly the same protocols.

Membership Portal

This is a proposal to bring such things as:

  • Membership fee payments
  • Address and email address corrections
  • MAG Mailing list membership

Under the direct control of the members themselves in line with MAG's grass roots philosophy.

It would be an encrypted web site with individual password access for the membership to maintain their privacy.