MAG's Internet Services Estate: Difference between revisions

From Motorcycle Action Group Wiki
Jump to navigation Jump to search
No edit summary
Line 20: Line 20:
=== central.mag-uk.org ===
=== central.mag-uk.org ===


This is now a rather elderly machine running a rather elderly version of Linux. The services still running on this machie are slowly being split off and moved to more modern hardware and OS versions on the external hosting site in Cardiff.
This is now a rather [[Elderly version of Linux]]. The services still running on this machine are slowly being split off and moved to more modern hardware and OS versions on the external hosting site in Cardiff.


=== fred.mag-uk.org ===
=== fred.mag-uk.org ===
Line 28: Line 28:
==== ldap.mag-uk.org ====
==== ldap.mag-uk.org ====


This machine contains the MAG user account database. it is from this machien that all the other new generation MAG servers get their MAG usernames and passwords. This way once the member has a username and password, they can use it for all MAG's new generation services. If they change it, it changes for all the services. This avoids the situation of having to maintain dozens of separate username/password lists with the user confusion and admin workload that this would represent.
This machine contains the MAG user account database. It is from this machine that all the other new generation MAG servers get their MAG usernames and passwords. This way once the member has a username and password, they can use it for all MAG's new generation services. If they change it, it changes for all the services. This avoids the situation of having to maintain dozens of separate username/password lists with the user confusion and admin workload that this would represent.


==== webhost.mag-uk.org ====
==== [[server:webhost.mag-uk.org|webhost.mag-uk.org]] ====


Most of the MAG web sites are still running on the central server. Webhost is the new platform to which these sites will be migrated. The intent is that they will all run on this machine in the end.
Most of the MAG web sites are still running on the central server. Webhost is the new platform to which these sites will be migrated. The intent is that they will all run on this machine in the end.

Revision as of 23:54, 8 December 2015

Introduction

Over the last decade and a half, MAG has built up a number of customised services for use by and on behalf of the members to improve our internal and external communications and to power our campaigns. This is a brief summary of what those services are and some superficial details of how they are put together.

Founding Principles

Covered more fully in the page Why Self Host in essence MAG made a large effort to ensure that the bare minimum of outside organisations have the power to shut down all or part of MAG's online operations. There will always be external entities who can do this, but the effort is to minimise the number of these and the potential fallout if they do.

It is achieved by make all our main services follow this line:

  • Open source software used

Open source software does not need any form of license so cannot be remotely switched off if MAG is too skint to pay the license renewal

  • On MAG's own equipment

Hardware is getting cheaper and cheaper. If we only use machines wholly owned by MAG, they cannot be repossessed if we don't keep up the payments.

  • On MAG's own premises

The principle here is that the primary copy of any data is to be held on a MAG machine on MAG's premises. We already have servers running in 3rd party hosting centres, but they will be holding secondary copies of the information, the primary copy being held at central. This way if the deal with the hosting centre goes pear shaped and the summarily switch us off, the primary copy can be used to bring the service back up. (NB This is the intent but in some cases we have not yet closed the loop).

Main Servers

central.mag-uk.org

This is now a rather Elderly version of Linux. The services still running on this machine are slowly being split off and moved to more modern hardware and OS versions on the external hosting site in Cardiff.

fred.mag-uk.org

This is a modern tower server with sufficient power to run several virtual machines. Fred's main purpose is to be a virtual machine server, this way the admins can connect to the consoles of the actual function servers for remote, low level maintenance. The current crop of servers on Fred are:

ldap.mag-uk.org

This machine contains the MAG user account database. It is from this machine that all the other new generation MAG servers get their MAG usernames and passwords. This way once the member has a username and password, they can use it for all MAG's new generation services. If they change it, it changes for all the services. This avoids the situation of having to maintain dozens of separate username/password lists with the user confusion and admin workload that this would represent.

webhost.mag-uk.org

Most of the MAG web sites are still running on the central server. Webhost is the new platform to which these sites will be migrated. The intent is that they will all run on this machine in the end.

Services

Email

This is currently done by central.mag-uk.org but will eventually migrate to a new mail server on fred.mag-uk.org.

Role Based Email Aliases

This is currently done by central.mag-uk.org but will eventually migrate to a new mail server on fred.mag-uk.org.

Local and Regional Web Sites

This is currently done by central.mag-uk.org but is currently being migrated to webhost.mag-uk.org.

There are several sites already there, inclusing the existing main web site http://www.mag-uk.org and the yet to be published new main web site TBD.

wiki.mag-uk.org

This is a new generation service and is hosted on webhost.mag-uk.org

It allows any member thus enabled to add and maintain pages of information for use by the members. This page as a example.

adminwiki.mag-uk.org

This is a sister service to wiki.mag-uk.org but is only accessable and editable by nominated admins. It is for information that would be of use to those trying to break into our systems and that would be of little or no use to the general membership. It is hosted alongside wiki.mag-uk.org on webhost.mag-uk.org

Proposed or In-Development Services

Mailbox Server

The existing mail service is provided by the somewhat elderly server at central. It is proposed that a new mail server be built on the fred.mag-uk.org hosting server using modern versions of the operating system and the mail service packages. It would also take of the handling of the MAG the mailing lists. The software to be used would actually be the same as is already in use on the central server, with the exception that it would use Postfix mail server software instead of Sendmail mail server software. Once this is set up and established, the existing mail provision at central would be taken down and replaced with a mirror of the new mail server.

In the event of an outage at the Cardiff site, the mail routing would be switched back to this mirror at central. It would already have a current copy of all user mailboxes and would be switched to answer to the same login parameters and hostnames as for the Cardiff based main mail server. Once the outage has concluded the pointers would be switched back and the updated mailboxes synchronised back to the primary server in Cardiff.

Calendar Server

This is proposed as an evolution of the existing events pages spread across the local and regional group sites and on the main web site. it is proposed to use a very powerful open source packlage called [BedeWork]. It will accessable to anyone with a MAG online account and will be able to provide local group, regional and National event calendars, as well as a personal MAG calendar for every user to connect to via their phone/tablet/PC as either a web page or as a direct subscription into their online calendar app.

Membership Portal

This is a proposal to bring such things as:

  • Membership fee payments
  • Address and email address corrections
  • MAG Mailing list membership

Under the direct control of the members themselves in line with MAG's grass roots philosophy.

It would be an encrypted web site with individual password access for the membership to maintain their privacy.

Rich Integrated Webmail/Calendar/Addressbook Portal

As an alternative to configuring their own copy of a mail client on their PC/Phone/Tab this would be a one-stop webmail service with integrated calendar and address book. It is proposed that the powerful [SOGo] software suite be used for this purpose.

Secure Closed Person Instant Messaging Server

Many people use text messages, facebook messenger, chat apps and such to send short messages to other members. For one thing these can cost money if using ordinary text and for another they are anything but closed and secure. Bearing in mind that MAG is a political pressure group, we might not appreciate the powers granted the very same local authorities we are often at odds with, to spy on our communications. This service would allow any Jabber/XMPP capable chat app (which is pretty much all of them) to connect securely to a MAG server and chat with other MAG members on an entirely closed and secure circuit. The end result is to all intents and purposes our own private text message service. The server software to be used would be [eJabberd] which is a very powerful and highly scalable XMPP/Jabber server. It is in fact a close relative of the software now used by the Facebook site for their chat service and uses exactly the same protocols.