[% title = "All about Debian JP Project Administration" %]

All about Debian JP Project Administration

All about Debian JP Project
Administration

Fumitoshi UKAI
Debian developer: ukai@debian.org
Debian JP Project Leader: ukai@debian.or.jp
Japan Linux Association, President

(page 1)

All about Debian JP Admin
Today's Agenda

Lists of Debian JP's Machines

LDAP management --- *@debian.or.jp
rsync mirror --- *.jp.debian.org
ftp-master --- ftp.debian.or.jp
Bug Tracking System --- bugs.debian.or.jp
upload queue

Others

mail, ML, archive, search, ftp, www, diary

(page 2)

All about Debian JP Admin
Lists of Debian JP's Machines

master - laser5 / OCN Economy

Pentium MMX 233MHz 80M 6G+6G+8G
queue

arashi - Stormix, hypercore / Kashiwa NOC

PentiumIII 666MHz 384M 17.5G+17.5G
MX, www

plat - Plathome / Kashiwa NOC

PentiumIII 550MHz 256M 8G+70G(md)
ftp, rsync

hp - HP / OCN Economy

PentiumIII 600MHz 512M 9G+80G
DNS, LDAP, ftp-master

misato - NetVillage / Kashiwa NOC

Celeron 500MHz 256M 3G+6G+6G+6G+8.7G+4.1G+2G
(cdimage)

vaj, sakusa is dead now

(page 3)

All about Debian JP Admin
LDAP management

Each machines are distributed

Account managed by LDAP
Create files from LDAP
- in /org/db.debian.or.jp/db//
- passwd, shadow, group, .forward
- .ssh/authorized_keys
Copy files via ssh
- to :/var/lib/misc/
- build db using /var/lib/misc/Makefile
Using NSS db (libnss-db)
- passwd: compat db
- group: db compat
- shadow: compat db

(page 4)

All about Debian JP Admin
LDAP management

Why not using LDAP directly?
Communications over public Internet

Snoop passwd?
- Copy over ssh
Network trouble
- It's more safe than LDAP
- Anyway, it may be better to use LDAP replica

(page 5)

All about Debian JP Admin
LDAP management

Why not using LDAP directly? (2)

It's not so fast
- Use nscd
Secure communication
- Use TLS/SSL or ssh portforwarding
Ssh RSA/DSA key management
- no LDAP support in ssh yet?

(page 6)

All about Debian JP Admin
LDAP management

debian.org -- userdir_ldap

cvs.debian.org userdir_ldap
Basically, same features
Written in python (perl?)
ssh hack
- GlobalRSAFile /var/lib/misc/ssh-rsa-shadow
- GlobalDSAFile /var/lib/misc/ssh-dsa-shadow

(page 7)

All about Debian JP Admin
LDAP management

TODO
https://db.debian.or.jp/

management data in LDAP
It was written in ePerl, now suspended
eRuby?

(page 8)

All about Debian JP Admin
rsync mirror

*.jp.debian.org - official mirror site of *.debian.org

ftp.jp.debian.org - debian package archive
www.jp.debian.org - debian web pages

Using rsync

ftp - pull mirror
www - push mirror

(page 9)

All about Debian JP Admin
rsync mirror

push mirror

kick from primary via ssh
mirror site run rsync

(page 10)

All about Debian JP Admin
rsync mirror

push mirror

primary
- create ssh key pair
  - identity - secret
  - identity.pub - public
mirror site (1)
- primary's identity.pub put in ~/.ssh/authorized_keys
  - command="~/websync &" 1024 41 1095....159 archvsync@debian
- ~/websync execution only from archvsync@debian connection
- websync - rsync pull mirror
- websync.conf - configuration file

(page 11)

All about Debian JP Admin
rsync mirror

push mirror chain

mirror site (1)
- create ssh key pair
  - identity - secret
  - identity.pub - public
- kick mirror(2) by signal.sh
  - ssh -o"BatchMode yes" -o"user $2" "$1" -i $HOME/.ssh/identity sleep 1
- rsync daemon setup
  - /etc/rsyncd.conf
mirror site (2)
- mirror(1)'s identity.pub put in ~/.ssh/authorized_keys

(page 12)

All about Debian JP Admin
ftp-master

dak (python + postgresql)

cvs.debian.org dak
- katie
- madison
- melanie
- heidi
- natalie.py

(page 13)

All about Debian JP Admin
ftp-master

katie
install packages from incoming

new version of dinstall
run by cron
/org/ftp-master.debian.or.jp/katie/cron.daily-jp
- katie -pak *.changes | direport

check
- katie -n *.changes
manual install
- katie *.changes
manual reject
- katie -m *.changes

(page 14)

All about Debian JP Admin
ftp-master

madison
List versions and architectures of the package

./madison
% ./madison ack
- ack | 1.3.9-3 | stable | i386, powerpc, sparc, source
- ack | 1.3.9-3 | testing | alpha, i386, m68k, powerpc, sparc, source
- ack | 1.3.9-3 | unstable | alpha, i386, m68k, powerpc, sparc, source
postgresql read permission required

(page 15)

All about Debian JP Admin
ftp-master

melanie
Delete package from archive

./melanie -d -m "" -s unstable
-b
- binary only
-a
- architecture

(page 16)

All about Debian JP Admin
ftp-master

heidi
List package in suites

List packages in testing
- ./heidi -l testing
Add package to testing
- ./heidi -a testing < list
Delete package from unstable
- ./heidi -r unstable < list

(page 17)

All about Debian JP Admin
ftp-master

natalie.py
Manupilate override

List override
- ./natalie.py -l
Set new override
- ./natalie.py -S < override

(page 18)

All about Debian JP Admin
Bug Tracking System

debbugs package

virtual domain required
mail configuration
cron configuration
www configuration

(page 19)

All about Debian JP Admin
Bug Tracking System

mail configuration
postfix

/etc/postfix/master.cf
- debbugs unix - n n - 1 pipe flags=F. user=debbugs argv=/usr/sbin/debbugs-receive $recipient
/etc/postfix/transport
- bugs.debian.or.jp debbugs:

/usr/sbin/debbugs-receive

put mail to /var/spool/debbugs/incoming/

(page 20)

All about Debian JP Admin
Bug Tracking System

cron configuration

23 7 * * 3 /usr/lib/debbugs/scripts/age-1
24 7 * * * /usr/lib/debbugs/scripts/expire >/dev/null
23 16 * * 5 /usr/lib/debbugs/scripts/mailsummary undone >/dev/null
23 16 * * 2 /usr/lib/debbugs/scripts/mailsummary bymaint >/dev/null

/usr/lib/debbugs/scripts/processall
- from /var/spool/debbugs/incoming
- to /var/spool/debbugs/db/.{log,report,status}
/usr/lib/debbugs/scripts/html-control
- from /var/spool/debbugs/db/
- to /var/www/Bugs/

(page 21)

All about Debian JP Admin
Bug Tracking System

www configuration

RewriteEngine on
RewriteRule ^/$ http://www.debian.or.jp/Bugs/
RewriteRule ^/([^[:digit:]][^/]+) http://www.debian.or.jp/Bugs/db/pa/l$1.html [L]
RewriteRule ^/([[:digit:]][[:digit:]])([^/]+) http://www.debian.or.jp/Bugs/db/$1/$1$2.html [L]

(page 22)

All about Debian JP Admin
Bug Tracking System

TODO
Current JP Bug Tracking System is old

tags
Japanese hack...

Bug report coordination in Japanese

Receive bug report in Japanese
Review, translate and submit to bugs.debian.org
Bug status onnection with bugs.debian.org?

(page 23)

All about Debian JP Admin
upload queue

on master.debian.or.jp

~ftp/pub/Incoming/upload
- upload to ftp-master
~ftp/pub/Incoming/upload-non-US
- upload to non-us
~ftp/pub/Incoming/upload-jp
- upload to hp.debian.or.jp

(page 24)

All about Debian JP Admin
upload queue

debianqueued program

debian/project/misc/debianqueued-0.9.tar.gz

master:/home/admin/debianqueued*

config
- $incoming, $keyring_archive
- $target, $targetlogin, $targetdir
- $maintainer_mail

(page 25)

All about Debian JP Admin
upload queue

user of debianqueued running

scp to $targetlogin@$taget:$targetdir
removal permission in $incoming dir

Using ssh-agent

passphrase required to run ./debianqueued

Daemon
Periodically check $incoming and scp to $target*

check signature of *.changes file
automatically remove invalid files in $incoming

status file

FIFO
cat status

(page 26)

All about Debian JP Admin

Next talk is www.debian.org translation by maehara@debian.org :)
(page 27)