Loomio
Tue 22 May 2018 8:00AM

Transferring my sysadmin responsibilities to a Tech Ops Team

MDB Mayel de Borniol Public Seen by 54

Hello social.coop!

As has been discussed on several occasions, I think it is important that the sysadmin responsibilities be taken over by something like a Tech Ops Team, both for the health and sustainability of social.coop, and for my own sanity.

Here's how you can help:

  1. If you have tech skills and time/interest to be involved, please join the Tech WG on Loomio if you haven't already
  2. Reply to the post about Tech Ops Team: Responsibilities & Initial Documentation with any clarifying questions to help flesh out the documentation (hopefully @victormatekole will be able to transfer his knowledge about the setup as well). You can also view the document directly.
  3. Help test/choose/setup a secure way to share passwords/keys
  4. Figure out how to organise the Tech Ops Team (there are already a few ongoing dicussions about this in various WG)
  5. Tell me who to provide access to (SSH to the servers, and accounts on various 3rd party services), and where to store the shared passwords/keys
  6. The Tech Ops Team starts handling the Responsibilities A through G.
  7. Profit! (i.e. make social.coop sustainable)

I would really appreciate if everyone can pitch in so we can try and reach step 6 by the end of the month, as I've now taken on a new job, and really need to free up more of my time.

Thank you!

CCC

Chris Croome (Webarchitects Co-operative) Tue 22 May 2018 8:25AM

We find that Keyringer works really well for techies who know git and gpg, it is in Debian, takes a little while to set up but is great. It could potentially be hosted on our GitLab server at https://git.coop/

If techies have their SSH keys on Launchpad and / or GitHub then ssh-import-id is a great time saver, eg:

sudo -i
apt install ssh-import-id
ssh-import-id chriscroome

I'm afraid I don't really have any capacity to take on unpaid sysadmin work but I will try to help in any way I can.

NS

Nick S Fri 1 Jun 2018 9:13PM

Can you comment on the other tools like git-crypt, and git-secret in comparison? (here) I've skimmed them and Keyringer's docs but not actually tried to use anything but git-crypt before (which I don't know is very amenable for use with multiple keys).

Otherwise I might propose we just try Keyringer until we decide we don't like it.

CCC

Chris Croome (Webarchitects Co-operative) Fri 1 Jun 2018 10:44PM

Sorry I can't comment on git-crypt and git-secret in comparison as I haven't used them. Keyringer is bash and gpg and git and that works for me.

RB

Robert Benjamin Tue 22 May 2018 4:05PM

Great work creating this detailed stepped process and documentation! Hopefully with the deep talent pool that there seems to be you'll be able to transition to a solid team before too long.