Tasks

From popdata
Jump to: navigation, search

New Staff User

  • image a machine and set up
  • check ethernet outlet at workstation that it is in correct vlan
  • See Systems/Account Management for setting up accounts:
    • Zimbra (mail),
    • PDS (including YubiKey)
    • Gilbert (Active Directory for Windows)
    • door access
  • Inform privacy officer of all access granted to the new person and she can set them up with an alarm code if needed.


On the machine, get the user to log in

  • start outlook
    • config mail account
    • choose "Other" and pick "Zimbra Collaboration Server"
    • mail server: mail.popdata.bc.ca
    • ssl: yes
    • account: use fully qualified name (e.g. jim@chspr.ubc.ca)
    • pass
    • once outlook starts, then go into properties for address lists and change default to Global Address List
  • map any drives
    • P: \\gilbert\alfresco
    • X: \\gilbert\shoebox
    • For CHSPR: S: \\gilbert\chspr-shared
  • start internet explorer
    • choose settings (gear icon on right, Internet Options)
    • Security Tab
    • Click on Local Intranet zone
    • Click on Sites button
    • Click on Advanced button
    • Under Add this website to the zone fill in: file://*.popdata.bc.ca/
    • Make sure Require server verification... is not clicked
    • Click Add
    • Click Close
  • add any printers needed (HP3005 and Xerox Colour Cube 2nd floor for most people)
  • help adding in any shared calendars (popdata-events)
  • show them webmail: https://mail.popdata.bc.ca/
  • show them units blog: https://units.popdata.bc.ca/
  • Setup JournyX Walkthrough

Physical Things:

  • introduce them
    • CHSPR's Grace
    • Kim M.
    • HELP upstairs
    • SPPH HR downstairs
  • ask Bryony to update redzone pictures
  • ask Bryony to update web page
  • ask Bryony to make a name template for them
  • show printers
  • show copy room
  • show lunch room
  • show washrooms
  • show 219, 491, 202, 210
  • show common campus lunch locations / parking if new to campus
  • explain composting
  • privacy training with Kaitlyn
  • get them to give Kaitlyn an alarm code
  • get them to sign confidentiality agreement
  • get them to sign fob form (if needed)
  • get them to sign securID form (if needed)
  • Building Key request (if needed)
  • set up voicemail
  • advise of 'red/yellow' Friday's provide printed calendar if available and advise of general staff schedules and availability
  • advise of in/out board
  • advise of 'support@popdata.bc.ca' for opening tickets with support
  • arrange a specific start time for the first day so they can be greeted and someone is available
  • advise of the stretch break schedule
  • add/remove contact information to emergency staff contact list (Abigail)
  • show the units blog
  • advise of notices to the units blog for absences (or alternatively contacting Abigail/Supervisor)
  • help setup units blog email notifications
  • have the new member provide a brief introductory bio update to the units blog

Data Services Specific

  • Remind Kaitlyn to remove outgoing DSU from list of programmers provided to MOH
  • Remind Kaitlyn to add incoming DSU to defined list of programmers
  • Advise of Data Holding go-to people
  • Advise of Yellow Zone resources wiki.popdata.bc.ca
  • Advise of Red Zone resources rzwiki.popdata.bc.ca
  • Walk through redzone / yellowzone kvm switching
  • Walk through workspace/Virtual Machine associations
  • Walk through primary servers and associated work (defuca, ericsson, george2)
  • Walk through available software tours
  • Walk through obvious acronym
  • Review system/server/group access for appropriate permissions

User leaving

  • Refer to list of current accesses kept by Privacy officer and/or the Systems and Security manager.
  • Use the list and the above account setup procedure to confirm cancellation of appropriate accounts and means of physical access (fobs and alarm code).

Places to Remove an Account

See Systems/Account_Management

Complete Shutdown

To Do Before Shutdown

  • patch KVM servers
    • noyon (done)
    • hubbard
    • verendrye
    • bondar
    • drake
    • kelsey
    • stefansson
    • hearne
  • fix memory on bondar
  • gilbert patches
  • last incremental
  • print out hardware database
  • write config for all network devices
  • run gather.pl on all machines

Notification

  • sre-users
  • pds SRE/SRTL/RTL news item
  • units blog
  • Vincent Kujala (kujala@geog.ubc.ca) for Geography mini-cluster in Rack 1
  • REDCap people: redcap@bcahsn.ca, michael.tang@ubc.ca, nkarduri@bcchr.ca, Victor.Espinosa@viha.ca, Victor.Espinosa@viha.ca
  • Research Connection: (not yet)
  • Worksafe Partnership: smarino@mail.ubc.ca, smarino@mail.ubc.ca
  • stefan for his Mac in the server room

Bringing Down Servers

  • Regular servers:
    • cartier, fidler, mackenzie
    • defuca, george, maple, milo, frobisher, quantum2, cheadle
    • stowe, menton, fedoruk, mance
    • nicollet
    • verrazzano
    • SRE machines: SRE1->12 FAST1->5
    • amundsen, cortereal, drake
    • fraser, sitka, sherry, ericsson, hearne, hudson, rae
    • alder, hemlock, sasamat
  • More important Ones:
    • All kelsey VMs: gilbert, champlain, thompson, maps, earlylearning, cyma, mopp
    • kelsey
    • All RZ VMs (using quantum1): rz-xp1->16, radison, win7s, beare
    • delasalle, verendrye, joliet
    • franklin
  • Last servers:
    • cabot
    • quantum1
    • mackenzie
    • SANs: san1, san2, san3, san4
    • vmgmt
    • cook
    • vancouver
  • Infrastructure
    • yz firewall
    • switches

Complete Startup

  • power on air conditioners if necessary
  • power on UPS, wait until minimum charge
  • power on switches
  • power on firewall
  • power on cook/champlain (dns/ldap) [pause]
  • power on san3 & san4 [pause]
  • power on kelsey
  • start VMs on kelsey
    • cabot
    • sullivan
    • sasamat
    • gilbert
    • kateri
    • thompson2
    • thompson3
    • beare
  • power up verrazzano
  • power up the rest (order no longer important
  • SRE:
    • power up fraser
    • power up noyon
    • power up hubbard
    • power up drake
    • power up verendrye
    • power up bondar
    • start up sre1->sre36 on above servers
    • power up fast1->fast14
  • power up cartier
  • power up frobisher
  • start VMs on frobisher
    • delasalle
    • joliet
    • isbister
    • trembley
  • power up fidler
  • power up hudson
  • Redzone:
  • power up vancouver
  • power up mackenzie
  • power up rice
  • power up franklin
  • power up defuca
  • power up george
  • power up ericsson
  • power up payette
  • power up cheadle
  • power up stefansson
  • power up hearne
  • power up redzone VMs on stefansson & hearne

Things to check / Do

  • syspulse red lights
  • SRE monitoring
  • logs going to cabot and mackenzie
  • email in/out
  • redzone clients
  • vpn login with Yubikey
  • remote desktop login to SRE using testuser1-99-t01
  • yellow folders
  • PDS account listing, password change
  • my.popdata login, password change

Patching and Upgrades

Least important to most important

Windows

  • nicollet
  • nicollet2
  • rice
  • finley
  • Kateri
  • larsen
  • Gilbert

Linux YellowZone

Least important to most important. Log in hardware database for each machine afterwards.

  • Inside and test
  • philby
  • hudson
  • fidler
  • cook
  • delasalle
  • thompson2
  • thompson3
  • cabot
  • Outside Stuff
  • sasamat
  • isbister
  • champlain
  • joliet
  • tremblay
  • SRE
  • drake
  • hubbard
  • verendrye
  • noyon
  • bondar
  • fraser
  • Important
  • sullivan
  • cartier
  • verrazzano
  • beare
  • Backbone
  • kelsey
  • frobisher
  • pd-san3
  • pd-san4

Linux RedZone

  • cheadle
  • stefansson
  • hearne
  • ericsson
  • payette
  • george
  • defuca
  • mackenzie
  • franklin
  • vancouver

Startup 2018-05-05

  • wait until ups got to minimum percentage (50%) (can be bypassed on front panel)
  • all switches / firewalls boot themselves
  • start my machine - edit /etc/resolv.conf set nameserver to 8.8.8.8 (google) internet should work now.
  • start champlain
    • add "acpi=off" to linux command line to boot
    • login on console
    • cd /usr/local/yubiserver; ./yubiserve.py &
    • can log into champlain from my machine now. Change my machine resolv.conf to nameserver 10.80.20.80
  • start up cartier (so I can access wiki and write this)
  • start up kelsey and k2 (new kelsey)
  • start up gilbert2 on k2: virsh start gilbert2
  • do a whole bunch of stuff to move more virtual machines to k2
    • tried a cross-cable 10gbe between kelsey and k2 - still slow
    • took 1TB ssd mirror and just plugged it into k2
    • lots more work to get right network connections on k2 - used some cables from kelsey
  • boot up sullivan on k2 (depends on cabot to make pds work)
  • boot up cabot on k2
  • patch cabot, reboot cabot
  • start up pd-san3 and pd-san4
  • log into pd-san3 and pd-san4 via cabot
  • turn on old netapp disk tray for pd-san3
  • check /proc/mdstat on pd-san3 to make sure md0 is happy with all 14 drives
  • run targetcli on pd-san3 and pd-san4 make sure it all looks good.
  • start up verrazzano
    • log in and try out iscsi
    • mount /extra
    • fix /etc/resolv.conf
    • add soehmail.popdata.bc.ca back to DNS
    • /etc/init.d/zimbra stop
    • /etc/init.d/zimbra start
  • start up cook (hmmm)
  • start up fraser