Looking at the thread about the new blog team, it is clear that some
things are dependent on the relationship that teams have with the
system-hackers group
Ignoring the current configuration of the systems, what is the ideal
service that the system-hackers would like to be able to provide?
E.g.
- which OS/distribution? E.g. Debian
- would more than one OS be feasible or required?
(this multiplies support effort, should be avoided)
- will services run in virtual machines and which technology will be
used (KVM, XCP, Openstack, ...), e.g. will the blogging service run in a
VM isolated from the services operated by other teams?
- benefit: each team can receive major OS updates at different times
- disadvantage: extra effort for system-hackers team, needs more IP
addresses
- how fast can packaged security updates (e.g. from Debian) be deployed?
Will the updates be automatically deployed by cron or something, or
will the team aim for a 24x7 support roster? In the latter case, are
more volunteers needed in the system-hackers team?
- how will major upgrades (e.g. from Debian 8.0 to 9.0) be deployed?
E.g. aim to begin upgrade 3 months after the official release,
individual teams using a particular server can veto the upgrade until 7
months have passed
- which services must be supported by the system-hackers (I'd suggest
backups, public web site, wiki, IP address allocation, SSL certificate
creation, monitoring, Git, DNS, authentication/OpenID/LDAP, mail,
mailing lists, SIP, XMPP and any services that the system-hackers may
depend on in the course of their own activities)
- are the system-hackers willing to support a database such as
PostgreSQL for use by other teams? Can they provide a convenient way
for members of other teams to take snapshots of their databases for use
in test servers?
- will the system-hackers allow members of other teams to use sudo?
Maybe there are other things too, it would be good to see the
system-hackers provide a list of what you would be willing to support
and a separate list of what people think they need the system-hackers to
support.