Server Team Meeting, 2018-07-06 (one day remote sprint)

Attendees: Andreas Beutel, Andri Steiner, Bastian Bringenberg, Michael Stucki, Steffen Gebert, Stephan GroƟberndt

Beginning of the meeting: 09:00 CEST.

Open Issues from last meetings


  • Docker Container for LDAP Server with our own settings => Bastian
  • Plan next sprints
  • Fix Zabbix => Bastian
  • Analyse Zabbix => Bastian
  • Monitoring in general
  • Kubernetes / MiniKube(?)
  • Redmine (Status external admin)

Team Member availability

  • [INFO] As discussed in the last meeting:

Due to the full time jobs of all team members, we do not have the possibility to provide 24/7 services. Therefore we need to define some sort of duty matrix to reduce response times and provide better service.
At the same time we need to define the vital services that require immediate action and those where activities may be deferred until the evening hours. The result could also be some kind of SLA for the services combined with a timetable for the team members.

  • [INFO] Who would actually be able to provide an SLA? It is most likely only team members who know the whole infrastructure.
  • [INFO] The following possibilities exist:
    a) Team members provide best effort service (status quo): free
    b) Team members provide SLA with 12h reaction time: 200 EUR / month x 5 people = 1000 EUR / month
    c) Company provides SLA with 4h reaction time: 1000 EUR / month (estimation)
  • [TODO] Michael will forward this topic to the T3A board to decide about the further procedure.

Nameserver (DNS)

  • [INFO] Question pops up if there is anything left to do regarding the broken nameserver.
  • [INFO] The issue has been completely resolved, no further action is needed. Updates to the nameserver can be filed via site-nstypo3org cookbook as usual.

Clean up the Backup Server


  • [INFO] GDPR queue in OTRS is now configured correctly
  • [INFO] Older tickets from admin queue have been moved there for inspection


  • [INFO] We "fixed" the mass subscriptions via web interface by blocking HTTP access to the subscription page.
  • [INFO] From now on, subscription is only possible via email to <listname> with subject "subscribe".

shutdown of

  • [INFO] there where several problems with the current forum (maintenance, security, login)
  • [INFO] all information available on the forum is also mirrored to the mailinglist/newsgroup
  • [INFO] we decided to focus our available resources to the mailinglist/newsgroup/forum migration and therefore disabled the forum temporarily
  • [INFO] is redirected to now
  • [INFO] see for details

outgoing mail setup

  • [INFO] from time to time, we run into some problems related to the fact that the outgoing mailsystems name does not match the reverse dns record
  • [INFO] in a perfect world, all mails sent with a address should leave our infrastructure through our central mailserver, where we ensure that everything is in order, and, for example, add DKIM records to each mail
  • [TODO] reconfigure our outgoing mailrelay servers to use our mailserver as relay
  • [TODO] reconfigure important applications to use our mailrelay or mailserver directly
  • [INFO] see for details