Project

General

Profile

Actions

NetworkInfrastructure » History » Revision 108

« Previous | Revision 108/163 (diff) | Next »
Denis 'GNUtoo' Carikli, 04/09/2019 12:19 PM


NetworkInfrastructure

What Where Access type Who comments
Redmine instance OSUOSL Redmine administrator Only the following people have access to it:
* Paul Kocialkowski
* Wolfgang Wiedmeyer
* GNUtoo
* Joonas Kylmälä
* People
* OSUOSL system administrators
Mailing list Mailing list administrator Several Replicant contributors including:
* Paul Kocialkowski
* GNUtoo
* Add your name here if you have access and want to be mentioned
Wordpress instance Wordpress administator Several Replicant contributors including:
* Paul Kocialkowski
* GNUtoo
* Add your name here if you have access and want to be mentioned
This instance is auto-updated automatically with the help of a plugin.
Releases SSH Only the following people have access to it:
* Paul Kocialkowski
* Wolfgang Wiedmeyer
* GNUtoo
* Joonas Kylmälä
We should not use too much space
A virtual machine hosted by the FSF that handles:
* Replicant Source code
FSF SSH root access Only the following people or machines have access to it
* Paul Kocialkowski
* Joonas Kylmälä
* GNUtoo
* Several FSF system administrators
* FSF backup server
* FSF ansible deployment server
Resources kindly offered by the FSF
Private contact address This is handled by Paul Kocialkowski's mail servers:
* armstrong.paulk.fr
* gagarine.paulk.fr
SSH, physical access Paul Kocialkowski only (it's his machines) The contact address is redirected to several Replicant contributors including:
* Paul Kocialkowski
* GNUtoo
* Add your name here if you receive mail from this address and want to be mentioned
IRC channel Freenode Channel operator(s) Several Replicant contributors including:
* GNUtoo
* Paul Kocialkowski
* Kurtis Hanna
* Add your name here if you have access and want to be mentioned
MODE #Replicant +qe $~a *!*@gateway/web/* and MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/* have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak
The replicant.us (mostly-static) front website OSUOSL None: There is an automatic hook managed by OSUOSL * Source code
* Patches are to be sent to the Replicant mailing list
* There is a jenkins hook with a token to pull and deploy the website source code
The replicant.us domain name gandi.net * Web inteface through gandi website
* The DNS entries are configured to use gandi's DNS server
The following people or machines have access to it:
* Bradley Kuhn (administrative contact): Can do everything (including designing the technical contact or transferring the domain)
* GNUtoo (technical contact): can do DNS zone changes
* Other people? Paul Kocialkowski?
The replicant.us TLS certificate Let's Encrypt Access probably by controlling the respective domain name * https://www.replicant.us: OSUOSL
* https://blog.replicant.us: OSUOSL
* https://redmine.replicant.us: OSUOSL
* https://git.replicant.us: ?
History: CA-cert -> GlobalSign -> LetsEncrypt

OSUOSL

The OSUOSL is the Oregon State University Open Source Lab.

Contact:
  • They can be contacted on #osuosl on the Freenode IRC network
  • They also have a 'support' mail address at osuosl.org

Virtual machine in FSF's office

  • The virtual machine is hosted in a server that is in their office.
  • Several FSF network administrator also have access to the virtual machine
Contact:
  • The 'sysadmin' mail address at gnu.org
  • The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters

Virtual machine specifications

The virtual machine runs on top of Xen and has:
  • About 3G of RAM
  • 1 virtual core
  • a 10G rootfs partition
  • a 100G storage partition for Replicant git repositories
  • One IPv4 and one IPv6
Software:
  • Trisquel 8.0
  • The virtual machine may be using FAI and cfengine but it would need more investigation on that.
  • The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).

Virtual machine backup policies

The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:

/dev
/proc
/tmp
/sys
/run
/mnt
/mnt0
/mnt1
/mnt2
/mnt3
/mnt4
/mnt5
/mnt6
/mnt7
/mnt8
/mnt9
/floppy/
/cdrom/
/media/
/net/
/var/spool/squid/
/var/spool/squid3/
/var/spool/squid3_bak/
/var/spool/squid-tbd/
/var/spool/squid*/
/var/spool/django/
/var/spool/exim/
/var/cache/
/srv/chroot/
/t
/srv/to-tape
/var/lib/ceph/osd/
/var/lib/apt/lists/
/var/cache/apt/

git hosting infrastructure on this machine

The source code is in /srv/git/git-data/repositories and is divided in several groups:
  • Replicant source code
  • LineageOS mirror
  • Various developers repositories
function software comments
authorization gitolite
read access * git:// -> git daemon
* ssh:// -> ssh daemon
* https:// -> ? (TODO: document the software/configuration)
web cgit

Gandi

Freenode

TODO:

  • Ask the OSUOSL about backup policies.
  • Document public spaces like Freenode IRC channel.
  • Do our own backup policies and do some backups ourselves.
  • Contact the people that have some control of the resources above and ask for permission to mention them here
  • Fill the gaps (mentioned with '?') in this page
  • Look what happens when an account is deleted
  • Fix the related issues in the tracker
  • Move the entries of this TODO list to the tracker when it makes sense

Funding and legal entity

See the SteeringCommittee for more details.

Legal advise

Contact John Sullivan at the FSF.

Note that John Sullivan is not a lawyer but the FSF has lawyers.

Updated by Denis 'GNUtoo' Carikli over 5 years ago · 108 revisions

Also available in: PDF HTML TXT