Project

General

Profile

NetworkInfrastructure » History » Version 148

Kurtis Hanna, 09/25/2020 08:04 PM
added that OFTC is also bridged with the freenode matrix channel

1 125 dl lud
h1. Network Infrastructure
2 1 Denis 'GNUtoo' Carikli
3 141 dl lud
|_. What |_. Where |_. Access type | Who | Comments |
4
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
5 1 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
8 141 dl lud
* [[People#Fil-Bergamo|Fil Bergamo]]
9
* [[People#Kurtis-Hanna|Kurtis Hanna]]
10 133 dl lud
* @dllud
11 1 Denis 'GNUtoo' Carikli
* @GrimKriegor
12 141 dl lud
* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant
13 1 Denis 'GNUtoo' Carikli
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
14 141 dl lud
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
15
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
16 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
17
* [[People#Kurtis-Hanna|Kurtis Hanna]]
18
* @dllud
19 141 dl lud
* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
20
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
21
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
22 103 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
23 141 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
24
* [[People#Fil-Bergamo|Fil Bergamo]]
25
* [[People#Kurtis-Hanna|Kurtis Hanna]]
26
* @dllud
27
* OSUOSL system administrators
28 110 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
29 141 dl lud
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
30 139 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
31 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
32 142 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
33
* OSUOSL system administrators | We should not use too much space. |
34 141 dl lud
| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/
35
* Patches should be sent to the Replicant mailing list.
36
* There is a jenkins hook with a token to pull and deploy the website source code. |
37 143 dl lud
| "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
38 120 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
39 141 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
40 120 Denis 'GNUtoo' Carikli
* Several FSF system administrators
41 52 Denis 'GNUtoo' Carikli
* FSF backup server
42 141 dl lud
* FSF Ansible deployment server | Resources kindly offered by the FSF.
43
The git configuration has [[ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]].
44 38 Denis 'GNUtoo' Carikli
Before handling SSH (root) access to this machine:
45 141 dl lud
* Make sure that the person really needs it.
46 1 Denis 'GNUtoo' Carikli
* Make sure that the person already contributed to Replicant.
47 141 dl lud
* Ask one other person that has SSH access and/or the [[SteeringCommittee]] to also agree on it. |
48 143 dl lud
| [[PrivateContact|Private contact address]] | IMAP access | * [[People#Denis-GNUtoo-Carikli|GNUtoo]]
49 33 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
50 141 dl lud
* [[People#Fil-Bergamo|Fil Bergamo]]
51 105 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
52 141 dl lud
* @dllud
53
* @GrimKriegor | You can write to the contact address (all the members of [[SteeringCommittee]] receive it) if for some reasons you need to receive it as well. |
54 145 dl lud
|/2. #replicant IRC channel | Freenode | Channel operator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
55 106 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
56 147 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
57
* [[People#Kurtis-Hanna|Kurtis Hanna]]| Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |
58 145 dl lud
| OFTC | Channel operator | * [[People#Kurtis-Hanna|Kurtis Hanna]]
59 148 Kurtis Hanna
* @JeremyRand | Bridged with the Freenode IRC channel and #freenode_#replicant:matrix.org Matrix channel through the NCBridge bot operated by @JeremyRand |
60 29 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
61 141 dl lud
* The DNS entries are configured to use gandi's DNS server | * [[People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]]: Can do everything (including designating the technical contact or transferring the domain) 
62 30 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]]: can do DNS zone changes
63 16 Denis 'GNUtoo' Carikli
* Other people? [[People#Paul-Kocialkowski|Paul Kocialkowski]]? | |
64 13 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
65 7 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
66 16 Denis 'GNUtoo' Carikli
* https://redmine.replicant.us: OSUOSL
67 19 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
68 56 Denis 'GNUtoo' Carikli
69
h2. OSUOSL
70 92 Denis 'GNUtoo' Carikli
71 144 dl lud
The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.
72 130 Denis 'GNUtoo' Carikli
73 1 Denis 'GNUtoo' Carikli
Contact:
74 129 Denis 'GNUtoo' Carikli
* They can be contacted on #osuosl on the Freenode IRC network
75 1 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
76 66 Denis 'GNUtoo' Carikli
77 75 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's infrastructure
78 76 Denis 'GNUtoo' Carikli
79
* The virtual machine is hosted in a server that is in their office or in a datacenter.
80 75 Denis 'GNUtoo' Carikli
* Several FSF network administrator also have access to the virtual machine
81 66 Denis 'GNUtoo' Carikli
82 67 Denis 'GNUtoo' Carikli
Contact:
83 69 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
84 66 Denis 'GNUtoo' Carikli
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
85
86
h3. Virtual machine specifications
87
88 1 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
89 69 Denis 'GNUtoo' Carikli
* About 3G of RAM
90
* 1 virtual core
91 93 Denis 'GNUtoo' Carikli
* a 10G rootfs partition
92 72 Denis 'GNUtoo' Carikli
* a 100G storage partition for Replicant git repositories
93
* One IPv4 and one IPv6
94 66 Denis 'GNUtoo' Carikli
95
Software:
96 68 Denis 'GNUtoo' Carikli
* Trisquel 8.0
97 89 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
98 62 Denis 'GNUtoo' Carikli
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
99
100
h3. Virtual machine backup policies
101
102
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
103
<pre>
104
/dev
105
/proc
106
/tmp
107
/sys
108
/run
109
/mnt
110
/mnt0
111
/mnt1
112
/mnt2
113
/mnt3
114
/mnt4
115
/mnt5
116
/mnt6
117
/mnt7
118
/mnt8
119
/mnt9
120
/floppy/
121
/cdrom/
122
/media/
123
/net/
124
/var/spool/squid/
125
/var/spool/squid3/
126
/var/spool/squid3_bak/
127
/var/spool/squid-tbd/
128
/var/spool/squid*/
129
/var/spool/django/
130
/var/spool/exim/
131
/var/cache/
132
/srv/chroot/
133
/t
134 44 Denis 'GNUtoo' Carikli
/srv/to-tape
135 81 Denis 'GNUtoo' Carikli
/var/lib/ceph/osd/
136 80 Denis 'GNUtoo' Carikli
/var/lib/apt/lists/
137
/var/cache/apt/
138
</pre>
139
140 1 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
141
142 80 Denis 'GNUtoo' Carikli
The source code is in /srv/git/git-data/repositories and is divided in several groups:
143 115 Denis 'GNUtoo' Carikli
** Replicant source code
144 116 Denis 'GNUtoo' Carikli
** LineageOS mirror
145 82 Denis 'GNUtoo' Carikli
** AOSP mirror
146 84 Denis 'GNUtoo' Carikli
** Various developers repositories
147 116 Denis 'GNUtoo' Carikli
148 115 Denis 'GNUtoo' Carikli
|_. function |_. software |_. documentation |_. comments |
149 82 Denis 'GNUtoo' Carikli
| authorization | gitolite | [[UpstrreamSourceCodeMirrors]] | |
150 79 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
151 1 Denis 'GNUtoo' Carikli
* ssh:// -> ssh daemon
152
* https:// -> ? (TODO: document the software/configuration) | | |
153 46 Denis 'GNUtoo' Carikli
| web | cgit | [[Cgit]]| |
154 79 Denis 'GNUtoo' Carikli
155 46 Denis 'GNUtoo' Carikli
h2. Gandi
156 126 Denis 'GNUtoo' Carikli
157
* See https://en.wikipedia.org/wiki/Gandi for more details
158
159
h2. Freenode
160 79 Denis 'GNUtoo' Carikli
161 47 Denis 'GNUtoo' Carikli
h2. GDPR
162 1 Denis 'GNUtoo' Carikli
163 47 Denis 'GNUtoo' Carikli
* For GDPR related inquiries, you can write to the [[PrivateContact]] mail address.
164 1 Denis 'GNUtoo' Carikli
165 47 Denis 'GNUtoo' Carikli
h2. TODO:
166 50 Denis 'GNUtoo' Carikli
167 48 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
168 55 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
169 54 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
170 77 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
171
* Fill the gaps (mentioned with '?') in this page
172 78 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
173 99 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
174 94 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
175
176
h1. Funding and legal entity
177
178
See the [[SteeringCommittee]] for more details.
179
180 135 Denis 'GNUtoo' Carikli
h1. Legal advise
181
182
Contact John Sullivan at the FSF.
183 136 Denis 'GNUtoo' Carikli
184 1 Denis 'GNUtoo' Carikli
Note that John Sullivan is not a lawyer but the FSF has lawyers.
185
186
h1. Documentation 
187
188
The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.