Project

General

Profile

NetworkInfrastructure » History » Version 159

dl lud, 06/24/2024 09:03 PM
Update link to dllud profile. Remove Grim from Redmine manager.

1 125 dl lud
h1. Network Infrastructure
2 1 Denis 'GNUtoo' Carikli
3 141 dl lud
|_. What |_. Where |_. Access type | Who | Comments |
4 151 Denis 'GNUtoo' Carikli
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
5
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
6
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
7
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
8
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
9
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
10 159 dl lud
* "David Ludovino":https://redmine.replicant.us/projects/replicant/wiki/People#David-Ludovino
11 1 Denis 'GNUtoo' Carikli
* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant
12
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
13 159 dl lud
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * "David Ludovino":https://redmine.replicant.us/projects/replicant/wiki/People#David-Ludovino
14 151 Denis 'GNUtoo' Carikli
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
15
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
16
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
17
* "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
18
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
19 141 dl lud
* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
20 151 Denis 'GNUtoo' Carikli
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
21
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
22
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
23 1 Denis 'GNUtoo' Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
24 151 Denis 'GNUtoo' Carikli
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
25
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
26 159 dl lud
* "David Ludovino":https://redmine.replicant.us/projects/replicant/wiki/People#David-Ludovino
27 141 dl lud
* OSUOSL system administrators
28 110 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
29 151 Denis 'GNUtoo' Carikli
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
30
* "Wolfgang Wiedmeyer":https://redmine.replicant.us/projects/replicant/wiki/People#Wolfgang-Wiedmeyer
31
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
32
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
33 142 dl lud
* OSUOSL system administrators | We should not use too much space. |
34 141 dl lud
| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/
35
* Patches should be sent to the Replicant mailing list.
36
* There is a jenkins hook with a token to pull and deploy the website source code. |
37 151 Denis 'GNUtoo' Carikli
| "Replicant Source code":https://git.replicant.us/ |/2. Virtual machine at FSF | SSH root access | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
38
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
39
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
40 120 Denis 'GNUtoo' Carikli
* Several FSF system administrators
41 52 Denis 'GNUtoo' Carikli
* FSF backup server
42 141 dl lud
* FSF Ansible deployment server | Resources kindly offered by the FSF.
43 152 Denis 'GNUtoo' Carikli
The git configuration has "some documentation":https://redmine.replicant.us/projects/replicant/wiki/ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine .
44 38 Denis 'GNUtoo' Carikli
Before handling SSH (root) access to this machine:
45 141 dl lud
* Make sure that the person really needs it.
46 1 Denis 'GNUtoo' Carikli
* Make sure that the person already contributed to Replicant.
47 152 Denis 'GNUtoo' Carikli
* Ask one other person that has SSH access and/or the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee to also agree on it. |
48 1 Denis 'GNUtoo' Carikli
| "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact | IMAP access | * "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
49 151 Denis 'GNUtoo' Carikli
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
50
* "Fil Bergamo":https://redmine.replicant.us/projects/replicant/wiki/People#Fil-Bergamo
51
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
52 159 dl lud
* "David Ludovino":https://redmine.replicant.us/projects/replicant/wiki/People#David-Ludovino
53 152 Denis 'GNUtoo' Carikli
* @GrimKriegor | You can write to the contact address (all the members of "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee receive it) if for some reasons you need to receive it as well. |
54 151 Denis 'GNUtoo' Carikli
|/2. #replicant IRC channel | Freenode | Channel operator | * "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski
55
* "GNUtoo":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli
56
* "Joonas Kylmälä":https://redmine.replicant.us/projects/replicant/wiki/People#Joonas-Kylmälä
57
* "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna | Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |
58
| OFTC | Channel operator | * "Kurtis Hanna":https://redmine.replicant.us/projects/replicant/wiki/People#Kurtis-Hanna
59 148 Kurtis Hanna
* @JeremyRand | Bridged with the Freenode IRC channel and #freenode_#replicant:matrix.org Matrix channel through the NCBridge bot operated by @JeremyRand |
60 29 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
61 151 Denis 'GNUtoo' Carikli
* The DNS entries are configured to use gandi's DNS server | * "Bradley Kuhn (administrative contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Bradley-M-Kuhn : Can do everything (including designating the technical contact or transferring the domain) 
62
* "GNUtoo (technical contact)":https://redmine.replicant.us/projects/replicant/wiki/People#Denis-GNUtoo-Carikli : can do DNS zone changes
63
* Other people? "Paul Kocialkowski":https://redmine.replicant.us/projects/replicant/wiki/People#Paul-Kocialkowski ? | |
64 13 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
65 7 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
66 16 Denis 'GNUtoo' Carikli
* https://redmine.replicant.us: OSUOSL
67 19 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
68 153 Denis 'GNUtoo' Carikli
| "Mastodon account":https://mamot.fr/@replicant | Administred by "La quadrature du net":https://en.wikipedia.org/wiki/La_Quadrature_du_Net | Account only | * TODO: ask the person who created the account
69
* The "Private contact address":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact address was used as the mail  | See the [[Mastodon]] page for more details |
70 56 Denis 'GNUtoo' Carikli
71
h2. OSUOSL
72 92 Denis 'GNUtoo' Carikli
73 144 dl lud
The OSUOSL is the "Oregon State University Open Source Lab":https://osuosl.org/.
74 130 Denis 'GNUtoo' Carikli
75 1 Denis 'GNUtoo' Carikli
Contact:
76 129 Denis 'GNUtoo' Carikli
* They can be contacted on #osuosl on the Freenode IRC network
77 1 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
78 66 Denis 'GNUtoo' Carikli
79 75 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's infrastructure
80 76 Denis 'GNUtoo' Carikli
81
* The virtual machine is hosted in a server that is in their office or in a datacenter.
82 75 Denis 'GNUtoo' Carikli
* Several FSF network administrator also have access to the virtual machine
83 66 Denis 'GNUtoo' Carikli
84 67 Denis 'GNUtoo' Carikli
Contact:
85 69 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
86 66 Denis 'GNUtoo' Carikli
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
87
88
h3. Virtual machine specifications
89
90 154 Denis 'GNUtoo' Carikli
See [[VMSpecifications]] for the VM specifications.
91 62 Denis 'GNUtoo' Carikli
92
h3. Virtual machine backup policies
93
94
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
95
<pre>
96
/dev
97
/proc
98
/tmp
99
/sys
100
/run
101
/mnt
102
/mnt0
103
/mnt1
104
/mnt2
105
/mnt3
106
/mnt4
107
/mnt5
108
/mnt6
109
/mnt7
110
/mnt8
111
/mnt9
112
/floppy/
113
/cdrom/
114
/media/
115
/net/
116
/var/spool/squid/
117
/var/spool/squid3/
118
/var/spool/squid3_bak/
119
/var/spool/squid-tbd/
120
/var/spool/squid*/
121
/var/spool/django/
122
/var/spool/exim/
123
/var/cache/
124
/srv/chroot/
125
/t
126 44 Denis 'GNUtoo' Carikli
/srv/to-tape
127 81 Denis 'GNUtoo' Carikli
/var/lib/ceph/osd/
128 80 Denis 'GNUtoo' Carikli
/var/lib/apt/lists/
129
/var/cache/apt/
130
</pre>
131
132 1 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
133
134 80 Denis 'GNUtoo' Carikli
The source code is in /srv/git/git-data/repositories and is divided in several groups:
135 115 Denis 'GNUtoo' Carikli
** Replicant source code
136 116 Denis 'GNUtoo' Carikli
** LineageOS mirror
137 82 Denis 'GNUtoo' Carikli
** AOSP mirror
138 84 Denis 'GNUtoo' Carikli
** Various developers repositories
139 116 Denis 'GNUtoo' Carikli
140 115 Denis 'GNUtoo' Carikli
|_. function |_. software |_. documentation |_. comments |
141 152 Denis 'GNUtoo' Carikli
| authorization | gitolite | "UpstrreamSourceCodeMirrors":https://redmine.replicant.us/projects/replicant/wiki/UpstrreamSourceCodeMirrors | |
142 79 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
143 1 Denis 'GNUtoo' Carikli
* ssh:// -> ssh daemon
144
* https:// -> ? (TODO: document the software/configuration) | | |
145 152 Denis 'GNUtoo' Carikli
| web | cgit | "Cgit":https://redmine.replicant.us/projects/replicant/wiki/Cgit | |
146 79 Denis 'GNUtoo' Carikli
147 46 Denis 'GNUtoo' Carikli
h2. Gandi
148 126 Denis 'GNUtoo' Carikli
149
* See https://en.wikipedia.org/wiki/Gandi for more details
150
151
h2. Freenode
152 79 Denis 'GNUtoo' Carikli
153 47 Denis 'GNUtoo' Carikli
h2. GDPR
154 1 Denis 'GNUtoo' Carikli
155 152 Denis 'GNUtoo' Carikli
* For GDPR related inquiries, you can write to the "PrivateContact":https://redmine.replicant.us/projects/replicant/wiki/PrivateContact mail address.
156 1 Denis 'GNUtoo' Carikli
157 47 Denis 'GNUtoo' Carikli
h2. TODO:
158 50 Denis 'GNUtoo' Carikli
159 157 Denis 'GNUtoo' Carikli
* -Ask the OSUOSL about backup policies.- The OSUOSL will do backup of the FTP for us.
160 158 Denis 'GNUtoo' Carikli
* Document public spaces like Liber chat IRC channel.
161 54 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
162 77 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
163
* Fill the gaps (mentioned with '?') in this page
164 78 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
165 99 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
166 94 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
167
168
h1. Funding and legal entity
169
170 152 Denis 'GNUtoo' Carikli
See the "SteeringCommittee":https://redmine.replicant.us/projects/replicant/wiki/SteeringCommittee for more details.
171 94 Denis 'GNUtoo' Carikli
172 135 Denis 'GNUtoo' Carikli
h1. Legal advise
173
174 156 Denis 'GNUtoo' Carikli
Contact Zoë Kooyman at the FSF.
175 136 Denis 'GNUtoo' Carikli
176 155 Denis 'GNUtoo' Carikli
Note that Zoë Kooyman is not a lawyer but the FSF has lawyers.
177 1 Denis 'GNUtoo' Carikli
178
h1. Documentation 
179
180
The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.