Project

General

Profile

NetworkInfrastructure » History » Revision 93

Revision 92 (Denis 'GNUtoo' Carikli, 12/22/2018 04:39 PM) → Revision 93/158 (Denis 'GNUtoo' Carikli, 02/04/2019 10:36 AM)

h1. NetworkInfrastructure 

 |_. What |_. Where |_. Access type | Who | comments | 
 | "Redmine instance":https://redmine.replicant.us | OSUOSL    | Redmine administrator | Several Replicant contributors including: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Joonas Kylmälä 
 * Add your name here if you have access and want to be mentioned | | 
 | "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | OSUOSL | Mailing list administrator | Several Replicant contributors including: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Add your name here if you have access and want to be mentioned    | | 
 | "Wordpress instance":https://blog.replicant.us/ | OSUOSL | Wordpress administator | Several Replicant contributors including: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. | 
 | "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | OSUOSL | SSH?/SFTP | Several Replicant contributors: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Add your name here if you have access and want to be mentioned | We should not use too much space | 
 | "Source code":https://git.replicant.us/ | FSF | SSH in a vm in a server that is at the FSF office | Several Replicant contributors: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * Joonas Kylmälä 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Several FSF system administrators 
 * Add your name here if you have access and want to be mentioned | Resources kindly offered by the FSF | 
 | [[PrivateContact|Private contact address]] | This is handled by [[People#Paul-Kocialkowski|Paul Kocialkowski]]'s mail servers: 
 * armstrong.paulk.fr 
 * gagarine.paulk.fr | SSH, physical access | [[People#Paul-Kocialkowski|Paul Kocialkowski]] only (it's his machines) | The contact address is redirected to several Replicant contributors including: 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * Add your name here if you receive mail from this address and want to be mentioned | 
 | IRC channel | Freenode | Channel operator(s) | Several Replicant contributors including: 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * [[People#Kurtis-Hanna|Kurtis Hanna]] 
 * Add your name here if you have access and want to be mentioned | @MODE #Replicant +qe $~a *!*@gateway/web/*@ and @MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/*@ have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak | 
 | The replicant.us (mostly-static) front website | OSUOSL (hook) + FSF for the source code | * See the source code hosting line above. 
 * Probably none for the hook | See the source code hosting line above. | * "Source code":https://git.replicant.us/replicant/website/ 
 * Patches are to be sent to the Replicant mailing list 
 * There is a jenkins hook with a token to pull and deploy the website source code | 
 | The replicant.us domain name | gandi.net | * Web inteface through gandi website 
 * The DNS entries are configured to use gandi's DNS server | Several Replicant contributors including: 
 * [[People#Denis-GNUtoo-Carikli|GNUtoo]] 
 * [[People#Bradley-M-Kuhn|Bradley Kuhn]] 
 * [[People#Paul-Kocialkowski|Paul Kocialkowski]] 
 * Add your name here if you have access and want to be mentioned    | | 
 | The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL 
 * https://blog.replicant.us: OSUOSL 
 * https://redmine.replicant.us: OSUOSL 
 * https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt | 

 h2. OSUOSL 

 The OSUOSL is the Oregon State University Open Source Lab. 

 Contact: 
 * They can be contacted on #osuosl on the Freenode IRC network 
 * They also have a 'support' mail address at osuosl.org 

 h2. Virtual machine in FSF's office 

 * The virtual machine is hosted in a server that is in their office. 
 * Several FSF network administrator also have access to the virtual machine 

 Contact: 
 * The 'sysadmin' mail address at gnu.org 
 * The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters 

 

 h3. Virtual machine specifications 

 The virtual machine runs on top of Xen and has: 
 * About 3G of RAM 
 * 1 virtual core 
 * a 10G rootfs partition 
 * a 100G storage partition for Replicant git repositories 
 * One IPv4 and one IPv6 

 Software: 
 * Trisquel 8.0 7.0 
 * The virtual machine may be using FAI and cfengine but it would need more investigation on that. 
 * The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that). 

 

 h3. Virtual machine backup policies 

 The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing: 
 <pre> 
 /dev 
 /proc 
 /tmp 
 /sys 
 /run 
 /mnt 
 /mnt0 
 /mnt1 
 /mnt2 
 /mnt3 
 /mnt4 
 /mnt5 
 /mnt6 
 /mnt7 
 /mnt8 
 /mnt9 
 /floppy/ 
 /cdrom/ 
 /media/ 
 /net/ 
 /var/spool/squid/ 
 /var/spool/squid3/ 
 /var/spool/squid3_bak/ 
 /var/spool/squid-tbd/ 
 /var/spool/squid*/ 
 /var/spool/django/ 
 /var/spool/exim/ 
 /var/cache/ 
 /srv/chroot/ 
 /t 
 /srv/to-tape 
 /var/lib/ceph/osd/ 
 /var/lib/apt/lists/ 
 /var/cache/apt/ 
 </pre> 

 h3. git hosting infrastructure on this machine 

 The source code is in /srv/git/git-data/repositories and is divided in several groups: 
 ** Replicant source code 
 ** LineageOS mirror 
 ** Various developers repositories 

 |_. function |_. software |_. comments | 
 | authorization | gitolite | | 
 | read access | * git:// -> git daemon 
 * ssh:// -> ssh daemon 
 * https:// -> ? (TODO: document the software/configuration) 
 | | 
 | web | cgit | | 

 h2. Gandi 

 * See https://en.wikipedia.org/wiki/Gandi for more details 

 h2. Freenode 

 h2. TODO: 

 * Ask the OSUOSL about backup policies. 
 * Document public spaces like Freenode IRC channel. 
 * Do our own backup policies and do some backups ourselves. 
 * Contact the people that have some control of the resources above and ask for permission to mention them here 
 * Fill the gaps (mentioned with '?') in this page 
 * Look what happens when an account is deleted 
 * Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D= 
 * Move the entries of this TODO list to the tracker when it makes sense 

 h1. Funding and legal entity 

 The FSF holds Replicant funds and acts like an umbrella Oragnisation. 

 The people that are designed to be in contact with the FSF are: 
 * Paul Kocialkowski 
 * Denis Carikli 

 And our contact at the FSF are: 
 * John Sullivan