Project

General

Profile

Infrastructure » History » Version 130

Denis 'GNUtoo' Carikli, 11/21/2019 02:17 PM

1 125 dl lud
h1. Network Infrastructure
2 1 Denis 'GNUtoo' Carikli
3 16 Denis 'GNUtoo' Carikli
|_. What |_. Where |_. Access type | Who | comments |
4 110 Denis 'GNUtoo' Carikli
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine administrator | Only the following people have access to it:
5 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
8 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
9 118 dl lud
* [[People#Fil-Bergamo|Fil-Bergamo]]
10
* "dllud":https://redmine.replicant.us/users/2115
11
* "Grim Kriegor":https://redmine.replicant.us/users/6249
12 124 Kurtis Hanna
* OSUOSL system administrators | We are running version 4.0.4 and it was updated on August 15, 2019. Since we only have one project, OSUOSL put in a redirect from the main page of our redmine instance to /project/replicant |
13 108 Denis 'GNUtoo' Carikli
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | Several Replicant contributors including:
14 41 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
15 60 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
16 87 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned  | |
17 108 Denis 'GNUtoo' Carikli
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | Several Replicant contributors including:
18 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
19 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
20 1 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
21 108 Denis 'GNUtoo' Carikli
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | Only the following people have access to it:
22 103 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
23
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
24 97 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
25 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]] | We should not use too much space |
26 110 Denis 'GNUtoo' Carikli
| The replicant.us (mostly-static) front website |\2. None: There is an automatic hook managed by OSUOSL | * "Source code":https://git.replicant.us/replicant/website/
27
* Patches are to be sent to the Replicant mailing list
28
* There is a jenkins hook with a token to pull and deploy the website source code |
29 96 Denis 'GNUtoo' Carikli
| A virtual machine hosted by the FSF that handles:
30 98 Denis 'GNUtoo' Carikli
* "Replicant Source code":https://git.replicant.us/ | FSF | SSH root access | Only the following people or machines have access to it
31 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
32
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
33
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
34 64 Denis 'GNUtoo' Carikli
* Several FSF system administrators
35 100 Denis 'GNUtoo' Carikli
* FSF backup server
36 111 Denis 'GNUtoo' Carikli
* FSF ansible deployment server | Resources kindly offered by the FSF
37 123 Denis 'GNUtoo' Carikli
The git configuration has [[ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]]
38 120 Denis 'GNUtoo' Carikli
Before handling SSH (root) access to this machine:
39
* Make sure that the person really needs it
40
* Make sure that the person already contributed to Replicant
41
* Ask one other person that has SSH access and/or the [[SteeringCommittee]] to also agree on it |
42 52 Denis 'GNUtoo' Carikli
| [[PrivateContact|Private contact address]] | This is handled by [[People#Paul-Kocialkowski|Paul Kocialkowski]]'s mail servers:
43 53 Denis 'GNUtoo' Carikli
* armstrong.paulk.fr
44 52 Denis 'GNUtoo' Carikli
* gagarine.paulk.fr | SSH, physical access | [[People#Paul-Kocialkowski|Paul Kocialkowski]] only (it's his machines) | The contact address is redirected to several Replicant contributors including:
45 42 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
46 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
47 128 Denis 'GNUtoo' Carikli
* David "dllud" Ludovino
48 127 Denis 'GNUtoo' Carikli
* Ricardo "Grim" Cabrita
49 1 Denis 'GNUtoo' Carikli
* Add your name here if you receive mail from this address and want to be mentioned |
50 33 Denis 'GNUtoo' Carikli
| IRC channel | Freenode | Channel operator(s) | Several Replicant contributors including:
51 88 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
52 105 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
53 43 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
54
* Add your name here if you have access and want to be mentioned | @MODE #Replicant +qe $~a *!*@gateway/web/*@ and @MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/*@ have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak |
55 45 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
56 106 Denis 'GNUtoo' Carikli
* The DNS entries are configured to use gandi's DNS server | The following people or machines have access to it:
57
* [[People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]]: Can do everything (including designing the technical contact or transferring the domain) 
58
* [[People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]]: can do DNS zone changes
59
* Other people? [[People#Paul-Kocialkowski|Paul Kocialkowski]]? | |
60 32 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
61 29 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
62
* https://redmine.replicant.us: OSUOSL
63 30 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
64 16 Denis 'GNUtoo' Carikli
65 13 Denis 'GNUtoo' Carikli
h2. OSUOSL
66 7 Denis 'GNUtoo' Carikli
67 16 Denis 'GNUtoo' Carikli
The OSUOSL is the Oregon State University Open Source Lab.
68 19 Denis 'GNUtoo' Carikli
69 56 Denis 'GNUtoo' Carikli
Contact:
70
* They can be contacted on #osuosl on the Freenode IRC network
71 92 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
72 56 Denis 'GNUtoo' Carikli
73 130 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's infrastructure
74 1 Denis 'GNUtoo' Carikli
75 129 Denis 'GNUtoo' Carikli
* The virtual machine is hosted in a server that is in their office or in a datacenter.
76 1 Denis 'GNUtoo' Carikli
* Several FSF network administrator also have access to the virtual machine
77 66 Denis 'GNUtoo' Carikli
78 75 Denis 'GNUtoo' Carikli
Contact:
79 76 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
80
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
81 75 Denis 'GNUtoo' Carikli
82 66 Denis 'GNUtoo' Carikli
h3. Virtual machine specifications
83 67 Denis 'GNUtoo' Carikli
84 69 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
85 66 Denis 'GNUtoo' Carikli
* About 3G of RAM
86
* 1 virtual core
87
* a 10G rootfs partition
88
* a 100G storage partition for Replicant git repositories
89 1 Denis 'GNUtoo' Carikli
* One IPv4 and one IPv6
90 69 Denis 'GNUtoo' Carikli
91
Software:
92 93 Denis 'GNUtoo' Carikli
* Trisquel 8.0
93 72 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
94
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
95 66 Denis 'GNUtoo' Carikli
96
h3. Virtual machine backup policies
97 68 Denis 'GNUtoo' Carikli
98 89 Denis 'GNUtoo' Carikli
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
99 62 Denis 'GNUtoo' Carikli
<pre>
100
/dev
101
/proc
102
/tmp
103
/sys
104
/run
105
/mnt
106
/mnt0
107
/mnt1
108
/mnt2
109
/mnt3
110
/mnt4
111
/mnt5
112
/mnt6
113
/mnt7
114
/mnt8
115
/mnt9
116
/floppy/
117
/cdrom/
118
/media/
119
/net/
120
/var/spool/squid/
121
/var/spool/squid3/
122
/var/spool/squid3_bak/
123
/var/spool/squid-tbd/
124
/var/spool/squid*/
125
/var/spool/django/
126
/var/spool/exim/
127
/var/cache/
128
/srv/chroot/
129
/t
130
/srv/to-tape
131
/var/lib/ceph/osd/
132
/var/lib/apt/lists/
133
/var/cache/apt/
134
</pre>
135 44 Denis 'GNUtoo' Carikli
136 81 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
137 80 Denis 'GNUtoo' Carikli
138
The source code is in /srv/git/git-data/repositories and is divided in several groups:
139
** Replicant source code
140
** LineageOS mirror
141 1 Denis 'GNUtoo' Carikli
** AOSP mirror
142
** Various developers repositories
143 80 Denis 'GNUtoo' Carikli
144 115 Denis 'GNUtoo' Carikli
|_. function |_. software |_. documentation |_. comments |
145 116 Denis 'GNUtoo' Carikli
| authorization | gitolite | [[UpstrreamSourceCodeMirrors]] | |
146 82 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
147 84 Denis 'GNUtoo' Carikli
* ssh:// -> ssh daemon
148 116 Denis 'GNUtoo' Carikli
* https:// -> ? (TODO: document the software/configuration) | | |
149 115 Denis 'GNUtoo' Carikli
| web | cgit | [[Cgit]]| |
150 82 Denis 'GNUtoo' Carikli
151 79 Denis 'GNUtoo' Carikli
h2. Gandi
152 1 Denis 'GNUtoo' Carikli
153
* See https://en.wikipedia.org/wiki/Gandi for more details
154 46 Denis 'GNUtoo' Carikli
155 79 Denis 'GNUtoo' Carikli
h2. Freenode
156 46 Denis 'GNUtoo' Carikli
157 126 Denis 'GNUtoo' Carikli
h2. GDPR
158
159
* For GDPR related inquiries, you can write to the [[PrivateContact]] mail address.
160
161 79 Denis 'GNUtoo' Carikli
h2. TODO:
162 47 Denis 'GNUtoo' Carikli
163 1 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
164 47 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
165 1 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
166 47 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
167 50 Denis 'GNUtoo' Carikli
* Fill the gaps (mentioned with '?') in this page
168 48 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
169 55 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
170 54 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
171 77 Denis 'GNUtoo' Carikli
172
h1. Funding and legal entity
173 78 Denis 'GNUtoo' Carikli
174 99 Denis 'GNUtoo' Carikli
See the [[SteeringCommittee]] for more details.
175 94 Denis 'GNUtoo' Carikli
176
h1. Legal advise
177
178
Contact John Sullivan at the FSF.
179
180
Note that John Sullivan is not a lawyer but the FSF has lawyers.