Project

General

Profile

Infrastructure » History » Version 139

Denis 'GNUtoo' Carikli, 07/22/2020 02:22 PM
fix typo

1 125 dl lud
h1. Network Infrastructure
2 1 Denis 'GNUtoo' Carikli
3 16 Denis 'GNUtoo' Carikli
|_. What |_. Where |_. Access type | Who | comments |
4 110 Denis 'GNUtoo' Carikli
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine administrator | Only the following people have access to it:
5 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
8 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
9 118 dl lud
* [[People#Fil-Bergamo|Fil-Bergamo]]
10 133 dl lud
* @dllud
11
* @GrimKriegor
12 131 dl lud
* OSUOSL system administrators | We are running version 4.0.4 and it was updated on August 15, 2019.
13
Since we only have one project, OSUOSL put in a redirect from the main page of our redmine instance to /project/replicant
14
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
15 41 Denis 'GNUtoo' Carikli
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | Several Replicant contributors including:
16 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
17
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
18 131 dl lud
* [[People#Kurtis-Hanna|Kurtis Hanna]]
19 133 dl lud
* @dllud
20 131 dl lud
* Add your name here if you have access and want to be mentioned  | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
21 108 Denis 'GNUtoo' Carikli
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | Several Replicant contributors including:
22 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
23 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
24 1 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
25 108 Denis 'GNUtoo' Carikli
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | Only the following people have access to it:
26 103 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
27
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
28 97 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
29 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]] | We should not use too much space |
30 110 Denis 'GNUtoo' Carikli
| The replicant.us (mostly-static) front website |\2. None: There is an automatic hook managed by OSUOSL | * "Source code":https://git.replicant.us/replicant/website/
31
* Patches are to be sent to the Replicant mailing list
32
* There is a jenkins hook with a token to pull and deploy the website source code |
33 96 Denis 'GNUtoo' Carikli
| A virtual machine hosted by the FSF that handles:
34 139 Denis 'GNUtoo' Carikli
* "Replicant Source code":https://git.replicant.us/ | FSF |/2. SSH root access | Only the following people or machines have access to it
35 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
36
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
37
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
38 64 Denis 'GNUtoo' Carikli
* Several FSF system administrators
39 100 Denis 'GNUtoo' Carikli
* FSF backup server
40 111 Denis 'GNUtoo' Carikli
* FSF ansible deployment server | Resources kindly offered by the FSF
41 123 Denis 'GNUtoo' Carikli
The git configuration has [[ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]]
42 120 Denis 'GNUtoo' Carikli
Before handling SSH (root) access to this machine:
43
* Make sure that the person really needs it
44
* Make sure that the person already contributed to Replicant
45 52 Denis 'GNUtoo' Carikli
* Ask one other person that has SSH access and/or the [[SteeringCommittee]] to also agree on it |
46 138 Denis 'GNUtoo' Carikli
| [[PrivateContact|Private contact address]] | on the virtual machine hosted at the FSF | The contact address is accessible by several Replicant contributors:
47 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
48 38 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
49 134 Kurtis Hanna
* David "dllud" Ludovino
50 127 Denis 'GNUtoo' Carikli
* Ricardo "Grim" Cabrita
51 137 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
52 138 Denis 'GNUtoo' Carikli
* Fil Bergamo |
53 33 Denis 'GNUtoo' Carikli
| IRC channel | Freenode | Channel operator(s) | Several Replicant contributors including:
54 88 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
55 105 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
56 43 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
57
* Add your name here if you have access and want to be mentioned | @MODE #Replicant +qe $~a *!*@gateway/web/*@ and @MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/*@ have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak |
58 45 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
59 106 Denis 'GNUtoo' Carikli
* The DNS entries are configured to use gandi's DNS server | The following people or machines have access to it:
60 132 dl lud
* [[People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]]: Can do everything (including designating the technical contact or transferring the domain) 
61 106 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]]: can do DNS zone changes
62
* Other people? [[People#Paul-Kocialkowski|Paul Kocialkowski]]? | |
63 32 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
64 29 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
65
* https://redmine.replicant.us: OSUOSL
66 30 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
67 16 Denis 'GNUtoo' Carikli
68 13 Denis 'GNUtoo' Carikli
h2. OSUOSL
69 7 Denis 'GNUtoo' Carikli
70 16 Denis 'GNUtoo' Carikli
The OSUOSL is the Oregon State University Open Source Lab.
71 19 Denis 'GNUtoo' Carikli
72 56 Denis 'GNUtoo' Carikli
Contact:
73
* They can be contacted on #osuosl on the Freenode IRC network
74 92 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
75 56 Denis 'GNUtoo' Carikli
76 130 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's infrastructure
77 1 Denis 'GNUtoo' Carikli
78 129 Denis 'GNUtoo' Carikli
* The virtual machine is hosted in a server that is in their office or in a datacenter.
79 1 Denis 'GNUtoo' Carikli
* Several FSF network administrator also have access to the virtual machine
80 66 Denis 'GNUtoo' Carikli
81 75 Denis 'GNUtoo' Carikli
Contact:
82 76 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
83
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
84 75 Denis 'GNUtoo' Carikli
85 66 Denis 'GNUtoo' Carikli
h3. Virtual machine specifications
86 67 Denis 'GNUtoo' Carikli
87 69 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
88 66 Denis 'GNUtoo' Carikli
* About 3G of RAM
89
* 1 virtual core
90
* a 10G rootfs partition
91
* a 100G storage partition for Replicant git repositories
92 1 Denis 'GNUtoo' Carikli
* One IPv4 and one IPv6
93 69 Denis 'GNUtoo' Carikli
94
Software:
95 93 Denis 'GNUtoo' Carikli
* Trisquel 8.0
96 72 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
97
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
98 66 Denis 'GNUtoo' Carikli
99
h3. Virtual machine backup policies
100 68 Denis 'GNUtoo' Carikli
101 89 Denis 'GNUtoo' Carikli
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
102 62 Denis 'GNUtoo' Carikli
<pre>
103
/dev
104
/proc
105
/tmp
106
/sys
107
/run
108
/mnt
109
/mnt0
110
/mnt1
111
/mnt2
112
/mnt3
113
/mnt4
114
/mnt5
115
/mnt6
116
/mnt7
117
/mnt8
118
/mnt9
119
/floppy/
120
/cdrom/
121
/media/
122
/net/
123
/var/spool/squid/
124
/var/spool/squid3/
125
/var/spool/squid3_bak/
126
/var/spool/squid-tbd/
127
/var/spool/squid*/
128
/var/spool/django/
129
/var/spool/exim/
130
/var/cache/
131
/srv/chroot/
132
/t
133
/srv/to-tape
134
/var/lib/ceph/osd/
135
/var/lib/apt/lists/
136
/var/cache/apt/
137
</pre>
138 44 Denis 'GNUtoo' Carikli
139 81 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
140 80 Denis 'GNUtoo' Carikli
141
The source code is in /srv/git/git-data/repositories and is divided in several groups:
142
** Replicant source code
143
** LineageOS mirror
144 1 Denis 'GNUtoo' Carikli
** AOSP mirror
145
** Various developers repositories
146 80 Denis 'GNUtoo' Carikli
147 115 Denis 'GNUtoo' Carikli
|_. function |_. software |_. documentation |_. comments |
148 116 Denis 'GNUtoo' Carikli
| authorization | gitolite | [[UpstrreamSourceCodeMirrors]] | |
149 82 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
150 84 Denis 'GNUtoo' Carikli
* ssh:// -> ssh daemon
151 116 Denis 'GNUtoo' Carikli
* https:// -> ? (TODO: document the software/configuration) | | |
152 115 Denis 'GNUtoo' Carikli
| web | cgit | [[Cgit]]| |
153 82 Denis 'GNUtoo' Carikli
154 79 Denis 'GNUtoo' Carikli
h2. Gandi
155 1 Denis 'GNUtoo' Carikli
156
* See https://en.wikipedia.org/wiki/Gandi for more details
157 46 Denis 'GNUtoo' Carikli
158 79 Denis 'GNUtoo' Carikli
h2. Freenode
159 46 Denis 'GNUtoo' Carikli
160 126 Denis 'GNUtoo' Carikli
h2. GDPR
161
162
* For GDPR related inquiries, you can write to the [[PrivateContact]] mail address.
163
164 79 Denis 'GNUtoo' Carikli
h2. TODO:
165 47 Denis 'GNUtoo' Carikli
166 1 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
167 47 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
168 1 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
169 47 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
170 50 Denis 'GNUtoo' Carikli
* Fill the gaps (mentioned with '?') in this page
171 48 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
172 55 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
173 54 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
174 77 Denis 'GNUtoo' Carikli
175
h1. Funding and legal entity
176 78 Denis 'GNUtoo' Carikli
177 99 Denis 'GNUtoo' Carikli
See the [[SteeringCommittee]] for more details.
178 94 Denis 'GNUtoo' Carikli
179
h1. Legal advise
180
181
Contact John Sullivan at the FSF.
182
183
Note that John Sullivan is not a lawyer but the FSF has lawyers.
184 135 Denis 'GNUtoo' Carikli
185
h1. Documentation 
186
187 136 Denis 'GNUtoo' Carikli
The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.