Project

General

Profile

NetworkInfrastructure » History » Version 142

dl lud, 07/30/2020 03:51 PM
OSUOSL sysadmins have access to the FTP.

1 125 dl lud
h1. Network Infrastructure
2 1 Denis 'GNUtoo' Carikli
3 141 dl lud
|_. What |_. Where |_. Access type | Who | Comments |
4
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine manager | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
5 1 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
8 141 dl lud
* [[People#Fil-Bergamo|Fil Bergamo]]
9
* [[People#Kurtis-Hanna|Kurtis Hanna]]
10 133 dl lud
* @dllud
11 1 Denis 'GNUtoo' Carikli
* @GrimKriegor
12 141 dl lud
* OSUOSL system administrators | Since we only have one project, OSUOSL put in a redirect from the main page of our Redmine instance to /project/replicant
13 1 Denis 'GNUtoo' Carikli
OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
14 141 dl lud
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
15
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
16 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
17
* [[People#Kurtis-Hanna|Kurtis Hanna]]
18
* @dllud
19 141 dl lud
* OSUOSL system administrators | OSUOSL keeps 2 weeks worth of backups for restoration purposes. |
20
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
21
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
22 103 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
23 141 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
24
* [[People#Fil-Bergamo|Fil Bergamo]]
25
* [[People#Kurtis-Hanna|Kurtis Hanna]]
26
* @dllud
27
* OSUOSL system administrators
28 110 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
29 141 dl lud
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
30 139 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
31 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
32 142 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
33
* OSUOSL system administrators | We should not use too much space. |
34 141 dl lud
| The replicant.us (mostly-static) front website |\2. None: there is an automatic hook managed by OSUOSL. | * "Source code":https://git.replicant.us/replicant/website/
35
* Patches should be sent to the Replicant mailing list.
36
* There is a jenkins hook with a token to pull and deploy the website source code. |
37 111 Denis 'GNUtoo' Carikli
| A virtual machine hosted by the FSF that handles:
38 141 dl lud
* "Replicant Source code":https://git.replicant.us/ | FSF |/2. SSH root access | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
39 120 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
40 141 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
41 120 Denis 'GNUtoo' Carikli
* Several FSF system administrators
42 52 Denis 'GNUtoo' Carikli
* FSF backup server
43 141 dl lud
* FSF Ansible deployment server | Resources kindly offered by the FSF.
44
The git configuration has [[ReplicantInfrastructure#git-hosting-infrastructure-on-this-machine|some documentation]].
45 38 Denis 'GNUtoo' Carikli
Before handling SSH (root) access to this machine:
46 141 dl lud
* Make sure that the person really needs it.
47
* Make sure that the person already contributed to Replicant.
48
* Ask one other person that has SSH access and/or the [[SteeringCommittee]] to also agree on it. |
49
| [[PrivateContact|Private contact address]] | Virtual machine hosted at the FSF | * [[People#Denis-GNUtoo-Carikli|GNUtoo]]
50 33 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
51 141 dl lud
* [[People#Fil-Bergamo|Fil Bergamo]]
52 105 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
53 141 dl lud
* @dllud
54
* @GrimKriegor | You can write to the contact address (all the members of [[SteeringCommittee]] receive it) if for some reasons you need to receive it as well. |
55
| IRC channel | Freenode | Channel operator | * [[People#Paul-Kocialkowski|Paul Kocialkowski]]
56 106 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
57 141 dl lud
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
58 106 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
59 141 dl lud
* @dllud
60
* @GrimKriegor | Quiet mode for unregistered users is disabled for the time being. If SPAM comes back use: @/mode #replicant +qe $~a *!*@gateway/web/*@ and @/mode #replicant +qe $~a *!*@gateway/shell/matrix.org/*@ to re-apply it. These commands whitelist users coming through web based IRC clients and via the Matrix.org IRC bridge. |
61 29 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
62 141 dl lud
* The DNS entries are configured to use gandi's DNS server | * [[People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]]: Can do everything (including designating the technical contact or transferring the domain) 
63 30 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]]: can do DNS zone changes
64 16 Denis 'GNUtoo' Carikli
* Other people? [[People#Paul-Kocialkowski|Paul Kocialkowski]]? | |
65 13 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
66 7 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
67 16 Denis 'GNUtoo' Carikli
* https://redmine.replicant.us: OSUOSL
68 19 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
69 56 Denis 'GNUtoo' Carikli
70
h2. OSUOSL
71 92 Denis 'GNUtoo' Carikli
72 56 Denis 'GNUtoo' Carikli
The OSUOSL is the Oregon State University Open Source Lab.
73 130 Denis 'GNUtoo' Carikli
74 1 Denis 'GNUtoo' Carikli
Contact:
75 129 Denis 'GNUtoo' Carikli
* They can be contacted on #osuosl on the Freenode IRC network
76 1 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
77 66 Denis 'GNUtoo' Carikli
78 75 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's infrastructure
79 76 Denis 'GNUtoo' Carikli
80
* The virtual machine is hosted in a server that is in their office or in a datacenter.
81 75 Denis 'GNUtoo' Carikli
* Several FSF network administrator also have access to the virtual machine
82 66 Denis 'GNUtoo' Carikli
83 67 Denis 'GNUtoo' Carikli
Contact:
84 69 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
85 66 Denis 'GNUtoo' Carikli
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
86
87
h3. Virtual machine specifications
88
89 1 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
90 69 Denis 'GNUtoo' Carikli
* About 3G of RAM
91
* 1 virtual core
92 93 Denis 'GNUtoo' Carikli
* a 10G rootfs partition
93 72 Denis 'GNUtoo' Carikli
* a 100G storage partition for Replicant git repositories
94
* One IPv4 and one IPv6
95 66 Denis 'GNUtoo' Carikli
96
Software:
97 68 Denis 'GNUtoo' Carikli
* Trisquel 8.0
98 89 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
99 62 Denis 'GNUtoo' Carikli
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
100
101
h3. Virtual machine backup policies
102
103
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
104
<pre>
105
/dev
106
/proc
107
/tmp
108
/sys
109
/run
110
/mnt
111
/mnt0
112
/mnt1
113
/mnt2
114
/mnt3
115
/mnt4
116
/mnt5
117
/mnt6
118
/mnt7
119
/mnt8
120
/mnt9
121
/floppy/
122
/cdrom/
123
/media/
124
/net/
125
/var/spool/squid/
126
/var/spool/squid3/
127
/var/spool/squid3_bak/
128
/var/spool/squid-tbd/
129
/var/spool/squid*/
130
/var/spool/django/
131
/var/spool/exim/
132
/var/cache/
133
/srv/chroot/
134
/t
135 44 Denis 'GNUtoo' Carikli
/srv/to-tape
136 81 Denis 'GNUtoo' Carikli
/var/lib/ceph/osd/
137 80 Denis 'GNUtoo' Carikli
/var/lib/apt/lists/
138
/var/cache/apt/
139
</pre>
140
141 1 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
142
143 80 Denis 'GNUtoo' Carikli
The source code is in /srv/git/git-data/repositories and is divided in several groups:
144 115 Denis 'GNUtoo' Carikli
** Replicant source code
145 116 Denis 'GNUtoo' Carikli
** LineageOS mirror
146 82 Denis 'GNUtoo' Carikli
** AOSP mirror
147 84 Denis 'GNUtoo' Carikli
** Various developers repositories
148 116 Denis 'GNUtoo' Carikli
149 115 Denis 'GNUtoo' Carikli
|_. function |_. software |_. documentation |_. comments |
150 82 Denis 'GNUtoo' Carikli
| authorization | gitolite | [[UpstrreamSourceCodeMirrors]] | |
151 79 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
152 1 Denis 'GNUtoo' Carikli
* ssh:// -> ssh daemon
153
* https:// -> ? (TODO: document the software/configuration) | | |
154 46 Denis 'GNUtoo' Carikli
| web | cgit | [[Cgit]]| |
155 79 Denis 'GNUtoo' Carikli
156 46 Denis 'GNUtoo' Carikli
h2. Gandi
157 126 Denis 'GNUtoo' Carikli
158
* See https://en.wikipedia.org/wiki/Gandi for more details
159
160
h2. Freenode
161 79 Denis 'GNUtoo' Carikli
162 47 Denis 'GNUtoo' Carikli
h2. GDPR
163 1 Denis 'GNUtoo' Carikli
164 47 Denis 'GNUtoo' Carikli
* For GDPR related inquiries, you can write to the [[PrivateContact]] mail address.
165 1 Denis 'GNUtoo' Carikli
166 47 Denis 'GNUtoo' Carikli
h2. TODO:
167 50 Denis 'GNUtoo' Carikli
168 48 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
169 55 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
170 54 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
171 77 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
172
* Fill the gaps (mentioned with '?') in this page
173 78 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
174 99 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
175 94 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
176
177
h1. Funding and legal entity
178
179
See the [[SteeringCommittee]] for more details.
180
181 135 Denis 'GNUtoo' Carikli
h1. Legal advise
182
183
Contact John Sullivan at the FSF.
184 136 Denis 'GNUtoo' Carikli
185 1 Denis 'GNUtoo' Carikli
Note that John Sullivan is not a lawyer but the FSF has lawyers.
186
187
h1. Documentation 
188
189
The "replicant-infrastructure redmine project":https://redmine.replicant.us/projects/replicant-infrastructure has a "wiki":https://redmine.replicant.us/projects/replicant-infrastructure/wiki with more documentation in it.