Project

General

Profile

NetworkInfrastructure » History » Version 103

Denis 'GNUtoo' Carikli, 03/12/2019 05:13 PM

1 1 Denis 'GNUtoo' Carikli
h1. NetworkInfrastructure
2
3 16 Denis 'GNUtoo' Carikli
|_. What |_. Where |_. Access type | Who | comments |
4 101 Denis 'GNUtoo' Carikli
| "Redmine instance":https://redmine.replicant.us | OSUOSL  | Redmine administrator | Only the following people have access to it:
5 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
8 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
9
* [[People#Fil-Bergamo]]
10
* OSUOSL system administrators | |
11 92 Denis 'GNUtoo' Carikli
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | OSUOSL | Mailing list administrator | Several Replicant contributors including:
12 41 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
13 60 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
14 87 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned  | |
15 1 Denis 'GNUtoo' Carikli
| "Wordpress instance":https://blog.replicant.us/ | OSUOSL | Wordpress administator | Several Replicant contributors including:
16 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
17 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
18 1 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
19 97 Denis 'GNUtoo' Carikli
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | OSUOSL | SSH?/SFTP | Only the following people have access to it:
20 103 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
21
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
22 97 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
23 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]] | We should not use too much space |
24 96 Denis 'GNUtoo' Carikli
| A virtual machine hosted by the FSF that handles:
25 98 Denis 'GNUtoo' Carikli
* "Replicant Source code":https://git.replicant.us/ | FSF | SSH root access | Only the following people or machines have access to it
26 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
27 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
28 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
29 64 Denis 'GNUtoo' Carikli
* Several FSF system administrators
30 100 Denis 'GNUtoo' Carikli
* FSF backup server
31
* FSF ansible deployment server | Resources kindly offered by the FSF |
32 52 Denis 'GNUtoo' Carikli
| [[PrivateContact|Private contact address]] | This is handled by [[People#Paul-Kocialkowski|Paul Kocialkowski]]'s mail servers:
33 53 Denis 'GNUtoo' Carikli
* armstrong.paulk.fr
34 52 Denis 'GNUtoo' Carikli
* gagarine.paulk.fr | SSH, physical access | [[People#Paul-Kocialkowski|Paul Kocialkowski]] only (it's his machines) | The contact address is redirected to several Replicant contributors including:
35 42 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
36 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
37 1 Denis 'GNUtoo' Carikli
* Add your name here if you receive mail from this address and want to be mentioned |
38 33 Denis 'GNUtoo' Carikli
| IRC channel | Freenode | Channel operator(s) | Several Replicant contributors including:
39 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
40 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
41 58 Kurtis Hanna
* [[People#Kurtis-Hanna|Kurtis Hanna]]
42 88 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | @MODE #Replicant +qe $~a *!*@gateway/web/*@ and @MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/*@ have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak |
43 43 Denis 'GNUtoo' Carikli
| The replicant.us (mostly-static) front website | OSUOSL (hook) + FSF for the source code | * See the source code hosting line above.
44
* Probably none for the hook | See the source code hosting line above. | * "Source code":https://git.replicant.us/replicant/website/
45
* Patches are to be sent to the Replicant mailing list
46
* There is a jenkins hook with a token to pull and deploy the website source code |
47 45 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
48
* The DNS entries are configured to use gandi's DNS server | Several Replicant contributors including:
49 91 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
50
* [[People#Bradley-M-Kuhn|Bradley Kuhn]]
51 44 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
52
* Add your name here if you have access and want to be mentioned  | |
53 32 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
54 29 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
55
* https://redmine.replicant.us: OSUOSL
56 30 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
57 16 Denis 'GNUtoo' Carikli
58 13 Denis 'GNUtoo' Carikli
h2. OSUOSL
59 7 Denis 'GNUtoo' Carikli
60 16 Denis 'GNUtoo' Carikli
The OSUOSL is the Oregon State University Open Source Lab.
61 19 Denis 'GNUtoo' Carikli
62 56 Denis 'GNUtoo' Carikli
Contact:
63
* They can be contacted on #osuosl on the Freenode IRC network
64 92 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
65 56 Denis 'GNUtoo' Carikli
66 66 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's office
67 1 Denis 'GNUtoo' Carikli
68
* The virtual machine is hosted in a server that is in their office.
69
* Several FSF network administrator also have access to the virtual machine
70 66 Denis 'GNUtoo' Carikli
71 75 Denis 'GNUtoo' Carikli
Contact:
72 76 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
73
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
74 75 Denis 'GNUtoo' Carikli
75 66 Denis 'GNUtoo' Carikli
h3. Virtual machine specifications
76 67 Denis 'GNUtoo' Carikli
77 69 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
78 66 Denis 'GNUtoo' Carikli
* About 3G of RAM
79
* 1 virtual core
80
* a 10G rootfs partition
81
* a 100G storage partition for Replicant git repositories
82 1 Denis 'GNUtoo' Carikli
* One IPv4 and one IPv6
83 69 Denis 'GNUtoo' Carikli
84
Software:
85 93 Denis 'GNUtoo' Carikli
* Trisquel 8.0
86 72 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
87
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
88 66 Denis 'GNUtoo' Carikli
89
h3. Virtual machine backup policies
90 68 Denis 'GNUtoo' Carikli
91 89 Denis 'GNUtoo' Carikli
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
92 62 Denis 'GNUtoo' Carikli
<pre>
93
/dev
94
/proc
95
/tmp
96
/sys
97
/run
98
/mnt
99
/mnt0
100
/mnt1
101
/mnt2
102
/mnt3
103
/mnt4
104
/mnt5
105
/mnt6
106
/mnt7
107
/mnt8
108
/mnt9
109
/floppy/
110
/cdrom/
111
/media/
112
/net/
113
/var/spool/squid/
114
/var/spool/squid3/
115
/var/spool/squid3_bak/
116
/var/spool/squid-tbd/
117
/var/spool/squid*/
118
/var/spool/django/
119
/var/spool/exim/
120
/var/cache/
121
/srv/chroot/
122
/t
123
/srv/to-tape
124
/var/lib/ceph/osd/
125
/var/lib/apt/lists/
126
/var/cache/apt/
127
</pre>
128 44 Denis 'GNUtoo' Carikli
129 81 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
130 80 Denis 'GNUtoo' Carikli
131
The source code is in /srv/git/git-data/repositories and is divided in several groups:
132
** Replicant source code
133
** LineageOS mirror
134
** Various developers repositories
135
136 82 Denis 'GNUtoo' Carikli
|_. function |_. software |_. comments |
137
| authorization | gitolite | |
138 84 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
139
* ssh:// -> ssh daemon
140
* https:// -> ? (TODO: document the software/configuration)
141 83 Denis 'GNUtoo' Carikli
| |
142 82 Denis 'GNUtoo' Carikli
| web | cgit | |
143
144 79 Denis 'GNUtoo' Carikli
h2. Gandi
145 1 Denis 'GNUtoo' Carikli
146
* See https://en.wikipedia.org/wiki/Gandi for more details
147 46 Denis 'GNUtoo' Carikli
148 79 Denis 'GNUtoo' Carikli
h2. Freenode
149 46 Denis 'GNUtoo' Carikli
150 79 Denis 'GNUtoo' Carikli
h2. TODO:
151 47 Denis 'GNUtoo' Carikli
152 1 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
153 47 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
154 1 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
155 47 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
156 50 Denis 'GNUtoo' Carikli
* Fill the gaps (mentioned with '?') in this page
157 48 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
158 55 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
159 54 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
160 77 Denis 'GNUtoo' Carikli
161
h1. Funding and legal entity
162 78 Denis 'GNUtoo' Carikli
163 99 Denis 'GNUtoo' Carikli
See the [[SteeringCommittee]] for more details.
164 94 Denis 'GNUtoo' Carikli
165
h1. Legal advise
166
167
Contact John Sullivan at the FSF.
168
169
Note that John Sullivan is not a lawyer but the FSF has lawyers.