Project

General

Profile

NetworkInfrastructure » History » Version 112

Denis 'GNUtoo' Carikli, 04/09/2019 12:21 PM

1 1 Denis 'GNUtoo' Carikli
h1. NetworkInfrastructure
2
3 16 Denis 'GNUtoo' Carikli
|_. What |_. Where |_. Access type | Who | comments |
4 110 Denis 'GNUtoo' Carikli
| "Redmine instance":https://redmine.replicant.us |/5. OSUOSL  | Redmine administrator | Only the following people have access to it:
5 1 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
6 102 Denis 'GNUtoo' Carikli
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
7 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
8 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
9
* [[People#Fil-Bergamo]]
10
* OSUOSL system administrators | |
11 108 Denis 'GNUtoo' Carikli
| "Mailing list":https://lists.osuosl.org/mailman/listinfo/replicant | Mailing list administrator | Several Replicant contributors including:
12 41 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
13 60 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
14 87 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned  | |
15 108 Denis 'GNUtoo' Carikli
| "Wordpress instance":https://blog.replicant.us/ | Wordpress administator | Several Replicant contributors including:
16 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
17 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
18 1 Denis 'GNUtoo' Carikli
* Add your name here if you have access and want to be mentioned | This instance is auto-updated automatically with the help of a plugin. |
19 108 Denis 'GNUtoo' Carikli
| "Releases":https://ftp-osl.osuosl.org/pub/replicant/ | SSH | Only the following people have access to it:
20 103 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
21
* [[People#Wolfgang Wiedmeyer|Wolfgang Wiedmeyer]]
22 97 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
23 1 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]] | We should not use too much space |
24 110 Denis 'GNUtoo' Carikli
| The replicant.us (mostly-static) front website |\2. None: There is an automatic hook managed by OSUOSL | * "Source code":https://git.replicant.us/replicant/website/
25
* Patches are to be sent to the Replicant mailing list
26
* There is a jenkins hook with a token to pull and deploy the website source code |
27 96 Denis 'GNUtoo' Carikli
| A virtual machine hosted by the FSF that handles:
28 98 Denis 'GNUtoo' Carikli
* "Replicant Source code":https://git.replicant.us/ | FSF | SSH root access | Only the following people or machines have access to it
29 37 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
30 101 Denis 'GNUtoo' Carikli
* [[People#Joonas-Kylmälä|Joonas Kylmälä]]
31 1 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
32 64 Denis 'GNUtoo' Carikli
* Several FSF system administrators
33 100 Denis 'GNUtoo' Carikli
* FSF backup server
34 111 Denis 'GNUtoo' Carikli
* FSF ansible deployment server | Resources kindly offered by the FSF
35 112 Denis 'GNUtoo' Carikli
36 111 Denis 'GNUtoo' Carikli
Documentation:
37
* [[Cgit]]
38
* [[UpstrreamSourceCodeMirrors]] |
39 52 Denis 'GNUtoo' Carikli
| [[PrivateContact|Private contact address]] | This is handled by [[People#Paul-Kocialkowski|Paul Kocialkowski]]'s mail servers:
40 53 Denis 'GNUtoo' Carikli
* armstrong.paulk.fr
41 52 Denis 'GNUtoo' Carikli
* gagarine.paulk.fr | SSH, physical access | [[People#Paul-Kocialkowski|Paul Kocialkowski]] only (it's his machines) | The contact address is redirected to several Replicant contributors including:
42 42 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
43 38 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
44 1 Denis 'GNUtoo' Carikli
* Add your name here if you receive mail from this address and want to be mentioned |
45 33 Denis 'GNUtoo' Carikli
| IRC channel | Freenode | Channel operator(s) | Several Replicant contributors including:
46 88 Denis 'GNUtoo' Carikli
* [[People#Denis-GNUtoo-Carikli|GNUtoo]]
47 105 Denis 'GNUtoo' Carikli
* [[People#Paul-Kocialkowski|Paul Kocialkowski]]
48 43 Denis 'GNUtoo' Carikli
* [[People#Kurtis-Hanna|Kurtis Hanna]]
49
* Add your name here if you have access and want to be mentioned | @MODE #Replicant +qe $~a *!*@gateway/web/*@ and @MODE #Replicant +qe $~a *!*@gateway/shell/matrix.org/*@ have been applied. Unless one connects via a web based irc client or via the Matrix.org IRC bridge one will need to register one's nick with Freenode in order to speak |
50 45 Denis 'GNUtoo' Carikli
| The replicant.us domain name | gandi.net | * Web inteface through gandi website
51 106 Denis 'GNUtoo' Carikli
* The DNS entries are configured to use gandi's DNS server | The following people or machines have access to it:
52
* [[People#Bradley-M-Kuhn|Bradley Kuhn (administrative contact)]]: Can do everything (including designing the technical contact or transferring the domain) 
53
* [[People#Denis-GNUtoo-Carikli|GNUtoo (technical contact)]]: can do DNS zone changes
54
* Other people? [[People#Paul-Kocialkowski|Paul Kocialkowski]]? | |
55 32 Denis 'GNUtoo' Carikli
| The replicant.us TLS certificate | Let's Encrypt | Access probably by controlling the respective domain name | * https://www.replicant.us: OSUOSL
56 29 Denis 'GNUtoo' Carikli
* https://blog.replicant.us: OSUOSL
57
* https://redmine.replicant.us: OSUOSL
58 30 Denis 'GNUtoo' Carikli
* https://git.replicant.us: ? | History: CA-cert -> GlobalSign -> LetsEncrypt |
59 16 Denis 'GNUtoo' Carikli
60 13 Denis 'GNUtoo' Carikli
h2. OSUOSL
61 7 Denis 'GNUtoo' Carikli
62 16 Denis 'GNUtoo' Carikli
The OSUOSL is the Oregon State University Open Source Lab.
63 19 Denis 'GNUtoo' Carikli
64 56 Denis 'GNUtoo' Carikli
Contact:
65
* They can be contacted on #osuosl on the Freenode IRC network
66 92 Denis 'GNUtoo' Carikli
* They also have a 'support' mail address at osuosl.org
67 56 Denis 'GNUtoo' Carikli
68 66 Denis 'GNUtoo' Carikli
h2. Virtual machine in FSF's office
69 1 Denis 'GNUtoo' Carikli
70
* The virtual machine is hosted in a server that is in their office.
71
* Several FSF network administrator also have access to the virtual machine
72 66 Denis 'GNUtoo' Carikli
73 75 Denis 'GNUtoo' Carikli
Contact:
74 76 Denis 'GNUtoo' Carikli
* The 'sysadmin' mail address at gnu.org
75
* The FSF system administrators can also be contacted on #fsfsys on the Freenode IRC network for more urgent matters
76 75 Denis 'GNUtoo' Carikli
77 66 Denis 'GNUtoo' Carikli
h3. Virtual machine specifications
78 67 Denis 'GNUtoo' Carikli
79 69 Denis 'GNUtoo' Carikli
The virtual machine runs on top of Xen and has:
80 66 Denis 'GNUtoo' Carikli
* About 3G of RAM
81
* 1 virtual core
82
* a 10G rootfs partition
83
* a 100G storage partition for Replicant git repositories
84 1 Denis 'GNUtoo' Carikli
* One IPv4 and one IPv6
85 69 Denis 'GNUtoo' Carikli
86
Software:
87 93 Denis 'GNUtoo' Carikli
* Trisquel 8.0
88 72 Denis 'GNUtoo' Carikli
* The virtual machine may be using FAI and cfengine but it would need more investigation on that.
89
* The distribution seem to have the latest security updates applies. How it does it needs to be investigated by looking at cron jobs (it might use FAI for that).
90 66 Denis 'GNUtoo' Carikli
91
h3. Virtual machine backup policies
92 68 Denis 'GNUtoo' Carikli
93 89 Denis 'GNUtoo' Carikli
The virtual machine is backed up daily. The backup procedure excludes the following path at the time of writing:
94 62 Denis 'GNUtoo' Carikli
<pre>
95
/dev
96
/proc
97
/tmp
98
/sys
99
/run
100
/mnt
101
/mnt0
102
/mnt1
103
/mnt2
104
/mnt3
105
/mnt4
106
/mnt5
107
/mnt6
108
/mnt7
109
/mnt8
110
/mnt9
111
/floppy/
112
/cdrom/
113
/media/
114
/net/
115
/var/spool/squid/
116
/var/spool/squid3/
117
/var/spool/squid3_bak/
118
/var/spool/squid-tbd/
119
/var/spool/squid*/
120
/var/spool/django/
121
/var/spool/exim/
122
/var/cache/
123
/srv/chroot/
124
/t
125
/srv/to-tape
126
/var/lib/ceph/osd/
127
/var/lib/apt/lists/
128
/var/cache/apt/
129
</pre>
130 44 Denis 'GNUtoo' Carikli
131 81 Denis 'GNUtoo' Carikli
h3. git hosting infrastructure on this machine
132 80 Denis 'GNUtoo' Carikli
133
The source code is in /srv/git/git-data/repositories and is divided in several groups:
134
** Replicant source code
135
** LineageOS mirror
136
** Various developers repositories
137
138 82 Denis 'GNUtoo' Carikli
|_. function |_. software |_. comments |
139
| authorization | gitolite | |
140 84 Denis 'GNUtoo' Carikli
| read access | * git:// -> git daemon
141
* ssh:// -> ssh daemon
142
* https:// -> ? (TODO: document the software/configuration)
143 83 Denis 'GNUtoo' Carikli
| |
144 82 Denis 'GNUtoo' Carikli
| web | cgit | |
145
146 79 Denis 'GNUtoo' Carikli
h2. Gandi
147 1 Denis 'GNUtoo' Carikli
148
* See https://en.wikipedia.org/wiki/Gandi for more details
149 46 Denis 'GNUtoo' Carikli
150 79 Denis 'GNUtoo' Carikli
h2. Freenode
151 46 Denis 'GNUtoo' Carikli
152 79 Denis 'GNUtoo' Carikli
h2. TODO:
153 47 Denis 'GNUtoo' Carikli
154 1 Denis 'GNUtoo' Carikli
* Ask the OSUOSL about backup policies.
155 47 Denis 'GNUtoo' Carikli
* Document public spaces like Freenode IRC channel.
156 1 Denis 'GNUtoo' Carikli
* Do our own backup policies and do some backups ourselves.
157 47 Denis 'GNUtoo' Carikli
* Contact the people that have some control of the resources above and ask for permission to mention them here
158 50 Denis 'GNUtoo' Carikli
* Fill the gaps (mentioned with '?') in this page
159 48 Denis 'GNUtoo' Carikli
* Look what happens when an account is deleted
160 55 Denis 'GNUtoo' Carikli
* Fix the related issues in the "tracker":https://redmine.replicant.us/projects/replicant/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=category_id&op%5Bcategory_id%5D=%3D&v%5Bcategory_id%5D%5B%5D=57&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=category&c%5B%5D=cf_21&group_by=&t%5B%5D=
161 54 Denis 'GNUtoo' Carikli
* Move the entries of this TODO list to the tracker when it makes sense
162 77 Denis 'GNUtoo' Carikli
163
h1. Funding and legal entity
164 78 Denis 'GNUtoo' Carikli
165 99 Denis 'GNUtoo' Carikli
See the [[SteeringCommittee]] for more details.
166 94 Denis 'GNUtoo' Carikli
167
h1. Legal advise
168
169
Contact John Sullivan at the FSF.
170
171
Note that John Sullivan is not a lawyer but the FSF has lawyers.