The system documentation is currently rewritten in a new system that builds HTML from ReStructuredText/Sphinx sources.
The git-Repository is at https://git.cacert.org/cacert-infradocs.git/
The generated documentation is published to https://infradocs.cacert.org/.
Instructions on how to work on the new documentation are available at https://infradocs.cacert.org/building.html.
For some more background information see the mailing list thread at https://lists.cacert.org/wws/arc/cacert-sysadm/2016-05/msg00000.html.
Systems (Overview)
This is an overview of CAcerts systems. This information is intended for the system administrators.
Critical |
|||||
System |
Purpose |
Proposed change |
Physical location |
Host type (location) |
OS version |
central network switch |
|
BIT, Ede, NL |
native |
IOS |
|
central network switch |
|
BIT, Ede, NL |
native |
IOS |
|
backup (critical) |
boxbackup server for critical systems |
|
BIT, Ede, NL |
Xen (Sun3), m20110501.2 |
OpenSuSE 13.2 |
Certificate Revocation Lists |
|
BIT, Ede, NL |
Xen (Sun3), m20110501.2 |
OpenSuSE 13.2 |
|
SSH server |
|
BIT, Ede, NL |
Xen (Sun4), m20110501.2 |
OpenSuSE 13.2 |
|
logger (critical) |
central log for critical systems |
|
BIT, Ede, NL |
Xen (Sun3), m20110501.2 |
OpenSuSE 13.2 |
DNS |
|
BIT, Ede, NL |
Xen (Sun3), m20110501.2 |
OpenSuSE 13.2 |
|
OCSP |
|
BIT, Ede, NL |
Xen (Sun3), m20110501.2 |
OpenSuSE 13.2 |
|
Certificate signing |
|
BIT, Ede, NL |
native |
Debian 5 |
|
Xen host |
|
BIT, Ede, NL |
native |
OpenSUSE 13.2 |
|
Xen host |
|
BIT, Ede, NL |
native |
OpenSuSE 11.1 |
|
Webdb (Sun2) |
Main website |
|
BIT, Ede, NL |
native |
Debian 8.11 |
Infrastructure |
|||||
System |
Purpose |
Proposed change |
Physical location |
Host type (location) |
OS version |
News blog |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Accounting |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 7 |
|
Mantis bug tracking |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
CAcert Automated Testing System |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 7 |
|
Community WebMail, info and staff list |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
CAcert code hosting |
|
BIT, Ede, NL |
LXC (Infra03) |
Debian 11 |
|
Email for @cacert.org |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Email relay for infrastructure |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Development Repository |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
LXC host |
|
BIT, Ede, NL |
native |
Debian 11 |
|
LXC host |
|
BIT, Ede, NL |
native |
Debian 11 |
|
TLS SNI proxy for systems on infra03 |
|
BIT, Ede, NL |
LXC (Infra03) |
Debian 11 |
|
IRC server |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Support |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 9 |
|
Jenkins |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Mailing lists |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Icinga (network monitoring) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Board motion system |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Nextcloud instance for CAcert teams |
|
BIT, Ede, NL |
LXC (Infra03) |
Debian 11 |
|
TLS SNI proxy for non-critical systems |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Outgoing HTTP proxy for non-critical systems |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Puppet server for non-critical systems |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Subversion repository |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Testserver (development) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 8 |
|
Testserver (sysadmin) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 8 |
|
Testserver (development for OS upgrade) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Testserver (management) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 8 |
|
Pootle translation server |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 10 |
|
Reverse Proxy |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Web (static content) |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 11 |
|
Wiki |
|
BIT, Ede, NL |
LXC (Infra02) |
Debian 10 |
|
Auxiliary systems / Community Contributions |
|||||
System |
Purpose |
Proposed change |
Physical location |
Host type (location) |
OS version |
Misc |
|||||
External monitoring satellite |
provided by [JanDittberner] |
Hetzner Cloud, Nürnberg, DE |
KVM VM |
Debian 11 |
|
Discontinued (offline) |
|||||
System |
Purpose |
Proposed change |
Physical location |
Host type (location) |
OS version |
Old infrastructure systems |
|||||
Infra01 (Sun1) |
old LXC host |
{y} shutdown |
BIT, Ede, NL |
native |
Debian 6.0.7 |
Other |
|||||
Cod |
? |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/cod_2011-05-01.tar.bz2 |
? |
Dupes |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/dupes_2012-03-24.tar.bz2 |
? |
|
Forum |
Forums |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/forum_2012-03-25.tar.bz2 |
? |
ldap (old) |
? |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/ldap_2010-06-23.gz |
? |
logging |
Logserver for infrastructure |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/logging_2012-03-25.tar.bz2 |
? |
Paypal |
? |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/paypal_2012-03-25.tar.bz2 |
? |
Centralized management |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/puppet_2010-06-23.tar.bz2 |
? |
|
Sun 2 (Infrastructure) |
? |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/sun2_2012-04-06_*.tar.bz2 |
? |
Test2 |
Old test server test2.cacert.org |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/test2_2012-03-25.tar.bz2 |
? |
Website translation |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/translingo_2012-05-04.tar.bz2 |
? |
|
Blog new |
Blog dev |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/20130713_blog.tar.bz2 |
6.0.5 |
Wiki-new |
Test System for wiki |
|
BIT, Ede, NL |
Infra-Backups:/old_hosts/20130713_wiki-new.tar.bz2 |
6.0.5 |
VMware ESX host |
|
it-sls, DE |
native |
ESX 3.5 |
|
Testserver (development) |
|
it-sls, DE |
VMware (it-sls) |
Debian 6 |
|
Testserver (sysadmin) |
|
it-sls, DE |
VMware (it-sls) |
Debian 6 |
|
Testserver (management) |
|
it-sls, DE |
VMware (it-sls) |
Debian 6 |
|
Development Repository |
|
it-sls, DE |
VMware (it-sls) |
Debian 6 |
|
Old test server test1.cacert.at |
shut down / archive (replaced by new test servers) |
Sonance, Vienna, AT |
Xen (Sonance) |
? |
|
Auditor results (Capser, CrowdIt) |
|
Vienna, AT |
currently offline |
? |
|
{g} agreed, implementation pending
{y} agreed, implementation postponed
OS version Debian releases: 4 "Etch", 5 "Lenny", 6 "Squeeze", 7 "Wheezy", 8 "Jessie", 9 "Stretch", 10 "Buster", 11 "Bullseye", 12 "Bookworm"
OS Support Status:
EOL, no security Updates |
LTS security updates only, see https://wiki.debian.org/LTS/ |
oldstable |
stable, security supported |
Template for System Documentation
Machines IP List
Machines Equipment List
Definitions Critical / Infrastructure (aka non-critical)
- Definition is headed by Security Policy, which defines what is critical. See
- Section: 1.1. Motivation and Scope
Also see the SecurityManual (linked in SP) for more detail, which should point to lists of systems.
- In essence anything that is not controlled under the SP is deemed to be outside therefore it is termed "infrastructure". The non-critical term was dropped around 2009, although it's still used in conversation. Infrastructure stuff is documented from this wiki page:
Systems documentation
- CategoryCommunication
- CategorySystems
- DebianVulnerabilityHandling
- DebianVulnerabilityHandling/CZ
- DisasterRecovery
- EmailListsOverview
- IPv6
- IPv6/CZ
- InfrastructureReDesign
- OcspResponder
- OcspResponder/CZ
- SecurityManual
- SecurityManual/CZ
- Software/Assessment/testserver
- Software/Assessment/testserver/CZ
- Software/Assessment/testserver/setup
- Software/DevelopmentWorkflow
- Software/Webdb
- Software/Webdb/Maintenance/AddNewRoots
- Software/Webdb/Maintenance/DatabaseUpgrades
- SuggestKeySizes
- SuggestKeySizes/CZ
- SystemAdministration
- SystemAdministration/AdminCandidates
- SystemAdministration/CableIndex
- SystemAdministration/CertificateList
- SystemAdministration/EmergencyLogs
- SystemAdministration/EquipmentList
- SystemAdministration/IPList
- SystemAdministration/InfrastructureHost
- SystemAdministration/InfrastructureHost/MinimalistHostingAgreement
- SystemAdministration/Procedures
- SystemAdministration/Procedures/DNSChanges
- SystemAdministration/Procedures/SoftwarePatches
- SystemAdministration/SshHostKeyList
- SystemAdministration/Systems
- SystemAdministration/Systems/Archive
- SystemAdministration/Systems/Cisco1_and_2
- SystemAdministration/Systems/Community
- SystemAdministration/Systems/Development
- SystemAdministration/Systems/Development/Prepare
- SystemAdministration/Systems/Hopper
- SystemAdministration/Systems/Infra01
- SystemAdministration/Systems/Logger
- SystemAdministration/Systems/Ns
- SystemAdministration/Systems/Ocsp
- SystemAdministration/Systems/SLS
- SystemAdministration/Systems/Signer
- SystemAdministration/Systems/Sun1
- SystemAdministration/Systems/Sun2
- SystemAdministration/Systems/Sun3
- SystemAdministration/Systems/Sun4
- SystemAdministration/Systems/Test
- SystemAdministration/Systems/Translingo
- SystemAdministration/Systems/Webdb
- SystemAdministration/Systems/Wiki/update201009
- SystemAdministration/Systems/ca-mgr1-test
- SystemAdministration/Systems/cacert2-test
- SystemAdministration/Systems/fiddle
- SystemAdministration/Systems/git
- SystemAdministration/Systems/template
- SystemAdministration/Team
- Technology/Laboratory/Hardware/InfrastructureHost/Infra-redevelopment-plan
- Technology/Laboratory/Hardware/InfrastructureHost/Vienna1
- Twitter/CZ
- WeakKeys
- WeakKeys/CZ
- WeakKeys/SmallExponent
- WeakKeys/SmallExponent/CZ
- WeakKeys/SmallKey
- WeakKeys/SmallKey/CZ
- comma/Arsenal/IRC
- comma/Arsenal/IRC/improvement