The system documentation is currently rewritten in a new system that builds HTML from ReStructuredText/Sphinx sources.

The git-Repository is at http://git.cacert.org/gitweb/?p=cacert-infradocs.git.

The generated documentation is published to https://infradocs.cacert.org.

Instructions on how to work on the new documentation are available at https://infradocs.cacert.org/building.html.

For some more background information see the mailing list thread at https://lists.cacert.org/wws/arc/cacert-sysadm/2016-05/msg00000.html.


System Administration

The System Administration team is responsible for operation and maintenance of the servers and services provided by CAcert.

Talking to us

People

See also: SystemAdministration/Team

Infrastructure team

We are always looking for new System Administrators! To see what's going on, join the Sysadm Maillist. If you have specific questions or want to know how to help, post there.

jandd@cacert.org currently leads the team.

Critical Servers team

Above, people marked (BIT) above are listed on the Firewall/OS Access list in Appendix B, MoU with secure-u. These people are able to get direct physical (console) access to the machines with secure-u assistance under SecurityManual.

You can send encrypted e-mail to the critical server team by importing this certificate: critical-admin@cacert.org.crt into your e-mail client and using S/MIME encryption. For verification purposes we include the decoded certificate header here:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 159760 (0x27010)
    Signature Algorithm: sha512WithRSAEncryption
        Issuer: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
        Validity
            Not Before: Jul 25 08:35:21 2015 GMT
            Not After : Jul 24 08:35:21 2016 GMT
        Subject: C=AU, ST=NSW, L=Sydney, O=CAcert Inc., OU=Critical System Administrators, CN=Critical System Administrators/emailAddress=critical-admin@cacert.org

Access Engineers Team

Access Engineers provide physical gate-keeping to the BIT facility. They have to be present for all direct access by Critical admins. They are listed on the Firewall/Site Access list in Appendix B, MoU with secure-u.

Documents

List of Guides:

List of Procedures:

Projects:

Systems

List of Systems:

  1. CategoryCommunication
  2. CategorySystems
  3. DebianVulnerabilityHandling
  4. DebianVulnerabilityHandling/CZ
  5. DisasterRecovery
  6. EmailListsOverview
  7. IPv6
  8. IPv6/CZ
  9. InfrastructureReDesign
  10. OcspResponder
  11. OcspResponder/CZ
  12. SecurityManual
  13. SecurityManual/CZ
  14. Software/Assessment/testserver
  15. Software/DevelopmentWorkflow
  16. Software/Webdb
  17. Software/Webdb/Maintenance/AddNewRoots
  18. Software/Webdb/Maintenance/DatabaseUpgrades
  19. SuggestKeySizes
  20. SuggestKeySizes/CZ
  21. SystemAdministration
  22. SystemAdministration/AdminCandidates
  23. SystemAdministration/CableIndex
  24. SystemAdministration/CertificateList
  25. SystemAdministration/EmergencyLogs
  26. SystemAdministration/EquipmentList
  27. SystemAdministration/IPList
  28. SystemAdministration/InfrastructureHost
  29. SystemAdministration/InfrastructureHost/MinimalistHostingAgreement
  30. SystemAdministration/Procedures
  31. SystemAdministration/Procedures/DNSChanges
  32. SystemAdministration/Procedures/SoftwarePatches
  33. SystemAdministration/SshHostKeyList
  34. SystemAdministration/Systems
  35. SystemAdministration/Systems/Archive
  36. SystemAdministration/Systems/Cisco1_and_2
  37. SystemAdministration/Systems/Community
  38. SystemAdministration/Systems/Development
  39. SystemAdministration/Systems/Development/Prepare
  40. SystemAdministration/Systems/Hopper
  41. SystemAdministration/Systems/Infra01
  42. SystemAdministration/Systems/Irc
  43. SystemAdministration/Systems/Jenkins
  44. SystemAdministration/Systems/Ldap
  45. SystemAdministration/Systems/Lists
  46. SystemAdministration/Systems/Logger
  47. SystemAdministration/Systems/Ns
  48. SystemAdministration/Systems/Ocsp
  49. SystemAdministration/Systems/SLS
  50. SystemAdministration/Systems/Signer
  51. SystemAdministration/Systems/Sun1
  52. SystemAdministration/Systems/Sun2
  53. SystemAdministration/Systems/Sun3
  54. SystemAdministration/Systems/Sun4
  55. SystemAdministration/Systems/Test
  56. SystemAdministration/Systems/Translations
  57. SystemAdministration/Systems/Translingo
  58. SystemAdministration/Systems/Web
  59. SystemAdministration/Systems/Webdb
  60. SystemAdministration/Systems/Webstatic
  61. SystemAdministration/Systems/Wiki
  62. SystemAdministration/Systems/Wiki/update201009
  63. SystemAdministration/Systems/ca-mgr1-test
  64. SystemAdministration/Systems/cacert1-test
  65. SystemAdministration/Systems/cacert2-test
  66. SystemAdministration/Systems/fiddle
  67. SystemAdministration/Systems/git
  68. SystemAdministration/Systems/template
  69. SystemAdministration/Team
  70. Technology/Laboratory/Hardware/InfrastructureHost/Infra-redevelopment-plan
  71. Technology/Laboratory/Hardware/InfrastructureHost/Vienna1
  72. Twitter
  73. WeakKeys
  74. WeakKeys/CZ
  75. WeakKeys/SmallExponent
  76. WeakKeys/SmallExponent/CZ
  77. WeakKeys/SmallKey
  78. WeakKeys/SmallKey/CZ
  79. comma/Arsenal/IRC
  80. comma/Arsenal/IRC/improvement

Roles

How to become team member

Critical Roles

SP says that board has to approve ABC'd roles:

Board or t/l has to start the process with filing a dispute for ABC over new candidate.

Non-critical roles

Please contact Non-Critical-Infrastructure t/l

eg for becoming

Non-critical t/l will check the candidates and provide the access.


SystemAdministration (last edited 2016-05-08 16:40:58 by JanDittberner)