The system documentation is currently rewritten in a new system that builds HTML from ReStructuredText/Sphinx sources.

The git-Repository is at https://git.cacert.org/cacert-infradocs.git/

The generated documentation is published to https://infradocs.cacert.org/.

Instructions on how to work on the new documentation are available at https://infradocs.cacert.org/building.html.

For some more background information see the mailing list thread at https://lists.cacert.org/wws/arc/cacert-sysadm/2016-05/msg00000.html.


Systems (Overview)

This is an overview of CAcerts systems. This information is intended for the system administrators.

Critical

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Cisco1

central network switch

BIT, Ede, NL

native

IOS

Cisco2

central network switch

BIT, Ede, NL

native

IOS

backup (critical)

boxbackup server for critical systems

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

crl

Certificate Revocation Lists

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

hopper

SSH server

BIT, Ede, NL

Xen (Sun4), m20110501.2

OpenSuSE 13.2

logger (critical)

central log for critical systems

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

ns

DNS

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

ocsp

OCSP

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

Signer

Certificate signing

BIT, Ede, NL

native

Debian 5

Sun3

Xen host

BIT, Ede, NL

native

OpenSUSE 13.2

Sun4

Xen host

BIT, Ede, NL

native

OpenSuSE 11.1

Webdb (Sun2)

Main website

BIT, Ede, NL

native

Debian 8.11

Infrastructure

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Blog

News blog

BIT, Ede, NL

LXC (Infra02)

Debian 11

Board

Accounting

BIT, Ede, NL

LXC (Infra02)

Debian 7

Bugs

Mantis bug tracking

BIT, Ede, NL

LXC (Infra02)

Debian 11

CATS

CAcert Automated Testing System

BIT, Ede, NL

LXC (Infra02)

Debian 7

Community

Community WebMail, info and staff list

BIT, Ede, NL

LXC (Infra02)

Debian 11

Code

CAcert code hosting

BIT, Ede, NL

LXC (Infra03)

Debian 11

Email

Email for @cacert.org

BIT, Ede, NL

LXC (Infra02)

Debian 11

Emailout

Email relay for infrastructure

BIT, Ede, NL

LXC (Infra02)

Debian 11

Git

Development Repository

BIT, Ede, NL

LXC (Infra02)

Debian 11

Infra02

LXC host

BIT, Ede, NL

native

Debian 11

Infra03

LXC host

BIT, Ede, NL

native

Debian 11

Ingress03

TLS SNI proxy for systems on infra03

BIT, Ede, NL

LXC (Infra03)

Debian 11

Ircserver

IRC server

BIT, Ede, NL

LXC (Infra02)

Debian 11

Issue

Support

BIT, Ede, NL

LXC (Infra02)

Debian 9

Jenkins

Jenkins

BIT, Ede, NL

LXC (Infra02)

Debian 11

Lists

Mailing lists

BIT, Ede, NL

LXC (Infra02)

Debian 11

Monitor

Icinga (network monitoring)

BIT, Ede, NL

LXC (Infra02)

Debian 11

Motion

Board motion system

BIT, Ede, NL

LXC (Infra02)

Debian 11

Nextcloud

Nextcloud instance for CAcert teams

BIT, Ede, NL

LXC (Infra03)

Debian 11

Proxyin

TLS SNI proxy for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 11

Proxyout

Outgoing HTTP proxy for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 11

Puppet

Puppet server for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 11

SVN

Subversion repository

BIT, Ede, NL

LXC (Infra02)

Debian 11

Test

Testserver (development)

BIT, Ede, NL

LXC (Infra02)

Debian 8

Test2

Testserver (sysadmin)

BIT, Ede, NL

LXC (Infra02)

Debian 8

Test3

Testserver (development for OS upgrade)

BIT, Ede, NL

LXC (Infra02)

Debian 11

Testmgr

Testserver (management)
CATS testserver

BIT, Ede, NL

LXC (Infra02)

Debian 8

Translations

Pootle translation server

BIT, Ede, NL

LXC (Infra02)

Debian 10

Web

Reverse Proxy

BIT, Ede, NL

LXC (Infra02)

Debian 11

Webstatic

Web (static content)

BIT, Ede, NL

LXC (Infra02)

Debian 11

Wiki

Wiki

BIT, Ede, NL

LXC (Infra02)

Debian 10

Auxiliary systems / Community Contributions

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Misc

Extmon

External monitoring satellite

provided by [JanDittberner]

Hetzner Cloud, Nürnberg, DE

KVM VM

Debian 11

Discontinued (offline)

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Old infrastructure systems

Infra01 (Sun1)

old LXC host

{y} shutdown

BIT, Ede, NL

native

Debian 6.0.7

Other

Cod

?

BIT, Ede, NL

Infra-Backups:/old_hosts/cod_2011-05-01.tar.bz2

?

Dupes

HashServer

BIT, Ede, NL

Infra-Backups:/old_hosts/dupes_2012-03-24.tar.bz2

?

Forum

Forums

BIT, Ede, NL

Infra-Backups:/old_hosts/forum_2012-03-25.tar.bz2

?

ldap (old)

?

BIT, Ede, NL

Infra-Backups:/old_hosts/ldap_2010-06-23.gz

?

logging

Logserver for infrastructure

BIT, Ede, NL

Infra-Backups:/old_hosts/logging_2012-03-25.tar.bz2

?

Paypal

?

BIT, Ede, NL

Infra-Backups:/old_hosts/paypal_2012-03-25.tar.bz2

?

PuppetMaster

Centralized management

BIT, Ede, NL

Infra-Backups:/old_hosts/puppet_2010-06-23.tar.bz2

?

Sun 2 (Infrastructure)

?

BIT, Ede, NL

Infra-Backups:/old_hosts/sun2_2012-04-06_*.tar.bz2

?

Test2

Old test server test2.cacert.org

BIT, Ede, NL

Infra-Backups:/old_hosts/test2_2012-03-25.tar.bz2

?

Translingo

Website translation

BIT, Ede, NL

Infra-Backups:/old_hosts/translingo_2012-05-04.tar.bz2

?

Blog new

Blog dev

BIT, Ede, NL

Infra-Backups:/old_hosts/20130713_blog.tar.bz2

6.0.5

Wiki-new

Test System for wiki

BIT, Ede, NL

Infra-Backups:/old_hosts/20130713_wiki-new.tar.bz2

6.0.5

it-sls

VMware ESX host

it-sls, DE

native

ESX 3.5

cacert1-test

Testserver (development)

it-sls, DE

VMware (it-sls)

Debian 6

cacert2-test

Testserver (sysadmin)

it-sls, DE

VMware (it-sls)

Debian 6

ca-mgr1-test

Testserver (management)
new CATS testserver

it-sls, DE

VMware (it-sls)

Debian 6

git

Development Repository

it-sls, DE

VMware (it-sls)

Debian 6

Test1

Old test server test1.cacert.at

shut down / archive (replaced by new test servers)

Sonance, Vienna, AT

Xen (Sonance)

?

fiddle.it

Auditor results (Capser, CrowdIt)

Vienna, AT

currently offline

?

{g} agreed, implementation pending

{y} agreed, implementation postponed

OS version Debian releases: 4 "Etch", 5 "Lenny", 6 "Squeeze", 7 "Wheezy", 8 "Jessie", 9 "Stretch", 10 "Buster", 11 "Bullseye", 12 "Bookworm"

OS Support Status:

EOL, no security Updates

LTS security updates only, see https://wiki.debian.org/LTS/

oldstable

stable, security supported

Template for System Documentation

Definitions Critical / Infrastructure (aka non-critical)

Systems documentation

  1. CategoryCommunication
  2. CategorySystems
  3. DebianVulnerabilityHandling
  4. DebianVulnerabilityHandling/CZ
  5. DisasterRecovery
  6. EmailListsOverview
  7. IPv6
  8. IPv6/CZ
  9. InfrastructureReDesign
  10. OcspResponder
  11. OcspResponder/CZ
  12. SecurityManual
  13. SecurityManual/CZ
  14. Software/Assessment/testserver
  15. Software/Assessment/testserver/CZ
  16. Software/Assessment/testserver/setup
  17. Software/DevelopmentWorkflow
  18. Software/Webdb
  19. Software/Webdb/Maintenance/AddNewRoots
  20. Software/Webdb/Maintenance/DatabaseUpgrades
  21. SuggestKeySizes
  22. SuggestKeySizes/CZ
  23. SystemAdministration
  24. SystemAdministration/AdminCandidates
  25. SystemAdministration/CableIndex
  26. SystemAdministration/CertificateList
  27. SystemAdministration/EmergencyLogs
  28. SystemAdministration/EquipmentList
  29. SystemAdministration/IPList
  30. SystemAdministration/InfrastructureHost
  31. SystemAdministration/InfrastructureHost/MinimalistHostingAgreement
  32. SystemAdministration/Procedures
  33. SystemAdministration/Procedures/DNSChanges
  34. SystemAdministration/Procedures/SoftwarePatches
  35. SystemAdministration/SshHostKeyList
  36. SystemAdministration/Systems
  37. SystemAdministration/Systems/Archive
  38. SystemAdministration/Systems/Cisco1_and_2
  39. SystemAdministration/Systems/Community
  40. SystemAdministration/Systems/Development
  41. SystemAdministration/Systems/Development/Prepare
  42. SystemAdministration/Systems/Hopper
  43. SystemAdministration/Systems/Infra01
  44. SystemAdministration/Systems/Logger
  45. SystemAdministration/Systems/Ns
  46. SystemAdministration/Systems/Ocsp
  47. SystemAdministration/Systems/SLS
  48. SystemAdministration/Systems/Signer
  49. SystemAdministration/Systems/Sun1
  50. SystemAdministration/Systems/Sun2
  51. SystemAdministration/Systems/Sun3
  52. SystemAdministration/Systems/Sun4
  53. SystemAdministration/Systems/Test
  54. SystemAdministration/Systems/Translingo
  55. SystemAdministration/Systems/Webdb
  56. SystemAdministration/Systems/Wiki/update201009
  57. SystemAdministration/Systems/ca-mgr1-test
  58. SystemAdministration/Systems/cacert2-test
  59. SystemAdministration/Systems/fiddle
  60. SystemAdministration/Systems/git
  61. SystemAdministration/Systems/template
  62. SystemAdministration/Team
  63. Technology/Laboratory/Hardware/InfrastructureHost/Infra-redevelopment-plan
  64. Technology/Laboratory/Hardware/InfrastructureHost/Vienna1
  65. Twitter
  66. Twitter/CZ
  67. WeakKeys
  68. WeakKeys/CZ
  69. WeakKeys/SmallExponent
  70. WeakKeys/SmallExponent/CZ
  71. WeakKeys/SmallKey
  72. WeakKeys/SmallKey/CZ
  73. comma/Arsenal/IRC
  74. comma/Arsenal/IRC/improvement