The system documentation is currently rewritten in a new system that builds HTML from ReStructuredText/Sphinx sources.

The git-Repository is at https://git.cacert.org/cacert-infradocs.git/

The generated documentation is published to https://infradocs.cacert.org/.

Instructions on how to work on the new documentation are available at https://infradocs.cacert.org/building.html.

For some more background information see the mailing list thread at https://lists.cacert.org/wws/arc/cacert-sysadm/2016-05/msg00000.html.


Systems (Overview)

This is an overview of CAcerts systems. This information is intended for the system administrators.

Critical

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Cisco1

central network switch

BIT, Ede, NL

native

IOS

Cisco2

central network switch

BIT, Ede, NL

native

IOS

backup (critical)

boxbackup server for critical systems

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

crl

Certificate Revocation Lists

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

hopper

SSH server

BIT, Ede, NL

Xen (Sun4), m20110501.2

OpenSuSE 13.2

logger (critical)

central log for critical systems

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

ns

DNS

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

ocsp

OCSP

BIT, Ede, NL

Xen (Sun3), m20110501.2

OpenSuSE 13.2

Signer

Certificate signing

BIT, Ede, NL

native

Debian 5

Sun3

Xen host

BIT, Ede, NL

native

OpenSUSE 13.2

Sun4

Xen host

BIT, Ede, NL

native

OpenSuSE 11.1

Webdb (Sun2)

Main website

BIT, Ede, NL

native

Debian 8.11

Infrastructure

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Blog

News blog

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Board

Accounting

BIT, Ede, NL

LXC (Infra02)

Debian 7.11

Bugs

Mantis bug tracking

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

CATS

CAcert Automated Testing System

BIT, Ede, NL

LXC (Infra02)

Debian 7.11

Email

Email for @cacert.org

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Emailout

Email relay for infrastructure

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Git

Development Repository

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Infra02

LXC host

BIT, Ede, NL

native

Debian 10.3

Ircserver

IRC server

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Issue

Support

BIT, Ede, NL

LXC (Infra02)

Debian 7.11

Jenkins

Jenkins

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Lists

Mailing lists

BIT, Ede, NL

LXC (Infra02)

Debian 7.11

Monitor

Icinga (network monitoring)

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Motion

Board motion system

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Pgpkeys

PGP keyserver (currently shut down)

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Proxyin

TLS SNI proxy for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Proxyout

Outgoing HTTP proxy for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Puppet

Puppet server for non-critical systems

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

SVN

Subversion repository

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Test

Testserver (development)

BIT, Ede, NL

LXC (Infra02)

Debian 8.11

Test2

Testserver (sysadmin)

BIT, Ede, NL

LXC (Infra02)

Debian 8.11

Test3

Testserver (development for OS upgrade)

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Testmgr

Testserver (management)
CATS testserver

BIT, Ede, NL

LXC (Infra02)

Debian 8.10

Translations

Pootle translation server

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Web

Reverse Proxy

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Webstatic

Web (static content)

BIT, Ede, NL

LXC (Infra02)

Debian 9.12

Webmail

Webmail, Staff

BIT, Ede, NL

LXC (Infra02)

Debian 4.0

Wiki

Wiki

BIT, Ede, NL

LXC (Infra02)

Debian 10.3

Auxiliary systems / Community Contributions

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Misc

Extmon

External monitoring satellite

provided by [JanDittberner]

Hetzern Cloud, N├╝rnberg, DE

KVM VM

Debian 10.3

Discontinued (offline)

System

Purpose

Proposed change

Physical location

Host type (location)

OS version

Old infrastructure systems

Infra01 (Sun1)

old LXC host

{y} shutdown

BIT, Ede, NL

native

Debian 6.0.7

Other

Cod

?

BIT, Ede, NL

Infra-Backups:/old_hosts/cod_2011-05-01.tar.bz2

?

Dupes

HashServer

BIT, Ede, NL

Infra-Backups:/old_hosts/dupes_2012-03-24.tar.bz2

?

Forum

Forums

BIT, Ede, NL

Infra-Backups:/old_hosts/forum_2012-03-25.tar.bz2

?

ldap (old)

?

BIT, Ede, NL

Infra-Backups:/old_hosts/ldap_2010-06-23.gz

?

logging

Logserver for infrastructure

BIT, Ede, NL

Infra-Backups:/old_hosts/logging_2012-03-25.tar.bz2

?

Paypal

?

BIT, Ede, NL

Infra-Backups:/old_hosts/paypal_2012-03-25.tar.bz2

?

PuppetMaster

Centralized management

BIT, Ede, NL

Infra-Backups:/old_hosts/puppet_2010-06-23.tar.bz2

?

Sun 2 (Infrastructure)

?

BIT, Ede, NL

Infra-Backups:/old_hosts/sun2_2012-04-06_*.tar.bz2

?

Test2

Old test server test2.cacert.org

BIT, Ede, NL

Infra-Backups:/old_hosts/test2_2012-03-25.tar.bz2

?

Translingo

Website translation

BIT, Ede, NL

Infra-Backups:/old_hosts/translingo_2012-05-04.tar.bz2

?

Blog new

Blog dev

BIT, Ede, NL

Infra-Backups:/old_hosts/20130713_blog.tar.bz2

6.0.5

Wiki-new

Test System for wiki

BIT, Ede, NL

Infra-Backups:/old_hosts/20130713_wiki-new.tar.bz2

6.0.5

it-sls

VMware ESX host

it-sls, DE

native

ESX 3.5

cacert1-test

Testserver (development)

it-sls, DE

VMware (it-sls)

Debian 6

cacert2-test

Testserver (sysadmin)

it-sls, DE

VMware (it-sls)

Debian 6

ca-mgr1-test

Testserver (management)
new CATS testserver

it-sls, DE

VMware (it-sls)

Debian 6

git

Development Repository

it-sls, DE

VMware (it-sls)

Debian 6

Test1

Old test server test1.cacert.at

shut down / archive (replaced by new test servers)

Sonance, Vienna, AT

Xen (Sonance)

?

fiddle.it

Auditor results (Capser, CrowdIt)

Vienna, AT

currently offline

?

{g} agreed, implementation pending

{y} agreed, implementation postponed

OS version Debian releases: 4 "Etch", 5 "Lenny", 6 "Squeeze", 7 "Wheezy", 8 "Jessie", 9 "Stretch"

OS Support Status:

EOL, no security Updates

LTS security updates only, see https://wiki.debian.org/LTS/

oldstable

stable, security supported

Template for System Documentation

Definitions Critical / Infrastructure (aka non-critical)

Systems documentation

  1. CategoryCommunication
  2. CategorySystems
  3. DebianVulnerabilityHandling
  4. DebianVulnerabilityHandling/CZ
  5. DisasterRecovery
  6. EmailListsOverview
  7. IPv6
  8. IPv6/CZ
  9. InfrastructureReDesign
  10. OcspResponder
  11. OcspResponder/CZ
  12. SecurityManual
  13. SecurityManual/CZ
  14. Software/Assessment/testserver
  15. Software/Assessment/testserver/CZ
  16. Software/Assessment/testserver/setup
  17. Software/DevelopmentWorkflow
  18. Software/Webdb
  19. Software/Webdb/Maintenance/AddNewRoots
  20. Software/Webdb/Maintenance/DatabaseUpgrades
  21. SuggestKeySizes
  22. SuggestKeySizes/CZ
  23. SystemAdministration
  24. SystemAdministration/AdminCandidates
  25. SystemAdministration/CableIndex
  26. SystemAdministration/CertificateList
  27. SystemAdministration/EmergencyLogs
  28. SystemAdministration/EquipmentList
  29. SystemAdministration/IPList
  30. SystemAdministration/InfrastructureHost
  31. SystemAdministration/InfrastructureHost/MinimalistHostingAgreement
  32. SystemAdministration/Procedures
  33. SystemAdministration/Procedures/DNSChanges
  34. SystemAdministration/Procedures/SoftwarePatches
  35. SystemAdministration/SshHostKeyList
  36. SystemAdministration/Systems
  37. SystemAdministration/Systems/Archive
  38. SystemAdministration/Systems/Cisco1_and_2
  39. SystemAdministration/Systems/Community
  40. SystemAdministration/Systems/Development
  41. SystemAdministration/Systems/Development/Prepare
  42. SystemAdministration/Systems/Hopper
  43. SystemAdministration/Systems/Infra01
  44. SystemAdministration/Systems/Logger
  45. SystemAdministration/Systems/Ns
  46. SystemAdministration/Systems/Ocsp
  47. SystemAdministration/Systems/SLS
  48. SystemAdministration/Systems/Signer
  49. SystemAdministration/Systems/Sun1
  50. SystemAdministration/Systems/Sun2
  51. SystemAdministration/Systems/Sun3
  52. SystemAdministration/Systems/Sun4
  53. SystemAdministration/Systems/Test
  54. SystemAdministration/Systems/Translingo
  55. SystemAdministration/Systems/Webdb
  56. SystemAdministration/Systems/Wiki
  57. SystemAdministration/Systems/Wiki/update201009
  58. SystemAdministration/Systems/ca-mgr1-test
  59. SystemAdministration/Systems/cacert2-test
  60. SystemAdministration/Systems/fiddle
  61. SystemAdministration/Systems/git
  62. SystemAdministration/Systems/template
  63. SystemAdministration/Team
  64. Technology/Laboratory/Hardware/InfrastructureHost/Infra-redevelopment-plan
  65. Technology/Laboratory/Hardware/InfrastructureHost/Vienna1
  66. Twitter
  67. Twitter/CZ
  68. WeakKeys
  69. WeakKeys/CZ
  70. WeakKeys/SmallExponent
  71. WeakKeys/SmallExponent/CZ
  72. WeakKeys/SmallKey
  73. WeakKeys/SmallKey/CZ
  74. comma/Arsenal/IRC
  75. comma/Arsenal/IRC/improvement