. '''To [[SystemAdministration|System Administration]]''' - '''To [[SystemAdministration/IPList|Systems IP List]]''' - '''To [[SystemAdministration/Team|System Administrators Team]]''' <> ---- = Systems (Overview) = This is an overview of CAcerts systems. This information is intended for the system administrators. ||<#6699ff -6>'''Critical''' || ||<#ffff80> System ||<#ffff80> Purpose ||<#ffff80> Proposed change ||<#ffff80> Physical location ||<#ffff80> Host type (location) ||<#ffff80> OS version|| || [[SystemAdministration/Systems/Cisco1_and_2|Cisco1]] || central network switch || || BIT, Ede, NL || native || IOS || || [[SystemAdministration/Systems/Cisco1_and_2|Cisco2]] || central network switch || || BIT, Ede, NL || native || IOS || || [[SystemAdministration/Systems/Backup|backup]] (critical) || boxbackup server for critical systems || || BIT, Ede, NL || Xen (Sun3), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Crl|crl]] || Certificate Revocation Lists || || BIT, Ede, NL || Xen (Sun3), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Hopper|hopper]] || SSH server || || BIT, Ede, NL || Xen (Sun4), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Logger|logger]] (critical) || central log for critical systems || || BIT, Ede, NL || Xen (Sun3), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Ns|ns]] || DNS || || BIT, Ede, NL || Xen (Sun3), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Ocsp|ocsp]] || OCSP || || BIT, Ede, NL || Xen (Sun3), [[https://community.cacert.org/board/motions.php?motion=m20110501.2|m20110501.2]] || OpenSuSE 13.2 || || [[SystemAdministration/Systems/Signer|Signer]] || Certificate signing || || BIT, Ede, NL || native || Debian 5 || || [[SystemAdministration/Systems/Sun3|Sun3]] || Xen host || || BIT, Ede, NL || native || OpenSUSE 13.2 || || [[SystemAdministration/Systems/Sun4|Sun4]] || Xen host || || BIT, Ede, NL || native || OpenSuSE 11.1 || || [[SystemAdministration/Systems/Webdb|Webdb]] (Sun2) || Main website || || BIT, Ede, NL || native ||<#ff9600> Debian 8.11 || ||<#6699ff -6>'''Infrastructure''' || ||<#ffff80> System ||<#ffff80> Purpose ||<#ffff80> Proposed change ||<#ffff80> Physical location ||<#ffff80> Host type (location) ||<#ffff80> OS version|| || [[https://infradocs.cacert.org/systems/blog.html|Blog]] || News blog || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/board.html|Board]] || Accounting || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 7 || || [[https://infradocs.cacert.org/systems/bugs.html|Bugs]] || Mantis bug tracking || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/cats.html|CATS]] || CAcert Automated Testing System || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 7 || || [[https://infradocs.cacert.org/systems/community.html|Community]] || Community WebMail, info and staff list || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/code.html|Code]] || CAcert code hosting || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra03.html|Infra03]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/email.html|Email]] || Email for @cacert.org || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/emailout.html|Emailout]] || Email relay for infrastructure || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/git.html|Git]] || Development Repository || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/infra02.html|Infra02]] || LXC host || || BIT, Ede, NL || native ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/infra03.html|Infra03]] || LXC host || || BIT, Ede, NL || native ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/ingress03.html|Ingress03]] || TLS SNI proxy for systems on infra03 || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra03.html|Infra03]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/ircserver.html|Ircserver]] || IRC server || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/issue.html|Issue]] || Support || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 9 || || [[https://infradocs.cacert.org/systems/jenkins.html|Jenkins]] || Jenkins || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/lists.html|Lists]] || Mailing lists || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/monitor.html|Monitor]] || Icinga (network monitoring) || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/motion.html|Motion]] || Board motion system || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/nextcloud.html|Nextcloud]] || Nextcloud instance for CAcert teams || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra03.html|Infra03]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/proxyin.html|Proxyin]] || TLS SNI proxy for non-critical systems || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/proxyout.html|Proxyout]] || Outgoing HTTP proxy for non-critical systems || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/puppet.html|Puppet]] || Puppet server for non-critical systems || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/svn.html|SVN]] || Subversion repository || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/test.html|Test]] || Testserver (development) || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 8 || || [[SystemAdministration/Systems/cacert2-test|Test2]] || Testserver (sysadmin) || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 8 || || [[https://infradocs.cacert.org/systems/test3.html|Test3]] || Testserver (development for OS upgrade) || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[SystemAdministration/Systems/ca-mgr1-test|Testmgr]] || Testserver (management)<
>CATS testserver || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#ff0000> Debian 8 || || [[https://infradocs.cacert.org/systems/translations.html|Translations]] || Pootle translation server || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#a4e800> Debian 10 || || [[https://infradocs.cacert.org/systems/web.html|Web]] || Reverse Proxy || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/webstatic.html|Webstatic]] || Web (static content) || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#00df99> Debian 11 || || [[https://infradocs.cacert.org/systems/wiki.html|Wiki]] || Wiki || || BIT, Ede, NL || LXC ([[https://infradocs.cacert.org/systems/infra02.html|Infra02]]) ||<#a4e800> Debian 10 || ||<#6699ff -6>'''Auxiliary systems / Community Contributions''' || ||<#ffff80> System ||<#ffff80> Purpose ||<#ffff80> Proposed change ||<#ffff80> Physical location ||<#ffff80> Host type (location) ||<#ffff80> OS version|| ||<#6699cc -6><>'''Misc''' || || [[https://infradocs.cacert.org/external/extmon.html|Extmon]] || External monitoring satellite || provided by [JanDittberner] || Hetzner Cloud, Nürnberg, DE || KVM VM ||<#00df99> Debian 11 || ||<#6699ff -6>'''Discontinued (offline)''' || ||<#ffff80> System ||<#ffff80> Purpose ||<#ffff80> Proposed change ||<#ffff80> Physical location ||<#ffff80> Host type (location) ||<#ffff80> OS version|| ||<#6699cc -6>Old infrastructure systems || || [[SystemAdministration/Systems/Infra01|Infra01]] (Sun1) || old LXC host || {y} shutdown || BIT, Ede, NL || native || Debian 6.0.7 || ||<#6699cc -6>Other || || Cod || ? || || BIT, Ede, NL || Infra-Backups:/old_hosts/cod_2011-05-01.tar.bz2 || ? || || Dupes || HashServer || || BIT, Ede, NL || Infra-Backups:/old_hosts/dupes_2012-03-24.tar.bz2 || ? || || Forum || Forums || || BIT, Ede, NL || Infra-Backups:/old_hosts/forum_2012-03-25.tar.bz2 || ? || || ldap (old) || ? || || BIT, Ede, NL || Infra-Backups:/old_hosts/ldap_2010-06-23.gz || ? || || logging || Logserver for infrastructure || || BIT, Ede, NL || Infra-Backups:/old_hosts/logging_2012-03-25.tar.bz2 || ? || || Paypal || ? || || BIT, Ede, NL || Infra-Backups:/old_hosts/paypal_2012-03-25.tar.bz2 || ? || || PuppetMaster || Centralized management || || BIT, Ede, NL || Infra-Backups:/old_hosts/puppet_2010-06-23.tar.bz2 || ? || || Sun 2 (Infrastructure) || ? || || BIT, Ede, NL || Infra-Backups:/old_hosts/sun2_2012-04-06_*.tar.bz2 || ? || || Test2 || Old test server test2.cacert.org || || BIT, Ede, NL || Infra-Backups:/old_hosts/test2_2012-03-25.tar.bz2 || ? || || [[SystemAdministration/Systems/Translingo|Translingo]] || Website translation || || BIT, Ede, NL || Infra-Backups:/old_hosts/translingo_2012-05-04.tar.bz2 || ? || || Blog new || Blog dev || || BIT, Ede, NL || Infra-Backups:/old_hosts/20130713_blog.tar.bz2 || 6.0.5 || || Wiki-new || Test System for wiki || || BIT, Ede, NL || Infra-Backups:/old_hosts/20130713_wiki-new.tar.bz2 || 6.0.5 || || [[SystemAdministration/Systems/SLS|it-sls]] || VMware ESX host || || it-sls, DE || native || ESX 3.5 || || [[SystemAdministration/Systems/cacert1-test|cacert1-test]] || Testserver (development) || || it-sls, DE || VMware (it-sls) || Debian 6 || || [[SystemAdministration/Systems/cacert2-test|cacert2-test]] || Testserver (sysadmin) || || it-sls, DE || VMware (it-sls) || Debian 6 || || [[SystemAdministration/Systems/ca-mgr1-test|ca-mgr1-test]] || Testserver (management)<
>new CATS testserver || || it-sls, DE || VMware (it-sls) || Debian 6 || || [[SystemAdministration/Systems/git|git]] || Development Repository || || it-sls, DE || VMware (it-sls) || Debian 6 || || [[SystemAdministration/Systems/Test|Test1]] || Old test server test1.cacert.at || shut down / archive (replaced by new test servers) || Sonance, Vienna, AT || Xen (Sonance) || ? || || [[SystemAdministration/Systems/fiddle|fiddle.it]] || Auditor results (Capser, !CrowdIt) || || Vienna, AT || '''currently offline''' || ? || {g} agreed, implementation pending {y} agreed, implementation postponed OS version Debian releases: 4 "Etch", 5 "Lenny", 6 "Squeeze", 7 "Wheezy", 8 "Jessie", 9 "Stretch", 10 "Buster", 11 "Bullseye", 12 "Bookworm" OS Support Status: ||<#ff0000> EOL, no security Updates|| ||<#ff9600> LTS security updates only, see https://wiki.debian.org/LTS/ || ||<#a4e800> oldstable|| ||<#00df99> stable, security supported|| Template for [[SystemAdministration/Systems/template|System Documentation]] . Machines [[SystemAdministration/IPList|IP List]] . Machines [[SystemAdministration/EquipmentList|Equipment List]] <> == Definitions Critical / Infrastructure (aka non-critical) == * Definition is headed by Security Policy, which defines what is critical. See . [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html]] . Section: 1.1. Motivation and Scope * Also see the [[SecurityManual|SecurityManual]] (linked in SP) for more detail, which should point to lists of systems. * In essence anything that is not controlled under the SP is deemed to be outside therefore it is termed "infrastructure". The non-critical term was dropped around 2009, although it's still used in conversation. Infrastructure stuff is documented from this wiki page: . [[SystemAdministration]] == Systems documentation == <> . [[SystemAdministration/InfrastructureHost]] . [[SystemAdministration|Other System administration pages]] ---- . CategorySystems