CAcert System Admins discussion list

[Philipp Dunkel <p.dunkel AT cacert.org>]

After I made the motion to evaluate replacing of the signing Server I  
received the following mail from Teus:

> As the hardware is not owned by CAcert Inc. And as there is a contract
> between CAcert Inc. and Oophaga foundation as everyone is aware of  
> which
> handles CAcert services hosting provision.
> The Oophaga foundation has been informed of the opinions about the
> hardware raised by critical team and was asked to find a proper  
> solution
> with the suggestion that hardware was probably the cause.
> Critical systems admin has notified that for now there is not real
> urgency. Nevertheless arrangements are investigated to have spare
> hardware identified when urgency requires so. Critical systems admin
> team and Oophaga access team are busy with that.
>
> The motion to replace the signing service makes not much sense when
> taking the Oophaga-CAcert  MoU into account.
> When other hardware will be made available from Oophaga and crit  
> systems
> admin proposes to rehost the signing server it will be under the
> security policy/manual constraints.
>
> Maybe better to withdraw the motion meanwhile.
>
> teus

This mail indicates to me that Wytzte and the Team are currently  
trying to find a new server. This was confirmed by Wytze when he asked  
on the sysadmin list whether there was a machine around that fit the  
following criteria.

> We are looking for something with the following specs:
>
> MUST HAVE:
> * 19" rack mountable, at most 4U (preferred: 1U)
> * cpu performance at least equivalent to Intel P4 1.7 Ghz or AMD  
> equivalent
> * memory >= 512 MB (preferred: 2 x 512 MB or better)
> * >= 1 serial port (preferred: 2 serial ports)
> * USB
> * "reliable" (machine does not have to be new, but should be
>  good enough to run for at least two years without trouble)
>
> VERY MUCH LIKE:
> * space for connecting existing two IDE disks (3.5") to boot
>  and run from those
>  (if machine has only SATA: must have at least 2 x 40 GB disks)
> * double power supply
>
> DON'T WANT:
> * intelligent console and other funny stuff

After this mail I asked Wytze for an estimate if we were to buy a  
suitable machine outright. He responded shortly thereafter with the  
following statement:

> What's currently sold on the market of new rack servers has specs  
> which
> well exceed our requirements, so entry level would be sufficient,  
> which
> means a price of around 800 - 900 euros from Dell, HP and the like.
> Those machines do not have IDE anymore, so we'll be forced to copy  
> disks,
> and are also typically limited to just one serial port. Both not ideal
> but workable.

So in addition to Wytze and the Team trying to come up with Hardware  
from their end, I am currently trying to find a sponsor for such a  
machine (i.e.: someone that has €1000 to spare). As soon as I have any  
tangible lead I will of course inform everyone about it.

So I think for now the situation is being handled and is not critical  
any more since all the right steps have been taken. However if we  
don't come up with a solution within the next 3-4 weeks, I think me  
may want to discuss passing the motion I had originally made ( https://community.cacert.org/board/motions.php?motion=m20090628.1 
 ) and then withdrawn.

Regards, Philipp

On Jun 30, 2009, at 22:15 , gstark wrote:

> ** Some Board members are traveling, and cannot respond.
> I have received only the one announcement from PhilippD with its few
> details about the Signing Server failure.  I see only the one piece of
> hardware in Signing Servers position in the critical systems  
> schematic.  I
> am concerned that we on the board need to discuss this matter, and  
> that
> discussion has not started yet.  Maybe there is nothing to discuss,  
> but I
> don't know.  What does the Crit-Sys Team suggest be done?  Is there a
> summary?  Am I ahead of the curve asking about this?
>
> The current situation suggests our configuration does not to have the
> redundancy and switchover backup I would have assumed was there.
>
> This is not a criticism.  It is a call to the association membership  
> and
> community for support.
>
> Do we need a new server? Two servers?
> How much will it cost?
> Do we have the funds?  If there isn't enough money or parts who's  
> going to
> donated?
> We have the people?  Are those people available?
> What is the time frame to get this in place?
> What happens if this Server completely fails?  What are all the  
> costs to
> users?
>
> The SGM is important, this is important as well.
>
> Regards,
> Greg Stark
> CAcert Board Member

Attachment: smime.p7s
Description: S/MIME cryptographic signature