CAcert System Admins discussion list

[Daniel Black <daniel AT cacert.org>]

Just to make sure I'm not getting up at 5am for nothing.

Who: current and future sysadmins of CAcert
Where: irc.cacert.org - #sysadmin channel
What: no additional topics beyond my initial quick thoughts have been 
received.
what was that: [1]

Topics:
1. our offer(s) for infrastructure and what's happening with them.

Board is considering them. Iang asked ([2]) and I answered ([3]) on the tech 
issues. Feel free to comment on what I roughly put together. I did just ping 
the board on the board list so lets see if they respond.

2. general procedures for doing common stuff like DNS, firewall changes, 
recruiting, certificates, documentation, IP addresses

Stated here (may change content under review):
http://wiki.cacert.org/wiki/SystemAdministration/Procedures/DNSChanges
http://wiki.cacert.org/wiki/SystemAdministration/Procedures/FirewallChanges
http://wiki.cacert.org/wiki/SystemAdministration/Procedures/CertificateIssuing

IP list is here:
http://wiki.cacert.org/wiki/SystemAdministration/IPList

Documentation should be on the wiki:
http://wiki.cacert.org/wiki/SystemAdministration/Systems
some documentation still needs to be done.

3. plans - if we could get together a short list of what changes people are 
doing we can put that to the board.

note that some board members are really waiting on blog x509 and hoping for 
wiki soon.

4. puppet planning and what to expect

no progress here. I just might start fresh with new infrastructure and 
migrate 
into a managed system.

5. OSDC.com.au

Just a reminder that I'm really interested in any x509 authentication you do. 
There are still issues with Safari/Crome(?) and optional authentication. Keep 
this in mind if deploying stuff. 
(http://wiki.cacert.org/wiki/ApacheServerClientCertificateAuthentication)

6. email aliases [4]

Mario mentioned email aliases for systems. What are peoples thoughts?

[1] https://lists.cacert.org/wws/arc/cacert-sysadm/2009-07/msg00036.html
[2] https://lists.cacert.org/wws/arc/cacert-board/2009-07/msg00443.html
[3] https://lists.cacert.org/wws/arc/cacert-sysadm/2009-07/msg00088.html
[4] https://lists.cacert.org/wws/arc/cacert-sysadm/2009-07/msg00085.html

7. absence

I'm going to be away from Friday 7th to 20th. Once Christopher gets added as 
a 
list admin there should be coverage of systems. 
https://community.cacert.org/staff.php is your friend. Email Philipp if you ;
get 
stuck with firewall rules or access difficulties.


8. security updates

currently most systems don't automatic apt-get update/upgrade.

once way is to setup/install cron-apt with /etc/cron-apt/config's MAILTO set 
to 
your email address (and maybe MAILON="changes").

A sample postfix (/etc/postfix/)main.cf is attached. Just replace 
wiki.cacert.org with your domain and 172.16.2.12 with your service IP.

Try to make sure origin address is 
returns AT cacert.org
 with:
# grep sender_can main.cf
sender_canonical_maps = hash:/etc/postfix/sender_rewrite

# more /etc/postfix/sender_rewrite
www-data returns
root         returns

# postmap  /etc/postfix/sender_rewrite

9. other business?

10. next meeting

probably early September. is weekends or weekdays preferred?


-- 
Daniel Black
Infrastructure Administrator
CAcert

3. plans - if we could get together a short list of what changes people are 
doing we can put that to the board.