CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Hi Ian,

Op 17-6-2010 10:26, Ian G schreef:
> On 16/06/10 8:44 PM, Wytze van der Raay wrote:
>> ...
>> Transition of where to where?
> 
> Sun 2 from CAcert rack to HCC rack.  As I say, just an idea.

I see ... so not a temporary move there, but a permanent one.

>> If the plan still is to migrate infrastructure services to servers in
>> Switzerland and/or Austria, I don't see why it would belp to move sun2
>> to the Hobbynet rack in the mean time.
> 
> Well, moving all those VMs will require a lot of infra-sysadm time.  I'm
> not sure it is available.

Any move of the current system, no matter where, will require a lot of
sysadmin time.

> Moving the Sun 2 machine from one rack to another, and rejigging the
> IP#s seems to be a lot less work.

Well, you are leaving out a few things here ... the Tunix firewall won't
move with the machine, so you will have to integrate all services into
another (Hobbynet's) firewall structure. Hobbynet will have a hard time
to solve problems with suddenly admitting 10 or so "foreign" CAcert
sysadmins into their admin network without jeopardizing their own integrity
(actually this might be a simple no-go for them). And significant downtime
is likely to occur, combined with sysadmin stress, since you would be moving
a unique physical machine, without having an opportunity to check out things
in advance. And probably a few other things I haven't though of yet.
So less work? Not so sure ...

>> You will have to start another
>> complex round of negotiations with HCC to straighten out all the issues,
>> which would be better spent on finishing off the deals with CH / AT imho.
> 
> Well, I understand that there will be a need for negotiations with HCC.
> But, the board doesn't have to get closely involved in it because not a
> lot is being asked of the board, and it is infra not critical.

Who else is going to do this if it is not the board? Realistically I don't
see how anybody else than the board could make such contractual arrangements.
After that it's up to sysadmins to make it work of course.
And since the board work has already been done for the other facilities
(or hasn't it?), why not use it now? The big advantage of moving
infrastructure services to new hardware is of course that you have no
strict deadlines, can build up the new service while the old one is still
running, test, test, test until you're satisfied, then migrate, each service
one by one. From a technical point of view this seems much more attractive
to me than moving the physical box and try to re-integrate it (keeping in
mind that many of the installations on the current box are rather dated ...).

> The main issues I would see is (a) whether Oophaga mind the Sun 2 going
> into the HCC rack, (b) how to account for any costs, and (c) whether HCC
> want to do this.  I'll bet there other things to think about tho.

Nothing stops you asking those questions to the organisations concerned,
but I wouldn't recommend it.

> Just an idea.  I'm exploring all such things, in case there is an easy
> opportunity.

I think that the opportunity is much less easy than you think it is.

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature