cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Wytze van der Raay <wytze AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: Development of infrastructure
- Date: Sun, 08 Aug 2010 17:35:08 +0200
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert
On 08/07/2010 04:06 PM, Mario Lipinski wrote:
> Am 07.08.10 12:35, schrieb Wytze van der Raay:
>> ...
>> In fact sun1 is not functional anymore since some time, software-wise that
>> is
>> (there's nothing wrong with the hardware). So all its resources are
>> available,
>> in principle, but ...
>
> So a new OS could be installed right now?
Yes, subject of course to the availability of Oophaga and CAcert staff
to get access to the location.
> ...
> It would at least help us to rebuild infrastructure. E.g. it would be
> good to run a 64 bit os which I guess the hardware is capable of.
Yes, the hardware is amd64-based.
> Another alternative is to source another server. For infrastructure this
> could very well be a used donated machine...
> Guessing critical services cannot reduce their number of machines or to
> be very offensive: The services on sun3 and sun4 cannot be put together?
Not really offensive ... anything can be changed of course.
sun3 is running the backup server; its configuration is essentially
inherited from the original setup done by others in 2007 (implying
amongst other things that it is vserver-based).
sun4 is running a number of important supporting services for critical
systems, like ssh hopper, system logger, DNS server, each in a separate
xen guest. Additional services planned on this machine are OCSP and CRL.
In principle the backup server can also be run on this machine, but it
would require some software porting work -- the boxbackup software in use
for this service is not available from the standard repositories for
OpenSuSE 11 (which is what we are using on sun4). Conceptually I'd prefer
to keep the backup server physically separated, but it's not an absolute
necessity.
>> ...
>> A separate uplink is theoretically possible, but expensive, and won't bring
>> any security benefits. The real issue in separation between critical and
>> infrastructure systems is the currently shared use of firewalls, backup
>> server and admin network. It's interesting suggestion to resolve that by
>> simply moving the infrastructure systems away behind the firewalls and
>> put them on the internet directly. That could be done indeed iff you
>> accept the resulting reduced security for the infrastructure systems.
>
> I would. I work with many hosted root servers which would fit for
> infrastructure also. So it is quite the same situation. And we would
> probably have it if we get a host donated somewhere. So the goal for
> infrastructure at BIT should be for the short term to design it
> independent from the critical stuff which is near there.
> So an extra physical uplink is not economical, the firewall could simply
> forward all traffic for the infrastructure networks to one interface.
If we go that way, I wouldn't do it like that, but simply connect the
machine to the "open internet" switch rather than the firewall. That
way, the firewall doesn't have to know anything about this system (or
its subsystems). Maybe that is what you meant with "an extra physical
uplink"? We have one physical uplink, but since it ends on a switch,
we can hook up as many systems to it as we need to.
> Once there is an audit we can show that the systems are designed
> independent and they can be moved out. And not having done so is just a
> reason of the resources available by then.
Well, we can show that also now. It depends very much on the auditor
and his/her procedures whether that is considered sufficient or not.
> ...
> Yes. There is a netapp device in the equipment list which has never been
> used for critical stuff. Could this host infrastructure backups?
Actually, since that NetApp has never been used for anything whatsoever,
it was not re-installed after the recent relocation of servers to the
newer server room, and is now kept by Oophaga somewhere offsite. So if
you really would want to use it, we'd need to talk to Oophaga first to
reinstall it. But storage space is actually not a very scarce resource
right now, so I doubt whether you would really need it.
>> ...
>> I'm still amazed that CAcert Inc has found it prudent to turn down an
>> impressive offer for external hosting of its infrastructure services
>> sacrificing two valuable board members as part of the process :-(
>
> Yes, that is hard. But we need infrastructure and we need more. So we
> currently have to see how we can use all our resources available to make
> the best from it. That is why I am trying to somehow shift available
> resources around. I am aware that infrastructure needs attention from
> many directions currently, so I'd like to start a process now, and not
> like to wait until a machine turns up randomly.
You are re-starting a process that was already started but got torpedoed.
But clearly you'll need to do something, that's for sure.
Regards,
-- wytze
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Development of infrastructure, Mario Lipinski, 08/05/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/07/2010
- Re: Development of infrastructure, Mario Lipinski, 08/07/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/08/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/09/2010
- Re: Development of infrastructure, Ian G, 08/09/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/08/2010
- Re: Development of infrastructure, Mario Lipinski, 08/07/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/07/2010
Archive powered by MHonArc 2.6.16.