cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Mario Lipinski <mario AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: Development of infrastructure
- Date: Mon, 09 Aug 2010 03:44:15 +0200
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert (Organisation Assurance Germany, Wiki/Issue admin)
Am 08.08.2010 17:35, schrieb Wytze van der Raay:
So a new OS could be installed right now?
Yes, subject of course to the availability of Oophaga and CAcert staff
to get access to the location.
Sure. Currently these are just ideas and to see what would be possible.
Another alternative is to source another server. For infrastructure this
could very well be a used donated machine...
Guessing critical services cannot reduce their number of machines or to
be very offensive: The services on sun3 and sun4 cannot be put together?
Not really offensive ... anything can be changed of course.
sun3 is running the backup server; its configuration is essentially
inherited from the original setup done by others in 2007 (implying
amongst other things that it is vserver-based).
sun4 is running a number of important supporting services for critical
systems, like ssh hopper, system logger, DNS server, each in a separate
xen guest. Additional services planned on this machine are OCSP and CRL.
In principle the backup server can also be run on this machine, but it
would require some software porting work -- the boxbackup software in use
for this service is not available from the standard repositories for
OpenSuSE 11 (which is what we are using on sun4). Conceptually I'd prefer
to keep the backup server physically separated, but it's not an absolute
necessity.
Wouldn't it be possible to run a supported guest os using xen for boxbackup?
However, I agree that having a separate backup server is preferrable. Also for backing up the other critical systems running on sun4. Another idea would be to use the current webdb server for backups. Hardware requirements should be quite low for backup and in case of a hardware failure with the retired stuff, it would be very unlikely that the data becomes unaccessible and a system which stores backups breaks down.
If we go that way, I wouldn't do it like that, but simply connect the
machine to the "open internet" switch rather than the firewall. That
way, the firewall doesn't have to know anything about this system (or
its subsystems). Maybe that is what you meant with "an extra physical
uplink"? We have one physical uplink, but since it ends on a switch,
we can hook up as many systems to it as we need to.
The reason I did not suggest it that way is, it would be possible to assign an ip address of a critical server then to a non-critical system or hijack traffic from critical systems then. Or does the switch have management functions to prevent this?
Btw. do we have enough IPv4 addresses available?
Once there is an audit we can show that the systems are designed
independent and they can be moved out. And not having done so is just a
reason of the resources available by then.
Well, we can show that also now. It depends very much on the auditor
and his/her procedures whether that is considered sufficient or not.
Right. But it is somehow agreed, that from CAcerts point of view it would be desirable to seperate this for security of the critical systems.
Also it would make the administration of the non-critical systems independent from the critical admins (e.g. adding users on the hopper).
Yes. There is a netapp device in the equipment list which has never been
used for critical stuff. Could this host infrastructure backups?
Actually, since that NetApp has never been used for anything whatsoever,
it was not re-installed after the recent relocation of servers to the
newer server room, and is now kept by Oophaga somewhere offsite. So if
you really would want to use it, we'd need to talk to Oophaga first to
reinstall it. But storage space is actually not a very scarce resource
right now, so I doubt whether you would really need it.
Depends heavily on the backup policy. For getting started it would not be required. It is a way we could keep in mind if disk space becomes rare.
You are re-starting a process that was already started but got torpedoed.
But clearly you'll need to do something, that's for sure.
Was expecting more torpedos for this.
--
Mit freundlichen Grüßen / Best regards
Mario Lipinski
Board member, E-Mail:
mario AT cacert.org
Organisation Assurer (Germany), Internet: http://www.cacert.org
Wiki/Issue admin
CAcert
Support CAcert: http://www.cacert.org/index.php?id=13
http://wiki.cacert.org/wiki/HelpingCAcert
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Development of infrastructure, Mario Lipinski, 08/05/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/07/2010
- Re: Development of infrastructure, Mario Lipinski, 08/07/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/08/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/09/2010
- Re: Development of infrastructure, Ian G, 08/09/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Mario Lipinski, 08/09/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/08/2010
- Re: Development of infrastructure, Mario Lipinski, 08/07/2010
- Re: Development of infrastructure, Wytze van der Raay, 08/07/2010
Archive powered by MHonArc 2.6.16.