CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Hi Ian,

On 29.10.2013 10:40, Ian G wrote:
> On 25/10/13 18:55 PM, Wytze van der Raay wrote:
>> ...
>> After the crl.cacert.org server has become declared "critical" by the
>> CAcert board (01.05.2011) the server has been entirely rebuilt on a
>> different platform, in combination with the ocsp.cacert.org server.
>> ...
>> They are sharing the same VM, each with their own IP address.
> 
> Seems reasonable to share those two on a VM.
> 
> What other VMs are now running?  As this is now a critical resource, I
> guess we care more :)

There is a good list in https://wiki.cacert.org/SystemAdministration/Systems

>> The configuration of this machine is mirrored in the CACert SVN:
>>
>>     http://svn.cacert.org/CAcert/SystemAdministration/ocsp/
>>
>> where you can find all the details.
> 
> oh, ok!  mmm...  That's like the system I wanted for the policy
> documents under (anticipated) cod.cacert.org.  Was it hard to set up?

It has evolved over time, but it's not very complicated. It does require
some discipline in maintaining the system, but that's not unusual :-)

> Is it push from SVN to server, or pull?

Neither ... it is pull from critical server to private admin space,
followed by a push from there to SVN. Obviously we cannot trust the
SVN good enough for blindly pulling stuff from it to a critical server.

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature