CAcert System Admins discussion list

[Piet Starreveld <pstarrev AT gmail.com>]

Hi Jan and team,

As suggested earlier by Jan, I am currently spending my spare time
working my way through the CAcert sysadmin documentation :-)

I know what a challenge it can be to both document what you do
accurately and keep everything running smoothly and I am truly
impressed by what you guys have achieved in both areas.

Here are some docs that I went thru at least once, so far, and some of
the questions they raised with me. As for the answers, please don't
feel pressed in any way to answer them with any urgency whatsoever. I
am very aware that most if not all of you have daytime jobs as well and
running and maintaining the CAcert infra surely takes precedence over
educating whomever.

[1] https://wiki.cacert.org/SystemAdministration/Systems

    Config sheet of Test system and some other systems state:

    VM guest on vmware-host.it-sls.de

    Is this just documentation that requires updating or did I miss
    something?

[2] https://wiki.cacert.org/SystemAdministration/InfrastructureHost

    This is about a setting up a new infrastructure in Vienna. Is this
    still applicable or has this been abandoned long since in favor of
    BIT?

[3] https://wiki.cacert.org/SystemAdministration/Procedures   
https://wiki.cacert.org/SystemAdministration/Procedures/DiskMirroring

    The documentation states 'Currently the way these servers are setup
    does not include provisions for RAID or mirroring at the hardware
    or kernel level.'

    The reason(s) to not use LVM mirroring here is/are:
    1. it isn't supported on the applicable systems
    2. it is considered unsafe/unreliable/unwanted
    3. to have some kind of last known good system state

[4] https://wiki.cacert.org/DisasterRecovery

    Is there another datacenter where DRP is to take place or is it
    assumed that a DRP will take place at BIT?

    Has a DRP ever been (dry-) tested?

[5] https://secure.cacert.org/policy/SecurityPolicy.html 
[6] https://wiki.cacert.org/SecurityManual

    Actions that require 'four eyes' (which a lot of them do) are
    carried out at BIT or is there some other arrangement in place?

My professional background is described on:

        http://nl.linkedin.com/in/pstarrev

It's open to everyone, so I'm not gonna elaborate on it here.

Additionally, I am in the possession of a valid Certificate of Conduct
for system administration. For those who don't know, a Certificate of
Conduct (Verklaring Omtrent het Gedrag, VOG) is a document by which the
Dutch State Secretary for Security and Justice declares that the
applicant did not commit any criminal offences that are relevant to the
performance of his or her duties.

As for systems administration there are no things that I particularly
like or dislike. I do like systems running smoothly and to try to
reduce maintenance requirements to a minimum and I don't like systems
to crash :-)

It would be rather arrogant of me to pretend to have any idea about
what you guys consider most urgent. However, usually in times of stress
keeping the documentation up-to-date takes the hit and usually isn't
the type of thing that people love doing most, so perhaps, you would
like me to start by helping you getting the CAcert sysadmin
documentation wiki more up to date and accurate?

Looking forward to your reply,

Kind regards,
Piet Starreveld

Attachment: smime.p7s
Description: S/MIME cryptographic signature