diff options
authorJan Dittberner <>2017-08-27 10:06:48 +0200
committerJan Dittberner <>2017-08-27 13:16:48 +0200
commit399e9201463b4a9cfe3287daaefbb38cc55a57d1 (patch)
parentc3eb46e78e28efe28850ee7d4100d27b26be2f58 (diff)
Add proxyout and a bit more related to LXC containers
3 files changed, 29 insertions, 9 deletions
diff --git a/docs/lxcsetup.rst b/docs/lxcsetup.rst
index 5d2826f..b111d4f 100644
--- a/docs/lxcsetup.rst
+++ b/docs/lxcsetup.rst
@@ -54,6 +54,13 @@ Setup puppet-agent
.. todo:: describe puppet setup
+.. code-block:: bash
+ sudo apt-get install wget
+ wget -4 -T 2
+ sudo dpkg -i puppetlabs-release-pc1-jessie.deb
+ sudo apt-get install puppet-agent
- Define puppet configuration for the new container in Hiera.
Post-Setup task
@@ -62,3 +69,4 @@ Post-Setup task
- Document the new container in a file of the :file:`docs/systems` directory of
the `Infrastructure documentation
+- Setup machine-admin alias on :doc:`systems/email`.
diff --git a/docs/systems.rst b/docs/systems.rst
index 72a8125..739ab58 100644
--- a/docs/systems.rst
+++ b/docs/systems.rst
@@ -22,6 +22,7 @@ administrator team.
+ systems/proxyout
diff --git a/docs/systems/proxyout.rst b/docs/systems/proxyout.rst
index ec28ef1..8f38b43 100644
--- a/docs/systems/proxyout.rst
+++ b/docs/systems/proxyout.rst
@@ -8,14 +8,15 @@ Proxyout
-This system acts as outgoing HTTP and HTTPS proxy for access to APT
+This system provides an outgoing http/https proxy for controlled access to
+external resources like APT repositories and code repositories. The decision
+to setup this system has been made due to often changing IP addresses of
+external repositories that lead to update problems on several other machines.
Application Links
-This system has no publicly visible URLs.
+This machine has no externaly exposed URLs.
@@ -27,7 +28,6 @@ System Administration
* Secondary: None
.. todo:: find an additional admin
-.. people_<name> are defined in people.rst
Application Administration
@@ -63,6 +63,7 @@ Logical Location
:IP Internet: None
:IP Intranet: None
:IP Internal: :ip:v4:``
+:IPv6: :ip:v6:`2001:7b8:616:162:2::201`
:MAC address: :mac:`00:16:3e:15:b8:8c` (eth0)
.. seealso::
@@ -160,6 +161,7 @@ Outbound network connections
* :doc:`puppet` (tcp/8140) as Puppet master
* Debian mirrors
* as Debian repository for puppet packages
+* HTTP and HTTPS servers specified in the squid configuration
@@ -169,6 +171,13 @@ Security
:ED25519: 43:0d:1e:ec:1b:5f:c3:84:38:c7:75:b7:be:3c:1b:d4
:RSA: 1e:8e:1d:06:a5:fa:d6:08:95:e9:68:fb:ae:16:24:8f
+Non-distribution packages and modifications
+The Puppet agent package and a few dependencies are installed from the official
+Puppet APT repository because the versions in Debian are too old to use modern
+Puppet features.
Risk assessments on critical packages
@@ -178,8 +187,8 @@ with low risk.
Critical Configuration items
-All configuration is managed in Puppet. There are no certificates or private
-keys used on this machine.
+The system configuration is managed via Puppet profiles. There should be no
+configuration items outside of the Puppet repository.
@@ -187,8 +196,10 @@ Tasks
-Change all infrastructure hosts to use this machine as APT proxy to avoid flaky
-firewall configurations on :doc:`infra02`.
+.. todo:: Change all infrastructure hosts to use this machine as APT proxy to
+ avoid flaky firewall configurations on :doc:`infra02`.
+.. todo:: Add more APT repositories and ACLs if needed
Additional documentation