summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2018-04-03 14:01:13 +0200
committerJan Dittberner <jandd@cacert.org>2018-04-03 14:01:13 +0200
commit7e7e3208328fa3054be17c71a90050735ae4ea2f (patch)
treee9ea41b02635dd45c8e0e5e7426b777fe602d5a8
parent2bd48c4ec1d637c2e29f0ffb3e3511aa5eb7b78c (diff)
downloadcacert-infradocs-7e7e3208328fa3054be17c71a90050735ae4ea2f.tar.gz
cacert-infradocs-7e7e3208328fa3054be17c71a90050735ae4ea2f.tar.xz
cacert-infradocs-7e7e3208328fa3054be17c71a90050735ae4ea2f.zip
Replace irc with ircserver
-rw-r--r--docs/systems.rst1
-rw-r--r--docs/systems/irc.rst366
-rw-r--r--docs/systems/ircserver.rst52
-rw-r--r--docs/systems/proxyout.rst1
4 files changed, 29 insertions, 391 deletions
diff --git a/docs/systems.rst b/docs/systems.rst
index ad89d78..ba71bb9 100644
--- a/docs/systems.rst
+++ b/docs/systems.rst
@@ -16,7 +16,6 @@ administrator team.
systems/email
systems/emailout
systems/git
- systems/irc
systems/ircserver
systems/issue
systems/lists
diff --git a/docs/systems/irc.rst b/docs/systems/irc.rst
deleted file mode 100644
index b947bea..0000000
--- a/docs/systems/irc.rst
+++ /dev/null
@@ -1,366 +0,0 @@
-.. index::
- single: Systems; Irc
-
-===
-IRC
-===
-
-Purpose
-=======
-
-This system provides the CAcert IRC service for private communications,
-allowing usage of CAcert-secured SSL-Encrypted IRC traffic for our everyday
-chat, meetings, and general support.
-
-Application Links
------------------
-
-https://irc.cacert.org/
- HTTPS secured Web based IRC access
-
-http://irc.cacert.org/
- HTTP fallback for Web based IRC access
-
-Administration
-==============
-
-System Administration
----------------------
-
-* Primary: None
-* Secondary: :ref:`people_mario`, :ref:`people_jandd`
-
-Application Administration
---------------------------
-
-+--------------+------------------+
-| Application | Administrator(s) |
-+==============+==================+
-| IRC server | None |
-+--------------+------------------+
-| IRC services | None |
-+--------------+------------------+
-| IRC webchat | None |
-+--------------+------------------+
-
-.. todo::
- find an administrator willing to properly setup/maintain IRC applications
- and push the migration to :doc:`ircserver`.
-
-Contact
--------
-
-* irc-admin@cacert.org
-
-Basics
-======
-
-Physical Location
------------------
-
-This system is located in an :term:`LXC` container on physical machine
-:doc:`infra02`.
-
-Logical Location
-----------------
-
-:IP Internet: :ip:v4:`213.154.225.233`
-:IP Intranet: :ip:v4:`172.16.2.14`
-:IP Internal: :ip:v4:`10.0.0.14`
-:MAC address: :mac:`00:ff:8d:45:01:a4` (eth0)
-
-.. seealso::
-
- See :doc:`../network`
-
-DNS
----
-
-.. index::
- single: DNS records; Irc
-
-======================= ======== ==========================================
-Name Type Content
-======================= ======== ==========================================
-irc.cacert.org. IN A 213.154.225.233
-irc.cacert.org. IN SSHFP 1 1 C123F73001682277DE5346923518D17CC94E298E
-irc.cacert.org. IN SSHFP 2 1 B85941C077732F78BE290B8F0B44B0A5E8A0E51D
-irc.intra.cacert.org. IN A 172.16.2.14
-======================= ======== ==========================================
-
-.. seealso::
-
- See :wiki:`SystemAdministration/Procedures/DNSChanges`
-
-Operating System
-----------------
-
-.. index::
- single: Debian GNU/Linux; Wheezy
- single: Debian GNU/Linux; 7.11
-
-* Debian GNU/Linux 7.11
-
-Applicable Documentation
-------------------------
-
-:wiki:`Technology/TechnicalSupport/EndUserSupport/IRC`
-
-Services
-========
-
-Listening services
-------------------
-
-+----------+---------+---------+--------------------------------------+
-| Port | Service | Origin | Purpose |
-+==========+=========+=========+======================================+
-| 22/tcp | ssh | ANY | admin console access |
-+----------+---------+---------+--------------------------------------+
-| 25/tcp | smtp | local | mail delivery to local MTA |
-+----------+---------+---------+--------------------------------------+
-| 80/tcp | http | ANY | IRC webchat |
-+----------+---------+---------+--------------------------------------+
-| 443/tcp | https | ANY | IRC webchat |
-+----------+---------+---------+--------------------------------------+
-| 5666/tcp | nrpe | monitor | remote monitoring service |
-+----------+---------+---------+--------------------------------------+
-| 6667/tcp | ircd | ANY | IRC |
-+----------+---------+---------+--------------------------------------+
-| 6668/tcp | ircd | ANY | IRC [#f1]_ |
-+----------+---------+---------+--------------------------------------+
-| 7000/tcp | ircd | ANY | IRC |
-+----------+---------+---------+--------------------------------------+
-
-ircd opens a random UDP port for some reason.
-
-.. [#f1] Not forwarded from :doc:`infra02` to container
-
-.. todo:: find out what the UDP port is used for
-
-Running services
-----------------
-
-.. index::
- single: Postfix
- single: cron
- single: lighttpd
- single: nrpe
- single: openssh
- single: oftc-hybrid-ircd
-
-+--------------------+--------------------+----------------------------------------+
-| Service | Usage | Start mechanism |
-+====================+====================+========================================+
-| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
-| | remote | |
-| | administration | |
-+--------------------+--------------------+----------------------------------------+
-| lighttpd | Webserver for | init script |
-| | IRC webchat | :file:`/etc/init.d/lighttpd` |
-+--------------------+--------------------+----------------------------------------+
-| cron | job scheduler | init script :file:`/etc/init.d/cron` |
-+--------------------+--------------------+----------------------------------------+
-| Postfix | SMTP server for | init script |
-| | local mail | :file:`/etc/init.d/postfix` |
-| | submission | |
-+--------------------+--------------------+----------------------------------------+
-| OFTC Hybrid IRCD | IRC server | start script |
-| | | :file:`/home/ircserver/ircd/bin/ircd` |
-| | | started manually |
-+--------------------+--------------------+----------------------------------------+
-| Nagios NRPE server | remote monitoring | init script |
-| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
-| | :doc:`monitor` | |
-+--------------------+--------------------+----------------------------------------+
-
-Connected Systems
------------------
-
-* :doc:`monitor`
-
-Outbound network connections
-----------------------------
-
-* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
-* :doc:`emailout` as SMTP relay
-* :doc:`proxyout` as HTTP proxy for APT
-
-Security
-========
-
-.. sshkeys::
- :RSA: 6e:7c:14:4b:a3:fe:8c:88:1b:d0:e8:3c:93:9c:33:2f
- :DSA: e7:92:a5:80:49:a9:fe:d3:57:11:1d:ca:b8:0f:c0:44
- :ECDSA: c5:6a:f5:cc:be:a5:94:03:b8:32:d0:97:ef:26:ac:35
-
-Dedicated user roles
---------------------
-
-+-----------+--------------+
-| Group | Purpose |
-+===========+==============+
-| ircserver | IRC daemon |
-+-----------+--------------+
-| services | IRC services |
-+-----------+--------------+
-
-Non-distribution packages and modifications
--------------------------------------------
-
-.. index::
- pair: non-distribution; oftc-ircd
-
-OFTC Hybrid IRC daemon
-......................
-
-* The IRC server runs as a self compiled `OFTC Hybrid
- <http://www.oftc.net/CodingProjects/#ircd>`_ from upstream's `GitHub
- repository <https://github.com/oftc/oftc-hybrid>`_ at revision
- 1435aa49a8b20d6ed816f53518ae5f22d0579cc4 (tag: oftc-hybrid-1.6.15).
-* The configured source code is available in
- :file:`/home/ircserver/oftc-hybrid/`
-* The installed ircd is in :file:`/home/ircserver/ircd/`
-* The used configure options are contained in
- :file:`/home/ircserver/configline`
-
-The IRC server is linked against system shared libraries and may not work
-anymore if these are updated to ABI incompatible versions.
-
-This is the listed of linked libraries as of 2014-10-24::
-
- $ ldd ircd/bin/ircd
- linux-gate.so.1 => (0xf7714000)
- libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xf7709000)
- libcrypt.so.1 => /lib/i386-linux-gnu/i686/cmov/libcrypt.so.1 (0xf76d7000)
- libssl.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 (0xf767d000)
- libcrypto.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xf74bf000)
- libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xf735a000)
- /lib/ld-linux.so.2 (0xf7715000)
- libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xf7341000)
-
-OFTC IRC services
-.................
-
-* The IRC services where self compiled `OFTC Services
- <http://www.oftc.net/CodingProjects/#services>`_ from upstreams `release
- tarballs <http://www.oftc.net/releases/oftc-ircservices/>`_ unfortunatelly
- recompilation on the current Debian system does not produce a working binary.
-* The configured source code is available at
- :file:`/home/services/oftc-services-1.5.8/`
-* The installed disfunctional IRC services are installed in
- :file:`/home/services/services`
-* The used configure options are contained in :file:`/home/services/configline`
-
-.. warning::
- There are no services running currently because loading the PostgreSQL
- driver leads to a segmentation fault in the compiled binaries. PostgreSQL
- has been uninstalled and the ircservices database has been backed up to
- :file:`/home/ircserver/archive/pg_ircservices_dump-20180216-143937.sql.gz`.
-
-IRC Webchat
-...........
-
-* The used Web based IRC software is a self compiled `CGI:IRC
- <http://cgiirc.sourceforge.net/>`_ version 0.5.9
-* The Web based IRC software is contained in :file:`/var/cgi/`
-
-Risk assessments on critical packages
--------------------------------------
-
-The self compiled binaries of OFTC Hybrid ircd, OFTC Services and IRC webchat
-are not updated regularly. There is no administrator with good enough knowledge
-for these applications to properly maintain these.
-
-Critical Configuration items
-============================
-
-Keys and X.509 certificates
----------------------------
-
-.. sslcert:: irc.cacert.org
- :altnames: DNS:cert.irc.cacert.org, DNS:irc.cacert.org, DNS:nocert.irc.cacert.org
- :certfile: /home/ircserver/ssl/cert2048.pem
- :keyfile: /home/ircserver/ssl/rsa2048.key
- :serial: 1375A2
- :expiration: Feb 19 12:06:05 2020 GMT
- :sha1fp: 92:CA:56:74:C5:3B:C9:1E:A9:61:08:59:BE:B4:04:3D:AC:A0:F1:6A
- :issuer: CA Cert Signing Authority
-
-.. sslcert:: irc.cacert.org
- :certfile: /etc/lighttpd/ssl/server.pem
- :keyfile: /etc/lighttpd/ssl/server.pem
- :serial: 1375A2
- :secondary:
-
-The :file:`/etc/lighttpd/ssl/server.pem` is a combined key and certificate file
-for lighttpd.
-
-.. index::
- pair: lighttpd; configuration
-
-lighttpd configuration
-----------------------
-
-* :file:`/etc/lighttpd/lighttpd.conf` main configuration file
-* :file:`/etc/lighttpd/conf-enabled/10-cgi.conf` CGI path configuration
-* :file:`/etc/lighttpd/conf-enabled/10-ssl.conf` TLS configuration
-* :file:`/etc/lighttpd/conf-enabled/10-redirect-http.conf` redirect from http to
- https
-
-Configure CGI and TLS support for lighttpd. CGI requests go to /var/cgi
-containing the CGI IRC client. Request to configuration and source code is
-restricted.
-
-.. index::
- pair: oftc-hybrid-ircd; configuration
- pair: ircd; configuration
-
-oftc-hybrid-ircd configuration
-------------------------------
-
-* :file:`/home/ircserver/ircd/etc/ircd.conf` main IRC server configuration,
- defining settings, ports and TLS settings
-
-.. todo:: add more details
-
-.. todo::
- there are a lot of ops users defined in :file:`ircd.conf` check whether
- these are still valid
-
-.. index::
- pair: IRC webchat; configuration
-
-IRC webchat configuration
--------------------------
-
-* :file:`/var/cgi/cgiirc.config`
-
-The configuration defines the connection to the ircd and some defaults for the
-client like default user names and channel.
-
-Changes
-=======
-
-System Future
--------------
-
-This system should be retired and replaced with the new :doc:`ircserver` that
-should be running packaged and properly supported software.
-
-.. note::
-
- Current Debian releases contain packaged versions of some ircd/irc services
- combinations:
-
- * `ircd-hybrid <https://packages.debian.org/jessie/ircd-hybrid>`_ similar
- to the current software
- * `charybdis <https://packages.debian.org/jessie/charybdis>`_ with
- `atheme-services <https://packages.debian.org/jessie/atheme-services>`_
- (compatible with ircd-hybrid too)
- * `ircd-ratbox <https://packages.debian.org/jessie/ircd-ratbox>`_ with
- `ratbox-services
- <https://packages.debian.org/jessie/ratbox-services-pgsql>`_ used by
- EFNet
-
- CGI:IRC has been removed from Debian because it had no active maintainer.
diff --git a/docs/systems/ircserver.rst b/docs/systems/ircserver.rst
index 7f33763..73bc66d 100644
--- a/docs/systems/ircserver.rst
+++ b/docs/systems/ircserver.rst
@@ -8,7 +8,15 @@ Ircserver
Purpose
=======
-This system is the planned replacement for :doc:`irc`.
+This system provides the CAcert IRC service for private communications,
+allowing usage of CAcert-secured SSL-Encrypted IRC traffic for our everyday
+chat, meetings, and general support.
+
+Application Links
+-----------------
+
+https://irc.cacert.org/
+ HTTPS secured Web based IRC access
Administration
==============
@@ -52,13 +60,11 @@ Logical Location
----------------
:IP Internet: :ip:v4:`213.154.225.233`
-:IP Intranet: :ip:v4:`172.16.2.24`
+:IP Intranet: :ip:v4:`172.16.2.14`
:IP Internal: :ip:v4:`10.0.0.130`
:IPv6: :ip:v6:`2001:7b8:616:162:2::14`
:MAC address: :mac:`00:ff:9a:79:ca:b1` (eth0)
-.. todo:: setup IPv6
-
.. seealso::
See :doc:`../network`
@@ -70,17 +76,21 @@ DNS
single: DNS records; Ircserver
single: DNS records; Irc
-======================= ======== ==========================================
-Name Type Content
-======================= ======== ==========================================
-irc.cacert.org. IN A 213.154.225.233
-irc.cacert.org. IN SSHFP 1 1 C123F73001682277DE5346923518D17CC94E298E
-irc.cacert.org. IN SSHFP 2 1 B85941C077732F78BE290B8F0B44B0A5E8A0E51D
-irc.intra.cacert.org. IN A 172.16.2.14
-======================= ======== ==========================================
-
-.. todo:: setup new SSHFP records
-.. todo:: setup IPv6 AAAA records
+=========================== ======== ====================================================================
+Name Type Content
+=========================== ======== ====================================================================
+irc.cacert.org. IN A 213.154.225.233
+irc.cacert.org. IN AAAA 2001:7b8:616:162:2::14
+irc.cacert.org. IN SSHFP 1 1 39b6c81b9fe76bd3c112f891ad3198f7a6102f4c
+irc.cacert.org. IN SSHFP 1 2 30c1fce412955bb4947bbcb25a395d8e5820403eddb5746ecced578d97f46567
+irc.cacert.org. IN SSHFP 2 1 90fcff63476f93d5e4f5d634ba1407445323d3fe
+irc.cacert.org. IN SSHFP 2 2 734a6729a077d77c79af0e8f45187f88c25d7cd102c34aee1e753d9644c965bc
+irc.cacert.org. IN SSHFP 3 1 5b9191613e743082fd4aa64e1f3a4601ed77f366
+irc.cacert.org. IN SSHFP 3 2 b88f898cd5251b2b6e315a2e266873747b7cd237c0f92458916af938e4694f96
+irc.cacert.org. IN SSHFP 4 1 866a42ee920b7f38a86ca9f3b07af808aae9768c
+irc.cacert.org. IN SSHFP 4 2 68d44bc21d05550c8aab62163b9257c85b9bcf0a4cab1c96ad2ca674b803601c
+ircserver.intra.cacert.org. IN A 172.16.2.14
+=========================== ======== ====================================================================
.. seealso::
@@ -148,9 +158,6 @@ The following port forwarding is setup on :doc:`infra02`
| 172.16.2.14 | 13700 | 10.0.0.130:7000 |
+-------------+-------+-----------------+
-.. todo:: implement final forwarding to required ports from :doc:`infra02`
-.. todo:: allow forwarding of IPv6 ports
-
Running services
----------------
@@ -274,6 +281,8 @@ local loopback interface and Internet access is provided by an nginx reverse
proxy that also provides https connectivity. NodeJS and npm have been installed
from Debian packages.
+.. todo:: setup init script for kiwiirc
+
Risk assessments on critical packages
-------------------------------------
@@ -369,15 +378,12 @@ Tasks
Planned
-------
-- setup DNS records
+- None
Changes
=======
-System Future
--------------
-
-- replace :doc:`irc` by this system
+- Nothing planned
Additional documentation
========================
diff --git a/docs/systems/proxyout.rst b/docs/systems/proxyout.rst
index a72ced5..a0ed984 100644
--- a/docs/systems/proxyout.rst
+++ b/docs/systems/proxyout.rst
@@ -159,7 +159,6 @@ Connected Systems
* :doc:`email`
* :doc:`emailout`
* :doc:`git`
-* :doc:`irc`
* :doc:`ircserver`
* :doc:`jenkins`
* :doc:`lists`