summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-13 13:18:04 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-13 13:18:04 +0200
commit8ddcbf41ca7e7d1c3cf28f5dc59b829e5153daea (patch)
tree985c37388f9a67201214d7b40815fa004d7f07c7
parentaa3a3587dbf86c312d26ae557eb0da74a25fff35 (diff)
downloadcacert-infradocs-8ddcbf41ca7e7d1c3cf28f5dc59b829e5153daea.tar.gz
cacert-infradocs-8ddcbf41ca7e7d1c3cf28f5dc59b829e5153daea.tar.xz
cacert-infradocs-8ddcbf41ca7e7d1c3cf28f5dc59b829e5153daea.zip
Upgrade proxyout to Debian 10.0 Buster
-rw-r--r--docs/systems/proxyout.rst87
1 files changed, 47 insertions, 40 deletions
diff --git a/docs/systems/proxyout.rst b/docs/systems/proxyout.rst
index e2ca456..f48d76e 100644
--- a/docs/systems/proxyout.rst
+++ b/docs/systems/proxyout.rst
@@ -94,10 +94,10 @@ Operating System
----------------
.. index::
- single: Debian GNU/Linux; Stretch
- single: Debian GNU/Linux; 9.4
+ single: Debian GNU/Linux; Buster
+ single: Debian GNU/Linux; 10.0
-* Debian GNU/Linux 9.4
+* Debian GNU/Linux 10.0
Applicable Documentation
------------------------
@@ -111,51 +111,56 @@ Services
Listening services
------------------
-+----------+-----------+-----------+-----------------------------------------+
-| Port | Service | Origin | Purpose |
-+==========+===========+===========+=========================================+
-| 22/tcp | ssh | ANY | admin console access |
-+----------+-----------+-----------+-----------------------------------------+
-| 25/tcp | smtp | local | mail delivery to local MTA |
-+----------+-----------+-----------+-----------------------------------------+
-| 3128/tcp | http | internal | squid http/https proxy |
-+----------+-----------+-----------+-----------------------------------------+
++----------+---------+----------+----------------------------+
+| Port | Service | Origin | Purpose |
++==========+=========+==========+============================+
+| 22/tcp | ssh | ANY | admin console access |
++----------+---------+----------+----------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++----------+---------+----------+----------------------------+
+| 3128/tcp | http | internal | squid http/https proxy |
++----------+---------+----------+----------------------------+
+| 5665/tcp | icinga2 | monitor | remote monitoring service |
++----------+---------+----------+----------------------------+
Running services
----------------
.. index::
single: cron
+ single: dbus
single: exim
+ single: icinga2
single: openssh
- single: puppet agent
+ single: puppet
single: rsyslog
single: squid
-+----------------+--------------------+--------------------------------------+
-| Service | Usage | Start mechanism |
-+================+====================+======================================+
-| cron | job scheduler | init script :file:`/etc/init.d/cron` |
-+----------------+--------------------+--------------------------------------+
-| Exim | SMTP server for | init script |
-| | local mail | :file:`/etc/init.d/exim4` |
-| | submission | |
-+----------------+--------------------+--------------------------------------+
-| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
-| | remote | |
-| | administration | |
-+----------------+--------------------+--------------------------------------+
-| Puppet agent | local Puppet agent | init script |
-| | | :file:`/etc/init.d/puppet` |
-+----------------+--------------------+--------------------------------------+
-| rsyslog | syslog daemon | init script |
-| | | :file:`/etc/init.d/syslog` |
-+----------------+--------------------+--------------------------------------+
-| Squid | Caching and | init script |
-| | filtering http/ | :file:`/etc/init.d/squid` |
-| | https proxy for | |
-| | internal machines | |
-+----------------+--------------------+--------------------------------------+
++----------------+--------------------------+----------------------------------+
+| Service | Usage | Start mechanism |
++================+==========================+==================================+
+| cron | job scheduler | systemd unit ``cron.service`` |
++----------------+--------------------------+----------------------------------+
+| dbus-daemon | System message bus | systemd unit ``dbus.service`` |
+| | daemon | |
++----------------+--------------------------+----------------------------------+
+| Exim | SMTP server for | systemd unit ``exim4.service`` |
+| | local mail submission | |
++----------------+--------------------------+----------------------------------+
+| icinga2 | Icinga2 monitoring agent | systemd unit ``icinga2.service`` |
++----------------+--------------------------+----------------------------------+
+| openssh server | ssh daemon for | systemd unit ``ssh.service`` |
+| | remote administration | |
++----------------+--------------------------+----------------------------------+
+| Puppet agent | configuration management | systemd unit ``puppet.service`` |
+| | agent | |
++----------------+--------------------------+----------------------------------+
+| rsyslog | syslog daemon | systemd unit ``rsyslog.service`` |
++----------------+--------------------------+----------------------------------+
+| Squid | Caching and filtering | systemd unit ``squid.service`` |
+| | http/https proxy for | |
+| | internal machines | |
++----------------+--------------------------+----------------------------------+
Connected Systems
-----------------
@@ -225,7 +230,11 @@ configuration items outside of the Puppet repository.
Tasks
=====
-.. todo:: add a section describing how to add ACLs to Squid
+Adding ACLs to Squid
+--------------------
+
+Add required lines to the ``profiles::squid::acls`` item in Hiera data for node
+proxyout.
Changes
=======
@@ -236,8 +245,6 @@ Planned
.. todo:: Change all infrastructure hosts to use this machine as APT proxy to
avoid flaky firewall configurations on :doc:`infra02`.
-.. todo:: Add more APT repositories and ACLs if needed
-
System Future
-------------