summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2016-04-17 23:17:35 +0200
committerJan Dittberner <jan@dittberner.info>2016-04-17 23:17:35 +0200
commite98a2197499b16db47aa7c897b65c03a3a3f2448 (patch)
treeb24b7a64f8dc9dff7f24e172f629caa7499bbe89
parentf8566158d6f1d2b7ab0927519d09dd1946334368 (diff)
downloadcacert-infradocs-e98a2197499b16db47aa7c897b65c03a3a3f2448.tar.gz
cacert-infradocs-e98a2197499b16db47aa7c897b65c03a3a3f2448.tar.xz
cacert-infradocs-e98a2197499b16db47aa7c897b65c03a3a3f2448.zip
Add more structure and todos
-rw-r--r--docs/certlist.rst3
-rw-r--r--docs/index.rst2
-rw-r--r--docs/network.rst9
-rw-r--r--docs/sshkeys.rst3
-rw-r--r--docs/systems.rst32
5 files changed, 45 insertions, 4 deletions
diff --git a/docs/certlist.rst b/docs/certlist.rst
new file mode 100644
index 0000000..6bd6c37
--- /dev/null
+++ b/docs/certlist.rst
@@ -0,0 +1,3 @@
+==================
+X.509 Certificates
+==================
diff --git a/docs/index.rst b/docs/index.rst
index ad3c562..a7c191b 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -18,6 +18,8 @@ Contents:
systems
network
iplist
+ sshkeys
+ certlist
Indices and tables
diff --git a/docs/network.rst b/docs/network.rst
index 834e219..33e79f2 100644
--- a/docs/network.rst
+++ b/docs/network.rst
@@ -34,10 +34,11 @@ accessible from other CAcert systems. The Intranet IPv4 addresses are in the
Internal
--------
-The infrastructure host :doc:`infra02` has a local bridge interface *br0* that
-is used to connect the containers on that machine and allows explicit routing
-as well as services that are purely internal and are not reachable from the
-Internet or Intranet machines in the IP range mentioned above.
+The infrastructure host :doc:`systems/infra02` has a local bridge interface
+*br0* that is used to connect the containers on that machine and allows
+explicit routing as well as services that are purely internal and are not
+reachable from the Internet or Intranet machines in the IP range mentioned
+above.
The local bridge uses IPv4 addresses from the :ip:v4range:`10.0.0.0/24` range.
IPv6 addresses are directly assigned to containers from the
diff --git a/docs/sshkeys.rst b/docs/sshkeys.rst
new file mode 100644
index 0000000..b9d8ec0
--- /dev/null
+++ b/docs/sshkeys.rst
@@ -0,0 +1,3 @@
+=============
+SSH Host Keys
+=============
diff --git a/docs/systems.rst b/docs/systems.rst
index 0444850..8a28601 100644
--- a/docs/systems.rst
+++ b/docs/systems.rst
@@ -5,3 +5,35 @@ Systems
:maxdepth: 2
systems/infra02
+ systems/arbitration
+ systems/emailout
+ systems/monitor
+
+General
+-------
+
+.. todo:: consider whether a central MySQL service should be setup
+
+ Many containers contain their own instance of MySQL. It might be a better
+ idea to centralize the MySQL setups in a single container.
+
+.. todo:: consider whether a central PostgreSQL service should be setup
+
+.. todo::
+
+ setup a central syslog service and install syslog clients in each container
+
+Checklist
+---------
+
+* All containers should be monitored by :doc:`systems/monitor` and should
+ therefore have :program:`nagios-nrpe-server` installed
+* All containers should use :program:`etckeeper` to put their local setup into
+ version control. All local setup should use :file:`/etc` to make sure it is
+ handled by :program:`etckeeper`
+* All infrastructure systems must send their mail via :doc:`systems/emailout`
+* All infrastructure systems should have an system-admin@cacert.org alias to
+ reach their admins
+
+.. todo:: think about replacing nrpe with Icinga2 satellites
+.. todo:: document how to setup the system-admin alias on the email system