diff options
| author | Jan Dittberner <jan@dittberner.info> | 2016-04-24 16:19:58 +0200 |
|---|---|---|
| committer | Jan Dittberner <jan@dittberner.info> | 2016-04-24 16:19:58 +0200 |
| commit | c9e625f59df5e55b8ae7440c3eda7a016589f5c1 (patch) | |
| tree | a5bdfebb94ae87b35696527e0ca409deae844fe6 /docs/systems | |
| parent | 9fc48cee69e324e253452afe11c7c073fbba9471 (diff) | |
| download | cacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.tar.gz cacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.tar.xz cacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.zip | |
Describe LVM and finish arbitration system
This commit finishes the documentation of the arbitration system. The
general systems section got index terms and a description how to avoid
systemd-sysv in containers. A new section that describes critical
configuration items has been added to the infra02 page.
Diffstat (limited to 'docs/systems')
| -rw-r--r-- | docs/systems/arbitration.rst | 53 | ||||
| -rw-r--r-- | docs/systems/infra02.rst | 28 |
2 files changed, 62 insertions, 19 deletions
diff --git a/docs/systems/arbitration.rst b/docs/systems/arbitration.rst index 36bffc2..7496fcf 100644 --- a/docs/systems/arbitration.rst +++ b/docs/systems/arbitration.rst @@ -128,6 +128,15 @@ Listening services Running services ---------------- +.. index:: + single: openssh + single: nginx + single: cron + single: PostgreSQL + single: MySQL + single: Exim + single: nrpe + +--------------------+--------------------+----------------------------------------+ | Service | Usage | Start mechanism | +====================+====================+========================================+ @@ -167,6 +176,10 @@ Databases .. todo:: setup databases +.. note:: + There is a PostgreSQL server setup in this container but it contains + no database yet. + Connected Systems ----------------- @@ -198,7 +211,7 @@ SSH host keys | ED25519 | - | +-----------+-----------------------------------------------------+ -.. todo:: setup ED255519 host key +.. todo:: setup ED25519 host key .. seealso:: @@ -216,15 +229,17 @@ Dedicated user roles Non-distribution packages and modifications ------------------------------------------- -.. * None +* some experimental nmp/nodejs/etherpad things in :file:`/home/magu` not + running yet + +.. or * List of non-distribution packages and modifications Risk assessments on critical packages ------------------------------------- -Tasks -===== +* No exposed services yet. Critical Configuration items ============================ @@ -232,24 +247,31 @@ Critical Configuration items Keys and X.509 certificates --------------------------- -* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>) -* :file:`/etc/apache2/ssl/<path to server key>` server key +* No keys or certificates setup yet -.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates) - * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate) +.. + * :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>) + * :file:`/etc/apache2/ssl/<path to server key>` server key + * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates) + * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate) .. seealso:: * :doc:`../certlist` * https://wiki.cacert.org/SystemAdministration/CertificateList +Nginx configuration +------------------- + +* :file:`/etc/nginx/sites/available/default` default nginx configuration + Tasks ===== Planned ------- -.. todo:: install application +.. todo:: Evaluate and setup a collaboration system for arbitrators. .. todo:: setup IPv6 Changes @@ -266,19 +288,12 @@ Additional documentation .. add inline documentation -.. remove unneeded links from the list below, add other links that apply - -.. seealso: +.. seealso:: * https://wiki.cacert.org/Exim4Configuration - * https://wiki.cacert.org/PostfixConfiguration - * https://wiki.cacert.org/QmailConfiguration - * https://wiki.cacert.org/SendmailConfiguration - * https://wiki.cacert.org/StunnelConfiguration References ---------- -.. can be used to provide links to reference documentation - * http://product.site.com/docs/ - * [[http://product.site.com/whitepaper/document.pdf|Paper on how to setup...]] +Arbitration nginx welcome page + http://arbitration.cacert.org/ diff --git a/docs/systems/infra02.rst b/docs/systems/infra02.rst index 35b054a..eb521b7 100644 --- a/docs/systems/infra02.rst +++ b/docs/systems/infra02.rst @@ -155,6 +155,14 @@ Listening services Running services ---------------- +.. index:: + single: openssh + single: cron + single: rsyslog + single: ntpd + single: Postfix + single: nrpe + +--------------------+--------------------+----------------------------------------+ | Service | Usage | Start mechanism | +====================+====================+========================================+ @@ -263,6 +271,26 @@ System Future * No plans +Critical Configuration items +============================ + +.. index:: Ferm + +Ferm firewall configuration +--------------------------- + +The `Ferm`_ based firewall setup is located in :file:`/etc/ferm` and its +subdirectories. + +Container configuration +----------------------- + +The container configuration is contained in files named +:file:`/var/lib/lxc/<container>/config`. + +The root filesystems of the containers are stored on :term:`LVM` volumes that +are mounted in :file:`/var/lib/lxc/<container>/rootfs` for each container. + Additional documentation ======================== |