summaryrefslogtreecommitdiff
path: root/docs/systems
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2016-04-24 16:19:58 +0200
committerJan Dittberner <jan@dittberner.info>2016-04-24 16:19:58 +0200
commitc9e625f59df5e55b8ae7440c3eda7a016589f5c1 (patch)
treea5bdfebb94ae87b35696527e0ca409deae844fe6 /docs/systems
parent9fc48cee69e324e253452afe11c7c073fbba9471 (diff)
downloadcacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.tar.gz
cacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.tar.xz
cacert-infradocs-c9e625f59df5e55b8ae7440c3eda7a016589f5c1.zip
Describe LVM and finish arbitration system
This commit finishes the documentation of the arbitration system. The general systems section got index terms and a description how to avoid systemd-sysv in containers. A new section that describes critical configuration items has been added to the infra02 page.
Diffstat (limited to 'docs/systems')
-rw-r--r--docs/systems/arbitration.rst53
-rw-r--r--docs/systems/infra02.rst28
2 files changed, 62 insertions, 19 deletions
diff --git a/docs/systems/arbitration.rst b/docs/systems/arbitration.rst
index 36bffc2..7496fcf 100644
--- a/docs/systems/arbitration.rst
+++ b/docs/systems/arbitration.rst
@@ -128,6 +128,15 @@ Listening services
Running services
----------------
+.. index::
+ single: openssh
+ single: nginx
+ single: cron
+ single: PostgreSQL
+ single: MySQL
+ single: Exim
+ single: nrpe
+
+--------------------+--------------------+----------------------------------------+
| Service | Usage | Start mechanism |
+====================+====================+========================================+
@@ -167,6 +176,10 @@ Databases
.. todo:: setup databases
+.. note::
+ There is a PostgreSQL server setup in this container but it contains
+ no database yet.
+
Connected Systems
-----------------
@@ -198,7 +211,7 @@ SSH host keys
| ED25519 | - |
+-----------+-----------------------------------------------------+
-.. todo:: setup ED255519 host key
+.. todo:: setup ED25519 host key
.. seealso::
@@ -216,15 +229,17 @@ Dedicated user roles
Non-distribution packages and modifications
-------------------------------------------
-.. * None
+* some experimental nmp/nodejs/etherpad things in :file:`/home/magu` not
+ running yet
+
+..
or
* List of non-distribution packages and modifications
Risk assessments on critical packages
-------------------------------------
-Tasks
-=====
+* No exposed services yet.
Critical Configuration items
============================
@@ -232,24 +247,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+* No keys or certificates setup yet
-.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
- * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
+..
+ * :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
+ * :file:`/etc/apache2/ssl/<path to server key>` server key
+ * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
+ * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
* :doc:`../certlist`
* https://wiki.cacert.org/SystemAdministration/CertificateList
+Nginx configuration
+-------------------
+
+* :file:`/etc/nginx/sites/available/default` default nginx configuration
+
Tasks
=====
Planned
-------
-.. todo:: install application
+.. todo:: Evaluate and setup a collaboration system for arbitrators.
.. todo:: setup IPv6
Changes
@@ -266,19 +288,12 @@ Additional documentation
.. add inline documentation
-.. remove unneeded links from the list below, add other links that apply
-
-.. seealso:
+.. seealso::
* https://wiki.cacert.org/Exim4Configuration
- * https://wiki.cacert.org/PostfixConfiguration
- * https://wiki.cacert.org/QmailConfiguration
- * https://wiki.cacert.org/SendmailConfiguration
- * https://wiki.cacert.org/StunnelConfiguration
References
----------
-.. can be used to provide links to reference documentation
- * http://product.site.com/docs/
- * [[http://product.site.com/whitepaper/document.pdf|Paper on how to setup...]]
+Arbitration nginx welcome page
+ http://arbitration.cacert.org/
diff --git a/docs/systems/infra02.rst b/docs/systems/infra02.rst
index 35b054a..eb521b7 100644
--- a/docs/systems/infra02.rst
+++ b/docs/systems/infra02.rst
@@ -155,6 +155,14 @@ Listening services
Running services
----------------
+.. index::
+ single: openssh
+ single: cron
+ single: rsyslog
+ single: ntpd
+ single: Postfix
+ single: nrpe
+
+--------------------+--------------------+----------------------------------------+
| Service | Usage | Start mechanism |
+====================+====================+========================================+
@@ -263,6 +271,26 @@ System Future
* No plans
+Critical Configuration items
+============================
+
+.. index:: Ferm
+
+Ferm firewall configuration
+---------------------------
+
+The `Ferm`_ based firewall setup is located in :file:`/etc/ferm` and its
+subdirectories.
+
+Container configuration
+-----------------------
+
+The container configuration is contained in files named
+:file:`/var/lib/lxc/<container>/config`.
+
+The root filesystems of the containers are stored on :term:`LVM` volumes that
+are mounted in :file:`/var/lib/lxc/<container>/rootfs` for each container.
+
Additional documentation
========================