diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/certlist.rst | 3 | ||||
| -rw-r--r-- | docs/index.rst | 2 | ||||
| -rw-r--r-- | docs/network.rst | 9 | ||||
| -rw-r--r-- | docs/sshkeys.rst | 3 | ||||
| -rw-r--r-- | docs/systems.rst | 32 |
5 files changed, 45 insertions, 4 deletions
diff --git a/docs/certlist.rst b/docs/certlist.rst new file mode 100644 index 0000000..6bd6c37 --- /dev/null +++ b/docs/certlist.rst @@ -0,0 +1,3 @@ +================== +X.509 Certificates +================== diff --git a/docs/index.rst b/docs/index.rst index ad3c562..a7c191b 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -18,6 +18,8 @@ Contents: systems network iplist + sshkeys + certlist Indices and tables diff --git a/docs/network.rst b/docs/network.rst index 834e219..33e79f2 100644 --- a/docs/network.rst +++ b/docs/network.rst @@ -34,10 +34,11 @@ accessible from other CAcert systems. The Intranet IPv4 addresses are in the Internal -------- -The infrastructure host :doc:`infra02` has a local bridge interface *br0* that -is used to connect the containers on that machine and allows explicit routing -as well as services that are purely internal and are not reachable from the -Internet or Intranet machines in the IP range mentioned above. +The infrastructure host :doc:`systems/infra02` has a local bridge interface +*br0* that is used to connect the containers on that machine and allows +explicit routing as well as services that are purely internal and are not +reachable from the Internet or Intranet machines in the IP range mentioned +above. The local bridge uses IPv4 addresses from the :ip:v4range:`10.0.0.0/24` range. IPv6 addresses are directly assigned to containers from the diff --git a/docs/sshkeys.rst b/docs/sshkeys.rst new file mode 100644 index 0000000..b9d8ec0 --- /dev/null +++ b/docs/sshkeys.rst @@ -0,0 +1,3 @@ +============= +SSH Host Keys +============= diff --git a/docs/systems.rst b/docs/systems.rst index 0444850..8a28601 100644 --- a/docs/systems.rst +++ b/docs/systems.rst @@ -5,3 +5,35 @@ Systems :maxdepth: 2 systems/infra02 + systems/arbitration + systems/emailout + systems/monitor + +General +------- + +.. todo:: consider whether a central MySQL service should be setup + + Many containers contain their own instance of MySQL. It might be a better + idea to centralize the MySQL setups in a single container. + +.. todo:: consider whether a central PostgreSQL service should be setup + +.. todo:: + + setup a central syslog service and install syslog clients in each container + +Checklist +--------- + +* All containers should be monitored by :doc:`systems/monitor` and should + therefore have :program:`nagios-nrpe-server` installed +* All containers should use :program:`etckeeper` to put their local setup into + version control. All local setup should use :file:`/etc` to make sure it is + handled by :program:`etckeeper` +* All infrastructure systems must send their mail via :doc:`systems/emailout` +* All infrastructure systems should have an system-admin@cacert.org alias to + reach their admins + +.. todo:: think about replacing nrpe with Icinga2 satellites +.. todo:: document how to setup the system-admin alias on the email system |