Add dirk to community sudo group
[cacert-infradocs.git] / docs / systems.rst
1 ====================
2 Non-Critical Systems
3 ====================
4
5 Non-critical systems are those that are managed by the infrastructure
6 administrator team.
7
8 .. toctree::
9 :maxdepth: 1
10
11 systems/infra02
12 systems/blog
13 systems/board
14 systems/bugs
15 systems/cats
16 systems/community
17 systems/email
18 systems/emailout
19 systems/git
20 systems/ircserver
21 systems/issue
22 systems/jenkins
23 systems/lists
24 systems/monitor
25 systems/motion
26 systems/pgpkeys
27 systems/proxyin
28 systems/proxyout
29 systems/puppet
30 systems/svn
31 systems/test
32 systems/test2
33 systems/test3
34 systems/testmgr
35 systems/translations
36 systems/web
37 systems/webmail
38 systems/webstatic
39 systems/wiki
40
41
42 General
43 =======
44
45 .. todo:: consider whether a central MySQL service should be setup
46
47 Many containers contain their own instance of MySQL. It might be a better
48 idea to centralize the MySQL setups in a single container.
49
50 .. todo:: consider whether a central PostgreSQL service should be setup
51
52 .. todo::
53
54 setup a central syslog service and install syslog clients in each container
55
56 .. _setup_apt_checking:
57
58 .. topic:: Setup package update monitoring for a new container
59
60 For Icinga to be able to check the update status of packages on you server
61 you need to install NRPE, a helper service. Install the necessary packages::
62
63 sudo aptitude install nagios-plugins-basic nagios-nrpe-server
64
65 Put :doc:`systems/monitor` on the list of allowed hosts to access the NRPE
66 service by adding the following line to :file:`/etc/nagios/nrpe_local.cfg`::
67
68 allowed_hosts=172.16.2.18
69
70 Tell the NRPE service that there is such a thing as the check_apt command by
71 creating the file :file:`/etc/nagios/nrpe.d/apt.cfg` with the following
72 contents::
73
74 # 'check_apt' command definition
75 command[check_apt]=/usr/lib/nagios/plugins/check_apt
76
77 # 'check_apt_distupgrade' command definition
78 command[check_apt_distupgrade]=/usr/lib/nagios/plugins/check_apt -d
79
80 Restart the NRPE service::
81
82 sudo service nagios-nrpe-server restart
83
84 Check that everything went well by going to https://monitor.cacert.org/,
85 going to the APT service on the host and clicking :guilabel:`"Re-schedule
86 the next check of this service"`. Make sure that :guilabel:`"Force Check"`
87 is checked and click :guilabel:`"Commit"`. Now you should see a page with a
88 green background. If not something went wrong, please contact the
89 :doc:`systems/monitor` administrators with the details.
90
91 That's it, now the package update status should be properly displayed in
92 Icinga.
93
94 Checklist
95 =========
96
97 .. index::
98 single: etckeeper
99 single: icinga2
100 single: nrpe
101 single: puppet
102
103 * All containers should be monitored by :doc:`systems/monitor` and should
104 therefore have :program:`icinga2` installed and managed via Puppet (older
105 systems without Puppet have :program:`nagios-nrpe-server` installed)
106 * All containers should use :program:`etckeeper` to put their local setup into
107 version control. All local setup should use :file:`/etc` to make sure it is
108 handled by :program:`etckeeper`
109 * All infrastructure systems must send their mail via :doc:`systems/emailout`
110 * All infrastructure systems should have an system-admin@cacert.org alias to
111 reach their admins
112
113 .. todo:: document how to setup the system-admin alias on the email system