Add blog system description
[cacert-infradocs.git] / docs / systems.rst
1 Systems
2 =======
3
4 .. toctree::
5 :maxdepth: 2
6
7 systems/infra02
8 systems/arbitration
9 systems/blog
10 systems/emailout
11 systems/monitor
12
13 General
14 -------
15
16 .. todo:: consider whether a central MySQL service should be setup
17
18 Many containers contain their own instance of MySQL. It might be a better
19 idea to centralize the MySQL setups in a single container.
20
21 .. todo:: consider whether a central PostgreSQL service should be setup
22
23 .. todo::
24
25 setup a central syslog service and install syslog clients in each container
26
27 Checklist
28 ---------
29
30 .. index::
31 single: etckeeper
32 single: nrpe
33
34 * All containers should be monitored by :doc:`systems/monitor` and should
35 therefore have :program:`nagios-nrpe-server` installed
36 * All containers should use :program:`etckeeper` to put their local setup into
37 version control. All local setup should use :file:`/etc` to make sure it is
38 handled by :program:`etckeeper`
39 * All infrastructure systems must send their mail via :doc:`systems/emailout`
40 * All infrastructure systems should have an system-admin@cacert.org alias to
41 reach their admins
42 * The installation of :index:`systemd-sysv` in containers can be blocked by
43 putting the following lines in :file:`/etc/apt/preferences.d/systemd-sysv`::
44
45 Package: systemd-sysv
46 Pin: release a=stable
47 Pin-Priority: -1
48
49 .. todo:: think about replacing nrpe with Icinga2 satellites
50 .. todo:: document how to setup the system-admin alias on the email system