Bot SAC Overview

From OSGeo
Revision as of 20:47, 22 June 2026 by Darkblueb (talk | contribs) (Created page with "Infrastructure of OSGeo System Administration Committee (SAC)\n\nFor emergency plans see: SAC:Admin and Troubleshooting\n\n\n= Servers at OSL =\nOSL | Open Source La...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Infrastructure of OSGeo System Administration Committee (SAC)\n\nFor emergency plans see: SAC:Admin and Troubleshooting\n\n\n= Servers at OSL =\n Open Source Labs - 6 physical machines that are lxd hosts containing x virtual machines/containers. 1 is currently shutdown\n\nhistory:\n* 7 physical machines of which 5 ar lxd hosts containing x virtual machines/containers.\n* As part of migration of data center 2025)\n** 2 machines: backup, osgeo3 are historical servers.\n\n== Logging into Physical Machines ==\n\nCurrently we do not have physical machines under LDAP control.

\n\nAll SAC administrators have LDAP auth to the OSL Machines. \n\nTo ssh into a server using your LDAP account, you can do the following replacing your_osgeo_login with your OSGeo login and vmname with the vm name of the server at OSL.\n\n ssh your_osgeo_login@servername.osgeo.osuosl.org\n\nWhen prompted for password, use your OSGeo Login password.\n\n\nSAC:Primary Administrators also have ssh key access in case LDAP is down and that will also apply to the physical machines. Worst case scenario use the information on Open Source Labs to file a ticket (SAC members only). Direct connection to virtual machines is by appending it's vm alias to .osgeo.osuosl.org.\n\n== Logging into LXD Hosts ==\n\nosgeo4, osgeo7, osgeo8, and osgeo9 are all Ubuntu servers running LXD. \nLXD is a management system for LXC containers and QEMU VMS. LXD has a channel that covers its features. \n\nTo directly access the host, you go thru port 2222\n\n ssh tech_dev@server_name.osgeo.osuosl.org -p 2222\n\nOnly SAC:Primary Administrators have their ssh key installed under that account. In order to access via KVM of these in event servers do not come up on a reboot, you need to go thru OSU OSL OpenVPN. To get an OpenVPN account, you need to put in a support ticket to support@osuosl.org. In order to qualify for an OpenVPN account, you need to be an OSGeo SAC administrator. You will also need to install OpenVPN client) to use your OpenVPN account.\n\nEach host on the private KVM side is named https://osgeo8.osuosl.oob -- where replace osgeo8 with the relevant host. The .oob is the private network, so doesn't work unless you are connected to via OpenVPN.\n\nThe browser interface is sometimes clunky, so you might want to use ipmitool installable on linux/unix or wsl using relevant package manager. KVM passwords are stored in SAC password-store.\n\nA convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD/Incus hosts follows: \n\n Host osgeo?\n User tech_dev\n HostName %h.osgeo.osuosl.org\n Port 2222\n\nThen you would be able to log into those hosts with commands like:\n\n ssh osgeo7\n\n== Logging into LXD/Incus Containers and VMs ==\n\nA convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosted containers and vms is the following:\n\n # This stanza is only needed if you have an IdentityFile configured below.\n # The IdentityFile from a target host is not automatically applied to the hop host, so we need to make it explicit:\n Host hop.*.osgeo.org\n IdentityFile \"path/to/your/private/key\"\n \n Host osgeo*-*\n ProxyCommand ssh yourusername@hop.$(sed -e \"s/-.*//\" <<< \"%h\").osgeo.org -W $(sed -e \"s/^osgeo[^-*]-//\" <<< \"%h\"):%p\n # this is only needed if you you use different private keys for different servers\n IdentityFile \"path/to/your/private/key\"\n\nThen you'll be able to access a LXC Container or QEMU VM on machine `osgeo9` with:\n\n ssh yourusername@osgeo9-matrix\n\nAnd one on machine `osgeo7` with:\n\n ssh yourusername@osgeo7-download\n\nNote you still need to know where each LXC host is hosted... See successive sections to know what's on which machine.\n\n\nTroubleshooting: In case of \"Permission denied (publickey).\" after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers.\n\nUgly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key):\n\n vim .ssh/config\n ...\n Host *\n ...\n PubkeyAcceptedKeyTypes +ssh-rsa\n\n... but better read e.g. here!\n== osgeo 6 ==\nThis was reformated March 2026 to be incus host\nSee osgeo6\n\n=== services running on osgeo6 ===\n==== hop ====\n\nhop.osgeo6.osgeo.org - this is the jump host to access the instances on osgeo6\n\n==== nginx ====\nProxies all http and https traffic to instances on this host\n\n==== secure (LDAP ) ====\nsecure -- ldap.osgeo.org SAC:LDAP used for ldap service (a rebuild of old secure.osgeo.osuosl.org) now on Debian 11\nMoved from osgeo9 \n* ldap.osgeo.org\n\n==== ldap-web ====\n\nCurrently housing https://id.osgeo.org/ for LDAP management.\nDeployed via ansible\nMoved from osgeo9\n\n* id.osgeo.org\n\n==== jitsi ====\n\nSee SAC:Jitsi (for video meetings) - moved from osgeo9\nhttps://meet.osgeo.org\n\n==== wordpress ====\n\nSee SAC:Wordpress\nwww.osgeo.org\n\n==== pretalx ====\nUbuntu 20.04 with OSGeo LDAP and Docker installed. pretalx software runs in Docker.\nhttps://talks.osgeo.org - for OSGeo Talk collection and voting See Pretalx\n\n==== weblate ====\nContainer Name: weblate (for doc translation)\n\nHouses: https://weblate.osgeo.org (for document translation to different languages)\n\nFor further details refer to SAC:Weblate\n\n== osgeo 8 ==\nServer added April 2021, donated by OpenStreetMap project.\n\nLikely machine: https://web.archive.org/web/20191112203036/https://hardware.openstreetmap.org/servers/stormfly-01.openstreetmap.org/\n\nLXD host\n\nConfiguration Details\n\n=== Services running on osgeo8 ===\n\n==== hop ====\nhop.osgeo8.osgeo.org - jump host for accessing containers/vms on osgeo8\n\n==== nginx ====\nhttp, https Proxy for all containers on osgeo8 and also provides mirror proxy for download.osgeo.org\n\n==== geoserver-cite ====\nHouses OGC site certification for geoserver https://cite.geoserver.org {plan to move to osgeo10)\n\n==== robe-ansible-dev ====\nContainer Name: robe-ansible-dev, has ansible 2.9.27 installed and all plugins needed to manage OSGeo ansible infrastructure.\nDEPRECATED, use `ansible-dev`\n\n==== pretalx-staging ====\nContainer Name: pretalx-staging - used primarily for experimenting with changes to talks.osgeo.org (pretalx on osgeo9) like testing out Docker builds and software upgrade etc, before applying to talks.osgeo.org. - https://talks.staging.osgeo.org\n\n==== wordpress-dev ====\nContainer Name: wordpress-dev - used primarily for osgeo.org main website development - https://staging.www.osgeo.org, https://dev.www.osgeo.org\n\n==== wiki-staging ====\nContainer Name: wiki-staging - used primarily for upgrade changes to wiki.osgeo.org like testing out OS and software upgrade etc before applying to wiki.osgeo.org. - https://staging.wiki.osgeo.org. The construction of this container is managed by sac ansible-deployment.\n\n==== tracsvn-dev ====\nContainer Name: tracsvn-dev - This is a 2019-09-05 lxd2pc image of tracsvn.osgeo.osuosl.org (now on osgeo7 as tracsvn) used primarily for experimenting like testing out OS, git and software upgrade etc before appying to production. -- https://dev.git.osgeo.org, https://dev.tracsvn.osgeo.org Has the following sites: https://dev.trac.osgeo.org, https://dev.git.osgeo.org/gitea, https://dev.svn.osgeo.org.\n\nIt was upgraded to Debian 11 on 2024-08-21.\n\n== osgeo 9 ==\nServer added April 2021, donated by OpenStreetMap project.\n\nLikely machine: https://web.archive.org/web/20191112203042/https://hardware.openstreetmap.org/servers/stormfly-02.openstreetmap.org/\n\nIs an LXD host. Also Stores lxd images used by other lxd hosts.\n\nConfiguration Details\n\n=== Services running on osgeo9 ===\n==== hop ====\nhop.osgeo9.osgeo.org. For LDAP users allows them to hop thru to get to other containers.\n\n==== nextcloud ====\nhttps://nextcloud.osgeo.org\n\nUbuntu 22.04 LXD/nginx/postgresql 14 container for document sharing similar to dropbox/google drive - nextcloud.lxd - https://nextcloud.osgeo.org Nextcloud Setup\n\nhome of https://nextcloud.osgeo.org\nThis server does not use ssh osgeo-ldap as it was the first container built. However nextcloud.osgeo.org does authenticate with osgeo ldap.\n\nTODO: add special page for this\n\n==== nginx ====\nnginx (for web proxy of traffic of osgeo9 containers) additional mirror proxy for download.osgeo.org\n\n==== adventure (WIP)====\nhttps://adventure.osgeo.org runs https://github.com/thecodingmachine/workadventure software\n\n==== woodie-client ====\na ci bot for woodie.osgeo.org which is used for git.osgeo.org/gitea ci jobs\n\n==== limesurvey ====\nDebian 10, PostgreSQL 13, PHP 8 with ldap/ssh. https://limesurvey.osgeo.org \nSetup detailed on limesurvey container\n\n==== mail ====\nmailman: lists.osgeo.org\nmail.osgeo.org\ntilechache web: tilecache.osgeo.org\nmailserver: postfix\n\n==== matrix ====\nContainer Name: matrix - lxd container with ldap/ssh.\nHosts Matrix homeserver (SAC:MatrixSynapse) and IRC bridges (SAC:Heisenbridge)\n\nhttps://gitea.osgeo.org/sac/osgeo9/wiki/matrix-container for full detail on how the container is setup\n\n==== pixelfed ====\n\nSHUT OFF (both container and website) cause of lack of interest. Container is still there.\nPixelfed instance reachable on https://photo.osgeo.org to house community photos\n\n\n==== peertube ====\n\nPeertube instance reachable on https://video.osgeo.org\n\n==== geo-docs container ====\n\nHouses:\n* https://blog.geoserver.org\n* https://geos.osgeo.org\n* https://geotools.org\n* https://geowebcache.osgeo.org\n* https://lastools.osgeo.org\n* https://planet.osgeo.org\n\n==== wiki ====\n\nSee OSGeo Wiki\n\n==== mail ====\n\nHosts: lists.osgeo.org, mail.osgeo.org and a few other services.\nSee Mail server for more details.\n\n== osgeo 10 ==\nServer added March 2026, donated by OSUOSL.\nThis is an incus host \n\nConfiguration Details\n\n=== Services running on osgeo10 ===\n==== hop ====\nhop.osgeo10.osgeo.org. For LDAP users allows them to hop thru to get to other instances on this machine.\n\n==== bessie ====\nFreeBSD VM jenkins ci used by PostGIS project\n\n==== docker-universal ====\nVM Used by postgis jenkins for building docker images\n\n==== download-cache ====\nhttps://download-cache.osgeo.org #this syncs with download.osgeo.org for backup\n\nSee Download Server\n\n==== nginx ====\nActs as nginx proxy to all sites on instances of this server\n\n==== discourse ====\n\nSee SAC:Discourse\n\n==== grass ====\nhttps://grass.osgeo.org upgraded to Trixie debian 13. \n\nGRASS GIS server\n\nCurrent DNS name: grass.osgeo.org\n\nWeb: Apache + Hugo (generated through cronjob from https://github.com/OSGeo/grass-website/), see https://github.com/OSGeo/grass-addons/tree/grass8/utils/cronjobs_osgeo_lxd\n\n`unattended-upgrades` for automatic installation of security upgrades is installed and running\n\nssh: reachable via jumphost.\n\n==== grass-wiki ====\n\nSee SAC:GrassWiki (plan to move to osgeo10)\n\n\n==== woodie-client-vm ====\n\nSeparate agent for woodie-server, this one is a true VM rather than container.\n\n==== woodie-server ====\nhttps://woodie.osgeo.org\nSee Woodie\n\n\n==== meshcentral ====\nhttps://remote.osgeo.org #for workshop osgeolive vms as needed\n\nThis is a remoting tool currently setup to test livecd vms via a web browser.\n\ncompanion vms osgeolive-17-n as needed currently 2\n\n== osgeo 7 ==\n\nServer added June 2018. Intended to replace osgeo3 and old osgeo4 (before reformat).\nSee Osgeo7 for configuration details.\n\nContainer setup of all the osgeo7 servers is located in https://git.osgeo.org/gitea/sac/osgeo7/wiki/_pages \n\nRunning LXD 3 snap based container management -- LXD version 3.17 as of 2019-09-15\n\n=== Accessing osgeo7 containers via ssh ===\n\nOnly the download.osgeo.org is directly exposed ssh via port 22. To access the other containers, you can tunnel thru \ndownload.osgeo.org -- You need to be in the shell group to be able to access download and the other servers. If you are not already put in a SAC Ticket Request. You also need to have your public key registered. To do so edit your profile [1] (and put in your public key)\n\nA convenient block to add to your own `.ssh/config` file follows:\n\n\n Host osgeo7-*\n ProxyCommand ssh your_osgeo_id@hop.osgeo7.osgeo.org -W $(sed -e \"s/^osgeo7-//;s/$/.lxd/\" <<< \"%h\"):%p\n IdentityFile \"path/to/your/private/key\"\n\nWith the above in place, you can connect to any container using:\n\n ssh your_id@osgeo7-<container_name>\n\nTroubleshooting: In case of \"Permission denied (publickey).\" after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers.\n\nUgly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key):\n\n vim .ssh/config\n ...\n Host *\n ...\n PubkeyAcceptedKeyTypes +ssh-rsa\n\n... but better read e.g. here!\n\n\n=== Services on osgeo7 ===\n\n==== Monitor ====\n\ndebian10 lxd container with ldap/ssh. https://monitor.osgeo.org (houses grafana dashboard (for all servers) and prometheus server for osgeo3 containers and pulls basic container metrics using node exporters pulled via prometheus servers. Requirs ldap to log into the web console.\n\nConfiguring servers for monitoring is detailed Git Prometheus Config\n\n==== Download ====\n\nSee Download Server\n\n==== gallery ====\n\nSee Gallery Container\n\n==== live ====\nHome of live.osgeo.org ; \nRunning Ubuntu 24.04.3 LTS with OSGeo LDAP SSH\n\n\n==== mapserver ====\n\nSee MapServer_at_osgeo7\n\n\n==== nexus (repo.osgeo.org, docker.osgeo.org) ====\nSee SAC:Repo this is a debian 10 lxd container running docker 19. \nIt currently has one docker container running within it called nexus -- exposed as repo.osgeo.org on nginx.\n\nAlso exposed as project dockers for pushing images: postgis-docker.osgeo.org, geoserver-docker.osgeo.org, geos-docker.osgeo.org, sac-docker.osgeo.org\n\n\n==== nginx ====\nProxy that routes all http/https traffic for the other containers (can be accessed via osgeo7 host lxc or ubuntu@osgeo7-nginx if your key is installed on ubuntu user).\nThe nginx container holds the letsencrypt https SSL certs for all the containers and handles the renewal of the letsencrypt certs using certbot renew cronjob.\nPrometheus server to collect all monitoring logs from OSGeo7 (only accessible by osgeo3), these get queried via monitor.osgeo.org (running on osgeo3) via grafana server.\n\n==== tracsvn (trac, svn, git) ====\n\nHome of Trac, Git and Subversion services.\n\nSee TracSVN for full details.\n\n==== photoprism ====\nPicture gallery. Syncs with https://nextcloud.osgeo.org\nBut pictures are shown here https://photoprism.osgeo.org\n\n==== old-wiki (stopped) ====\nThis used to be housed on osgeo3, and was moved 2019-09-14 to osgeo7 as old-wiki container.\nwiki.osgeo.org moved back to osgeo3 on 2020-05-22 and in wiki container. The wiki container is a complete rebuild with files and database restored and upgraded.\nRefer to the osgeo3 section for more details. \n\nold wiki container -- used for wiki service (it is an lxd2pc created image of wiki.osgeo.osuosl.org VM that was on osgeo3)\n\nSee OSGeo Wiki\n\n==== nextcloud-ubuntu (stopped) ====\nMoved to osgeo9\n\n==== dronie-server ====\n\nSee Dronie\n\n==== old-projects (stopped) ====\n-- this is the old projects.osgeo.osuosl.org migrated from osgeo4 as an lxd container, so more or less the same as it was before, with the exception that all the websites are now proxied thru the nginx container. Websites on it are community-review.foss4g.org and spatialreference.org\n\nTo access you need to go thru download.osgeo.org -> old-projects\n\n\n==== old-web (stopped) ====\nThe old web.osgeo.osuosl.org (was on osgeo3) \n\n* mapguide.osgeo.org\n\n==== old-webextra ====\nThis is a replica of webextra.osgeo.osuosl.org that was hosted on osgeo3\n\nStarted move on November 29th 2019 and completed December 8th, 2019\n* foss4g.org\n* europe.foss4g.org\n* video.foss4g.org\n* planet.osgeo.org\n* various old foss4g.org years\n* live.osgeo.org moved to dedicated container\n* journal.osgeo.org (not sure what this is for, should be retired?)\n* vmap0.tiles.osgeo.org #removed site\n\nInformation from webextra on osgeo3\n\n** Retired December 8th, 2019 -- and moved to osgeo7 as container old-webextra\n\n* See WebExtraVM for full details (server: http://webextra.osgeo.osuosl.org)\n* hosts http://planet.osgeo.org, http://mum03.mapserver.org, http://live.osgeo.org\n* http://foss4g.org (main portal) and archive of old sites 2006-2014\n* http://conference.osgeo.org - Conference System (also: SAC:Setup_OCS)\n* http://journal.osgeo.org / osgeo.org/ojs - Journal System\n* Redirects for many chapter and other urls handled via /etc/httpd/conf.d/rewrite.conf\n\n==== pycsw ====\nContainer Name: pycsw \n\n* https://demo.pycsw.org\n* OGC CSW Reference Implementation and Server demo\n* deployment setup at https://github.com/geopython/demo.pycsw.org\n* running hourly teardown/setup cron via docker-compose\n* migrated from Adhoc VM thanks to SAC (May 2020)\n\n=== osgeo7 decommissioned containers ===\n\n==== old-adhoc ====\n\nSHUTOFF as of 2022-01-29\n\nold-adhoc -- this is the old adhoc.osgeo.osuosl.org migrated 2019-05-08 from osgeo4 as an lxd container. \nUsed by osgeo-live for there test docs and by grass for earthquake, and mapserver for demo.\nNote that there is a new live (container that osgeo-live will more to), there is also a mapserver container (which mapserver have started to move their demo to)\n\nTo access via ssh you should go thru download.osgeo.org -> old-adhoc.lxd\nIt is accessible via https://adhoc.osgeo.org and http://adhoc.osgeo.osuosl.org\n\n* VM used for projects for various adhoc purposes. Risks to system stability that would be unacceptable on the Projects VM may be ok here. \n* See AdhocVM for full details, and some notes on services running here.\n* eg http://adhoc.osgeo.osuosl.org/livedvd/docs/en/quickstart/\n\n\n== osgeo4 ==\n\nosgeo4 is a real server managed by OSUOSL - can be access via ssh tech_dev@osgeo4.osgeo.osuosl.org -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.\n\nIn August 2019 the server had new power supply put in and replacement disks. It was reformatted with Ubuntu 18.04.3 to serve as secondary LXD host to osgeo7\nzfsutils-linux was installed so lxd can use zfs for storage.\n\n=== sshing into osgeo4 containers ===\nNote that all the containers are closed off from direct ssh access except for the hop.osgeo4.osgeo.org. To access the other containers, you need to hop through hop.\nhop container has port 22 open but requires ssh access so users who’ve been granted rights can hop thru it to other containers using hop.osgeo4.osgeo.org as name.\n\nA convenient block to add to your own .ssh/config file follows where your_id could be your osgeo id or a local account on that container\n\n Host osgeo4-*\n ProxyCommand ssh your_osgeo_id@hop.osgeo4.osgeo.org -W $(sed -e \"s/^osgeo4-//;s/$/.lxd/\" <<< \"%h\"):%p\n IdentityFile \"path/to/your/private/key\"\n User your_id\n\nThen to access say the wordpress-dev container, you'd do the below\n\n ssh osgeo4-wordpress-dev\n\n=== osgeo4 baremetal features ===\nIt's makeup is as follows:\n{| class=\"wikitable\"\n|-\n! Item !! Settings\n|-\n| Disks || 6 1.8 TB drives\n|-\n| Memory || 48 GB\n|-\n| CPUs || 8 Intel(R) Xeon(R) CPU E5540 @ 2.53GHz (8192kb cache)\n|}\n
lsblk -i\nNAME           MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT\nsda              8:0    0  1.8T  0 disk  \n|-sda1           8:1    0  953M  0 part  \n| `-md0          9:0    0  952M  0 raid1 /boot\n`-sda2           8:2    0 46.6G  0 part  \n  `-md1          9:1    0 46.5G  0 raid1 \n\t|-lvm-root 253:0    0 37.3G  0 lvm   /\n\t`-lvm-swap 253:1    0  7.5G  0 lvm   [SWAP]\nsdb              8:16   0  1.8T  0 disk  \n|-sdb1           8:17   0  953M  0 part  \n| `-md0          9:0    0  952M  0 raid1 /boot\n`-sdb2           8:18   0 46.6G  0 part  \n  `-md1          9:1    0 46.5G  0 raid1 \n\t|-lvm-root 253:0    0 37.3G  0 lvm   /\n\t`-lvm-swap 253:1    0  7.5G  0 lvm   [SWAP]\nsdc              8:32   0  1.8T  0 disk  \nsdd              8:48   0  1.8T  0 disk  \nsde              8:64   0  1.8T  0 disk  \nsdf              8:80   0  1.8T  0 disk \n
\n\n
\nsdc,sdd,sde,sdf  form a zfs osgeo4_lxd partition (sdc,sdd) mirrors sde,sdf for total lxd capacity of 3.62 TB\n
\n\nNightly backups of osgeo7, and osgeo4 containers are kept here and named <container>-backup and be kept in a stopped state.\n\n= Cloud Hosted Servers and other external under SAC Control =\n\n== Future Hosting Plans for Windows / Mac Building ==\n\nSAC Shared Building Services\n\n\n== Atlantic.net ==\n\n* host.postgis.net -p 2222 is an LXD Ubuntu 18.04 16GB RAM/ 6 vCPU, 350GB data, 250GB block storage\n* Currenlty running two lxd containers:\n debbie: debian 10 postgis.net, planet.postgis.net, debbie.postgis.net (jenkins build bot) \n debbie-docker.host.postgis.net - runs docker and serves as a 1.0 agent for dronie.osgeo.org\n\n= QGIS off OSGeo =\nServices on separated machines rented and managed by the QGIS project at hetzner\n\n* website including documentation http://www.qgis.org\n* website building, documentation building, debian/ubuntu nightlies, plugins.qgis.org\n* issues.qgis.org: redmine\n\n= Historical servers (not more in use) =\n\n- Telascience Blades (Historical)\n\n== web18a.osgeo.osuosl.org ==\nNO LONGER USED - turned off\n2019-09-03 Production services www.osgeo.org, 2018.foss4g.org moved to wordpress container on osgeo7\nStaging services (staging.www.osgeo.org, dev.www.osgeo.org move to wordpress-dev container on osgeo4\nGrass wordpress is disabled as grass decided to go with another solution, so have grass container on osgeo7\n(Cloud hosted server on OSUOSL hardware (not ours) )\n* Debian 9.3 4GB server, host name: web18a.osgeo.osuosl.org require ssh key to log in.\n* Hosts wordpress sites staging.www.osgeo.org,www.osgeo.org, staging.grass.osgeo.org, foss4g2018.osgeo.org\n* Setup details on Web18a setup\n\n\n== OSGeo funtoo ==\n\nFor lxd experimentation it's an lxd container running other lxd containers and provided by funtoo.org.\n\nOSGeo is paying funtoo via treasurer at osgeo.org.\n\n* OSGeo Funtoo osgeo.host.funtoo.org\n\n\n* funtoo LXDs currently running:\n** LimeSurvey -this may be in future migrated to osgeo7 or osgeo3\nMigrated to osgeo3 2020-11-28 -- see [[2]]\n\n== osgeo3 ==\n\nosgeo3 physical server refer to Configuration Details for hardware specs. It was used to run production, but moderately risky things. Refer to SAC:Old-osgeo3 for past history before osgeo3 was rebuilt.\nosgeo3 was a hosted by OSUOSL - No longer accessible can be accessed via ssh tech_dev@osgeo3.osgeo.osuosl.org -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.\n\n== Backup (osgeo5) ==\n\n* Backup now runs on dedicated hardware\n* Provides Rsync backups of download.osgeo.org\n* Provides Bacula backups of various VMs.\n* See SAC:Backups for details.\n\n\n\n\n" 
       }
     ],
     "id": "rcj2vdf6x0j",
     "parent": "ohurhl3jbn9"
   },
   {
     "convId": "qjvr2shpkjd",
     "type": "text",
     "role": "assistant",
     "content": "Infrastructure of OSGeo System Administration Committee (SAC)\n\n= Presentation: OSGeo Service Infrastructure Overview =\n\nThis document outlines a proposed 12-slide presentation for the OSGeo leadership. The focus shifts from specific hardware inventory to the value, reliability, and strategic benefit of the services provided to the community.\n\n== Slide 1: Introduction ==\nTitle: Empowering the Open Geospatial Community: OSGeo Infrastructure Overview\n\nContent:\n*   **Presenter:** SAC Infrastructure Team\n*   **Objective:** To provide a high-level overview of the technical infrastructure supporting OSGeo projects.\n*   **Key Message:** Our infrastructure is not just about servers; it is about enabling collaboration, development, and community engagement for the global open-source geospatial movement.\n*   **Scope:** Overview of core services, hosting strategies, and future resilience.\n\n== Slide 2: Strategic Vision & Philosophy ==\nTitle: From Hardware to Service-Oriented Infrastructure\n\nContent:\n*   **The Shift:** Moving away from \"managing servers\" to \"delivering services.\"\n*   **Core Principles:**\n    *   **Reliability:** High availability for critical community tools.\n    *   **Scalability:** Flexible resources to support growing projects (e.g., Docker, CI/CD).\n    *   **Security:** Robust access controls and data protection.\n    *   **Community-Centric:** Infrastructure tailored to the needs of GIS developers, researchers, and users.\n*   **Goal:** A unified, resilient platform that allows project teams to focus on code and content, not sysadmin tasks.\n\n== Slide 3: The Foundation: Modern Virtualization ==\nTitle: Efficient Resource Utilization via LXD/Incus\n\nContent:\n*   **Technology Stack:** Migration to modern containerization (LXD/Incus) and virtualization.\n*   **Benefits:**\n    *   **Density:** More services per physical machine, reducing energy and hardware costs.\n    *   **Isolation:** Secure separation of projects (e.g., Nextcloud vs. Jenkins).\n    *   **Speed:** Rapid deployment and cloning of environments for testing and production.\n*   **Current State:** Primary hosts (osgeo4, osgeo7, osgeo8, osgeo9, osgeo10) form a robust, distributed cluster.\n\n== Slide 4: Core Web Presence & Community Hub ==\nTitle: The OSGeo Website & Wiki Ecosystem\n\nContent:\n*   **Services:**\n    *   **www.osgeo.org:** The main portal for news, events, and project listings.\n    *   **wiki.osgeo.org:** The central knowledge base for documentation and community guides.\n*   **Infrastructure:**\n    *   Hosted on modern LXD containers (osgeo6/osgeo7).\n    *   Automated deployments via Ansible ensure consistency and easy updates.\n    *   Staging environments (wordpress-dev, wiki-staging) allow safe testing before production release.\n*   **Benefit:** A stable, up-to-date face of OSGeo for millions of visitors.\n\n== Slide 5: Communication & Collaboration Tools ==\nTitle: Keeping the Community Connected\n\nContent:\n*   **Real-Time Chat:**\n    *   **Matrix (gitter/irc bridges):** Secure, federated chat for developer discussions.\n    *   **Heisenbridge:** Bridges IRC channels to Matrix for broader accessibility.\n*   **Video Conferencing:**\n    *   **Jitsi Meet (meet.osgeo.org):** Self-hosted, privacy-focused video meetings for SAC and project meetings.\n*   **Mailing Lists:**\n    *   **Mailman (lists.osgeo.org):** The backbone of asynchronous communication for announcements and technical debates.\n*   **Benefit:** Diverse, accessible, and self-hosted communication channels that respect user privacy.\n\n== Slide 6: Development & Continuous Integration ==\nTitle: Powering Project Development with CI/CD\n\nContent:\n*   **Code Hosting:**\n    *   **Gitea (git.osgeo.org):** Lightweight, self-hosted Git service for project repositories.\n*   **Continuous Integration:**\n    *   **Jenkins (host.postgis.net & osgeo10):** Automated testing and building for major projects like PostGIS and GRASS GIS.\n    *   **Dronie:** Automated release management and build coordination.\n*   **Benefit:** Accelerates development cycles, ensures code quality, and automates the release process for critical geospatial software.\n\n== Slide 7: Data Management & Storage ==\nTitle: Secure Data Sharing and Distribution\n\nContent:\n*   **File Sharing:**\n    *   **Nextcloud (nextcloud.osgeo.org):** Secure, self-hosted cloud storage for project teams and sensitive data.\n    *   **Photoprism:** AI-powered photo management for community events and galleries.\n*   **Software Distribution:**\n    *   **Download Server (download.osgeo.org):** High-bandwidth mirror for OSGeo Live, ISOs, and project binaries.\n    *   **Repo Server (repo.osgeo.org):** Centralized repository for Debian/Ubuntu packages and Docker images.\n*   **Benefit:** Reliable access to software and data for users worldwide, with secure internal collaboration tools for teams.\n\n== Slide 8: Project-Specific Hosting & Specialized Services ==\nTitle: Supporting Diverse Project Needs\n\nContent:\n*   **GRASS GIS:** Dedicated hosting (grass.osgeo.org) with automated website generation and security updates.\n*   **GeoServer:** Certification testing environment (cite.geoserver.org) and demo instances.\n*   **QGIS:** Separate, high-performance hosting for QGIS project needs (website, docs, plugins).\n*   **LimeSurvey:** Self-hosted survey tool for community feedback and elections.\n*   **Benefit:** Tailored infrastructure that meets the unique technical requirements of different projects, from heavy compute to simple web hosting.\n\n== Slide 9: Monitoring, Security & Reliability ==\nTitle: Proactive Maintenance and Security\n\nContent:\n*   **Monitoring:**\n    *   **Prometheus & Grafana (monitor.osgeo.org):** Real-time visibility into server health, container metrics, and service status.\n    *   Automated alerts for SAC administrators.\n*   **Security:**\n    *   **LDAP Integration:** Centralized identity management for secure access.\n    *   **SSH Key Management:** Strict key-based access control with jump hosts for isolation.\n    *   **Regular Updates:** Automated security patches (unattended-upgrades) and regular OS upgrades.\n*   **Benefit:** Proactive identification of issues, ensuring high uptime and protecting community data.\n\n== Slide 10: Disaster Recovery & Backup Strategy ==\nTitle: Ensuring Business Continuity\n\nContent:\n*   **Backup Infrastructure:**\n    *   Dedicated backup hardware (osgeo5) for critical data.\n    *   Rsync backups for download mirrors.\n    *   Bacula backups for VMs and containers.\n*   **Redundancy:**\n    *   Distributed hosting across multiple physical machines.\n    *   Regular restoration tests to verify backup integrity.\n*   **Benefit:** Peace of mind knowing that community data and project history are protected against hardware failure or accidental deletion.\n\n== Slide 11: Future Roadmap & Optimization ==\nTitle: Evolving Infrastructure for Future Growth\n\nContent:\n*   **Consolidation:** Migrating remaining legacy services to modern LXD/Incus hosts.\n*   **Performance:** Optimizing network proxies (Nginx) and storage (ZFS) for better throughput.\n*   **Expansion:** Preparing for increased demand from growing projects (e.g., more CI/CD agents, larger download mirrors).\n*   **Sustainability:** Reducing physical footprint through efficient virtualization.\n*   **Benefit:** A forward-looking infrastructure that is cost-effective, efficient, and ready for the next decade of open geospatial innovation.\n\n== Slide 12: Conclusion & Q&A ==\nTitle: Summary and Next Steps\n\nContent:\n*   **Summary:**\n    *   OSGeo infrastructure is a robust, modern, and community-focused platform.\n    *   It supports a wide range of services from web hosting to complex CI/CD pipelines.\n    *   Continuous improvement ensures reliability and security.\n*   **Call to Action:**\n    *   Support for ongoing maintenance and potential upgrades.\n    *   Collaboration between SAC and project teams to identify future needs.\n*   **Q&A:** Open floor for questions and discussion.\n\n= Notes for Presentation Delivery =\n\n*   **Emphasis on Benefit:** When discussing each slide, always link the technical detail back to the user or project benefit (e.g., \"This Jenkins server means faster releases for PostGIS users\").\n*   **Visuals:** Use diagrams showing the flow from user -> web proxy -> container -> service. Show screenshots of the monitoring dashboard to demonstrate proactive management.\n*   **Simplicity:** Avoid deep technical jargon where possible. Focus on concepts like \"reliability,\" \"speed,\" and \"security.\"\n*   **Addressing Mistakes:** The original document contained outdated information (e.g., osgeo3 status, specific container names). This presentation uses the corrected, high-level view to avoid confusion. Ensure the slide deck reflects the *current* state as described in the revised service list.
Retrieved from "http://wiki.osgeo.org/w/index.php?title=Bot_SAC_Overview&oldid=136124"