Difference between revisions of "Osgeo6"

From OSGeo
Jump to navigation Jump to search
(reorganize sections, stub a mysql one)
(46 intermediate revisions by 5 users not shown)
Line 1: Line 1:
'''Osgeo6''' is a Debian machine minimally administered by [[SAC]], hosted on [[SAC_Service_Status#osgeo6]] (see also [[Infrastructure Transition Plan 2014#Hardware|Hardware plan 2014]]) at OSU OSL and used for hosting project web sites and some related services.  
+
'''Osgeo6''' is a Debian 10 machine administered by [[SAC]], hosted on [[SAC_Service_Status#Servers_at_OSL|OSU OSL servers]] since August 2015 (see also [[Infrastructure Transition Plan 2014#Hardware|Hardware plan 2014]]).  
  
The host is reachable by ssh at osgeo6.osgeo.osuosl.org. Anyone in the https://www.osgeo.org/cgi-bin/auth/ldap_shell.py has ssh access, and anyone in this group can add new people via the link. Sudo access can be provided by existing sudoer's by adding folks to the sudoers group in /etc/group, though it is normal practice to try and only extend sudo access to one user per project.  
+
It hosts several '''critical resources''', projects web sites mail-transport and -lists, it is the successor of the [[ProjectsVM]] and the [[MailVM]] (this machine runs NO VMs instead).
  
This hardware hosts several '''critical resources''', projects web sites mail-transport and -lists, it is the successor of the [[ProjectsVM]] amd the [[MailVM]], put into service in 2015. It is a shared environment and it is important that folks making changes on the system be aware of the impact they might have on other hosted services. Apache changes should be made carefully and needfully. Think about '''security'''!
+
The host is reachable by ssh at '''osgeo6.osgeo.osuosl.org'''.
  
Place to reach SAC members in case of troubles or quick questions:
+
= Shell access =
  
*irc://irc.freenode.org#osgeo
+
Anyone in the https://www.osgeo.org/cgi-bin/auth/ldap_shell.py has ssh access, and anyone in this group can add new people via the link. Sudo access can be provided by existing sudoer's by adding folks to the sudoers group in /etc/group, though it is normal practice to try and only extend sudo access to one user per project.  
*irc://irc.freenode.org#telascience
+
 
*If you don't have an IRC client, you can use the [http://irc.telascience.org/cgi-bin/telascience-irc.cgi IRC Web browser interface] or [http://webchat.freenode.net/ Freenode's Webchat] (if you are behind a restrictive firewall)
+
It is a shared environment and it is important that folks making changes on the system be aware of the impact they might have on other hosted services. Apache changes should be made carefully and needfully. Think about '''security'''!
 +
 
 +
See [[SAC#Communication]] in case of troubles or quick questions
  
 
= Services hosted on osgeo6 =
 
= Services hosted on osgeo6 =
Line 25: Line 27:
 
! comments
 
! comments
 
|-
 
|-
| grass.osgeo.org  
+
| old.grass.osgeo.org (grass.osgeo.org moved to osgeo7 grass container)
 
| /var/www/grass/grass-cms
 
| /var/www/grass/grass-cms
 
| admined by [[User:Neteler]], martinL
 
| admined by [[User:Neteler]], martinL
| hopefully backuped by osgeo
+
| BackupOg6 bacula job
| based on CMSMS
+
| based on CMSMS; GRASS GIS infrastructure explained [https://trac.osgeo.org/grass/browser/grass/trunk/doc/infrastructure.txt here], also enabled [https://www.ssllabs.com/ssltest/analyze.html?d=grass.osgeo.org&latest LetsEncrypt]
 
|-
 
|-
| grasswiki.osgeo.org
+
| old.grasswiki.osgeo.org  (grasswiki.osgeo.org moved to osgeo3 grass-wiki container)
 
| /var/www/grass/grass-wiki
 
| /var/www/grass/grass-wiki
 
| admined by [[User:Neteler]], martinL
 
| admined by [[User:Neteler]], martinL
| hopefully backuped by osgeo
+
| BackupOg6 bacula job
| own MediaWiki
+
| own MediaWiki, also enabled [https://www.ssllabs.com/ssltest/analyze.html?d=grasswiki.osgeo.org&latest LetsEncrypt]
 
|-
 
|-
 
| www.geotools.org
 
| www.geotools.org
 
| /var/www/geotools/web
 
| /var/www/geotools/web
 
| SAC !?
 
| SAC !?
|  
+
| BackupOg6 bacula job
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
|-
 
|-
Line 46: Line 48:
 
| /var/www/geotools/docs
 
| /var/www/geotools/docs
 
| SAC !?
 
| SAC !?
|  
+
| BackupOg6 bacula job
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
|-
 
|-
Line 52: Line 54:
 
| /var/www/geotools/wiki
 
| /var/www/geotools/wiki
 
| SAC !?
 
| SAC !?
|  
+
| BackupOg6 bacula job
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
 
|-
 
|-
| www.featureserver.org
+
| <del>www.featureserver.org</del>
 
| /var/www/featureserver/website
 
| /var/www/featureserver/website
 
| admined by [[User:Warmerda]]
 
| admined by [[User:Warmerda]]
|  
+
| BackupOg6 bacula job
| Not yet active, pending Python/GEOS issues
+
| DEAD project. Not yet active, pending Python/GEOS issues
 
|-
 
|-
| geos.osgeo.org
+
| <del>geos.osgeo.org</del>
 
| /var/www/geos/geos-web
 
| /var/www/geos/geos-web
 
| admined by [[User:Warmerda]]
 
| admined by [[User:Warmerda]]
|  
+
| BackupOg6 bacula job
| Just a redirect to Trac
+
| Now hosted on osgeo3-nginx, and is a redirect to libgeos.org
 
|-
 
|-
 
| www.tilecache.org
 
| www.tilecache.org
 
| /var/www/tilecache/docs
 
| /var/www/tilecache/docs
 
| SAC !?
 
| SAC !?
|  
+
| BackupOg6 bacula job
 
|  
 
|  
 
|-
 
|-
| www.gdal.org
+
| <del>www.gdal.org</del> Now hosted on github (gdal.org) and redirect for www.gdal.org (redirected to https://gdal.org on osgeo7 nginx)
 
| /var/www/gdal/gdal-web/
 
| /var/www/gdal/gdal-web/
 
| admined by [[User:Warmerda]]
 
| admined by [[User:Warmerda]]
|  
+
| BackupOg6 bacula job
| CRON-job migrated as well
+
| CRON-job migrated as well, also enabled [https://www.ssllabs.com/ssltest/analyze.html?d=gdal.org&latest LetsEncrypt]
 +
|-
 +
|-
 +
| <del>www.mapserver.org</del>
 +
| /var/www/mapserver.org/
 +
| admined by [[Jeff McKenna]]
 +
| BackupOg6 bacula job
 +
| moved to osgeo7 container, see https://wiki.osgeo.org/wiki/MapServer_at_osgeo7
 +
|-
 +
| <del>drone.osgeo.org</del> (this has been replaced by [[Dronie | dronie.osgeo.org]] which is on osgeo7)
 +
| /var/www/drone.osgeo.org
 +
| admined by [[User:Strk]]
 +
| Continuous Integration for [[SAC:Gitea|Gitea]]
 +
| reverse-proxy to [[#Drone service|Drone server]] server, also enabled [https://www.ssllabs.com/ssltest/analyze.html?d=drone.osgeo..org&latest LetsEncrypt]
 +
|-
 +
| https://lists.osgeo.org
 +
| admin
 +
| Web interface for managing Mailman
 +
|
 +
| also enabled [https://www.ssllabs.com/ssltest/analyze.html?d=lists.osgeo.org&latest LetsEncypt]
 +
 
 
|-
 
|-
 
|}
 
|}
  
 
== MySQL server ==
 
== MySQL server ==
 +
* used for GRASS GIS Wiki (maintained by Martin Landa and Markus Neteler)
 +
<del>* used for GRASS CMS and GRASS Wiki ? </devl> now on grass on osgeo7 and grass-wiki on osgeo3
 +
* backed up via [[SAC:Backups|bacula]] in BackupOg6 job (see /osgeo/backup)
 +
* admin user credentials found in ~root/.my.cnf
 +
 +
== Postfix SMTP server ==
 +
 +
* Central OSGeo MX running Postfix (includes @osgeo.org aliases in /etc/aliases)
 +
=== Setting up mail alias ===
 +
# '''''edit''''' /etc/aliases
 +
# git diff # and git commit (please set GIT_AUTHOR_NAME/GIT_AUTHOR_EMAIL envs)
 +
# newaliases
 +
# postfix reload
 +
 +
== Mailman ==
 +
 +
* [[SAC:Mailing Lists]] - mailman configuration for lists.osgeo.org.
 +
 +
== Mailman subscriber statistics ==
 +
* monthly cronjob "OSGeo mailman server unique subscribers", run as root user with scripts in /home/neteler/osgeo_mailman_stats/*.sh (operated by [[User:Neteler|M. Neteler]])
 +
 +
== PostgreSQL server ==
 +
OBSOLETE removed.
 +
As of April 2017 PostgreSQL 9.6 is installed from pgdg packages and a new cluster was added
 +
to host the database for the Drone service (in progress)
 +
 +
== Drone service ==
 +
 +
See [[SAC::Drone]] No longer hosted on this
  
TODO: write something
+
= SSL certificates =
 +
 
 +
* LetsEncrypt was configured by [[Jeff McKenna]] on 2018-07-27 for mapserver.org, gdal.org, grass.osgeo.org, grasswiki.osgeo.org, drone.osgeo.org, and lists.osgeo.org using certbot-auto
 +
** careful: check the conf files in /etc/apache2/sites-enabled/ to make sure that the VirtualHost settings do not include something like ''<VirtualHost _default_:443>'' and instead should point to the IP such as ''<VirtualHost 140.211.15.3:443>'' or else the certificate loaded will always default to mapserver.org
 +
** certbot-auto lives in /usr/local/sbin.
 +
** to add more sites, run the command:<blockquote>certbot-auto --apache -d mapserver.org -d www.mapserver.org</blockquote>
 +
** a cronjob (certbot-auto renew) was created to check for renewal twice a day
 +
** also enabled for geos.osgeo.org on by [[Jeff McKenna]] on 2018-10-01
  
 
= Backup strategy =
 
= Backup strategy =
  
Please add here. Bacula?
+
As of Feb 2017 backup is performed by bacula, with the BackupOg6 job,
 +
which includes the whole /var/www, /etc, /osgeo, /var/lib/mysql and more
 +
files (see [[SAC:Backups]] for info about figuring out more).
 +
 
 +
A dump of each mysql database is also stored as a separate file under /osgeo
 +
(created during the backup phase).
  
 
= Hardware =
 
= Hardware =

Revision as of 21:34, 8 May 2022

Osgeo6 is a Debian 10 machine administered by SAC, hosted on OSU OSL servers since August 2015 (see also Hardware plan 2014).

It hosts several critical resources, projects web sites mail-transport and -lists, it is the successor of the ProjectsVM and the MailVM (this machine runs NO VMs instead).

The host is reachable by ssh at osgeo6.osgeo.osuosl.org.

Shell access

Anyone in the https://www.osgeo.org/cgi-bin/auth/ldap_shell.py has ssh access, and anyone in this group can add new people via the link. Sudo access can be provided by existing sudoer's by adding folks to the sudoers group in /etc/group, though it is normal practice to try and only extend sudo access to one user per project.

It is a shared environment and it is important that folks making changes on the system be aware of the impact they might have on other hosted services. Apache changes should be made carefully and needfully. Think about security!

See SAC#Communication in case of troubles or quick questions

Services hosted on osgeo6

Websites

All websites are served by Apache

site path contact backup comments
old.grass.osgeo.org (grass.osgeo.org moved to osgeo7 grass container) /var/www/grass/grass-cms admined by User:Neteler, martinL BackupOg6 bacula job based on CMSMS; GRASS GIS infrastructure explained here, also enabled LetsEncrypt
old.grasswiki.osgeo.org (grasswiki.osgeo.org moved to osgeo3 grass-wiki container) /var/www/grass/grass-wiki admined by User:Neteler, martinL BackupOg6 bacula job own MediaWiki, also enabled LetsEncrypt
www.geotools.org /var/www/geotools/web SAC !? BackupOg6 bacula job /home/geotools/ available, but corresponding OSGeo LDAP user account missing
docs.geotools.org /var/www/geotools/docs SAC !? BackupOg6 bacula job /home/geotools/ available, but corresponding OSGeo LDAP user account missing
old.geotools.org /var/www/geotools/wiki SAC !? BackupOg6 bacula job /home/geotools/ available, but corresponding OSGeo LDAP user account missing
www.featureserver.org /var/www/featureserver/website admined by User:Warmerda BackupOg6 bacula job DEAD project. Not yet active, pending Python/GEOS issues
geos.osgeo.org /var/www/geos/geos-web admined by User:Warmerda BackupOg6 bacula job Now hosted on osgeo3-nginx, and is a redirect to libgeos.org
www.tilecache.org /var/www/tilecache/docs SAC !? BackupOg6 bacula job
www.gdal.org Now hosted on github (gdal.org) and redirect for www.gdal.org (redirected to https://gdal.org on osgeo7 nginx) /var/www/gdal/gdal-web/ admined by User:Warmerda BackupOg6 bacula job CRON-job migrated as well, also enabled LetsEncrypt
www.mapserver.org /var/www/mapserver.org/ admined by Jeff McKenna BackupOg6 bacula job moved to osgeo7 container, see https://wiki.osgeo.org/wiki/MapServer_at_osgeo7
drone.osgeo.org (this has been replaced by dronie.osgeo.org which is on osgeo7) /var/www/drone.osgeo.org admined by User:Strk Continuous Integration for Gitea reverse-proxy to Drone server server, also enabled LetsEncrypt
https://lists.osgeo.org admin Web interface for managing Mailman also enabled LetsEncypt

MySQL server

  • used for GRASS GIS Wiki (maintained by Martin Landa and Markus Neteler)

* used for GRASS CMS and GRASS Wiki ? </devl> now on grass on osgeo7 and grass-wiki on osgeo3

  • backed up via bacula in BackupOg6 job (see /osgeo/backup)
  • admin user credentials found in ~root/.my.cnf

Postfix SMTP server

  • Central OSGeo MX running Postfix (includes @osgeo.org aliases in /etc/aliases)

Setting up mail alias

# edit /etc/aliases
# git diff # and git commit (please set GIT_AUTHOR_NAME/GIT_AUTHOR_EMAIL envs)
# newaliases
# postfix reload

Mailman

Mailman subscriber statistics

  • monthly cronjob "OSGeo mailman server unique subscribers", run as root user with scripts in /home/neteler/osgeo_mailman_stats/*.sh (operated by M. Neteler)

PostgreSQL server

OBSOLETE removed. As of April 2017 PostgreSQL 9.6 is installed from pgdg packages and a new cluster was added to host the database for the Drone service (in progress)

Drone service

See Drone No longer hosted on this

SSL certificates

  • LetsEncrypt was configured by Jeff McKenna on 2018-07-27 for mapserver.org, gdal.org, grass.osgeo.org, grasswiki.osgeo.org, drone.osgeo.org, and lists.osgeo.org using certbot-auto
    • careful: check the conf files in /etc/apache2/sites-enabled/ to make sure that the VirtualHost settings do not include something like <VirtualHost _default_:443> and instead should point to the IP such as <VirtualHost 140.211.15.3:443> or else the certificate loaded will always default to mapserver.org
    • certbot-auto lives in /usr/local/sbin.
    • to add more sites, run the command:

      certbot-auto --apache -d mapserver.org -d www.mapserver.org

    • a cronjob (certbot-auto renew) was created to check for renewal twice a day
    • also enabled for geos.osgeo.org on by Jeff McKenna on 2018-10-01

Backup strategy

As of Feb 2017 backup is performed by bacula, with the BackupOg6 job, which includes the whole /var/www, /etc, /osgeo, /var/lib/mysql and more files (see SAC:Backups for info about figuring out more).

A dump of each mysql database is also stored as a separate file under /osgeo (created during the backup phase).

Hardware

Details: 

   CPU:  2 x Intel Xeon E5-2620v3, 2.4 GHz (6-Core, HT, 15MB Cache, 85W) 22nm
   RAM:  128GB (8 x 16GB DDR4-2133 ECC Registered 2R 1.2V DIMMs) Operating at 2133 MT/s Max
   NIC:  Dual Intel i210 Gigabit Ethernet Controllers - Integrated
   Management:  Integrated IPMI 2.0 & KVM over LAN
   Controller:  10 Ports 6Gb/s SATA (Intel C612 Chipset)
   PCIe 3.0 x8:  No Item Selected
   NOTE:  Hot-swap and fixed drives will be connected to SATA3 controller (C612) unless otherwise specified
   Hot-Swap Drive - 1:  80GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Hot-Swap Drive - 2:  80GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Hot-Swap Drive - 3:  480GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Hot-Swap Drive - 4:  480GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Hot-Swap Drive - 5:  480GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Hot-Swap Drive - 6:  480GB Intel DC S3500 Series MLC (6Gb/s, 0.3 DWPD) 2.5" SATA SSD
   Optical Drive:  No Item Selected

3 year warranty starting on May 4,2015 ending on May 4,2018

Retrieved from "http://wiki.osgeo.org/w/index.php?title=Osgeo6&oldid=128272"