Difference between revisions of "SAC Service Status"

From OSGeo
Jump to navigation Jump to search
 
(377 intermediate revisions by 18 users not shown)
Line 1: Line 1:
 
Infrastructure of OSGeo System Administration Committee ([[SAC]])
 
Infrastructure of OSGeo System Administration Committee ([[SAC]])
  
= OSL =
+
For emergency plans see: [[SAC:Admin and Troubleshooting]]
[[OSL | Open Source Labs]] - 2 physical machines containing ''x'' virtual machines.
 
  
All SAC administrators have LDAP auth to the OSL Virtual Machines. Primary Admins also have ssh key access in case LDAP is down and that will also apply to the physical machines. Worst case scenario use the information on [[OSL | Open Source Labs]] to file a ticket (SAC members only). Direct connection to virtual machines is by appending it's vm alias to .osgeo.osuosl.org.
 
  
Also, community.osgeo.org is a test Drupal instance they hosted for us while evaluating OSL services earlier on.  (See Tyler)
+
= Servers at OSL =
 +
[[OSL | Open Source Labs]] - 4 physical machines containing ''x'' virtual machines.
 +
 
 +
 
 +
== Logging into Physical Machines ==
 +
 
 +
Currently we have osgeo6 and backup.osgeo.osuosl.org that are physical machines under LDAP control.
 +
 
 +
'''Note this does not apply to osgeo3, osgeo4, osgeo7, osgeo9 lxd hosts'''.  Refer to those sections for instructions on logging in.
 +
If hanging, see [[OSL]] for how to open a ticket with OSUOSL's support.
 +
 
 +
This section currently only applies to '''osgeo6''' and '''backup'''.
 +
 
 +
All [[SAC#Members|SAC administrators]] have LDAP auth to the OSL Machines.
 +
 
 +
To ssh into a server using your LDAP account, you can do the following replacing '''your_osgeo_login''' with your OSGeo login and '''vmname''' with the vm name of the server at OSL.
 +
 
 +
  ssh '''your_osgeo_login'''@'''servername'''.osgeo.osuosl.org
 +
 
 +
When prompted for password, use your OSGeo Login password.
 +
 
 +
 
 +
[[SAC:Primary Administrators]] also have ssh key access in case LDAP is down and that will also apply to the physical machines. Worst case scenario use the information on [[OSL | Open Source Labs]] to file a ticket (SAC members only). Direct connection to virtual machines is by appending it's vm alias to .osgeo.osuosl.org.
 +
 
 +
== Logging into LXD Hosts ==
 +
 
 +
OSGeo3, OSGeo4, and OSGeo7 are all Ubuntu 18.04 servers running LXD.  Note that OSGeo3, OSGeo4, and OSGeo7 are all LXD Hosts running (at this moment all LXC containers).
 +
These instructions therefore apply to OSGeo3, OSGeo4, and OSGeo7 Hosts.
 +
LXD is a management system for LXC containers and QEMU VMS. LXD has a [https://www.youtube.com/channel/UCuP6xPt0WTeZu32CkQPpbvA channel] that covers its features.
 +
 
 +
To directly access the host, you go thru port 2222
 +
 
 +
  ssh tech_dev@''server_name''.osgeo.osuosl.org -p 2222
 +
 
 +
Only [[SAC:Primary Administrators]] have their ssh key installed under that account.  In order to access via KVM of these in event servers do not come up on a reboot, you need to go thru OSU OSL VPN -- details in osgeo7-secure container for each.
 +
 
 +
A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosts follows:
 +
 
 +
    Host osgeo?
 +
      User tech_dev
 +
      HostName %h.osgeo.osuosl.org
 +
      Port 2222
 +
 
 +
Then you would be able to log into those hosts with commands like:
 +
 
 +
    ssh osgeo7
 +
 
 +
== Logging into LXD Containers and VMs ==
 +
 
 +
A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosted containers and vms is the following:
 +
 
 +
  Host osgeo*-*
 +
    ProxyCommand ssh hop.$(sed -e "s/-.*//" <<< "%h").osgeo.org -W $(sed -e "s/^osgeo[^-*]-//;s/$/.lxd/" <<< "%h"):%p
 +
    # this is only needed if you you use different private keys for different servers
 +
    IdentityFile "path/to/your/private/key"
 +
 
 +
Then you'll be able to access a LXC Container or QEMU VM on machine `osgeo3` with:
 +
 
 +
  ssh osgeo3-matrix
 +
 
 +
And one on machine `osgeo7` with:
 +
 
 +
  ssh osgeo7-secure
 +
 
 +
Note you still need to know where each LXC host is hosted... See successive sections to know what's on which machine.
 +
 
 +
== osgeo 8 ==
 +
Server added April 2021. Intended to provide additional LXD capacity and backup
 +
[[osgeo8|Configuration Details]]
 +
 
 +
=== Services running on osgeo8 ===
 +
 
 +
==== hop ====
 +
hop.osgeo8.osgeo.org - jump host for accessing containers/vms on osgeo8
 +
 
 +
==== nginx ====
 +
http, https Proxy for all containers on osgeo8 and also provides mirror proxy for download.osgeo.org
 +
 
 +
==== dronie-client ====
 +
a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs
 +
 
 +
==== grass ====
 +
GRASS GIS server
 +
 
 +
Current DNS name: grass.osgeo.org (old CMS retired in 2020 to old.grass.osgeo.org, on osgeo6) (moved from osgeo7 to osgeo8 2022-05-12)
 +
 
 +
Debian 10 Buster
 +
 
 +
Web: Apache + Hugo (generated through cronjob from https://github.com/OSGeo/grass-website/), see https://github.com/OSGeo/grass-addons/tree/master/tools/cronjobs_osgeo_lxd
 +
 
 +
ssh: reachable via jumphost.
 +
 
 +
== osgeo 9 ==
 +
Server added April 2021. Is an LXD host.  Also Stores lxd images used by other lxd hosts.
 +
[[osgeo9|Configuration Details]]
 +
 
 +
=== Services running on osgeo9 ===
 +
==== hop ====
 +
'''Container Name:''' hop (hop.osgeo9.osgeo.org). For LDAP users allows them to hop thru to get to other containers.
 +
 
 +
==== nginx ====
 +
'''Container Name:''' nginx (for web proxy of traffick) currently weblate.osgeo.org, and additional mirror proxy for download.osgeo.org
 +
 
 +
==== dronie-client ====
 +
a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs
 +
 
 +
==== weblate ====
 +
'''Container Name:''' weblate (for doc translation)
 +
 
 +
Houses: https://weblate.osgeo.org  (for document translation to different languages)
 +
For further details refer to [[SAC:Weblate]]
 +
 
 +
== osgeo 7 ==
 +
 
 +
Server added June 2018. Intended to replace osgeo3 and old osgeo4 (before reformat).
 +
[[osgeo7|Configuration Details]]
 +
 
 +
[https://git.osgeo.org/gitea/sac/osgeo7/wiki/_pages Container setup of all the osgeo7 servers is located in https://git.osgeo.org/gitea/sac/osgeo7/wiki/_pages]
 +
 
 +
Running LXD 3 snap based container management -- LXD version 3.17 as of 2019-09-15
 +
 
 +
=== Accessing osgeo7 containers via ssh ===
 +
 
 +
Only the download.osgeo.org is directly exposed ssh via port 22.  To access the other containers, you can tunnel thru
 +
download.osgeo.org -- You need to be in the shell group to be able to access download and the other servers.  If you are not already put in a [https://trac.osgeo.org/osgeo/newticket SAC Ticket Request].  You also need to have your public key registered. To do so edit your profile [https://id.osgeo.org/ldap/edit]  (and put in your public key)
 +
 
 +
A convenient block to add to your own `.ssh/config` file follows:
 +
 
 +
 
 +
Host osgeo7-*
 +
  ProxyCommand ssh your_osgeo_id@hop.osgeo7.osgeo.org -W $(sed -e "s/^osgeo7-//;s/$/.lxd/" <<< "%h"):%p
 +
  IdentityFile "path/to/your/private/key"
 +
 
 +
With the above in place, you can connect to any container using:
 +
 
 +
  ssh your_id@osgeo7-<container_name>
 +
 
 +
'''Troubleshooting:''' In case of "Permission denied (publickey)." after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers.
 +
 
 +
Ugly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key):
 +
 
 +
  vim .ssh/config
 +
  ...
 +
  Host *
 +
    ...
 +
    PubkeyAcceptedKeyTypes +ssh-rsa
 +
 
 +
... but better read e.g. [https://dev.to/bowmanjd/upgrade-ssh-client-keys-and-remote-servers-after-fedora-33-s-new-crypto-policy-47ag here]!
 +
 
 +
 
 +
=== Services on osgeo7 ===
 +
 
 +
==== Download ====
 +
* Houses: https://upload.osgeo.org, https://bottle.download.osgeo.org download sites
 +
** '''Moved 5/5/2019 from osgeo3'''
 +
* Setup of https://upload.osgeo.org detailed in [https://git.osgeo.org/gitea/sac/osgeo7/wiki/Download-Container OSGeo7 Download container]
 +
* It is also the official hop container for osgeo7.  Accessible via ssh hop.osgeo7.osgeo.org
 +
* It's a debian 10 container (now locked down to only allow ssh key access / ldap auth) for ssh.  It is running nginx instead of apache that the old ran. <del>It has webdav with single local htaccess account geotools for geotools bot use.</del>
 +
 
 +
In order to be able to log in or sftp
 +
 
 +
* You must be a member of the OSGeo shell group which can be granted from another person in shell group - [https://id.osgeo.org/ldap/shell Shell]
 +
* Once you are in shell group, go to https://id.osgeo.org/ldap/edit and put in your public key.
 +
 
 +
You should then be able to log into download (and all other hop servers on the other hosts) with your private key.
 +
 
 +
You can put in a [https://trac.osgeo.org/osgeo/newticket ticket] to request such access.
 +
 
 +
==== nginx  ====
 +
Proxy that routes all http/https traffic for the other containers (can be accessed via osgeo7 host lxc or ubuntu@osgeo7-nginx if your key is installed on ubuntu user).
 +
The nginx container holds the letsencrypt https SSL certs for all the containers and handles the renewal of the letsencrypt certs using certbot renew cronjob.
 +
Prometheus server to collect all monitoring logs from OSGeo7 (only accessible by OSGeo3), these get queried via monitor.osgeo.org (running on osgeo3) via grafana server.
 +
 
 +
 
 +
==== wordpress ====
 +
Houses: https://www.osgeo.org, https://2018.foss4g.org, https://2020.europe.foss4g.org websites
 +
Runs Debian 10 with OSGeo LDAP access
 +
 
 +
[https://git.osgeo.org/gitea/sac/osgeo7/wiki/wordpress-container Setup details of wordpress container]
 +
 
 +
==== Secure (LDAP )  ====
 +
[https://git.osgeo.org/gitea/sac/osgeo7/wiki/secure-container secure] -- ldap.osgeo.org [[SAC:LDAP]] used for ldap service (a rebuild of old secure.osgeo.osuosl.org) now on Debian 10
 +
 
 +
==== tracsvn (trac, svn, git) ====
 +
https://trac.osgeo.org, https://git.osgeo.org/gitea, https://svn.osggeo.org
 +
This used to be housed on osgeo3 in VM TracSVN VM, and was moved 2019-10-12 to osgeo7 as tracsvn container.
 +
It has since been upgraded to Debian 9 (Stretch with plans to upgrade more)
 +
* See [[TracSVN]] for full details, and some notes on services running here
 +
 
 +
See [[TracSVN]] for info about what it contains (spoiler: trac, svn, gitea)
 +
 
 +
==== old-wiki (stopped) ====
 +
This used to be housed on osgeo3, and was moved 2019-09-14 to osgeo7 as old-wiki container.
 +
wiki.osgeo.org moved back to osgeo3 on 2020-05-22 and in wiki container. The wiki container is a complete rebuild with files and database restored and upgraded.
 +
Refer to the osgeo3 section for more details.
 +
 
 +
[https://git.osgeo.org/gitea/sac/osgeo7/wiki/old-wiki-container old wiki container] -- used for wiki service (it is an lxd2pc created image of wiki.osgeo.osuosl.org VM that was on osgeo3)
 +
 
 +
See [[OSGeo Wiki]]
 +
 
 +
==== Nextcloud  ====
 +
 
 +
Running in container nextcloud-ubuntu on osgeo7,
 +
Ubuntu 20.04 LXD/nginx/postgresql 12 container for document sharing similar to dropbox/google drive - nextcloud-ubuntu.lxd - https://nextcloud.osgeo.org [https://git.osgeo.org/gitea/sac/osgeo7/wiki/Nextcloud-Ubuntu-Setup Nextcloud Setup]
 +
 
 +
Uses collabora (for document/view/editing)
 +
home of https://nextcloud.osgeo.org
 +
This server does not use ssh osgeo-ldap as it was the first container built.  However nextcloud.osgeo.org does authenticate with osgeo ldap.
 +
 
 +
TODO: add special page for this
 +
 
 +
==== collabora ====
 +
https://collabora.osgeo.org
 +
Ubuntu 18.04 LXD container for  LibreOffice/MS Office online document editor currently used exclusively by nextcloud.osgeo.org.  Setup detailed in Nextcloud setup.
 +
 
 +
==== live ====
 +
Home of live.osgeo.org (created 2021-10-05ish
 +
Running Ubuntu 20.04 with OSGeo LDAP SSH
 +
 
 +
==== dronie-server ====
 +
*  2.0 server of drone.io runs in an LXD container details [[Dronie]] https://dronie.osgeo.org
 +
 
 +
==== old-projects ====
 +
-- this is the old projects.osgeo.osuosl.org migrated from osgeo4 as an lxd container, so more or less the same as it was before, with the exception that all the websites are now proxied thru the nginx container.  Websites on it are community-review.foss4g.org and spatialreference.org
 +
 
 +
To access you need to go thru download.osgeo.org -> old-projects
 +
 
 +
 
 +
==== old-web ====
 +
The old web.osgeo.osuosl.org (was on osgeo3)
 +
 
 +
* mapguide.osgeo.org
 +
 
 +
==== ldap-web ====
 +
 
 +
Currently housing https://id.osgeo.org/ for LDAP management.
 +
Deployed via ansible
 +
 
 +
* id.osgeo.org
 +
 
 +
==== old-webextra ====
 +
This is a replica of webextra.osgeo.osuosl.org that was hosted on osgeo3
 +
 
 +
Started move on November 29th 2019 and completed December 8th, 2019
 +
* foss4g.org
 +
* europe.foss4g.org
 +
* video.foss4g.org
 +
* planet.osgeo.org
 +
* various old foss4g.org years
 +
* <del>live.osgeo.org</del> moved to dedicated container
 +
* journal.osgeo.org (not sure what this is for, should be retired?)
 +
 
 +
==== pycsw ====
 +
'''Container Name:''' pycsw
 +
 
 +
* https://demo.pycsw.org
 +
* '''OGC CSW Reference Implementation and Server demo'''
 +
* deployment setup at https://github.com/geopython/demo.pycsw.org
 +
* running hourly teardown/setup cron via docker-compose
 +
* migrated from [[AdhocVM#Existing_services_hosted_on_the_Ad-hoc_VM:|Adhoc VM]] thanks to [https://trac.osgeo.org/osgeo/ticket/2452 SAC] (May 2020)
 +
 
 +
==== mapserver ====
 +
'''Container Name:''' mapserver
 +
 
 +
* https://demo.mapserver.org  (Moved from old-adhoc 2021-11-07)
 +
* host of many services for the MapServer community: see https://wiki.osgeo.org/wiki/MapServer_at_osgeo7
 +
* migrated from [https://wiki.osgeo.org/wiki/MapServer_at_AdhocVM Adhoc VM] thanks to [https://trac.osgeo.org/osgeo/ticket/2459 SAC] + jmckenna (July 2020)
 +
 
 +
=== osgeo7 decommissioned containers ===
 +
 
 +
==== <del>old-adhoc</del> ====
 +
 
 +
'''SHUTOFF as of 2022-01-29'''
 +
 
 +
[[AdhocVM|old-adhoc]] -- this is the old adhoc.osgeo.osuosl.org migrated 2019-05-08 from osgeo4 as an lxd container. 
 +
Used by osgeo-live for there test docs and by grass for earthquake, and mapserver for demo.
 +
Note that there is a new live (container that osgeo-live will more to), there is also a mapserver container (which mapserver have started to move their demo to)
 +
 
 +
To access via ssh you should go thru download.osgeo.org -> old-adhoc.lxd
 +
It is accessible via https://adhoc.osgeo.org and http://adhoc.osgeo.osuosl.org
 +
 
 +
* VM used for projects for various adhoc purposes.  Risks to system stability that would be unacceptable on the Projects VM may be ok here.
 +
* See [[AdhocVM]] for full details, and some notes on services running here.
 +
* eg http://adhoc.osgeo.osuosl.org/livedvd/docs/en/quickstart/
 +
 
 +
 
 +
== osgeo6 ==
 +
 
 +
* Mail
 +
* lists.osgeo.org
 +
See [[Osgeo6]] for full details
 +
 
 +
== Backup (osgeo5) ==
 +
* Backup now runs on dedicated hardware
 +
* Provides Rsync backups of download.osgeo.org
 +
* Provides Bacula backups of various VMs.
 +
* See [[SAC:Backups]] for details.
 +
 
 +
== osgeo4 ==
 +
 
 +
osgeo4 is a real server managed by OSUOSL - can be access via ssh tech_dev@osgeo4.osgeo.osuosl.org -p 2222  (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.
 +
 
 +
In August 2019 the server had new power supply put in and replacement disks.  It was reformatted with Ubuntu 18.04.3 to serve as secondary LXD host to osgeo7
 +
zfsutils-linux was installed so lxd can use zfs for storage.
 +
 
 +
=== sshing into osgeo4 containers ===
 +
Note that all the containers are closed off from direct ssh access except for the hop.osgeo4.osgeo.org.  To access the other containers, you need to hop through hop.
 +
hop container has port 22 open but requires ssh access so users who’ve been granted rights can hop thru it to other containers using hop.osgeo4.osgeo.org as name.
 +
 
 +
A convenient block to add to your own .ssh/config file follows where your_id could be your osgeo id or a local account on that container
 +
 
 +
Host osgeo4-*
 +
  ProxyCommand ssh your_osgeo_id@hop.osgeo4.osgeo.org -W $(sed -e "s/^osgeo4-//;s/$/.lxd/" <<< "%h"):%p
 +
  IdentityFile "path/to/your/private/key"
 +
  User your_id
 +
 
 +
Then to access say the wordpress-dev container, you'd do the below
 +
 
 +
ssh osgeo4-wordpress-dev
 +
 
 +
=== osgeo4 baremetal features ===
 +
It's makeup is as follows:
 +
{| class="wikitable"
 +
|-
 +
! Item !! Settings
 +
|-
 +
| Disks || 6 1.8 TB drives
 +
|-
 +
| Memory || 48 GB
 +
|-
 +
| CPUs || 8 Intel(R) Xeon(R) CPU E5540  @ 2.53GHz (8192kb cache)
 +
|}
 +
<pre>lsblk -i
 +
NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
 +
sda              8:0    0  1.8T  0 disk 
 +
|-sda1          8:1    0  953M  0 part 
 +
| `-md0          9:0    0  952M  0 raid1 /boot
 +
`-sda2          8:2    0 46.6G  0 part 
 +
  `-md1          9:1    0 46.5G  0 raid1
 +
|-lvm-root 253:0    0 37.3G  0 lvm  /
 +
`-lvm-swap 253:1    0  7.5G  0 lvm  [SWAP]
 +
sdb              8:16  0  1.8T  0 disk 
 +
|-sdb1          8:17  0  953M  0 part 
 +
| `-md0          9:0    0  952M  0 raid1 /boot
 +
`-sdb2          8:18  0 46.6G  0 part 
 +
  `-md1          9:1    0 46.5G  0 raid1
 +
|-lvm-root 253:0    0 37.3G  0 lvm  /
 +
`-lvm-swap 253:1    0  7.5G  0 lvm  [SWAP]
 +
sdc              8:32  0  1.8T  0 disk 
 +
sdd              8:48  0  1.8T  0 disk 
 +
sde              8:64  0  1.8T  0 disk 
 +
sdf              8:80   0  1.8T  0 disk
 +
</pre>
 +
 
 +
<pre>
 +
sdc,sdd,sde,sdf  form a zfs osgeo4_lxd partition (sdc,sdd) mirrors sde,sdf for total lxd capacity of 3.62 TB
 +
</pre>
 +
 
 +
Nightly backups of osgeo3, osgeo7, and osgeo4 containers are kept here and named <container>-backup and be kept in a stopped state.
 +
 
 +
== Services running on osgeo4 ==
 +
 
 +
=== hop ===
 +
'''Container Name:''' hop - this is the only container with direct ssh access via ssh hop.osgeo4.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access
 +
 
 +
=== osgeo4-nginx ===
 +
'''Container Name:''' osgeo4-nginx ->> all web traffick from other containers on osgeo4 get proxied thru here
 +
 
 +
=== old-web-staging  ===
 +
'''Container Name:''' old-web-staging - used primarily for experimenting with changes to id.osgeo.org (old-web on osgeo7) like testing out OS and software upgrade etc, changes to LDAP forms and registration, before applying to id.osgeo.org. - https://id.staging.osgeo.org
 +
 
 +
=== pretalx-staging  ===
 +
'''Container Name:''' pretalx-staging - used primarily for experimenting with changes to talks.osgeo.org (pretalx on osgeo3) like testing out Docker builds and software upgrade etc, before applying to talks.osgeo.org. - https://talks.staging.osgeo.org
 +
 
 +
=== wordpress-dev  ===
 +
'''Container Name:''' wordpress-dev - used primarily for osgeo.org main website development - https://staging.www.osgeo.org, https://dev.www.osgeo.org
 +
 
 +
=== wiki-dev  ===
 +
'''Container Name:''' wiki-dev - used primarily for experimenting with changes to wiki.osgeo.org like testing out OS and software upgrade etc before appying to wiki.osgeo.org. - https://dev.wiki.osgeo.org
 +
 
 +
=== wiki-staging  ===
 +
'''Container Name:''' wiki-staging - used primarily for upgrade changes to wiki.osgeo.org like testing out OS and software upgrade etc before applying to wiki.osgeo.org. - https://staging.wiki.osgeo.org.  The construction of this container is managed by sac ansible-deployment.
 +
 
 +
=== tracsvn-dev  ===
 +
'''Container Name:''' tracsvn-dev - This is a 2019-09-05 lxd2pc image of tracsvn.osgeo.osuosl.org (now on osgeo7 as tracsvn) used primarily for experimenting like testing out OS, git and software upgrade etc before appying to production. -- https://dev.git.osgeo.org, https://dev.tracsvn.osgeo.org Has the following sites: https://dev.trac.osgeo.org, https://dev.git.osgeo.org/gitea, https://dev.svn.osgeo.org
 +
 
 +
=== dronie-client  ===
 +
'''Container Name:''' dronie-client - This is a debian 10 machine, with OSGeo LDAP authentication and a drone-agent docker running.  To be used with https://dronie.osgeo.org
 +
 
 
== osgeo3 ==
 
== osgeo3 ==
=== wiki.osgeo.org ===
+
osgeo3 physical server refer to [[osgeo3|Configuration Details]] for hardware specs. It is used to run production, but moderately risky things. Refer to [[SAC:Old-osgeo3]] for past history before osgeo3 was rebuilt.
* VM alias is Wiki
+
osgeo3 is a hosted by OSUOSL - can be accessed via ssh tech_dev@osgeo3.osgeo.osuosl.org -p 2222  (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.
* http://wiki.osgeo.org is now hosted on this virtual machine.
 
* Primarily administered by Martin.
 
* [http://trac.osgeo.org/osgeo/ticket/103 old migration notes] may be helpful.
 
  
=== Secure ===
+
=== sshing into osgeo3 containers ===
* Migration of LDAP to this virtual machine planned.
+
Note that all the containers are closed off from direct ssh access except for the hop.osgeo3.osgeo.org.  To access the other containers, you need to hop through hop.osgeo3.osgeo.org.
See [[Infrastructure Transition Plan 2010#Final_Plan]] for full details.
+
hop container has port 22 open but requires ssh access, you need to be added to shell group and have your ssh keys registered on your profile https://id.osgeo.org/ldap/edit). Users who’ve been granted rights can hop thru it to other containers using hop.osgeo3.osgeo.org as name.  Other containers may or may not allow password access. It's up to the those who manage the internal containers.
=== TracSvn===
 
* Hosts svn.osgeo.org [[Subversion]] service.
 
* Hosts trac.osgeo.org [[Trac Instances]].
 
  
=== Web ===
+
A convenient block to add to your own .ssh/config file follows
* Transition in Progress
+
# this is only needed if you you use different private keys for different servers
See [[Infrastructure Transition Plan 2010#Final_Plan]] for full details.
+
Host hop.osgeo3.osgeo.org
 +
  IdentityFile "path/to/your/private/key"
  
=== Base ===
+
Host osgeo3-*
* Template VM used when creating new VMs.  
+
  ProxyCommand ssh '''your_osgeo_id'''@hop.osgeo3.osgeo.org -W $(sed -e "s/^osgeo3-//;s/$/.lxd/" <<< "%h"):%p
* Not normally running - make a special request to OSL to start it up.
+
  IdentityFile "path/to/your/private/key"
  
== osgeo4 ==
+
Then to access say the nexus container, you'd do the below where your_id could be your osgeo id or a local account on that container
=== backup.osgeo.org ===
+
 
* Provides rsync backups of download.osgeo.org
+
ssh '''your_id'''@osgeo3-nexus
* Will provide backula backups of various VMs.
+
 
* VM alias is Backup
+
=== hop ===
* See [[SAC:Backups]] for details.
+
This is the only container with direct ssh access via ssh hop.osgeo3.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access which you can register by editing your ldap profile.
 +
 
 +
=== osgeo3-nginx ===
 +
nginx proxy all web-traffic via the  (using IP: 140.211.15.6 web-osgeo3.osgeo.osuosl.org), the second ip is not in use, but may be used for a secondary nginx, to temporarily host osgeo7/osgeo4 containers in case of major hardware upgrades
 +
 
 +
=== demo-pygeoapi ===
 +
 
 +
Ubuntu 20.04 future home of https://demo.pygeoapi.io
  
=== Projects ===
+
=== dronie-client ===
* General purpose home for OSGeo projects which do not garner heavy enough a load to require their own VM.
+
This is a debian 10 lxd container running docker. Currently has just one running docker osgeo-drone-agent to serve as a client for dronie-server (dronie.osgeo.org running on osgeo7)
* See [[Infrastructure_Transition_Plan_2010#Final_Plan]] for full details.
 
* www.remotesensing.org - /osgeo/remotesensing.org - admined by FrankW.
 
* www.gdal.org - /osgeo/gdal - admined by FrankW
 
* 2010.foss4g.org - /osgeo/foss4g/2010 - admined by frank/lorenzo?
 
* mapserver.org - /osgeo/mapserver.org - admined by hobu
 
  
=== QGIS ===
+
=== geo-docs ===
* VM used by the QGIS project.   
+
Debian 11
* Shell access only for the [https://www.osgeo.org/cgi-bin/auth/ldap_shell.py?group=qgis QGIS shell access group].  
+
lastools.osgeo.org (as of 2021-10-06 snapshot of https://www.cs.unc.edu/~isenburg/lastools/ see https://trac.osgeo.org/osgeo/ticket/2649 )
* Details on configuration to follow...
+
planned home for docs.geotools.org, docs.geoserver.org, docs.geowebcache.org
* Running joomla 1.5.18 and mediawiki
 
  
=== WebExtra ===
+
=== grass-wiki ===
* Migration of Planet and small helper applications to this virtual machine in progress.
+
Debian 10 (copy of wiki) Future home of grasswiki.osgeo.org
See [[Infrastructure Transition Plan 2010#Final_Plan]] for full details.
 
  
= Peer1 =
+
=== limesurvey ===
 +
Debian 10, PostgreSQL 13, PHP 8 with ldap/ssh. https://limesurvey.osgeo.org
 +
Setup detailed on [https://git.osgeo.org/gitea/sac/osgeo3/wiki/limesurvey-container limesurvey container]
  
== www.osgeo.org (osgeo1) ==
 
  
* [[SAC:Primary Administrators]]
 
* Lots of config information in the [[Migration Documentation]].
 
* [[SAC:Backups]] describes backup strategy.
 
* Web pages (Drupal) - Tyler Mitchell, ... ([[OSGeo Portal Site|info]])
 
* postfix - Tyler Mitchell, ...
 
* Linux updates - Tyler Mitchell, ...
 
* LDAP - Howard Butler
 
* SSL certificate - Shawn Barnes (configuration)
 
* DNS (via Pairnic) - Shawn Barnes
 
* IPTABLES - Shawn Barnes
 
* a few osgeo.org services are monitored by HTTP monitoring scripts, notification goes to Frank Warmerdam, Shawn Barnes and Daniel Morissette - operated by Daniel.
 
* Virtual Hosts (on same server)
 
** lists.osgeo.org (mailman) - Tyler Mitchell ([[SAC:Mailing Lists|info]])
 
** fdo.osgeo.org
 
** mapguide.osgeo.org
 
** grass.osgeo.net - Wolf (drupal trial) &rarr; moved to download.osgeo.org 2/2008 (??)
 
** conference.osgeo.org - [[Conference System]] (also: [[SAC:Setup_OCS]]), Tyler
 
*** foss4g.org (main portal), 2009, 2006 hosted here.  <s>'''2010 is hosted on telascience but temporarily resurrected here during telascience outage 26apr10'''</s> (2010 switched back)
 
** journal.osgeo.org / osgeo.org/ojs - [[Journal System]], Tyler
 
** Redirects for many chapter and other urls handled via /etc/httpd/conf.d/rewrite.conf
 
  
'''Emergency plans:'''
+
=== matrix ===
 +
'''Container Name:''' matrix - debian10 lxd container with ldap/ssh.  Manages matrix bridges and allows users to access matrix using their OSGeo LDAP accounts.
  
See: [[SAC:Admin and Troubleshooting]]
+
See [[SAC:MatrixSynapse]] for full detail.
  
== test.osgeo.org (osgeo2) ==
+
=== nexus (repo.osgeo.org, docker.osgeo.org) ===
 +
See [[SAC:Repo]] this is a debian 10 lxd container running docker 19.  It currently has one docker container running within it called nexus -- exposed as repo.osgeo.org on nginx.
  
This is the other peer1 host, primary used for backup and development testing of services.
+
=== pretalx  ===
 +
Ubuntu 20.04 with OSGeo LDAP and Docker installed.  pretalx software runs in Docker.
 +
https://talks.osgeo.org - for OSGeo Talk collection and voting - currently used by FOSS4G2021
  
* /home/back: 6/24 hour backups from osgeo1 (by rsync)
+
=== wiki ===
* /home/other_backups: daily backups from download.osgeo.org by rsync.
+
(wiki.osgeo.org) - debian10 lxd container with ldap/ssh (MediaWiki 1.34, 10.3.22-MariaDB, PHP 7.3)
* Development drupal instance
 
* <s>wiki.osgeo.org</s> is no longer hosted here. (moved to osuosl osgeo3)
 
* <s>A temporary qgis.org joomla instance lives here, managed by Werner Macho.</s> (moved to osuosl osgeo4)
 
* /var/www/moodle install was a test/demo for education committee, Arnulf, Tyler, Charlie S.
 
* http://planet.osgeo.org - [[PlanetOSGeo#Planet_Configuration|Planet_Configuration]] administered by Mateusz (Tyler as backup)
 
* /var/www/wiki_wiktionary - is http://geodictionary.osgeo.org - admin by Martin, owned by Markus Neteler
 
* /var/www/community - is http://community.osgeo.net - Drupal including a CivicCRM module for Tyler/secretary to track contacts
 
* FOSSGIS wiki - Arnulf, Martin, Dietmar
 
* Private board wiki - Tyler, Board
 
* /var/www/livedvd - copy (from SVN)) of live dvd download page, for use with live.osgeo.org
 
  
== osgeo3 & osgeo4 ==
+
Note that this is a rebuild of wiki.osgeo.org that used to be on osgeo7 old-wiki container.  Move 2020-05-22
 +
Setup steps are at [https://git.osgeo.org/gitea/sac/osgeo3/wiki/wiki-container wiki container setup]
  
See: [[Infrastructure Transition Plan 2010]]
+
=== monitor ===
 +
debian10 lxd container with ldap/ssh. https://monitor.osgeo.org (houses grafana dashboard (for all servers) and prometheus server for osgeo3 containers and pulls basic container metrics using node exporters pulled via prometheus servers. Requirs ldap to log into the web console.
  
= Telascience Blades =
+
Configuring servers for monitoring is detailed [https://git.osgeo.org/gitea/sac/prometheus-config Git Prometheus Config]
  
''This only describes some of the osgeo oriented systems and is not a full description of the telascience reality in any way''
 
  
== Telascience Disks ==
+
=== gallery ===
 +
gallery - debian 10, PostgreSQL 13, PHP 7.3 with ldap/ss. https://gallery.osgeo.org, https://nextcloud.gallery.osgeo.org
  
* [[TelaScience]]
 
  
== HyperCube ==
+
=== WebExtra ===
 +
** Retired December 8th, 2019 -- and moved to osgeo7 as container old-webextra
  
* Full details on [[HyperCube]]
+
* See [[WebExtraVM]] for full details (server: http://webextra.osgeo.osuosl.org)
* Used primarily for geodata serving.
+
* hosts http://planet.osgeo.org, http://mum03.mapserver.org, http://live.osgeo.org
 +
* http://foss4g.org (main portal) and archive of old sites 2006-2014
 +
* http://conference.osgeo.org - [[Conference System]] (also: [[SAC:Setup_OCS]])
 +
* http://journal.osgeo.org / osgeo.org/ojs - [[Journal System]]
 +
* Redirects for many chapter and other urls handled via /etc/httpd/conf.d/rewrite.conf
  
== Lantronix SLC8 ==
+
= Cloud Hosted Servers and other external under SAC Control =
  
deviceports
+
== Future Hosting Plans for Windows / Mac Building ==
  
1  B1600-SC0  << blade consoles
+
[[SAC_Shared_Building_Services|SAC Shared Building Services]]
2 B1600-SC1
 
3 LX50
 
4 Port-4
 
5 SE3510
 
6 Port-6
 
7 V20z
 
  
* ssh sdsu-slc.telascience.org
 
  
[SDSU-SLC]> connect direct deviceport 1
+
== Atlantic.net ==
Connected to port 1. Escape sequence is ESC A << Important Info
 
username:
 
password:
 
B1600-sc>
 
B1600-sc>console S11
 
[Connected with input enabled on fru S11]
 
Escape Sequence is '#.' << Important Info
 
  
  [root@xblade11]#
+
* host.postgis.net -p 2222 is an LXD Ubuntu 18.04 16GB RAM/ 6 vCPU, 350GB data, 250GB block storage
 +
* Currenlty running two lxd containers:
 +
    debbie: debian 10 postgis.net, planet.postgis.net, debbie.postgis.net (jenkins build bot)  
 +
    debbie-docker.host.postgis.net - runs docker and serves as a 1.0 agent for dronie.osgeo.org
  
 +
= QGIS off OSGeo =
 +
Services on separated machines rented and managed by the QGIS project at hetzner
  
== xblade10-2 ==
+
* website including documentation http://www.qgis.org
*(198.202.74.215) FC4
+
* website building, documentation building, debian/ubuntu nightlies, plugins.qgis.org
* [https://www.osgeo.org/cgi-bin/auth/ldap_shell.py LDAP Shell] enabled, yum updated Nov 5th/2006.
+
* issues.qgis.org: redmine
* [[mapbender at mapbender.telascience.org]] (postgres, mysql running)
 
* [[demo.mapserver.org]] : demo map servers for MapServer project
 
* GeoNetwork opensource website http://geonetwork-opensource.org or http://geonetwork-opensource.telascience.org
 
  
The Plone service should start automatically. In case it doesn't it can be started manually running ''/etc/rc.d/init.d/zopectl start''
+
= Historical servers (not more in use) =
  
** https://198.202.74.215/phpMyAdmin/
+
- [[Telascience Blades (Historical)]]
** https://198.202.74.215/phpPgAdmin/
 
  
== xblade11-2 (buildtest) ==
+
== web18a.osgeo.osuosl.org ==
* (198.202.74.216) FC4 (DNS: buildtest.osgeo.org)
+
NO LONGER USED - turned off
* [https://www.osgeo.org/cgi-bin/auth/ldap_shell.py LDAP Shell] enabled, normal system setup done. March 28, 2008
+
'''2019-09-03 Production services www.osgeo.org, 2018.foss4g.org moved to wordpress container on [[osgeo7]]
* This server got a new disk in February because the old one died, so all previous contents are lost.  
+
Staging services (staging.www.osgeo.org, dev.www.osgeo.org move to wordpress-dev container on [[osgeo4]]
* Use 87GB /osgeo partition for bulk of work on this system, limited space in /home.
+
Grass wordpress is disabled as grass decided to go with another solution, so have grass container on osgeo7'''
* Assigned as a build and regression testing server for Buildbot slaves, and related systems like Hudson for GeoNetwork and Geotools.
+
(Cloud hosted server on OSUOSL hardware (not ours) )
* '''Hudson does not restart automatically!'''
+
* Debian 9.3 4GB server, host name: web18a.osgeo.osuosl.org require ssh key to log in.
* Details on the [[Hudson Configuration]] on this system.
+
* Hosts wordpress sites staging.www.osgeo.org,www.osgeo.org, staging.grass.osgeo.org, foss4g2018.osgeo.org
* hosts tiles for the mapserver front page demo [[MapServerTiles]]
+
* Setup details on [https://git.osgeo.org/gitea/osgeo/www_apache_configs/wiki/Web18a-setup Web18a setup]
* host foss4g2009 workshop uploads per [http://trac.osgeo.org/osgeo/ticket/407 #407]
 
* host foss4g2010 workshop uploads per [http://trac.osgeo.org/osgeo/ticket/563 #563]
 
  
== xblade12-2 (Kids GIS) ==
 
* (198.202.74.217) FC4
 
* new server: new install, no ldap or remotely mounted home.
 
* This machine is allocated to [[Kids GIS Portal]]
 
  
== xblade13-2 (download) ==
+
== OSGeo funtoo ==
* (198.202.74.218) FC4
 
* * [https://www.osgeo.org/cgi-bin/auth/ldap_shell.py LDAP Shell] enabled
 
* download.osgeo.org ([[Download Server]]) - lots of disk space (transitioning to here)
 
* disk also exported to .219 (for shared /osgeo/download directory)
 
* GRASS usage: [http://download.osgeo.org/grass/ source code], [http://download.osgeo.org/grass/grass6_progman/ ProgManual] (built on buildbot .219), [http://download.osgeo.org/grass/grass6_manuals/html63_user/ UserManual] (built on buildbot .219), [http://download.osgeo.org/grass/grass63/binary/linux/ Linux binaries] (built on buildbot .219)
 
  
== xblade14-2 (buildbot | upload | GeoTools | Gallery | FOSS4G2007) ==
+
For lxd experimentation it's an lxd container running other lxd containers and provided by funtoo.org.
* (198.202.74.219) FC4
 
* [https://www.osgeo.org/cgi-bin/auth/ldap_shell.py LDAP Shell] enabled, yum updated July 19th/2006.
 
* buildbot.osgeo.org: [[OSGeo BuildBot Configuration]].
 
* Using for [[Community Mapbuilder Continuum Builds]].
 
* MapServer
 
** script preparing nightly svn snapshots (/osgeo/mapserver - cronjob under frankw)
 
** mapserver.org: /osgeo/mapserver/mapserver-web, including scripts to recreate things using Sphinx (hobu/jmckenna)
 
* <strike>GRASS (http://grass.osgeo.org/)</strike> (''migrated to projects.osgeo.osuosl.org'')
 
** <strike>/osgeo/grass/grass-web is the svn checkout of the grass website (updated once per hour).</strike>
 
** <strike>/osgeo/grass/rsync is the server which also operated as rsync mirror master (under the 'grass' rsync module)</strike>
 
** <strike>Mediawiki (using mysql)</strike>
 
* GeoTools (http://www.geotools.org)
 
** /osgeo/geotools/geotools-web is GeoTools home using plain HTML
 
  
== xblade15-2 ==
+
OSGeo is paying funtoo via treasurer at osgeo.org.
* (198.202.74.220) FC4
 
* ldap.telascience.org: Fedora Directory Server. LDAP server.
 
* osgeo.telascience.org: Plone
 
* txtmob.telascience.org: SMS Smart Mob system
 
* gpstrack.telascience.org: Plone GPS / APRS / Cell tracking .... wishing ;)
 
* mediawiki.telascience.org (likely unused since wiki.osgeo.org ended up on osgeo2)
 
* ISO mirroring
 
  
== sparcblade7 ==
+
* [https://git.osgeo.org/gitea/sac/osgeo_funtoo OSGeo Funtoo] osgeo.host.funtoo.org
  
* (198.202.74.212)
 
* HJG still working to setup.
 
* HJG plans to use for a telascience ldap server.
 
* [[User:Warmerda|Frank Warmerdam]] / [[User:Mloskot|Mateusz Loskot]] plans to deploy buildbot slaves (bigendian sparc solaris!)
 
  
== sparcblade8 ==
+
* funtoo LXDs currently running:
* (198.202.74.213) Solaris 2.9
+
** <del>[https://limesurvey.osgeo.org LimeSurvey] -this may be in future migrated to osgeo7 or osgeo3</del>
* civicspace.telascience.org: experimental community portal
+
Migrated to osgeo3  2020-11-28
  
== hypersphere ==
 
* (hypersphere.calit2.net)
 
* [http://irc.telascience.org/cgi-bin/irc.cgi Web based IRC client]
 
  
 
[[Category:Infrastructure]]
 
[[Category:Infrastructure]]
 +
[[Category:Services]]

Latest revision as of 15:36, 12 May 2022

Infrastructure of OSGeo System Administration Committee (SAC)

For emergency plans see: SAC:Admin and Troubleshooting


Contents

Servers at OSL

Open Source Labs - 4 physical machines containing x virtual machines.


Logging into Physical Machines

Currently we have osgeo6 and backup.osgeo.osuosl.org that are physical machines under LDAP control.

Note this does not apply to osgeo3, osgeo4, osgeo7, osgeo9 lxd hosts. Refer to those sections for instructions on logging in. If hanging, see OSL for how to open a ticket with OSUOSL's support.

This section currently only applies to osgeo6 and backup.

All SAC administrators have LDAP auth to the OSL Machines.

To ssh into a server using your LDAP account, you can do the following replacing your_osgeo_login with your OSGeo login and vmname with the vm name of the server at OSL.

 ssh your_osgeo_login@servername.osgeo.osuosl.org

When prompted for password, use your OSGeo Login password.


SAC:Primary Administrators also have ssh key access in case LDAP is down and that will also apply to the physical machines. Worst case scenario use the information on Open Source Labs to file a ticket (SAC members only). Direct connection to virtual machines is by appending it's vm alias to .osgeo.osuosl.org.

Logging into LXD Hosts

OSGeo3, OSGeo4, and OSGeo7 are all Ubuntu 18.04 servers running LXD. Note that OSGeo3, OSGeo4, and OSGeo7 are all LXD Hosts running (at this moment all LXC containers). These instructions therefore apply to OSGeo3, OSGeo4, and OSGeo7 Hosts. LXD is a management system for LXC containers and QEMU VMS. LXD has a channel that covers its features.

To directly access the host, you go thru port 2222

  ssh tech_dev@server_name.osgeo.osuosl.org -p 2222

Only SAC:Primary Administrators have their ssh key installed under that account. In order to access via KVM of these in event servers do not come up on a reboot, you need to go thru OSU OSL VPN -- details in osgeo7-secure container for each.

A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosts follows:

   Host osgeo?
     User tech_dev
     HostName %h.osgeo.osuosl.org
     Port 2222

Then you would be able to log into those hosts with commands like:

   ssh osgeo7

Logging into LXD Containers and VMs

A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosted containers and vms is the following:

  Host osgeo*-*
    ProxyCommand ssh hop.$(sed -e "s/-.*//" <<< "%h").osgeo.org -W $(sed -e "s/^osgeo[^-*]-//;s/$/.lxd/" <<< "%h"):%p
    # this is only needed if you you use different private keys for different servers
    IdentityFile "path/to/your/private/key"

Then you'll be able to access a LXC Container or QEMU VM on machine `osgeo3` with:

  ssh osgeo3-matrix

And one on machine `osgeo7` with:

  ssh osgeo7-secure

Note you still need to know where each LXC host is hosted... See successive sections to know what's on which machine.

osgeo 8

Server added April 2021. Intended to provide additional LXD capacity and backup Configuration Details

Services running on osgeo8

hop

hop.osgeo8.osgeo.org - jump host for accessing containers/vms on osgeo8

nginx

http, https Proxy for all containers on osgeo8 and also provides mirror proxy for download.osgeo.org

dronie-client

a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs

grass

GRASS GIS server

Current DNS name: grass.osgeo.org (old CMS retired in 2020 to old.grass.osgeo.org, on osgeo6) (moved from osgeo7 to osgeo8 2022-05-12)

Debian 10 Buster

Web: Apache + Hugo (generated through cronjob from https://github.com/OSGeo/grass-website/), see https://github.com/OSGeo/grass-addons/tree/master/tools/cronjobs_osgeo_lxd

ssh: reachable via jumphost.

osgeo 9

Server added April 2021. Is an LXD host. Also Stores lxd images used by other lxd hosts. Configuration Details

Services running on osgeo9

hop

Container Name: hop (hop.osgeo9.osgeo.org). For LDAP users allows them to hop thru to get to other containers.

nginx

Container Name: nginx (for web proxy of traffick) currently weblate.osgeo.org, and additional mirror proxy for download.osgeo.org

dronie-client

a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs

weblate

Container Name: weblate (for doc translation)

Houses: https://weblate.osgeo.org (for document translation to different languages) For further details refer to SAC:Weblate

osgeo 7

Server added June 2018. Intended to replace osgeo3 and old osgeo4 (before reformat). Configuration Details

Container setup of all the osgeo7 servers is located in https://git.osgeo.org/gitea/sac/osgeo7/wiki/_pages

Running LXD 3 snap based container management -- LXD version 3.17 as of 2019-09-15

Accessing osgeo7 containers via ssh

Only the download.osgeo.org is directly exposed ssh via port 22. To access the other containers, you can tunnel thru download.osgeo.org -- You need to be in the shell group to be able to access download and the other servers. If you are not already put in a SAC Ticket Request. You also need to have your public key registered. To do so edit your profile [1] (and put in your public key)

A convenient block to add to your own `.ssh/config` file follows:


Host osgeo7-*
  ProxyCommand ssh your_osgeo_id@hop.osgeo7.osgeo.org -W $(sed -e "s/^osgeo7-//;s/$/.lxd/" <<< "%h"):%p
  IdentityFile "path/to/your/private/key"

With the above in place, you can connect to any container using:

 ssh your_id@osgeo7-<container_name>

Troubleshooting: In case of "Permission denied (publickey)." after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers.

Ugly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key):

 vim .ssh/config
 ...
 Host *
    ...
    PubkeyAcceptedKeyTypes +ssh-rsa

... but better read e.g. here!


Services on osgeo7

Download

In order to be able to log in or sftp

  • You must be a member of the OSGeo shell group which can be granted from another person in shell group - Shell
  • Once you are in shell group, go to https://id.osgeo.org/ldap/edit and put in your public key.

You should then be able to log into download (and all other hop servers on the other hosts) with your private key.

You can put in a ticket to request such access.

nginx

Proxy that routes all http/https traffic for the other containers (can be accessed via osgeo7 host lxc or ubuntu@osgeo7-nginx if your key is installed on ubuntu user). The nginx container holds the letsencrypt https SSL certs for all the containers and handles the renewal of the letsencrypt certs using certbot renew cronjob. Prometheus server to collect all monitoring logs from OSGeo7 (only accessible by OSGeo3), these get queried via monitor.osgeo.org (running on osgeo3) via grafana server.


wordpress

Houses: https://www.osgeo.org, https://2018.foss4g.org, https://2020.europe.foss4g.org websites Runs Debian 10 with OSGeo LDAP access

Setup details of wordpress container

Secure (LDAP )

secure -- ldap.osgeo.org SAC:LDAP used for ldap service (a rebuild of old secure.osgeo.osuosl.org) now on Debian 10

tracsvn (trac, svn, git)

https://trac.osgeo.org, https://git.osgeo.org/gitea, https://svn.osggeo.org This used to be housed on osgeo3 in VM TracSVN VM, and was moved 2019-10-12 to osgeo7 as tracsvn container. It has since been upgraded to Debian 9 (Stretch with plans to upgrade more)

  • See TracSVN for full details, and some notes on services running here

See TracSVN for info about what it contains (spoiler: trac, svn, gitea)

old-wiki (stopped)

This used to be housed on osgeo3, and was moved 2019-09-14 to osgeo7 as old-wiki container. wiki.osgeo.org moved back to osgeo3 on 2020-05-22 and in wiki container. The wiki container is a complete rebuild with files and database restored and upgraded. Refer to the osgeo3 section for more details.

old wiki container -- used for wiki service (it is an lxd2pc created image of wiki.osgeo.osuosl.org VM that was on osgeo3)

See OSGeo Wiki

Nextcloud

Running in container nextcloud-ubuntu on osgeo7, Ubuntu 20.04 LXD/nginx/postgresql 12 container for document sharing similar to dropbox/google drive - nextcloud-ubuntu.lxd - https://nextcloud.osgeo.org Nextcloud Setup

Uses collabora (for document/view/editing) home of https://nextcloud.osgeo.org This server does not use ssh osgeo-ldap as it was the first container built. However nextcloud.osgeo.org does authenticate with osgeo ldap.

TODO: add special page for this

collabora

https://collabora.osgeo.org Ubuntu 18.04 LXD container for LibreOffice/MS Office online document editor currently used exclusively by nextcloud.osgeo.org. Setup detailed in Nextcloud setup.

live

Home of live.osgeo.org (created 2021-10-05ish Running Ubuntu 20.04 with OSGeo LDAP SSH

dronie-server

old-projects

-- this is the old projects.osgeo.osuosl.org migrated from osgeo4 as an lxd container, so more or less the same as it was before, with the exception that all the websites are now proxied thru the nginx container. Websites on it are community-review.foss4g.org and spatialreference.org

To access you need to go thru download.osgeo.org -> old-projects


old-web

The old web.osgeo.osuosl.org (was on osgeo3)

  • mapguide.osgeo.org

ldap-web

Currently housing https://id.osgeo.org/ for LDAP management. Deployed via ansible

  • id.osgeo.org

old-webextra

This is a replica of webextra.osgeo.osuosl.org that was hosted on osgeo3

Started move on November 29th 2019 and completed December 8th, 2019

  • foss4g.org
  • europe.foss4g.org
  • video.foss4g.org
  • planet.osgeo.org
  • various old foss4g.org years
  • live.osgeo.org moved to dedicated container
  • journal.osgeo.org (not sure what this is for, should be retired?)

pycsw

Container Name: pycsw

mapserver

Container Name: mapserver

osgeo7 decommissioned containers

old-adhoc

SHUTOFF as of 2022-01-29

old-adhoc -- this is the old adhoc.osgeo.osuosl.org migrated 2019-05-08 from osgeo4 as an lxd container. Used by osgeo-live for there test docs and by grass for earthquake, and mapserver for demo. Note that there is a new live (container that osgeo-live will more to), there is also a mapserver container (which mapserver have started to move their demo to)

To access via ssh you should go thru download.osgeo.org -> old-adhoc.lxd It is accessible via https://adhoc.osgeo.org and http://adhoc.osgeo.osuosl.org


osgeo6

  • Mail
  • lists.osgeo.org

See Osgeo6 for full details

Backup (osgeo5)

  • Backup now runs on dedicated hardware
  • Provides Rsync backups of download.osgeo.org
  • Provides Bacula backups of various VMs.
  • See SAC:Backups for details.

osgeo4

osgeo4 is a real server managed by OSUOSL - can be access via ssh tech_dev@osgeo4.osgeo.osuosl.org -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.

In August 2019 the server had new power supply put in and replacement disks. It was reformatted with Ubuntu 18.04.3 to serve as secondary LXD host to osgeo7 zfsutils-linux was installed so lxd can use zfs for storage.

sshing into osgeo4 containers

Note that all the containers are closed off from direct ssh access except for the hop.osgeo4.osgeo.org. To access the other containers, you need to hop through hop. hop container has port 22 open but requires ssh access so users who’ve been granted rights can hop thru it to other containers using hop.osgeo4.osgeo.org as name.

A convenient block to add to your own .ssh/config file follows where your_id could be your osgeo id or a local account on that container

Host osgeo4-*
  ProxyCommand ssh your_osgeo_id@hop.osgeo4.osgeo.org -W $(sed -e "s/^osgeo4-//;s/$/.lxd/" <<< "%h"):%p
  IdentityFile "path/to/your/private/key"
  User your_id

Then to access say the wordpress-dev container, you'd do the below

ssh osgeo4-wordpress-dev

osgeo4 baremetal features

It's makeup is as follows:

Item Settings
Disks 6 1.8 TB drives
Memory 48 GB
CPUs 8 Intel(R) Xeon(R) CPU E5540 @ 2.53GHz (8192kb cache)
lsblk -i
NAME           MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda              8:0    0  1.8T  0 disk  
|-sda1           8:1    0  953M  0 part  
| `-md0          9:0    0  952M  0 raid1 /boot
`-sda2           8:2    0 46.6G  0 part  
  `-md1          9:1    0 46.5G  0 raid1 
	|-lvm-root 253:0    0 37.3G  0 lvm   /
	`-lvm-swap 253:1    0  7.5G  0 lvm   [SWAP]
sdb              8:16   0  1.8T  0 disk  
|-sdb1           8:17   0  953M  0 part  
| `-md0          9:0    0  952M  0 raid1 /boot
`-sdb2           8:18   0 46.6G  0 part  
  `-md1          9:1    0 46.5G  0 raid1 
	|-lvm-root 253:0    0 37.3G  0 lvm   /
	`-lvm-swap 253:1    0  7.5G  0 lvm   [SWAP]
sdc              8:32   0  1.8T  0 disk  
sdd              8:48   0  1.8T  0 disk  
sde              8:64   0  1.8T  0 disk  
sdf              8:80   0  1.8T  0 disk 
sdc,sdd,sde,sdf  form a zfs osgeo4_lxd partition (sdc,sdd) mirrors sde,sdf for total lxd capacity of 3.62 TB

Nightly backups of osgeo3, osgeo7, and osgeo4 containers are kept here and named <container>-backup and be kept in a stopped state.

Services running on osgeo4

hop

Container Name: hop - this is the only container with direct ssh access via ssh hop.osgeo4.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access

osgeo4-nginx

Container Name: osgeo4-nginx ->> all web traffick from other containers on osgeo4 get proxied thru here

old-web-staging

Container Name: old-web-staging - used primarily for experimenting with changes to id.osgeo.org (old-web on osgeo7) like testing out OS and software upgrade etc, changes to LDAP forms and registration, before applying to id.osgeo.org. - https://id.staging.osgeo.org

pretalx-staging

Container Name: pretalx-staging - used primarily for experimenting with changes to talks.osgeo.org (pretalx on osgeo3) like testing out Docker builds and software upgrade etc, before applying to talks.osgeo.org. - https://talks.staging.osgeo.org

wordpress-dev

Container Name: wordpress-dev - used primarily for osgeo.org main website development - https://staging.www.osgeo.org, https://dev.www.osgeo.org

wiki-dev

Container Name: wiki-dev - used primarily for experimenting with changes to wiki.osgeo.org like testing out OS and software upgrade etc before appying to wiki.osgeo.org. - https://dev.wiki.osgeo.org

wiki-staging

Container Name: wiki-staging - used primarily for upgrade changes to wiki.osgeo.org like testing out OS and software upgrade etc before applying to wiki.osgeo.org. - https://staging.wiki.osgeo.org. The construction of this container is managed by sac ansible-deployment.

tracsvn-dev

Container Name: tracsvn-dev - This is a 2019-09-05 lxd2pc image of tracsvn.osgeo.osuosl.org (now on osgeo7 as tracsvn) used primarily for experimenting like testing out OS, git and software upgrade etc before appying to production. -- https://dev.git.osgeo.org, https://dev.tracsvn.osgeo.org Has the following sites: https://dev.trac.osgeo.org, https://dev.git.osgeo.org/gitea, https://dev.svn.osgeo.org

dronie-client

Container Name: dronie-client - This is a debian 10 machine, with OSGeo LDAP authentication and a drone-agent docker running. To be used with https://dronie.osgeo.org

osgeo3

osgeo3 physical server refer to Configuration Details for hardware specs. It is used to run production, but moderately risky things. Refer to SAC:Old-osgeo3 for past history before osgeo3 was rebuilt. osgeo3 is a hosted by OSUOSL - can be accessed via ssh tech_dev@osgeo3.osgeo.osuosl.org -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.

sshing into osgeo3 containers

Note that all the containers are closed off from direct ssh access except for the hop.osgeo3.osgeo.org. To access the other containers, you need to hop through hop.osgeo3.osgeo.org. hop container has port 22 open but requires ssh access, you need to be added to shell group and have your ssh keys registered on your profile https://id.osgeo.org/ldap/edit). Users who’ve been granted rights can hop thru it to other containers using hop.osgeo3.osgeo.org as name. Other containers may or may not allow password access. It's up to the those who manage the internal containers.

A convenient block to add to your own .ssh/config file follows

# this is only needed if you you use different private keys for different servers
Host hop.osgeo3.osgeo.org
  IdentityFile "path/to/your/private/key"
Host osgeo3-*
  ProxyCommand ssh your_osgeo_id@hop.osgeo3.osgeo.org -W $(sed -e "s/^osgeo3-//;s/$/.lxd/" <<< "%h"):%p
  IdentityFile "path/to/your/private/key"

Then to access say the nexus container, you'd do the below where your_id could be your osgeo id or a local account on that container

ssh your_id@osgeo3-nexus

hop

This is the only container with direct ssh access via ssh hop.osgeo3.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access which you can register by editing your ldap profile.

osgeo3-nginx

nginx proxy all web-traffic via the (using IP: 140.211.15.6 web-osgeo3.osgeo.osuosl.org), the second ip is not in use, but may be used for a secondary nginx, to temporarily host osgeo7/osgeo4 containers in case of major hardware upgrades

demo-pygeoapi

Ubuntu 20.04 future home of https://demo.pygeoapi.io

dronie-client

This is a debian 10 lxd container running docker. Currently has just one running docker osgeo-drone-agent to serve as a client for dronie-server (dronie.osgeo.org running on osgeo7)

geo-docs

Debian 11 lastools.osgeo.org (as of 2021-10-06 snapshot of https://www.cs.unc.edu/~isenburg/lastools/ see https://trac.osgeo.org/osgeo/ticket/2649 ) planned home for docs.geotools.org, docs.geoserver.org, docs.geowebcache.org

grass-wiki

Debian 10 (copy of wiki) Future home of grasswiki.osgeo.org

limesurvey

Debian 10, PostgreSQL 13, PHP 8 with ldap/ssh. https://limesurvey.osgeo.org Setup detailed on limesurvey container


matrix

Container Name: matrix - debian10 lxd container with ldap/ssh. Manages matrix bridges and allows users to access matrix using their OSGeo LDAP accounts.

See SAC:MatrixSynapse for full detail.

nexus (repo.osgeo.org, docker.osgeo.org)

See SAC:Repo this is a debian 10 lxd container running docker 19. It currently has one docker container running within it called nexus -- exposed as repo.osgeo.org on nginx.

pretalx

Ubuntu 20.04 with OSGeo LDAP and Docker installed. pretalx software runs in Docker. https://talks.osgeo.org - for OSGeo Talk collection and voting - currently used by FOSS4G2021

wiki

(wiki.osgeo.org) - debian10 lxd container with ldap/ssh (MediaWiki 1.34, 10.3.22-MariaDB, PHP 7.3)

Note that this is a rebuild of wiki.osgeo.org that used to be on osgeo7 old-wiki container. Move 2020-05-22 Setup steps are at wiki container setup

monitor

debian10 lxd container with ldap/ssh. https://monitor.osgeo.org (houses grafana dashboard (for all servers) and prometheus server for osgeo3 containers and pulls basic container metrics using node exporters pulled via prometheus servers. Requirs ldap to log into the web console.

Configuring servers for monitoring is detailed Git Prometheus Config


gallery

gallery - debian 10, PostgreSQL 13, PHP 7.3 with ldap/ss. https://gallery.osgeo.org, https://nextcloud.gallery.osgeo.org


WebExtra

    • Retired December 8th, 2019 -- and moved to osgeo7 as container old-webextra

Cloud Hosted Servers and other external under SAC Control

Future Hosting Plans for Windows / Mac Building

SAC Shared Building Services


Atlantic.net

  • host.postgis.net -p 2222 is an LXD Ubuntu 18.04 16GB RAM/ 6 vCPU, 350GB data, 250GB block storage
  • Currenlty running two lxd containers:
   debbie: debian 10 postgis.net, planet.postgis.net, debbie.postgis.net (jenkins build bot)  
   debbie-docker.host.postgis.net - runs docker and serves as a 1.0 agent for dronie.osgeo.org

QGIS off OSGeo

Services on separated machines rented and managed by the QGIS project at hetzner

  • website including documentation http://www.qgis.org
  • website building, documentation building, debian/ubuntu nightlies, plugins.qgis.org
  • issues.qgis.org: redmine

Historical servers (not more in use)

- Telascience Blades (Historical)

web18a.osgeo.osuosl.org

NO LONGER USED - turned off 2019-09-03 Production services www.osgeo.org, 2018.foss4g.org moved to wordpress container on osgeo7 Staging services (staging.www.osgeo.org, dev.www.osgeo.org move to wordpress-dev container on osgeo4 Grass wordpress is disabled as grass decided to go with another solution, so have grass container on osgeo7 (Cloud hosted server on OSUOSL hardware (not ours) )

  • Debian 9.3 4GB server, host name: web18a.osgeo.osuosl.org require ssh key to log in.
  • Hosts wordpress sites staging.www.osgeo.org,www.osgeo.org, staging.grass.osgeo.org, foss4g2018.osgeo.org
  • Setup details on Web18a setup


OSGeo funtoo

For lxd experimentation it's an lxd container running other lxd containers and provided by funtoo.org.

OSGeo is paying funtoo via treasurer at osgeo.org.


  • funtoo LXDs currently running:
    • LimeSurvey -this may be in future migrated to osgeo7 or osgeo3

Migrated to osgeo3 2020-11-28