SAC Service Status
Infrastructure of OSGeo System Administration Committee (SAC)
For emergency plans see: SAC:Admin and Troubleshooting
- 1 Servers at OSL
- 1.1 Logging into Physical Machines
- 1.2 Logging into LXD Hosts
- 1.3 Logging into LXD Containers and VMs
- 1.4 osgeo 8
- 1.5 osgeo 9
- 1.6 osgeo 7
- 1.6.1 Accessing osgeo7 containers via ssh
- 1.6.2 Services on osgeo7
- 220.127.116.11 Download
- 18.104.22.168 nginx
- 22.214.171.124 grass
- 126.96.36.199 wordpress
- 188.8.131.52 Secure (LDAP )
- 184.108.40.206 tracsvn (trac, svn, git)
- 220.127.116.11 old-wiki (stopped)
- 18.104.22.168 nextcloud-ubuntu
- 22.214.171.124 collabora
- 126.96.36.199 live
- 188.8.131.52 dronie-server
- 184.108.40.206 old-projects
- 220.127.116.11 old-web
- 18.104.22.168 ldap-web
- 22.214.171.124 old-webextra
- 126.96.36.199 pycsw
- 188.8.131.52 mapserver
- 1.6.3 osgeo7 decommissioned containers
- 1.7 osgeo6
- 1.8 Backup (osgeo5)
- 1.9 osgeo4
- 1.10 Services running on osgeo4
- 1.11 osgeo3
- 1.12 WebExtra
- 2 Cloud Hosted Servers and other external under SAC Control
- 3 QGIS off OSGeo
- 4 Historical servers (not more in use)
Servers at OSL
Open Source Labs - 4 physical machines containing x virtual machines.
Logging into Physical Machines
Currently we have osgeo6 and backup.osgeo.osuosl.org that are physical machines under LDAP control.
Note this does not apply to osgeo3, osgeo4, osgeo7, osgeo9 lxd hosts. Refer to those sections for instructions on logging in. If hanging, see OSL for how to open a ticket with OSUOSL's support.
This section currently only applies to osgeo6 and backup.
All SAC administrators have LDAP auth to the OSL Machines.
To ssh into a server using your LDAP account, you can do the following replacing your_osgeo_login with your OSGeo login and vmname with the vm name of the server at OSL.
When prompted for password, use your OSGeo Login password.
SAC:Primary Administrators also have ssh key access in case LDAP is down and that will also apply to the physical machines. Worst case scenario use the information on Open Source Labs to file a ticket (SAC members only). Direct connection to virtual machines is by appending it's vm alias to .osgeo.osuosl.org.
Logging into LXD Hosts
OSGeo3, OSGeo4, OSGeo7, OSGeo8, and OSGeo9 are all Ubuntu 20.04 servers running LXD. LXD is a management system for LXC containers and QEMU VMS. LXD has a channel that covers its features.
To directly access the host, you go thru port 2222
ssh tech_dev@server_name.osgeo.osuosl.org -p 2222
Only SAC:Primary Administrators have their ssh key installed under that account. In order to access via KVM of these in event servers do not come up on a reboot, you need to go thru OSU OSL OpenVPN. To get an OpenVPN account, you need to put in a support ticket to email@example.com. In order to qualify for an OpenVPN account, you need to be an OSGeo SAC administrator. You will also need to install OpenVPN client) to use your OpenVPN account.
Each host on the private KVM side is named https://osgeo8.osuosl.oob -- where replace osgeo8 with the relevant host. The .oob is the private network, so doesn't work unless you are connected to via OpenVPN.
The browser interface is sometimes clunky, so you might want to use ipmitool installable on linux/unix or wsl using relevant package manager. KVM passwords are stored in SAC password-store.
A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosts follows:
Host osgeo? User tech_dev HostName %h.osgeo.osuosl.org Port 2222
Then you would be able to log into those hosts with commands like:
Logging into LXD Containers and VMs
A convenient block to add to your ~/.ssh/config to easily login to osgeo's LXD hosted containers and vms is the following:
Host osgeo*-* ProxyCommand ssh hop.$(sed -e "s/-.*//" <<< "%h").osgeo.org -W $(sed -e "s/^osgeo[^-*]-//;s/$/.lxd/" <<< "%h"):%p # this is only needed if you you use different private keys for different servers IdentityFile "path/to/your/private/key"
Then you'll be able to access a LXC Container or QEMU VM on machine `osgeo3` with:
And one on machine `osgeo7` with:
Note you still need to know where each LXC host is hosted... See successive sections to know what's on which machine.
Server added April 2021. Intended to provide additional LXD capacity and backup Configuration Details
Services running on osgeo8
hop.osgeo8.osgeo.org - jump host for accessing containers/vms on osgeo8
http, https Proxy for all containers on osgeo8 and also provides mirror proxy for download.osgeo.org
a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs
Replica of download that is on osgeo7. Mirrors download and home folders from osgeo7. https://download-cache.osgeo.org
Centos 7 running PostgreSQL 15, PostGIS 3.3.2, gcc-4.8.5, cmake 3 Configured to be a github self-hosted runner for testing centos for pgrouting project
Debian 10 (copy of wiki) home of https://grasswiki.osgeo.org upgraded to Bullseye debian 11.
For pgrouting development use to do things like pushing docker images on a scheduled basis. Perhaps later for demo sites.
Server added April 2021. Is an LXD host. Also Stores lxd images used by other lxd hosts. Configuration Details
Services running on osgeo9
hop.osgeo9.osgeo.org. For LDAP users allows them to hop thru to get to other containers.
nginx (for web proxy of traffic of osgeo9 containers) additional mirror proxy for download.osgeo.org
a ci bot for dronie.osgeo.org which is used for git.osgeo.org/gitea ci jobs
Container Name: weblate (for doc translation)
(wiki.osgeo.org) - debian10 lxd container with ldap/ssh (MediaWiki 1.34, 10.3.22-MariaDB, PHP 7.3)
Note that this is a rebuild of wiki.osgeo.org that used to be on osgeo7 old-wiki container. Move 2020-05-22 Setup steps are at wiki container setup
Server added June 2018. Intended to replace osgeo3 and old osgeo4 (before reformat). Configuration Details
Running LXD 3 snap based container management -- LXD version 3.17 as of 2019-09-15
Accessing osgeo7 containers via ssh
Only the download.osgeo.org is directly exposed ssh via port 22. To access the other containers, you can tunnel thru download.osgeo.org -- You need to be in the shell group to be able to access download and the other servers. If you are not already put in a SAC Ticket Request. You also need to have your public key registered. To do so edit your profile  (and put in your public key)
A convenient block to add to your own `.ssh/config` file follows:
Host osgeo7-* ProxyCommand ssh firstname.lastname@example.org -W $(sed -e "s/^osgeo7-//;s/$/.lxd/" <<< "%h"):%p IdentityFile "path/to/your/private/key"
With the above in place, you can connect to any container using:
Troubleshooting: In case of "Permission denied (publickey)." after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers.
Ugly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key):
vim .ssh/config ... Host * ... PubkeyAcceptedKeyTypes +ssh-rsa
... but better read e.g. here!
Services on osgeo7
- Houses: https://upload.osgeo.org, https://bottle.download.osgeo.org download sites
- Moved 5/5/2019 from osgeo3
- Setup of https://upload.osgeo.org detailed in OSGeo7 Download container
- https://download.osgeo.org goes thru osgeo8 and osgeo9, but data is pulled from this container
- It is also the official hop container for osgeo7. Accessible via ssh hop.osgeo7.osgeo.org
- It's a debian 10 container (now locked down to only allow ssh key access / ldap auth) for ssh. It is running nginx instead of apache that the old ran.
It has webdav with single local htaccess account geotools for geotools bot use.
In order to be able to log in or sftp
- You must be a member of the OSGeo shell group which can be granted from another person in shell group - Shell
- Once you are in shell group, go to https://id.osgeo.org/ldap/edit and put in your public key.
You should then be able to log into download (and all other hop servers on the other hosts) with your private key.
You can put in a ticket to request such access.
Proxy that routes all http/https traffic for the other containers (can be accessed via osgeo7 host lxc or ubuntu@osgeo7-nginx if your key is installed on ubuntu user). The nginx container holds the letsencrypt https SSL certs for all the containers and handles the renewal of the letsencrypt certs using certbot renew cronjob. Prometheus server to collect all monitoring logs from OSGeo7 (only accessible by OSGeo3), these get queried via monitor.osgeo.org (running on osgeo3) via grafana server.
GRASS GIS server
Current DNS name: grass.osgeo.org
Debian 10 Buster
Web: Apache + Hugo (generated through cronjob from https://github.com/OSGeo/grass-website/), see https://github.com/OSGeo/grass-addons/tree/grass8/utils/cronjobs_osgeo_lxd
ssh: reachable via jumphost.
Secure (LDAP )
tracsvn (trac, svn, git)
https://trac.osgeo.org, https://git.osgeo.org/gitea, https://svn.osggeo.org This used to be housed on osgeo3 in VM TracSVN VM, and was moved 2019-10-12 to osgeo7 as tracsvn container. It has since been upgraded to Debian 9 (Stretch with plans to upgrade more)
- See TracSVN for full details, and some notes on services running here
See TracSVN for info about what it contains (spoiler: trac, svn, gitea)
This used to be housed on osgeo3, and was moved 2019-09-14 to osgeo7 as old-wiki container. wiki.osgeo.org moved back to osgeo3 on 2020-05-22 and in wiki container. The wiki container is a complete rebuild with files and database restored and upgraded. Refer to the osgeo3 section for more details.
old wiki container -- used for wiki service (it is an lxd2pc created image of wiki.osgeo.osuosl.org VM that was on osgeo3)
See OSGeo Wiki
https://nextcloud.osgeo.org Running in container nextcloud-ubuntu on osgeo7, Ubuntu 20.04 LXD/nginx/postgresql 12 container for document sharing similar to dropbox/google drive - nextcloud-ubuntu.lxd - https://nextcloud.osgeo.org Nextcloud Setup
Uses collabora (for document/view/editing) home of https://nextcloud.osgeo.org This server does not use ssh osgeo-ldap as it was the first container built. However nextcloud.osgeo.org does authenticate with osgeo ldap.
TODO: add special page for this
https://collabora.osgeo.org Ubuntu 18.04 LXD container for LibreOffice/MS Office online document editor currently used exclusively by nextcloud.osgeo.org. Setup detailed in Nextcloud setup.
Home of live.osgeo.org (created 2021-10-05ish Running Ubuntu 20.04 with OSGeo LDAP SSH
-- this is the old projects.osgeo.osuosl.org migrated from osgeo4 as an lxd container, so more or less the same as it was before, with the exception that all the websites are now proxied thru the nginx container. Websites on it are community-review.foss4g.org and spatialreference.org
To access you need to go thru download.osgeo.org -> old-projects
The old web.osgeo.osuosl.org (was on osgeo3)
Currently housing https://id.osgeo.org/ for LDAP management. Deployed via ansible
This is a replica of webextra.osgeo.osuosl.org that was hosted on osgeo3
Started move on November 29th 2019 and completed December 8th, 2019
- various old foss4g.org years
live.osgeo.orgmoved to dedicated container
- journal.osgeo.org (not sure what this is for, should be retired?)
Container Name: pycsw
- OGC CSW Reference Implementation and Server demo
- deployment setup at https://github.com/geopython/demo.pycsw.org
- running hourly teardown/setup cron via docker-compose
- migrated from Adhoc VM thanks to SAC (May 2020)
Container Name: mapserver
- https://demo.mapserver.org (Moved from old-adhoc 2021-11-07)
- host of many services for the MapServer community: see https://wiki.osgeo.org/wiki/MapServer_at_osgeo7
- migrated from Adhoc VM thanks to SAC + jmckenna (July 2020)
osgeo7 decommissioned containers
SHUTOFF as of 2022-01-29
old-adhoc -- this is the old adhoc.osgeo.osuosl.org migrated 2019-05-08 from osgeo4 as an lxd container. Used by osgeo-live for there test docs and by grass for earthquake, and mapserver for demo. Note that there is a new live (container that osgeo-live will more to), there is also a mapserver container (which mapserver have started to move their demo to)
- VM used for projects for various adhoc purposes. Risks to system stability that would be unacceptable on the Projects VM may be ok here.
- See AdhocVM for full details, and some notes on services running here.
- eg http://adhoc.osgeo.osuosl.org/livedvd/docs/en/quickstart/
See Osgeo6 for full details
- Backup now runs on dedicated hardware
- Provides Rsync backups of download.osgeo.org
- Provides Bacula backups of various VMs.
- See SAC:Backups for details.
osgeo4 is a real server managed by OSUOSL - can be access via ssh email@example.com -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.
In August 2019 the server had new power supply put in and replacement disks. It was reformatted with Ubuntu 18.04.3 to serve as secondary LXD host to osgeo7 zfsutils-linux was installed so lxd can use zfs for storage.
sshing into osgeo4 containers
Note that all the containers are closed off from direct ssh access except for the hop.osgeo4.osgeo.org. To access the other containers, you need to hop through hop. hop container has port 22 open but requires ssh access so users who’ve been granted rights can hop thru it to other containers using hop.osgeo4.osgeo.org as name.
A convenient block to add to your own .ssh/config file follows where your_id could be your osgeo id or a local account on that container
Host osgeo4-* ProxyCommand ssh firstname.lastname@example.org -W $(sed -e "s/^osgeo4-//;s/$/.lxd/" <<< "%h"):%p IdentityFile "path/to/your/private/key" User your_id
Then to access say the wordpress-dev container, you'd do the below
osgeo4 baremetal features
It's makeup is as follows:
|Disks||6 1.8 TB drives|
|CPUs||8 Intel(R) Xeon(R) CPU E5540 @ 2.53GHz (8192kb cache)|
lsblk -i NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 1.8T 0 disk |-sda1 8:1 0 953M 0 part | `-md0 9:0 0 952M 0 raid1 /boot `-sda2 8:2 0 46.6G 0 part `-md1 9:1 0 46.5G 0 raid1 |-lvm-root 253:0 0 37.3G 0 lvm / `-lvm-swap 253:1 0 7.5G 0 lvm [SWAP] sdb 8:16 0 1.8T 0 disk |-sdb1 8:17 0 953M 0 part | `-md0 9:0 0 952M 0 raid1 /boot `-sdb2 8:18 0 46.6G 0 part `-md1 9:1 0 46.5G 0 raid1 |-lvm-root 253:0 0 37.3G 0 lvm / `-lvm-swap 253:1 0 7.5G 0 lvm [SWAP] sdc 8:32 0 1.8T 0 disk sdd 8:48 0 1.8T 0 disk sde 8:64 0 1.8T 0 disk sdf 8:80 0 1.8T 0 disk
sdc,sdd,sde,sdf form a zfs osgeo4_lxd partition (sdc,sdd) mirrors sde,sdf for total lxd capacity of 3.62 TB
Nightly backups of osgeo3, osgeo7, and osgeo4 containers are kept here and named <container>-backup and be kept in a stopped state.
Services running on osgeo4
Container Name: hop - this is the only container with direct ssh access via ssh hop.osgeo4.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access
Container Name: osgeo4-nginx ->> all web traffick from other containers on osgeo4 get proxied thru here
Container Name: old-web-staging - used primarily for experimenting with changes to id.osgeo.org (old-web on osgeo7) like testing out OS and software upgrade etc, changes to LDAP forms and registration, before applying to id.osgeo.org. - https://id.staging.osgeo.org
Container Name: pretalx-staging - used primarily for experimenting with changes to talks.osgeo.org (pretalx on osgeo3) like testing out Docker builds and software upgrade etc, before applying to talks.osgeo.org. - https://talks.staging.osgeo.org
Container Name: wiki-dev - used primarily for experimenting with changes to wiki.osgeo.org like testing out OS and software upgrade etc before appying to wiki.osgeo.org. - https://dev.wiki.osgeo.org
Container Name: wiki-staging - used primarily for upgrade changes to wiki.osgeo.org like testing out OS and software upgrade etc before applying to wiki.osgeo.org. - https://staging.wiki.osgeo.org. The construction of this container is managed by sac ansible-deployment.
Container Name: tracsvn-dev - This is a 2019-09-05 lxd2pc image of tracsvn.osgeo.osuosl.org (now on osgeo7 as tracsvn) used primarily for experimenting like testing out OS, git and software upgrade etc before appying to production. -- https://dev.git.osgeo.org, https://dev.tracsvn.osgeo.org Has the following sites: https://dev.trac.osgeo.org, https://dev.git.osgeo.org/gitea, https://dev.svn.osgeo.org
Container Name: dronie-client - This is a debian 10 machine, with OSGeo LDAP authentication and a drone-agent docker running. To be used with https://dronie.osgeo.org
osgeo3 physical server refer to Configuration Details for hardware specs. It is used to run production, but moderately risky things. Refer to SAC:Old-osgeo3 for past history before osgeo3 was rebuilt. osgeo3 is a hosted by OSUOSL - can be accessed via ssh email@example.com -p 2222 (only people with their access keys installed can log in and doesn't allow password access) - password for tech_dev is in the secure container (on osgeo7) / access folder.
sshing into osgeo3 containers
Note that all the containers are closed off from direct ssh access except for the hop.osgeo3.osgeo.org. To access the other containers, you need to hop through hop.osgeo3.osgeo.org. hop container has port 22 open but requires ssh key access, you need to be added to shell group and have your ssh keys registered on your profile https://id.osgeo.org/ldap/edit). Users who’ve been granted rights can hop thru it to other containers using hop.osgeo3.osgeo.org as name. Other containers may or may not allow password access. It's up to the those who manage the internal containers.
A convenient block to add to your own .ssh/config file follows
# this is only needed if you you use different private keys for different servers Host hop.osgeo3.osgeo.org IdentityFile "path/to/your/private/key"
Host osgeo3-* ProxyCommand ssh firstname.lastname@example.org -W $(sed -e "s/^osgeo3-//;s/$/.lxd/" <<< "%h"):%p IdentityFile "path/to/your/private/key"
Then to access say the nexus container, you'd do the below where your_id could be your osgeo id or a local account on that container
This is the only container with direct ssh access via ssh hop.osgeo3.osgeo.org. To get to other containers, you need to hop thru this one. Requires ssh key access which you can register by editing your ldap profile.
nginx proxy all web-traffic via the (using IP: 184.108.40.206 web-osgeo3.osgeo.osuosl.org), the second ip is not in use, but may be used for a secondary nginx, to temporarily host osgeo7/osgeo8/osgeo9 containers in case of major hardware upgrades
Ubuntu 20.04 future home of https://demo.pygeoapi.io
This is a debian 10 lxd container running docker. Currently has just one running docker osgeo-drone-agent to serve as a client for dronie-server (dronie.osgeo.org running on osgeo7)
Debian 11 lastools.osgeo.org (as of 2021-10-06 snapshot of https://www.cs.unc.edu/~isenburg/lastools/ see https://trac.osgeo.org/osgeo/ticket/2649 ) planned home for docs.geotools.org, docs.geoserver.org, docs.geowebcache.org, planet.osgeo.org
Container Name: matrix - debian10 lxd container with ldap/ssh. Manages matrix bridges and allows users to access matrix using their OSGeo LDAP accounts.
See SAC:MatrixSynapse for full detail.
nexus (repo.osgeo.org, docker.osgeo.org)
See SAC:Repo this is a debian 10 lxd container running docker 19. It currently has one docker container running within it called nexus -- exposed as repo.osgeo.org on nginx.
Also exposed as project dockers for pushing images: postgis-docker.osgeo.org, geoserver-docker.osgeo.org, geos-docker.osgeo.org, sac-docker.osgeo.org
debian10 lxd container with ldap/ssh. https://monitor.osgeo.org (houses grafana dashboard (for all servers) and prometheus server for osgeo3 containers and pulls basic container metrics using node exporters pulled via prometheus servers. Requirs ldap to log into the web console.
Configuring servers for monitoring is detailed Git Prometheus Config
Picture gallery. See Gallery
- Retired December 8th, 2019 -- and moved to osgeo7 as container old-webextra
- See WebExtraVM for full details (server: http://webextra.osgeo.osuosl.org)
- hosts http://planet.osgeo.org, http://mum03.mapserver.org, http://live.osgeo.org
- http://foss4g.org (main portal) and archive of old sites 2006-2014
- http://conference.osgeo.org - Conference System (also: SAC:Setup_OCS)
- http://journal.osgeo.org / osgeo.org/ojs - Journal System
- Redirects for many chapter and other urls handled via /etc/httpd/conf.d/rewrite.conf
Cloud Hosted Servers and other external under SAC Control
Future Hosting Plans for Windows / Mac Building
- host.postgis.net -p 2222 is an LXD Ubuntu 18.04 16GB RAM/ 6 vCPU, 350GB data, 250GB block storage
- Currenlty running two lxd containers:
debbie: debian 10 postgis.net, planet.postgis.net, debbie.postgis.net (jenkins build bot) debbie-docker.host.postgis.net - runs docker and serves as a 1.0 agent for dronie.osgeo.org
QGIS off OSGeo
Services on separated machines rented and managed by the QGIS project at hetzner
- website including documentation http://www.qgis.org
- website building, documentation building, debian/ubuntu nightlies, plugins.qgis.org
- issues.qgis.org: redmine
Historical servers (not more in use)
NO LONGER USED - turned off 2019-09-03 Production services www.osgeo.org, 2018.foss4g.org moved to wordpress container on osgeo7 Staging services (staging.www.osgeo.org, dev.www.osgeo.org move to wordpress-dev container on osgeo4 Grass wordpress is disabled as grass decided to go with another solution, so have grass container on osgeo7 (Cloud hosted server on OSUOSL hardware (not ours) )
- Debian 9.3 4GB server, host name: web18a.osgeo.osuosl.org require ssh key to log in.
- Hosts wordpress sites staging.www.osgeo.org,www.osgeo.org, staging.grass.osgeo.org, foss4g2018.osgeo.org
- Setup details on Web18a setup
For lxd experimentation it's an lxd container running other lxd containers and provided by funtoo.org.
OSGeo is paying funtoo via treasurer at osgeo.org.
- OSGeo Funtoo osgeo.host.funtoo.org
- funtoo LXDs currently running:
LimeSurvey -this may be in future migrated to osgeo7 or osgeo3
Migrated to osgeo3 2020-11-28