Systems administrators are currently undertaking a project to source and equip host machines for VMs for all infrastructure (non-critical) purposes. There are these proposals:

  1. Vienna:
    1. Sonance is building Vienna1 for Funkfeuer install

    2. Vienna-2 is on the bench

  2. Others

In principle we would like 2 or 3 sites, but let's do this step by step. This project is being handled by the Board for the time being. Contact us if you have a suggestion.

Requirements

  1. Tech
    1. static IPs
    2. High Availability (HA) - especially for the 8 or so services
    3. remote ssh access to hardware or host OS sufficient to restart hard hung services
      • e.g., Java/IP console
    4. suitable for running Virtualisation.
      • lots and lots of main memory
      • para-virtualisation is a possibility, but full is much preferred.
    5. high bandwidth to close hardware independent redundancy for Disaster Recovery (DR)
      • currently using around 100G out, 15G in, see sysadm post

      • (update 2009-09-04 - crl bandwidth by ~33Gpm down due to compression/caching information/less user abuse)
    6. sufficient instantaneous network bandwidth (20mMbit+) and minimum latency
    7. flexibility to deploy a semi-standard infrastructure on virtual machines (VMs) - Debian at least
    8. local response time for non-remotely fixable errors.
    9. Approx 16 IP numbers.
    10. eventual IPv6 support
  2. See also High level Systems Administration Requirements.

  3. Business:
    1. written agreement covering all services and conditions
    2. reasonably stable/professional business.
    3. local sysadms (Assurers)
      • to set up the Host for rest of team so we can SSH in.
      • to hit the reset button...
      • to keep an eye on security
    4. friendly local agent (required by some countries to have local agent).

Note that the strict regime of the SecurityPolicy is not necessary here because this is VMs for the infrastructure team, not critical systems for the critical team.

Bandwidth

VM / Server name

07/2009

08/2009

09/2009#

10/2009!

ocsp.cacert.org

3.3

3.8

5.0

crl.cacert.org - compression/caching enabled in 08

69

33*

64

140

wiki.cacert.org

3.5

4.8

6.2

Blog.cacert.org server

2.4

3.5

4.6

irc.cacert.org

0.86

0.65

0.9

svn.cacert.org

3.1

5.1

4.7

bugs.cacert.org

0.06

0.03

0.04

lists server

2.7

2.0

1.7

transition www.cacert.org server (rehosting-nl)

0.01

0 -off

email - all @cacert.org POP/IMAP/SMTP

1.9

2.6

4.9

webmail/board voting

0.28

0.12

0.5

test2

off

0.03

0.6

hashserver.cacert.org

~0

0.03

translingo.cacert.org

0.05

0.08

cats.cacert.org

0.2

0.17

0.24

^issue.cacert.org

0.00

~0

~0

^logging.cacert.org

^forum.cacert.org

~0

~0

^cod.cacert.org

~0

emailout.cacert.org

-

-

0.05

0.09

^paypal.cacert.org

~0

~0

sun2 - probably a lot of backup traffic (local)

9.4

9

12

~0

rough total

100

63

97

181

Sonance

Status is at Vienna1.

We believe it is possible to get something up and going in Vienna relatively quickly and cheaply. The following is a paper plan for now:

Hardware

VM hosting

The need is to set it up as a dedicated host for VMs. There are two options:

  1. Like current CAcert setup, managed by PG.

  2. Like Sonance's setup, managed by Matthias G.
    • This has the advantage of being managed as a part of a two machine setup, with redundancy possibilities. This is how MG runs the machines at work (indeed, the Sonance machine is almost identical to the work setup).
    • test1.co is running this way.

Financing

Funkfeuer has a cost of 480 per year or 40 euros a month.

  1. Sonance bills CAcert.
    • To assist the current account problem, Uli has found some Assurers who are prepared to underwrite the arrangement.
    • Sonance manages the machine, does it MG's way.
  2. donates his account with Funkfeuer to CAcert.
    • As sponsor, PG provides his contract and replaces his machine with the Sonance machine. This is a donation of contact by PG.
    • Donation of machine by Sonance.
    • But it is more complicated because PG and MG haven't figured out how to manage the hosting platform as yet. But presumably this way is then managed by PG.
  3. Other funding could be found from a bunch of places, in exchange for a logo on the main website (for example).

Concluding remarks

I think there are some advantages. We could get this up and running with what is around right now. Vienna is well known to us. We have a lot of people around here, we all know Funkfeuer and they all know CAcert (many Assurers in the local community). Philipp G can liase directly with infrastructure team. We already did this once with all of the CAcert systems, Jan 2007 to September 2008, both critical and infrastructure, and it's simpler this time. There are future funding possibilities to replace these oldish machines. Etc etc.

For the future

I can see these wider issues:


Vienna-2


Others

Cloud

We could purchase VMs on demand from cloud providers. E.g.:


Atlanta (historical)

Wikimedia Hardware

Wikimedia offers used machines to open source projects like Drupal and OpenStreetMap. post by Mathieu.

Past Efforts

Good work in the past has been done by:



Category or Categories

CategorySystems
CategoryAudit

SystemAdministration/InfrastructureHost (last edited 2010-08-26 06:52:51 by SunTzuMelange)