[SAC] Admin Wiki

Committees SAC mailing list
1

Folks,

I've started setting up the new download VM per:

   http://trac.osgeo.org/osgeo/ticket/798

In the process I discovered that the new SSL certs were not propagated to
the "base vm" which we clone for new VMs. I have done so based on the
rather limited information in:

   http://wiki.osgeo.org/wiki/SAC:SSLCert

It would be nice if that topic could be extended with information on which
file does what, where we get the certificate and when they will expire.
I believe Alex is also looking into a security issue around the certificates.

To help others needing to setup VMs in the future I have written up a few
notes, and hopefully Alex or others can extend it a bit for Backula and
other things:

   http://wiki.osgeo.org/wiki/SAC:Standard_System_Setup

Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/warmerda
and watch the world go round - Rush | Geospatial Software Developer

2

Hi Frank,

On Tue, Sep 27, 2011 at 10:42:25PM -0700, Frank Warmerdam wrote:

In the process I discovered that the new SSL certs were not propagated to
the "base vm" which we clone for new VMs. I have done so based on the
rather limited information in:

  http://wiki.osgeo.org/wiki/SAC:SSLCert

Indeed, that's pretty short but should be sufficient as I've
distributed the new certificate chain to every VM I was aware of. I
was _not_ aware that we're still having access to this "Base VM" ....

To help others needing to setup VMs in the future I have written up a few
notes, and hopefully Alex or others can extend it a bit for Backula and
other things:

I'll add a few notes wrt. the Bacula setup. Yet I'd like to remind that
we're still sitting on a pretty unfortunate directory layout on the
'worker' VM's, making it quite complicated to tell between the stuff we
want to back up and the other part which is just bloating the backup
without any need.
Does anyone feel responsible for sorting these things out ? Maybe those
who have established the current state !? :wink:

Cheers,
  Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------