[SAC] [OSGeo] #2232: Convert some of our physical/virtual servers to LXD containers

OSGeo trac_osgeo at osgeo.org
Wed Apr 24 08:13:39 PDT 2019 

#2232: Convert some of our physical/virtual servers to LXD containers
---------------------------+---------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  enhancement    |      Status:  closed
 Priority:  normal         |   Milestone:  Sysadmin Contract 2019-I
Component:  Systems Admin  |  Resolution:  fixed
 Keywords:                 |
---------------------------+---------------------------------------
Changes (by robe):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 FYI I've already used this tool and it's working great.

 So far I've used it to pull an image of the following -- many flagged as
 separate tickets so I'll close this out and remainder I do I will record
 as separate tickets.


 {{{
 projects.osgeo.osuosl.org (old-projects on osgeo7) -- community-
 review.foss4g.org, spatialreference.org are now being served by the new
 lxd container.  I don't think there is anything left on old server we need
 so will retired soon.

 web.osgeo.osuosl.org (old-web on osgeo7) -- id.osgeo.org, fdo.osgeo.org
 are running off these, a lot of the remaining things appear to be
 redirects which we should probably move directly to nginx as redirects.
 No point in hopping to a container just to be redirected elsewhere

 adhoc.osgeo.osuosl.org (old-adhoc) -- I told OSUOSL to repoint the name to
 osgeo7.  I created a adhoc.osgeo.org to test --
 http://adhoc.osgeo.org/livedvd/docs/en/index.html

 wiki.osgeo.osuosl.org - this one I need to reimage cause first time mysql
 was running so didn't get a clean backup (was corrupted).  I do however
 have wiki.osgeo.org repointing at osgeo7 and being proxied thru the nginx
 container https -> https  (I think this will even work when SSL cert
 expires as I don't think nginx will care it's proxying to an expired
 https, but the users will be getting the non-expired letsencrypt.
 I didn't want to go https -> http (as they are public Ips so it really not
 encrypted that way)

 secure.osgeo.osuosl.org (old-secure container) -- I imaged this one but
 have it off on osgeo7.  This one is going to be a bit tricky mostly
 because I don't know much about LDAP (I believe the ldaps might be using
 the STAR osgeo key which will expire soon (not sure how ldaps works to be
 sure).  I'm going to need help with this one as it controls everything.
 The debian on it is debian6 - yikes way past it's prime.

 I'm also not sure how the whitelists work -I think this one I'll need to
 give a real ip too (not proxy port) so it can see the ips it's
 whitelisting

 web18a.osgeo.osuosl.org (www.osgeo.org) -> (wordpress-dev) -- this one I
 imaged just so we can have exact replica of our running www server for dev
 purposes.  staging.www.osgeo.org and dev.www.osgeo.org are running on this
 container -- and pulling from git like the old - as Vicky has documented
 here - https://git.osgeo.org/gitea/osgeo/www_osgeo/wiki/Links


 }}}

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2232#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list