diff --git a/_toc.yml b/_toc.yml index e0d2e9f5..49af0c44 100644 --- a/_toc.yml +++ b/_toc.yml @@ -5,43 +5,43 @@ root: index format: jb-book parts: -- caption: User Guide - chapters: - - file: user-guide/index - sections: - - file: user-guide/login_servers - - file: user-guide/evolution_for_o365 - - file: user-guide/thunderbird_for_o365 - - file: user-guide/firefox_profile_per_host + - caption: User Guide + chapters: + - file: user-guide/index + sections: + - file: user-guide/login_servers + - file: user-guide/evolution_for_o365 + - file: user-guide/thunderbird_for_o365 + - file: user-guide/firefox_profile_per_host -- caption: Admin Guide - chapters: - - file: admin-guide/index + - caption: Admin Guide + chapters: + - file: admin-guide/index -- caption: Infrastructure Guide - chapters: - - file: infrastructure-guide/home - sections: - - file: infrastructure-guide/pxeserv01 - - file: infrastructure-guide/boot00 - - file: infrastructure-guide/puppet01 - - file: infrastructure-guide/repo00 - - file: infrastructure-guide/repo01 - - file: infrastructure-guide/reposync - - file: infrastructure-guide/lxweb00 - - file: infrastructure-guide/login - - file: infrastructure-guide/influx00 - - file: infrastructure-guide/metrics00 - - file: infrastructure-guide/lxsup00 - -- caption: RHEL8 - chapters: - - file: rhel8/index - sections: - - file: rhel8/installation - - file: rhel8/software - - file: rhel8/nvidia - - file: rhel8/kerberos - - file: rhel8/desktop - - file: rhel8/vendor_documentation + - caption: Infrastructure Guide + chapters: + - file: infrastructure-guide/infrastructure_systems + sections: + - file: infrastructure-guide/pxeserv01 + - file: infrastructure-guide/boot00 + - file: infrastructure-guide/puppet01 + - file: infrastructure-guide/repo00 + - file: infrastructure-guide/repo01 + - file: infrastructure-guide/reposync + - file: infrastructure-guide/lxweb00 + - file: infrastructure-guide/login + - file: infrastructure-guide/influx00 + - file: infrastructure-guide/metrics00 + - file: infrastructure-guide/lxsup00 + - file: infrastructure-guide/infrastructure_administration + - caption: RHEL8 + chapters: + - file: rhel8/index + sections: + - file: rhel8/installation + - file: rhel8/software + - file: rhel8/nvidia + - file: rhel8/kerberos + - file: rhel8/desktop + - file: rhel8/vendor_documentation diff --git a/index.md b/index.md index b3d37c4d..bd0f2e92 100644 --- a/index.md +++ b/index.md @@ -4,7 +4,12 @@ This is the collection of all linux related documentation ## Issues / Tickets / Tasks -https://jira.psi.ch/projects/PSILINUX/summary +||| +|---|---| +| __User Issues__ | https://css.psi.ch | +| __Linux Engineering__ | https://jira.psi.ch/projects/PSILINUX | + + ## Communication @@ -17,68 +22,58 @@ All people can subscribe to this list via [sympa](https://psilists.ethz.ch/sympa __linux@psi.ch__ This is a mailing list for incoming messages and/or for internal discussion. This list (it is a Outlook/Exchange managed distribution list) only contains the people that are regarded as the core team. If you want to be part of that team, drop an email stating so to this list! -Right now following people are on the list: -- Marc Caubet -- Derek Feichtinger -- Peter Huesser -- Rene Kapeller -- Gilles Martin -- Leonardo Sala -- Ivano Talamo -- Alvise Dorigo -- Joshua Taylor -- Simon Ebner -- Konrad Bucheli -This email list is administered by Outlook in the following way (if you have manager right): +## Documentation / Knowledgebase +Check out the resources on this page for PSI specific Linux documentation. -- Open outlook and go to the address book +From within the PSI network you can have access to the redhat.com troubleshooting and knowledge base (https://access.redhat.com) with the following credentials: -![outlook_01.png](outlook_01.png) - -- Search for the PSI.Linux mailing list and double click - -![outlook_02.png](outlook_02.png) - -- Go to modify members (you only see this if you are a manager) - -![outlook_03.png](outlook_03.png) -- Click on Add and add a new email address - -![outlook_04.png](outlook_04.png) + Login: kbaccess + Passwort: Kb4cc3ss ## Linux Meetings ### Weekly Sync Meeting -__Time:__ Tuesdays 14:30-15:00 -__Chair:__ Konrad -__Location:__ Zoom -__Purpose:__ Discuss general Linux topics -__Participants__: Usually the people on the linux@psi.ch mailing list + +||| +|-|-| +| __Time__ | Tuesdays 14:30-15:00 | +| __Chair__ | Konrad | +| __Location__ | Zoom | +| __Purpose__ | Discuss general Linux topics | +| __Participants__ | Usually the people on the linux@psi.ch mailing list | +| __Meeting Minutes__ | https://git.psi.ch/linux-infra/linux-group/-/tree/master/meetings/engineering-meeting (there are not always minutes!) | ### Merge Meeting -__Time:__ Tuesdays 15:00-15:30 - directly following the Sync Meeting -__Chair:__ Konrad -__Location:__ Zoom -__Purpose:__ Review new changes in the Puppet code -__Participants__: Usually some of the people on the linux@psi.ch mailing list - - -### Linux Core Group "Meeting" / Standup Meeting -__Time:__ Monday to Thursday 08:45 - 09:00 -__Chair:__ Simon -__Location:__ Zoom -__Purpose:__ Coordination work within the Linux core group -__Participants:__ Member of Linux Core group +||| +|-|-| +|__Time__ | Tuesdays 15:00-15:30 - directly following the Sync Meeting | +| __Chair__ | Konrad | +| __Location__ | Zoom | +| __Purpose__ | Review new changes in the Puppet code | +| __Participants__ | Usually some of the people on the linux@psi.ch mailing list | +| __Meeting Minutes__ | https://git.psi.ch/linux-infra/linux-group/-/tree/master/meetings/merge-meeting | ### Supporter Meeting(s) -__Time:__ Tuesday, Friday -__Chair:__ Silvio -__Location:__ Zoom -__Purpose:__ Coordination within the PC Supporters (more details contact Silvio) -__Participants:__ PC Supporters +||| +|-|-| +| __Time__ | Tuesday, Friday | +| __Chair__ | Silvio | +| __Location__ | Zoom | +| __Purpose__ | Coordination within the PC Supporters (more details contact Silvio) | +| __Participants__ | PC Supporters | +### Linux Core Group "Meeting" / Standup Meeting (Linux Group internal) +||| +|-|-| +| __Time__ | Monday to Thursday 08:45 - 09:00 | +| __Chair__ | Simon | +| __Location__ | Zoom | +| __Purpose__ | Coordination work within the Linux core group | +| __Participants__ | Member of Linux Core group | +| __Meeting Minutes__ | https://git.psi.ch/linux-infra/linux-group/-/tree/master/meetings/group-meeting (Note: there are not always minutes!) | + diff --git a/infrastructure-guide/infrastructure_administration.md b/infrastructure-guide/infrastructure_administration.md new file mode 100644 index 00000000..7bad11d6 --- /dev/null +++ b/infrastructure-guide/infrastructure_administration.md @@ -0,0 +1,40 @@ +# Infrastructure Administration + +# linux.psi.ch +linux.psi.ch is hosted from this git repo as git pages. There is a proxy entry for the domain name linux.psi.ch on the F5 reverse proxy, that is managed by the network team, to reach the git pages by https://linux.psi.ch + +The HTTPS certificates of the domain linux.psi.ch is managed by the network team. + +# Email Lists + +## linux@psi.ch + +Right now following people are on the list: +- Marc Caubet +- Derek Feichtinger +- Peter Huesser +- Rene Kapeller +- Gilles Martin +- Leonardo Sala +- Ivano Talamo +- Alvise Dorigo +- Joshua Taylor +- Simon Ebner +- Konrad Bucheli + +This email list is administered by Outlook in the following way (if you have manager right): + +- Open outlook and go to the address book + +![outlook_01.png](outlook_01.png) + +- Search for the PSI.Linux mailing list and double click + +![outlook_02.png](outlook_02.png) + +- Go to modify members (you only see this if you are a manager) + +![outlook_03.png](outlook_03.png) +- Click on Add and add a new email address + +![outlook_04.png](outlook_04.png) diff --git a/infrastructure-guide/home.md b/infrastructure-guide/infrastructure_systems.md similarity index 96% rename from infrastructure-guide/home.md rename to infrastructure-guide/infrastructure_systems.md index 3910460f..e611cb0f 100644 --- a/infrastructure-guide/home.md +++ b/infrastructure-guide/infrastructure_systems.md @@ -38,14 +38,6 @@ __Enduser Systems__ ![](overview_linux.drawio.svg) -## Misc - -There is a keepass file with passwords (Heinz or Edgar) - -Access to the redhat.com knowledge base: - - Login: kbaccess - Passwort: Kb4cc3ss ## Metrics * [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_pli&var-host=boot00.psi.ch&var-host=influx00.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch&var-host=pxeserv01.psi.ch&var-host=repo00.psi.ch&var-host=reposync.psi.ch) diff --git a/outlook_01.png b/infrastructure-guide/outlook_01.png similarity index 100% rename from outlook_01.png rename to infrastructure-guide/outlook_01.png diff --git a/outlook_02.png b/infrastructure-guide/outlook_02.png similarity index 100% rename from outlook_02.png rename to infrastructure-guide/outlook_02.png diff --git a/outlook_03.png b/infrastructure-guide/outlook_03.png similarity index 100% rename from outlook_03.png rename to infrastructure-guide/outlook_03.png diff --git a/outlook_04.png b/infrastructure-guide/outlook_04.png similarity index 100% rename from outlook_04.png rename to infrastructure-guide/outlook_04.png diff --git a/proposals/draft_infrastructure_security_concept.drawio.svg b/proposals/draft_infrastructure_security_concept.drawio.svg index 5f82dac7..0187aaf5 100644 --- a/proposals/draft_infrastructure_security_concept.drawio.svg +++ b/proposals/draft_infrastructure_security_concept.drawio.svg @@ -1,4 +1,4 @@ - + @@ -10,7 +10,7 @@ -
+
https/443 @@ -30,7 +30,7 @@ -
+
443 @@ -40,7 +40,7 @@
- + 443... @@ -87,7 +87,7 @@ -
+
http/80 @@ -138,7 +138,7 @@
- + tftp... @@ -148,7 +148,7 @@ -
+
443 @@ -156,7 +156,7 @@
- + 443 @@ -303,7 +303,7 @@ -
+
???? @@ -406,7 +406,7 @@ -
+
https @@ -414,7 +414,7 @@
- + https @@ -500,13 +500,13 @@ - - - + + + -
+
Icinga Satellite @@ -516,7 +516,7 @@
- + Icinga Satellite... @@ -564,7 +564,7 @@ -
+
5665 @@ -629,12 +629,12 @@ - - + + -
+
@@ -656,7 +656,7 @@
- + nrpe... @@ -666,7 +666,7 @@ -
+
@@ -688,7 +688,7 @@
- + nrpe... @@ -810,7 +810,7 @@ -
+
???? @@ -818,7 +818,7 @@
- + ???? @@ -828,7 +828,7 @@ -
+
5665 @@ -836,7 +836,7 @@
- + 5665 @@ -865,12 +865,12 @@ - - + + -
+
5665 @@ -878,29 +878,12 @@
- + 5665 - - - - - -
-
-
- Staging / Infrastructure Network -
-
-
- - - Staging / Infrastructure Network - - - + @@ -957,7 +940,7 @@ -
+
https/443 @@ -975,7 +958,7 @@ -
+
8140 @@ -983,7 +966,7 @@
- + 8140 @@ -997,7 +980,7 @@
node
- (staging) + (staging / production)
@@ -1007,21 +990,21 @@ - + -
+
node
- (production) + (exception)
- + node... @@ -1085,12 +1068,12 @@ - + -
+
https/443 @@ -1098,17 +1081,17 @@
- + https/443 - + -
+
8140 @@ -1116,17 +1099,17 @@
- + 8140 - + -
+
https/443 @@ -1134,30 +1117,11 @@
- + https/443 - - - - - - -
-
-
- once systems are staged and hardned, they are moved out into production-dmz network -
-
-
- - - once syste... - - - @@ -1176,11 +1140,11 @@ - - + + -
+
Firewall @@ -1188,26 +1152,28 @@
- + Firewall - + - + -
+
we push the content of the repo to the repo server from the internal infrastructure +
+ Share RO in private DMZ and RW from one of the internal network
- + we push the content of the repo... @@ -1230,6 +1196,59 @@ + + + + +
+
+
+ F5 +
+
+
+ + + F5 + + + + + + + + + +
+
+
+ Public DMZ +
+
+
+ + + Public DMZ + + + + + + + +
+
+
+ Private DMZ +
+
+
+ + + Private DMZ + + +