From 307a90c242dadfb551978675ba514ee92787bf16 Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 9 Feb 2023 14:20:13 +0100 Subject: [PATCH] move proposals to linux-group git --- proposals/draft-nx-overview.drawio.svg | 937 ------------ proposals/draft-nx.md | 171 --- ...infrastructure_security_concept.drawio.svg | 1261 ----------------- .../draft_infrastructure_security_concept.md | 39 - proposals/draft_linux_hardware.md | 10 - proposals/draft_naming_conventions.md | 14 - proposals/draft_repositories.md | 82 -- .../draft_repositories_overview.drawio.svg | 64 - ...positories_overview_directories.drawio.svg | 536 ------- proposals/draft_rhel9.md | 6 - proposals/draft_security_concepts.drawio.svg | 332 ----- proposals/draft_standard_sw_stack.md | 16 - .../idea_classification_systems.drawio.svg | 161 --- 13 files changed, 3629 deletions(-) delete mode 100644 proposals/draft-nx-overview.drawio.svg delete mode 100644 proposals/draft-nx.md delete mode 100644 proposals/draft_infrastructure_security_concept.drawio.svg delete mode 100644 proposals/draft_infrastructure_security_concept.md delete mode 100644 proposals/draft_linux_hardware.md delete mode 100644 proposals/draft_naming_conventions.md delete mode 100644 proposals/draft_repositories.md delete mode 100644 proposals/draft_repositories_overview.drawio.svg delete mode 100644 proposals/draft_repositories_overview_directories.drawio.svg delete mode 100644 proposals/draft_rhel9.md delete mode 100644 proposals/draft_security_concepts.drawio.svg delete mode 100644 proposals/draft_standard_sw_stack.md delete mode 100644 proposals/idea_classification_systems.drawio.svg diff --git a/proposals/draft-nx-overview.drawio.svg b/proposals/draft-nx-overview.drawio.svg deleted file mode 100644 index f7197776..00000000 --- a/proposals/draft-nx-overview.drawio.svg +++ /dev/null @@ -1,937 +0,0 @@ - - - - - - - - - -
-
-
- http://rem-acc-ganglia.psi.ch -
-
-
- - - http://rem-acc-ganglia.psi.ch - - - - - - - - - - - -
-
-
- rem-acc-1.psi.ch -
-
-
- - - rem-acc-1.psi.ch - - - - - - - - -
-
-
- rem-acc.psi.ch -
-
-
- - - rem-acc.ps... - - - - - - - - - - -
-
-
- nx-proxy-1 -
-
-
- - - nx-proxy-1 - - - - - - - - - - - -
-
-
- nx-proxy-2 -
-
-
- - - nx-proxy-2 - - - - - - - - -
-
-
- nomachine-proxy.psi.ch -
-
-
- - - nomachine-pro... - - - - - - - -
-
-
- Extranet -
-
-
- - - Extranet - - - - - - - -
-
-
- Intranet -
-
-
- - - Intranet - - - - - - - - - - - -
-
-
- port 4000 -
-
-
- - - port 4000 - - - - - - - - -
-
-
- port 4000 -
-
-
- - - port 4000 - - - - - - - -
-
-
- svc-nx -
-
-
- - - svc-nx - - - - - - - - - - - - -
-
-
- ra-nx-1 -
-
-
- - - ra-nx-1 - - - - - - - - - - - -
-
-
- ra-nx-2 -
-
-
- - - ra-nx-2 - - - - - - - - -
-
-
- ra-nx.psi.ch -
-
-
- - - ra-nx.psi.ch - - - - - - - - - - -
-
-
- merlin-nx-1 ??? -
-
-
- - - merlin-nx-1 ??? - - - - - - - - - - - -
-
-
- merlin-nx-2 ??? -
-
-
- - - merlin-nx-2 ??? - - - - - - - - -
-
-
- merlin-nx.psi.ch -
-
-
- - - merlin-nx.psi... - - - - - - - -
-
-
- Ivano -
-
-
- - - Ivano - - - - - - - -
-
-
- Marc -
-
-
- - - Marc - - - - - - - -
-
-
- svc-cluster_ra -
-
-
- - - svc-cluste... - - - - - - - -
-
-
- svc-cluster_merlin5 -
-
-
- - - svc-cluste... - - - - - - - -
-
-
- svc-cluster_merlin6 -
-
-
- - - svc-cluste... - - - - - - - - -
-
-
- port 4000 -
-
-
- - - port 4000 - - - - - - - - -
-
-
- port 4000 -
-
-
- - - port 4000 - - - - - - - - - - -
-
-
- https:// -
- rama.psi.ch -
-
-
- - - https://... - - - - - - - - -
-
-
- can login to give access to certain consolse -
-
-
- - - can login... - - - - - - - - -
-
-
- mongo -
-
-
- - - mongo - - - - - - - -
-
-
- Angular -
-
-
- - - Angular - - - - - - - - - -
-
-
- Admins -
- Beamline Responsible (member of the active directory group e.g. unx-sf_furka_bs) -
-
-
- - - Admins... - - - - - - - -
-
-
- monitoring -
-
-
- - - monitoring - - - - - - - - - - -
-
-
- update access rules -
-
-
- - - update acc... - - - - - - - - - - - - -
-
-
- rem-acc-2.psi.ch -
-
-
- - - rem-acc-2.psi.ch - - - - - - - - -
-
-
- centos7 -
-
-
- - - centos7 - - - - - - - -
-
-
- pre-shared ssh keys - changes done via ssh commands -
- there is a script on rem-acc from dima -
- /root/scripts/change_rule.sh -
-
-
- - - pre-shared ssh keys - c... - - - - - - - - - - - - -
-
-
- consoles ... -
-
-
- - - consoles ... - - - - - - - - - -
-
-
- port:4000 -
-
-
- - - port:4000 - - - - - - - -
-
-
- Rene/Dima -
-
-
- - - Rene/Dima - - - - - - - - - - -
-
-
- nx-node-1 -
-
-
- - - nx-node-1 - - - - - - - - - - - -
-
-
- nx-node-2 -
-
-
- - - nx-node-2 - - - - - - - - - - - -
-
-
- nx-node-3 -
-
-
- - - nx-node-3 - - - - - - - - - - - -
-
-
- nx-node-4 -
-
-
- - - nx-node-4 - - - - - - - - -
-
-
- node randomly choosen -
- or re-connect to existing connection -
-
-
- - - node rando... - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
- login nodes -
- .... -
-
-
- - - login nodes... - - - - - - - - - - - -
-
-
- login nodes -
- .... -
-
-
- - - login nodes... - - - - - - - - - -
-
-
- 4000 or -
- 22 -
-
-
- - - 4000 or... - - - - - - - - - - -
-
-
- duo -
-
-
- - - duo - - - - - - - - - -
-
-
- read -
-
-
- - - read - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/proposals/draft-nx.md b/proposals/draft-nx.md deleted file mode 100644 index c4fc1fc1..00000000 --- a/proposals/draft-nx.md +++ /dev/null @@ -1,171 +0,0 @@ -# NX - -![scetch](draft-nx-overview.drawio.svg) - -Highavailability mode really needed -NX does the decision - sometimes not transparent how it is done - -##rem-acc.psi.ch -decides who is allowed to connect to a certain nx machine connected to rem-acc - -configuration inside NX in a database - -svc-nx - AD group this defines who is allwed to access NoMachine Proxy from rem-acc - - - -/root/scripts/change_rule.sh Written by Dima does nxserver commands - used to update rules -history of root will show last changes - -/root/scripts contain a set of other scripts - - - -Usually NX access from rem-acc to machines in the office network is not allowed (security request) -There are exceptions: -* detector group shared workstateion - pcmic05 -* ENE - Jens Ehler - mpc2053, mpc2959 -* - - -Rules for these machines are not dynamically modifiable, need to be done manually! -need request to security to open a firewall rule - - - -# Commands on rem-acc - -List of all configured servers -``` -nxserver --serverlist --extended -# nxserver --serverlist --extended | grep psi.ch | grep nomach - -``` - -Output: one line for each server - - -Show all access rules -``` -nxserver --rulelist -``` - -# Software -RemACC - NoMachine Cloud Server -xxx proxies - NoMachine Enterprise Desktop Service -nodes behing proxy - NoMachine Enterprise Server Nodes - you can only to these nodes through a proxy (Enterprise Desktop Service) - -consoles - Enterprise Desktop - allows connections to the physical console) (- with Windows this is the only product that we use) - 1 session - -Virtual desktops Linux: -NoMachine Workstation - up to 4 virtual session can be created - usually used on the *-vcons-* systems -Small Business Terminal Server Subscription - same as above but up to 10 virtual sessions - (only used for ENE) -Terminal Server - same as above but unlimited number of sessions - -Desktop - completely free license - funcionality same as Enterprise Desktop but cannot be connected/accessed from proxy/cloudServer!!! - - -Depending on the product the price differences are HUGE - - -Each machine has its own license! -Bought in packs of multiple licenses -Some licenses depend sometimes on the number of code - - -All licenses are now synchronized to be payed in April - -> Distribution of the licenses via Puppet (encrypted ...) -> machines this is distributed to machines in different hiera classes - so its difficult to assign/configure the licenses - - -There are 50 Windows machines !!!! (we have 60 Licenses) -Distribution - Baramundi - Dima has access to this -Update of the software done by the Windows Team (they make the Baramundi packaging) - -Linux 85 machines (90 Licenses - Enterprise Desktop) - - -Every installation of the nomachine software requires 2 reboots! -1 after remove -1 after install - -For linux you don't need the reboot -When installing the virtual sessions will be killed - on pysical desktop no affects - -!!!! Need communication regarding the Updates with users !!!! - -Linux RPMs are located in this repository - updated by Dima -http://repo00.psi.ch/el7/manual/nxserver/ - -__THERE IS A .htaccess file in there that restricts the access to this repo to only the listed nodes !!!!__ -This file gives info about all linux nodes that are somehow related to NX - -NoMachine only releases RPM for current version - but removes older ones - - - -Open firewall (network@psi.ch) -install sw on node -Nodes are registered on rem-acc with /root/scripts/add_node.sh -update of Mongo-DB for Rama (done by Dima) - connect to rama.psi.ch as root - `mongo` - `use rama` - `db.TargetMode.insert(......` (check history) - -!!!!! RAMA IS NOT UP TO DATE !!!! - -# Licenses -35000 CHF - 21 April 2023 - - ----- -Checkout the app: Open OnDemand -https://rustdesk.com - - -# Meeting - -- Enduser documentation maintained by Dima: https://www.psi.ch/en/photon-science-data-services/remote-interactive-access - -if you don't connect to rem-acc via the admin user a script is executed ... somewhere burried in /etc/sshd/sshd.config - -most of the stuff dima tries to do with puppet -hiera config: https://git.psi.ch/linux-infra/data-rem-acc - -There are no ansible script -- things not done by puppet is/was done manually - -rem-acc-1/2 still have access to repo00 and puppet server although it is in the extranet ... but not to git - - -cron jobs on remacc 1 to synchronize the internal state/database of nx-server! -cron jobs were placed manually!!! -no such cron jobs on rem-acc-2 - -/root/scripts on remacc1 is - -if remacc2 is master no sync and rama will not work -remacc2 only for short breakdowns -need to be discussed whether HA is really needed - - -we do not have nx-support package -response to tickets is few number of days (defined in license) -have access to portal to no-machine - -Dario can issue changes to nx-portal management: -www.nomachine.com -Account need to be done by Dario - -Portal used to download the rpms (need to be done one by one) for Linux and Windows -Portal used to issue tickets - - -https://intranet.psi.ch/de/daas contains some information why nomachine is used ... - -!!!!WINDOWS - there are more than x windows machine on this service - -need to update the license on a windows admin machine -time for update nx - needs to be scheduled with the user!!!! \ No newline at end of file diff --git a/proposals/draft_infrastructure_security_concept.drawio.svg b/proposals/draft_infrastructure_security_concept.drawio.svg deleted file mode 100644 index 0187aaf5..00000000 --- a/proposals/draft_infrastructure_security_concept.drawio.svg +++ /dev/null @@ -1,1261 +0,0 @@ - - - - - - - - - - - - -
-
-
- https/443 -
- 8140 -
-
-
- - - https/443... - - - - - - - - -
-
-
- 443 -
- 22 -
-
-
- - - 443... - - - - - - - - -
-
-
- 443 -
-
-
- - - 443 - - - - - - - - - -
-
-
- Puppet -
-
-
- - - Puppet - - - - - - - - -
-
-
- http/80 -
- https/443 -
-
-
- - - http/80... - - - - - - - - - -
-
-
- RPM Repos -
-
-
- - - RPM Repos - - - - - - - - -
-
-
- tftp -
- http/80 -
- https/443 -
-
-
- - - tftp... - - - - - - - - -
-
-
- 443 -
-
-
- - - 443 - - - - - - - -
-
-
- - PXE -
- - Sysdb -
-
-
- - - - PXE... - - - - - - - - - - - - -
-
-
- Git -
-
-
- - - Git - - - - - - - - - - - - -
-
-
- NFS -
-
-
- - - NFS - - - - - - - - -
-
-
- 443 -
-
-
- - - 443 - - - - - - - - - -
-
-
- Icinga Master -
-
-
- - - Icinga Master - - - - - - - - - - -
-
-
- 5665 -
-
-
- - - 5665 - - - - - - - -
-
-
- Elastic -
-
-
- - - Elastic - - - - - - - - -
-
-
- ???? -
-
-
- - - ???? - - - - - - - -
-
-
- Icinga Satellites -
-
-
- - - Icinga Satellites - - - - - - - - -
-
-
- - nrpe - -
- - ns-client++ - -
- - snmp - -
- - other ports - -
-
-
- - - nrpe... - - - - - - - - - -
-
-
- AD -
-
-
- - - AD - - - - - - - -
-
-
- ETH RedHat Satellite -
-
-
- - - ETH RedHat Satellite - - - - - - - - -
-
-
- https -
-
-
- - - https - - - - - - - -
-
-
- Other content provider -
-
-
- - - Other content provid... - - - - - - - -
-
-
- introduction of content scanning -
-
-
- - - introduction of content scanning - - - - - - - - -
-
-
- ... -
-
-
- - - ... - - - - - - - -
-
-
-
- - - All Networks - - -
- - [Security Level 3] - -
-
-
- - - All Networks[Security L... - - - - - - - - - - - - -
-
-
- Icinga Satellite -
- (DMZ) -
-
-
- - - Icinga Satellite... - - - - - - - -
-
-
-
- - Systems are installed in the DMZ? - -
- -
-
- - - Firewall rules for specific systems on request - template what ports need to be opened - -
-
- - - System (will) have static DHCP address - -
-
- - DMZ responsible? -
- - Periodic reviews? -
-
-
-
-
- - - - Systems are installed in the DMZ?... - - - - - - - - -
-
-
- 5665 -
-
-
- - - 5665 - - - - - - - -
-
-
- Icinga Satellites -
-
-
- - - Icinga Satellites - - - - - - - -
-
-
- logstash -
-
-
- - - logstash - - - - - - - - -
-
-
- ???? -
-
-
- - - ???? - - - - - - - - -
-
-
- - nrpe - -
- - ns-client++ - -
- - snmp - -
- - other ports - -
-
-
- - - nrpe... - - - - - - - - -
-
-
- - nrpe - -
- - ns-client++ - -
- - snmp - -
- - other ports - -
-
-
- - - nrpe... - - - - - - - - -
-
-
- - DataCenter Network -
- [Security level 3] - -
-
-
- - SSH access only through dedicated SSH gateways. - -
-
-
-
- - - DataCenter Network... - - - - - - - -
-
-
-
- - - All Networks of a given Security Level - - -
- - [At least one Icinga Satellite per Security Level  - one for 4 and one for 5] - -
-
-
- - - All Networks of a given... - - - - - - - - - - - - - -
-
-
- agents -
-
-
- - - agents - - - - - - - -
-
-
- beats -
-
-
- - - beats - - - - - - - -
-
-
- beats -
-
-
- - - beats - - - - - - - - -
-
-
- ???? -
-
-
- - - ???? - - - - - - - - -
-
-
- 5665 -
-
-
- - - 5665 - - - - - - - -
-
-
-
- - DMZ - -
- - [Security Level 2] - -
-
-
- - - DMZ[Security Level 2] - - - - - - - - -
-
-
- 5665 -
-
-
- - - 5665 - - - - - - - - -
-
-
- YUM Repos DMZ -
-
-
- - - YUM Repos DMZ - - - - - - - -
-
-
- puppet DMZ -
-
-
- - - puppet DMZ - - - - - - - -
-
-
- Metrics DMZ -
-
-
- - - Metrics DMZ - - - - - - - - -
-
-
- https/443 -
-
-
- - - https/443 - - - - - - - - -
-
-
- 8140 -
-
-
- - - 8140 - - - - - - - -
-
-
- node -
- (staging / production) -
-
-
- - - node... - - - - - - - -
-
-
- node -
- (exception) -
-
-
- - - node... - - - - - - - -
-
-
- PXE -
- sysdb -
-
-
- - - PXE... - - - - - - - - -
-
-
- tftp -
- http/80 -
- https/443 -
-
-
- - - tftp... - - - - - - - - -
-
-
- https/443 -
-
-
- - - https/443 - - - - - - - - -
-
-
- https/443 -
-
-
- - - https/443 - - - - - - - - -
-
-
- 8140 -
-
-
- - - 8140 - - - - - - - - -
-
-
- https/443 -
-
-
- - - https/443 - - - - - - - - -
-
-
- https/443 -
-
-
- - - https/443 - - - - - - - -
-
-
- Firewall -
-
-
- - - Firewall - - - - - - - - - -
-
-
- we push the content of the repo to the repo server from the internal infrastructure -
- Share RO in private DMZ and RW from one of the internal network -
-
-
- - - we push the content of the repo... - - - - - - - - -
-
-
- ssh/22 -
-
-
- - - ssh/22 - - - - - - - -
-
-
- F5 -
-
-
- - - F5 - - - - - - - - - -
-
-
- Public DMZ -
-
-
- - - Public DMZ - - - - - - - -
-
-
- Private DMZ -
-
-
- - - Private DMZ - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/proposals/draft_infrastructure_security_concept.md b/proposals/draft_infrastructure_security_concept.md deleted file mode 100644 index 7ed52e09..00000000 --- a/proposals/draft_infrastructure_security_concept.md +++ /dev/null @@ -1,39 +0,0 @@ -# [DRAFT] Core Infrastructure Security Concept - -![](draft_infrastructure_security_concept.drawio.svg) - - -## DMZ -* There is a dedicated and additionally protected (firewall) infrastructure network within the DMZ -* This network holds the provisining infrastructure and is used for staging new nodes -* After new nodes are staged and hardened the nodes are moved out into the "real" DMZ network(s) - * VLAN and IP need to be changed - * Node will be still able to connect to the repo server as well as puppet and metric server in the infrastructure network (this way it is ensured that nodes are actively managed and still get updates) - -The content of the repos in the DMZ are pushed from the PSI network. The repo servers in the DMZ only hold the latest packages - we do not have snapshotting, etc. (need to be discussed). - -### TODO -* we need to define a dedicated DMZ stack - * minimal os / software stack - * firewall enabled and blocking everything except the specially configured ports - - -* Every node in the DMZ must have a responsible person (it would be better group)! - * Maybe have one group that takes care of all DMZ servers? - -## Notes -The idea is that we first setup a repo server and then peu-a-peu install the other infrastructure components - - -Decision whether we have to use a satellite or not -* Security Level -* Architecture Network (amount of traffic) -* Architecture Icinga (load satellite) - ----- -Security - -1. Zones -2. Network segmentation (VRF) - - 985 subnets in 185 network segments -3. A network segmentation does have a security level attached \ No newline at end of file diff --git a/proposals/draft_linux_hardware.md b/proposals/draft_linux_hardware.md deleted file mode 100644 index 0b195c31..00000000 --- a/proposals/draft_linux_hardware.md +++ /dev/null @@ -1,10 +0,0 @@ -# (Standard) Linux Hardware - -* we don't want to have a standard linux hardware as such - we just label/tag existing hardware in the shop with works with RHELX - -* Once there are new machines we (1st level / engineering) should get it to test them -* Ideally the machines have a on-board (Intel) graphics card - only if there is a good reason (multiple screens, etc.) there should be an NVIDIA card - -* Relevant Redhat resources regarding supported hardware: - * https://access.redhat.com/solutions/7494 - * https://catalog.redhat.com/ \ No newline at end of file diff --git a/proposals/draft_naming_conventions.md b/proposals/draft_naming_conventions.md deleted file mode 100644 index 3e8069ab..00000000 --- a/proposals/draft_naming_conventions.md +++ /dev/null @@ -1,14 +0,0 @@ -# [DRAFT] Naming Conventions Infrastructure Servers - -To be able to easily identify all Linux core infrastructure servers they should follow the same naming convention. - -Following pattern should be followed: -__lx-<purpose>-<number>__ - -Usually there should be a DNS alias __lx-<purpose> -> lx-<purpose>-<number>__ that points to the currently active production server. - -Examples: -* lx-repo -> lx-repo-01 -* lx-puppet -> lx-puppet-01 -* lx-puppet-test -> lx-puppet-test-01 -* lx-lc -> lx-lc-01 \ No newline at end of file diff --git a/proposals/draft_repositories.md b/proposals/draft_repositories.md deleted file mode 100644 index 9be40322..00000000 --- a/proposals/draft_repositories.md +++ /dev/null @@ -1,82 +0,0 @@ -# Draft Repository Design - -## Requirements -* Certain repositories must only be visible to certain clients (NX - currently done via htaccess file) - -## URL Patterns - -All repo URLs for any operating system follow this patterns: - -* https://repos.psi.ch/<os>/iso -* https://repos.psi.ch/<os>/tags/<tag>/<repo> -* https://repos.psi.ch/<os>/tags/<tag>/keys; -* https://repos.psi.ch/<os>/snapshots/<tag>/<repo> -* https://repos.psi.ch/<os>/snapshots/<tag>/keys -* https://repos.psi.ch/<os>/latest/<repo> -* https://repos.psi.ch/<os>/latest/keys; - -The __<os>__ part is a combination of the __ID__ and __VERSION_ID__ variable inside the standard (see https://stackoverflow.com/questions/47838800/etc-lsb-release-vs-etc-os-release) /etc/os-release file. In some cases the VERSION_ID will be trunkated (especially for RHEL systems) - -Example RHEL7 system: -``` -[root]# cat /etc/os-release -[...] -ID="rhel" -VERSION_ID="7.9" -[...] -``` -will result in __rhel7__. - -Example Ubuntu system: -``` -[root]# cat /etc/os-release -[...] -ID=ubuntu -VERSION_ID="22.04" -[...] -``` -will result in __ubuntu22.04__. - - -For os independen firmware images we will have a "repos" like this: - -* https://repos.psi.ch/firmware -* https://repos.psi.ch/firmware/<group> - - -### Examples -* https://repos.psi.ch/rhel7/iso -* https://repos.psi.ch/rhel7/tags/<tag>/<repo> -* https://repos.psi.ch/rhel7/tags/<tag>/keys; -* https://repos.psi.ch/rhel7/snapshots/<tag>/<repo> -* https://repos.psi.ch/rhel7/snapshots/<tag>/keys -* https://repos.psi.ch/rhel7/latest/<repo> -* https://repos.psi.ch/rhel7/latest/keys; - ----- - -* https://repos.psi.ch/rhel8/iso -* https://repos.psi.ch/rhel8/tags/<tag>/<repo> -* https://repos.psi.ch/rhel8/tags/<tag>/keys -* https://repos.psi.ch/rhel8/snapshots/<tag>/<repo> -* https://repos.psi.ch/rhel8/snapshots/<tag>/keys -* https://repos.psi.ch/rhel8/latest/<repo> -* https://repos.psi.ch/rhel8/latest/keys - ----- -* ... ----- - -* https://repos.psi.ch/firmware/... - - -## Filesystem Layout - -![](draft_repositories_overview_directories.drawio.svg) - - - -## Questions -* One RPM to enable/install supported yum repository -* Where do we provide our own rpm packages - lx-misc (currently pli-misc) -* How to know which systems are using which repos? (via rpm package list / hiera config / ... ?) \ No newline at end of file diff --git a/proposals/draft_repositories_overview.drawio.svg b/proposals/draft_repositories_overview.drawio.svg deleted file mode 100644 index 534ab0ad..00000000 --- a/proposals/draft_repositories_overview.drawio.svg +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - - -
-
-
- https://repos.psi.ch -
-
-
- - - https://re... - - - - - - - -
-
-
- repo01 -
-
-
- - - repo01 - - - - - - - -
-
-
- repo00 -
-
-
- - - repo00 - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/proposals/draft_repositories_overview_directories.drawio.svg b/proposals/draft_repositories_overview_directories.drawio.svg deleted file mode 100644 index b430c587..00000000 --- a/proposals/draft_repositories_overview_directories.drawio.svg +++ /dev/null @@ -1,536 +0,0 @@ - - - - - - - -
-
-
- <os> -
-
-
- - - <os> - - - - - - - -
-
-
- iso/ -
-
-
- - - iso/ - - - - - - - -
-
-
- latest/ -
-
-
- - - latest/ - - - - - - - -
-
-
- tags/ -
-
-
- - - tags/ - - - - - - - -
-
-
- snapshots/ -
-
-
- - - snapshots/ - - - - - - - - -
-
-
- if same gpg key is used -
- for all repos of that -
- group -
-
-
- - - if same gpg key is used... - - - - - - - -
-
-
- <group>/ -
-
-
- - - <group>/ - - - - - - - -
-
-
- keys/ -
-
-
- - - keys/ - - - - - - - -
-
-
- <sub-group>/ -
-
-
- - - <sub-group>/ - - - - - - - - -
-
-
- corresponds to -
- repo -
-
-
- - - corresponds to... - - - - - - - -
-
-
- <repo-name> -
-
-
- - - <repo-name> - - - - - - - -
-
-
- <group>/ -
-
-
- - - <group>/ - - - - - - - -
-
-
- <repo-name>.gpg -
-
-
- - - <repo-name>.gpg - - - - - - - -
-
-
- <group>.gpg -
-
-
- - - <group>.gpg - - - - - - - -
-
-
- Examples: -
- - rhel7 -
- rhel8 -
- ... - -
-
-
- - - Examples:... - - - - - - - -
-
-
- <group>/ -
-
-
- - - <group>/ - - - - - - - -
-
-
- <iso-name>.iso -
-
-
- - - <iso-name>.iso - - - - - - - - -
-
-
- iso mount -
-
-
- - - iso mount - - - - - - - -
-
-
- <iso-name>/ -
-
-
- - - <iso-name>/ - - - - - - - -
-
-
- <repo-name>/ -
-
-
- - - <repo-name>/ - - - - - - - - -
-
-
- optional/possible but not recommended -
-
-
- - - optional/possible but not re... - - - - - - - -
-
-
- <sub-group>/ -
-
-
- - - <sub-group>/ - - - - - - - - - -
-
-
- <repo-name>.gpg -
-
-
- - - <repo-name>.gpg - - - - - - - - -
-
-
- optional/possible but not recommended -
-
-
- - - optional/possible but not re... - - - - - - - - -
-
-
- - https://repos.psi.ch - - (alias) -
- lx-web-01.psi.ch (real server name) -
-
-
- - - https://repos.psi.ch (alias)... - - - - - - - -
-
-
- Located on the NFS fileserver: - - lx-fs:/xxxxx - -
-
-
- - - Located on the NFS fileserver: lx-fs:/xxxxx - - - - - - - -
-
-
- firmware -
-
-
- - - firmware - - - - - - - -
-
-
- <group>/ -
-
-
- - - <group>/ - - - - - - - -
-
-
- iso -
-
-
- - - iso - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/proposals/draft_rhel9.md b/proposals/draft_rhel9.md deleted file mode 100644 index e3642abc..00000000 --- a/proposals/draft_rhel9.md +++ /dev/null @@ -1,6 +0,0 @@ -# RHEL9 -This topic holds - -- Wayland -- No access by default -- No AFS (only optional) \ No newline at end of file diff --git a/proposals/draft_security_concepts.drawio.svg b/proposals/draft_security_concepts.drawio.svg deleted file mode 100644 index 6ff47b0d..00000000 --- a/proposals/draft_security_concepts.drawio.svg +++ /dev/null @@ -1,332 +0,0 @@ - - - - - - - -
-
-
- VRF - Virtual Routing and Forwarding -
-
-
- - - VRF - Virtual Routing and Forwarding - - - - - - - - - - -
-
-
- Zone -
-
-
- - - Zone - - - - - - - - - - -
-
-
- VRF A -
-
-
- - - VRF A - - - - - - - - - - -
-
-
- VRF B -
-
-
- - - VRF B - - - - - - - -
-
-
- VRF X -
-
-
- - - VRF X - - - - - - - -
-
-
- Subnet 1 -
-
-
- - - Subnet 1 - - - - - - - -
-
-
- Subnet 2 -
-
-
- - - Subnet 2 - - - - - - - -
-
-
- Subnet 3 -
-
-
- - - Subnet 3 - - - - - - - -
-
-
- Subnet 1 -
-
-
- - - Subnet 1 - - - - - - - -
-
-
- Subnet 2 -
-
-
- - - Subnet 2 - - - - - - - -
-
-
- Subnet 3 -
-
-
- - - Subnet 3 - - - - - - - -
-
-
- Subnet 1 -
-
-
- - - Subnet 1 - - - - - - - -
-
-
- Subnet 2 -
-
-
- - - Subnet 2 - - - - - - - -
-
-
- Subnet 3 -
-
-
- - - Subnet 3 - - - - - - - - - - - -
-
-
- Firewall -
-
-
- - - Firewall - - - - - - - -
-
-
- [security level] -
-
-
- - - [security leve... - - - - - - - -
-
-
- [security level] -
-
-
- - - [security leve... - - - - - - - -
-
-
- [security level] -
-
-
- - - [security leve... - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file diff --git a/proposals/draft_standard_sw_stack.md b/proposals/draft_standard_sw_stack.md deleted file mode 100644 index 34ea6193..00000000 --- a/proposals/draft_standard_sw_stack.md +++ /dev/null @@ -1,16 +0,0 @@ -# (DRAFT) Definition Standard Software Stack - -The linux standard software stack consists of: -* BASE OS - -Additional packages: -* open-vm-tools [vm only] - - -AFS will only be an additional package - it will not be part of the core distribution - -# TODO - -Include following functionality in base stack? -* SMB mounting for users gfa-cifsmount -* telwho - gfa-telwho diff --git a/proposals/idea_classification_systems.drawio.svg b/proposals/idea_classification_systems.drawio.svg deleted file mode 100644 index 87a46f76..00000000 --- a/proposals/idea_classification_systems.drawio.svg +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - -
-
-
- personal -
- system -
-
-
- - - personal... - - - - - - - -
-
-
- multi user -
- systems -
- (graphical frontend) -
-
-
- - - multi user... - - - - - - - -
-
-
- server -
- systems -
-
-
- - - server... - - - - - - - -
-
-
- infrastructure -
- systems -
-
-
- - - infrastructure... - - - - - - - -
-
-
- - responsibility must be with a group - -
-
-
- - - responsibility must be with a group - - - - - - - -
-
-
- priority -
-
-
- - - priority - - - - - - - -
-
-
- high -
-
-
- - - high - - - - - - - -
-
-
- low -
-
-
- - - low - - - - - - - - - Viewer does not support full SVG 1.1 - - - - \ No newline at end of file