Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
06ed1ee252f19cae2dffca20b7ce2d7e71d1153a
gitea-pages/infrastructure-guide/lxweb00.md
Konrad Bucheli cca9218803 fix some TOC warnings
2022-04-01 17:33:06 +02:00

3.0 KiB
Raw Blame History

lxweb00

This is a RHEL7 machine and is puppet managed. The httpd configuration seem to be managed there as well: https://git.psi.ch/linux-infra/data-pli/blob/master/default/lxweb00.psi.ch.yaml

Exports various paths from AFS to http(s), see /etc/httpd/conf.d/ for details. The AFS directories exported are:

  Alias /dist "/afs/psi.ch/project/linux/www/dist"
  Alias /kickstart "/afs/psi.ch/project/linux/www/kickstart"
  Alias /mirror "/afs/psi.ch/project/linux/www/mirror"
  Alias /pxe "/afs/psi.ch/service/linux/tftpboot"
  Alias /ext/cpt "/afs/psi.ch/project/cpt/repo/"
  Alias /ext/gfa "/afs/psi.ch/project/gfa-controls-sw-repo"
  Alias /ext/gpfs "/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/GPFS"
  Alias /ext/hpc-extra "/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/hpc-extra"
  Alias /ext/lmu "/afs/psi.ch/project/lmu/lmu_rpm/"
  Alias /ext/ofed "/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/OFED"
  Alias /ext/slurm "/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/slurm"
  Alias /ext/tier3 "/afs/psi.ch/software/linux/dist/scientific/6/tier3"

The httpd config files are located here:

[root@lxweb00 conf.d]# ls -la /etc/httpd/conf.d/25*
-rw-r--r-- 1 root root 3294 Dec  3 07:55 /etc/httpd/conf.d/25-linux.web.psi.ch_non_ssl.conf
-rw-r--r-- 1 root root 3559 Dec  3 07:55 /etc/httpd/conf.d/25-linux.web.psi.ch_ssl.conf

The content is served on port 80 and 443

[root@lxweb00 conf.d]# netstat -tulnp | grep http
tcp6       0      0 :::80                   :::*                    LISTEN      19619/httpd
tcp6       0      0 :::443                  :::*                    LISTEN      19619/httpd

The https certificate is located/installed in /etc/pki/tls

Questions

  • who is taking care of this certificate, how is it installed? how is the expiration monitored?
    • The owner/admin of this system must take care of the certificate. There is no monitoring or automation. The standard SWITCH procedure is to be used.
  • Why is "/afs/psi.ch/service/linux/tftpboot" exported on this server as well?
    • Don't know, could only guess.
  • Who is responsible or the contact person for the different exported AFS directories?
    • I don't know, it's not really formalized. I have some guesses for some parts:
AFS Responsible / Contact Person
/afs/psi.ch/project/linux/www/dist
/afs/psi.ch/project/linux/www/kickstart
/afs/psi.ch/project/linux/www/mirror
/afs/psi.ch/service/linux/tftpboot (why is this needed at all ?)
/afs/psi.ch/project/cpt/repo/ Gilles Martin
/afs/psi.ch/project/gfa-controls-sw-repo Rene Kapeller
/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/GPFS Leo's group
/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/hpc-extra Marc & Ivano
/afs/psi.ch/project/lmu/lmu_rpm/ Andrea Raselli
/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/OFED Marc & Ivano
/afs/psi.ch/software/linux/dist/scientificlinux/7x/x86_64/slurm Marc & Ivano
/afs/psi.ch/software/linux/dist/scientific/6/tier3 Derek?
View Git Blame Copy Permalink