diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2015-08-14 18:49:49 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2015-08-14 18:49:49 +0000 |
commit | 873a5d949a042d57fb9c9047302e152ec4502183 (patch) | |
tree | 56a4ab4a070ce93f4310cc8c927084c68d560900 /doc/soriano.txt | |
parent | f737ca21933177bb05bf713b27b13624611143ac (diff) |
Add documentation for setup on soriano.d.o
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@36072 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/soriano.txt')
-rw-r--r-- | doc/soriano.txt | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/doc/soriano.txt b/doc/soriano.txt new file mode 100644 index 0000000000..6467e4d0c8 --- /dev/null +++ b/doc/soriano.txt @@ -0,0 +1,97 @@ +Tracker setup on soriano.debian.org +=================================== + +(This is internal documentation, in case things need to be fixed. +It is not relevant to day-to-day editing tasks.) + +Relevant files and directories +------------------------------ + +The tracker runs under the user ID "sectracker". Most of its files +are stored in the directory /srv/security-tracker.debian.org/website: + + bin/cron invoked by cron once every minute + bin/cron-hourly invoked by cron once every hour + bin/cron-daily invoked by cron once every day + bin/read-and-touch invoked by ~/.procmailrc + bin/start-daemon invoked by cron at reboot + + secure-testing Subversion checkout + secure-testing/bin/* main entry points, called bin bin/cron + secure-testing/stamps/* files which trigger processing by bin/cron + +~sectracker/.procmailrc invokes bin/read-and-touch to create stamp +files, which are then picked up by bin/cron. This is done to serialize +change events in batches (e.g., commits originated from git-svn). +<sectracker@soriano.debian.org> is subscribed to these mailing lists to +be notified of changes: + + <debian-security-announce@lists.debian.org> + <secure-testing-commits.lists.alioth.debian.org> + +The crontab of the "sectracker" user is set up such that the scripts +are invoked as specified above. + +~sectracker/.wgetrc contains the path to the bundle of certificate +authorities to verify peers for the data fetched via wget: + +ca-certificate=/etc/ssl/ca-global/ca-certificates.crt + +Web server +---------- + +80/TCP is handled by Apache. The Apache configuration is here: + + /srv/security-tracker.debian.org/etc/apache.conf + +mod_proxy is used to forward requests to the actual server which +listens on 127.0.0.1:25648 and is started by the +/srv/security-tracker.debian.org/website/bin/start-daemon script +(using a @reboot action in sectracker's crontab). + +To restart the security tracker service, kill the tracker_service.py +Python process and invoke the start-daemon process as the sectracker +user. + +Logging +------- + +Apache logs are stored in: + + /var/log/apache2/security-tracker.debian.org.access.log + /var/log/apache2/security-tracker.debian.org.error.log + +The Python daemon writes logs to a separate file, too: + + /srv/security-tracker.debian.org/website/log/daemon.log + +This also contains the exception traces. + +debsecan metadata +----------------- + +/srv/security-tracker.debian.org/website/bin/cron contains code which +pushes updates to secure-testing-master, using rsync. + +PTS interface +------------- + +The PTS fetches bug counts from this URL: + + http://security-tracker.debian.org/tracker/data/pts/1 + +Code updates +------------ + +Updates to the Subversion checkout only affect the directory +/srv/security-tracker.debian.org/website/secure-testing/data. +Code changes need to be applied manually, using "svn update", +and a service restart (see above). + +Subversion repository mirror +---------------------------- + +The Subversion repository is mirrored (including history) using +svnsync, to the /srv/security-tracker.debian.org/subversion-backup +directory. The sectracker crontab contains an entry which runs +svnsync periodically. |