[Secure-testing-commits] r36072 - doc
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 14 18:49:49 UTC 2015
Author: carnil
Date: 2015-08-14 18:49:49 +0000 (Fri, 14 Aug 2015)
New Revision: 36072
Added:
doc/soriano.txt
Log:
Add documentation for setup on soriano.d.o
Added: doc/soriano.txt
===================================================================
--- doc/soriano.txt (rev 0)
+++ doc/soriano.txt 2015-08-14 18:49:49 UTC (rev 36072)
@@ -0,0 +1,97 @@
+Tracker setup on soriano.debian.org
+===================================
+
+(This is internal documentation, in case things need to be fixed.
+It is not relevant to day-to-day editing tasks.)
+
+Relevant files and directories
+------------------------------
+
+The tracker runs under the user ID "sectracker". Most of its files
+are stored in the directory /srv/security-tracker.debian.org/website:
+
+ bin/cron invoked by cron once every minute
+ bin/cron-hourly invoked by cron once every hour
+ bin/cron-daily invoked by cron once every day
+ bin/read-and-touch invoked by ~/.procmailrc
+ bin/start-daemon invoked by cron at reboot
+
+ secure-testing Subversion checkout
+ secure-testing/bin/* main entry points, called bin bin/cron
+ secure-testing/stamps/* files which trigger processing by bin/cron
+
+~sectracker/.procmailrc invokes bin/read-and-touch to create stamp
+files, which are then picked up by bin/cron. This is done to serialize
+change events in batches (e.g., commits originated from git-svn).
+<sectracker at soriano.debian.org> is subscribed to these mailing lists to
+be notified of changes:
+
+ <debian-security-announce at lists.debian.org>
+ <secure-testing-commits.lists.alioth.debian.org>
+
+The crontab of the "sectracker" user is set up such that the scripts
+are invoked as specified above.
+
+~sectracker/.wgetrc contains the path to the bundle of certificate
+authorities to verify peers for the data fetched via wget:
+
+ca-certificate=/etc/ssl/ca-global/ca-certificates.crt
+
+Web server
+----------
+
+80/TCP is handled by Apache. The Apache configuration is here:
+
+ /srv/security-tracker.debian.org/etc/apache.conf
+
+mod_proxy is used to forward requests to the actual server which
+listens on 127.0.0.1:25648 and is started by the
+/srv/security-tracker.debian.org/website/bin/start-daemon script
+(using a @reboot action in sectracker's crontab).
+
+To restart the security tracker service, kill the tracker_service.py
+Python process and invoke the start-daemon process as the sectracker
+user.
+
+Logging
+-------
+
+Apache logs are stored in:
+
+ /var/log/apache2/security-tracker.debian.org.access.log
+ /var/log/apache2/security-tracker.debian.org.error.log
+
+The Python daemon writes logs to a separate file, too:
+
+ /srv/security-tracker.debian.org/website/log/daemon.log
+
+This also contains the exception traces.
+
+debsecan metadata
+-----------------
+
+/srv/security-tracker.debian.org/website/bin/cron contains code which
+pushes updates to secure-testing-master, using rsync.
+
+PTS interface
+-------------
+
+The PTS fetches bug counts from this URL:
+
+ http://security-tracker.debian.org/tracker/data/pts/1
+
+Code updates
+------------
+
+Updates to the Subversion checkout only affect the directory
+/srv/security-tracker.debian.org/website/secure-testing/data.
+Code changes need to be applied manually, using "svn update",
+and a service restart (see above).
+
+Subversion repository mirror
+----------------------------
+
+The Subversion repository is mirrored (including history) using
+svnsync, to the /srv/security-tracker.debian.org/subversion-backup
+directory. The sectracker crontab contains an entry which runs
+svnsync periodically.
More information about the Secure-testing-commits
mailing list