Home Wiki > openSUSE:Infrastructure policy
Sign up | Login

openSUSE:Infrastructure policy

tagline: From openSUSE

The SUSE Systems Management teams maintain the openSUSE infrastructure and members of the community have the opportunity to manage and administer services related to their work and contributions on the openSUSE infrastructure. This policy should help both sides getting the right expectations and assumptions to successfully provide the infrastructure behind openSUSE.

openSUSE infrastructure policy

The SUSE Systems Management team maintains the openSUSE infrastructure and members of the community have the opportunity to manage and administer services related to their work and contributions on the openSUSE infrastructure.

Servers are either hosted in Provo, UT, USA or Nuremberg, Germany. New deployments will predominantly take place in Nuremberg, Germany. All servers must comply with the requirements outlined below:

  1. The SUSE Systems Management team is afford root access and is aware of the root password
  2. At least one person responsible for managing the server is registered with the SUSE Systems Management team
    1. Person responsible is expected to respond to e-mail within 24 hours
    2. It is desirable that the responsible person is reachable on IRC on most days between the hours of 11:00 A.M. And 3:00 P.M. UTC
  3. Services accessible externally need to be minimized
  4. All services must start automatically after a reboot
  5. Servers are configured with a static IP address
  6. In general servers should run openSUSE or SUSE as the operating system. The operating system on the server needs to be maintained
  7. Servers are configured to access the appropriate update repositories
  8. Automatic updates need to be enabled, it is acceptable to skip updates that require user interaction
  9. All security updates (including kernel updates) must be installed as soon as possible. If this is for some reason not possible an exception must be granted bu SUSE Systems Services
  10. Services should be protected with AppArmor or SELinux
  11. If console access is required a written agreement is needed
  12. Monitoring : all machine have to answer on ICMP echo request (ping), monitoring other services is recommended.
  13. Direct root login with the root password must be disabled, direct ssh-key login is acceptable
  14. Remote syslogging must be configured

All systems are subject to a maintenance window every Thursday between 8:00 A.M. And 10:00 A.M. local Nuremberg time.

Anyone maintaining a server on the openSUSE infrastructure is expected to be subscribed to the admin@opensuse.org mailing list.

The SUSE Systems Management team maintains a list of servers maintained on the openSUSE infrastructure. Adding new services requires agreement to this policy and a request to the SUSE Systems Management team via admin@opensuse.org. Violations of the policy will be documented and escalated to the openSUSE board. In emergency or security cases the Systems Management team reserves the right to shut down the server. People listed as contacts will be informed accordingly.

All running servers will be evaluated every 6 month to determined continued need for the services provided. If a service is deemed outdated or the server hosts content that may no longer be needed the maintainer on record will be contacted to provide additional details. If no response is received within a 2 week period the server will be shut down.


Communication

IRC channels

Mailing list

Other communication


See also

Related articles

External links