FreedomTunnelCall04/05/2012: Difference between revisions

Initial conference call to kick of FreedomTunnel work.

Participants:

• Ed
• Isaac
• Charles
• Dana

Overview:

• Ed talked about occupy.net web properties needing an LDAP back end. Not sure how much coding is needed.
• Single source of authentication is acceptable.
• Share a domain (occupy.net) so trust can be shared via cookies.
• nycga.net site (separate)
• Potential federation between web properties
• occupy.net is a platform (internationalizing and generic platform)
• occupy.net being a CA? (consider down the line)
• Creating a system image (openvz) is essence of FNF / Occupy collaboration
• Asked about occupy.net infrastructure (is it containers?)
• occupy.net runs on openvz vps instances
• federated, decentralized, distributed infrastrucutre to avoid SPOF
• system image is one way to go, most likely will use chef to provision on top of whatever bare image is available . much easier to put a recipe together, keep it in git and then all you need is a bare image and run a single chef command to get SSO provisioned
• it's key to keep data separated from the binaries/recipe
• occupy tech ops has full control over infrastructure (root access)
• division of labor?
• goal is to produce a chef recipe to produce an ldap/ssl/kerberos backend workable on any Debian based VM (regardless of VmWare/Vbox/OpenVZ underneath)
• ed is familiar with LDAP/Kerberos and will explore them in more detail
• looking for development resources (chef,ldap,kerberos experts)
• Dana will followup with potential development resources

Components:

• Setup chef infrastructure
• Install LDAP
• Install kerberos
• Configure them
• Test across distros
• Replication between masters for HA
• Keep data separate
• Handling data transport security

Milestone targets:

• Magic iterative releases here
• September 17th beta target