FreedomTunnelCall04/05/2012: Difference between revisions
Jump to navigation
Jump to search
imported>Charlesnw No edit summary |
imported>Charlesnw No edit summary |
||
Line 24: | Line 24: | ||
* it's key to keep data separated from the binaries/recipe | * it's key to keep data separated from the binaries/recipe | ||
* occupy tech ops has full control over infrastructure (root access) | * occupy tech ops has full control over infrastructure (root access) | ||
* division of labor? | |||
* goal is to produce a chef recipe to produce an ldap/ssl/kerberos backend |
Revision as of 22:21, 5 April 2012
Initial conference call to kick of FreedomTunnel work.
Participants:
Ed Isaac Charles Dana
Overview:
- Ed talked about occupy.net web properties needing an LDAP back end. Not sure how much coding is needed.
- Single source of authentication is acceptable.
- Share a domain (occupy.net) so trust can be shared via cookies.
- nycga.net site (separate)
- Potential federation between web properties
- occupy.net is a platform (internationalizing and generic platform)
- occupy.net being a CA? (consider down the line)
- Creating a system image (openvz) is essence of FNF / Occupy collaboration
- Asked about occupy.net infrastructure (is it containers?)
- occupy.net runs on openvz vps instances
- federated, decentralized, distributed infrastrucutre to avoid SPOF
- system image is one way to go, most likely will use chef to provision on top of whatever bare image is available . much easier to put a recipe together, keep it in git and then all you need is a bare image and run a single chef command to get SSO provisioned
- it's key to keep data separated from the binaries/recipe
- occupy tech ops has full control over infrastructure (root access)
- division of labor?
- goal is to produce a chef recipe to produce an ldap/ssl/kerberos backend