From The Commons
Initial conference call to kick of FreedomTunnel work.
- Ed talked about occupy.net web properties needing an LDAP back end. Not sure how much coding is needed.
- Single source of authentication is acceptable.
- Share a domain (occupy.net) so trust can be shared via cookies.
- nycga.net site (separate)
- Potential federation between web properties
- occupy.net is a platform (internationalizing and generic platform)
- occupy.net being a CA? (consider down the line)
- Creating a system image (openvz) is essence of FNF / Occupy collaboration
- Asked about occupy.net infrastructure (is it containers?)
- occupy.net runs on openvz vps instances
- federated, decentralized, distributed infrastrucutre to avoid SPOF
- system image is one way to go, most likely will use chef to provision on top of whatever bare image is available . much easier to put a recipe together, keep it in git and then all you need is a bare image and run a single chef command to get SSO provisioned
- it's key to keep data separated from the binaries/recipe
- occupy tech ops has full control over infrastructure (root access)
- division of labor?
- goal is to produce a chef recipe to produce an ldap/ssl/kerberos backend workable on any Debian based VM (regardless of VmWare/Vbox/OpenVZ underneath)
- ed is familiar with LDAP/Kerberos and will explore them in more detail
- looking for development resources (chef,ldap,kerberos experts)
- Dana will followup with potential development resources
- Setup chef infrastructure
- Install LDAP
- Install kerberos
- Configure them
- Test across distros
- Replication between masters for HA
- Keep data separate
- Handling data transport security
- Magic iterative releases here
- September 17th beta target