On saturday, 13th of July 2019, in a joint operation, CAcert Infrastructure Team and CAcert Critical Team updated the operation system of CAcert’s infrastructure in the Netherlands sucessfully. The system is now running on the Debian Buster OS release that has been released by the Debian project last weekend.
The teams started this morning at around 9:30 CEST and finished the upgrades at 16:30 CEST, some of our applications turned back to service afterwards. The system is running smoothly now.
What is new?
The new OS release provides some features that are important for our infrastructure and will allow better operation of our applications in the future:
- LXC has been upgraded from the somewhat primitive 0.8.0 pre-release to LXC 3.0.3 that has a proper API, better security and which will help application administrators
- Firewalling/forwarding/NAT should now be faster then the old iptables setup. We still use ferm as a wrapper but the CAcert Infrastructure Team is already considering switching to native nftables rules that will provide a similar but faster rule set.
- Further details about this major update can be read on our mailing list.
CAcert Infrastructure Team Lead JanDD is happy that we could finish this big upgrade and that we could implement all these changes for you. In a statement made on the early saturday evening, he thanked again to Wytze from CAcert Critical Team for his great support during the day.
The volunteers from these two teams worked for seven and a half hours today, Saturday, to keep our systems up to date. Join us in thanking them and donate now at your own discretion. Your donation will only be used to pay for the infrastructure (hosting, electricity in the data center). «I say thank you to Jan and Wytze and their team with a donation!»
If you find any issues that might be caused by the upgrade feel free to file bugs on https://bugs.cacert.org/ (at project Infrastructure > Infrastructue hosts).
If you want to join one of our teams, please join the development mailing list or write to the secretary.
The CAcert Infrastructure Team will perform a major system upgrade of our infrastructure host tomorrow, 13th of July 2019, starting at 8am UTC/10am CEST. Wytze van der Raay of the critical infrastructure team will assist via remote console if necessary.
We expect the upgrade to run for at least 4 hours and some services might need fixes that will require even longer.
Most services will be unavailable at least for parts of the upgrade session. We will try to keep the downtime of essential services (email, emailout, lists, blog, wiki) as short as possible. We hope to not cause to many inconvenience but we cannot wait longer to perform these long needed update. The Debian Buster stable release last week and the recently acquired knowledge on how to use the remote console system of infra02 inspired us to perform the upgrade now.
CAcert Infrastructure Team Lead
Please support the hudge work of the volunteers of our Infrastrucutre Team, please donate to continue to run this service. Thank you.
CAcert still not available in Congo-Kinshasa. After the government ordered the Internet to be turned off on 30 December last year, the interruption was today extended indefinitely.
CAcert toujours pas disponible au Congo-Kinshasa. Après que le gouvernement a ordonné la fermeture d’Internet le 30 décembre de l’année dernière, l’interruption a été aujourd’hui prolongée indéfiniment.
The CAcert OCSP and CRL services are temporarily unavailable due to a problem with our firewall, which cannot be fixed remotely. Therefore a site visit has been planned to remedy the problem.
The problem started on May 4 around 8:20 CEST, and will hopefully be fixed by May 6 around 15:30 CEST.
The move of all existing CAcert servers to a new smaller rack at the current hosting centre has completed, mostly successful, on December 12 at 23:00 UTC. All main services are available again now, but we still have some smaller problems to sort out, mostly due to the switch-over to a new much more compact firewall with a completely new architecture.
So please bear with us while we iron out the remaining problems, and feel free to report any issues you are still encountering.
Please join me in expressing thanks to the team that worked very hard over four hours after an already stressful day to get this major job completed: Stefan Kooman, Mendel Mobach, Martin Simons.
On December 12 2013, we are planning to move all existing CAcert servers to a new smaller rack in the current hosting centre. In this new rack we will also have a new much more compact firewall installed, and a new energy-efficient infrastructure server.
All good news, but the downside is that all CAcert servers and services will be unavailable for a couple of hours. This outage will take place between 18:00 and 23:00 UTC on December 12, and of course we are striving to keep this downtime as short as possible,
In any case, critical services will be working again on leaving the hosting center, but in the case of unexpected complications, it is possible that non-critical services may only be restored the next day.
See also https://lists.cacert.org/wws/arc/cacert-sysadm/2013-12/msg00000.html for further details. We apologize for any inconvenience caused by this major but necessary operation.
Due to maintance service there will be a short internet connection downtime for ALL CAcert internet services for about 5 min during the given time period. (see https://lists.cacert.org/wws/arc/cacert-sysadm/2013-11/msg00003.html)
We appologize for any inconvience.
The CAcert main webserver will be unavailable for about one hour on Wednesday November 23, 2011, starting at 10:00 UTC. A database update is scheduled to take place on that day between 10:00 UTC and 11:00 UTC. If you are interested in the technical details, please check https://bugs.cacert.org/view.php?id=976.
We expect that the update will be completed within one hour. During the update the website cannot be accessed, and no certificates can be issued or revoked. Other CAcert services (CRL, OCSP, mailing lists, wiki etc) will remain available as usual.
We have scheduled to perform a system software upgrade of the CAcert webserver on Wednesday December 29 2010, starting at 10:00 CET. The upgrade will last at most until 13:00 CET, but we are aiming to complete well before that time. During the upgrade, the CAcert webserver will be unavailable for all users, and no certificates can be signed or revoked. All other CAcert servers will remain up and running though (including OCSP and CRL services).
Wytze van der Raay
team leader CAcert ciritical system administrators
Wytze reports on a planned outage for CAcert main systems, as the systems are moved from one rack to another:
“The move has been scheduled for Tuesday June 15, starting at 10:00 CEST, and hopefully ending before 18:00 CEST.
During a significant part of that period, all systems will be down. We will take care of providing a backup during the outage for ocsp.cacert.org (to avoid inconveniencing browser users which have OCSP enabled for CAcert, as they should!), and a placeholder for www.cacert.org which report the downtime and the reason for it.”