[Debian-l10n-devel] Status of ddtp.debian.net|i18n.debian.net|churro

Christian Perrier bubulle at debian.org
Fri Nov 13 06:15:33 UTC 2009 

As many people legitimately worry about the status of i18n.debian.net,
aka ddtp.debian.net aka churro, let's try to give you folks the whole
picture.

This machine, named "churro", has been donated to Debian by the region
of Extremadura in Spain, after the first i18n work sessions that
happened there back in 2006.

It hosts i18n.debian.net and ddtp.debian.net. As a consequence, many
i18n-related services depend on it:
- access to l10n material (from the http://www.debian.org/intl/l10n
pages)
- DDTP web interface (namely DDTSS)
- DDTP mail interface
- A Pootle server (that's used in production only for Debian Installer
l10n by very few teams)
- access to 'compendia' files built from debconf PO files for every
language
- l10n status "robots" used by several teams
- feeding the translated packages descriptions to the Debian archive

In short, a key machine for Debian i18n.

The machine is hosted in one of the region of Extremadura (Junta de
Extremadura) datacenters, in Mérida.

Three people are actively administering the machine: Nicolas François,
Felipe Augusto van de Wiel and me. This plus Michael Bramer for DDTP
stuff. We used to work on it through remote SSH access.

Our local contact there is César Gómez Martín, well known of people
who attended Extremadura i18n meetings as well as Debconf 9
attendees. César is not in the local admin staff of the datacenter but
always acted as our local relay.

Recently, the datacenter network staff decided to reorganize the
network there. That involved IP addresses changes *and* introducing a
firewall.

The firewall was installed several weeks ago...and was suddenly
blocking all access to churro, which explains the breakage we had
netween Sept. 27th and Oct. 5th.

Ports were reopened and, up to October 30th, the machine was back to
life.

Later on, we have been warned that the network was about to be
renumbered and, on Friday October 30th, we had to change churro's
network settings. Given the short notice, none of us could do it, we
then missed the window and it was later impossible to access the
machine to make the changes.

After several contacts last week (mostly on Friday Nov 6th and Sat Nov
7th), Nicolas François was able to get access to the machine, by
rebouding from the local firewall, and then make the needed changes to
IP settings.

We also indicated (with César as proxy to local admins) the ports that
we need to be opened to/from the machine for our services to work.

However, the SSH traffic was still blocked by the local firewall, thus
preventing direct work on the machine and final tuning to bring back
everything to life.

At this moment, SSH traffic is still blocked and we had information
that local admins do not want to open direct SSH traffic to/from the
machine, as they apparently want to control who's accessing it. So,
Nicolas currently has a way to access the machine...and that's all.

Finally, on Nov 11th, we had indication that direct SSH access to
churro *should* be opened. However, César tried but couldn't login to
churro. So, some *local* investigation (at least a reboot) is probably
needed.

Moreover, all of us are fairly busy at work...and have few time during
weeks...while the local people in Extremadura are mostly
active...during the week. Additionnally, César does not live in Mérida
so he's not "close" to the machine.

So, as you can see, communnication is quite shaky and not everything
is completely clear.

What is clear for me at least is that we can't really rely on a
machine that we cannot access directly even if 3 of us are given an
access through the datacenter firewall.

Discussion is currently happening to try to get this policy relaxed
and go back to a situation that's closer to the former situation
(ideally speaking we want to have the same situation!). The last
indication, on Nov 11th, that SSH is now possible, seems to be a step
towards this.


If things get too complicated, we might want to relocate the
server. But that will be the last option as this is anything but
innocent and involves a lot of work for people who have quite few time
for this.

(I already got offers by some of you to host the machine....that's
appreciated but fairly too early as of now)

I hope for things to progress during the upcoming week-end and to be
able to give more news later on. Please be patient and accept our
apologies for the inconveniences you might experience in your work.









-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-l10n-devel/attachments/20091113/2902ded4/attachment.pgp>

More information about the Debian-l10n-devel mailing list