Editing FreedomTunnelCall04/05/2012 (section)

Initial conference call to kick of FreedomTunnel work.

Participants:

* Ed 
* Isaac
* Charles
* Dana


Overview:
* Ed talked about occupy.net web properties needing an LDAP back end. Not sure how much coding is needed. 
* Single source of authentication is acceptable. 
* Share a domain (occupy.net) so trust can be shared via cookies.
* nycga.net site (separate) 
* Potential federation between web properties 
* occupy.net is a platform (internationalizing and generic platform) 
* occupy.net being a CA? (consider down the line)
* Creating a system image (openvz) is essence of FNF / Occupy collaboration
* Asked about occupy.net infrastructure (is it containers?)
* occupy.net runs on openvz vps instances
* federated, decentralized, distributed infrastrucutre to avoid SPOF
* system image is one way to go, most likely will use chef to provision on top of whatever bare image is available . much easier to put a recipe together, keep it in git and then all you need is a bare image and run a single chef command to get SSO provisioned
* it's key to keep data separated from the binaries/recipe
* occupy tech ops has full control over infrastructure (root access)
* division of labor?
* goal is to produce a chef recipe to produce an ldap/ssl/kerberos backend workable on any Debian based VM (regardless of VmWare/Vbox/OpenVZ underneath)
* ed is familiar with LDAP/Kerberos and will explore them in more detail
* looking for development resources (chef,ldap,kerberos experts)
* Dana will followup with potential development resources


Components:

* Setup chef infrastructure
* Install LDAP 
* Install kerberos
* Configure them
* Test across distros
* Replication between masters for HA
* Keep data separate
* Handling data transport security 

Milestone targets:

*Magic iterative releases here
*September 17th beta target