Difference between revisions of "Systems deployment"
Jump to navigation
Jump to search
(fixed link syntax) |
|||
Line 89: | Line 89: | ||
* A nice git repo of everything | * A nice git repo of everything | ||
* A nice key management/revocation model | * A nice key management/revocation model | ||
+ | |||
+ | == Network == | ||
+ | |||
+ | Proposition from Tom: | ||
+ | " The edge routers can handle failing over the link from one provider to the other, we'd need a small static IP block for each provider with at least 3 assignable addresses to do failover correctly. No need for a second wifi network, or infrastructure. Once we have the edge routers, make the primary resolver the edge routers, make the edge router forward requests for internal zones to the AD dns servers. This eliminates huge chunks of failure pain points and can be achieved in about 2 hours once we have the hardware. Second connection is a little more complicated, but we could fix a lot of stuff with one purchase of the edge router. | ||
+ | " | ||
[[Category:Systems]] | [[Category:Systems]] |
Revision as of 23:55, 8 December 2017
Current situation
Really bad
Here is a crude list of our services (non-members):
Server | VMID | Name | Role | Deployable | Backuped |
---|---|---|---|---|---|
VM05 | 105 | bob | Samba and VPN | No | Yes |
VM05 | 107 | sally | some members stuff, full of IRC bots that look for care | No | No |
VM05 | 110 | dhcp | Our DHCP and DNS | No (Carl started something on it) | No |
VM05 | 115 | Our mail server | No | No | |
VM05 | 119 | rt | Our Ticket master, or Really Terrible | No (Bjonnh is working on it) | Yes |
VM05 | 121 | wiki-ansibled | Our wiki | Yes (but could take some love and ansible vault) | Yes |
VM05 | 123 | ps1auth | Our members system, slowly crumbling away | No | Yes |
VM05 | 131 | windows10-test-samba | A Windows test instance to see if samba is working correctly, of course running on the same host as samba to make it useless | No (Not meant for it) | No |
Cloud1 | 101 | www1 | Our web frontend (no, not the blog, just our front-end to the world) | No | No |
Expected situation
- Ansible deployment playbooks using Ansible Vault for credentials:
- Master credentials for CTO (common to all services)
- (ir)responsible credentials for whomever wants to play with it
- Ability to bootstrap from backups
- Updated versions and homogeneous Linux distributions (for now Debian is the default for new machines)
- Netdata or some form of monitoring (including on the hosts)
- Log aggregations?
- A nice plan of how everything works
- A nice git repo of everything
- A nice key management/revocation model
Network
Proposition from Tom: " The edge routers can handle failing over the link from one provider to the other, we'd need a small static IP block for each provider with at least 3 assignable addresses to do failover correctly. No need for a second wifi network, or infrastructure. Once we have the edge routers, make the primary resolver the edge routers, make the edge router forward requests for internal zones to the AD dns servers. This eliminates huge chunks of failure pain points and can be achieved in about 2 hours once we have the hardware. Second connection is a little more complicated, but we could fix a lot of stuff with one purchase of the edge router. "