Systems deployment
From Pumping Station One
Current situation
Really bad
Here is a crude list of our services (non-members):
Server | VMID | Name | Role | Deployable | Backuped |
---|---|---|---|---|---|
VM05 | 105 | bob | Samba and VPN | No | Yes |
VM05 | 107 | sally | some members stuff, full of IRC bots that look for care | No | No |
VM05 | 110 | dhcp | Our DHCP and DNS | No (Carl started something on it) | No |
VM05 | 115 | Our mail server | No | No | |
VM05 | 119 | rt | Our Ticket master, or Really Terrible | No (Bjonnh is working on it) | Yes |
VM05 | 121 | wiki-ansibled | Our wiki | Yes (but could take some love and ansible vault) | Yes |
VM05 | 123 | ps1auth | Our members system, slowly crumbling away | No | Yes |
VM05 | 131 | windows10-test-samba | A Windows test instance to see if samba is working correctly, of course running on the same host as samba to make it useless | No (Not meant for it) | No |
Cloud1 | 101 | www1 | Our web frontend (no, not the blog, just our front-end to the world) | No | No |
Expected situation
- Ansible deployment playbooks using Ansible Vault for credentials:
- Master credentials for CTO (common to all services)
- (ir)responsible credentials for whomever wants to play with it
- Ability to bootstrap from backups
- Updated versions and homogeneous Linux distributions (for now Debian is the default for new machines)
- Netdata or some form of monitoring (including on the hosts)
- Log aggregations?
- A nice plan of how everything works
- A nice git repo of everything
- A nice key management/revocation model