Deuxfleurs/infrastructure
Archived
23
2
Fork 2
Code Issues 22 Pull requests Projects 1 Releases Wiki Activity
This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/hammerhead/README.md
LUXEY Adrien 6aa3369341 updated README
2021-06-18 11:54:23 +02:00

69 lines
2.6 KiB
Markdown
Raw Blame History

# Hammerhead Configuration
## Roadmap
0. Prior
* The OS is fully installed and configured using the `os/config` Ansible scripts.
* Nomad and Consul on HammerHead have custom configurations compared to the rest of the cluster. The configuration files `os/config/nomad.hcl` and `os/config/consul.json` need to be in sync on the server at `/etc/nomad/nomad.hcl` and `/etc/consul/consul.json` respectively.
1. Base components: things that need to be installed before services
* [x] Dummy HTTP server to have something to work with.
* [x] Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc.
SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation.
Consequently, SSL is not supported at the moment. (It would be manual using nginx.)
* [x] Generate services configuration outside the nginx service definition.
Can't do because of *separation of concerns*: files needed by nginx need to be defined in the nginx job specification.
Solution: each new web service needs:
* an nginx configuration template at `app/nginx/config`
* a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.
2. Gitea installation
* [x] persistent data -> `host_volume`
* [x] Postgres database
* [x] Persistent data volume - using `host_volume` in the `client` config of Nomad (requires a restart, and it's not so fun to add volumes there).
* [x] How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect !
* [ ] Avoid exposing gitea publicly (on port 3000). Can't without heavy configuration of nginx, to leverage sidecars. Adding another service would be even more painful than it already is.
* [ ] SSL. Can't without heavy-lifting, again due to nginx.
Conclusion: Don't use nginx.
2. Wiki installation
* Postgres database
3. Gitea migration
* Postgres database: needs to be its own Nomad job.
* Gitea: setting it up on Nomad.
* Migrating data from Serenity, where the DB is MySQL. Expect fun times.
* Database & files periodic backups
4. Synapse migration
* Postgres already setup
* Migrating from a Postgres on Serenity (easier)
* Backups
5. [Own/Next]cloud: Adrien needs it for himself.
* Compare distribution capabilities / S3-compatibility between the two solutions. The assumption is that Owncloud's Go rewrite is the better fit.
* Do the things.
Reference in a new issue View git blame Copy permalink