infrastructure/hammerhead/README.md

# Hammerhead Configuration 

## Roadmap

0. Prior

	* The OS is fully installed and configured using the `os/config` Ansible scripts. 
	* Nomad and Consul on HammerHead have custom configurations compared to the rest of the cluster. The configuration files `os/config/nomad.hcl` and `os/config/consul.json` need to be in sync on the server at `/etc/nomad/nomad.hcl` and `/etc/consul/consul.json` respectively.

1. Base components: things that need to be installed before services

	* [x] Dummy HTTP server to have something to work with.
	* [x] Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc. 

		SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation. 

		Consequently, SSL is not supported at the moment. (It would be manual using nginx.)

	* [x] Generate services configuration outside the nginx service definition.

		Can't do because of *separation of concerns*: files needed by nginx need to be defined in the nginx job specification.

		Solution: each new web service needs:

			* an nginx configuration template at `app/nginx/config`
			* a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.

2. Gitea installation 

	* [x] persistent data -> `host_volume`

	* [x] Postgres database 

		* [x] Persistent data volume - using `host_volume` in the `client` config of Nomad (requires a restart, and it's not so fun to add volumes there).

		* [x] How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect !

	* [ ] Avoid exposing gitea publicly (on port 3000). Can't without heavy configuration of nginx, to leverage sidecars. Adding another service would be even more painful than it already is. 

	* [ ] SSL. Can't without heavy-lifting, again due to nginx.

	Conclusion: Don't use nginx. 

2. Wiki installation

	* Postgres database

		
3. Gitea migration

	* Postgres database: needs to be its own Nomad job.
	* Gitea: setting it up on Nomad.
	* Migrating data from Serenity, where the DB is MySQL. Expect fun times.
	* Database & files periodic backups

4. Synapse migration 

	* Postgres already setup 
	* Migrating from a Postgres on Serenity (easier)
	* Backups

5. [Own/Next]cloud: Adrien needs it for himself.

	* Compare distribution capabilities / S3-compatibility between the two solutions. The assumption is that Owncloud's Go rewrite is the better fit.
	* Do the things.
wrote a roadmap 2021-05-08 10:44:27 +00:00			`# Hammerhead Configuration`

			`## Roadmap`

			`0. Prior`

			* The OS is fully installed and configured using the `os/config` Ansible scripts.
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			* Nomad and Consul on HammerHead have custom configurations compared to the rest of the cluster. The configuration files `os/config/nomad.hcl` and `os/config/consul.json` need to be in sync on the server at `/etc/nomad/nomad.hcl` and `/etc/consul/consul.json` respectively.
wrote a roadmap 2021-05-08 10:44:27 +00:00
			`1. Base components: things that need to be installed before services`

nginx load-balances a dummy http server 2021-05-08 12:25:56 +00:00			`* [x] Dummy HTTP server to have something to work with.`
dummy server properly configured, nginx configuration for dummy server too, I just need to verify that the nginx configuration is properly modified when dummy server replicas are added/removed (done: it works) 2021-05-08 14:36:44 +00:00			`* [x] Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc.`
WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00
			`SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation.`

			`Consequently, SSL is not supported at the moment. (It would be manual using nginx.)`

dummy server properly configured, nginx configuration for dummy server too, I just need to verify that the nginx configuration is properly modified when dummy server replicas are added/removed (done: it works) 2021-05-08 14:36:44 +00:00			`* [x] Generate services configuration outside the nginx service definition.`

			`Can't do because of separation of concerns: files needed by nginx need to be defined in the nginx job specification.`

WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			`Solution: each new web service needs:`
dummy server properly configured, nginx configuration for dummy server too, I just need to verify that the nginx configuration is properly modified when dummy server replicas are added/removed (done: it works) 2021-05-08 14:36:44 +00:00
WIP: working on sidecars, it fails 2021-06-06 11:40:04 +00:00			* an nginx configuration template at `app/nginx/config`
			* a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.
wrote a roadmap 2021-05-08 10:44:27 +00:00
updated README 2021-06-18 09:54:23 +00:00			`2. Gitea installation`
minor 2021-05-14 08:32:40 +00:00
updated README 2021-06-18 09:54:23 +00:00			* [x] persistent data -> `host_volume`

			`* [x] Postgres database`
added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00
			* [x] Persistent data volume - using `host_volume` in the `client` config of Nomad (requires a restart, and it's not so fun to add volumes there).

updated README 2021-06-18 09:54:23 +00:00			`* [x] How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect !`

			`* [ ] Avoid exposing gitea publicly (on port 3000). Can't without heavy configuration of nginx, to leverage sidecars. Adding another service would be even more painful than it already is.`

			`* [ ] SSL. Can't without heavy-lifting, again due to nginx.`

			`Conclusion: Don't use nginx.`

			`2. Wiki installation`

			`* Postgres database`


added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00


			`3. Gitea migration`
wrote a roadmap 2021-05-08 10:44:27 +00:00
			`* Postgres database: needs to be its own Nomad job.`
			`* Gitea: setting it up on Nomad.`
			`* Migrating data from Serenity, where the DB is MySQL. Expect fun times.`
			`* Database & files periodic backups`

added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`4. Synapse migration`
wrote a roadmap 2021-05-08 10:44:27 +00:00
			`* Postgres already setup`
			`* Migrating from a Postgres on Serenity (easier)`
			`* Backups`

added Postgres and gitea, WIP 2021-06-05 06:58:36 +00:00			`5. [Own/Next]cloud: Adrien needs it for himself.`
wrote a roadmap 2021-05-08 10:44:27 +00:00
			`* Compare distribution capabilities / S3-compatibility between the two solutions. The assumption is that Owncloud's Go rewrite is the better fit.`
			`* Do the things.`