adrien/infrastructure
1
0
Fork 0
forked from Deuxfleurs/infrastructure
Code Issues Pull requests Releases Wiki Activity
infrastructure/hammerhead
History
adrien c9e3f01b34 added some buggy traefik configuration
2021-09-05 18:14:52 +02:00
..
app added some buggy traefik configuration 2021-09-05 18:14:52 +02:00
os/config gitea works with Postgre which is not exposed publicly, thanks to Consul Connect - the bug was that Nomad could not reach Consul's gRPC due to IPv4/6 mis-configuration 2021-06-06 18:59:20 +02:00
README.md updated README 2021-06-18 11:54:23 +02:00

README.md

Hammerhead Configuration

Roadmap

  1. Prior

    • The OS is fully installed and configured using the os/config Ansible scripts.
    • Nomad and Consul on HammerHead have custom configurations compared to the rest of the cluster. The configuration files os/config/nomad.hcl and os/config/consul.json need to be in sync on the server at /etc/nomad/nomad.hcl and /etc/consul/consul.json respectively.

  2. Base components: things that need to be installed before services

    • Dummy HTTP server to have something to work with.

    • Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc.

      SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation.

      Consequently, SSL is not supported at the moment. (It would be manual using nginx.)

    • Generate services configuration outside the nginx service definition.

      Can't do because of separation of concerns: files needed by nginx need to be defined in the nginx job specification.

      Solution: each new web service needs:

        * an nginx configuration template at `app/nginx/config`
  * a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.

  3. Gitea installation

    • persistent data -> host_volume

    • Postgres database

      • Persistent data volume - using host_volume in the client config of Nomad (requires a restart, and it's not so fun to add volumes there).

      • How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect !

    • Avoid exposing gitea publicly (on port 3000). Can't without heavy configuration of nginx, to leverage sidecars. Adding another service would be even more painful than it already is.

    • SSL. Can't without heavy-lifting, again due to nginx.

    Conclusion: Don't use nginx.

  4. Wiki installation

    • Postgres database

  5. Gitea migration

    • Postgres database: needs to be its own Nomad job.
    • Gitea: setting it up on Nomad.
    • Migrating data from Serenity, where the DB is MySQL. Expect fun times.
    • Database & files periodic backups

  6. Synapse migration

    • Postgres already setup
    • Migrating from a Postgres on Serenity (easier)
    • Backups

  7. [Own/Next]cloud: Adrien needs it for himself.

    • Compare distribution capabilities / S3-compatibility between the two solutions. The assumption is that Owncloud's Go rewrite is the better fit.
    • Do the things.