From: Christian Pointner Date: Mon, 26 Nov 2018 20:41:34 +0000 (+0100) Subject: gnocci-v-gnocchi X-Git-Url: https://git.realraum.at/?a=commitdiff_plain;h=1f43c8db8622ed77aecb7789b0937f40dec17621;p=noc.git gnocci-v-gnocchi --- diff --git a/ansible/hosts.ini b/ansible/hosts.ini index 4853f9a..460ca5f 100644 --- a/ansible/hosts.ini +++ b/ansible/hosts.ini @@ -13,7 +13,7 @@ galley hacksch r3home tickets -gnocci[0:1] +gnocchi[0:1] ## TODO: remove the variable once https://github.com/ansible/ansible/issues/39119 is fixed metrics localconfig_ssh_config_user=root @@ -26,11 +26,11 @@ host_domain=mgmt.realraum.at [baremetalservers] alfred -gnocci[0:1] +gnocchi[0:1] [kvmhosts] alfred -gnocci[0:1] +gnocchi[0:1] [virtualservers] @@ -75,4 +75,4 @@ localconfig_ssh_config_user=root #torwaechter [apu] -gnocci[0:1] +gnocchi[0:1] diff --git a/doc/gnocchi.org b/doc/gnocchi.org new file mode 100644 index 0000000..b9d1d92 --- /dev/null +++ b/doc/gnocchi.org @@ -0,0 +1,84 @@ +* Roadmap +** DONE Get tunnel & subnet from mur.at for testing [2/2] +*** DONE Get approval from mur.at + CLOSED: [2018-06-01 Fri 20:29] +*** DONE Set up tunnel + CLOSED: [2018-06-02 Sa 01:26] + Assigned: equinox + IPv4: 89.106.211.0/28 + IPv6: 2a02:3e0:4001::/48 + IPIP Tunnel Endpoint: 10.12.240.246 +** DONE Create new VLANs [3/3] +*** DONE mgmt VLAN 32 (aka new managemnt VLAN) + CLOSED: [2018-06-02 Sa 03:17] + Assigned: equinox +*** DONE Finish converting plan to diagram & push to ikiwiki + CLOSED: [2018-07-08 So 00:07] + Assigned: nicoo +*** DONE Remaining VLANs + CLOSED: [2018-07-08 So 00:07] + Assigned: equinox (waiting for nicoo to upload the diagram) +** TODO Bring gnocchi online [0/2] +*** TODO Move gnocchis to the rack in W1 + Assigned: nicoo +*** TODO Setup [3/9] +**** DONE Adapt vm/setup to be able to bring up Gnocchi VMs + CLOSED: [2018-06-17 Sun 12:32] + + vm/setup had implicit assumptions about network which might not have + held when installing core network VMs on gnocchi + + It now only needs connectivity on the VM's primary interface, + to the configured debian mirror. + +**** TODO Prepare preseed installs for gnocchis + Assigned: nicoo + + Generate preseed in Ansible, concat to initramfs. + +**** TODO 1 if -> mgmt, 2 if -> lacp -> tagged VLANs +**** DONE Basic services on hypervisor [3/3] + Assigned: nicoo +***** DONE NTPd + CLOSED: [2018-06-17 Sun 16:31] +***** DONE Haveged + CLOSED: [2018-06-08 Sun 21:24] +***** DONE Provide time & entropy to guests + CLOSED: [2018-06-08 Sun 21:24] + +**** TODO Get the vm-host role working there +**** DONE Figure out best way to virtualize OpenWRT + CLOSED: [2018-06-17 So 16:00] + Assigned: equinox + + Openwrt x86_64 have everything built in to run inside KVM + I propose to store to have 2 disks for the VMs. The first will contain + the kernel as well as a sqashfs root filesystem. The second one will hold + the overlay. This is basically a ext-root setup: + + https://openwrt.org/docs/guide-user/additional-software/extroot_configuration + +**** TODO Move gw to a gnocchi VM +Clone the VM, run with the legacy VLANs +**** TODO VMs for firewaling & basic net services (1/subnet) +Sit directly on the service LAN (original /27) +**** TODO VMs for critical services [0/4] +***** TODO DNS resolver +unbound or getdns +***** TODO Authoritative NS for realraum.at +bind (potentially) +***** TODO Authn/authz [0/2] +****** TODO whawty +****** TODO RADIUS +***** TODO netboot.xyz +* Future stuffs +** Switch to a wireguard tunnel +*** Upgrade r2ko to LEDE +**** Forward-port murtun +**** Actual upgrade +*** Setup tunnel +** Hardware RNG & key storage +*** Design miniPCIe PCB for Flying Stone 1 + Only uses power & USB + Assigned: equinox +*** Forward key intarface to guests diff --git a/doc/gnocci.org b/doc/gnocci.org deleted file mode 100644 index 1dbd698..0000000 --- a/doc/gnocci.org +++ /dev/null @@ -1,84 +0,0 @@ -* Roadmap -** DONE Get tunnel & subnet from mur.at for testing [2/2] -*** DONE Get approval from mur.at - CLOSED: [2018-06-01 Fri 20:29] -*** DONE Set up tunnel - CLOSED: [2018-06-02 Sa 01:26] - Assigned: equinox - IPv4: 89.106.211.0/28 - IPv6: 2a02:3e0:4001::/48 - IPIP Tunnel Endpoint: 10.12.240.246 -** DONE Create new VLANs [3/3] -*** DONE mgmt VLAN 32 (aka new managemnt VLAN) - CLOSED: [2018-06-02 Sa 03:17] - Assigned: equinox -*** DONE Finish converting plan to diagram & push to ikiwiki - CLOSED: [2018-07-08 So 00:07] - Assigned: nicoo -*** DONE Remaining VLANs - CLOSED: [2018-07-08 So 00:07] - Assigned: equinox (waiting for nicoo to upload the diagram) -** TODO Bring gnocchi online [0/2] -*** TODO Move gnocchis to the rack in W1 - Assigned: nicoo -*** TODO Setup [3/9] -**** DONE Adapt vm/setup to be able to bring up Gnocci VMs - CLOSED: [2018-06-17 Sun 12:32] - - vm/setup had implicit assumptions about network which might not have - held when installing core network VMs on gnocci - - It now only needs connectivity on the VM's primary interface, - to the configured debian mirror. - -**** TODO Prepare preseed installs for gnocchis - Assigned: nicoo - - Generate preseed in Ansible, concat to initramfs. - -**** TODO 1 if -> mgmt, 2 if -> lacp -> tagged VLANs -**** DONE Basic services on hypervisor [3/3] - Assigned: nicoo -***** DONE NTPd - CLOSED: [2018-06-17 Sun 16:31] -***** DONE Haveged - CLOSED: [2018-06-08 Sun 21:24] -***** DONE Provide time & entropy to guests - CLOSED: [2018-06-08 Sun 21:24] - -**** TODO Get the vm-host role working there -**** DONE Figure out best way to virtualize OpenWRT - CLOSED: [2018-06-17 So 16:00] - Assigned: equinox - - Openwrt x86_64 have everything built in to run inside KVM - I propose to store to have 2 disks for the VMs. The first will contain - the kernel as well as a sqashfs root filesystem. The second one will hold - the overlay. This is basically a ext-root setup: - - https://openwrt.org/docs/guide-user/additional-software/extroot_configuration - -**** TODO Move gw to a gnocchi VM -Clone the VM, run with the legacy VLANs -**** TODO VMs for firewaling & basic net services (1/subnet) -Sit directly on the service LAN (original /27) -**** TODO VMs for critical services [0/4] -***** TODO DNS resolver -unbound or getdns -***** TODO Authoritative NS for realraum.at -bind (potentially) -***** TODO Authn/authz [0/2] -****** TODO whawty -****** TODO RADIUS -***** TODO netboot.xyz -* Future stuffs -** Switch to a wireguard tunnel -*** Upgrade r2ko to LEDE -**** Forward-port murtun -**** Actual upgrade -*** Setup tunnel -** Hardware RNG & key storage -*** Design miniPCIe PCB for Flying Stone 1 - Only uses power & USB - Assigned: equinox -*** Forward key intarface to guests