| | 1 | = Sysadmin Meeting Minutes |
| | 2 | |
| | 3 | Participants:: |
| | 4 | kallisti5, waddlesplash, nielx |
| | 5 | Date:: |
| | 6 | 8 October 2017 |
| | 7 | Location:: |
| | 8 | `#haiku-dev` on Freenode |
| | 9 | |
| | 10 | == Decisions |
| | 11 | The following decisions were made: |
| | 12 | * All essential services will be moved to `maui` |
| | 13 | * Baron will be decommissioned when that process has finished |
| | 14 | * The team will first focus on moving/retiring the services on vmrepo. With those lessons learned the rest of the plan can be made. |
| | 15 | |
| | 16 | == Action Points |
| | 17 | The following tasks were created and assigned: |
| | 18 | * nielx: Investigate the best way to share critical passwords |
| | 19 | * kallisti5: Investigate moving git and cgit to `maui`, in combination with gerrit |
| | 20 | * nielx: Investigate haikudepot and work on moving it |
| | 21 | * nielx: investigate the svn and hg repositories on vmrepo and see if they need to move |
| | 22 | |
| | 23 | == Minutes |
| | 24 | |
| | 25 | === Current plans |
| | 26 | * Move '''essential services''' to the new `maui` server |
| | 27 | * Decommission `baron` and return the server to Hertzner |
| | 28 | * The new server will primarily use Docker containers to host the services |
| | 29 | |
| | 30 | === Maui |
| | 31 | * This is a beefy new server to replace baron. |
| | 32 | |
| | 33 | '''Server Specs''' |
| | 34 | * Hosted by Hetzner (like baron) |
| | 35 | * 64 GB of RAM (was 16 GB) |
| | 36 | * 4 TiB in a RAID 1 mirror |
| | 37 | * More CPUs than baron |
| | 38 | * Runs on Fedora server |
| | 39 | * Setup with SELinux in enforcing mode |
| | 40 | |
| | 41 | '''Documentation''' |
| | 42 | * `kallisti5` did the initial configuration |
| | 43 | |
| | 44 | '''Access to maui''' |
| | 45 | * Current access is for axeld, jessicah, pulkomandy, kallisti5, waddlesplash, nielx |
| | 46 | * Though pulkomandy has indicated that after initial setup he does not want to be a permanent member of the system administration team |
| | 47 | |
| | 48 | '''Server configuration: Puppet''' |
| | 49 | * User administration is done using Puppet https://www.lennu.net/puppet-manifest-examples |
| | 50 | * In the future it could also be used for firewall rules, config files, etc. |
| | 51 | * Puppet serves both as configurator, and as documentation (for when a server needs to be rebuild) |
| | 52 | |
| | 53 | === Security/Sysadmin team |
| | 54 | * Question is how do we share critical and sensitive information |
| | 55 | * The approach was to store them on `baron` for root users |
| | 56 | * Major downside: what do you do when baron is down |
| | 57 | * Alternatives: |
| | 58 | - Share this data in the haiku-sysadmin team on Keybase (decentralized encrypted communication and fileshare) |
| | 59 | - Use the [[https://app.dashlane.com/|Dashlane service]] |
| | 60 | * nielx will do some investigating and make a proposal about the best solution on haiku-sysadmin |
| | 61 | |
| | 62 | === Containers |
| | 63 | * `kallisti5` has an overview of how infrastructure should use in his opinion https://github.com/haiku/infrastructure/blob/master/docs/haiku-infrastructure.png |
| | 64 | * Advantages of containers: all the benefits of VMs, none of the performance hits |
| | 65 | * Fewer/none VMs also mean less maintenance |
| | 66 | * Docker will be used, the configuration will be stored, shared and maintained on https://github.com/haiku/infrastructure |
| | 67 | * `kallisti5` and `jessicah` are the resident Docker experts |
| | 68 | |
| | 69 | '''Challenges of using Docker for packaging infrastructure''' |
| | 70 | * The largest challenges are with the whole package building infrastructure, because: |
| | 71 | - It has several ties with git hooks and git repositories and it relies on 'internal' communication |
| | 72 | - By nature of that it relies on external processes it is quite something to 'contain' in one container |
| | 73 | * `kallisti5` has taken some steps to look into it, but the difficulty is that the setup is still a moving target |
| | 74 | |
| | 75 | '''Why Docker?''' |
| | 76 | * Docker is a tool that helps to create, maintain and deploy containers. |
| | 77 | * They are exactly exactly that: a contained set of software, that is connected to contained data volumes. |
| | 78 | * In theory they are highly portable, one might just pick a container and its data up and deploy elsewhere. |
| | 79 | * It also means that the actual software deployments are documented in the Docker scripts |
| | 80 | * Docker-compose will be used to deploy containers to `maui`. Example for gerrit: https://github.com/haiku/infrastructure/blob/master/docker/gerrit/docker-compose.yml |
| | 81 | - Docker-compose runs all the docker commands on the server to deploy |
| | 82 | * `nielx` informed about the relation with the Dockerfile: `kallisti5` explains that this is the blueprint to build an image, and docker-compose is about deploying that image |
| | 83 | * More on Docker: https://docs.docker.com/engine/docker-overview/ |
| | 84 | |
| | 85 | '''Migration Timeline''' |
| | 86 | * It seems that vmrepo is ready to migrate within weeks |
| | 87 | * The most important services are git and cgit |
| | 88 | - `kallisti5` has been working on those, in combination with Gerrit |
| | 89 | - `nielx` asks if it is an option to first move over the git and cgit services as is, and later add/attach gerrit |
| | 90 | - kallisti5` will investigate that |
| | 91 | |
| | 92 | '''Haikudepot on vmrepo''' |
| | 93 | * `nielx` wonders about the state of Haikudepot |
| | 94 | * `waddlesplash` notes that it goes out of memory often |
| | 95 | * Can be found on github: https://github.com/aplgithub/haikudepotserver |
| | 96 | * `nielx` will contact the maintainer Andrew Lindesay |
| | 97 | |
| | 98 | '''SVN repositories on vmrepo''' |
| | 99 | * There are still two repositories hosted on http://svn.haiku-os.org/ |
| | 100 | * Both are out of use |
| | 101 | * `nielx` will have a look to see whether they need to be transferred over, or if they are somewhere permanently stored |
| | 102 | * `nielx` will also look at the mercurial repositories hosted there. |
| | 103 | |
| | 104 | === Maintaining Baron |
| | 105 | * The `maui` maintainers will do essential maintenance on baron |
| | 106 | * It has been decided that there will be no major changes to baron, but instead to focus on moving services |
