Difference between revisions of "SOWN 2020 Goals"

From SOWNWiki
Jump to: navigation, search
(RADIUS)
m (Server Infrastructure)
 
Line 31: Line 31:
 
== Server Infrastructure ==
 
== Server Infrastructure ==
 
* Install new server (VMS2) to run VMs for development/testing purposes
 
* Install new server (VMS2) to run VMs for development/testing purposes
** Deploy in Mountbatten server room with [[Backup3]] server
+
** Deploy in Mountbatten server room with [[Backup2]] server
 
** Migrate existing dev and test VMs from VMS to this new server.
 
** Migrate existing dev and test VMs from VMS to this new server.
  

Latest revision as of 20:12, 1 January 2020

This page details goals for SOWN in 2020.

Node Firmware

  • In early 2020 produce a new firmware release that:
    • Allows us to use an unmodified OpenWRT release
    • Fixes the issue with dnsmasq failing and preventing clients getting DHCP leases
    • Fixes issue with multiple OpenVPN processes running
    • Fixes issue with stale logread processes hanging around
  • Provide production and development SOWN opkg repositories.
    • Could host production one on buildroot and development one on buildroot-dev as nodes will be able to see these when connected to the VPN.

Monitoring

  • Get all server service checks working on Icinga 2
  • Remove all servers and their service checks on Sown-monitor just to leave nodes and a couple of host checks for VPN servers.

Backups

  • Switchover to a ZFS backups solution


VPN

  • Move nodes onto new Sown-vpn server to take load off Sown-auth2
  • Provide VPN tunnels for non-node devices

RADIUS

  • Deploy new RADIUS server (VM) to take the load off Sown-auth2
    • Potentially allow FreeRADIUS to be externally accessible.
    • Might be nice to make this HA in some form, with a VM on each of VMS and VMS2?
      • If we're deploying multiple, write an ansible playbook to do it all

Server Infrastructure

  • Install new server (VMS2) to run VMs for development/testing purposes
    • Deploy in Mountbatten server room with Backup2 server
    • Migrate existing dev and test VMs from VMS to this new server.

NetBox

  • To be determined

DNS

  • Replace Bind with PowerDNS
    • [tds] I'm not convinced pdns gets us much over BIND, so may be worth sticking with what we have for now
    • Could move it to a new server to get it off auth2 though
  • Generate hosts parts of zonefiles from netbox rather than node control

DMZ

  • Migrate servers to new DMZ
    • GW/GW2 - should be nice and easy, only used for OOB
    • WWW/MARCONI
    • Auth2 - remove DMZ interface entirely, linked to VPN and RADIUS discussion above