SOWN 2020 Goals
This page details goals for SOWN in 2020.
- In early 2020 produce a new firmware release that:
- Allows us to use an unmodified OpenWRT release
- Fixes the issue with dnsmasq failing and preventing clients getting DHCP leases
- Fixes issue with multiple OpenVPN processes running
- Fixes issue with stale logread processes hanging around
- Provide production and development SOWN opkg repositories.
- Could host production one on buildroot and development one on buildroot-dev as nodes will be able to see these when connected to the VPN.
- Get all server service checks working on Icinga 2
- Remove all servers and their service checks on Sown-monitor just to leave nodes and a couple of host checks for VPN servers.
- Switchover to a ZFS backups solution
- Move nodes onto new Sown-vpn server to take load off Sown-auth2
- Provide VPN tunnels for non-node devices
- Deploy new RADIUS server (VM) to take the load off Sown-auth2
- Potentially allow FreeRADIUS to be externally accessible.
- Might be nice to make this HA in some form, with a VM on each of VMS and VMS2?
- If we're deploying multiple, write an ansible playbook to do it all
- Install new server (VMS2) to run VMs for development/testing purposes
- Deploy in Mountbatten server room with Backup2 server
- Migrate existing dev and test VMs from VMS to this new server.
- To be determined
- Replace Bind with PowerDNS
- [tds] I'm not convinced pdns gets us much over BIND, so may be worth sticking with what we have for now
- Could move it to a new server to get it off auth2 though
- Generate hosts parts of zonefiles from netbox rather than node control
- Migrate servers to new DMZ
- GW/GW2 - should be nice and easy, only used for OOB
- Auth2 - remove DMZ interface entirely, linked to VPN and RADIUS discussion above