server.garden privileged automation agent

forest a4034f9cb0 bug fixes during demo 3 months ago
ansible-roles 4e6fc20c52 working on the ingress gateway 3 months ago
ansible-wrapper 8b1ff6386e ansible-playbook error handling is working 5 months ago
application-modules a4034f9cb0 bug fixes during demo 3 months ago
automation a4034f9cb0 bug fixes during demo 3 months ago
configuration a4034f9cb0 bug fixes during demo 3 months ago
host-key-poller 6d334e5a3b adding build numbers to terraform builds 5 months ago
objectStorage 2b035a0750 I just realized that gofmt forces tabs instead of spaces... wow 5 months ago
pki a4034f9cb0 bug fixes during demo 3 months ago
terraform-modules 4e6fc20c52 working on the ingress gateway 3 months ago
.gitignore a4034f9cb0 bug fixes during demo 3 months ago
ReadMe.md 4c12341b9b working on handling ansible module errors correctly 5 months ago
build.sh b65f215458 fixing bugs and issues while testing 4 months ago
lock.go 2b035a0750 I just realized that gofmt forces tabs instead of spaces... wow 5 months ago
main.go a4034f9cb0 bug fixes during demo 3 months ago
notes.txt 4c12341b9b working on handling ansible module errors correctly 5 months ago
pull.sh 25fd1cb314 noodling around on svg xml preprocessing for hollywood OS display 5 months ago
terraformStateHandler.go 6d334e5a3b adding build numbers to terraform builds 5 months ago

ReadMe.md

rootsystem

server.garden Privileged Automation Agent

mkdir -p ssh

ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519

go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go
go build -o host-key-poller/host-key-poller host-key-poller/main.go

# you will have to provide a complete config file. normally this would be provideded by seedpacket
nano config.json

go run *.go

Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.

Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:

  • threshold, the public-internet-facing gateway & TCP reverse tunnel
  • serviceroad, the peer-to-peer vpn
  • spigot, the consensus & leader-election service
  • caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy

Rootsystem will create one terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.

Then, it will create a terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.

In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.

Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.