server.garden privileged automation agent
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
forest d64269df88 add blog link to readme 4 months ago
ansible-roles working on the ingress gateway 9 months ago
ansible-wrapper ansible-playbook error handling is working 10 months ago
application-modules bug fixes during demo 9 months ago
automation bug fixes during demo 9 months ago
configuration bug fixes during demo 9 months ago
host-key-poller adding build numbers to terraform builds 10 months ago
objectStorage I just realized that gofmt forces tabs instead of spaces... wow 10 months ago
pki bug fixes during demo 9 months ago
terraform-modules working on the ingress gateway 9 months ago
.gitignore bug fixes during demo 9 months ago
ReadMe.md add blog link to readme 4 months ago
build.sh fixing bugs and issues while testing 9 months ago
lock.go I just realized that gofmt forces tabs instead of spaces... wow 10 months ago
main.go bug fixes during demo 9 months ago
notes.txt working on handling ansible module errors correctly 10 months ago
pull.sh noodling around on svg xml preprocessing for hollywood OS display 10 months ago
terraformStateHandler.go adding build numbers to terraform builds 10 months ago

ReadMe.md

rootsystem

server.garden Privileged Automation Agent

This project is on hold for the time being.. For more information see: https://sequentialread.com/the-pragmatic-path-4-year-update-introducing-greenhouse/


Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.

Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:

  • threshold, the public-internet-facing gateway & TCP reverse tunnel
  • serviceroad, the peer-to-peer vpn
  • spigot, the consensus & leader-election service
  • caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy

Rootsystem will create one terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.

Then, it will create a terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.

In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.

Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.

mkdir -p ssh

ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519

go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go
go build -o host-key-poller/host-key-poller host-key-poller/main.go

# you will have to provide a complete config file. normally this would be provideded by seedpacket
nano config.json

go run *.go