forest
/
rootsystem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
server.garden privileged automation agent
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 Commits
1 Branch
0 Tags
315 KiB
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
forest d64269df88
add blog link to readme 		4 years ago
ansible-roles working on the ingress gateway 4 years ago
ansible-wrapper ansible-playbook error handling is working 4 years ago
application-modules bug fixes during demo 4 years ago
automation bug fixes during demo 4 years ago
configuration bug fixes during demo 4 years ago
host-key-poller adding build numbers to terraform builds 4 years ago
objectStorage I just realized that gofmt forces tabs instead of spaces... wow 4 years ago
pki bug fixes during demo 4 years ago
terraform-modules working on the ingress gateway 4 years ago
.gitignore bug fixes during demo 4 years ago
ReadMe.md add blog link to readme 4 years ago
build.sh fixing bugs and issues while testing 4 years ago
lock.go I just realized that gofmt forces tabs instead of spaces... wow 4 years ago
main.go bug fixes during demo 4 years ago
notes.txt working on handling ansible module errors correctly 4 years ago
pull.sh noodling around on svg xml preprocessing for hollywood OS display 4 years ago
terraformStateHandler.go adding build numbers to terraform builds 4 years ago

ReadMe.md

rootsystem

server.garden Privileged Automation Agent

This project is on hold for the time being.. For more information see: https://sequentialread.com/the-pragmatic-path-4-year-update-introducing-greenhouse/

Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.

Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:

  • threshold, the public-internet-facing gateway & TCP reverse tunnel
  • serviceroad, the peer-to-peer vpn
  • spigot, the consensus & leader-election service
  • caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy

Rootsystem will create one terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.

Then, it will create a terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.

In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.

Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.

mkdir -p ssh

ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519

go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go
go build -o host-key-poller/host-key-poller host-key-poller/main.go

# you will have to provide a complete config file. normally this would be provideded by seedpacket
nano config.json

go run *.go