forest
/
rootsystem
1
0
フォーク 0
コード イシュー プルリクエスト プロジェクト リリース Wiki アクティビティ
server.garden privileged automation agent
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
85 コミット
1 ブランチ
0 タグ
315 KiB
 
 
 
 
 
ブランチ: master
ブランチ タグ
${ item.name }
タグ ${ searchTerm } を作成
ブランチ ${ searchTerm } を作成
'master' から
${ noResults }
forest d64269df88
add blog link to readme 		3年前
ansible-roles working on the ingress gateway 4年前
ansible-wrapper ansible-playbook error handling is working 4年前
application-modules bug fixes during demo 4年前
automation bug fixes during demo 4年前
configuration bug fixes during demo 4年前
host-key-poller adding build numbers to terraform builds 4年前
objectStorage I just realized that gofmt forces tabs instead of spaces... wow 4年前
pki bug fixes during demo 4年前
terraform-modules working on the ingress gateway 4年前
.gitignore bug fixes during demo 4年前
ReadMe.md add blog link to readme 3年前
build.sh fixing bugs and issues while testing 4年前
lock.go I just realized that gofmt forces tabs instead of spaces... wow 4年前
main.go bug fixes during demo 4年前
notes.txt working on handling ansible module errors correctly 4年前
pull.sh noodling around on svg xml preprocessing for hollywood OS display 4年前
terraformStateHandler.go adding build numbers to terraform builds 4年前

ReadMe.md

rootsystem

server.garden Privileged Automation Agent

This project is on hold for the time being.. For more information see: https://sequentialread.com/the-pragmatic-path-4-year-update-introducing-greenhouse/

Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.

Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:

  • threshold, the public-internet-facing gateway & TCP reverse tunnel
  • serviceroad, the peer-to-peer vpn
  • spigot, the consensus & leader-election service
  • caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy

Rootsystem will create one terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.

Then, it will create a terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.

In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.

Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.

mkdir -p ssh

ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519

go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go
go build -o host-key-poller/host-key-poller host-key-poller/main.go

# you will have to provide a complete config file. normally this would be provideded by seedpacket
nano config.json

go run *.go