Tails

#1 Updated by intrigeri 2015-12-15 12:11:59

• blocks Feature #9484: Deploy the monitoring setup to production added

#2 Updated by intrigeri 2015-12-15 12:12:45

• Assignee set to bertagaz
• QA Check set to Info Needed

#4 Updated by intrigeri 2015-12-15 12:14:15

• blocks Feature #8647: Install an OS on the machine that will host the production monitoring setup added

#5 Updated by intrigeri 2015-12-15 12:16:20

• Category set to Infrastructure

#6 Updated by intrigeri 2015-12-15 12:21:34

• blocks Feature #6250: Configure the lizard failover added

#7 Updated by intrigeri 2015-12-15 12:23:22

• has duplicate Feature #10245: Decide how to manage systems outside of lizard added

#8 Updated by bertagaz 2016-01-25 14:34:12

• Status changed from Confirmed to In Progress
• Assignee changed from bertagaz to intrigeri
• % Done changed from 0 to 10

Ecours will host our monitoring server. This means it won’t share any data hosted on Lizard. It will simply collect check results, present them in a readable way and notify when needed.

There are mainly three options to configure it using puppet:

Option A: Puppetmaster on Ecours, with a dedicated manifest

Add complexity with two different puppet-sync to manage, submodules to keep in sync between two different manifests, but would help to better abstract our code in submodules.

Option B: Puppetmaster on Ecours, with Lizard’s manifest

Easier to manage regarding our puppet code, which would stay in one repo only compared to previous option. But with this we won’t be able to use exported resources, which are handy to simplify the manifests. We also would have to rewrite our Lizard manifest to remove any secrets Ecours doesn’t need to store.

Option C: Puppet agent on Ecours using Lizard’s puppetmaster

This one seems a bit more easy again compared to other options (no need to rewrite Lizard’s manifest). Downside is that it asks to secure the connection between Lizard and Ecours, but this will probably also be needed with the Lizard failover system we plan to host.

I think option C would be the way to go. It would prepare us to a “near” future where we’ll have to administrate more systems, and deal with one puppetmaster only seems easier and has benefits. It here’s an agreement, the next step would be to connect Ecours to Lizard’s puppetmaster, using some VPN solution. I’d go for tinc, which is quite easy to deploy compared to more complete solutions like strongswan

#9 Updated by intrigeri 2016-01-26 15:01:06

• Target version changed from Tails_2.0 to Tails_2.2

#10 Updated by intrigeri 2016-02-05 16:22:15

• Status changed from In Progress to Resolved
• QA Check changed from Info Needed to Pass

> There are mainly three options to configure it using puppet:

Thanks for the summary!

> I think option C would be the way to go. It would prepare us to a “near” future where we’ll have to administrate more systems, and deal with one puppetmaster only seems easier and has benefits.

Agreed, let’s do that.

> It here’s an agreement, the next step would be to connect Ecours to Lizard’s puppetmaster, using some VPN solution. I’d go for tinc, which is quite easy to deploy compared to more complete solutions like strongswan

Fine with me. I’ll let you create a subtask of Feature #5734 to track this.

#11 Updated by intrigeri 2016-02-05 16:23:45

• Assignee deleted (intrigeri)
• % Done changed from 10 to 100

#13 Updated by bertagaz 2016-02-09 11:41:48

• related to Feature #11094: Deploy a VPN between the monitoring host and Lizard added