diff options
Diffstat (limited to 'content/writeups/lockdown-chapter-2.md')
-rw-r--r-- | content/writeups/lockdown-chapter-2.md | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/content/writeups/lockdown-chapter-2.md b/content/writeups/lockdown-chapter-2.md new file mode 100644 index 0000000..9e462c6 --- /dev/null +++ b/content/writeups/lockdown-chapter-2.md @@ -0,0 +1,88 @@ ++++ +title = "Lockdown chapter 2" +date = 2020-11-10 ++++ + +## ansible + +For this lockdown part. 2, it makes sense to run my internal servers and +infrastructure 24/7, so I can monitor the stress load and continously deploy +and provision my services between two stupid courses or useless java exercises. + +I was already using Ansible for small tasks such as updating everything at once, +or generating git/syncthing/ssh configuration. This time I refactored my use of +Ansible, using +[best practices](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html). + +Previously, my inventory was generated from an external YAML, but why should I +keep an additional layer of abstraction that adds nothing but complicated +infrastructure management ? Therefore, I refactored all my hosts, services and +meta details in the inventory file in YAML format. Yes, it does make my roles +and scripts more dependent to my specific inventory, but I can describe per-host +services and use dynamically loaded roles. + +## stack + +My main server running OpenBSD, using Docker is not possible. I have seen some +guys on Internet running Docker on an Alpine vm, but it adds two level of +abstraction, and I dont like cluttering my system with too many complex and +exotic setup when not needed. + +Therefore, I have my own Ansible roles and playbooks for deploying Alpine or +OpenBSD iso on my hypervisor. Each services/type of services will leave in a +virtual machine, allowing me to backup disk images or making snapshots thanks +to qcow2. + +> After tinkering around with vmm, it gaves me poor results for realtime needs +> in virtual machine (such as minecraft, factorio, ...) due to a high number +> of cpu interruptions. +> +> I then went with freebsd and bhyve. + +``` ++-------------------+ +| domain controller | +| * openbsd | +| * ^irtual | ++-------------------+ + ^ + | + v ++--------+----------+ +| lan router | +| * ddwrt | +| * physical | ++--------+----------+ + ^ + | + v ++--------+----------+ +| 24 ports switch | +| * fiber ports | ++--------+-+-+------+ + ^ | | + | | +--------------------------------------------------------------------+ + | +-------------------------------------------------+ | + v v v ++--------+--------------------------------------+ +--------+---------+ +------+---------+ +| | | workstation | | laptop | +| Dell poweredge R710 | | * archlinux | | * archlinux | +| * 48GB ram | | * btrfs | | # encrypted | +| * freebsd /openbsd/ (ssd disk) | * encrypted | | | +| | +------------------+ +----------------+ +| +------------+ +------------+ +-------------+ | +| | vm0 | | vm1 | | vm/n | | +| | * alpine | | * alpine | | * openbsd \ | | +| | | | | | alpine \ | | +| | | | | | ... | | +| +------------+ +------------+ +-------------+ | +| | ++-----------------------------------------------+ +``` + +## grafana + +<img class="wide-3 shadow-1" src="/images/grafana_01.jpg"> + +Thanks to ansible, I wrote roles for deploying grafana on a virtual machines, +then for deploying *prometheus* and *node_exporter* on all my servers. |