You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Generate snapshots on Exoscale Digital Ocean providerscripts/server/MonitorForSnapshotGenerated.sh (need to review how to generate snapshots and build machines from snapshots on Exoscale and follow that process) Is the snapshot private? Can test the process without deploying on a regular machine with the name "webserver"
Test and solid up the snapshot and application/database update
3 New configuration styles on wordpress, drupal, and moodle
Why is there set -x output at the beginning of the script - looks untidy
only do native firewall at end of build if its not a snapshot simply add the machine to the firewalls that existed from the regular build
fingerprint thing just before templates
Over Christmas
Error messages and repeat attempts for datastore methods on build machine
Clean up utilities directories with new directories for config scripts
Document all runtime directories and what each filetype does and the directory structure of runtime data on build machine
January
document backups and snapshots and baselines
update and test snapshots for exo and digitalocean
Put in option for multiple region backups.
updates to snapshots built machines do that snapshot can be built for Drupal and then deployed for joomla etc
explain what needs to stay the same in template and what can change when deploying a snapshot. Can change SMTP but not we server type. Maybe call reconfigure webserver to install new webserver config for new application type
Strip out other snapshotting but only once the new snapshotting has been tested
Allow number_ws to be 5 and build them all initially. Set the default number of webservers in the datastore to be number_ws
Do daily reboot on each machine type at 3:29 AM
${HOME}/providerscripts/utilities/UpdateInfrastructure.sh
${HOME}/providerscripts/utilities/UpdateSoftware.sh + reboot every day
Ssl for each provider dbaas Getting DbaaS hostname on build machine for digital ocean needs jq Check that manual dbaas setting works
Review s3fs caching. Implement Vultr filesystem.
authorisation mechanism
Multi region deployments
Final testing
Review all documentation
Reformat all script files
Review docs/tutorial
encapsulation by reading values from env file within locally scoped functions
weeks time
build machine VPC check for each provider with BUILD_MACHINE_VPC=1 and build machine not attached to a VPC and attached to a VPC and check that the build script picks up both conditions correctly scale up to 5 and back down again for each one.
Linode managed database see if can make it use ipv6 address instead of the hostname string
weeks time
Check if can get SSL certificate for each managed DB and install it on the webservers. If can, then, implement TLS certificates for joomla etc.
Check if can get DBaaS certificate from DBaaS and does the certificate need to be checked for expiration.
Look into Cunofs (compact S3fs goofys into datastoremount in build styles and add cunofs with license key to datadtire file). Maybe look into rclone as well.
What about making entire webroot mounted using S3fs? Perdost assets to datadtire = 3 then mount S3fs as /var/www/html before application is installed????
Multiple providers - have a template VAR NO_ACTIVE_REGIONS to divide up total number of web servers
When calling trusted DbaaS IP addresses get ips from the DNS system? Can list up addresses from dbaas and check them against DNS IP addresses and if there are different add the IP address to the trusted IP addresses in the dbaas
When adding ip to DNS get ips in DNS and add the IP that is being newly added and adjust DbaaS firewall
Tightdbaasfirewall two versions, multi region and single region. Single region as is. Multi region use the IP addresses from the DNS system
Dec - authentication server + multi provider webservers to DBaaS setup for resilience
Authentication server
Deploy webserver without and install authorisation server baseline but call the authorisation server authserver not webserver
Authorisation server PHP file displays welcome page and asks for the users domain verified email address.
If the user provides a domain verified email address, send them a one time link to a php file and generate a php file that will write their IP address to the file system. Every 2 seconds, check for newly authorised IP addresses and for each newly authorised IP address get list of current web servers and SSH onto each of them updating firewall to allow connections from newly authorised IP address.
Kero list of authorised IP addresses on authorisation server as well as list of current webservers.
Copy list of authorised client IP addresses to each webserver and have Setup firewall check for new authorised IP addresses maybe run setup firewall in each webserver from Auth server
Every minute check for new webservers and if a new webservers is found ssh onto it and if WEBSERVER_READY exists enable the list of authorised ips on that webserver.
Multi-host-deploy ??? - strip out bastion from from docs
Dynamic scaling - monitors on each webserver and write the load to the datastore and aggregate the load values on the autoscaler/s and scale up according to some metric of how many new machines to scale to
See if can do snasphots by remembering SERVER_USERNAME and SERVER_PASSWORD and reusing them from the template. ssh public key in template as well and purge ip addresses on the machines - just try it out and see if it works
format scripts open vi and immediately do gg=G and the script will be formatted nicely
The text was updated successfully, but these errors were encountered:
To do Checklist
Next Week
3 New configuration styles on wordpress, drupal, and moodle
Over Christmas
January
${HOME}/providerscripts/utilities/UpdateInfrastructure.sh
${HOME}/providerscripts/utilities/UpdateSoftware.sh + reboot every day
https://www.digitalocean.com/community/tutorials/automate-the-creation-of-vpc-mesh-networks
https://scotthelme.co.uk/heres-another-free-ca-as-an-alternative-to-lets-encrypt/
Document/review maintenance mode
Ssl for each provider dbaas Getting DbaaS hostname on build machine for digital ocean needs jq Check that manual dbaas setting works
Review s3fs caching. Implement Vultr filesystem.
authorisation mechanism
Multi region deployments
Final testing
Review all documentation
Reformat all script files
Review docs/tutorial
encapsulation by reading values from env file within locally scoped functions
weeks time
build machine VPC check for each provider with BUILD_MACHINE_VPC=1 and build machine not attached to a VPC and attached to a VPC and check that the build script picks up both conditions correctly scale up to 5 and back down again for each one.
Linode managed database see if can make it use ipv6 address instead of the hostname string
weeks time
Check if can get SSL certificate for each managed DB and install it on the webservers. If can, then, implement TLS certificates for joomla etc.
Check if can get DBaaS certificate from DBaaS and does the certificate need to be checked for expiration.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/mountpoint-installation.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/mountpoint-usage.html
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html
S3fs -o ensure_diskfree -o use_cache
What about making entire webroot mounted using S3fs? Perdost assets to datadtire = 3 then mount S3fs as /var/www/html before application is installed????
January - look into authentication server
https://www.digitalocean.com/blog/announcing-global-load-balancer-beta
Multiple providers - have a template VAR NO_ACTIVE_REGIONS to divide up total number of web servers
When calling trusted DbaaS IP addresses get ips from the DNS system? Can list up addresses from dbaas and check them against DNS IP addresses and if there are different add the IP address to the trusted IP addresses in the dbaas
When adding ip to DNS get ips in DNS and add the IP that is being newly added and adjust DbaaS firewall
Tightdbaasfirewall two versions, multi region and single region. Single region as is. Multi region use the IP addresses from the DNS system
Dec - authentication server + multi provider webservers to DBaaS setup for resilience
Multi-host-deploy ??? - strip out bastion from from docs
Dynamic scaling - monitors on each webserver and write the load to the datastore and aggregate the load values on the autoscaler/s and scale up according to some metric of how many new machines to scale to
/usr/bin/sar 1 1 | /usr/bin/tail -n -1 | /usr/bin/awk '{print $NF}' | /usr/bin/xargs printf "%.*f\n" "$p"
See if can do snasphots by remembering SERVER_USERNAME and SERVER_PASSWORD and reusing them from the template. ssh public key in template as well and purge ip addresses on the machines - just try it out and see if it works
format scripts open vi and immediately do gg=G and the script will be formatted nicely
The text was updated successfully, but these errors were encountered: