Difference between revisions of "Educaship Proxmox"
(→Double Objective) |
(→Storage Distributed in VM Clusters) |
||
| (51 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | [[Educaship Proxmox]] (hereinafter, [[#The | + | [[Educaship Proxmox]] (hereinafter, [[#The Cloud]]) is the combination of [[ProxmoxVE]] instances, those software packages that support them, as well as complete documentation for all of them that students and other customers of [[Educaship]] may utilize in their vocational skills and career development. |
| − | == | + | ==Triple Objective== |
| − | [[#The | + | [[#The Cloud]] shall serve three objectives, from which (a) the [[#Technology Stack]] and (b) [[#Learning Resource]] are primary and important equally. |
| − | === | + | ===Technology Stack=== |
| − | : [[#The | + | : [[#The Cloud]] shall technologically support functionality, usability, reliability, performance, security, scalability, and user satisfaction of [[Opplet]], which is the technology where the [[end-user]]s are served. |
===Learning Resource=== | ===Learning Resource=== | ||
| − | : [[#The | + | : [[#The Cloud]] shall be a collection of learning resources for those customers who would like to learn and have a work-alike practice. Specifically, that means that [[#The Cloud]] shall: |
| − | :# | + | :# '''Be fully documented''' at the [[CNM Lab]] for those students who have a work-alike practice. |
| − | :# | + | :# '''Be well-documented''' without security-sensitive details at the [[CNMCyber.com]] for those students who would like to learn about [[#The Cloud]]. |
| + | :# '''Use various software'''; the students shall have opportunities to practice with as many popular [[COTS]] open-source packages as possible. | ||
| + | |||
| + | ===Marketing Material=== | ||
| + | : [[#The Cloud]] shall be used as material in marketing of [[Educaship]] products. Particularly, we plan to introduce events such as "Guided Tour to CNM Cloud" and "State of CNM Cloud". | ||
==Instances== | ==Instances== | ||
| − | Currently, [[#The | + | Currently, [[#The Cloud]] consists of the [[#Federated VE]] and one [[#Peripheral VE]]. [[#We]] will consider [[#Adding More VEs]] when such a need emerges. |
===Federated VE=== | ===Federated VE=== | ||
| − | : The federated part of [[#The | + | : The federated part of [[#The Cloud]] is called [[CNM Bureau Farm]] and is based on three metal servers of [[Bureau Infrastructure]]. It utilizes <code>ha-manager</code> and [[Ceph]] storage. |
===Peripheral VE=== | ===Peripheral VE=== | ||
| − | : The peripheral part of [[#The | + | : The peripheral part of [[#The Cloud]] is called [[CNM Lab Farm]] and is based on one metal server of [[Lab Infrastructure]]. |
===Adding More VEs=== | ===Adding More VEs=== | ||
: When [[#We]] need more resources, [[#We]] plan to add more instances similar to [[#Peripheral VE]] to the [[#Federated VE]]. | : When [[#We]] need more resources, [[#We]] plan to add more instances similar to [[#Peripheral VE]] to the [[#Federated VE]]. | ||
| − | ==Projects== | + | ==Functionality Projects== |
| − | ===Jitsi | + | ===Jitsi Functionality=== |
| − | : Jitsi software is | + | : [[Educaship Jitsi]], which is [[Jitsi]] software deployed at [[Opplet]], is used for webconferencing. Currently, we use some instance outside of [[#The Cloud]] because of challenges as follows. We have multiple Jitsi installations, one of which is in Docker. In this installation, there is no sound at all. Also, when updating Docker, a conference is not created. |
| − | ===Openness to the | + | ===Openness to the World=== |
| − | : To utilize pfSense better, we consider clustering VMs at [[#Peripheral VE]] and placing [[HAProxy]] and similar proxies behind pfSense on the [[#Federated VE]]. | + | : [[Educaship pfSense]], which is [[pfSense]] software deployed at [[Opplet]], is used as a [[firewall]] at [[#Federated VE]]. To utilize pfSense better, we consider clustering VMs at [[#Peripheral VE]] and placing [[HAProxy]] and similar proxies behind pfSense on the [[#Federated VE]]. |
: We are experiencing some issues obtaining SSL certificates for our sites running behind Pfsense. Due to the absence of the certificate, the service becomes completely unavailable. | : We are experiencing some issues obtaining SSL certificates for our sites running behind Pfsense. Due to the absence of the certificate, the service becomes completely unavailable. | ||
| − | === | + | ===VM Automation=== |
| − | : We | + | : We would like [[#Peripheral VE]] and [[#Peripheral VE]] only to create a VM for each VM customer automatically. In some cases, we have used Ansible. For that purpose, we tentatively plan to establish [[Educaship Ansible]] and [[Educaship Terraform]]. However, we are open to any other solution as well. |
| − | === | + | ==Storage Projects== |
| − | : We would | + | ===Backup and Recovery Design=== |
| + | : We also consider advancing the whole enterprise-wide backup and recovery system, which possibly, would be called [[Opplet Backup]]. | ||
| − | === | + | ===Backup and Recovery Tools=== |
| − | : | + | : For backups and recovery, |
| + | :* [[Educaship Proxmox Backup]], which is [[Proxmox Backup Server]] software deployed at [[Opplet]], is used at [[#Federated VE]]. | ||
| + | :* [[Educaship RAID]], which is [[RAID]] software deployed at [[Opplet]], is used at [[#Peripheral VE]]. | ||
| − | ===Security=== | + | ===File Storage, Library, or Repository=== |
| + | : Our various applications may utilize the same files. We are looking for a solution for these websites' files to have a shared storage or library. We tried GlusterFS, but it seemed too slow to us. We copied the files to this storage for almost a week, and as a result, the website did not work. | ||
| + | |||
| + | : We envision that the solution will play a role similar to the role of Wikimedia Commons. The Commons is a media repository of images, sounds, videos and other media that various Wikimedia Foundation projects use. | ||
| + | |||
| + | ===Storage Distributed in VM Clusters=== | ||
| + | : We are looking for solutions for distributed storage available to those applications that are installed on those VMs that are clustered on the [[#Peripheral VE]]. We have several applications such as [[Educaship Moodle]] or [[Educaship MediaWiki]] that use [[Educaship MariaDB]]; their databases are combined in a Galera Cluster, which more or less satisfies our needs. We would like to explore other options and find solutions for those applications such as [[Educaship GitLab]] that don't use [[Educaship MariaDB]]. | ||
| + | |||
| + | ==Service Projects== | ||
| + | |||
| + | ===Monitoring Design=== | ||
| + | : We consider advancing the whole enterprise-wide monitoring system, which possibly, would be called [[Opplet Monitor]]. | ||
| + | |||
| + | : Particularly, we would like to decide where to locate monitoring tools -- (a) on [[#Federated VE]], (b) on [[#Peripheral VE]], (c) outside of the servers that serve [[#The Cloud]], or (d) some combination of something above. | ||
| + | |||
| + | ===Monitoring Tools=== | ||
| + | : Our current monitoring doesn't satisfy us. We use [[Educaship Grafana]] for Proxmox. We would like to add several servers that do not use Proxmox, configure communication channels, and expand monitoring according to our tasks. We would also like to add [[Educaship Zabbix]] and [[Educaship Nagios]]. | ||
| + | |||
| + | ===Security Outline=== | ||
: Our security outline shall be reviewed and improved. | : Our security outline shall be reviewed and improved. | ||
| − | |||
| − | |||
| − | |||
==See also== | ==See also== | ||
[[Category:CNM COTS products]] | [[Category:CNM COTS products]] | ||
Latest revision as of 19:37, 2 May 2024
Educaship Proxmox (hereinafter, #The Cloud) is the combination of ProxmoxVE instances, those software packages that support them, as well as complete documentation for all of them that students and other customers of Educaship may utilize in their vocational skills and career development.
Contents
Triple Objective
#The Cloud shall serve three objectives, from which (a) the #Technology Stack and (b) #Learning Resource are primary and important equally.
Technology Stack
- #The Cloud shall technologically support functionality, usability, reliability, performance, security, scalability, and user satisfaction of Opplet, which is the technology where the end-users are served.
Learning Resource
- #The Cloud shall be a collection of learning resources for those customers who would like to learn and have a work-alike practice. Specifically, that means that #The Cloud shall:
- Be fully documented at the CNM Lab for those students who have a work-alike practice.
- Be well-documented without security-sensitive details at the CNMCyber.com for those students who would like to learn about #The Cloud.
- Use various software; the students shall have opportunities to practice with as many popular COTS open-source packages as possible.
Marketing Material
- #The Cloud shall be used as material in marketing of Educaship products. Particularly, we plan to introduce events such as "Guided Tour to CNM Cloud" and "State of CNM Cloud".
Instances
Currently, #The Cloud consists of the #Federated VE and one #Peripheral VE. #We will consider #Adding More VEs when such a need emerges.
Federated VE
- The federated part of #The Cloud is called CNM Bureau Farm and is based on three metal servers of Bureau Infrastructure. It utilizes
ha-managerand Ceph storage.
Peripheral VE
- The peripheral part of #The Cloud is called CNM Lab Farm and is based on one metal server of Lab Infrastructure.
Adding More VEs
- When #We need more resources, #We plan to add more instances similar to #Peripheral VE to the #Federated VE.
Functionality Projects
Jitsi Functionality
- Educaship Jitsi, which is Jitsi software deployed at Opplet, is used for webconferencing. Currently, we use some instance outside of #The Cloud because of challenges as follows. We have multiple Jitsi installations, one of which is in Docker. In this installation, there is no sound at all. Also, when updating Docker, a conference is not created.
Openness to the World
- Educaship pfSense, which is pfSense software deployed at Opplet, is used as a firewall at #Federated VE. To utilize pfSense better, we consider clustering VMs at #Peripheral VE and placing HAProxy and similar proxies behind pfSense on the #Federated VE.
- We are experiencing some issues obtaining SSL certificates for our sites running behind Pfsense. Due to the absence of the certificate, the service becomes completely unavailable.
VM Automation
- We would like #Peripheral VE and #Peripheral VE only to create a VM for each VM customer automatically. In some cases, we have used Ansible. For that purpose, we tentatively plan to establish Educaship Ansible and Educaship Terraform. However, we are open to any other solution as well.
Storage Projects
Backup and Recovery Design
- We also consider advancing the whole enterprise-wide backup and recovery system, which possibly, would be called Opplet Backup.
Backup and Recovery Tools
- For backups and recovery,
- Educaship Proxmox Backup, which is Proxmox Backup Server software deployed at Opplet, is used at #Federated VE.
- Educaship RAID, which is RAID software deployed at Opplet, is used at #Peripheral VE.
File Storage, Library, or Repository
- Our various applications may utilize the same files. We are looking for a solution for these websites' files to have a shared storage or library. We tried GlusterFS, but it seemed too slow to us. We copied the files to this storage for almost a week, and as a result, the website did not work.
- We envision that the solution will play a role similar to the role of Wikimedia Commons. The Commons is a media repository of images, sounds, videos and other media that various Wikimedia Foundation projects use.
Storage Distributed in VM Clusters
- We are looking for solutions for distributed storage available to those applications that are installed on those VMs that are clustered on the #Peripheral VE. We have several applications such as Educaship Moodle or Educaship MediaWiki that use Educaship MariaDB; their databases are combined in a Galera Cluster, which more or less satisfies our needs. We would like to explore other options and find solutions for those applications such as Educaship GitLab that don't use Educaship MariaDB.
Service Projects
Monitoring Design
- We consider advancing the whole enterprise-wide monitoring system, which possibly, would be called Opplet Monitor.
- Particularly, we would like to decide where to locate monitoring tools -- (a) on #Federated VE, (b) on #Peripheral VE, (c) outside of the servers that serve #The Cloud, or (d) some combination of something above.
Monitoring Tools
- Our current monitoring doesn't satisfy us. We use Educaship Grafana for Proxmox. We would like to add several servers that do not use Proxmox, configure communication channels, and expand monitoring according to our tasks. We would also like to add Educaship Zabbix and Educaship Nagios.
Security Outline
- Our security outline shall be reviewed and improved.
