Difference between revisions of "HZW Documentation"

From hzw wiki
Jump to navigation Jump to search
m (fixed formatting issues)
(13 intermediate revisions by 2 users not shown)
Line 7: Line 7:
  
  
==Organizational Documentation==
+
=Organizational Documentation=
  
===Chat===
+
==Chat==
 
Our primary tool for communication and coordination is [https://matrix.org/ matrix].
 
Our primary tool for communication and coordination is [https://matrix.org/ matrix].
  
Line 27: Line 27:
 
<br /></blockquote>
 
<br /></blockquote>
  
===Video Conferences===
+
==Video Conferences==
 
For means of faster communication and collaborative working we use our [https://wiki.kabelsalat.it/index.php?title=HZW_Services#Video_Conferencing video conferencing solutions], if needed.
 
For means of faster communication and collaborative working we use our [https://wiki.kabelsalat.it/index.php?title=HZW_Services#Video_Conferencing video conferencing solutions], if needed.
  
Line 34: Line 34:
 
<br />
 
<br />
  
===Coordinate projects===
+
==Coordinate projects==
 
We use kanboard to plan, coordinate and track almost all of our activities.
 
We use kanboard to plan, coordinate and track almost all of our activities.
  
Line 48: Line 48:
  
  
==Technical Documentation==
+
=Technical Documentation=
  
===Our Root Server===
+
==Our Root Server==
 
We are unsing a Root Server hosted at Strato.
 
We are unsing a Root Server hosted at Strato.
<br />
 
 
====Technical Details====
 
{| class="wikitable"
 
|+
 
!Server
 
!CPU
 
!Cores / Frequency
 
!Hard Drives
 
!RAM
 
|-
 
|Root Server
 
Linux C6-62
 
|Intel® Xeon® E5-1650v3
 
Haswell
 
|6 x 3,5 GHz
 
(max. Turbo: 3,8 GHz)
 
|2 x 2.000 GB &
 
2 x 240 GB SSD
 
|128 GB
 
DDR 4 ECC
 
|}
 
<br />
 
 
====Installed Software====
 
There is only KVM and Ansible installed on the server.
 
 
We do '''NOT''' want to have stuff running on the Server besides KVM and Ansible.
 
  
If you want to do something in the HZW environment, create a VM for it.
+
See [[HZW Root Server]] for details.
  
 
<br />
 
<br />
  
====Disks and Partitions====
+
==Monitoring==
There are 2x  ~200GB SSDs (sda/sdb) and 2 ~2TB HDDs running in RAID 1.
+
We are using Grafana as a Monitoring solution.
 
 
The Mountpoint "/boot" is on partition md0, that consists of sda1 and sdb1 (SSD).
 
 
 
The Mountpoint "/" is on partition md1, that consists of sda3 and sdb3 (SSD).
 
 
 
SPAP Space is on sda2 and sdb2.
 
 
 
The Mountpoint "/data" is on partition md2, that consists of sdc1 and sdd1 (HDD).
 
 
 
[[File:Partitions.png|frameless]]
 
 
 
  
====Network====
+
See the [[HZW Monitoring|HZW Mointoring article]] (german) for details.<br />
  
=====Interface Configuration=====
+
==Virtual Machines==
The interfaceconfig of the server is written in netplan.
+
All virtual Machines providing services (e.g. not for testing purposes) should run a linux operating system and have had the [[HZW Ansible|basic ansible playbook]] run on them.
  
/etc/netplan/01-netcfg.yaml
+
We currently support the following OS'es:
  
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST 
+
- debian{9,10}
  
=====NAT (Port Forwardings)=====
+
- centos{7,8}
We are using iptables on this server to perform NAT.
 
  
Here is a little script I wrote so you can generate a list of the currently enabled portforwardings.
+
- opensuse
  
/scripts/kvm_get_portforwardings.sh
+
== Containers ==
 +
In an attempt to more efficiently utalize the ressources of our server, we are going to deploy services using [[wikipedia:Docker_(software)|docker]].
  
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST 
+
Currently supported containers:
  
=====HA Proxy=====
+
- none
Port 80 and 443 of incomming traffic is beeing sent to a haproxy.
 
  
The Haproxy VM is documented here.
+
==Netbox==
 +
[[File:Netbox.png|thumb|Netbox]]We are using [https://netbox.kabelsalat.it Netbox] to document all physical and Logical Resources like Servers, IPs, Networks, Services, VLANs etc.
  
Haproxy is using ALCs based on the SNI Field to route the traffic to VMs in the backend.
+
[[HZW Netbox|What is Netbox?]]
  
This makes it possible multiple VMs using those ports.
 
  
This is what the haproxy configuration looks like for the site you are looking at right now:
 
  
/etc/haproxy/haproxy.cfg
 
  
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST <blockquote></blockquote>
 
  
===Virtual Machines===
 
All virtual Machines providing services (e.g. not for testing purposes) should be linux have had the basic ansible playbook run on them.
 
 
<br />
 
<br />
  
====Ansible Playbook====
+
==LDAP==
 +
[[File:Phpldapadmin.png|thumb|phpLDAPadmin]]
 +
Some of our services are LDAP integrated, the nextcloud at nc.kabelsalat.it for example.
  
 +
Our LDAP Server is based on FreeIPA and configurable via VPN at [http://192.168.122.116 http://192.168.122.116/phpopenldap]
  
'''''What is ansbile?'''''
+
The admin credentials are in the shared keepass.
  
Ansible automates tasks.
+
Official Documentation of the tool: [http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page phpldapadmin documentation]
  
It logs into a server using ssh and there runs python to do things you would otherwise have to do manually.
 
  
 +
The use is quite self explanatory, at least for the common tasks like adding users or managing group memberships.
  
'''''Why do we want ansible?'''''
 
  
The Idea of the playbook is to have a minimal Standard for all VMs.
+
You can also use the openldaptools and .ldif files to modify the ldap database.
  
 +
See: [[Openldap#Werkzeuge]]
  
'''''What will the playbook do?'''''
+
Or you can use the Linux Software [https://directory.apache.org/ Apache Directory].
  
The Plabook make the following Changes to a VM:
+
If you do, please document how to use it here.
  
* Set the hostname
 
* Create users on the VMs and install thier ssh public keys
 
* Install Telegraf
 
* Configure Telegraf to send Monitoring Information to the InfluxDB (Grafana)
 
  
  
'''How do I run the playbook?'''
+
<br />
 
 
The Ansible Playbook on the Hypervisor is located at /repos/ansible/ansible/default/
 
 
 
When installing a new VM, please add it to the inventory file unter [newinstall]
 
 
 
There you have to specify the hostname it is supposed to have and the IP Address it currently has.
 
 
 
Then run the with the following command:
 
ansible-playbook -i /repos/ansible/ansible/default/hosts /repos/ansible/ansible/default/playbook-new-server.yml
 
  
 
'''''Where can I see the playbook?'''''
 
 
<nowiki>https://cvs.kabelsalat.it/kabelsalat/ansible</nowiki>
 
 
==Guides==
 
==Guides==
 
Guide to documenting with Mediawiki
 
Guide to documenting with Mediawiki
Line 181: Line 122:
 
Guide to documenting with Kanboard
 
Guide to documenting with Kanboard
  
Guide to documenting with Netbox
+
[[How to document in Netbox|Guide to documenting with Netbox]]
<br />
+
 
 +
Also you might want to check [[:Category:HowTo|Category:HowTo]] for interesting how2's

Revision as of 15:49, 8 July 2021

Documentation. Lots of documentation.

The documentation of all things HZW has the following philosophy:

  1. General information, processes, methods and how-to's get documented in this Wiki
  2. Physical and Logical Resources like Servers, IPs, Networks, Services, VLANs etc. get documented in Netbox
  3. Projects and changes get tracked using Kanboard


Organizational Documentation

Chat

Our primary tool for communication and coordination is matrix.

To join our matrix server matrix.kabelsalat.it you need a matrix client like riot.

On this Matrix server, there is the "hzw admins" channel.


Plase report there and ask if it's ok If you make changes that have an impact.

Example:

"Hey guys, did $Something at the Database server. Can I reboot it to test it's reboot persistency?"

Answer: "No! $Important-thingy does $important-thing and cannot be disrupted right now! Wait one more hour please!"


Video Conferences

For means of faster communication and collaborative working we use our video conferencing solutions, if needed.

There are no regular hzw meetings. We get together when the need arises.


Coordinate projects

We use kanboard to plan, coordinate and track almost all of our activities.


Kanboard.png


Please open a ticket in our Kanban Board "team_hzw" if you want to:

  • report a bug
  • request a change
  • think I would be cool to have $thing (even if you don't want to spend time implementing it or don't know how to do it)


Technical Documentation

Our Root Server

We are unsing a Root Server hosted at Strato.

See HZW Root Server for details.


Monitoring

We are using Grafana as a Monitoring solution.

See the HZW Mointoring article (german) for details.

Virtual Machines

All virtual Machines providing services (e.g. not for testing purposes) should run a linux operating system and have had the basic ansible playbook run on them.

We currently support the following OS'es:

- debian{9,10}

- centos{7,8}

- opensuse

Containers

In an attempt to more efficiently utalize the ressources of our server, we are going to deploy services using docker.

Currently supported containers:

- none

Netbox

Netbox

We are using Netbox to document all physical and Logical Resources like Servers, IPs, Networks, Services, VLANs etc.

What is Netbox?




LDAP

phpLDAPadmin

Some of our services are LDAP integrated, the nextcloud at nc.kabelsalat.it for example.

Our LDAP Server is based on FreeIPA and configurable via VPN at http://192.168.122.116/phpopenldap

The admin credentials are in the shared keepass.

Official Documentation of the tool: phpldapadmin documentation


The use is quite self explanatory, at least for the common tasks like adding users or managing group memberships.


You can also use the openldaptools and .ldif files to modify the ldap database.

See: Openldap#Werkzeuge

Or you can use the Linux Software Apache Directory.

If you do, please document how to use it here.



Guides

Guide to documenting with Mediawiki

Guide to documenting with Kanboard

Guide to documenting with Netbox

Also you might want to check Category:HowTo for interesting how2's