HZW Documentation
The documentation of all things HZW has the following philosophy:
- General information, processes, methods and how-to's get documented in this Wiki
- Physical and Logical Resources like Servers, IPs, Networks, Services, VLANs etc. get documented in Netbox
- Projects and changes get tracked using Kanboard
Organizational Documentation
Chat
Our primary tool for communication and coordination is matrix.
To join our matrix server matrix.kabelsalat.it you need a matrix client like riot.
On this Matrix server, there is the "hzw admins" channel.
Plase report there and ask if it's ok If you make changes that have an impact.
Example:
"Hey guys, did $Something at the Database server. Can I reboot it to test it's reboot persistency?"
Answer: "No! $Important-thingy does $important-thing and cannot be disrupted right now! Wait one more hour please!"
Video Conferences
For means of faster communication and collaborative working we use our video conferencing solutions, if needed.
There are no regular hzw meetings. We get together when the need arises.
Coordinate projects
We use kanboard to plan, coordinate and track almost all of our activities.
Please open a ticket in our Kanban Board "team_hzw" if you want to:
- report a bug
- request a change
- think I would be cool to have $thing (even if you don't want to spend time implementing it or don't know how to do it)
Technical Documentation
Our Root Server
We are unsing a Root Server hosted at Strato.
Technical Details
Server | CPU | Cores / Frequency | Hard Drives | RAM |
---|---|---|---|---|
Root Server
Linux C6-62 |
Intel® Xeon® E5-1650v3
Haswell |
6 x 3,5 GHz
(max. Turbo: 3,8 GHz) |
2 x 2.000 GB &
2 x 240 GB SSD |
128 GB
DDR 4 ECC |
Installed Software
There is only KVM and Ansible installed on the server.
We do NOT want to have stuff running on the Server besides KVM and Ansible.
If you want to do something in the HZW environment, create a VM for it.
Disks and Partitions
There are 2x ~200GB SSDs (sda/sdb) and 2 ~2TB HDDs running in RAID 1.
The Mountpoint "/boot" is on partition md0, that consists of sda1 and sdb1 (SSD).
The Mountpoint "/" is on partition md1, that consists of sda3 and sdb3 (SSD).
SPAP Space is on sda2 and sdb2.
The Mountpoint "/data" is on partition md2, that consists of sdc1 and sdd1 (HDD).
Network
Interface Configuration
The interfaceconfig of the server is written in netplan.
/etc/netplan/01-netcfg.yaml
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST
NAT (Port Forwardings)
We are using iptables on this server to perform NAT.
Here is a little script I wrote so you can generate a list of the currently enabled portforwardings.
/scripts/kvm_get_portforwardings.sh
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST
HA Proxy
Port 80 and 443 of incomming traffic is beeing sent to a haproxy.
The Haproxy VM is documented here.
Haproxy is using ALCs based on the SNI Field to route the traffic to VMs in the backend.
This makes it possible multiple VMs using those ports.
This is what the haproxy configuration looks like for the site you are looking at right now:
/etc/haproxy/haproxy.cfg
CONTENT KOMMT, WENN DIE OFFENE KARTE https://kb.kabelsalat.it/?controller=TaskViewController&action=show&task_id=443&project_id=14 ERLEDIGT IST
Virtual Machines
All virtual Machines providing services (e.g. not for testing purposes) should be linux have had the basic ansible playbook run on them.
Ansible Playbook
What is ansbile?
Ansible automates tasks.
It logs into a server using ssh and there runs python to do things you would otherwise have to do manually.
Why do we want ansible?
The Idea of the playbook is to have a minimal Standard for all VMs.
What will the playbook do?
The Plabook make the following Changes to a VM:
- Set the hostname
- Create users on the VMs and install thier ssh public keys
- Install Telegraf
- Configure Telegraf to send Monitoring Information to the InfluxDB (Grafana)
How do I run the playbook?
The Ansible Playbook on the Hypervisor is located at /repos/ansible/ansible/default/
When installing a new VM, please add it to the inventory file unter [newinstall]
There you have to specify the hostname it is supposed to have and the IP Address it currently has.
Then run the with the following command:
ansible-playbook -i /repos/ansible/ansible/default/hosts /repos/ansible/ansible/default/playbook-new-server.yml
Where can I see the playbook?
https://cvs.kabelsalat.it/kabelsalat/ansible
Guides
Guide to documenting with Mediawiki
Guide to documenting with Kanboard
Guide to documenting with Netbox