[SAC] OSGeo4 status

Regina Obe lr at pcorp.us
Sat Aug 31 01:48:53 PDT 2019 

On Sat, Aug 31, 2019 at 03:39:33AM -0400, Regina Obe wrote:
> 3) I added osgeo7 as a remote host on osgeo4.  
> 
> You'll see it listed if you do
> 
> lxc remote list

> I don't see osgeo7 remote from osgeo4, nor osgeo4 from osgeo7

Well osgeo4 you wouldn't see from osgeo7 since I didn't add it as a remote, but that's probably good to do.

Hmm it seems it's a privilege problem as I had added the remote under root.  Not sure how I setup osgeo7 - I wonder if I had installed lxd under tech_dev account on osgeo7

Try:

sudo lxc remote list

and you should see it then

>> 4) I created a new container using osgeo7 ldap image -- I called it 
>> dmz for now (not sure that's the best name) Using below command:
>> lxc launch osgeo7:debian9-base-ldap-ssh dmz
>> 
>> This is the container I will expose the port 22 on and will be the 
>> only one with that port exposed - similar to how download.osgeo.org is 
>> used on osgeo7
>> 
>> Let me know what name you would prefer and also what we should make the DNS.

> Can we access _all_ containers from that host ?
You mean like if we call is osgeo4.osgeo.org port 22 (that would go to the hop container I am thinking)
And you would be able to ssh to all containers you have permissions to using the same hop setup we have on download.osgeo.org

> How about "hop", "jump" or "bastion" ? (I prefer short names, so I vote for "hop").
dmz is as short as hop but I'm okay with that :)
More importantly what should the domain name be or is osgeo4.osgeo.org just fine but kinda confusing as it doesn't put you in the host itself but a container


> 5) I setup nginx container which I called osgeo4-nginx (so not to be 
> confused with the osgeo7 one, as that one I'd probably have a nightly 
> snapshot of it in a stopped state)

> Can we have aliases, so like "prod-nginx" for the live one and "backup-nginx" or some better name for the hot-swap ?

Something about having prod in front of containers seems annoying to me. Especially when you ask "what is prod"

The script I put together -- I restore a backup of osgeo7 container as <container-name>-backup  
So osgeo7 nginx comes over as nginx-backup.

With the idea being that if any disaster happens we rename nginx-backup -> nginx (with its own ip)
All the -backup get the -backup removed so that all the configs we have in nginx container just work  

The  nginx-osgeo4 is business as usual keeps proxying the containers its already set to proxy and no conflict with the nginx from osgeo7

Eventually we might want to consider VLANING the 2 networks but I didn't really want to mix the 2 that much - have osgeo4 beholden to osgeo7 or osgeo7 beholden to osgeo4 aside from basic disaster recovery.
>From reading it sounded like we'd need to set one to be the DNS/DHCP assigner so we have a single local dns to access all the containers from either.


>> 6) I shut off the wordpess-dev on osgeo7 and copied it over to osgeo4.  
>> I'm going to restore latest prod data on it and setup a script to copy 
>> latest prod data so we can do some stress tests.
>> Eventually I'd like to move wordpress from web18a to osgeo7 I still 
>> need to proxy thru nginx and change the dns

> Would it make sense to try an upgrade before the stress-test ?
Upgrade of what part OS/wordpress/or you mean member/cpu etc? Wordpress-dev is a snapshot of web18a (current production server for www)
And I capped it to the same number of cores/disk space etc.
So aside from security updates and data should be the same.

More information about the Sac mailing list