KNEL/KNEL-bizopprodplan
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Activity

cleanup

Browse Source
This commit is contained in:
Charles N Wyble
2024-12-26 16:31:25 -05:00
parent 8ced82004f
commit 55768fc8b1
38 changed files with 29 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
Systems/Admin-Application/AppsAndServices.md Normal file
View File

@@ -0,0 +1,271 @@
# TSYS / Redwood Group Applications and Services
The goal of this section is to document all applications and services utilized by TSYS Group.
Welcome to the future, welcome to the first open source conglomerate! We have broken the page up into a number of sections, to aid navigation.
To our knowledge, we are the only organization in the known universe to fully document our stack and to fully open source it. Enjoy!
Go forth and create your own conglomerates! Solve big problems!
- [TSYS / Redwood Group Applications and Services](#tsys--redwood-group--applications-and-services)
- [Web Properties](#web-properties)
- [Redwood Group Properties](#redwood-group-properties)
- [Non Profit Properties](#non-profit-properties)
- [For Profit Properties](#for-profit-properties)
- [Coop Properties](#coop-properties)
- [Misc Properties](#misc-properties)
- [Services](#services)
- [Externally provided services](#externally-provided-services)
- [Internally provided services](#internally-provided-services)
- [R&D Applications](#rd-applications)
## Web Properties
### Redwood Group Properties
The below table documents the not primarily for profit entities performing capital raising and management for TSYS Group entities and their members.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------ |
| Redwood Group LLC | Sibling organization to TSYS Group for all capital raising and management | <https://www.redwgr.com> |
| Redwood Springs Capital Partners Management Co LLC | management company of the various funds setup to finance TSYS Group operations | <https://www.rwscp.net> |
| Redwood Family Office LLC | Wealth management/healthcare/estate planning/tax advice broker for LLC members and their families | <https://www.redwfo.com> |
### Non Profit Properties
The below table documents the non profit entities performing the educational, advocacy, lobbying and legislative functions for TSYS Group.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| Americans For A Better Network INC | A non profit (seeking 501c3 status) to educate americans about internet provider choices | <https://www.afabn.org> |
| Free Network Foundation INC | A defunct 501c3 (replaced by AFABN) | <https://www.thefnf.org> |
| Free Network Foundation INC | (wiki) comprehensive body of knowledge about community networking | <https://commons.thefnf.org> |
| Free Network Foundation INC | (static files) Assets (pdfs etc) linked from blog/wiki | <https://staticbits.thefnf.org> |
| Side Door (Solutions) Group INC | A non profit (seeking 501c4) / PAC to drive the necessary legislative and executive changes to enable internet for all | <https://www.sidedoorgroup.org> |
| TSYS Group Non Profit Portal | Landing page for non profits | <https://nonprofit.turnsys.com> |
### For Profit Properties
The below table documents the not primarily for profit entities performing the R&D and providing supporting services functions for TSYS Group.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------ |
| Axios Heart Studios LLC | Art, 2d,3d and other fabrication services for TSYS Group | <https://www.axiosheartstudios.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - technical blog and information | <https://www.suborbital-systems.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - product page | <https://www.meetmorse.com> |
| RackRental LLC | network and lab equipment rental by the hour for training, config testing, competitive testing | <https://www.rackrental.net> |
| Team Rental LLC | HR/staffing of IT/dev professionals (2 million net new job goal by 2025) | <https://www.teamrental.net> |
| Known Element Enterprises LLC | IT/business back office services | <https://www.knownelement.com> |
| Your Dream Name Here LLC | Business in a box | <https://www.yourdreamnamehere.com> |
| The PeerNet LLC | Community, media, public relations / (live/time shifted) streaming/broadcast service | <https://www.thepeernet.com> |
| The PeerNet LLC | Software platform powering ThePeerNet.com service | <https://www.ezpodstack.org> |
### Coop Properties
The below table documents the fairshares cooperatives for financing, building, owning and operating community networks.
| Entity | Description | Website |
| ----------------------------------------- | -------------------------------------------------------- | -------------------------------- |
| High Flight Network Finance Company LLC | Financing network builds | <https://www.hfnfc.net> |
| High Flight Network Operating Company LLC | User owned/operated network backbone | <https://www.hfnoc.net> |
| KickFund.me LLC | Crowdfunding of network and other infrastructure builds | <https://www.kickfund.me> |
| The Campus Trading Co LLC | treasury/investment management/market and other research | <https://www.thecampustrade.com> |
### Misc Properties
| Entity | Description | Website |
| -------------------- | -------------------------------------- | -------------------------------- |
| CNWCO LLC | Charles Wyble blog | <https://www.reachableceo.com> |
| Turn Net Systems LLC | Overall entity for many subsidiary LLC | <https://www.turnsys.com> |
| Turn Net Systems LLC | Governance information for TSYS group | <https://governance.turnsys.com> |
## Services
### Externally provided services
The below table documents the handful of things TSYS Group has yet to vertically integrate and turn into a profit center.
These are not free/libre/open services, that are externally hosted and represent a cost center.
| Function | Vendor Link |
| ----------------------------------------------- | -------------------------------------------------------------------------------------- |
| Corporate email | <https://www.microsoft.com/en-us/microsoft-365/buy/compare-all-microsoft-365-products> |
| OCR for expense management | <https://www.neat.com/> |
| Payment processing | <https://www.paypal.com/> <https://squareup.com/us/en)/> <https://stripe.com/> |
| Payment, treasury operations, wealth management | <https://www.goamplify.com/>) |
| Tax prep/audit and other CPA services | (coming soon) |
| Domain Registrar , DNS, | <https://www.ovh.com/ca/en/>) |
| Live audio/video and text chat | <https://discord.com/>) |
### Internally provided services
These are hosted services (internally hosted by IT) and accessed via either a thick client application or a web browser.
They are provided by Known Element Enterprises LLC.
| Function | Vendor | Application Instance |
| ---------------------------------------------- | --------------------------------------------------------------- | -------------------------------------------------- |
| Storage Array for enterprise wide use | <https://www.freenas.org/> | <http://pfv-stor1.turnsys.net/> |
| Storage Array for RackRental use | <https://www.freenas.org/> | <http://pfv-stor2.turnsys.net/> |
| Ad blocking | <https://pi-hole.net/> | <http://pihole1.turnsys.net/admin> |
| Ad blocking | <https://pi-hole.net/> | <http://pihole2.turnsys.net/admin> |
| IAM | <https://www.gluu.org/> | <https://accounts.turnsys.com> |
| Artifact store | <https://archiva.apache.org/> | <https://artifacts.turnsys.com> |
| Zero trust,BeyondCorp | <https://www.trasa.io/docs/> | <https://beyondcorp.turnsys.com/> |
| Billing platform | <https://killbill.io/> | <https://billing.turnsys.com> |
| Shared Bookmarks | <https://github.com/shaarli/Shaarli> | <https://bookmarks.knownelement.com/> |
| Building Automation | <https://www.home-assistant.io/> | <https://buildauto.turnsys.net/> |
| CAD | <https://collabcad.gov.in/eCollabCAD/> | <https://cad.turnsys.com> |
| CI/CD | <https://www.jenkins.io/> | <https://ci.turnsys.com/> |
| Support forum/KB/general discussion | <https://www.discourse.org/> | <https://community.turnsys.com/> |
| Editing of audio | <https://github.com/Yahweasel/craig | <https://craig.thepeernet.com> |
| Customer data analytics and management | <https://github.com/rudderlabs> | <https://custdash.turnsys.com> |
| Database access | <https://www.metabase.com/> | <https://db.turnsys.com> |
| ERP | <https://erpnext.org/> | <https://erp.turnsys.com/> |
| WebForms | <https://easyforms.dev/> | <https://forms.turnsys.com> |
| Configuration management | <https://github.com/team-video/aviary.sh> | <https://git.turnsys.com/TSGTechops/ConfigMgmt> |
| Source code management | <https://gitea.io/en-us/> | <https://git.turnsys.com> |
| Docker registry | <https://goharbor.io/> | <https://docker-reg.turnsys.com> |
| Customer Helpdesk | <https://freescout.net/> | <https://support.turnsys.com> |
| Business logic/workflow execution | <https://github.com/huginn/huginn> | <https://huginn.turnsys.com> |
| Asset management/inventory | <https://glpi-project.org/> | <https://inventory.turnsys.com/> |
| Mobile Device Management | <https://www.flyve-mdm.com/> | <https://inventory.turnsys.com> |
| SSH Jump <audited,logged,2fa etc> | <https://www.bastillion.io/> | <https://jumpssh.turnsys.com/> |
| Code Notebook | <https://www.github.com/jupyter/enterprise_gateway> | <https://jupyter.turnsys.com> |
| Engineering Notebook | <https://www.elabftw.net/> | <https://labnotebook.turnsys.com> |
| Training/coursework | <https://www.instructure.com/canvas/> | <https://learn.turnsys.com> |
| Mail Archiving/retention/legal/regulatory hold | <https://www.mailpiler.org/wiki/start> | <https://legalhold.turnsys.com> |
| Email Discussion lists | Mailman | <https://mailman.turnsys.com> |
| Marketing Campaigns | <https://www.mautic.org/> | <https://marketing.iurnsys.com/> |
| Out of band system access | <https://www.meshcommander.com/meshcommander> | <https://meshoob.turnsys.net> |
| Budget/Finance analytics/modeling etc | <https://www.firefly-iii.org/> | <https://moneystuff.turnsys.com/> |
| Service Availability Monitoring | <https://www.librenms.org/> | <https://halfthefarm.turnsys.com/> |
| File sync/Groupware | <https://nextcloud.com/hub/> | <https://nextcloud.turnsys.com/> |
| Video surveillance | <https://shinobi.video/> | <https://nvr.turnsys.net> |
| Automated Security Auditing and reporting | <https://openvas.org/> | <https://openvas.turnsys.com/> |
| Pastebin | <https://github.com/claudehohl/Stikked> | <https://paste.turnsys.com> |
| IP Routing/firewalling/DHCP/IDS/IPS/Proxy etc | <https://opnsense.org/> | <https://pfv-core-rtr01.turnsys.net/> |
| IP Routing/firewalling/DHCP/IDS/IPS/Proxy etc | <https://opnsense.org/> | <https://pfv-core-rtr02.turnsys.net/> |
| Photo Management | <https://piwigo.org/> | <https://photos.turnsys.com/> |
| IP Address Management | <https://phpipam.net/> | <https://phpipam.turnsys.com/index.php?page=login> |
| Outbound Newsletters | <https://www.phplist.com/> | <https://phplist.turnsys.com/lists/admin/> |
| Password Management | <https://github.com/dani-garcia/bitwarden_rs> | <https://pwvault.turnsys.com> |
| Secrets Management | <https://github.com/envwarden/envwarden> | <https://pwvault.turnsys.com> |
| Read later | <https://wallabag.com>> | <https://readlater.turnsys.com> |
| Research archive management | <https://archivebox.io/> | <https://research.turnsys.com> |
| Document review/change tracking workflow | <https://www.reviewboard.org/> | <https://review.turnsys.com/> |
| RSS Feed Management | <https://www.freshrss.org/> | <https://rss.knownelement.com> |
| orchestration | <https://www.rundeck.com/open-source> | <https://rundeck.turnsys.net/> |
| Document Creation and management | <https://sandstorm.io/> | <https://sandstorm.turnsys.com> |
| Full text Search | <https://ambar.cloud/> | <https://search.turnsys.com> |
| Host IDS / SIEM | <https://wazuh.com/> | <https://siem.turnsys.com> |
| Streaming of live audio/video | <https://openstreamingplatform.com/> | <https://streaming.thepeernet.com/> |
| Backups | BareOS | <https://tsys-dc-01.turnsys.net/bareos-webui/> |
| Inbound PSTN voice communications | <https://www.sipwise.com/> | <https://voice.turnsys.com> |
| Voting | TBD | <https://voting.turnsys.com> |
| Web Analytics | <https://matomo.org/> | <https://webstats.turnsys.com/> |
| Shared whiteboard | <https://wbo.ophir.dev/> | <https://whiteboard.turnsys.com/> |
| 501c3 donor management/CRM | <https://civicrm.org/home> | <https://www.afabn.org/crm> |
| 501c4 donor management/CRM | <https://civicrm.org/home> | <https://www.sidedoorgroup.org/crm> |
| Streaming of time shifted audio/video | <https://git.turnsys.com/ThePeerNetwork/PodcastAsAServiceStack> | N/A |
| Serverless | <https://github.com/openfaas/faasd/> | N/A |
| Offline Root CA | <https://hohnstaedt.de/xca/> | N/A |
| On demand system provisioning | <https://maas.io/> | N/A |
| Internal CA | <https://github.com/cloudflare/cfssl> | N/A (API Driven) |
| Business Process Mapping | TBD | TBD |
| Computer aided dispatch | TBD | TBD |
| E-signature and contract management | TBD | TBD |
| Process mining | TBD | TBD |
>
## R&D Applications
These are thick client applications installed locally on a developer workstation.
This software has two modes of deployment:
- downloaded from the vendor and setup on your physical workstation (used for dev/testing/experimenting)
- downloaded from the /subo directory and ran on your physical workstation or run from the /subo directory on a virtual workstation you login to remotely
The software that is built/deployed in /subo is the only version approved for production use.
The exception to that is if it has an OTS notation next to it's name, in which case you can use the latest stable version from the vendor.
| Program | Used By | Link | Product Scope |
| -------------------- | ------------------ | ------------------------------------------------------------------------ | ------------------------------------------------- |
| android studio (OTS) | Team-SwEng | <https://developer.android.com/studio> | MorsePod |
| argouml (OTS) | All | <https://github.com/argouml-tigris-org/argouml> | All |
| bitwaden (OTS) | All | <https://bitwarden.com/> | N/A |
| Blender | Team-MechEng/HwEng | <https://www.blender.org/> | MorseFlyer, MorseSkynet |
| bonita (OTS) | All | <https://www.bonitasoft.com/> | All |
| calibre (OTS) | All | <https://calibre-ebook.com/> | N/a |
| camotics | Team-MechEng | <https://camotics.org/> | MorseFlyer (avionics), MorseSkynet |
| chisel | Team-HwEng | <https://www.chisel-lang.org/> | MorseSkynet |
| CodeAster | Team-MechEng | <https://www.code-aster.org/V2/spip.php?rubrique2> | MorseFlyer (envelope/parafoil/airframe) |
| Cubit Toolkit | Team-MechEng | <https://cubit.sandia.gov/> | MorseFlyer (envelope/parafoil/airframe) |
| CUDA SDK | Team-HwEng | <https://developer.nvidia.com/cuda-zone> | MorseFlyer (envelope/parafoil/airframe) |
| Cura | Team-MechEng | <https://ultimaker.com/software/ultimaker-cura> | MorseFlyer (envelope/parafoil/airframe) |
| DbEaver(OTS) | Team-SwEng | <https://dbeaver.io/> | MorseFlyer(avionics), RacKRental.net, HFNOC |
| docear (OTS) | All | <https://docear.org/> | N/A |
| Docker Desktop (OTS) | All | <https://www.docker.com/products/docker-desktop> | All |
| embitz (OTS) | Team-SwEng/HwEng | <https://www.embitz.org/> | MorseSkynet |
| Esim | Team-HwEng | <https://esim.fossee.in/> | MorseFlyer (avionics), MorseSkynet |
| Flora | Team-HwEng/SwEng | <https://flora.aalto.fi/> | MorseFlyer (avionics), MorseSkynet |
| Freecad | Team-MechEng/HwEng | <https://github.com/FreeCAD> | MorseFlyer, MorseSkynet |
| gerber2graphtec | Team-HwEng | <https://github.com/pmonta/gerber2graphtec> | MorseFlyer, MorseSkynet |
| gerber2graphtec | Team-HwEng | <https://github.com/colinoflynn/gerber2graphtec/>> | MorseFlyer, MorseSkynet |
| Gerby | Team-HwEng | <http://gerbv.geda-project.org/> | MorseFlyer (avionics), MorseSkynet |
| ghidra (OTS) | Team-SwEng | <https://ghidra-sre.org/> | ALl (SDLC) |
| gnuradio | Team-HwEng | <https://www.gnuradio.org/> | MorseSkynet |
| GprMax | Team-HwEng | <https://github.com/gprMax/gprMax> | MorseFlyer (avionics), MorseSkynet |
| grass gis (OTS) | Team-SwEng | <https://grass.osgeo.org/> | HFNOC |
| graywolf | Team-HwEng | <https://github.com/rubund/graywolf> | MorseSkynet |
| inkscape | Team-HwEng/MechEng | <https://inkscape.org/> | MorseFlyer, MorseSkynet |
| jxplorer (OTS) | Team-IT | <http://jxplorer.org/> | HFNOC/HFNFC |
| keybase | All | <https://keybase.io> | N/A |
| Kicad | Team-HwEng | <https://gitlab.com/kicad/code/kicad> | MorseFlyer (avionics), MorseSkynet |
| Librecad | Team-MechEng/HwEng | <https://librepcb.org/> | MorseFlyer, MorseSkynet |
| LibrePCB | Team-hwEng | <https://librepcb.org/> | MorseFlyer (avionics), MorseSkynet |
| metasploit | Team-SwEng | <https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers> | All (SDLC) |
| Microsoft R (OTS) | Team-HwEng | <https://mran.microsoft.com/open> | MorseFlyer (envelope/parafoil/airframe)(avionics) |
| NasaTran95 | Team_MechEng | <https://github.com/nasa/trick> | MorseFlyer (envelope/parafoil/airframe) |
| NasaTrick | Team_MechEng | <https://github.com/nasa/trick> | MorseFlyer (envelope/parafoil/airframe) |
| NgSpice | Team-HwEng | <http://ngspice.sourceforge.net/resources.html> | MorseFlyer (avionics), MorseSkynet |
| obs (OTS) | All | <https://obsproject.com/> | N/A |
| Octave | Team-MechEng | <https://hg.savannah.gnu.org/hgweb/octave> | MorseFlyer (envelope/parafoil/airframe) |
| OneLAB | Team-MechEng | <http://onelab.info/> | MorseFlyer (envelope/parafoil/airframe) |
| open 3d model viewer | Team-MechEng | <https://acgessler.github.io/open3mod/> | MorseFlyer (envelope/parafoil/airframe) |
| OpenGribs | Team-SwEng | <https://opengribs.org/en/> | HFNOC |
| openscap (OTS) | Team-IT | <https://www.open-scap.org/tools/scap-workbench/> | All (SDLC) |
| OpenVSP | Team-MechEng | <http://openvsp.org/> | MorseFlyer (envelope/parafoil/airframe) |
| OWASP Threat Dragon | Team-SwEng | <https://owasp.org/www-project-threat-dragon/> | All (SDLC) |
| Pandoc (OTS) | All | <https://pandoc.org/> | All |
| Paraview | Team-MechEng | <https://www.paraview.org/> | MorseFlyer (envelope/parafoil/airframe) |
| PHP runtime | Team-SwEng | <http://devilbox.org/> | RackRental |
| polar (OTS) | All | <https://getpolarized.io/> | N/a |
| postman (OTS) | Team-SwEng | <https://www.postman.com/> | RackRental/HFNOC |
| qgis (OTS) | Team-SwEng | <https://qgis.org/en/site/> | HFNOC |
| qrouter | Team-HwEng | <http://opencircuitdesign.com/qrouter/> | MorseFlyer (avionics), MorseSkynet |
| rstudio (OTS) | Team-HwEng | <https://www.rstudio.com/> | MorseFlyer (envelope/parafoil/airframe) |
| SciKit-RF | Team-HwEng | <https://scikit-rf.readthedocs.io/en/latest/> | MorseFlyer (avionics), MorseSkynet |
| SciLab | Team-MechEng | <https://www.scilab.org/> | MorseFlyer (envelope/parafoil/airframe) |
| sdrsharp | Team-HwEng | <https://www.rtl-sdr.com/tag/sdrsharp/> | MorseSkynet |
| Solvespace | Team-MechEng | <https://solvespace.com/index.pl> | MorseFlyer, MorseSkynet |
| sweethome3d (OTS) | Team-MechEng | <http://www.sweethome3d.com/> | MorseCollective |
| udig (OTS) | Team-SwEng | <http://udig.refractions.net/> | HFNOC |
| VirtualSatellite | Team_MechEng | <https://github.com/virtualsatellite> | MorseFlyer (envelope/parafoil/airframe) |
| vym (OTS) | All | <http://www.insilmaril.de/vym/> | All |
| Warp3d | Team_MechEng | <http://www.warp3d.net/> | MorseFlyer (envelope/parafoil/airframe) |
| worldwind (OTS) | Team-HwEng | <https://worldwind.arc.nasa.gov/> | HFNOC |
| xilinx | Team-HwEng | <https://www.xilinx.com/> | MorseSkynet |
| Xilinx | Team-HwEng | <https://www.xilinx.com/support/download.html> | MorseSkynet |
| YoSys | Team-HwEng | <http://www.clifford.at/yosys/> | MorseSkynet |
| Evolus Pencil | Team-Design | <https://pencil.evolus.vn/> | All |
| yEd | Team-Design | <https://www.yworks.com/products/yed> | All |
| oss-fuzz | Team-IT | <https://github.com/google/oss-fuzz> | All |
| cluster fuzz | Team-IT | <https://github.com/google/clusterfuzz> | All |

98
Systems/Admin-Application/RuntimeLayer.md Normal file
View File

@@ -0,0 +1,98 @@
# TSYS Group Web Application Runtime Layer
## Introduction
The TSYS Group needs a web application runtime layer for it's myriad of applications.
## Broad Requirements for runtime layer
* No single point of failure
* High availability/auto recovery for containers
* Distributed/replicated persistent storage for containers
## Major components of runtime environment
### storage
Replicated storage that fulfills the persistent volume claim of docker containers.
Deployed on www1,2,3 virtual machines (k3s worker nodes).
Deployed on subord virtual machine (k3s worker node for r&d).
Using longhorn
### container runtime, control plane, control panel
* Kubernetes load balancer , (metallb). Only TCP load balancing is used , as all intelligence (certs/layer 7 etc) is handled by Opnsense
* Kubernetes runtime environment (k3s from Rancher labs)
* workers
* control plane
* control panel
* Kubernetes runtime environment control panel
* Rancher
* authenticates to TSYS LDAP
Control plane is deployed on db1,2,3
Workers are deployed on www1,2,3
### Core container functionality (running as containers on the platform)
* docker registry
* IAM
* API gateway
* Jenkins
* all the above installed as containers running on the kubernetes runtime.
* all the above configured for LDAP authentication
* all the above no other configuration of the components would be in scope
### Applications to deploy/migrate on the runtime platform
### PAAS
* blue/green and other standard deployment methodologies
* able to auto deploy from ci/cd
* orchestrate all of the primitives (load balancer, port assignment etc) (docker-compose target? helm chart? is Rancher suitable?)
## General notes
## A suggested prescriptive technical stack / Work done so far
Followed some of this howto:
<https://rene.jochum.dev/rancher-k3s-with-galera/>
Enough to get k3s control plane and workers deployed:
```
root@db1:/var/log/maxscale# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
db2 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.2 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
db3 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.3 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
db1 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.1 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
www1 Ready <none> 30d v1.20.4+k3s1 10.251.50.1 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
www2 Ready <none> 30d v1.20.4+k3s1 10.251.50.2 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
root@db1:/var/log/maxscale#
```
and a bit of load balancing setup going:
```
fenixpi% kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
metallb-system speaker-7nsvs 1/1 Running 10 30d 10.251.51.2 db2 <none> <none>
kube-system metrics-server-86cbb8457f-64ckz 1/1 Running 18 16d 10.42.2.23 db1 <none> <none>
kube-system local-path-provisioner-5ff76fc89d-kcg7k 1/1 Running 34 16d 10.42.2.22 db1 <none> <none>
metallb-system controller-fb659dc8-m2tlk 1/1 Running 12 30d 10.42.0.42 db3 <none> <none>
metallb-system speaker-vfh2p 1/1 Running 17 30d 10.251.51.3 db3 <none> <none>
kube-system coredns-854c77959c-59kpz 1/1 Running 13 30d 10.42.0.41 db3 <none> <none>
kube-system ingress-nginx-controller-7fc74cf778-qxdpr 1/1 Running 15 30d 10.42.0.40 db3 <none> <none>
metallb-system speaker-7bzlw 1/1 Running 3 30d 10.251.50.2 www2 <none> <none>
metallb-system speaker-hdwkm 0/1 CrashLoopBackOff 4633 30d 10.251.51.1 db1 <none> <none>
metallb-system speaker-nhzf6 0/1 CrashLoopBackOff 1458 30d 10.251.50.1 www1 <none> <none>
```
Beyond that, it's greenfield.

94
Systems/Admin-Application/WebServerSetupNotes.md Normal file
View File

@@ -0,0 +1,94 @@
# TSYS Group - IT Documentation - Applications - Web Server Setup
- [TSYS Group - IT Documentation - Applications - Web Server Setup](#tsys-group-it-documentation-applications-web-server-setup)
- [packages to install](#packages-to-install)
- [php modifications](#php-modifications)
- [memcache](#memcache)
- [php config changes](#php-config-changes)
- [apache](#apache)
- [apache configuration mods needed](#apache-configuration-mods-needed)
- [apache modules needed](#apache-modules-needed)
- [apache tweaks performed](#apache-tweaks-performed)
- [scripts to load](#scripts-to-load)
- [TSYS root ca and UCS DC root cert](#tsys-root-ca-and-ucs-dc-root-cert)
These notes capture actions taken to build the www vm around 9/15 to 10/1 2020.
## packages to install
* php stuff and other packages needed :
```console
sudo apt install memcached php7.4 php7.4-mysqli php7.4-fpm php7.4-mbstring php7.4-xml php7.4-imap php7.4-json php7.4-zip php7.4-gd php7.4-curl php7.4-ldap php7.4-gd php7.4-gmp php-par php-apcu jq unzip python3-pip —no-install-recommends
```
## php modifications
### memcache
root@www:/etc/php/7.4/fpm/conf.d# grep -v ^\; 20-memcache.ini
extension=memcache.so
[memcache]
memcache.allow_failover="1"
memcache.max_failover_attempts="20"
memcache.default_port="11211"
memcache.hash_strategy="consistent"
session.save_handler="memcache"
session.save_path = 'tcp://10.251.51.1:11211,tcp://10.251.51.2:11211,tcp://10.251.51.3:11211'
memcache.redundancy=1
memcache.session_redundancy=4
### php config changes
Timezone
## apache
### apache configuration mods needed
-- alter site config for fpm socket to php7.4-fpm (from 7.3) (socket path)
### apache modules needed
* headers
* deflate
* rewrite
* proxy
* proxy_http
* proxy_fcgi
* cache_disk
### apache tweaks performed
* 1153 sudo a2dismod mpm_prefork
* 1154 sudo a2enmod mpm_event
* 1155 sudo apt install libapache2-mod-fcgid
* 1156 sudo a2enconf php7.2-fpm
* 1157 sudo a2enconf php7.-fpm
* 1158 sudo a2enconf php7.4-fpm
## scripts to load
```console
sandstorm-cert.sh
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d '*.sandstorm.turnsys.com' -d sandstorm.turnsys.com
```
## TSYS root ca and UCS DC root cert
Without having the domain root cert present, none of the apps will be able to validate teh domain controller certificate presented during authentication.
```console
root@www:/usr/local/share/ca-certificates# ls -l
total 12
drwxr-xr-x 2 root root 4096 Sep 28 20:43 extra
lrwxrwxrwx 1 root root 13 Sep 28 20:44 tsys-root.crt -> tsys-root.pem
-r--r--r-- 1 root root 822 Sep 28 20:43 tsys-root.pem
lrwxrwxrwx 1 root root 12 Sep 28 20:44 ucs-root.crt -> ucs-root.pem
-rw-r--r-- 1 root root 2094 Sep 28 20:43 ucs-root.pem
root@www:/usr/local/share/ca-certificates#
```