Systems Management Project
I'm just recording some ideas here for this project.
Note that when I refer to a 'project' here the actual implementation should probably refer to them as a 'client', 'customer', etc. For us, clients are usually projects.
Applications
Virtual Machine Management
For our primary virtual machine hosting (what we should focus on for now) we are moving to Ganeti
Ganeti offers an HTTP API for management that we should probably use in some way
For documentation see here
Use Cases
OSL Sysadmin Creates VM
sysadmin logs in, navigates to VM manager
sysadmin selects create VM (wizard?)
sysadmin enters VM name, operating system,
DNS info, project, etc
wizard updates
DNS, inventory, etc
*then* wizard creates VM.
One oddity of ganeti is that the VM name must resolve (
DNS) *before* ganeti can create the VM.
This might require job scheduling of some sort?
Project member reboots VM
Project member logs in, navigates to VM manager
Project member views project VMs
Project member selects VM for reboot
Project member clicks through a scary warning
VM gets rebooted
DNS Management
Keep in Mind
A 'domain' can have a lot of stuff in it (ie, osuosl.org). The Linode interface referenced below is fine (preferred?) for a small domain, but for a domain with hundreds of records a better way to browse the domain is needed.
The app has to interface with the
DNS servers somehow
Maintain generates and syncs out config files on a schedule
Bind supports remote updates with the 'nsupdate' utility
Could push out configs with whatever RPC mechanism is being used for everything else (mcollective?)
Use Cases
Project member configures
DNS
Project member purchases domain from registrar
Project member configures domain to use OSL nameservers
Project member logs into the OSL management system and navigates to the
DNS section
Project member adds domain info to OSL management system
Look here for
something similar (I, Russell, have an account there if anyone wants to play with it)
Project member adds
DNS record
Project member logs into OSL management system and navigates to the
DNS section
Project member selects the domain they want to modify
Project member clicks add record (of specific type?)
Project member adds record details and clicks save
Project member adds MX Records
Project member logs in, navigates to
DNS management and selects domain
Project member selects add MX record
Project member elects to use OSL mail relays
Application automatically fills in smtp1.osuosl.org, smtp2.osuosl.org, etc
OSL Sysadmin (or project member?) adds a host
Sysadmin logs in, navigates to
DNS and selects domain (default domains would be good)
Sysadmin starts 'add a host wizard'
Sysadmin fills in relevant details (A record, PTR, DHCP info, etc)
The ability to create custom 'wizards' like this for common tasks would be good
Ideally it should add data to inventory, etc
Permissions
I wanted to get down some thoughts on this because I'm not sure how obvious it is how this works.
We host projects
Projects have resources (servers, domains, etc)
Projects may have sub-projects which may need access to some resources
Not everyone in a project who needs access to one thing should have access to all things
We generally have access all of a managed projects resources (not all projects are managed)
My guess would be some sort of tree structure:
Datacenter (The OSL)
Project 1
Project 2
Corvallis Branch
Europe Branch
Joe is the lead sysadmin for Project 1, and a DNS admin for Project 2, Corvallis branch. He may access any resource for project 1, but only DNS for project 2. He may create child roles/subprojects for Project 1 but not project 2.
Dave is the lead sysadmin for Project 2. He may access any resource belonging to Project 2 and create any role/subproject he wishes.
Russell is a sysadmin for the OSL. He can do whatever he wants (evil laughter?)
