Fedora Infrastructure is a pretty traditional IT shop that does things in a pretty well known and well used way in deploying applications for end user use. We package up applications and all their dependencies as rpms and get them reviewed and pushed into epel and then deploy them on vm's. We create dev instances in openstack cloud instances, then graduate to staging (which is setup as much like production as we can) and then finally rolling out to production.
While this model works great, there's a number of new tools on the horizon we may be able to explore and take advantage of. This page lists some of our hard requirements and provides a space to look at some pilot applications or needs using new tools and workflows.
Nothing here is set yet.
There are some requirements that we MUST have in deploying anything.
- 100% Open source.
- Repeatable: Other interested parties should be able to duplicate exactly what we have easily.
- Security updates must be easy to check for and apply.
- Easy to backup (either all data is in db or some other way to tell)
- Monitoring via nagios: Can we tell what should be running and monitor it?
- HA: allow us to upgrade parts at a time and/or with 0 downtime.
- Clear logging from each app to allow us to know problems with it.
- Backups of all data (or db if all data is in db).
- selinux enforcing
- Clear docs on how to manage the application.
- Allow access to specific groups.
- selinux can be permissive, but issues should be fixed up.
- Typically run in transient cloud instances, no real requirements.
- Should we consider other statuses? User run? Non critical? One off apps for testing something? Need to set very clear expectations.
Nice to have
- Ansible management
Next generation tools
- docker / containers
- openstack cloud
Possible Pilot apps
- A pastebin service
- wordpress instances
- *pad (etherpad/piratepad/etc)
- Some dev versions of our existing apps (for more rapid testing).
- A docker container running track, ready to deploy on short notice with minimal efforts.
- Run Atomic/Os-tree on the koji builder (instead of the classic Fedora we use now), might provide an additional security layer as someone escaping the chroot would end up on a, almost competely, read-only system
- On demand "pack" of stuff in a container... ie, all you need for a FAD or Fudcon or Flock or brainstorming session, etc.