||9 months ago|
|ansible-roles||9 months ago|
|ansible-wrapper||1 year ago|
|application-modules||9 months ago|
|automation||9 months ago|
|configuration||1 year ago|
|host-key-poller||1 year ago|
|objectStorage||1 year ago|
|pki||1 year ago|
|terraform-modules||1 year ago|
|.gitignore||1 year ago|
|ReadMe.md||1 year ago|
|build.sh||1 year ago|
|lock.go||1 year ago|
|main.go||1 year ago|
|notes.txt||1 year ago|
|pull.sh||1 year ago|
|terraformStateHandler.go||1 year ago|
server.garden Privileged Automation Agent
mkdir -p ssh ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519 go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go go build -o host-key-poller/host-key-poller host-key-poller/main.go # you will have to provide a complete config file. normally this would be provideded by seedpacket nano config.json go run *.go
Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.
Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:
- threshold, the public-internet-facing gateway & TCP reverse tunnel
- serviceroad, the peer-to-peer vpn
- spigot, the consensus & leader-election service
- caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy
Rootsystem will create one
terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.
Then, it will create a
terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.
In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.
Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.