Browse Source

readme wording

master
forest 2 years ago
parent
commit
a637e2ca7f
  1. 4
      ReadMe.md
  2. 20
      notes.txt

4
ReadMe.md

@ -11,11 +11,11 @@ Rootsystem starts the first time a server.garden system boots, and it uses provi
- [spigot](https://git.sequentialread.com/forest/spigot), the consensus & leader-election service
- [caddy](https://caddyserver.com/v2), the Let's Encrypt ACME client, TLS terminator & reverse-proxy
Rootsystem will create one `terraform-global` project first, where it configures a DNS entries and/or a cloud instance to act as an ingress gateway.
Rootsystem will create one `terraform-global` project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.
Then, it will create a `terraform-local-<node-name>` project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.
In the future, rootsystem will also have a Continuous-Integration-Ish role, where it handles configuration changes as they are posted & re-runs builds as needed.
In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.
Rootsystem has no user-interface of its own, however, it is tightly coupled to the [seedpacket](https://git.sequentialread.com/forest/seedpacket) desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.

20
notes.txt

@ -4,7 +4,7 @@ TODO:
Clean up post_to_object_storage_shell_script. Make it a template rather than a variable?
forest@tower:~/Desktop/git/rootsystem/terraform-modules/ansible-threshold-server$ ansible-playbook --private-key '/home/forest/Desktop/git/rootsystem/ssh/severgarden_builtin_ed22519' -i '104.131.56.31,' -u root -e 'domain=server.garden arch=amd64' playbook.yml
@ -16,3 +16,21 @@ Currently this backend only has two options, either use a public x.509 trust bas
So we will have to modify terraform to add a new "Trusted CAs" option here: https://github.com/hashicorp/terraform/blob/master/backend/remote-state/http/backend.go
That way we can make our own CA, our own certificate, and then tell terraform to trust that CA. Then terraform can connect to our HTTP server securely for remote state storage.
curl --cacert "server.garden_CA.crt" \
--key "pi4@server.garden.key" \
--cert "pi4@server.garden.crt" \
-sS https://server.garden:9056/clients | jq .
curl --cacert "server.garden_CA.crt" \
--key "pi4@server.garden.key" \
--cert "pi4@server.garden.crt" \
-X PUT -H "Content-Type: application/json" \
-d @tunnels.json \
-sS https://server.garden:9056/tunnels | jq .

Loading…
Cancel
Save