Skip to content

De-baremetalify louvre

louvre currently performs the following tasks:

  1. hypervisor in the proxmox cluster, hosting a single container, uffizi
  2. main network interconnect between the internal VLAN440 and azure (as mentioned in https://forge.softwareheritage.org/#1526).
  3. main openvpn server for admin access to the infrastructure
  4. backup centralization host (with nfs access to space on SESI's filer)
  5. main administration machine (with root SSH key and clustershell configuration)
  • The first task is just a remnant of this machine's historical function as our main hypervisor. There's no need to migrate it.
  • Tasks 2-3 are critical to the good operation of our infrastructure, but could be delegated to a VM (we don't really have a bare metal host to put them anyway).
  • Task 4 only centralizes a bunch of crontabs, which scp files from all the hosts to a NFS mount
  • Task 5 is just a "nice to have" and can easily be moved to another machine, e.g. pergamon which is already a sensitive host on the infra by means of being the puppet master.

The only critical part of these tasks is 2-3 and to some extent 4; 2-3 are attached to the network configuration of the host (all three ip addresses), and therefore are somewhat tricky functions to move. 4 is currently bound to the external ip address of louvre, but that could be changed by making a ticket to SESI asking access for another machine.

Migrated from T1895 (view on Phabricator)