sysadm: bootstrap the winery deployment documentation

d35a74e8 · Vincent Sellier · f97dd58b · d35a74e8 · d35a74e8 · d35a74e8
Verified Commit d35a74e8 authored 1 year ago by Vincent Sellier
--- a/docs/sysadm/data-silos/index.rst
+++ b/docs/sysadm/data-silos/index.rst
@@ -8,3 +8,4 @@ Data silos
   cassandra/index
   kafka/index
   elasticsearch/index
+   winery/index
--- a/docs/sysadm/data-silos/winery/index.rst
+++ b/docs/sysadm/data-silos/winery/index.rst
+.. _winery:
+
+Winery Deployment
+==========
+
+.. admonition:: Intended audience
+   :class: important
+
+   sysadm staff members
+
+This page documents the production deployment of winery and the ceph cluster on the **production**
+environment.
+
+.. toctree::
+   network
--- a/docs/sysadm/data-silos/winery/network.rst
+++ b/docs/sysadm/data-silos/winery/network.rst
+.. _winery-network:
+
+Winery Network Documentation
+============================
+
+.. admonition:: Intended audience
+   :class: important
+
+   sysadm staff members
+
+
+VPN Access
+----------
+
+The winery environment is hosted in a CEA's datacenter.
+
+All the traffic between the main |SWH| datacenter and the CEA datacenter is encapsulated in an
+IPSEC VPN.
+
+A second IPSEC VPN is available to reach the management network in case an access to the servers's
+IDRac is needed.
+
+
+.. figure:: ../../images/winery/vpn-macro.svg
+   :alt: Macro architecture of the VPNs
+   :width: 600px
+
+\* This is the target, currently (2024-03-06), the access vpn is not up and all the traffic
+is handled by the management VPN.
+
+
+Network configuration
+---------------------
+
+The network equipment are organized like this:
+
+.. figure:: ../../images/winery/switches.svg
+   :alt: Macro architecture of the VPNs
+   :width: 600px
+
+The management and access networks are physically isolated.
+
+Each server has a physical link plugged to 2 different switches with LACP activated for the access
+network.
+
+The details of the installation is available in the
+`internal inventory <https://inventory.internal.admin.swh.network/dcim/rack-elevations/?site_id=7>`_
+
+The network is composed several ip ranges:
+
+============ ====================== ============================ ======== ==== ==== ======== =======
+Range        Description            VLAN                         Frontend MONs OSDs Switches Bastion
+============ ====================== ============================ ======== ==== ==== ======== =======
+X.X.X.X/28   Uplink vlan            Uplink - Frontend / ID CEA   X
+X.X.X.X/28   Uplink vlan            Uplink - Management / ID CEA                             X
+10.25.6.0/24 Default / installation Default / 1                  X        X    X
+10.25.1.0/24 VLAN for ceph access   Ceph clients / 2             X        X    X
+10.25.2.0/24 VLAN for ceph internal Ceph cluster / 3                           X
+10.25.3.0/24 Management addresses   None                         X        X    X    X
+============ ====================== ============================ ======== ==== ==== ======== =======
+
+Inside each range, the addresses are dispatched according these rules:
+
+========= =========
+Type      Range
+========= =========
+Frontend  .1-.10
+MONs      .11-.20
+OSDs      .21-.100
+Switches  .240-.253
+GW        .254
+========= =========
+
+
--- a/docs/sysadm/data-silos/winery/tables.md
+++ b/docs/sysadm/data-silos/winery/tables.md
+pandoc -f markdown -t rst   tables.md  -o /tmp/tables.rst --columns=120
+
+|    Range     |      Description       |             VLAN             | Frontend | MONs  | OSDs  | Switches | Bastion |
+| ------------ | ---------------------- | ---------------------------- | :------: | :---: | :---: | :------: | :-----: |
+| X.X.X.X/28   | Uplink vlan            | Uplink - Frontend / ID CEA   |    X     |       |       |          |         |
+| X.X.X.X/28   | Uplink vlan            | Uplink - Management / ID CEA |          |       |       |          |    X    |
+| 10.25.6.0/24 | Default / installation | Default / 1                  |    X     |   X   |   X   |          |         |
+| 10.25.1.0/24 | VLAN for ceph access   | Ceph clients / 2             |    X     |   X   |   X   |          |         |
+| 10.25.2.0/24 | VLAN for ceph internal | Ceph cluster / 3             |          |       |   X   |          |         |
+| 10.25.3.0/24 | Management addresses   | None                         |    X     |   X   |   X   |    X     |         |
+
+
+|   Type   |   Range   |
+| -------- | --------- |
+| Frontend | .1-.10    |
+| MONs     | .11-.20   |
+| OSDs     | .21-.100  |
+| switches | .240-.253 |
+| GW       | .254      |
--- a/docs/sysadm/images/winery/switches.drawio
+++ b/docs/sysadm/images/winery/switches.drawio
+<mxfile host="Electron" modified="2024-03-06T15:22:26.037Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.7.9 Chrome/85.0.4183.121 Electron/10.1.3 Safari/537.36" etag="iIFHdGq9gx3uVH7roFF-" version="13.7.9" type="device"><diagram id="4CMOYC2556_6KT3wwi5M" name="Page-1">7Vxbb6M4FP41eWzkC9fHaTqZ0WoqVequdvepcsFJUAnOAJ2k8+vXEEOwTRKaAGnoZkZqOBiDz3e+czPtCE+Wm28xWS3umU/DEQL+ZoTvRghBjG3+I5O8bSW26WwF8zjwxaCd4DH4TYUQCOlr4NNEGpgyFqbBShZ6LIqol0oyEsdsLQ+bsVC+64rMqSZ49EioS/8O/HSxlTrI3sm/02C+KO4MLXd7ZkmKwWIlyYL4bF0R4a8jPIkZS7fflpsJDTPlFXrZXjfdc7Z8sJhGaZMLlkZ085PcP/zx9BMn8Ptf02fweIPFw/0i4atYsXja9K1QQcxeI59ms8ARvl0vgpQ+roiXnV1z0LlskS5DcXoWhOGEhSzOr8Wz2Qx5HpcnacxeaOWMbz1bpsXPiAegcUo3e5cGS4VxS6NsSdP4jQ8RF5iuWIYwMmiI4/UOMliMWVTgQsX6iTCTeTn3TpP8i1DmOxRbGMh1KxY6xxWLnX4Ve1yvnGmr7OtyM8+c0jgm3st4seL/n1YxCwMSpU9+iBGgT3NH1nJInmn4wJIgDVjEZfF2SbckDObZcUhn2WHCYQqi+Y/86A6aXOSTZJFjCbLzBddBLXL80w4+FlDwcWoM34I6PvyRu4EHN4BHtVgr/7QFhKR7CRX2moZBxO9chAoBlW4scxrRmITjZB2k3oImT7AdvFAjvGr41BmdjP/xOoAXVv3fxfEyNbwmgGdU4DFfuYYdX3oqAyWjGbGIKi5KiArgPK4qyuW3mSIDnhh9ESeWge9nt6kNXLvQBjpijqUjURuIugJCj+8TYH8CIDRK1ABh9wmEqwFxTyKeli+zBe3wANldEMhBGio2liljg1GNu4Juj+4KNqgvPnF8QTaUAENuM6/WHV6wxq1ZJY3gcLkDXRmKD8CdJqXO5+UOVor+Wu7UlD7d4aXXPlXu6OANhjsG+nDcsY5zh0b+l6xDuFNrBYntaOpr3cGjOqms2axx3YUspiFJg1/y9HV6EHd4YEGez+ytTNyxI0+SsNfYo+I6VGkMqlNZR6dKSTynqTZVDk259DPQatAsu2q0DFnDNjgNqSPTdIwSapDLXTVKGqfc9jilT9U1WnomNyy0DGBIKi63jN7PKmUit2deNcjzrhupIjPap+DGSKkTqZB3jVSD7vZVI6Xm1BiAMTrRA5pqadu7B2zQ2x4WWrA1tDDoHS29sz0wtLCM1snxSpuo73g1+NoKu+3EK22ivuOV3hv/4nk0SbgsoumaxS+JBt1wuhJA8WlFvVTtSpg1XYnOtiqwnpM/kyTvyg0WBVtBAbqmhkLdDmp3byicm25rPdfpVPRcP7xjgzIWxskhiGcajkwulTQduzasJ3fTmHGLj3wufV2FQfSiw8qR+ZE1w2VAmzMmpknwmzzn82X8WGXLyxds3o7Mu0OMES8oiotHpZOpGscBe93LrxswNt1iq0CAcQPPM5diCJvNEtoNfOdme+eTEIGtiR6Kn5ckq+XIZLVO5KqNVa5qvrVrruoJo7RFPyi2mkNka1/9eT5jbtUHnsW5LCfBWGlB2QqXmtLS0prNPZPSORNTugnSfzJmjZGBxPG/+bHr2OL4biOolx+8VQ4eaBzwJWQEljeXWzYX1NDVGxc1K5e7aAuX/0zJMjA40fNb6g45aGZiHHPyVhkm/Ob+x1fLXPU3EZTxJgKHxvMv2ydo1971WvhPulyxmGyB5rUwyYsfjQWDKcUM5RWXMqpdrCAuNjTbSwOzz3Targ+BTZ3IRWOT6ZTdX7Xh8V7HYSqxqXwHrafYZLReopdmsYtaFoaVqAXfHbFaNDDjGuzLUOoRrFYRjcMSPDJRS2HJhIoVmz2EGaP1wrYLj4avwuB4VuSabvlRilg1KDU2P8MY4+bJVkvGiMEFch7j3J2afsIrGF3QyjBAtcC8364QHtuWYQPTcRA2i18A7dquFGdahOrGubfTgx02KDU/8YvMlrJDUvcic8+/FKj3e6SGndg71EAcTKVkKq/vdbl1OMo2Loo/ArBl3O5PKeCv/wE=</diagram></mxfile>
\ No newline at end of file
--- a/docs/sysadm/images/winery/switches.svg
+++ b/docs/sysadm/images/winery/switches.svg
--- a/docs/sysadm/images/winery/vpn-macro.drawio
+++ b/docs/sysadm/images/winery/vpn-macro.drawio
+<mxfile host="Electron" modified="2024-03-06T14:25:54.011Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/13.7.9 Chrome/85.0.4183.121 Electron/10.1.3 Safari/537.36" etag="0zZUYF5jR2ffLEnegsuN" version="13.7.9" type="device"><diagram name="Page-1" id="822b0af5-4adb-64df-f703-e8dfc1f81529">7Vxbc5s4FP41fgwjJK6PiZO0nWl3M83OptuXDgbZZoORF+Ta3l+/EoibpDhkgy/j2sk46AgE+s5F5xwdMkLjxeZDFiznX0iEkxEE0WaEbkcQQuSyb07YloQrH5aEWRZHJclsCI/xv1gQgaCu4gjnnRMpIQmNl11iSNIUh7RDC7KMrLunTUnSvesymGGF8BgGiUp9iiM6F1QTgKbjI45nc3FrzxYdkyB8nmVklYr7jSCaFp+yexFUY4nz83kQkXWLhO5GaJwRQsujxWaMEw5tBVt53f0LvfVzZzilfS747l/9MfuMPzyu7r5/iu5/R9+Tv6+scpSfQbLC1TSKh6XbCqBiipgPYo7QzXoeU/y4DELeu2YSwWhzukhE9zROkjFJSFZcywGBYcjoOc3IM271RM7EsR3WIx4AZxRvXpyZWePFxBCTBabZlp1SXYCQwFjIoG+J9rrhKKr4Nm8x06ykMBBSNKsHb5BkBwLMtwALFWTv4wyvA37pgAhHAfamWoSd0MOTKe95xjTkKICB4LYQMKDXQdwESIXcdDzDVkG39oW5qWJ+DtJsmrCvOIN9QYv8/UL7FjE2B8LZdmScdTIMNDh7e4PZOT+Ya0ndBTM8KMy2gvJDRqJVSGOSjriy3bPvryT8Z4XTkKwyqjCB4UG7SHcRTUmKJfgFKUjiWcqaIcMPM/oNRzdm/si16FjEUcRvo2Vtw/yhjLmN7O7aqTE2ps7YwH1xx31dB5YkTmlxX/uG/QIDmGwW4/rvyGZnjYse33utR/xt9VSjqT2wJHSJOpqrEs1iTGhriDqaK9+7IJiae8s0qCFqh9TcG0gPyX4bEf0cTHDyQPK4UBR0OyGUkkVXD2RxpoTLbZAvS+d9Gm+4+KpqULAUZ3c/ccnZQqfmwZJzfLGZ8djDCOM8JKZvZMVYN8vsU1g8B9MKdumPdUznP6bCy4Kq9bu/5j866weADVxUPEVGxyRlJwTscb4SGoipgkL56qY/nC/lGMj1m4/kVlmmAX1Qf6BqOd2CW4p28uv25WeB1zUUp9E1j84aw9eSEQZOtv0mUC0af/EGE0XRvN20O2+3VWsT02/VGOy4dRVrNRfxRvuaB5zFbOpczlp2E0dKZCixjc2IWf8Q78DC17O3xSCd7axoGU6YRP3sPoaOX+IOD1xJ2sYbSIGPKxnl8vnFZe3gUB7Jkpwh34GV716NRYNshqkyViFC9dTfIVXmsaSKt/YoIlWGpMTvtYXvhGTJlSWgtzTZks/ny87CvmUJXXyIiw/xq/gQtuMYltW4EHJqxmp8gSM7DmrgdR2GOM8Z7c+H3844ykKuZ7hI4out5Quj2jq+7C1rpuYcvgRpMMMLPjnoJJwFk4wdzfjRefPJAY4hu+B6NrnIMA/JJU/hUr7Ng2gRp/qVTTWD5e4DRyoK8nkN21u4NuJ5R/7D6IlkyBUWvmjp9ead2d8kTtndq30eoJMP2ZyT6TQOsbHKcZYbFKdBSn+UqAwjEK68teB5xRKo5K8OKQs9krEX7+bi3RzVuxnMIsuBqVeHJW398wxPo4FKDDuYDsJ350BELqPKUfTKZQwZ4e45MVIZqVOPes0XxevtUS/wDd+362SdKTkSyDIqKXklDmZiE2xbpwlrvmMavrTJAkCnGoAdlGMOGmbDd6dsLkrQTlgcTwugpAX+O7TA3K0FVm8tGExMoSKms4TdrH62/7u7OsT6hpRdaE3xindI9xKqyTMBl6rdB4fLqmLj04GrRw3VxRu/eONH9cavhtuwhLK90pZzGFWur1OfZBuutS81VHOLFzW8qOHZqqGyDp6IGvaoYOsVErxpj78KCept4NMNCfpuBpduxdEiAqQElK66MdQ7JkDezpjAND0DSM+475hAk0+nQRpNtuqWh3j1oCgOfJMoDy2WQ9S+1Ll/80hybe80bGwR8avaeSEeCCqG7ZB1ECaQ61D7F9VYzClwFUPtGq7fr7amGbI6kUynOd6LRiA1mROkMyYIJFfrXw8e99nuqYXJlVheHM6Lw/kLOJxMAQ0AlErUE3M/UY/Cr1/a/awq415dp0vzdsRqxN1ZZM9lK6sijYdfoQdbfXtkEYcX3FPZ/fCOKmuuUvnqGy6U+N9bpFxfHu2wta9IfX/m8emjJqpJVjln+7tcu1N4v0wtrfMtx/CQ8lJF+40mS7MwOcioiuGGX5jUePMpTnExk5c4cT5ldRaQTayrugv+Ib33KnroWfWYYrom2fMZs8h2To5FakCqeU1zfHd9zlyR3wWHe3w9kzWbf0dRLkfNv/xAd/8B</diagram></mxfile>
\ No newline at end of file
--- a/docs/sysadm/images/winery/vpn-macro.svg
+++ b/docs/sysadm/images/winery/vpn-macro.svg