Home {WIP} - ess-acppo/nsl-infra GitHub Wiki

Welcome to the nsl-infra wiki!

Items TODO

Imperative to be PRODUCTION ready:

  1. Application and server logs go to Cloudwatch and finally freeze in S3 ( glacier).
    1. Ability to monitor logs and raise alarms based on interesting pattern matching. Make the list of patterns plugable.
    2. Install Prometheus/Grafana (or Nagios or similar) at least for consuming JVM JMX matrices ( and potentially custom JMX beans in future)
  2. Move Database to RDS. (https://github.com/ess-acppo/nsl-infra/issues/8)
    1. Application layer ( tomcat) becomes stateless ( with exception of local users in LDAP)
    2. Take a daily backup of RDS.
    3. Deploy the app layer instance in a 2nd AZ for high availability. ( lower priority)
  3. Login / User management
    1. Connect to DAWR AD (contact Tham and Glen Hart)
    2. Set up Roles in Jenkins
    3. Set up IAM roles and policies ( if needed) in AWS
    4. For Application authentication user base is maintained locally. This is to be enhanced by ANBG
  4. Policy around Linux patching.
  5. Automation testing ( imperative for achieving CI/CD)
  6. Jenkins backup (high priority) and improve jenkins installation (master - slave) ( low priority). Set up LDAP integration with DAWR LDAP for user authentication.

Good to have:

  1. New VPC : ( needs to be incorporated into Ansible scripts)
    1. VPC peering with Jenkins VPC
    2. Accept that
    3. Edit route table to include IGW and VPC peering for Jenkins
    4. Enable public DNS names
  2. ASG to monitor applications instead of tomcat manager app.
  3. update Ansible script with ASG schedule
  4. update Ansible script with Route 53
  5. aws-infra/tasks/make.yml has bastion host creation commented out as that was not completing but was creating the host. Investigate that. The sg for bastion host has been hard coded until this is fixed.
  6. apaches/main.yml: at times create.ldif doesn’t complete successfully leading to logins failing.
  7. Expose unit and integration test html files onto Jenkins console
  8. print ELB, DNS name in output of create infrastructure jennies job.
  9. Code review step (sonar , gerrit)
  10. Connect GitHub repo with Travis CI ( low priority)
  11. Purchase reserved instances to reduce cost