Hosting and infrastructure

OpenStack at OVH

All virtual machines are in the OVH OpenStack cloud. The OVH account is ce188933-ovh (login via https://www.ovh.com/auth/) and is bound to the enough.community admin mail.

The following OVH projects have been defined:

Note

The OVH user is the paying customer and the OVH projects are completely isolated from each other. The OVH interface allows to create OpenStack tenants in a given project. An OpenStack tenant only has access to the OVH project in which it has been created. A tenant has access to all the regions.

  • OVH Project: Contributors
    • Region DE1: used for testing by Loïc Dachary
    • Region SBG5: used for testing by François Poulain
  • OVH Project: CI
    • Region DE1: GitLab runner
  • OVH Project: Production
    • Region GRA5: all Ansible maintained production VMs
    • Region SBG5: the VM running ansible to control production VMs in the GRA5 region.
  • Login as a customer
  • OpenStack OVH management

Security groups

The firewall to all machines is based on openstack security groups. The infrastructure security group is shared by all VMs. It means that if the DNS VM needs to open port 53/udp, it will be open for all VMs. This was done because it is simpler but a distinct set of rules for each VM would be better.

VM naming conventions

All VMs names end with -host because it makes them easier to grep.

Global account name

The debian account exists on all VMs and is used by all for configuration and debug.