Hosting and infrastructure¶
OpenStack at OVH¶
The following OVH projects have been defined:
The OVH user is the paying customer and the OVH projects are completely isolated from each other. The OVH interface allows to create OpenStack tenants in a given project. An OpenStack tenant only has access to the OVH project in which it has been created. A tenant has access to all the regions.
- OVH Project: Contributors
- Region DE1: used for testing by Loïc Dachary
- Region SBG5: used for testing by François Poulain
- OVH Project: CI
- Region DE1: GitLab runner
- OVH Project: Production
- Region GRA5: all Ansible maintained production VMs
- Region SBG5: the VM running ansible to control production VMs in the GRA5 region.
- Login as a customer
- OpenStack OVH management
The firewall to all machines is based on openstack security groups. The infrastructure security group is shared by all VMs. It means that if the DNS VM needs to open port 53/udp, it will be open for all VMs. This was done because it is simpler but a distinct set of rules for each VM would be better.
VM naming conventions¶
All VMs names end with -host because it makes them easier to grep.
Global account name¶
The debian account exists on all VMs and is used by all for configuration and debug.