This repository has been archived by the owner on Jan 19, 2022. It is now read-only.
(WIP) Management subnets proposal, and splitting servers for security #68
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(Please note that this is an interim PR for review purposes.)
It might be best to chat about this around a whiteboard :)
For many systems, a 'flat' network where the salt servers and clients run on the same infrastructure is not appropriate.
Further, having the salt server live a randomly-selected host in the autoscaling group makes life difficult. If it goes away, autoscaling won't restore it.
For the project I'm working on (DSDS), we foresee:
A key change to support this would be that building the docker servers will happen entirely through autoscaling. The bootstrap engine would not be responsible for bringing up those hosts. It will, however, create the AWS autoscaling group for them, and then let AWS build the hosts to fulfil that autoscaling group from salt.
Said slightly differently: AWS will be responsible for bringing up servers in an Autoscaling config, and the bootup process of those hosts will check in with salt and fetch their configs from the salt server.
What I've done at a Code Level
On review, everything in the 'bootstrap_cfn/ec2.py' file actually revolved around managing the salt master and client configs. I've thus renamed the file. This additionally makes sense because the bootstrap engine wouldn't be responsible for actually creating any ec2 instances other than the management host instances.
Next up would be to:
We may also:
Feedback about this direction is welcome.