Hosting Servers

From Dark Peak
Jump to: navigation, search

Virtual machines hosted by Bytemark that provide capacity to the provisioning service to allow for other services to run.

Service Context

Current Service Tier

Legacy: Live

Next Gen: Alpha

Current Server List

  • derwent: 1 Core, 2 GiB RAM, 25 GiB SSD
  • hope: 1 Core, 1 GiB RAM, 25 GiB SSD

Provides Service To

Provisioning Service

Consumes Service From

  • Finances
  • Hosting company (provided by Bytemark)

Constraints

  • Access to the hosting controls is limited to a selected membership.
  • Server sizes and quantities affect financials and are a decision (currently) made by the board.

Maintainers

Resource Links

GIT
Not Applicable

Principles

  • Data related principles do apply, specifically in the instances where the server is holding data on behalf of another service. In that instance, the server has delegated authority and therefore has responsibility under the principles to ensure the adequate protection of the data.
  • Federation doesn't make sense for servers.
  • self hosting - servers are not self-hosted. We do not have the capacity to manage bare metal hosting ourselves.
  • open-source - the areas of the server stack that are under the control of Darkpeak will be selected to use open-source technologies.

Service Documentation

Service Design

Resources Used

  • Debian Latest Stable
  • Default Physical Resource Sizing:
    • 1 vCore
    • 2 GB Ram
    • 25 GB SSD

Infrastructure / Alternatives

The hosting servers service relies on finance to provides funding to Bytemark who host the servers themselves.

Significant Design Choices

Backup, Restore & Retention Policy

Each server will have a mount location for each service which uses the server. These mount locations will be backed up onto a separate server on a weekly basis (by default). The server maintainers will restore these backups only when requested to do so; and each backup will be retained for four weeks (by default). Individual services may request different cycles and retention.

Security

  • Root access on servers is restricted to maintainers only. Further work will restrict that access further to require multiple board members on hand simultaneously.
  • SSH access will be controlled via public key and restricted based on requirements.
  • User access to backup mounts will be restricted to server maintainers only.
  • Hosting account credentials will be password cycled on an annual basis.

Service Operation

Bootstrapping a Server

  • Go to https://panel.bytemark.co.uk/ and enter credentials.
  • Click on "Add a cloud server"
  • Set a machine name.
  • Select the appropriate group (prod is currently used for the production servers)
  • Location should already be set to York
  • Select the appropriate resource level via the slide-bar (minimum is 1 Core, 1 GiB Memory)
  • Set the Operating system to Debian for all new servers
  • Set the Discs (current default is 25 GiB SSD storage) as the root disc
  • If there is a firstboot script defined select add script and paste it in
  • Set authentication to SSH key (+ Password) and paste the appropriate key(s)
  • Note the monthly cost is acceptable - discuss with finance if the amount differs from agreement.
  • Click "Add this server".

Backup

Restore

Restart

Upgrade

Change Resources

Rollback

Migrate

Decommission

Incident Response

Adding a User

Removing a User