[TYPO3-caretaker] RFC: caretaker_instance mass installation
Christoph Moeller
moeller at network-publishing.de
Wed Aug 18 12:37:28 CEST 2010
Hi guys,
first of all: a massive "thank you" to you all for commiting so much
work in this wonderful set of extensions! We are just starting to really
make wider use of the caretaker and are already saving quite some effort
by doing so.
To summarize what I've just talked about with Tobias on the phone, let
me introduce what we are currently planning to do with caretaker:
We are running tens of our own server systems and we're providing
support for several customer-run TYPO3 systems, each hosting 1 to 50
TYPO3 instances. These systems are already monitored by nagios, but
rather on a "per system, low-level" base.
We are running the caretaker master on our internally hosted nagios
system, which is not accessible from the internet. This system can of
course do outgoing connects to the TYPO3 systems that we want to monitor
with caretaker.
So now, after having completed some really promising manual tests
(including manually installing EXT:caretaker_instance in some selected
sites and setting up/exchanging the SSL keys, creating the instance
records in the caretaker server, etc.), we'd like to do some
mass-rollout. We'd like to have a means of "integrating all TYPO3
instances on this system" - without any manual interaction, since we're
talking about hundreds of TYPO3 instances.
What we've accomplished, so far, is doing the part of mass installation
in the instances:
* a shell script to find all TYPO3 instances in the current working
directory [runs remotely]
* a shell script to loop through all TYPO3 instances, which fetches
EXT:caretaker_instance from SVN, installs it, generates all needed
settings (SSL keypair, IP whitelists), clears caches [runs remotely]
What's still missing is the instance record on the master. After setting
up these instance records in the master system and applying some tests,
the communication instantly works and we're receiving data.
Now I'd like to discuss how to get this final manual step automated.
Idea #1:
--------
* write a webservice extension for the caretaker master and expose it to
the internet/the instances
* do some fancy security checking
* accept "integrate me" calls from the instances
* create the instance records and apply tests, as centrally defined
Pros:
* clean and fully automatic
* could be used by other system integrations
Cons:
* another vector of attack to the internal network, pretty bad security
concerns
* over-complex at the moment
* much more effort
Idea #2:
--------
* have the shell script (the one that remotely installs
EXT:caretaker_instance) output a list of instances to integrate in a
defined format (e.g. CSV/XML/SQL)
* extend the caretaker master extension with a new mode "Mass-Import
instances"
* upload the generated instance list file, run the import and select
what tests should be applied, what instance groups the newly created
systems should be grouped in, etc.
* have EXT:caretaker create all needed records/relations
Pros:
* easy to accomplish, small effort needed
* does all we need a.t.m.
* more secure, cannot be triggered from "the outside"
Cons:
* semi-automatic instead of fully automatic (that could of course be
implemented later, using a CLI-Mode script)
We strongly prefer Idea #2 at the moment due to less complexity and
better security.
What do you think? Have you implemented s.th. like that, already?
Let's share some thoughts and code.
Best wishes from Cologne,
Chris
More information about the TYPO3-project-caretaker
mailing list