This page contains information about roadmap for devops, but may include description to actual issues and developments.
RESPONSIBLE: Content is defined and maintained by devops team.
Action | Description | Status | Due Date | Assigned to | Comment | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Service Architecture Documented | Make a reference drawing of service architecture |
| Marina Marina, consult with Leif | |||||||||||
Update the requirements for service operations | To reflect the service architecture that was documented |
| Marina, consult with Leif | |||||||||||
Deploy beta serviceEnd October | First node deployed by end of November. Docker environment was prepared and remaining nodes deployment should be an easy exercise. Two production nodes in SUNET network are created. Maria to check with Leif on creating the AWS machines. |
Two production nodes are done | Maria, Leif | |||||||||||
Definition for the hosting environment fw firewall capabilities | That will be implemented in all different environment. This becomes part of the service definition for baseline operations. |
| Leif | |||||||||||
Prepare the OLA | Marina received the GEANT template OLA https://docs.google.com/document/d/1vw-V9VsdRmiGa4lAI-wZlaHzHwSZ9GSMXcXRcg1JfA4/edit Draft OLA prepared: https://wiki.geant.org/pages/resumedraft.action?draftId=114921107&draftShareId=f423f5ac-a6c2-40a8-8e97-7220fbf6ccb7& Marina created draft, was checked with GEANT ops team. It was shared on 26th Nov with Jonny from sunet noc. |
| First draft till 10th October | Marina (consult with Jonny) | ||||||||||
Pen testing of the beta servicetalk to DFN, end of October, November | Agreed with DFN cert that the pen testing will be 3rd week of November. We should let them know about our readiness on first week of November. 2 types of pen testing will be done: no info then full info. First just give the domain. End then we give them the zone file. Talk to heather - report of the audit that was alreday done for the privacy audit. WAYF Cloud and P3W Security & Privacy Recommendations First round done in 28th Nov. Marina Adomeit to arrange with Klaus/dfn cert for the next pen testing round. |
| Dependent on deploying beta service | Marina via DFN cert (consult Leif, inform Jonny of results) | ||||||||||
Code testing of code that is running as web app | Audit for modern Java Script . Marina is checking with Marcin. There seams to be capability for Java Script testing. Waiting to get info from Leif. Marina Adomeit to check again! |
IPR testing and security testing done by white source tool | Marina via Marcin (consult Leif, inform Jonny of results) | |||||||||||
Get budget for the monitoring, and clean up the ops budget | status.io, pingdom.com Marina will prepare the CR from Elena ... use 20 k and move to monitoring and VMs Marina Adomeit to do the budget assignment Marina Adomeit remind Leif to agree which kind of licence we need for those | WP5 leaders approved the 10k budget, need to make the CR | First week October | Marina | ||||||||||
Configure internal monitoring | Setup an idenpendent Nagios instance in SUNET. Maria did the most of the work. Some minor things and integration with Slack is left over. |
| Maria | |||||||||||
Organise purchase of supporting services |
| End November.... | Marina to initiate via Task 3 | |||||||||||
Configure external monitoring | Nagios - done!!!, integration in slack in progress status.io - Pingdom - Once licence is available move to the licensed instance |
| End October (with deployment of beta service) | Leif, Maria, Marina | ||||||||||
Prepare the financial consumption reportingEnd | November... has dependencieswhen all supporting services are purchased | Marina | ||||||||||||
Prepare the ops reporting | Marina regular checks with Maria | Marina | Set the public status pages | , every Friday 12:00 |
| Leif, Maria, Marina | ||||||||
Check the GDPR | User never touches any of the nodes that are maintained by seamless access.org. The only interaction point is the CDN. Their privacy policy and DPA should be checked!!! Document the data flow for Seamless Access https://docs.google.com/presentation/d/1emWsyTn6trMRCCNbTHrGHYHrajtHfOZl0--T70BFe_o/edit?usp=sharing Based on the data flow, Magdalena can review the GDPR external audit on privacy statements - in 2020 as service proves viable |
| Marina via GEANT project GDPR | |||||||||||
Check the IPR? | Leif needs to put the SUNET licence and check the the libraries PSNC should do the audit. Get Magdalena to look to this. Talk to heather about this - who should own the copyright ? Who has the liability for any of this ?Magdalena organised code scanning for the libraries used and on 06.12.2019 confirmed all is in order:
|
| Leif, Marina to connect Leif to Magdalena | |||||||||||
Configuration change, Release management, Regular updates process | Define the configuration change process. Should be reflected in the OLA. Have in mind other ops regions Marina Adomeit to start writing this! |
| Marina (consult with Jonny) | |||||||||||
Support process | Define who the support process flow, the actors etc. Should be reflected in the OLA. Have in mind other ops regions. |
| Marina (consult with Jonny) and take up with Heather | |||||||||||
Service on boarding process |
| |||||||||||||
Formulate the L3 support | Leif + certain members from the Technical Sterring group |
| Marina to take up with Heather | |||||||||||
Service operations definition | Prepare a definition of the service ops baseline for additional operators of the service. Security groups and firewall |
| Marina and Maria, consult with Leif, Tech Steerting group for approval. |
Examples for status codes:
Status | ||||
---|---|---|---|---|
|
For service production move all service components to stabile environment |
|
...
| |||||||||
Handover to Noc | OLA review - in progress Change management - in process Monitoring:
Finalize move of the DNS Define test procedure for the Change management process Add the escalation paths for the TTP Limit access to geant wiki... Add references in sunet ops wiki to geant wiki Other documentation missing:
| ||||||||
Marina Adomeit to enable that Heather can cover when on vacation for deployment - enable heather to publish the maintenance ... Marina Adomeit registration process - look at the airtable and registration form
|
Other ideas: talk to leif about moving away trom ssl/tls certificates provided by fastly to our own?