Hi!
Thought I should share this as core stuff needs changing to make debops
work in the environment I am putting together.
This is for IPv6 only Open stack (control plane), and DNS management system
development, as well as firewalling
Features are:
1) IPv6 only systems
2) Strongswan IPSEC for sustained connection security. With predefined end
points such as between servers, much more efficient as SSL Encryption
session does not have to be negotiated per TCP connection, far more secure
than SSL as all key material in kernel not user space, not withstanding
better protocol design.
3) netscript IP address and interface managerment
4) netscript IP tables combined with ferm
5) Open vswitch set up
6) Samba as AD controller and kerberos server
7) kerberos client set up
8) Set up and configuration of DMS
9) Set up and configuration of openstack
10) 'Thin' cloud mode for quickly deploying short-lived cloud systems on
demand. Won't need all the security bells and whistles, just an ssh-keyed
admin account
11) integrating with cloud-init
12) site local role for all those things that stroke an individual admins
fancy like /etc/skel shell mode support...
The thin mode and the work on ferm/netscript iptables are core
functionality changes. If you think all this will make debops far too top
heavy let me know.
At the moment my needs for Opens stack dev are for quickly deploying common
platform initialisation as I am bringing up 10-20 systems quickly (Apt,
user accounts, ssh keys, NTP, sudo, dns common stuff), and then manually
configuring each platform and using backup to store those details.
In my set up there is quite a bit of netscript involved due to Jessie
ifupdowns inability/refusal to up network interfaces with NO addressing on
them ;-( (Needed for firing up and connecting open vswitch as I use a lot
of VLAN trunking, and soon VXLAN).
I can understand if you don't want me to push all this stuff onto debops,
as there is quite a lot of complexity in it already. Please let me know if
this architecture here is too far different from the depops hosting
platform model to try blending it in.
Thank you so much
Best Regards,
Matt Grant
Debian Developer