Idea #20270
closed
Reduce number of public IPs required by salt install
Added by Peter Amstutz almost 2 years ago.
Updated almost 2 years ago.
Release relationship:
Auto
Description
During discussion, it came up that a brand new AWS account can't have more than 5 public IP addresses.
We think for a smallish deployment we can shrink it down to the following public nodes:
- controller/API/keep-balance/crunch-dispatch/websockets
- workbench/workbench2/prometheus/grafana/webshell/keep-web/keepproxy
The NAT gateway for the private nodes to communicate with the internet also requires a public IP, so this would mean 3 public IPs (currently it is 6).
In addition we have two private nodes:
To do:
- change "hostnames" to "hosts" to make it clearer
- split host list into public and private
- drop keep1 entirely
- make "keep0" and "shell" private hosts
- add installer option to use controller as a jump host (ssh -J)
- make sure "initialize" copies terraform/aws/.gitignore
- update local.params of the installer to reflect change of allocation of services
- update install documentation to reflect changes to the new recommended configuration
- Status changed from New to In Progress
- Description updated (diff)
- Description updated (diff)
Updates at 7aeaedb - branch 20270-salt-installer-less-instances
- Terraform changes
- Removes
keepproxy & keep1 nodes.
- Removes
shell & keep0 nodes' public IP addresses.
- Refactors VPC code so that
shell & keep0 are now created on the private subnet (same as compute nodes) and get Internet access.
- Copies terraform dir's
.gitignore file to avoid committing huge binaries to the repository.
- Updates installer to reflect changes from terraform, assigning
keepproxy role to the workbench node.
- Updates installer script to use the
controller node as an SSH jump host for deployment. (configurable)
Lucas Di Pentima wrote in #note-5:
Updates at 7aeaedb - branch 20270-salt-installer-less-instances
- Terraform changes
- Removes
keepproxy & keep1 nodes.
- Removes
shell & keep0 nodes' public IP addresses.
- Refactors VPC code so that
shell & keep0 are now created on the private subnet (same as compute nodes) and get Internet access.
- Copies terraform dir's
.gitignore file to avoid committing huge binaries to the repository.
- Updates installer to reflect changes from terraform, assigning
keepproxy role to the workbench node.
- Updates installer script to use the
controller node as an SSH jump host for deployment. (configurable)
This LGTM
- % Done changed from 0 to 100
- Status changed from In Progress to Resolved
For posterity, I also fielded a question about this in a partner discussion last week. They'll be glad to hear about this change.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by