LocalAuthority
/
README.md
Newer
■
■
■
■
■
■
■
■
■
■
Older
59 lines
|
2.538kb
| 1 |
# Madagascar Local Authority |
|
| 2 | ||
| 3 |
Local authority for Madagascar hosts, DNS manifests, work orders, and host certificates. |
|
| 4 | ||
| 5 |
The development checkout lives locally at: |
|
| 6 | ||
| 7 |
```text |
|
| 8 |
/Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority |
|
| 9 |
``` |
|
| 10 | ||
| 11 |
The runtime instance lives on jumper and remains the local source for operational registry data: |
|
| 12 | ||
| 13 |
- `config/hosts.yaml` - git-versioned host registry |
|
| 14 |
- `config/local-hosts.tsv` - DNS manifest exported for local resolvers |
|
| 15 |
- `config/work-orders.yaml` - confirmable operational changes |
|
| 16 |
- `scripts/host_manager.pl` - Perl-only web app |
|
| 17 |
- `scripts/sync_local_hosts.sh` - local DNS sync to jumper and as01 |
|
| 18 |
- `scripts/ca_manager.sh` - local OpenSSL CA helper for host certificates |
|
| 19 | ||
| 20 |
The public `xdev.ro` zone is maintained in the separate DNS public-zone repository. |
|
| 21 | ||
| 22 |
Runtime path: |
|
| 23 | ||
| 24 |
```text |
|
| 25 |
/usr/local/xdev-host-manager |
|
| 26 |
``` |
|
| 27 | ||
| 28 |
Secrets live outside git in `/etc/xdev/host-manager.env`. |
|
| 29 | ||
| 30 |
The product name is **Madagascar Local Authority**. The technical service, Unix user, repository path, and environment files still use `host-manager`. |
|
| 31 | ||
| 32 |
The web UI is OTP-protected for all registry data, downloads, exports, and writes. Automation should consume this repository through git with dedicated read-only keys, not through unauthenticated HTTP. |
|
| 33 | ||
| 34 |
## Local development and deployment |
|
| 35 | ||
| 36 |
Work on application code locally, commit changes, then deploy to jumper: |
|
| 37 | ||
| 38 |
```bash |
|
| 39 |
cd /Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority |
|
| 40 |
scripts/deploy_to_jumper.sh |
|
| 41 |
``` |
|
| 42 | ||
| 43 |
The deploy script copies code, docs and deployment assets, restarts `host-manager`, and checks `/healthz`. |
|
| 44 | ||
| 45 |
`config/` is not deployed by default because `hosts.yaml`, `local-hosts.tsv`, and `work-orders.yaml` are operational data that may be changed on jumper by the application. Deploy config only when intentionally replacing runtime registry data: |
|
| 46 | ||
| 47 |
```bash |
|
| 48 |
scripts/deploy_to_jumper.sh --include-config |
|
| 49 |
``` |
|
| 50 | ||
| 51 |
The default internal domain is `madagascar.xdev.ro`. Short aliases are derived automatically from FQDNs, so `autonas01.madagascar.xdev.ro` also publishes `autonas01` without declaring it separately. |
|
| 52 | ||
| 53 |
Name removals with operational impact go through a Work Order. A WO records intent first; the operational checklist must be completed before confirmation can update `hosts.yaml`, mark the WO as confirmed, and regenerate `local-hosts.tsv`. Resolver sync remains an explicit operator step. |
|
| 54 | ||
| 55 |
The local host CA stores private material outside git under `var/ca`. Initialize it on jumper with: |
|
| 56 | ||
| 57 |
```bash |
|
| 58 |
sudo scripts/ca_manager.sh init |
|
| 59 |
``` |