[OOTB-hive] [INFRA] Virtual Hackathon - Capability of hosting integration/demo environments?

[Heiko Robert]

Hi Axel,

I understand. This aproach would be easier to handle in terms of
organisation and security.
We could load an OVF template several times automated or by hand to make
several instances of Alfresco available. The manual process at the
moment is to register the IPs for reverse NAT or for the virtual hosts
to be registered in the reverse proxy to have access to the Aflresco
instances from the internet. Therfore it may be easier to preload VMs
and to reuse them by clean up and deployment scripts. If we don't allow
shell access the users should at least have access to the logs in any
way (e.g. by tools like logio to be installed inside the VM to allow
socket based log viewing) to find out what the problem is if things go
wrong. Of course the same should be true for the build process. One
another aproach could be achived by a separate ssh config inside the VMs
with predefined/distinct ports and jailed /chrooted users who have only
read access to the alfresco home and logs.
So I suggest to focus on the build process and on the requirements for
the receiving guest OS to allow also automatically deployments on a
running available system. It would be nice to parameterize this in
Jenkins (e.g. parameter DeploytoVM=1) and to give users restricted
access also to the build logs. If we set up this concept we can easlily
reuse it by just resetting the VMs, having images for different versions
and configuring which git or svn Repository has to be checked out /
cloned to start a build process ending in a specific VM.

VMWare: There are no license restrictions we need to care sice we don't
plan to ship the vmware infrastructure. Restrictions of the Free ESXi
could be ignored for Hardware we could afford:
http://serverfault.com/questions/736162/understanding-the-vmware-esxi-limitations-of-the-free-version

Windows is required if you need/want the free Admin UI Client but there
is also a free web interface as a addin available for esxi 5.x, 6.x:
https://labs.vmware.com/flings/esxi-embedded-host-client

Heiko

Am 20.07.2016 um 14:34 schrieb Axel Faust:
> Hello Heiko,
> 
> I am cross-posting this conversation to main list so it can be continued there even after closure of the sub-list.
> Sorry for not getting back to this sooner. The last week was quite busy with a lot of project hand-offs before start of my vacation.
> 
> One thing I definitely was not intending as part of my suggestion is that participants of such an event would actually need to log into shell access or anything like that on the instances we would provide. It should all be a rather automated / managed service that basically uses input provided via a "to-be-defined" method (i.e. WAR/AMP artifacts, or a Maven-based project to build them), and auto-provides the system. This could be triggered by a vetted person / member of INFRA/OOTBee (or potentially automatically by polling i.e. a GitHub repository branch), so access would be limited to trustworthy, non-abusive people. Similarly, I would also pre-define or restrict some components / services that are more likely to be used for "abuse", e.g. outbound SMTP. I have used "loopback" in the past to have outbound SMTP send mails to Alfresco itself via inbound SMTP for a few demo environments, or simply put a local SMTP/IMAP server in place that was not allowed to forward to external servers.
> 
> I don't see a specific licensing issue right now because I am not fully informed about the current setup. I have heard VMWare and a Windows-based management VM mentioned in talks with Martin and Lanre, so naturally I am apprehensive of constraints this might impose. Even if some VMWare products are free, I remember from a couple of years ago that they had specific restrictions to the free-use scenarios.
> 
> 
> Regards
> Axel