search

StreisandEffect / discussions

30 stars 3 forks source link

Planned migration tools #30

Open nopdotcom opened 7 years ago

nopdotcom commented 7 years ago

I think there’s also a need for user-visible machine inventories, but different issue.

Often, you know in advance that you’ll be migrating Streisand services from one host to another. Some people trust the integrity of Streisand-hosted HTTPS more than they trust the method they will use to get their streisand.html files.

It would be nice to have a way to put a banner on the web server: “This server is moving. Click here for the new certificate and connection instructions.”

For new servers, what you’d really like to do is notify VPN users of the upcoming change when they connect to old-streisand. I don’t know if this is possible for any or all services.

cpu commented 7 years ago

I think there’s also a need for user-visible machine inventories, but different issue.

I'm interested in seeing this described - not sure what you mean exactly.

Often, you know in advance that you’ll be migrating Streisand services from one host to another.

I think these are good ideas but are probably something to be tackled after better support for migration. Maybe that's what you were referencing by the need for user-visible machine inventories?

nopdotcom commented 7 years ago

I think the term “migration” is confusing me. Is it defined anywhere?

I think what I want may be easier than other kinds of migration. Well, it’s definitely easier for me to implement. So here’s a fragment of an inventory table:

Name Up IP address Provider Deploy date Changeover date Changeover to
streisand20 192.168.1.9 amazon-ec2 2017-01-01 2017-08-01 streisand21
streisand21 172.16.11.20 digital-ocean 2017-07-20
streisand-sfo 172.16.10.7 digital-ocean 2017-06-20

I have a bunch of users on streisand20. I want to tell them, “Hey, this server is moving to streisand21 next month, and here are the instructions and keys for the next server.”

I’d probably turn off the VPN services on streisand20 if I really wanted to get people’s attention. :3

nopdotcom commented 7 years ago

Notably, I don’t have to use secure channels to transmit the next passphrase and cert. Existing credentials bootstrap the next. Yes, this is Bad, because if any malefactor has access to one instance, they have access to its successors. But I think it is less bad than:

1) Hitting the root secure channels too much, and/or 2) Fatigued users just choosing “yes” at the “trust this self-signed cert?” prompt.

Yeah, I should be working on the second.

cpu commented 7 years ago

I think the term “migration” is confusing me. Is it defined anywhere?

Nope! Sounds like a good idea to start hashing that out somewhere.