tbd

Author: scoopex

docs/guides/concept-guide/preinstall-checklist.md

@@ -7,31 +7,40 @@ sidebar_position: 49
 
 :::warning
 
-This checklist is currently work in progress and incomplete.
+This checklist is currently really *work in progress and incomplete*.
 
 It is imperative that the following topics are clarified and the described resources are available before performing
 the initial installation.
 :::
 
 This list describes some aspects (without claiming to be exhaustive) that should be clarified before a pilot and at least before production installation.
 The aim of this list is to reduce waiting times, unsuccessful attempts, errors and major adjustment work in the
-installation process itself as well as in subsequent operation.
 
-## Network configuration of nodes and tenant networks
 
-TBD:
+## General
 
-* It must be decided how the networks of the tenants should be separated in Openstack (Neutron)
-* It must be decided how the underlay network of the cloud platform should be designed.
-  (e.g. native Layer2, Layer2 underlay with Tenant VLANs, Layer3 underlay)
-* Layer 3 Underlay
-  * FRR Routing on the Nodes?
-  * ASN nameing scheme
+### Avilibility and Support
 
-## Hardware sizing of the plattform
+* What requirements do you have for the availibility of the system?
+* What gradation or requirements are there for the elimination of problems with regard to the different types of problems?
+* Examples problem scenarios:
+  * complete loud service outage or downtime
+  * performance problems
+  * application problems
+  * ....
+* Where should rollouts and changes to the system be tested or prepared, or does a dedicated environment make sense for t
 
+### Hardware Concept
+
+TBD:
+
+- Are there defined hardware standards for the target data center and what are the general conditions?
+- How should the systems be provisioned with an operating system?
+- Decide which base operating system is used (e.g. RHEL or Ubuntu) and whether this fits the hardware support, strategy, upgrade support and cost structure.
+- How many environments are required?
 
-## Required IP Networks
+
+### Required IP Networks
 
 Estimate the expected number of IP addresses and plan sufficient reserves so that no adjustments to the networks will be necessary at a later date.
 The installation can be carried out via IPv4 or IPv6 as well as hybrid.
@@ -56,7 +65,26 @@ The installation can be carried out via IPv4 or IPv6 as well as hybrid.
     * The IP adresses should not be part of the "Frontend Access" network
     * At least Port 443/TCP and 51820/UDP should be reachable from external networks
 
-## Domains and Hosts
+### Idendity Management of the Plattform
+
+How should access to the administration of the environment (e.g. Openstack) be managed?
+
+Should there only be local access or should the system be linked to one or more identity providers via OIDC or SAML (identity brokering)?
+
+
+### Network configuration of nodes and tenant networks
+
+TBD:
+
+* It must be decided how the networks of the tenants should be separated in Openstack (Neutron)
+* It must be decided how the underlay network of the cloud platform should be designed.
+  (e.g. native Layer2, Layer2 underlay with Tenant VLANs, Layer3 underlay)
+* Layer 3 Underlay
+  * FRR Routing on the Nodes?
+  * ASN nameing scheme
+
+
+### Domains and Hosts
 
  * Cloud Domain: A dedicated subdomain used for the cloud environment
    (i.e. `*.zone1.landscape.scs.community`)
@@ -65,13 +93,14 @@ The installation can be carried out via IPv4 or IPv6 as well as hybrid.
  * External API endpoint: A hostname for the external api endpoint which points to address to the "Frontend Access" network
    (i.e. `api.zone1.landscape.scs.community`)
 
-## TLS Certificates
+
+### TLS Certificates
 
 Since not all domains that are used for the environment will be publicly accessible and therefore the use of “Let's Encrypt” certificates
 is not generally possible without problems, we recommend that official TLS certificates are available for at least the two API endpoints.
 Either a multi-domain certificate (with SANs) or a wildcard certificate (wildcard on the first level of the cloud domain) can be used for this.
 
-## Access to installation resources.
+### Access to installation resources.
 
 For the download of installation data such as container images, operating system packages, etc.,
 either access to publicly accessible networks must be provided or a caching proxy or a dedicated
@@ -84,6 +113,25 @@ TBD:
 - Proxy requirements
 - Are authenticated proxies possible?
 
+### Git Repository
+
+* A private Git Repository for the [configuration repository](https://osism.tech/docs/guides/configuration-guide/configuration-repository)
+
+### Access managment
+
+* What requirments are neede or defined for the administration of the system
+* The public Keys of all administrators
+
+### Monitoring and On-Call/On-Duty
+
+* Connection and integration into existing operational monitoring
+
+* What kind of On-Call/On-Duty do you need?
+  * How quickly should the solution to a problem be started?
+  * What downtimes are tolerable in extreme cases?
+* Does a log aggregation system already exist and does it make sense to use it for the new environment?
+
+
 ## NTP Infrastructure
 
   * The deployed nodes should have permanent access to at least 3 ntp servers
@@ -92,15 +140,39 @@ TBD:
   * The NTP servers used, should not run on virtual hardware
     (Depending on the architecture and the virtualization platform, this can otherwise cause minor or major problems in special situations.)
 
+
+## Openstack
+
+### Hardware Concept
+
+TBD:
+
+- How many compute nodes are needed?
+- Are local NVMe needed?
+- Are GPUs needed?
+
 ## Ceph Storage
 
 ### General
 
 TBD:
-* Crush / Failure domain properies
 * Amount of usable storage
-* External Ceph storage installation
-* Dedicated ceph nodes or hyperconverged setup?
+* External Ceph storage installation?
+* What is the purpose of your storage?
+  * Fast NVMe disks?
+  * More read/write intensive workloads or mixed?
+  * Huge amounts of data, but perfomance is a second level requirement?
+  * Object Storage?
+  * ...
+* What kind of network storage is needed?
+  * Spinners
+  * NVMe/SSD
+* Dedicated ceph environment or hyperconverged setup?
+* Crush / Failure domain properies
+  * Failure domains?
+  * Erasure encoded?
+  * Inter datacenter replication?
+  * ...
 
 ### Disk Storage
 
@@ -110,12 +182,5 @@ TBD:
 
 * Rados Gateway Setup
 
-## Miscellanious Topics
-
-* Decide which base operating system is used (e.g. RHEL or Ubuntu) and whether this fits the hardware support, strategy, upgrade support and cost structure.
-* A private Git Repository for the [configuration repository](https://osism.tech/docs/guides/configuration-guide/configuration-repository)
-* The public Keys of all administrators
-* Connection and integration into existing operational monitoring.
-