Guidelines for New Servers

• For OpenMRS, we have used city names from Ethiopia for most of our server names. Bamboo agents are the exception, using Bamboo musical instruments.

• Within Jetstream, all server names should be in the form ${OS_PROJECT_NAME}-servername by Jetstream convention. More details on Jetstream can be found in https://github.com/openmrs/openmrs-contrib-itsmresources/wiki/Provider-Jetstream.

• New machines should be created in Jetstream, fully automated.

  • Terraform
  • Ansible/Puppet
  • Docker

• Terraform can create files in /etc/ansible/facts.d/, to be used as custom facts by ansible. After they are provisioned, they can be modified manually if there are changes.

• Multiple services can live on the same machine, but make sure they belong to the same tier and have same backup configuration (all without backups or all with backups)

• Before creating a new machine in Jetstream, check its console for the latest available Ubuntu image. The image ID is constantly being updated.

• Do not use user docker for JIRA, Confluence, Crowd or Bamboo. They will also have their own mysql database, isolated.

• Every new machine should use let's encrypt ssh certificate.

• It's preferable to use nginx over apache, for consistency.

• Complex systems with data (like atlassian suite, ID) should have a staging version (which is used to validate an upgrade) - or at least a quick way to regenerate one.

• Systems with state on the filesystem should do it in a different volume.

• Backup files should be generated daily. Check Backups strategy

• Check Monitoring and alerting overview as well.

• Don't use the DNS redirect. It doesn't support HTTPS.

• While Jetstream will be our main provider, we can choose some services and failover systems in other providers; or we will use different datacenter for the most important systems