TELEICU/Current state assessment: Difference between revisions
More languages
More actions
Automated edit (via update-page on MediaWiki MCP Server) |
Fix bullet lists: convert - to * for proper MediaWiki unordered lists (via update-page on MediaWiki MCP Server) |
||
| Line 13: | Line 13: | ||
'''Impact:''' |
'''Impact:''' |
||
* Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem |
|||
* Configuration pull agents (once deployed) will have irregular check-in windows |
|||
* Monitoring must account for nodes that are expected to be offline for hours at a time |
|||
* Alerting must distinguish between a genuinely failed node and one that is simply disconnected |
|||
== Factor 2: Tampering and configuration drift == |
== Factor 2: Tampering and configuration drift == |
||
| Line 22: | Line 22: | ||
Hospital PCs are physically accessible to local staff. This has led to: |
Hospital PCs are physically accessible to local staff. This has led to: |
||
* Cloudflare tunnel credentials being modified or replaced |
|||
* Docker Compose files being hand-edited, breaking expected service definitions |
|||
* System configuration (networking, firewall rules) being changed without change control |
|||
* No audit trail for who made what change |
|||
'''Impact:''' |
'''Impact:''' |
||
* Declared state and actual state diverge silently |
|||
* Support calls increase as nodes exhibit non-standard behavior |
|||
* Security posture degrades as tunnel creds may be compromised |
|||
Both upgrade paths address this differently: |
Both upgrade paths address this differently: |
||
* '''Ansible''': ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals) |
|||
* '''NixOS''': Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee) |
|||
== Factor 3: OS security and maintenance gaps == |
== Factor 3: OS security and maintenance gaps == |
||
| Line 40: | Line 40: | ||
The fleet is fragmented across three Ubuntu versions: |
The fleet is fragmented across three Ubuntu versions: |
||
* Ubuntu 20.04 — several nodes, nearing or past EOL for some packages |
|||
* Ubuntu 22.04 — the majority |
|||
* Ubuntu 24.04 — newer additions |
|||
'''Impact:''' |
'''Impact:''' |
||
* No consistent patch cadence across the fleet |
|||
* Security patches applied ad-hoc or not at all |
|||
* Ansible roles / NixOS modules must handle version-specific differences |
|||
* Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible) |
|||
== Summary == |
== Summary == |
||
Latest revision as of 09:05, 6 July 2026
The current TELEICU deployment across 200+ sites suffers from three systemic reliability factors. This page documents them so the upgrade targets them specifically.
Factor 1: Power and internet disruption
Sites in semi-urban and rural areas experience unreliable grid power and internet connectivity.
Impact:
- Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
- Configuration pull agents (once deployed) will have irregular check-in windows
- Monitoring must account for nodes that are expected to be offline for hours at a time
- Alerting must distinguish between a genuinely failed node and one that is simply disconnected
Factor 2: Tampering and configuration drift
Hospital PCs are physically accessible to local staff. This has led to:
- Cloudflare tunnel credentials being modified or replaced
- Docker Compose files being hand-edited, breaking expected service definitions
- System configuration (networking, firewall rules) being changed without change control
- No audit trail for who made what change
Impact:
- Declared state and actual state diverge silently
- Support calls increase as nodes exhibit non-standard behavior
- Security posture degrades as tunnel creds may be compromised
Both upgrade paths address this differently:
- Ansible: ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
- NixOS: Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)
Factor 3: OS security and maintenance gaps
The fleet is fragmented across three Ubuntu versions:
- Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
- Ubuntu 22.04 — the majority
- Ubuntu 24.04 — newer additions
Impact:
- No consistent patch cadence across the fleet
- Security patches applied ad-hoc or not at all
- Ansible roles / NixOS modules must handle version-specific differences
- Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)
Summary
All three factors compound: unreliable connectivity makes updates harder, tampering makes state unpredictable, and OS fragmentation makes every node slightly different. The migration strategy targets all three simultaneously by enforcing a single, immutable or pull-reconciled configuration across a uniform OS baseline.