Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

TELEICU/Current state assessment: Difference between revisions

From OHC Network Wiki
Content deleted Content added
Automated edit (via update-page on MediaWiki MCP Server)
Fix bullet lists: convert - to * for proper MediaWiki unordered lists (via update-page on MediaWiki MCP Server)
 
Line 13: Line 13:


'''Impact:'''
'''Impact:'''
- Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
* Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
- Configuration pull agents (once deployed) will have irregular check-in windows
* Configuration pull agents (once deployed) will have irregular check-in windows
- Monitoring must account for nodes that are expected to be offline for hours at a time
* Monitoring must account for nodes that are expected to be offline for hours at a time
- Alerting must distinguish between a genuinely failed node and one that is simply disconnected
* Alerting must distinguish between a genuinely failed node and one that is simply disconnected


== Factor 2: Tampering and configuration drift ==
== Factor 2: Tampering and configuration drift ==
Line 22: Line 22:
Hospital PCs are physically accessible to local staff. This has led to:
Hospital PCs are physically accessible to local staff. This has led to:


- Cloudflare tunnel credentials being modified or replaced
* Cloudflare tunnel credentials being modified or replaced
- Docker Compose files being hand-edited, breaking expected service definitions
* Docker Compose files being hand-edited, breaking expected service definitions
- System configuration (networking, firewall rules) being changed without change control
* System configuration (networking, firewall rules) being changed without change control
- No audit trail for who made what change
* No audit trail for who made what change


'''Impact:'''
'''Impact:'''
- Declared state and actual state diverge silently
* Declared state and actual state diverge silently
- Support calls increase as nodes exhibit non-standard behavior
* Support calls increase as nodes exhibit non-standard behavior
- Security posture degrades as tunnel creds may be compromised
* Security posture degrades as tunnel creds may be compromised


Both upgrade paths address this differently:
Both upgrade paths address this differently:
- '''Ansible''': ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
* '''Ansible''': ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
- '''NixOS''': Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)
* '''NixOS''': Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)


== Factor 3: OS security and maintenance gaps ==
== Factor 3: OS security and maintenance gaps ==
Line 40: Line 40:
The fleet is fragmented across three Ubuntu versions:
The fleet is fragmented across three Ubuntu versions:


- Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
* Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
- Ubuntu 22.04 — the majority
* Ubuntu 22.04 — the majority
- Ubuntu 24.04 — newer additions
* Ubuntu 24.04 — newer additions


'''Impact:'''
'''Impact:'''
- No consistent patch cadence across the fleet
* No consistent patch cadence across the fleet
- Security patches applied ad-hoc or not at all
* Security patches applied ad-hoc or not at all
- Ansible roles / NixOS modules must handle version-specific differences
* Ansible roles / NixOS modules must handle version-specific differences
- Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)
* Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)


== Summary ==
== Summary ==

Latest revision as of 09:05, 6 July 2026

conceptteleicuCARE 3.0+

The current TELEICU deployment across 200+ sites suffers from three systemic reliability factors. This page documents them so the upgrade targets them specifically.

Factor 1: Power and internet disruption

Sites in semi-urban and rural areas experience unreliable grid power and internet connectivity.

Impact:

  • Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
  • Configuration pull agents (once deployed) will have irregular check-in windows
  • Monitoring must account for nodes that are expected to be offline for hours at a time
  • Alerting must distinguish between a genuinely failed node and one that is simply disconnected

Factor 2: Tampering and configuration drift

Hospital PCs are physically accessible to local staff. This has led to:

  • Cloudflare tunnel credentials being modified or replaced
  • Docker Compose files being hand-edited, breaking expected service definitions
  • System configuration (networking, firewall rules) being changed without change control
  • No audit trail for who made what change

Impact:

  • Declared state and actual state diverge silently
  • Support calls increase as nodes exhibit non-standard behavior
  • Security posture degrades as tunnel creds may be compromised

Both upgrade paths address this differently:

  • Ansible: ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
  • NixOS: Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)

Factor 3: OS security and maintenance gaps

The fleet is fragmented across three Ubuntu versions:

  • Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
  • Ubuntu 22.04 — the majority
  • Ubuntu 24.04 — newer additions

Impact:

  • No consistent patch cadence across the fleet
  • Security patches applied ad-hoc or not at all
  • Ansible roles / NixOS modules must handle version-specific differences
  • Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)

Summary

All three factors compound: unreliable connectivity makes updates harder, tampering makes state unpredictable, and OS fragmentation makes every node slightly different. The migration strategy targets all three simultaneously by enforcing a single, immutable or pull-reconciled configuration across a uniform OS baseline.