Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

TELEICU/Current state assessment: Difference between revisions

From OHC Network Wiki
More languages
Content deleted Content added
Automated edit (via update-page on MediaWiki MCP Server)
Fix bullet lists: convert - to * for proper MediaWiki unordered lists (via update-page on MediaWiki MCP Server)
 
Line 13: Line 13:


'''Impact:'''
'''Impact:'''
- Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
* Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem
- Configuration pull agents (once deployed) will have irregular check-in windows
* Configuration pull agents (once deployed) will have irregular check-in windows
- Monitoring must account for nodes that are expected to be offline for hours at a time
* Monitoring must account for nodes that are expected to be offline for hours at a time
- Alerting must distinguish between a genuinely failed node and one that is simply disconnected
* Alerting must distinguish between a genuinely failed node and one that is simply disconnected


== Factor 2: Tampering and configuration drift ==
== Factor 2: Tampering and configuration drift ==
Line 22: Line 22:
Hospital PCs are physically accessible to local staff. This has led to:
Hospital PCs are physically accessible to local staff. This has led to:


- Cloudflare tunnel credentials being modified or replaced
* Cloudflare tunnel credentials being modified or replaced
- Docker Compose files being hand-edited, breaking expected service definitions
* Docker Compose files being hand-edited, breaking expected service definitions
- System configuration (networking, firewall rules) being changed without change control
* System configuration (networking, firewall rules) being changed without change control
- No audit trail for who made what change
* No audit trail for who made what change


'''Impact:'''
'''Impact:'''
- Declared state and actual state diverge silently
* Declared state and actual state diverge silently
- Support calls increase as nodes exhibit non-standard behavior
* Support calls increase as nodes exhibit non-standard behavior
- Security posture degrades as tunnel creds may be compromised
* Security posture degrades as tunnel creds may be compromised


Both upgrade paths address this differently:
Both upgrade paths address this differently:
- '''Ansible''': ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
* '''Ansible''': ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals)
- '''NixOS''': Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)
* '''NixOS''': Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)


== Factor 3: OS security and maintenance gaps ==
== Factor 3: OS security and maintenance gaps ==
Line 40: Line 40:
The fleet is fragmented across three Ubuntu versions:
The fleet is fragmented across three Ubuntu versions:


- Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
* Ubuntu 20.04 — several nodes, nearing or past EOL for some packages
- Ubuntu 22.04 — the majority
* Ubuntu 22.04 — the majority
- Ubuntu 24.04 — newer additions
* Ubuntu 24.04 — newer additions


'''Impact:'''
'''Impact:'''
- No consistent patch cadence across the fleet
* No consistent patch cadence across the fleet
- Security patches applied ad-hoc or not at all
* Security patches applied ad-hoc or not at all
- Ansible roles / NixOS modules must handle version-specific differences
* Ansible roles / NixOS modules must handle version-specific differences
- Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)
* Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)


== Summary ==
== Summary ==