Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

TELEICU/Current state assessment

From OHC Network Wiki
Revision as of 08:22, 6 July 2026 by Admin (talk | contribs) (Create TELEICU current state assessment page (via create-page on MediaWiki MCP Server))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
conceptteleicuCARE 3.0+

The current TELEICU deployment across 200+ sites suffers from three systemic reliability factors. This page documents them so the upgrade targets them specifically.

Factor 1: Power and internet disruption

Sites in semi-urban and rural areas experience unreliable grid power and internet connectivity.

Impact: - Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem - Configuration pull agents (once deployed) will have irregular check-in windows - Monitoring must account for nodes that are expected to be offline for hours at a time - Alerting must distinguish between a genuinely failed node and one that is simply disconnected

Factor 2: Tampering and configuration drift

Hospital PCs are physically accessible to local staff. This has led to:

- Cloudflare tunnel credentials being modified or replaced - Docker Compose files being hand-edited, breaking expected service definitions - System configuration (networking, firewall rules) being changed without change control - No audit trail for who made what change

Impact: - Declared state and actual state diverge silently - Support calls increase as nodes exhibit non-standard behavior - Security posture degrades as tunnel creds may be compromised

Both upgrade paths address this differently: - Ansible: ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals) - NixOS: Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)

Factor 3: OS security and maintenance gaps

The fleet is fragmented across three Ubuntu versions:

- Ubuntu 20.04 — several nodes, nearing or past EOL for some packages - Ubuntu 22.04 — the majority - Ubuntu 24.04 — newer additions

Impact: - No consistent patch cadence across the fleet - Security patches applied ad-hoc or not at all - Ansible roles / NixOS modules must handle version-specific differences - Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)

Summary

All three factors compound: unreliable connectivity makes updates harder, tampering makes state unpredictable, and OS fragmentation makes every node slightly different. The migration strategy targets all three simultaneously by enforcing a single, immutable or pull-reconciled configuration across a uniform OS baseline.