louvre currently performs the following tasks:
- hypervisor in the proxmox cluster, hosting a single container, uffizi
- main network interconnect between the internal VLAN440 and azure (as mentioned in https://forge.softwareheritage.org/T1526#28267).
- main openvpn server for admin access to the infrastructure
- backup centralization host (with nfs access to space on SESI's filer)
- main administration machine (with root SSH key and clustershell configuration)
- The first task is just a remnant of this machine's historical function as our main hypervisor. There's no need to migrate it.
- Tasks 2-3 are critical to the good operation of our infrastructure, but could be delegated to a VM (we don't really have a bare metal host to put them anyway).
- Task 4 only centralizes a bunch of crontabs, which scp files from all the hosts to a NFS mount
- Task 5 is just a "nice to have" and can easily be moved to another machine, e.g. pergamon which is already a sensitive host on the infra by means of being the puppet master.
The only critical part of these tasks is 2-3 and to some extent 4; 2-3 are attached to the network configuration of the host (all three ip addresses), and therefore are somewhat tricky functions to move. 4 is currently bound to the external ip address of louvre, but that could be changed by making a ticket to SESI asking access for another machine.