- We have around 600 machines, some are using Ubuntu 16.04 and others are using 20.04, the ones that are using 16.04 have SSL 1.0.2g,
- All of the machines have a bandwidth limit of 5GiB per day
- Our code base is messy because of the lack of control we have over the machines once they’re sent out, the outdated software they have, and the lack of consistent runtime environment
- My intent is to deploy containers to these 600 machines so the code has only one runtime it has to accommodate.
- The machines themselves are all consistent in terms of hardware aside from that they have a variable number of camera devices that the code inside the container needs access to, some have 6, some have 7, 8, 9, etc…
- The machine are all inside of a VPN
I was thinking I should:
- Create a remote with around 3tb disk space to hold the images/instances
- Install LXC and add this remote on each of the 600 machines
- Create a profile for each possibility of the number of cameras, so one for machines with 6 cameras, one with 7, 8, etc…
- Create instances for each of those 600 machines and then launch them from the machines.
Some questions I have are:
Can I implement this in such a way that the remote the machines use is inside of the VPN while still being publicly accessible to individuals who are authenticated?
Does the remote actually need to be in the VPN?
Will I run into errors with token-based authentication being that some of the machines are using openssl 1.0.2g while the remote would use 1.3.0+ openssl as well as most of the other machines?
Is it the best route to create an instance for each of the machines or should I just have one image that I launch from each of the machines with a profile that matches its number of cameras?
Is there any general advice you can give me so I can be sure I implement this correctly the first time?
Being that these machines have limited bandwidth (5GiB per day) would it make more sense to use a cloud-init image? Would this mean that just the base image would be downloaded, followed by downloading packages and installing them once the image is on the machine or do the provisioning steps take place before the image is downloaded?