For reference/coordination, I plan to move secure.phabricator.com sort-of-halfway into the cluster soon.
- The secure.phabricator.com is approaching 2.5 years old, and is a previous-generation host (m1.large).
- The reserved instance for it recently expired. That gave us a small reason to keep it on the old hardware (marginally lower price), but no longer motivates retaining it.
- A lot of the setup/configuration is one-off and has better alternatives in the cluster management tools (e.g., backup and deployment stuff is way better in the cluster toolset).
However, I want to make sure that, to the greatest degree reasonable, cluster disruptions don't prevent us from administrating the cluster or coordinating about resolution, so I don't want to bring the host completely into the cluster. My plan is:
- I'll switch it to a cluster stack (ubuntu + apache).
- I'll carve out a cluster tier for it and let the cluster deployment, backup, etc., tools work on it.
- But it won't run Services, or the cluster firewall rules, and I'll keep it accessible over a public interface. So if the cluster is FUBAR'd we can still access it normally, and it won't depend on the cluster to run.
That should approximately give us the best of both worlds: one environment, one set of tools, but isolation between secure and the cluster for most kinds of cluster issues.
If the whole AWS datacenter drops out it will still kill everything, but we weren't isolated from that before, anyway.