diff --git a/docs/gitops-cicd/07-test-server-requirements.md b/docs/gitops-cicd/test-server-requirements.md similarity index 83% rename from docs/gitops-cicd/07-test-server-requirements.md rename to docs/gitops-cicd/test-server-requirements.md index 27d52bb..3ca8e5c 100644 --- a/docs/gitops-cicd/07-test-server-requirements.md +++ b/docs/gitops-cicd/test-server-requirements.md @@ -529,261 +529,3 @@ Firewall Rules (Simplified для Dev): --- -## 5. Сетевая инфраструктура - -### 5.1 IP Addressing Scheme - -**Dev Environment:** 10.100.0.0/16 - -| Zone | Subnet | Range | Gateway | -|------|--------|-------|---------| -| **Gateway** | 10.100.1.0/24 | .1-.254 | 10.100.1.1 | -| **Management** | 10.100.10.0/24 | .10-.50 | 10.100.10.1 | -| **Swarm Cluster** | 10.100.20.0/24 | .1-.254 | 10.100.20.1 | -| **AI Zone** | 10.100.30.0/24 | .10-.50 | 10.100.30.1 | -| **Monitoring** | 10.100.40.0/24 | .10-.50 | 10.100.40.1 | -| **Data Zone** | 10.100.50.0/24 | .10-.50 | 10.100.50.1 | - -### 5.2 DNS Configuration - -``` -# Management Zone -gitea.dev.company.local → 10.100.10.10 -jenkins.dev.company.local → 10.100.10.20 -harbor.dev.company.local → 10.100.10.30 -portainer.dev.company.local → 10.100.10.50 - -# Swarm Zone -swarm-manager.dev.company.local → 10.100.20.1 -swarm-worker1.dev.company.local → 10.100.20.2 -swarm-worker2.dev.company.local → 10.100.20.3 -swarm-worker3.dev.company.local → 10.100.20.4 - -# AI Zone -ollama.dev.company.local → 10.100.30.10 -mcp.dev.company.local → 10.100.30.20 - -# Monitoring -grafana.dev.company.local → 10.100.40.10 -prometheus.dev.company.local → 10.100.40.10 - -# Data Zone -postgres.dev.company.local → 10.100.50.10 -nfs.dev.company.local → 10.100.50.20 -``` - ---- - -## 6. Хранилище данных - -### 6.1 Storage Architecture - -**Tier Classification:** - -| Tier | Type | Use Case | Performance | Cost | -|------|------|----------|-------------|------| -| **Tier 0** | NVMe SSD | Databases, OS, logs | >50K IOPS | High | -| **Tier 1** | SATA SSD | Applications, caching | 10-50K IOPS | Medium | -| **Tier 2** | HDD RAID 10 | Harbor images, backups | 200-500 IOPS | Low | - -### 6.2 Backup Strategy - -**Backup Schedule:** - -| What | Frequency | Retention | Method | Storage | -|------|-----------|-----------|--------|---------| -| **Git Repos** | Daily | 30 days | rsync/borg | NFS backup volume | -| **Databases** | Daily | 30 days | pg_dump | NFS backup volume | -| **Configs** | Daily | 90 days | Git + tar | NFS backup volume | -| **Docker Images** | Weekly | 4 weeks | Harbor replication | External (optional) | -| **Full System** | Weekly | 4 weeks | VM snapshots | Hypervisor storage | - ---- - -## 7. Безопасность - -### 7.1 OS Hardening Checklist - -```bash -✅ Disable root SSH login -✅ Key-based authentication only -✅ UFW firewall configured -✅ Automatic security updates -✅ Fail2ban для SSH protection -✅ Disable unused services -✅ Audit logging enabled -✅ Time synchronization (NTP) -✅ CIS Benchmark compliance -``` - -### 7.2 RBAC Groups - -| Group | Access Level | Services | -|-------|-------------|----------| -| **dev-team** | Developer | Gitea (read/write), Jenkins (build), Portainer (view) | -| **devops-team** | Operator | All services (full access) | -| **managers** | Viewer | Read-only dashboards | -| **security-team** | Auditor | Read-only + audit logs | - ---- - -## 8. Бюджетные расчеты - -### 8.1 Comparison Summary - -| Вариант | Initial Cost | 3-Year TCO | Pros | Cons | -|---------|-------------|------------|------|------| -| **A: Separate VMs** | $130-138K | $185-193K | Max flexibility | Highest cost | -| **B: Single Server** | $107-116K | $162-171K | Lowest cost | Single point of failure | -| **C: Hybrid** | $135-144K | $190-199K | **Balanced** ✅ | Moderate cost | - -### 8.2 Вариант C: Hybrid (Рекомендуется) - Детальный бюджет - -**Hardware:** - -| Item | Specification | Cost | -|------|--------------|------| -| Server 1 (CI/CD) | 16 core, 128GB, 3TB | $18,000 | -| Server 2 (Swarm) | 24 core, 96GB, 1.5TB | $15,000 | -| Server 3 (AI/Monitor) | 16 core, 64GB, 2TB | $12,000 | -| Server 4 (Data) | 8 core, 32GB, 10TB | $10,000 | -| Network Switch 10GbE | 24-port managed | $4,000 | -| Firewall | FortiGate 60F | $2,500 | -| UPS | 3000VA rack-mount | $1,500 | -| Cables & Rack | Networking & 42U rack | $3,000 | -| **Subtotal Hardware** | | **$66,000** | -| Contingency (10%) | | $6,600 | -| **Total Hardware** | | **$72,600** | - -**Software & Services:** - -| Item | Cost | -|------|------| -| Software Licenses | $500-9,000 | -| Professional Services | $24,000 | -| Training (3 days) | $15,000 | -| Security Audit | $10,000 | -| Documentation | $5,000 | -| Contingency (15%) | $8,100 | -| **Total Services** | **$62,600-71,100** | - -**TOTAL INITIAL: $135,200-143,700** -**Annual Recurring: $27,500** -**3-YEAR TCO: $190,200-198,700** - ---- - -## 9. План закупок - -### 9.1 Timeline (8 недель) - -**Week 1-2: Planning** -- [ ] Finalize architecture (Variant C recommended) -- [ ] Budget approval -- [ ] Security sign-off -- [ ] Select vendors - -**Week 3-4: Procurement** -- [ ] Request quotes (minimum 3 vendors) -- [ ] Compare offerings -- [ ] Place purchase orders -- [ ] Lead time: 2-4 weeks - -**Week 5-6: Installation** -- [ ] Receive hardware -- [ ] Physical installation -- [ ] Cable management -- [ ] Initial validation - -**Week 7-8: Deployment** -- [ ] Hypervisor installation -- [ ] VM creation -- [ ] Network configuration -- [ ] Software deployment - -### 9.2 Vendor Selection - -**Recommended Vendors:** -- **Dell** - Good support, standard pricing -- **HPE** - Excellent enterprise support -- **Lenovo** - Competitive pricing -- **Supermicro** - Best price/performance - -**Evaluation Criteria:** -1. Support response time (4-hour vs next business day) -2. Warranty (3 years minimum) -3. Spare parts availability -4. Local support presence -5. Total cost (including shipping & taxes) - -### 9.3 Acceptance Criteria - -**Hardware:** -- [ ] All components delivered as specified -- [ ] No physical damage -- [ ] POST tests pass -- [ ] RAID configuration validated -- [ ] Network connectivity verified -- [ ] Remote management (iDRAC/iLO) working - -**Software:** -- [ ] All VMs deployed -- [ ] Network connectivity tested -- [ ] Storage performance validated -- [ ] Backup jobs configured -- [ ] Monitoring operational -- [ ] Security scans clean - -**Final:** -- [ ] End-to-end CI/CD workflow tested -- [ ] Documentation complete -- [ ] Team trained -- [ ] Security and compliance sign-off - ---- - -## Приложения - -### A. Quick Reference - -**Service URLs:** -``` -Gitea: https://gitea.dev.company.local:3000 -Jenkins: https://jenkins.dev.company.local:8080 -Harbor: https://harbor.dev.company.local -Portainer: https://portainer.dev.company.local:9443 -Grafana: https://grafana.dev.company.local:3000 -Ollama: http://ollama.dev.company.local:11434 -``` - -### B. Common Commands - -```bash -# Swarm operations -docker node ls -docker stack deploy -c docker-compose.yml stackname -docker service logs servicename -docker service scale servicename=3 - -# Database backup -pg_dump -h postgres.dev.company.local dbname > backup.sql - -# Check monitoring -curl http://prometheus.dev.company.local:9090/api/v1/query?query=up - -# AI test -curl http://ollama.dev.company.local:11434/api/generate \ - -d '{"model": "llama3", "prompt": "Hello"}' -``` - ---- - -**Document Version:** 1.0 -**Last Updated:** Январь 2026 -**Status:** Ready for approval - -**Approvals:** -- [ ] Infrastructure Lead: _________________ Date: _______ -- [ ] Security Lead: _________________ Date: _______ -- [ ] Financial Approval: _________________ Date: _______ -- [ ] Project Sponsor: _________________ Date: _______ \ No newline at end of file