-
-
Notifications
You must be signed in to change notification settings - Fork 0
Baseline 20251114
Norm Brandinger edited this page Nov 20, 2025
·
1 revision
This document captures the baseline state of DevStack Core before implementing improvements from Phase 0-4.
Baseline Date: Friday, November 14, 2025 08:48:44 EST Purpose: Pre-improvement snapshot for comparison and rollback reference
| Component | Value |
|---|---|
| macOS Version | 26.1 |
| Architecture | arm64 (Apple Silicon) |
| Colima Runtime | macOS Virtualization.Framework |
| Colima Address | 192.168.64.2 |
| Mount Type | virtiofs |
| Software | Version |
|---|---|
| Docker | 29.0.0 (build 3d4129b9ea) |
| Docker Compose | 2.40.3 |
| Colima | Running with VZ framework |
Total Services: 23 running containers Health Status: 23/23 healthy (100%)
| Service | Status | Health | CPU % | Memory Usage |
|---|---|---|---|---|
| api-first | running | healthy | 0.17% | 111.7MiB / 1GiB |
| cadvisor | running | healthy | 0.40% | 53.89MiB / 256MiB |
| forgejo | running | healthy | 0.05% | 204.4MiB / 2GiB |
| golang-api | running | healthy | 0.00% | 29.53MiB / 512MiB |
| grafana | running | healthy | 0.02% | 194.5MiB / 512MiB |
| loki | running | healthy | 0.21% | 96.78MiB / 1GiB |
| mongodb | running | healthy | 0.30% | 297.3MiB / 2GiB |
| mysql | running | healthy | 0.38% | 432.1MiB / 2GiB |
| nodejs-api | running | healthy | 0.00% | 101.4MiB / 512MiB |
| pgbouncer | running | healthy | 0.01% | 10.09MiB / 256MiB |
| postgres | running | healthy | 0.00% | 111.6MiB / 2GiB |
| prometheus | running | healthy | 0.00% | 118MiB / 1GiB |
| rabbitmq | running | healthy | 0.29% | 144.8MiB / 1GiB |
| redis-1 | running | healthy | 0.47% | 17.23MiB / 512MiB |
| redis-2 | running | healthy | 0.43% | 5.551MiB / 512MiB |
| redis-3 | running | healthy | 0.44% | 5.5MiB / 512MiB |
| redis-exporter-1 | running | healthy | 0.00% | 7.824MiB / 128MiB |
| redis-exporter-2 | running | healthy | 0.00% | 7.035MiB / 128MiB |
| redis-exporter-3 | running | healthy | 0.00% | 15.11MiB / 128MiB |
| reference-api | running | healthy | 0.19% | 134.3MiB / 1GiB |
| rust-api | running | healthy | 0.02% | 5.277MiB / 512MiB |
| vault | running | healthy | 0.36% | 431.4MiB / 512MiB |
| vector | running | healthy | 0.04% | 101.5MiB / 512MiB |
| Metric | Value |
|---|---|
| Total CPU Usage | 4.16% |
| Total Memory Usage | 2635.76 MiB (~2.57 GiB) |
| Docker Volumes | 12 volumes |
| Docker Networks | 1 network (devstack-core_dev-services) |
- PostgreSQL 18.0: 111.6MiB memory, 2GiB limit
- MySQL 8.0.40: 432.1MiB memory, 2GiB limit
- MongoDB: 297.3MiB memory, 2GiB limit
- PgBouncer: 10.09MiB memory, 256MiB limit
-
Redis Cluster: 3 nodes (redis-1, redis-2, redis-3)
- redis-1: 17.23MiB (primary)
- redis-2: 5.551MiB
- redis-3: 5.5MiB
- RabbitMQ: 144.8MiB memory, 1GiB limit
-
Vault: 431.4MiB memory, 512MiB limit
- Status: Unsealed and operational
- Root token: Available in ~/.config/vault/root-token
- PKI: Two-tier (Root CA → Intermediate CA)
- Forgejo: 204.4MiB memory, 2GiB limit
- Prometheus: 118MiB memory, 1GiB limit
- Grafana: 194.5MiB memory, 512MiB limit
- Loki: 96.78MiB memory, 1GiB limit
- Vector: 101.5MiB memory, 512MiB limit
- cAdvisor: 53.89MiB memory, 256MiB limit
- Redis Exporters: 3 instances (7.8MiB, 7.0MiB, 15.1MiB)
- reference-api (Python FastAPI): 134.3MiB / 1GiB
- api-first (Python FastAPI): 111.7MiB / 1GiB
- golang-api (Go Gin): 29.53MiB / 512MiB
- nodejs-api (Node.js Express): 101.4MiB / 512MiB
- rust-api (Rust Actix-web): 5.277MiB / 512MiB
Total: 12 volumes
Expected volumes:
- devstack-core_vault_data
- devstack-core_postgres_data
- devstack-core_mysql_data
- devstack-core_mongodb_data
- devstack-core_redis_1_data
- devstack-core_redis_2_data
- devstack-core_redis_3_data
- devstack-core_rabbitmq_data
- devstack-core_forgejo_data
- devstack-core_grafana_data
- devstack-core_prometheus_data
- devstack-core_loki_data
Branch: main Status: Clean with untracked files
Untracked Files:
-
configs/vault/policies/(7 policy files for AppRole - to be committed in Phase 1) -
docs/IMPROVEMENT_TASK_LIST.md(improvement roadmap)
Recent Commits:
9bef892 docs: add comprehensive Zero Cloud Dependencies section to README (#50)
7e1a458 Fix: Correct ALL emoji-based anchor links (29 fixes across 7 files) (#49)
4b6bd43 fix: correct 13 broken markdown anchor links across documentation (#48)
227a8c1 fix: add wiki Installation.md example secrets to gitleaksignore (#47)
fe8d7c8 feat: add automated wiki synchronization system (#46)
-
Location:
~/vault-backup-20251114/ - Size: 20K
-
Contents:
- keys.json (Vault unseal keys)
- root-token
- ca/ directory (CA certificates)
- certs/ directory (service certificates)
-
Location:
backups/20251114_manual/ - Size: 35M
-
Contents:
- PostgreSQL: 255K SQL dump
- MySQL: 3.8M SQL dump
- MongoDB: 1.7K archive
- Forgejo: 23K tarball
- .env configuration: 13K
- Docker volumes: 9 volumes (31M total)
Total Backup Size: ~35M
-
.env- Main configuration (13K) -
configs/profiles/*.env- Profile-specific overrides
Created but not yet applied (Phase 1):
configs/vault/policies/postgres-policy.hclconfigs/vault/policies/mysql-policy.hclconfigs/vault/policies/mongodb-policy.hclconfigs/vault/policies/redis-policy.hclconfigs/vault/policies/rabbitmq-policy.hclconfigs/vault/policies/forgejo-policy.hclconfigs/vault/policies/reference-api-policy.hcl
- Vault Authentication: Root token (development mode)
- Service Authentication: Direct Vault token from VAULT_TOKEN env var
- TLS/SSL: Disabled for all services (HTTP only)
- Network Security: Single Docker bridge network (no segmentation)
- Secrets Management: All credentials in Vault (no hardcoded secrets)
- Certificate Management: Vault PKI with 1-year certificates
- Root token usage in production-like scenarios
- No AppRole authentication for services
- TLS disabled across all services
- No network segmentation
- No rate limiting on APIs
- No automated certificate rotation
- Vault policies not enforced
- PostgreSQL connection time: TBD
- MySQL connection time: TBD
- MongoDB connection time: TBD
- Redis cluster latency: TBD
- Vault API latency: TBD
- Total tests: 370+
- Bash integration tests: 11 test files
- Python unit tests: 254 tests (178 passed + 76 skipped)
- Python parity tests: 64 tests
- Rust unit tests: 5 tests
- Management Script Backup Function - Database backups require manual credential retrieval
- No AppRole Bootstrap - Services use root token
- No TLS Enforcement - All services accept unencrypted connections
- No Network Segmentation - All services on single network
- Manual Certificate Management - No automated rotation
This baseline was captured before implementing the 4-phase improvement plan documented in docs/IMPROVEMENT_TASK_LIST.md.
- Phase 0: Preparation (2-3 hours) - CURRENT
- Phase 1: Security Hardening (35-40 hours)
- Phase 2: Operations & Reliability (18-25 hours)
- Phase 3: Performance & Testing (25-30 hours)
- Phase 4: Documentation & CI/CD (25-30 hours)
Total Estimated Time: 105-128 hours (3-4 weeks)
The following metrics will be compared post-implementation:
- All 23 services remain healthy
- All 370+ tests continue passing
- Zero regression in API functionality
- AppRole authentication implemented
- TLS enabled for all services
- Network segmentation in place
- Vault policies enforced
- Response times within 10% of baseline
- Memory usage within 20% of baseline (2.6 GiB)
- CPU usage remains under 10%
- Automated certificate rotation
- Enhanced backup/restore procedures
- Disaster recovery tested
- CI/CD pipeline operational
If improvements cause issues:
-
Stop services:
./devstack stop -
Restore Vault:
cp -r ~/vault-backup-20251114/* ~/.config/vault/ -
Restore databases: Use
./devstack restore 20251114_manual -
Restore volumes: Extract volume tarballs from
backups/20251114_manual/ -
Restore .env:
cp backups/20251114_manual/env_backup .env -
Git reset:
git checkout main && git reset --hard 9bef892 -
Start services:
./devstack start -
Verify health:
./devstack health
- Created: 2025-11-14 08:48:44 EST
- Purpose: Pre-improvement baseline for Phase 0-4 implementation
-
Backup Locations:
- Vault:
~/vault-backup-20251114/ - Services:
backups/20251114_manual/
- Vault:
- Git Commit (Pre-Changes): 9bef892
- Next Steps: Continue with Subtask 0.1.3 (Create feature branch)