Skip to main content

Sites

This chapter aims to describe what a site is and how hosts organize themselves as sites.

Hosts

A site is a collection of one or more hosts, virtual or physical, that typically reside in the same physical location. Each host has an Edge Enforcer installed.

Each host has a unique host identifier (e.g., the serial number of the device).

A site and the host identifiers of all hosts in the site must be configured in the Control Tower.

Controllers

Depending on how many hosts a site has, 1, 3, or 5 hosts will be designated controllers. By default, the Avassa system automatically does this designation, but it is possible to configure this explicitly.

The controller nodes run the Raft algorithm. All shared state (e.g., all configuration) is stored on the controller nodes.

A non-controller node doesn't store any state, and its sole purpose is to run applications. NOTE, controller nodes also run applications.

Explicit configuration of controllers

When the hosts on a site is configured, it is possible to explicitly configure a host as a controller. If no hosts are configured to be controllers, the system designates controllers automaically. It is also possible to configure a host to not be a controller. In this case the system will not pick that host when it designates controllers.

Call-home

When a host starts up the very first time, it calls home to its configured parent site, providing its unique host identifier. The parent site will either accept the host and inform it about its role (controller or not) etc, or reject it. The host is rejected if the host-id is unknown, or if the host-id is already in use.

When a host has succefully called home, it will create a certificate that is used for the internal site communication.

Initial site call-home

When a site is created (configured), the system creates a wrapped site bundle for the site. This bundle contains an access token and a key used for secure communication with the Control Tower. For security reasons, this site bundle can only be unwrapped once.

When the first controllers hosts in a site call home, they will form a local cluster, unwrap the site bundle, and create the strongbox seal. See The Seal for details.