Infrastructure Management

ARROW provides comprehensive infrastructure asset tracking and management capabilities for servers, VPS instances, and network equipment.

Overview

The infrastructure management system enables organizations to:

Track Assets: Maintain inventory of all infrastructure components
Monitor Health: Automated health checks and status monitoring
Discover Resources: Automatic asset discovery from cloud providers
Organize Assets: Assign assets to organizations and projects

Asset Types

ARROW supports tracking various infrastructure asset types:

Asset Type	Description	Examples
VPS	Virtual private servers	Hetzner Cloud, cloud instances
Proxy Server	Proxy and relay servers	SOCKS proxies, HTTP proxies
VPN Server	VPN infrastructure	NetBird management servers
Network Device	Network equipment	Routers, switches, firewalls
Database	Database servers	PostgreSQL, MySQL instances
Physical Server	Dedicated hardware	Bare metal servers

Asset Properties

Each infrastructure asset tracks comprehensive metadata:

Core Properties

Property	Description
Name	Display name for the asset
Type	Asset classification (VPS, proxy, etc.)
Organization	Owning organization
Status	Current operational status
Provider	Cloud provider or datacenter

Technical Details

Property	Description
IP Addresses	Public and private IPv4/IPv6
Hostname	DNS hostname
Server Type	Instance type or model
CPU Cores	Number of CPU cores
Memory	RAM allocation (GB)
Disk	Storage capacity (GB)
Datacenter	Physical datacenter location
Location	Geographic region

Management Fields

Property	Description
Provider ID	External provider’s asset ID
Labels	Tags and categorization
Notes	Administrative notes
Last Health Check	Timestamp of last check

Hetzner Cloud Integration

ARROW integrates with Hetzner Cloud for automated asset discovery and management through backend/api/infrastructure/hetzner.go.

Hetzner Service

The HetznerService provides a Go interface to the Hetzner Cloud API:

Method	Description
`GetServers()`	Retrieve all servers with pagination
`GetServersByLabel(selector)`	Filter servers by label selector
`DiscoverOrganizationAssets()`	Sync Hetzner servers to infrastructure_assets

Asset Discovery

The discovery process automatically imports servers from Hetzner Cloud:

flowchart TD
    A[POST /api/infrastructure/assets/discover/hetzner] --> B[Get system_integrations type=hetzner]
    B --> C[Parse API token from config]
    C --> D[Create HetznerService with token]
    D --> E[Call GetServers with pagination]
    E --> F{For Each Server}
    F --> G[Determine asset_type from labels]
    G --> H[Create external_id: hetzner-{id}]
    H --> I{Asset exists by external_id?}
    I -->|Yes| J[Update existing infrastructure_asset]
    I -->|No| K[Create new infrastructure_asset]
    J --> L[Store full metadata as JSON]
    K --> L
    L --> M[Map Hetzner status to ARROW status]
    M --> N[Set organization from labels/config]
    N --> F
    F --> O[Return AssetDiscoveryResult]

Connection Testing

Test Hetzner API connectivity before discovery:

Endpoint: POST /api/hetzner/test-connection

Validates API token and returns server count if successful.

Organization Mapping

Servers are automatically assigned to organizations based on:

Server Labels: Hetzner labels containing organization identifiers
Naming Conventions: Server names following organization patterns
Manual Assignment: Administrator override for edge cases

Captured Metadata

Discovery captures comprehensive server information:

Server Type: Instance size (cx11, cx21, cpx31, etc.)
CPU Cores: Virtual CPU count
Memory: RAM in GB
Disk: Storage in GB
Datacenter: Hetzner datacenter code (fsn1, nbg1, hel1)
Location: Geographic location name
IP Addresses: All assigned public IPs
Creation Date: When the server was provisioned

Full Metadata Structure (from HetznerServer type):

{
  "hetzner_id": 123456,
  "server_type": "cx21",
  "cores": 2,
  "memory_gb": 4,
  "disk_gb": 40,
  "datacenter": "fsn1-dc14",
  "location": "Falkenstein, Germany",
  "image_name": "ubuntu-22.04",
  "os_flavor": "ubuntu",
  "os_version": "22.04",
  "created": "2024-01-15T10:00:00Z",
  "labels": {"organization": "acme", "service": "proxy"},
  "public_net": {
    "ipv4": {"ip": "1.2.3.4"},
    "ipv6": {"ip": "2001:db8::1/64"},
    "firewalls": []
  },
  "private_net": [],
  "protection": {"delete": false, "rebuild": false},
  "volumes": [],
  "load_balancers": []
}

Hetzner Server Types

Common Hetzner Cloud instance types supported:

Type	CPU	Memory	Disk	Description
`cx11`	1 vCPU	2 GB	20 GB	Entry-level shared
`cx21`	2 vCPU	4 GB	40 GB	Standard shared
`cpx31`	4 vCPU	8 GB	160 GB	Performance shared
`cx41`	4 vCPU	16 GB	160 GB	Standard dedicated
`ccx13`	2 vCPU	8 GB	80 GB	Dedicated AMD

Status Mapping

Hetzner server states are mapped to ARROW asset statuses:

Hetzner Status	ARROW Status	Description
running	online	Server operational
initializing	maintenance	Server starting up
starting	maintenance	Server booting
stopping	offline	Server shutting down
off	offline	Server powered off
deleting	maintenance	Server being removed

Triggering Discovery

Asset discovery can be triggered:

Manually: Through admin interface
Scheduled: Regular automated discovery
On Demand: API endpoint for programmatic triggering

Asset Management API

The infrastructure management API is implemented in backend/api/infrastructure/handlers.go:

API Endpoints

Endpoint	Method	Permission	Purpose
`/api/infrastructure/assets`	GET	`infrastructure.view`	List assets for organization
`/api/infrastructure/assets`	POST	`infrastructure.admin`	Create new asset
`/api/infrastructure/assets/{id}`	GET	`infrastructure.view`	Get specific asset
`/api/infrastructure/assets/{id}`	PUT	`infrastructure.admin`	Update asset
`/api/infrastructure/assets/{id}`	DELETE	`infrastructure.admin`	Delete asset
`/api/infrastructure/assets/discover`	POST	`infrastructure.admin`	Discover all assets
`/api/infrastructure/assets/discover/hetzner`	POST	`infrastructure.admin`	Discover Hetzner assets
`/api/infrastructure/assets/health-check`	POST	`infrastructure.admin`	Run bulk health checks
`/api/infrastructure/assets/{id}/health`	GET	`infrastructure.view`	Get asset health status
`/api/infrastructure/assets/{id}/health-check`	POST	`infrastructure.admin`	Check specific asset
`/api/infrastructure/assets/{id}/organization`	PUT	`infrastructure.admin`	Update asset organization

Permission Model

Permission	Scope	Capabilities
`infrastructure.admin`	Global	Full access to all assets
`infrastructure.view`	Global	View all assets
`infrastructure.organization.create`	Org	Create assets in own org
`infrastructure.organization.view`	Org	View own org assets
`infrastructure.organization.edit`	Org	Edit own org assets
`infrastructure.organization.delete`	Org	Delete own org assets

Viewing Assets

Access infrastructure assets through the ARROW console:

Navigate to Infrastructure in the sidebar
View the asset list with status indicators
Filter by organization, type, or status
Click an asset for detailed information

Asset Details

The asset detail view shows:

Overview: Basic information and status
Technical Specs: Hardware and network details
Health History: Recent health check results
Organization: Assigned organization and project
Notes: Administrative notes and documentation

Updating Assets

Modify asset information as needed:

Reassign Organization: Move asset between organizations
Update Status: Manually set operational status
Add Notes: Document important information
Edit Labels: Modify tags and categorization

Asset Status

Track operational status for each asset:

Status	Description
Online	Asset is operational and responding
Offline	Asset is not responding to checks
Maintenance	Asset under scheduled maintenance
Unknown	Status could not be determined

Health Checks

Automated Monitoring

ARROW performs automated health checks on infrastructure assets:

Ping Checks: ICMP connectivity verification
Port Checks: TCP port availability testing
Service Checks: Application-level health verification

Port Checks by Asset Type

Different asset types are checked on specific ports:

Asset Type	Ports Checked	Description
Proxy Servers	1080, 8080, 3128, 8888	Common SOCKS/HTTP proxy ports
VPN Servers	51820, 1194, 443, 4789	WireGuard, OpenVPN, HTTPS, NetBird
Web Servers	80, 443	HTTP/HTTPS
Database	5432, 3306	PostgreSQL, MySQL

Health Check API

Endpoint: POST /api/infrastructure/assets/{id}/health-check

Performs an immediate health check on the specified asset and returns results.

Health Check Results

Each check records:

Field	Description
Timestamp	When the check was performed
Result	Success or failure
Response Time	Latency measurement (ms)
Error Message	Details if check failed
Ports Checked	List of ports tested
Port Results	Individual port availability

Health Check Configuration

Assets can have custom health check settings stored in health_check_config:

{
  "enabled": true,
  "interval_minutes": 5,
  "ports": [80, 443, 8080],
  "timeout_seconds": 10,
  "failure_threshold": 3,
  "notify_on_failure": true
}

Check Frequency

Health checks run at configurable intervals:

Critical Assets: Every 5 minutes
Standard Assets: Every 15 minutes
Low Priority: Every 60 minutes

Status Indicators

The console displays health status visually:

Green: All checks passing
Yellow: Degraded performance or warnings
Red: Failed checks or offline
Gray: Unknown or checks disabled

Asset Discovery Workflow

Initial Discovery

When setting up Hetzner integration:

Configure API Token: Add Hetzner API credentials
Run Discovery: Trigger initial asset import
Review Assets: Verify discovered assets
Assign Organizations: Map assets to organizations
Enable Monitoring: Configure health checks

Ongoing Discovery

Regular discovery keeps inventory current:

New Servers: Automatically added to inventory
Removed Servers: Marked as offline or deleted
Updated Specs: Changes reflected in metadata

Discovery Conflicts

When discovery finds conflicts:

Duplicate Detection: Matching by provider ID
Update vs Create: Existing assets updated, new ones created
Manual Resolution: Admin review for edge cases

Best Practices

Asset Organization

Consistent Naming: Use clear naming conventions
Proper Labeling: Apply meaningful labels in Hetzner
Organization Assignment: Keep assignments current
Documentation: Maintain notes for each asset

Health Monitoring

Enable Checks: Configure health checks for all assets
Review Alerts: Respond promptly to failures
Trend Analysis: Monitor performance over time
Capacity Planning: Use metrics for planning

Security

API Token Security: Protect Hetzner API credentials
Access Control: Limit who can manage assets
Audit Logging: Review asset management activities
Regular Review: Periodically audit asset inventory

ARROW Virtual Machines - VM management overview
VPN Management - VPN infrastructure management
Network Access Control - Access policies
Troubleshooting - Infrastructure troubleshooting

Infrastructure Management

Infrastructure Management

Overview

Asset Types

Asset Properties

Core Properties

Technical Details

Management Fields

Hetzner Cloud Integration

Hetzner Service

Asset Discovery

Connection Testing

Organization Mapping

Captured Metadata

Hetzner Server Types

Status Mapping

Triggering Discovery

Asset Management API

API Endpoints

Permission Model

Viewing Assets

Asset Details

Updating Assets

Asset Status

Health Checks

Automated Monitoring

Port Checks by Asset Type

Health Check API

Health Check Results

Health Check Configuration

Check Frequency

Status Indicators

Asset Discovery Workflow

Initial Discovery

Ongoing Discovery

Discovery Conflicts

Best Practices

Asset Organization

Health Monitoring

Security

Related Documentation