Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Feb 17 2024

dereckson closed T1953: sshd-otp returns fatal error recv_rexec_state: parse config: incomplete message as Resolved.
Ysul
$ /usr/local/etc/rc.d/sshd-otp restart
Performing sanity check on sshd_otp configuration.
Stopping sshd_otp.
Waiting for PIDS: 1331.
Performing sanity check on sshd_otp configuration.
Starting sshd_otp.
Feb 17 2024, 14:50 · security, Servers
dereckson created T1953: sshd-otp returns fatal error recv_rexec_state: parse config: incomplete message.
Feb 17 2024, 14:50 · security, Servers

Jan 28 2024

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
Jan 28 2024, 19:11 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

Secrets have been migrated from dot notation to slash notation.

Jan 28 2024, 19:10 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Jan 15 2024

dereckson added a comment to T1877: Evaluate Alcali - Salt front-end.

Alcali is still alive.

Jan 15 2024, 21:50 · security, Salt, Servers, Product evaluation

Jan 8 2024

dereckson added a revision to T1935: OPENSSH 9.6: D3265: Disable Terrapin sensible ciphers and algorithms.
Jan 8 2024, 21:54 · security
DorianWinty closed T1935: OPENSSH 9.6 as Resolved.
Jan 8 2024, 21:13 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the Restricted Space space to the S1 Nasqueron space.
Jan 8 2024, 21:13 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the S1 Nasqueron space to the Restricted Space space.
Jan 8 2024, 21:11 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the Restricted Space space to the S1 Nasqueron space.
Jan 8 2024, 21:11 · security

Jan 7 2024

dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 18:05 · security
dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 18:01 · security
dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 00:21 · security

Jan 5 2024

DorianWinty updated the task description for T1935: OPENSSH 9.6.
Jan 5 2024, 19:55 · security
DorianWinty updated the task description for T1935: OPENSSH 9.6.
Jan 5 2024, 19:55 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.

For Hervil

Jan 5 2024, 12:32 · security
dereckson added a comment to T1935: OPENSSH 9.6.

FreeBSD integrates OpenSSH to the base OS.

Jan 5 2024, 12:06 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.
Jan 5 2024, 11:45 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.

cloudhugger:

OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w  11 Sep 2023

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

dwellers:

OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

docker-002:

OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

hervil:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

complector:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

db-A-001:

OpenSSH_9.3p2, OpenSSL 1.1.1t-freebsd  7 Feb 2023

db-B-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

web-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

router-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

ysul:

Minion did not return. [Not connected]

thrayce:

Minion did not return. [Not connected]
Jan 5 2024, 11:31 · security
DorianWinty created T1935: OPENSSH 9.6.
Jan 5 2024, 11:12 · security

Dec 17 2023

dereckson created T1928: Serve CAA DNS records.
Dec 17 2023, 14:03 · Servers, DNS, security
dereckson added a revision to T1228: Configure TLS for webserver-core role: D3251: Provide TLS 1.3 only nginx configuration.
Dec 17 2023, 14:00 · security, Servers
dereckson added a comment to T1228: Configure TLS for webserver-core role.

Situation has evolved since 2017, we currently configure nginx with TLSv1.2 + TLSv1.3,
per Mozilla intermediate configuration https://ssl-config.mozilla.org/

Dec 17 2023, 13:59 · security, Servers
dereckson updated the task description for T1228: Configure TLS for webserver-core role.
Dec 17 2023, 13:57 · security, Servers
dereckson renamed T1228: Configure TLS for webserver-core role from Configure TLS for Ysul to Configure TLS for webserver-core role.
Dec 17 2023, 13:57 · security, Servers

Jun 16 2023

dereckson updated subscribers of T1877: Evaluate Alcali - Salt front-end.
Jun 16 2023, 14:06 · security, Salt, Servers, Product evaluation

Jun 11 2023

dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

Worked before (dhclient + routes), but on boot:

  • we've a correct fe80 address
  • no dhclient, but /usr/local/etc/rc.d/dhclient6 start does NOT complain dhclient6_enable="YES" is missing
  • when dhclient is started, our correct prefix is returned
  • no static IP assignment in current state (missing from /etc/netif/igb0_ipv6)
  • we can add manually IP in our prefix
  • routing is missing and can't be easily figured (the expectation was dhclient would take care of that)
Jun 11 2023, 11:23 · security, Servers, IPv6

Jun 7 2023

dereckson added a revision to T1861: Configure static IPv6 on WindRiver: D3185: Configure IPv6 with DUID for Online network.
Jun 7 2023, 00:41 · security, Servers, IPv6

Jun 3 2023

dereckson raised the priority of T1861: Configure static IPv6 on WindRiver from Normal to High.

Taking it as we've issues with the /128 one and I'd prefer to fix the /56 config than the /128 one.

Jun 3 2023, 21:31 · security, Servers, IPv6

May 29 2023

dereckson closed T1890: Deploy Vault on Eglide as Resolved.
May 29 2023, 17:18 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3154: Help to configure Salt for Vault access on shellserver.
May 29 2023, 17:14 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3153: Help operations to unseal Eglide Vault.
May 29 2023, 14:43 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3152: Configure Vault on shellserver.
May 29 2023, 10:56 · Odderon, IRC, Vault, security, Eglide
dereckson added a comment to T1890: Deploy Vault on Eglide.

Server log

May 29 2023, 10:54 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1739: Add SASL capability to Darkbot.
May 29 2023, 02:29 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3151: Install Vault on shellserver.
May 29 2023, 02:28 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1721: Move IRC bots from Freenode to Libera.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson moved T1890: Deploy Vault on Eglide from Backlog to Next to deploy on the Odderon board.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson triaged T1890: Deploy Vault on Eglide as Normal priority.
May 29 2023, 00:01 · Odderon, IRC, Vault, security, Eglide

May 25 2023

dereckson triaged T1878: Allow to run queries for reporting as Wishlist priority.
May 25 2023, 04:23 · Monitoring and reporting, security, DBA, Servers
dereckson moved T1878: Allow to run queries for reporting from Backlog to Services / Features on the DBA board.
May 25 2023, 04:23 · Monitoring and reporting, security, DBA, Servers

May 20 2023

dereckson added a revision to T1879: Draft a 2FA policy: D3115: Publish SQL queries for DevCentral reports.
May 20 2023, 18:20 · discussion, security, DevCentral
dereckson added a comment to T1879: Draft a 2FA policy.

Documentation available at https://devcentral.nasqueron.org/w/setup_2fa/

May 20 2023, 17:36 · discussion, security, DevCentral
dereckson edited the content of Setup 2FA.
May 20 2023, 17:32 · DevCentral, security
dereckson attached a referenced file: F2221257: Screenshot 2023-05-20 at 18.52.56.png.
May 20 2023, 17:31 · DevCentral, security
dereckson created an object: Setup 2FA.
May 20 2023, 17:31 · DevCentral, security
dereckson added a comment to T1879: Draft a 2FA policy.

2FA enabled

May 20 2023, 16:48 · discussion, security, DevCentral
dereckson created T1879: Draft a 2FA policy.
May 20 2023, 16:48 · discussion, security, DevCentral
dereckson updated the task description for T1878: Allow to run queries for reporting.
May 20 2023, 15:45 · Monitoring and reporting, security, DBA, Servers
dereckson added a comment to T1878: Allow to run queries for reporting.

As a minimum, to have somewhere (a reports repository?) where we can write those report queries could already be useful, so we don't lose them.

May 20 2023, 15:43 · Monitoring and reporting, security, DBA, Servers
dereckson created T1878: Allow to run queries for reporting.
May 20 2023, 15:42 · Monitoring and reporting, security, DBA, Servers
dereckson triaged T1877: Evaluate Alcali - Salt front-end as Normal priority.
May 20 2023, 14:25 · security, Salt, Servers, Product evaluation

May 19 2023

dereckson updated the task description for T1861: Configure static IPv6 on WindRiver.
May 19 2023, 02:17 · security, Servers, IPv6

May 18 2023

dereckson closed T1779: Provision docker-002 Docker Engine as Resolved.
May 18 2023, 12:00 · Salt, Docker images, Servers, security
dereckson added a comment to T1779: Provision docker-002 Docker Engine.

Server is live and stable.

May 18 2023, 12:00 · Salt, Docker images, Servers, security
dereckson added a comment to T1521: Restrict MySQL access.

Subtask removed to simplify the graph. It's the task where db-B-001 has been created and so solved this one.

May 18 2023, 11:55 · Operations sprints (Consolidate them all), security, Servers
dereckson removed a subtask for T1521: Restrict MySQL access: T1803: Move and migrate Ysul production services elsewhere.
May 18 2023, 11:54 · Operations sprints (Consolidate them all), security, Servers
dereckson moved T1616: Build a bastion - load balancers - private instances network topology from Backlog to Not for this sprint on the Operations sprints (Consolidate them all) board.
May 18 2023, 11:53 · security, Operations sprints (Consolidate them all)
dereckson added a subtask for T1521: Restrict MySQL access: T1803: Move and migrate Ysul production services elsewhere.
May 18 2023, 11:46 · Operations sprints (Consolidate them all), security, Servers
dereckson closed T1521: Restrict MySQL access as Resolved.
May 18 2023, 11:45 · Operations sprints (Consolidate them all), security, Servers
dereckson closed T1521: Restrict MySQL access, a subtask of T1619: Connect all baremetal servers to Drake network, as Resolved.
May 18 2023, 11:45 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson added a comment to T1521: Restrict MySQL access.

Resolved by db-B-001 deployment: MySQL server doesn't have a public IP anymore

May 18 2023, 11:45 · Operations sprints (Consolidate them all), security, Servers
dereckson closed T1702: Deploy Complector aka la source as Resolved.
May 18 2023, 11:44 · Salt, Vault, security, Servers
dereckson closed T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org as Resolved.
In T1627#23666, @dereckson wrote:

Perhaps replace references here too: https://code.nasqueron.org/?q=equatower&i=nope&literal=nope&files=&excludeFiles=&repos=

May 18 2023, 09:43 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D3103: Supersede Equatower references by docker-002.
May 18 2023, 09:42 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D3102: Supersede Equatower references by docker-002.
May 18 2023, 09:38 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D3101: Supersede Equatower references by docker-002.
May 18 2023, 09:35 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson renamed T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org from Supersede equatower.nasqueron.org by docker-001.nasqueron.org to Supersede equatower.nasqueron.org by docker-002.nasqueron.org.
May 18 2023, 09:35 · Operations sprints (Consolidate them all), Servers, Salt, security

May 15 2023

dereckson added a comment to T1145: Don't truncate passwords.

Password truncation
Passwords are explicitly truncated to 25 characters in load_helpers functions:

May 15 2023, 17:08 · C, security, Odderon

May 13 2023

dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

DUID published in Vault under ops/secrets/network/DUID/2001:bc8:2e84:700::

May 13 2023, 13:27 · security, Servers, IPv6
dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Analysis / under discussion on the Servers board.
May 13 2023, 12:24 · security, Servers, IPv6
dereckson triaged T1861: Configure static IPv6 on WindRiver as Normal priority.
May 13 2023, 12:24 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

2001:bc8:2e84:700:: /56 should be used for WindRiver addresses.

May 13 2023, 12:23 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

Autoconfig IP isn't in our block

May 13 2023, 12:14 · security, Servers, IPv6
dereckson added a project to T1861: Configure static IPv6 on WindRiver: security.
May 13 2023, 12:08 · security, Servers, IPv6

May 6 2023

dereckson moved T1770: Drop credentials from MySQL containers' environment from Backlog to Backlog - Docker on the Operations sprints (Ignite Alkane Propulsion) board.
May 6 2023, 15:55 · Operations sprints (Ignite Alkane Propulsion), Nasqueron Docker deployment squad, Salt, security
dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog to Backlog - Docker on the Operations sprints (Ignite Alkane Propulsion) board.
May 6 2023, 15:55 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

Apr 13 2023

dereckson closed T1829: Don't listen to world SSH for IntraNought servers as Resolved by committing rOPSe295e695501b: Don't listen to world SSH for IntraNought servers.
Apr 13 2023, 23:59 · security, Servers
dereckson added a revision to T1829: Don't listen to world SSH for IntraNought servers : D3012: Don't listen to world SSH for IntraNought servers.
Apr 13 2023, 23:47 · security, Servers

Apr 12 2023

dereckson added a revision to T1829: Don't listen to world SSH for IntraNought servers : D3004: Resolve private network interface.
Apr 12 2023, 19:39 · security, Servers
dereckson triaged T1829: Don't listen to world SSH for IntraNought servers as High priority.
Apr 12 2023, 00:26 · security, Servers

Apr 2 2023

dereckson moved T1763: Detect if a new VMWARE ESXi patch version is available from Backlog to Checks on the Monitoring and reporting board.
Apr 2 2023, 10:23 · User-ieli, Monitoring and reporting, security

Mar 28 2023

dereckson added a comment to T1779: Provision docker-002 Docker Engine.

https://api.nasqueron.org/infra/servers.json

Mar 28 2023, 01:05 · Salt, Docker images, Servers, security

Mar 24 2023

dereckson closed T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode as Resolved.

Not present in recent FreeBSD machines, so I guess it was solved during an OS upgrade.

Mar 24 2023, 01:14 · security, Servers

Mar 7 2023

dereckson closed T1425: Provision secrets through Salt as Resolved.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Mar 7 2023, 20:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson closed T930: Secrets to migrate from DevCentral to Vault as Resolved.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

And with the Zemke-Rhyne decom, we're done.

Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2854: Decommission Zemke-Rhyne.
Mar 7 2023, 20:14 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2851: Decommission docker-001.
Mar 7 2023, 19:51 · Salt, Docker images, Servers, security
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2787: Provision docker-002.
Mar 7 2023, 19:10 · Salt, Docker images, Servers, security

Mar 4 2023

dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2837: Update tommy_cd back-end URL.
Mar 4 2023, 19:05 · Salt, Docker images, Servers, security

Mar 3 2023

dereckson closed T1594: Acquisitariat and Etherpad issue as Resolved.

Those issues are resolved now we use Vault to provision passwords.

Mar 3 2023, 20:15 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2827: Update api.nasqueron.org API configuration.
Mar 3 2023, 19:08 · Salt, Docker images, Servers, security
dereckson added projects to T1779: Provision docker-002 Docker Engine: Servers, Docker images, Salt.
Mar 3 2023, 19:05 · Salt, Docker images, Servers, security
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2826: Update api-datasources service URL.
Mar 3 2023, 17:16 · Salt, Docker images, Servers, security
dereckson triaged T1779: Provision docker-002 Docker Engine as High priority.
Mar 3 2023, 17:15 · Salt, Docker images, Servers, security
dereckson closed T1775: Provision notifications CLI configuration file as Resolved by committing rOPS936e401ff3a4: Update connection information to broker for notifications CLI.
Mar 3 2023, 16:59 · Salt, security, Notifications center

Mar 2 2023

dereckson moved T1775: Provision notifications CLI configuration file from Backlog to Pending review on the security board.
Mar 2 2023, 17:38 · Salt, security, Notifications center
dereckson claimed T1775: Provision notifications CLI configuration file.
Mar 2 2023, 17:38 · Salt, security, Notifications center
dereckson added a revision to T1775: Provision notifications CLI configuration file: D2824: Update connection information to broker for notifications CLI.
Mar 2 2023, 17:38 · Salt, security, Notifications center
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator