At Nasqueron, I maintain this Phabricator instance, and overview the operations infrastructure.
Website: https://www.dereckson.be/
Individual board: User-Dereckson
User Details
User Details
- User Since
- Nov 11 2014, 04:38 (593 w, 1 d)
- Roles
- Administrator
- Availability
- Available
Today
Today
dereckson moved T2096: WindRiver Route to Drake private network Ignored from Backlog to IntraNought / GRE tunnels on the Drake network board.
dereckson moved T2167: Implement Common Address Redundancy Protocol (CARP) from Backlog to IntraNought / GRE tunnels on the Drake network board.
dereckson moved T2276: Automate CARP VIP MAC reassignment using devd and OVH API from Backlog to IntraNought / GRE tunnels on the Drake network board.
dereckson moved T2290: Installation of CARP switch Python dependencies via Salt from Backlog to IntraNought / GRE tunnels on the Drake network board.
Install GNU findutils
dereckson added a parent task for T2291: Configure explicitly php-fpm pool in nginx Docker image: T1294: Dockerize tools.nasqueron.org.
dereckson moved T2291: Configure explicitly php-fpm pool in nginx Docker image from Backlog to Infra / DevOps on the Nasqueron Tools board.
dereckson moved T2291: Configure explicitly php-fpm pool in nginx Docker image from Backlog to Need Dockerfile or config on the Docker images board.
dereckson updated the task description for T2291: Configure explicitly php-fpm pool in nginx Docker image.
dereckson added a comment to T1294: Dockerize tools.nasqueron.org.
Two actions to fix:
dereckson added a comment to T1294: Dockerize tools.nasqueron.org.
The nginx configuration doesn't seem the same for the Docker container and the development site:
dereckson moved T1294: Dockerize tools.nasqueron.org from Live on tools. to Infra / DevOps on the Nasqueron Tools board.
dereckson moved T1982: Upgrade from Python 3.9 to Python 3.11+ from Backlog to Let's Encrypt - legacy on the TLS certificates board.
dereckson moved T1599: Install TLS wildcard certificates for nginx fallback vhost from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T1167: Restart nginx on Ysul when renew certificates from Backlog to Let's Encrypt - legacy on the TLS certificates board.
dereckson moved T1966: Automate certificates renewal for Vault from Backlog to Vault / Nasqueron PKI on the TLS certificates board.
dereckson moved T1513: Propagate certificate to Openfire server from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T1505: Automate Let's Encrypt TLS certificates management for every server from Backlog to Let's Encrypt - legacy on the TLS certificates board.
dereckson moved T1342: Let's encrypt on Debian use logrotate from Backlog to Let's Encrypt - legacy on the TLS certificates board.
dereckson moved T2043: Switch to acme.sh instead of certbot from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T2062: Native TLS support from Backlog to Applications on the TLS certificates board.
dereckson moved T2112: Renew Vault web server certificate automatically from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T2155: Review rotation for acme.sh logs from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
dereckson moved T2196: Reload of dovecot and postfix when certif renew from Backlog to Let's Encrypt - acme.sh on the TLS certificates board.
Wed, Mar 25, 09:30 · TLS certificates, Restricted Project, good-first-issue, Nasqueron Operations Squad, Mail
dereckson requested review of D4030: Sort more DevCentral projects in Notifications Center.
Yesterday
Yesterday
dereckson added inline comments to D4027: Install dependencies to register MAC address to ISP.
dereckson renamed T2290: Installation of CARP switch Python dependencies via Salt from Installation of CARP switch Python dependencies via Salt to Installation of CARP switch Python dependencies via Salt.
dereckson renamed T2290: Installation of CARP switch Python dependencies via Salt from Installation of Python dependencies via Salt to Installation of CARP switch Python dependencies via Salt.
dereckson renamed T2290: Installation of CARP switch Python dependencies via Salt from Installation of secretsmith and ovh via Salt to Installation of Python dependencies via Salt.
dereckson updated the test plan for D4027: Install dependencies to register MAC address to ISP.
dereckson retitled D4027: Install dependencies to register MAC address to ISP from Install ovh and secretsmith via Salt to Install dependencies to register MAC address to ISP.
dereckson requested review of D4028: Update Black style.
Mon, Mar 23
Mon, Mar 23
dereckson added inline comments to D4027: Install dependencies to register MAC address to ISP.
dereckson added a comment to D2084: Usee Docker pillar information in nginx config.
I've asked upstream for advice how to resolve pillar for another server than the current node @ https://groups.google.com/g/salt-tower/c/XEKg2CEiZrU
dereckson planned changes to D2084: Usee Docker pillar information in nginx config.
The output is really useful to avoid to manually repeat the ports.
dereckson updated the diff for D2084: Usee Docker pillar information in nginx config.
Rebased. Fixed pillar handling.
dereckson added a comment to D4026: Deploy or rotate Vault secrets.
Note: we're deploying a third secret for CARP routers scripts. If we've already that code merged, we'll need to append a line to deploy that state too.
dereckson updated the summary of D2084: Usee Docker pillar information in nginx config.
dereckson added a comment to D2084: Usee Docker pillar information in nginx config.
Next: try salt web-001 paas_docker.get_upstreams
dereckson added inline comments to D3988: Configure strongSwan as IPsec implementation.
dereckson retitled D2084: Usee Docker pillar information in nginx config from WIP: Use Docker pillar information in nginx config to Usee Docker pillar information in nginx config.
dereckson updated the diff for D2084: Usee Docker pillar information in nginx config.
Rebased against current main for Alkane.
dereckson moved T2289: https://infra.nasqueron.org/cd/dashboard without trailing slash doesn't serve CSS from Backlog to Next on the Servers board.
dereckson triaged T2289: https://infra.nasqueron.org/cd/dashboard without trailing slash doesn't serve CSS as Normal priority.
dereckson added a comment to D2084: Usee Docker pillar information in nginx config.
This change is interesting and should be rebased.
dereckson added a comment to D2030: Enable federation on Pixelfed.
This configuration is for Pixelfed old versions.
dereckson added a comment to D1524: WIP: Allow to manage phpBB containers.
Not sure today if we still want to deploy through Docker, or if we would target Alkane PaaS for Espace Win sites. It's also unknown if it brings value to put back the forum archive.
dereckson added a comment to D1590: Serve zed51.dereckson.be.
Currently, zed51.dereckson.be serves a 500 error.
dereckson closed T1817: Update pillar path for paas_docker.get_subnets, a subtask of T2123: Fix tests for operations repository, as Resolved.
dereckson added a comment to T786: Add PECL extension mailparse to Phabricator Docker image.
Tried to deploy on DevCentral - it's now an old container still using PHP 7.4.
dereckson closed T1475: Provision a mail server, a subtask of T4: Setup fauve services, as Resolved.
We can consider the mail server as deployed and create tasks for extra actions in the Mail projects.
dereckson closed T1475: Provision a mail server, a subtask of T1476: Host @wolfplex.be mail, as Resolved.
dereckson added a comment to T2099: Provision devcentral local configuration.
@DorianWinty Do we have everything in the configuration or is there some actionnables remaining?
dereckson closed T1932: ViMbAdmin Provisioning, a subtask of T1475: Provision a mail server, as Resolved.
Deployed and working fine.
dereckson updated the task description for T1931: Dovecot Provisioning.
dereckson closed T1931: Dovecot Provisioning, a subtask of T1475: Provision a mail server, as Resolved.
Dovecot deployed and working well.
dereckson placed T238: JSTOR metadata aren't correctly parsed anymore up for grabs.
[ Resetting assignee of long-assigned tasks. Feel free to reassign when working on this. ]
With Salt, sudo files content are now managed from rOPS.
dereckson triaged T2286: Detect configuration drift by computing difference between Salt states and deployed as High priority.
Not a priority right now, as we use Alkane to trigger website deployments.
dereckson closed T1942: Allow Jenkins to trigger deployment through Salt, a subtask of T1750: Import FANTOIR database, as Wontfix.
dereckson added a comment to T1691: Allow to inspect Salt configuration.
See also T1784 to improve UX and URLs.
dereckson retitled D4026: Deploy or rotate Vault secrets from Once the AppRole have been created or updated in Vault by Terraform/OpenTofu, the relevant configuration files with AppRole credentials must be provisioned. to Deploy or rotate Vault secrets.
dereckson requested review of D4026: Deploy or rotate Vault secrets.
dereckson committed rOPS92ef1ec2e3d1: Block known datacenter ranges flooding Phabricator (authored by dereckson).
Block known datacenter ranges flooding Phabricator
dereckson committed rOPS7f3fde8da814: Help to install Arcanist dependencies (authored by dereckson).
Help to install Arcanist dependencies
dereckson added a comment to T1744: Stream processing with Benthos.
Software has been renamed to Redpanda Connect:
Checked today, it works fine:
dereckson updated the task description for T1784: Parse URL in JavaScript in infra.nasqueron.org/config.