- Provision role ViperServ on WindRiver
- Unit account
- Unit eggdrop
- Unit fbsql
- Unit fantoir
- Unit rabbitmq-tcl
- Unit software - OK but see T2214 for youtube-dl issues
- Unit wikidata-access-layer
- Import data from Ysul
- Vault AppRole needs access from WindRiver
- Network configuration for dedicated IPv6
- Run Dæghrefn
- Ensure MariaDB is connected
- Clear RabbitMQ queues to avoid flood of messages
- Run Wearg
- Ensure RabbitMQ is connected
- Run TC2 (do we still have relevant things there?)
Description
Description
Revisions and Commits
Revisions and Commits
| rOPS Nasqueron Operations | |||
| D3932 | rOPS8f5f91f7f38b Listen to new IPv6 address for viperserv.n.o | ||
| D3931 | rOPS8202a28af610 Assign ViperServ IPv6 to WindRiver | ||
| D3941 | rOPSafa582eb6a83 Bump serial number for nasqueron.org DNS zone | ||
| D3930 | rOPS188f35616777 Update AAAA record for viperserv.nasqueron.org | ||
| D3929 | rOPS404cef789f72 Update host for eggdrop user on db-B-001 | ||
| D3923 | rOPSabe00f4a2633 Migrate viperserv Vault AppRole to Terraform | ||
| D3915 | rOPS5f079447f1c8 Move eggdrop park to WindRiver | ||
| D3914 | rOPScb49914ada51 Update FANTOIR data source to April 2023 version | ||
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | Epic | None | T1898 Decommission Ysul | ||
| Open | dereckson | T1803 Move and migrate Ysul production services elsewhere | |||
| Resolved | dereckson | T2212 Move eggdrops from Ysul to WindRiver | |||
| Open | None | T2213 Ensure fbsql still compile with C23 standard | |||
| Resolved | dereckson | T2215 Bump eggdrop default version to 1.10.1 |
Event Timeline
Comment Actions
Vault credentials provisioned, eggdrop installed
Removed the crontab entry so we can continue the deployment progressively
Blocker to connect to MariaDB database with fbsql extension at T2213.
Comment Actions
Data imported from Ysul.
Next: Vault policy
Tcl error in file '/srv/viperserv/Daeghrefn/eggdrop.conf':
Vault returned HTTP/1.1 400 Bad Request, 200 OK was expected.
while executing
"error "Vault returned [::http::code $httpToken], 200 OK was expected.""
(procedure "::vault::request" line 19)
invoked from within
"::vault::request POST /v1/auth/approle/login $params"
(procedure "::vault::appRoleLogin" line 3)
invoked from within
"::vault::appRoleLogin $vault(roleID) $vault(secretID)"
(procedure "vault_login" line 5)
invoked from within
"vault_login"
(file "scripts/Vault.tcl" line 25)
invoked from within
"source scripts/Vault.tcl"
(file "/srv/viperserv/Daeghrefn/eggdrop.conf" line 58)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)Comment Actions
DNS
viperserv.nasqueron.org. 86400 IN AAAA 2001:470:1f13:9e1:0:c0ff:ee:7
We probably need to update this, and the IP to use in the configuration.
Comment Actions
Access to Vault works fine, fetching secrets from there too, including after Terraform rotation.
Next: check MariaDB user on db-B-001, as we've:
Error 1045 (Access denied for user 'nasqueron'@'172.27.27.35' (using password: YES))
Also custom metadata of the Vault secret is strange: {database Nasqueron host 172.27.27.33} -> host is now db-B-001. The bot uses correctly the, but that could be a hint db-B-001 doesn't have that credential:
% echo $sql(host) 172.27.27.9 % dict get [vault_get mysql] metadata created_time 2022-05-12T21:49:40.859103803Z custom_metadata {database Nasqueron host 172.27.27.33} deletion_time {} destroyed false version 1
Comment Actions
MariaDB issue fixed, but now we've some networking inforamation to do update too:
set listen-addr 2001:470:1f13:9e1:0:c0ff:ee:7 (vhost for viperserv.nasqueron.org, as pointed in T2212#34464)
Comment Actions
Reviewed TC2, there are opportunities to start jobs from #nasqueron-ops but current content is out-of-date, so not in scope for that migration.