Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Apr 12 2022

dereckson closed T648: Secure access to etcd as Wontfix.

Per T644.

Apr 12 2022, 22:18 · security, Nasqueron Docker deployment squad, Servers

Apr 3 2022

dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Apr 3 2022, 19:49 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D2649: Provide compatibility methods with Zemke-Rhyme for Vault.
Apr 3 2022, 18:59 · security, Nasqueron Operations Squad, Vault, Salt

Mar 29 2022

dereckson added a revision to T1702: Deploy Complector aka la source: D2624: Deploy Vault.
Mar 29 2022, 22:54 · Salt, Vault, security, Servers

Mar 26 2022

dereckson added a revision to T1702: Deploy Complector aka la source: D2639: Allow to recreate Vault configuration as DRP plan B.
Mar 26 2022, 15:19 · Salt, Vault, security, Servers
dereckson added a revision to T1425: Provision secrets through Salt: D2638: Deploy policies for Vault.
Mar 26 2022, 15:09 · security, Nasqueron Operations Squad, Vault, Salt

Mar 24 2022

dereckson moved T930: Secrets to migrate from DevCentral to Vault from Backlog to In progress on the User-Dereckson board.
Mar 24 2022, 00:50 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a project to T930: Secrets to migrate from DevCentral to Vault: User-Dereckson.
Mar 24 2022, 00:49 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Mar 24 2022, 00:48 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Mar 24 2022, 00:46 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson claimed T930: Secrets to migrate from DevCentral to Vault.

Migrated secrets

Mar 24 2022, 00:43 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Mar 22 2022

dereckson added a revision to T1702: Deploy Complector aka la source: D2615: Deploy Vault and Salt master on Complector.
Mar 22 2022, 18:29 · Salt, Vault, security, Servers
dereckson added a revision to T1619: Connect all baremetal servers to Drake network: D2594: Reconfigure GRE tunnels.
Mar 22 2022, 18:20 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson added a revision to T1619: Connect all baremetal servers to Drake network: D2596: Set kernel state for router.
Mar 22 2022, 18:19 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2596: Set kernel state for router.
Mar 22 2022, 18:18 · security, Operations sprints (Consolidate them all)

Mar 15 2022

dereckson added a parent task for T1619: Connect all baremetal servers to Drake network: T1702: Deploy Complector aka la source.
Mar 15 2022, 00:44 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson added a subtask for T1702: Deploy Complector aka la source: T1619: Connect all baremetal servers to Drake network.
Mar 15 2022, 00:44 · Salt, Vault, security, Servers
dereckson added a parent task for T1702: Deploy Complector aka la source: Unknown Object (Maniphest Task).
Mar 15 2022, 00:44 · Salt, Vault, security, Servers
dereckson added a parent task for T1702: Deploy Complector aka la source: T923: Switch Vault to restricted network.
Mar 15 2022, 00:43 · Salt, Vault, security, Servers
dereckson updated the task description for T1702: Deploy Complector aka la source.
Mar 15 2022, 00:43 · Salt, Vault, security, Servers
dereckson created T1702: Deploy Complector aka la source.
Mar 15 2022, 00:42 · Salt, Vault, security, Servers
dereckson reopened T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org as "Open".

Perhaps replace references here too: https://code.nasqueron.org/?q=equatower&i=nope&literal=nope&files=&excludeFiles=&repos=

Mar 15 2022, 00:40 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a comment to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org.

All tasks seem done, as we've docker-001 running for more than one year without any issue.

Mar 15 2022, 00:37 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson closed T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org as Resolved.
Mar 15 2022, 00:36 · Operations sprints (Consolidate them all), Servers, Salt, security

Mar 14 2022

dereckson added a comment to T619: Allow to control from TC2 the Docker engine.

Alternative could be to use https://docs.saltproject.io/en/latest/ref/engines/all/salt.engines.ircbot.html#module-salt.engines.ircbot

Mar 14 2022, 23:45 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson added a comment to T1619: Connect all baremetal servers to Drake network.

If all we want are tunnels, Tinc could be overkill, as GRE tunnels work well at D2594 + D2595.

Mar 14 2022, 23:32 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog to Doc / Web on the IRC board.
Mar 14 2022, 23:17 · upsection, security, documentation, IRC, Dæghrefn

Mar 12 2022

dereckson lowered the priority of T1700: Drop metrics plugin for Etherpad from Normal to Low.
Mar 12 2022, 14:57 · security, Etherpad
dereckson added a comment to T1700: Drop metrics plugin for Etherpad.

As said in IRC:
14:47:59 < Dereckson> (j'ai un doute pour ep_ether-o-meter après relecture du package.json, je me demande si ce n'est simplement à ce moment là que npm audit s'est réveillé)
14:49:44 < Dereckson> Je soupçonne que npm install <plugin> prend les dépendances de dev d'Etherpad aussi, alors que https://github.com/ether/etherpad-lite/blob/develop/src/bin/installDeps.sh utilise npm ci --no-optional

Mar 12 2022, 14:57 · security, Etherpad
dereckson added a revision to T1700: Drop metrics plugin for Etherpad: D2587: Drop support for ether-o-meter Etherpad plugin.
Mar 12 2022, 13:14 · security, Etherpad
dereckson triaged T1700: Drop metrics plugin for Etherpad as Normal priority.
Mar 12 2022, 13:08 · security, Etherpad
dereckson moved T1524: Monitor sudo files on servers from Backlog to Server config on the Eglide board.
Mar 12 2022, 13:07 · Eglide, security, Servers

Mar 5 2022

dereckson created P302 Docker update pulls fuse on CentOS/Rocky.
Mar 5 2022, 21:18 · Nasqueron Docker deployment squad, security, Servers
dereckson added a comment to T1619: Connect all baremetal servers to Drake network.

There is a concurrent approach through tinc deployed on devserver WindRiver:

Mar 5 2022, 00:25 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson updated the task description for T1619: Connect all baremetal servers to Drake network.
Mar 5 2022, 00:13 · Servers, Drake network, security, Operations sprints (Consolidate them all)

Mar 4 2022

dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2566: Configure IntraNought interface for RedHat servers.
Mar 4 2022, 23:56 · security, Operations sprints (Consolidate them all)

Feb 12 2022

dereckson claimed T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts.
Feb 12 2022, 01:55 · User-Dereckson, security, Nasqueron Operations Squad
dereckson added a comment to T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts.

[ Grabbing this on my radar again, as it's in my account. ]

Feb 12 2022, 01:54 · User-Dereckson, security, Nasqueron Operations Squad

Jan 15 2022

dereckson closed T665: Configure DevCentral to approve automatically the user accounts as Wontfix.

Spambots actually target Phabricator, so we're fine with the current process.

Jan 15 2022, 22:06 · security, DevCentral

Jan 9 2022

dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2453: Clean up Equatower references.
Jan 9 2022, 10:27 · Operations sprints (Consolidate them all), Servers, Salt, security

Oct 2 2021

dereckson moved T1513: Propagate certificate to Openfire server from Backlog to Pending review on the Servers board.
Oct 2 2021, 23:14 · XMPP, security, Servers

Sep 18 2021

dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog / triage to Sites to convert on the upsection board.
Sep 18 2021, 09:43 · upsection, security, documentation, IRC, Dæghrefn
dereckson moved T1658: Convert infra. for Uspection use from Backlog / triage to Sites to convert on the upsection board.
Sep 18 2021, 09:43 · upsection, security, Servers
dereckson moved T1657: Convert docs. for Uspection use from Backlog / triage to Sites to convert on the upsection board.
Sep 18 2021, 09:42 · upsection, security, documentation
dereckson added projects to T1656: Convert daeghrefn. for Uspection use: Dæghrefn, IRC, documentation, security, upsection.
Sep 18 2021, 09:42 · upsection, security, documentation, IRC, Dæghrefn
dereckson added a project to T1657: Convert docs. for Uspection use: upsection.
Sep 18 2021, 09:42 · upsection, security, documentation
dereckson added a project to T1658: Convert infra. for Uspection use: upsection.
Sep 18 2021, 09:42 · upsection, security, Servers
dereckson created T1658: Convert infra. for Uspection use.
Sep 18 2021, 09:42 · upsection, security, Servers
dereckson triaged T1657: Convert docs. for Uspection use as Normal priority.
Sep 18 2021, 09:41 · upsection, security, documentation

Sep 12 2021

dereckson updated the task description for T673: Rebuild images using OpenSSH client.
Sep 12 2021, 08:46 · security, Docker images
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Sep 12 2021, 08:46 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Aug 30 2021

Sandlayth closed T1645: Migrate Eglide TLS certificates as Resolved.

Certificates have been migrated, and a salt-call --local state.apply have been successfully ran after the migration.

Aug 30 2021, 20:11 · security, Servers, Eglide

Aug 29 2021

dereckson moved T1145: Don't truncate passwords from Backlog to Darkbot bugs on the Odderon board.
Aug 29 2021, 00:37 · security, Odderon

Aug 25 2021

dereckson assigned T1645: Migrate Eglide TLS certificates to Sandlayth.
Aug 25 2021, 23:36 · security, Servers, Eglide
dereckson moved T1645: Migrate Eglide TLS certificates from Backlog to Migration on the Eglide board.
Aug 25 2021, 22:53 · security, Servers, Eglide
dereckson renamed T1645: Migrate Eglide TLS certificates from Migrate Eglide SSL certificates to Migrate Eglide TLS certificates.
Aug 25 2021, 22:51 · security, Servers, Eglide

Dec 30 2020

dereckson closed T1640: "certbot: error: unrecognized arguments:" when renewing certificates on Docker Engine as Resolved by committing rOPS636fd7818086: Allow certbot wrapper to work when no argument is provided after the command.
Dec 30 2020, 02:23 · Regression, Nasqueron Docker deployment squad, security, Servers
dereckson added a revision to T1640: "certbot: error: unrecognized arguments:" when renewing certificates on Docker Engine: D2375: Allow certbot wrapper to work when no argument is provided after the command.
Dec 30 2020, 02:19 · Regression, Nasqueron Docker deployment squad, security, Servers
dereckson added a project to T1640: "certbot: error: unrecognized arguments:" when renewing certificates on Docker Engine: Regression.

Regression introduced in rOPSbf659c5728cbfeab65c1fba8772f2037278000b5:

Dec 30 2020, 02:14 · Regression, Nasqueron Docker deployment squad, security, Servers
dereckson triaged T1640: "certbot: error: unrecognized arguments:" when renewing certificates on Docker Engine as High priority.
Dec 30 2020, 02:07 · Regression, Nasqueron Docker deployment squad, security, Servers

Oct 20 2020

dereckson moved T1513: Propagate certificate to Openfire server from Backlog to Working on on the XMPP board.
Oct 20 2020, 01:19 · XMPP, security, Servers
dereckson added a project to T1513: Propagate certificate to Openfire server: XMPP.
Oct 20 2020, 01:19 · XMPP, security, Servers

Sep 28 2020

dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2337: Prune Docker configuration for Equatower.
Sep 28 2020, 00:26 · Operations sprints (Consolidate them all), Servers, Salt, security

Sep 24 2020

dereckson added a comment to T1619: Connect all baremetal servers to Drake network.

Let's rewire tunnels against router-001.nasqueron.org / 51.255.124.8 / 172.27.27.1

Sep 24 2020, 20:50 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2334: Configure IntraNought interface for FreeBSD.
Sep 24 2020, 20:48 · security, Operations sprints (Consolidate them all)
dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2330: Add router-001.nasqueron.org as router.
Sep 24 2020, 19:24 · security, Operations sprints (Consolidate them all)
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2328: Clone Equatower Docker configuration for docker-001.
Sep 24 2020, 03:21 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2327: Use new registry server.
Sep 24 2020, 01:51 · Operations sprints (Consolidate them all), Servers, Salt, security

Sep 23 2020

dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2322: Configure Docker for docker-001.
Sep 23 2020, 23:15 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a revision to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org: D2321: Add server docker-001 for paas-docker role.
Sep 23 2020, 23:12 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a comment to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org.

Phabricator config explicitly contained a reference to Equatower, it's now aphlict.nasqueron.org

Sep 23 2020, 21:02 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson added a comment to T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org.

Machine migration done with this workflow:

Sep 23 2020, 21:02 · Operations sprints (Consolidate them all), Servers, Salt, security
dereckson triaged T1627: Supersede equatower.nasqueron.org by docker-002.nasqueron.org as High priority.
Sep 23 2020, 21:00 · Operations sprints (Consolidate them all), Servers, Salt, security

Sep 22 2020

dereckson added a project to T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content: TrustSpace.
Sep 22 2020, 01:08 · TrustSpace, security, Servers
dereckson moved T1594: Acquisitariat and Etherpad issue from Backlog to Blocked on the Operations sprints (Consolidate them all) board.
Sep 22 2020, 00:57 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a comment to T1594: Acquisitariat and Etherpad issue.

All the quoted containers are priority candidates to be moved to Kubernetes cluster.

Sep 22 2020, 00:57 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson triaged T1594: Acquisitariat and Etherpad issue as Low priority.
Sep 22 2020, 00:56 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Sep 21 2020

dereckson added a parent task for T1521: Restrict MySQL access: T1619: Connect all baremetal servers to Drake network.
Sep 21 2020, 23:34 · Operations sprints (Consolidate them all), security, Servers
dereckson added a subtask for T1619: Connect all baremetal servers to Drake network: T1521: Restrict MySQL access.
Sep 21 2020, 23:34 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson moved T1619: Connect all baremetal servers to Drake network from Backlog to Pending review on the Operations sprints (Consolidate them all) board.
Sep 21 2020, 23:34 · Servers, Drake network, security, Operations sprints (Consolidate them all)

Sep 20 2020

dereckson added a revision to T1619: Connect all baremetal servers to Drake network: D2303: Create GRE tunnel between WindRiver and Ysul.
Sep 20 2020, 00:59 · Servers, Drake network, security, Operations sprints (Consolidate them all)
dereckson triaged T1619: Connect all baremetal servers to Drake network as Normal priority.
Sep 20 2020, 00:57 · Servers, Drake network, security, Operations sprints (Consolidate them all)

Jun 3 2020

dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2293: Provide a PaaS front-end role.
Jun 3 2020, 17:43 · security, Operations sprints (Consolidate them all)
dereckson added a parent task for T1616: Build a bastion - load balancers - private instances network topology: Unknown Object (Maniphest Task).
Jun 3 2020, 17:37 · security, Operations sprints (Consolidate them all)
dereckson triaged T1616: Build a bastion - load balancers - private instances network topology as Normal priority.
Jun 3 2020, 17:36 · security, Operations sprints (Consolidate them all)

Feb 23 2020

dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Pending review on the Operations sprints (Consolidate them all) board.
Feb 23 2020, 12:31 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a revision to T1602: Provision ACME DNS credentials for core domains on each servers: D2249: Allow to update ACME DNS accounts.
Feb 23 2020, 11:40 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson created T1602: Provision ACME DNS credentials for core domains on each servers.
Feb 23 2020, 11:40 · Operations sprints (Ignite Alkane Propulsion), security, Servers

Feb 15 2020

dereckson created Blog Post: New SSH keys for servers.
Feb 15 2020, 23:50 · security, Servers

Feb 14 2020

dereckson closed T667: Mitigate CVE-2016-0777 in SSH clients configuration files as Resolved.

OpenSSH now mitigates this.

Feb 14 2020, 17:40 · security, Servers
dereckson closed T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist as Wontfix.

We do'nt use sshguard anymore, as login by password is disabled, keys are required.

Feb 14 2020, 17:37 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson closed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547 as Resolved.
Feb 14 2020, 17:35 · security, Nasqueron Docker deployment squad
dereckson claimed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.

Done during the migration to EquaTower and Salt for aphlict cachet devcentral wolfphab acquisitariat etherpad tommy ci silly_bardeen.

Feb 14 2020, 17:35 · security, Nasqueron Docker deployment squad
dereckson added a comment to T1594: Acquisitariat and Etherpad issue.

The option is the same for Etherpad and DevCentral:

Feb 14 2020, 15:52 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a project to T1594: Acquisitariat and Etherpad issue: Operations sprints (Consolidate them all).
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson updated the task description for T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson created T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:42 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 8 2020

dereckson closed T1580: Deploy ACME-specific DNS server, a subtask of T1513: Propagate certificate to Openfire server, as Resolved.
Feb 8 2020, 18:39 · XMPP, security, Servers
dereckson closed T1580: Deploy ACME-specific DNS server as Resolved.
Feb 8 2020, 18:39 · Operations sprints (Consolidate them all), DNS, security, Servers

Feb 4 2020

dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2181: Allow certbot to use acme.nasqueron.org on Docker engines.
Feb 4 2020, 22:22 · Operations sprints (Consolidate them all), DNS, security, Servers
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator