With Salt, sudo files content are now managed from rOPS.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Mon, Mar 23
Mon, Mar 23
dereckson triaged T2286: Detect configuration drift by computing difference between Salt states and deployed as High priority.
Not a priority right now, as we use Alkane to trigger website deployments.
dereckson closed T1942: Allow Jenkins to trigger deployment through Salt, a subtask of T1750: Import FANTOIR database, as Wontfix.
See also T1784 to improve UX and URLs.
dereckson retitled D4026: Deploy or rotate Vault secrets from Once the AppRole have been created or updated in Vault by Terraform/OpenTofu, the relevant configuration files with AppRole credentials must be provisioned. to Deploy or rotate Vault secrets.
dereckson committed rOPS92ef1ec2e3d1: Block known datacenter ranges flooding Phabricator (authored by dereckson).
Block known datacenter ranges flooding Phabricator
dereckson committed rOPS7f3fde8da814: Help to install Arcanist dependencies (authored by dereckson).
Help to install Arcanist dependencies
Software has been renamed to Redpanda Connect:
Checked today, it works fine:
dereckson updated the task description for T1784: Parse URL in JavaScript in infra.nasqueron.org/config.
dereckson moved T1784: Parse URL in JavaScript in infra.nasqueron.org/config from Backlog to Dev on the good-first-issue board.
dereckson added a project to T1784: Parse URL in JavaScript in infra.nasqueron.org/config: good-first-issue.
Sun, Mar 22
Sun, Mar 22
dereckson triaged T2107: j'aimerais avoir une présence permanente sur internet as Wishlist priority.
dereckson committed rOPSed41f887d991: Revert "Try to install Salt 3006.8 as test dependency" (authored by dereckson).
Revert "Try to install Salt 3006.8 as test dependency"
dereckson added a revision to T2116: Drop of OCSP Service: D4025: Prune OCSP artefact from Git ignore list.
dereckson updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
Ah, that's now what we need, nice for the script!
Provision Vault policy for routers
Log from Terraform apply (grep router)
vault_policy.router: Creating... module.router_approle.vault_approle_auth_backend_role.this: Creating... module.router_approle.vault_approle_auth_backend_role.this: Creation complete after 0s [id=auth/approle/role/router] module.router_approle.data.vault_approle_auth_backend_role_id.this: Reading... module.router_approle.data.vault_approle_auth_backend_role_id.this: Read complete after 0s [id=auth/approle/role/router/role-id] module.router_approle.vault_approle_auth_backend_role_secret_id.this: Creating... vault_policy.router: Creation complete after 0s [id=router] module.router_approle.vault_approle_auth_backend_role_secret_id.this: Creation complete after 1s [id=backend=approle::role=router::accessor=...] module.router_approle.vault_kv_secret_v2.this: Creating... module.router_approle.vault_kv_secret_v2.this: Creation complete after 0s [id=ops/data/secrets/network/router/vault]
The file /usr/local/etc/devd/carp.conf :
You can directly use variables in the action to pass interface and state with $subsystem and $type
notify 0 {
match "system" "CARP";
match "subsystem" "[0-9]+@[0-9a-z.]+";
match "type" "(MASTER|BACKUP)";
action "/usr/local/scripts/carp-test.sh";
};Closed as inactive.
Next: configure DNS records
dereckson moved T2030: Provide wheel Python package for ruamel.yaml.clib in /opt/python from Backlog to Servers config on the Salt board.
dereckson placed T2030: Provide wheel Python package for ruamel.yaml.clib in /opt/python up for grabs.
This method works well, Salt automation is welcome.
dereckson shifted T2143: Hash Tomcat credentials from the Restricted Space space to the S1 Nasqueron space.
Solution is satisfactory and stable all summer long.
dereckson closed T2014: Serve https://nasqueron.org from web-001, a subtask of T1582: Implement XEP-0156, as Resolved.
dereckson removed a revision from T2014: Serve https://nasqueron.org from web-001: D3439: Automate www. deployment through Alkane.
We can consider we're done and handle the remaining as regular tasks.
All server has been upgraded to FreeBSD 15, excepted router-001, which will be decom when router-002/003 will be live.
https://migration.mediawiki.test.ook.space/w/index.php reports an unknown wiki.
[ Not working actively on this, also we'd need a repro URL. ]
[ Not actively working on this, but please ping me if you need this. ]
dereckson moved T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts from Backlog to Infra on the Auth Grove board.
dereckson triaged T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts as Normal priority.
Not working on this for now, and the number of services in our API doesn't make that urgent.
Not in misc anymore
Whitespace issues
Extract TeX live states to tex.sls for clarity. Fix symlink.
dereckson moved T1526: Make available TeX fonts to all the system on devserver from Backlog to Pending review on the Servers board.
For all CARP external documentation, I think I've found the threshold where information is outdated in that man page:
According carp(4) (man carp) examples section, the name has changed.
@dereckson I first tried to redefine the devd rule by matching specific IFNET event types such as LINK_UP, LINK_DOWN, UP and DOWN, but none of them were triggered during CARP state changes in my tests.
Procedure still the same in current TeX Live Guide, updated the link.
dereckson triaged T1526: Make available TeX fonts to all the system on devserver as Normal priority.
dereckson updated the task description for T2285: Allow to run recent Node version on Jenkins CI and CD.
dereckson updated the task description for T2285: Allow to run recent Node version on Jenkins CI and CD.
dereckson moved T2285: Allow to run recent Node version on Jenkins CI and CD from 🧭 Dispatch to 🟣 BACKEND - DevOps/Infra on the ServPulse board.
dereckson moved T2285: Allow to run recent Node version on Jenkins CI and CD from Backlog to Need Dockerfile or config on the Docker images board.
dereckson moved T2285: Allow to run recent Node version on Jenkins CI and CD from Backlog / triage to Deployment on the upsection board.
dereckson moved T2285: Allow to run recent Node version on Jenkins CI and CD from Backlog to Executor nodes / agents on the Jenkins board.
[ Deassigning, as it needs some CI love first, to be able to run modern Node 24 on Jenkins ]
notify 0 {
match "system" "IFNET";
match "subsystem" "vmx1";
action "logger CARP state change detected";
};A dedicated devd file was placed in /usr/local/etc/devd because this directory is usually used for custom configurations added by administrators, while /etc/devd contains the default system rules from FreeBSD. It makes the setup cleaner, avoids mixing custom logic with system configuration, and makes future maintenance or upgrades easier.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
yousra updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator