- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Mar 8 2023
Mar 8 2023
dereckson removed a revision from T1791: Refresh Sentry installation: D2860: Deploy memcached container for Sentry.
dereckson committed rOPSec1f0fce0832: Deploy memcached container for Sentry (authored by dereckson).
Deploy memcached container for Sentry
docker inspect <container> allows to check the health check log, and the interval, 30000000000 matches correctly 30s
Switch to Alpine, so we've busybox nc for the healthcheck
Duplicate of D2859
dereckson added a revision to T1791: Refresh Sentry installation: D2860: Deploy memcached container for Sentry.
dereckson added a revision to T1791: Refresh Sentry installation: D2859: Deploy memcached container for Sentry.
Mar 7 2023
Mar 7 2023
dereckson committed rOPS1e938695e69e: Use 172.18.3.0/24 as Docker network for Sentry containers (authored by dereckson).
Use 172.18.3.0/24 as Docker network for Sentry containers
Complector
$ salt docker-002 state.apply roles/paas-docker/docker/networks docker-002: ---------- […] ID: docker_network_sentry Function: docker_network.present Name: sentry Result: True Comment: Network 'sentry' created Started: 22:49:11.811458 Duration: 89.937 ms Changes: ---------- created: True […]
dereckson committed rOPSb104a9d10f59: Update Exim MTA container configuration (authored by dereckson).
Update Exim MTA container configuration
Fix typo
$ ssh -t docker-002 deploy-container exim local: ---------- ID: /srv/exim/sentry_smtp Function: file.directory Result: True Comment: The directory /srv/exim/sentry_smtp is in the correct state Started: 22:09:41.165494 Duration: 5.888 ms Changes: ---------- ID: /srv/exim/sentry_smtp/spool Function: file.directory Result: True Comment: Started: 22:09:41.171564 Duration: 1.671 ms Changes: ---------- /srv/exim/sentry_smtp/spool: ---------- directory: new ---------- ID: /srv/exim/sentry_smtp/log Function: file.directory Result: True Comment: Started: 22:09:41.173356 Duration: 1.553 ms Changes: ---------- /srv/exim/sentry_smtp/log: ---------- directory: new ---------- ID: /srv/exim/sentry_smtp/mailname Function: file.managed Result: True Comment: File /srv/exim/sentry_smtp/mailname is in the correct state Started: 22:09:41.175029 Duration: 29.635 ms Changes: ---------- ID: selinux_context_sentry_smtp_exim_data Function: selinux.fcontext_policy_present Name: /srv/exim/sentry_smtp Result: True Comment: SELinux policy for "/srv/exim/sentry_smtp" already present with specified filetype "all files" and sel_type "container_file_t". Started: 22:09:41.207344 Duration: 397.715 ms Changes: ---------- ID: selinux_context_sentry_smtp_exim_data_applied Function: selinux.fcontext_policy_applied Name: /srv/exim/sentry_smtp Result: True Comment: SElinux policies are already applied for filespec "/srv/exim/sentry_smtp" Started: 22:09:41.605608 Duration: 13.955 ms Changes: ---------- ID: sentry_smtp Function: docker_container.running Result: True Comment: Replaced container 'sentry_smtp' Started: 22:09:41.674233 Duration: 3848.801 ms Changes: ---------- container: ---------- Config: ---------- Volumes: ---------- new: ---------- /etc/mailname: ---------- /var/log/exim4: ---------- /var/spool/exim4: ---------- old: ---------- /var/log/exim4: ---------- /var/spool/exim4: ---------- HostConfig: ---------- Binds: ---------- new: - /srv/exim/sentry_smtp/mailname:/etc/mailname:ro - /srv/exim/sentry_smtp/spool:/var/spool/exim4 - /srv/exim/sentry_smtp/log:/var/log/exim4 old: None container_id: ---------- added: b060c7cda35cef48e3ab804150832e10f973aa5f71a4261e37e7bdfb331159f4 removed: - 3baa77c17efa641675a342682b6ed636b605fd888706fc23376b09fb93e27064
dereckson added a revision to T1791: Refresh Sentry installation: D2857: Update Exim MTA container configuration.
Document the repository as legacy
Documentation says Zemke-Rhyme Phabricator account should be used.
All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.
dereckson closed T929: Determine a policy for vault master key, a subtask of T928: Deploy Vault to store credentials, as Wontfix.
The point is currently moot as we don't have an operations SIG large enough to allow key shares.
Current status: ZR has been decom, we now deploy credentials through from Vault.
dereckson awarded T930: Secrets to migrate from DevCentral to Vault a Evil Spooky Haunted Tree token.
dereckson closed T930: Secrets to migrate from DevCentral to Vault, a subtask of T928: Deploy Vault to store credentials, as Resolved.
And with the Zemke-Rhyne decom, we're done.
Decommission Zemke-Rhyne
Update UID information
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D2854: Decommission Zemke-Rhyne.
Zemke-Rhyne is now decommissioned, as all secrets have been migrated to Vault.
dereckson committed rOPSe96da24d4a2e: Remove Docker devicemapper configuration (authored by dereckson).
Remove Docker devicemapper configuration
Also, D2853 offers a nice thing to link to: we need to ensure if the source file: value matches the filename.
dereckson committed rOPS06e3f268ce3c: Update source file header for docker-002 HE tunnel (authored by dereckson).
Update source file header for docker-002 HE tunnel
Fix space issue
Decommission docker-001
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2851: Decommission docker-001.
Provision docker-002
Consolidate network for pillar
Update network to reuse docker-001 canonical IPv4 and IPv6
dereckson added a revision to T1779: Provision docker-002 Docker Engine: D2787: Provision docker-002.
dereckson retitled D2787: Provision docker-002 from WIP: Provision docker-002 to Provision docker-002.
Deploy tmux-reattach
Alternative way: tmux new -AD -s some-session-name, so yup, seems a correct approach without naming sessions.
dereckson renamed T1791: Refresh Sentry installation from Refresh Sentry installation to CalVer modern releases to Refresh Sentry installation.
dereckson committed rOPS9d8ff4d04770: Apply version constraint to pip package, not pip itself (authored by dereckson).
Apply version constraint to pip package, not pip itself
dereckson closed T1788: Fix sentry wrapper SECRET_KEY templating as Resolved by committing rOPS69a1765ac933: Fix credential helper and sentry wrapper.
dereckson committed rOPS69a1765ac933: Fix credential helper and sentry wrapper (authored by dereckson).
Fix credential helper and sentry wrapper
dereckson committed rOPS7d5ca48769a2: Set proxy_redirect for notifications.nasqueron.org nginx vhost (authored by dereckson).
Set proxy_redirect for notifications.nasqueron.org nginx vhost
dereckson committed rOPS081f42df7128: Reformat paas-docker nginx configuration files for vhosts (authored by dereckson).
Reformat paas-docker nginx configuration files for vhosts
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator