https://agora.nasqueron.org/Nasqueron_infrastructure_reference -> https://agora.nasqueron.org/Operations_grimoire
https://agora.nasqueron.org/Nasqueron_infrastructure_reference/Mail -> https://agora.nasqueron.org/Operations_grimoire/Mail
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 3 2024
Aug 3 2024
I've saved test run log earlier this afternoon, here it is:
Works fine.
Per previous comment, I'd advice to downgrade to 3006 LTS for paas-docker servers too.
We're downgrading to Salt 3006 on Linux servers to still be able to distribute credentials from 3006 server.
dereckson raised the priority of T1993: Salt migration to 3007, 3008 and extensions from Normal to High.
I've also discovered we can't deploy secrets to Salt 3007+ anymore from a Salt 3006 server:
dereckson moved T1991: Context has again been lost on /var/log/www from Backlog to To check again on the upstream board.
dereckson moved T1991: Context has again been lost on /var/log/www from Working on to Pending review on the Servers board.
dereckson moved T1992: Install patch on redhat family as part of core from Working on to Pending review on the Servers board.
dereckson moved T1994: Upgrade Salt repository on Debian from Backlog to Pending review on the Servers board.
dereckson moved T1998: Resolve conflict between core and shellserver roles for Vault in Salt configuration from Backlog to Bug and issues on the Salt board.
dereckson moved T1998: Resolve conflict between core and shellserver roles for Vault in Salt configuration from Backlog to Server config on the Eglide board.
Unit wanted to overwrite Eglide-specific Vault Salt configuration, I've opened T1998 for follow-up.
Eglide
$ salt-call --local state.apply roles/core/salt test=True […] ---------- ID: /etc/apt/keyrings/salt-archive-keyring-2023.gpg Function: file.managed Result: True Comment: The file /etc/apt/keyrings/salt-archive-keyring-2023.gpg is in the correct state Started: 16:25:09.653065 Duration: 7.356 ms Changes: ---------- ID: /etc/apt/sources.list.d/salt.list Function: file.managed Result: True Comment: The file /etc/apt/sources.list.d/salt.list is in the correct state Started: 16:25:09.660512 Duration: 1.221 ms Changes: […]
dereckson triaged T1998: Resolve conflict between core and shellserver roles for Vault in Salt configuration as Low priority.
Complector
$ salt dwellers state.apply hotfixes/salt dwellers: ---------- ID: T1991_egrep_patch Function: file.patch Name: /opt/saltstack/salt/lib/python3.10/site-packages/salt Result: True Comment: Patch successfully applied Started: 16:15:53.189797 Duration: 45.172 ms Changes: ---------- pid: 4123780 retcode: 0 stderr: stdout: patching file modules/csf.py patching file modules/selinux.py
dereckson added a revision to T1994: Upgrade Salt repository on Debian: D3393: Update Salt repository on Debian.
dereckson renamed T1994: Upgrade Salt repository on Debian from Upgrade Salt on Eglide to Upgrade Salt repository on Debian.
From router-001 network looks good:
Stopped currently not needed salt and node-exporter on router-001 to see if that helps.
dereckson renamed T1996: Servers on hyper-001 have network issues from Server outage: complector to Servers on hyper-001 have network issues.
dereckson shifted T1996: Servers on hyper-001 have network issues from the S1 Nasqueron space to the Restricted Space space.
dereckson lowered the priority of T1996: Servers on hyper-001 have network issues from Unbreak Now! to High.
Could be at hypervisor level. SSH failed until 13:22 where it worked immediately.
As of 13:18 UTC, SSH access works.
Also, at the same time, DevCentral is slow for arc diff or to publish this task. This delay behavior is similar as when DNS resolution timeouts occur.
dereckson added a revision to T1991: Context has again been lost on /var/log/www: D3392: Avoid egrep in Salt code base.
Eglide
$ salt-minion --versions Salt Version: Salt: 3007.1
dereckson added a subtask for T1950: Deploy PHP 8.3: T1995: PHP 8.2 and PHP 8.3 seems both to be installed on Eglide.
dereckson added a parent task for T1995: PHP 8.2 and PHP 8.3 seems both to be installed on Eglide: T1950: Deploy PHP 8.3.
dereckson moved T1995: PHP 8.2 and PHP 8.3 seems both to be installed on Eglide from Backlog to Servers on the PHP 8.x support board.
dereckson edited projects for T1994: Upgrade Salt repository on Debian, added: Servers, Eglide; removed Nasqueron Operations Squad, discussion.
We can actually provide P352 as hotfix.
Ok, with wget/wget2 transition still problematic (unrelated to patch package).
patch is available on Eglide as part of build-essential, so presumed OK for Debian
dereckson added a parent task for T1992: Install patch on redhat family as part of core: T1991: Context has again been lost on /var/log/www.
Logic looks good to me. Tested working fine on Prometheus.
dereckson retitled D3387: Expose metrics for dovecot from Init metrics for dovecot to Expose metrics for dovecot.
Live on Hervil.
I can query from Prometheus the metrics.
WindRiver
$ arc patch D3388 […]
certbot against Python 3.11 should be checked on dwellers and docker-002
Bump default versions to build ports
dereckson committed rOPS67fecad1cda9: Revert "Install Python 3.9 on CentOS/Rocky 8.5 machines" (authored by dereckson).
Revert "Install Python 3.9 on CentOS/Rocky 8.5 machines"
dereckson committed rOPSe0d579362756: Switch from fixes to flags in node pillar (authored by dereckson).
Switch from fixes to flags in node pillar
dereckson moved T1992: Install patch on redhat family as part of core from Backlog to Working on on the Servers board.
dereckson lowered the priority of T1991: Context has again been lost on /var/log/www from High to Normal.
I've applied P352 to replace egrep by grep -E on dwellers and docker-002.
I wanted to apply P354 to fix Salt SELinux issue with patch -p1 < ~/egrep.patch on docker-002.
Jul 31 2024
Jul 31 2024
DorianWinty added a revision to T1987: Dovecot Metrics: D3388: Scrape Dovecot metrics into Prometheus.
uncomment all default metrics
# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1722447303
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.21",revision="47349e2482"} 1
# EOFDorianWinty committed rOPSe8b486d9e75b: Scrape Postfix metrics into Prometheus (authored by DorianWinty).
Scrape Postfix metrics into Prometheus
dereckson moved T1991: Context has again been lost on /var/log/www from Backlog to Bug and issues on the Salt board.
Already reported upstream: https://github.com/saltstack/salt/issues/65608
Complector
$ cd /opt/salt/nasqueron-operations $ salt dwellers state.apply roles/webserver-core/nginx/config […] ---------- [3/295] ID: selinux_context_nginx_logs Function: selinux.fcontext_policy_present Name: /var/log/www Result: False Comment: An exception occurred in this state: Traceback (most recent call last): File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/state.py", line 2428, in call ret = self.states[cdata["full"]]( File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__ ret = self.loader.run(run_func, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as return _func_or_method(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1317, in wrapper return f(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/selinux.py", line 326, in fcontext_policy_present current_state = __salt__["selinux.fcontext_get_policy"]( File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__ ret = self.loader.run(run_func, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as return _func_or_method(*args, **kwargs) File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/selinux.py", line 507, in fcontext_get_policy "filespec": parts.group(1).strip(), AttributeError: 'NoneType' object has no attribute 'group' Started: 16:25:51.413301 Duration: 391.186 ms Changes: ---------- ID: selinux_context_nginx_logs_applied Function: selinux.fcontext_policy_applied Name: /var/log/www Result: True Comment: SElinux policies are already applied for filespec "/var/log/www" Started: 16:25:51.804764 Duration: 6.322 ms Changes: ---------- […]
DorianWinty added a comment to T1505: Automate Let's Encrypt TLS certificates management for every server.
31/07/2024 at 12h the devcentral.nasqueron.org certificate expired
Issue can be repro on Dwellers:
Jul 30 2024
Jul 30 2024
Author seems to report issues with the exporter and uses mtail.
DorianWinty added a revision to T1990: Export metrics for Postfix: D3386: Scrape Postfix metrics into Prometheus.
update depending of the hand made changes
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator