Page MenuHomeDevCentral
Feed All Stories

Mar 9 2023

dereckson requested review of D2868: Provide Nasqueron FreeBSD packages catalogue.
Mar 9 2023, 19:32
dereckson updated the diff for D2862: Adopt Salt Tower to merge pillar files.

Rebased

Mar 9 2023, 19:09
dereckson closed D2867: Configure client authentication.
Mar 9 2023, 01:58
dereckson committed rDPGSENTRYc7e5a06f8159: Configure client authentication (authored by dereckson).
Configure client authentication
Mar 9 2023, 01:58
dereckson committed rOPS573cff29c5b5: Switch to specialized Sentry PostgreSQL and wal2json Docker image (authored by dereckson).
Switch to specialized Sentry PostgreSQL and wal2json Docker image
Mar 9 2023, 01:58
dereckson closed D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 9 2023, 01:58
dereckson added a comment to D2867: Configure client authentication.

An image for this diff is available in our registry: docker pull registry.nasqueron.org/postgres-sentry:D2867.

Mar 9 2023, 01:57
dereckson updated the test plan for D2867: Configure client authentication.
Mar 9 2023, 01:56
dereckson accepted D2867: Configure client authentication.
$ docker logs sentry_db
[…]
CREATE DATABASE
Mar 9 2023, 01:55
dereckson accepted D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 9 2023, 01:53
dereckson added a revision to T1791: Refresh Sentry installation: D2867: Configure client authentication.
Mar 9 2023, 01:51 · Monitoring and reporting
dereckson updated the summary of D2867: Configure client authentication.
Mar 9 2023, 01:51
dereckson updated the test plan for D2867: Configure client authentication.
Mar 9 2023, 01:51
dereckson added a project to T1792: Docker registry HTTP / HTTPS mismatch: Nasqueron Docker deployment squad.
Mar 9 2023, 01:46 · Operations sprints (Ignite Alkane Propulsion), Nasqueron Docker deployment squad, Servers, documentation
dereckson triaged T1792: Docker registry HTTP / HTTPS mismatch as Normal priority.
Mar 9 2023, 01:46 · Operations sprints (Ignite Alkane Propulsion), Nasqueron Docker deployment squad, Servers, documentation
dereckson requested review of D2867: Configure client authentication.
Mar 9 2023, 01:42
dereckson added a comment to T1790: Trace eggdrop errors.

To create the payload, we can use a dictionary: [dict create code "$::errorCode" info "$::errorInfo" stack [info errorstack]].

Mar 9 2023, 01:11 · IRC, Monitoring and reporting, Dæghrefn
dereckson updated the summary of D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 9 2023, 00:32
dereckson updated the diff for D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.

Drop pg_hba.conf provisionning: /var/lib/postgresql/data must be empty to allow PostgreSQL initializing it.

Mar 9 2023, 00:31
dereckson closed D2866: Use preferred exec form for CMD.
Mar 9 2023, 00:02
dereckson committed rDPGSENTRY956f458e66d3: Use preferred exec form for CMD (authored by dereckson).
Use preferred exec form for CMD
Mar 9 2023, 00:02
dereckson accepted D2866: Use preferred exec form for CMD.
Mar 9 2023, 00:02
dereckson updated the test plan for D2866: Use preferred exec form for CMD.
Mar 9 2023, 00:02

Mar 8 2023

dereckson updated the summary of D2866: Use preferred exec form for CMD.
Mar 8 2023, 23:59
dereckson added a revision to T1791: Refresh Sentry installation: D2866: Use preferred exec form for CMD.
Mar 8 2023, 23:59 · Monitoring and reporting
dereckson requested review of D2866: Use preferred exec form for CMD.
Mar 8 2023, 23:59
dereckson updated the diff for D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.

+source file

Mar 8 2023, 23:50
dereckson updated the summary of D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:49
dereckson added a comment to rDPGSENTRY1d59efe54d37: Provide PostgreSQL and wal2json Docker image.

Built successfully at https://hub.docker.com/repository/docker/nasqueron/postgres-sentry

Mar 8 2023, 23:48
dereckson requested review of D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:47
dereckson added a revision to T1791: Refresh Sentry installation: D2865: Switch to specialized Sentry PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:47 · Monitoring and reporting
dereckson committed rDPGSENTRY1d59efe54d37: Provide PostgreSQL and wal2json Docker image (authored by dereckson).
Provide PostgreSQL and wal2json Docker image
Mar 8 2023, 23:33
dereckson closed D2864: Provide PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:33
dereckson accepted D2864: Provide PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:32
dereckson requested review of D2864: Provide PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:32
dereckson added a revision to T1791: Refresh Sentry installation: D2864: Provide PostgreSQL and wal2json Docker image.
Mar 8 2023, 23:32 · Monitoring and reporting
dereckson added a comment to T1791: Refresh Sentry installation.

PostgreSQL for Sentry requires a custom extension, wal2json.

Mar 8 2023, 23:21 · Monitoring and reporting
dereckson claimed T1768: Simplify paas-docker pillar with PillarStack.
Mar 8 2023, 21:52 · Salt
dereckson moved T1155: Fix JSON file comparison in PHPUnit or for our tests from Backlog to To report on the upstream board.
Mar 8 2023, 21:48 · upstream, Servers
dereckson closed T906: Allow to publish artefacts keeping chmod, a subtask of T907: Continous deployment for Wikidata access layer code, as Resolved.
Mar 8 2023, 21:47 · Continous integration and delivery, Wikimedia, Dæghrefn
dereckson closed T906: Allow to publish artefacts keeping chmod as Resolved.

Issue has been fixed in 2022, see https://github.com/jenkinsci/publish-over-ssh-plugin/pull/34

Mar 8 2023, 21:47 · Jenkins, upstream
dereckson updated the task description for T906: Allow to publish artefacts keeping chmod.
Mar 8 2023, 21:46 · Jenkins, upstream
dereckson moved T1561: Allow igal2 to operate with ImageMagick 7 from Backlog to To report on the upstream board.
Mar 8 2023, 21:44 · upstream, Operations sprints (Consolidate them all), Technical debt, Servers, freebsd-port-wanted
dereckson moved T1764: Review Python Docker library from Backlog to To report on the upstream board.
Mar 8 2023, 21:36 · upstream, Salt, Servers
dereckson lowered the priority of T1764: Review Python Docker library from High to Normal.

Decreased priority as a workaround exists and is applied.

Mar 8 2023, 21:36 · upstream, Salt, Servers
dereckson added a task to D2849: Apply version constraint to pip package, not pip itself: T1764: Review Python Docker library.
Mar 8 2023, 21:35
dereckson added a revision to T1764: Review Python Docker library: D2849: Apply version constraint to pip package, not pip itself.
Mar 8 2023, 21:35 · upstream, Salt, Servers
dereckson moved T1766: Move transmission logs into a dedicated file from Backlog to To check again on the upstream board.
Mar 8 2023, 21:33 · upstream, Servers
dereckson committed rOPSebbf9b0558be: Parse .sls as YAML for nano syntax highlighting (authored by dereckson).
Parse .sls as YAML for nano syntax highlighting
Mar 8 2023, 21:30
dereckson closed T1759: SaltStack support for nano as Resolved by committing rOPSebbf9b0558be: Parse .sls as YAML for nano syntax highlighting.
Mar 8 2023, 21:30 · Salt, Servers
dereckson closed D2863: Parse .sls as YAML for nano syntax highlighting.
Mar 8 2023, 21:30
dereckson accepted D2863: Parse .sls as YAML for nano syntax highlighting.

First run

Mar 8 2023, 21:29
dereckson updated the test plan for D2863: Parse .sls as YAML for nano syntax highlighting.
Mar 8 2023, 21:28
dereckson requested review of D2863: Parse .sls as YAML for nano syntax highlighting.
Mar 8 2023, 21:27
dereckson added a revision to T1759: SaltStack support for nano: D2863: Parse .sls as YAML for nano syntax highlighting.
Mar 8 2023, 21:27 · Salt, Servers
dereckson claimed T1759: SaltStack support for nano.
Mar 8 2023, 21:15 · Salt, Servers
dereckson requested review of D2862: Adopt Salt Tower to merge pillar files.
Mar 8 2023, 19:28
dereckson added a revision to T1768: Simplify paas-docker pillar with PillarStack: D2862: Adopt Salt Tower to merge pillar files.
Mar 8 2023, 19:28 · Salt
dereckson added a comment to D2790: WIP: Generate a pillar from NetBox information.

We also need pillar/core/network Drake content

Mar 8 2023, 01:37
dereckson closed D2861: Configure network and health check for Redis.
Mar 8 2023, 01:05
dereckson committed rOPSe26f76557ce5: Configure network and health check for Redis (authored by dereckson).
Configure network and health check for Redis
Mar 8 2023, 01:05
dereckson accepted D2861: Configure network and health check for Redis.
Mar 8 2023, 01:03
dereckson added a revision to T1791: Refresh Sentry installation: D2861: Configure network and health check for Redis.
Mar 8 2023, 01:00 · Monitoring and reporting
dereckson requested review of D2861: Configure network and health check for Redis.
Mar 8 2023, 01:00
dereckson removed a task from D2860: Deploy memcached container for Sentry: T1791: Refresh Sentry installation.
Mar 8 2023, 00:54
dereckson removed a revision from T1791: Refresh Sentry installation: D2860: Deploy memcached container for Sentry.
Mar 8 2023, 00:54 · Monitoring and reporting
dereckson committed rOPSec1f0fce0832: Deploy memcached container for Sentry (authored by dereckson).
Deploy memcached container for Sentry
Mar 8 2023, 00:54
dereckson closed D2859: Deploy memcached container for Sentry.
Mar 8 2023, 00:54
dereckson accepted D2859: Deploy memcached container for Sentry.
Mar 8 2023, 00:53
dereckson added a comment to D2859: Deploy memcached container for Sentry.

docker inspect <container> allows to check the health check log, and the interval, 30000000000 matches correctly 30s

Mar 8 2023, 00:53
dereckson updated the diff for D2859: Deploy memcached container for Sentry.

Switch to Alpine, so we've busybox nc for the healthcheck

Mar 8 2023, 00:51
dereckson abandoned D2860: Deploy memcached container for Sentry.

Duplicate of D2859

Mar 8 2023, 00:50
dereckson requested review of D2860: Deploy memcached container for Sentry.
Mar 8 2023, 00:49
dereckson added a revision to T1791: Refresh Sentry installation: D2860: Deploy memcached container for Sentry.
Mar 8 2023, 00:49 · Monitoring and reporting
dereckson added a revision to T1791: Refresh Sentry installation: D2859: Deploy memcached container for Sentry.
Mar 8 2023, 00:31 · Monitoring and reporting
dereckson requested review of D2859: Deploy memcached container for Sentry.
Mar 8 2023, 00:31

Mar 7 2023

dereckson committed rOPS1e938695e69e: Use 172.18.3.0/24 as Docker network for Sentry containers (authored by dereckson).
Use 172.18.3.0/24 as Docker network for Sentry containers
Mar 7 2023, 22:54
dereckson closed D2858: Use 172.18.3.0/24 as Docker network for Sentry containers.
Mar 7 2023, 22:54
dereckson accepted D2858: Use 172.18.3.0/24 as Docker network for Sentry containers.
Complector
$ salt docker-002 state.apply roles/paas-docker/docker/networks
docker-002:
----------
[…]
          ID: docker_network_sentry
    Function: docker_network.present
        Name: sentry
      Result: True
     Comment: Network 'sentry' created
     Started: 22:49:11.811458
    Duration: 89.937 ms
     Changes:
              ----------
              created:
                  True
[…]
Mar 7 2023, 22:54
dereckson added a revision to T1791: Refresh Sentry installation: D2858: Use 172.18.3.0/24 as Docker network for Sentry containers.
Mar 7 2023, 22:46 · Monitoring and reporting
dereckson requested review of D2858: Use 172.18.3.0/24 as Docker network for Sentry containers.
Mar 7 2023, 22:46
dereckson closed D2857: Update Exim MTA container configuration.
Mar 7 2023, 22:11
dereckson committed rOPSb104a9d10f59: Update Exim MTA container configuration (authored by dereckson).
Update Exim MTA container configuration
Mar 7 2023, 22:11
dereckson updated the diff for D2857: Update Exim MTA container configuration.

Fix typo

Mar 7 2023, 22:11
dereckson accepted D2857: Update Exim MTA container configuration.
$ ssh -t docker-002 deploy-container exim
local:
----------
          ID: /srv/exim/sentry_smtp
    Function: file.directory
      Result: True
     Comment: The directory /srv/exim/sentry_smtp is in the correct state
     Started: 22:09:41.165494
    Duration: 5.888 ms
     Changes:
----------
          ID: /srv/exim/sentry_smtp/spool
    Function: file.directory
      Result: True
     Comment:
     Started: 22:09:41.171564
    Duration: 1.671 ms
     Changes:
              ----------
              /srv/exim/sentry_smtp/spool:
                  ----------
                  directory:
                      new
----------
          ID: /srv/exim/sentry_smtp/log
    Function: file.directory
      Result: True
     Comment:
     Started: 22:09:41.173356
    Duration: 1.553 ms
     Changes:
              ----------
              /srv/exim/sentry_smtp/log:
                  ----------
                  directory:
                      new
----------
          ID: /srv/exim/sentry_smtp/mailname
    Function: file.managed
      Result: True
     Comment: File /srv/exim/sentry_smtp/mailname is in the correct state
     Started: 22:09:41.175029
    Duration: 29.635 ms
     Changes:
----------
          ID: selinux_context_sentry_smtp_exim_data
    Function: selinux.fcontext_policy_present
        Name: /srv/exim/sentry_smtp
      Result: True
     Comment: SELinux policy for "/srv/exim/sentry_smtp" already present with specified filetype "all files" and sel_type "container_file_t".
     Started: 22:09:41.207344
    Duration: 397.715 ms
     Changes:
----------
          ID: selinux_context_sentry_smtp_exim_data_applied
    Function: selinux.fcontext_policy_applied
        Name: /srv/exim/sentry_smtp
      Result: True
     Comment: SElinux policies are already applied for filespec "/srv/exim/sentry_smtp"
     Started: 22:09:41.605608
    Duration: 13.955 ms
     Changes:
----------
          ID: sentry_smtp
    Function: docker_container.running
      Result: True
     Comment: Replaced container 'sentry_smtp'
     Started: 22:09:41.674233
    Duration: 3848.801 ms
     Changes:
              ----------
              container:
                  ----------
                  Config:
                      ----------
                      Volumes:
                          ----------
                          new:
                              ----------
                              /etc/mailname:
                                  ----------
                              /var/log/exim4:
                                  ----------
                              /var/spool/exim4:
                                  ----------
                          old:
                              ----------
                              /var/log/exim4:
                                  ----------
                              /var/spool/exim4:
                                  ----------
                  HostConfig:
                      ----------
                      Binds:
                          ----------
                          new:
                              - /srv/exim/sentry_smtp/mailname:/etc/mailname:ro
                              - /srv/exim/sentry_smtp/spool:/var/spool/exim4
                              - /srv/exim/sentry_smtp/log:/var/log/exim4
                          old:
                              None
              container_id:
                  ----------
                  added:
                      b060c7cda35cef48e3ab804150832e10f973aa5f71a4261e37e7bdfb331159f4
                  removed:
                      - 3baa77c17efa641675a342682b6ed636b605fd888706fc23376b09fb93e27064
Mar 7 2023, 22:10
dereckson updated the summary of D2857: Update Exim MTA container configuration.
Mar 7 2023, 22:07
dereckson added a revision to T1791: Refresh Sentry installation: D2857: Update Exim MTA container configuration.
Mar 7 2023, 22:06 · Monitoring and reporting
dereckson requested review of D2857: Update Exim MTA container configuration.
Mar 7 2023, 22:06
dereckson closed D2856: Document the repository as legacy.
Mar 7 2023, 20:35
dereckson committed rZRedeb464cd715: Document the repository as legacy (authored by dereckson).
Document the repository as legacy
Mar 7 2023, 20:35
dereckson accepted D2856: Document the repository as legacy.
Mar 7 2023, 20:33
dereckson requested review of D2856: Document the repository as legacy.
Mar 7 2023, 20:33
dereckson added a comment to T1559: Figure how to deploy automatically /var/51-wwwroot credentials.

Documentation says Zemke-Rhyme Phabricator account should be used.

Mar 7 2023, 20:27 · Operations sprints (Consolidate them all), Vault, Servers
dereckson closed T1425: Provision secrets through Salt as Resolved.

All secrets are now stored in Vault and provisioned through Salt, with policies restricting access to secrets by node.

Mar 7 2023, 20:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson closed T929: Determine a policy for vault master key, a subtask of T928: Deploy Vault to store credentials, as Wontfix.
Mar 7 2023, 20:24 · User-Sandlayth, Vault
dereckson closed T929: Determine a policy for vault master key as Wontfix.

The point is currently moot as we don't have an operations SIG large enough to allow key shares.

Mar 7 2023, 20:24 · Vault
dereckson lowered the priority of T928: Deploy Vault to store credentials from High to Normal.

Current status: ZR has been decom, we now deploy credentials through from Vault.

Mar 7 2023, 20:23 · User-Sandlayth, Vault
dereckson awarded T930: Secrets to migrate from DevCentral to Vault a Evil Spooky Haunted Tree token.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson closed T930: Secrets to migrate from DevCentral to Vault, a subtask of T928: Deploy Vault to store credentials, as Resolved.
Mar 7 2023, 20:19 · User-Sandlayth, Vault
dereckson closed T930: Secrets to migrate from DevCentral to Vault as Resolved.
Mar 7 2023, 20:19 · User-Dereckson, Vault, Nasqueron Operations Squad, security