In D4026#62889, @dereckson wrote:Note: we're deploying a third secret for CARP routers scripts. If we've already that code merged, we'll need to append a line to deploy that state too.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Mon, Mar 23
Mon, Mar 23
updated for loop syntax
Note: we're deploying a third secret for CARP routers scripts. If we've already that code merged, we'll need to append a line to deploy that state too.
Added router-002
Next: try salt web-001 paas_docker.get_upstreams
dereckson retitled D2084: Usee Docker pillar information in nginx config from WIP: Use Docker pillar information in nginx config to Usee Docker pillar information in nginx config.
Removed cloudhugger
Rebased against current main for Alkane.
dereckson moved T2289: https://infra.nasqueron.org/cd/dashboard without trailing slash doesn't serve CSS from Backlog to Next on the Servers board.
dereckson triaged T2289: https://infra.nasqueron.org/cd/dashboard without trailing slash doesn't serve CSS as Normal priority.
This change is interesting and should be rebased.
This configuration is for Pixelfed old versions.
Not sure today if we still want to deploy through Docker, or if we would target Alkane PaaS for Espace Win sites. It's also unknown if it brings value to put back the forum archive.
Currently, zed51.dereckson.be serves a 500 error.
dereckson closed T1817: Update pillar path for paas_docker.get_subnets, a subtask of T2123: Fix tests for operations repository, as Resolved.
Tried to deploy on DevCentral - it's now an old container still using PHP 7.4.
dereckson closed T1475: Provision a mail server, a subtask of T4: Setup fauve services, as Resolved.
We can consider the mail server as deployed and create tasks for extra actions in the Mail projects.
dereckson closed T1475: Provision a mail server, a subtask of T1476: Host @wolfplex.be mail, as Resolved.
@DorianWinty Do we have everything in the configuration or is there some actionnables remaining?
dereckson closed T1932: ViMbAdmin Provisioning, a subtask of T1475: Provision a mail server, as Resolved.
Deployed and working fine.
dereckson closed T1931: Dovecot Provisioning, a subtask of T1475: Provision a mail server, as Resolved.
Dovecot deployed and working well.
[ Resetting assignee of long-assigned tasks. Feel free to reassign when working on this. ]
With Salt, sudo files content are now managed from rOPS.
dereckson triaged T2286: Detect configuration drift by computing difference between Salt states and deployed as High priority.
Not a priority right now, as we use Alkane to trigger website deployments.
dereckson closed T1942: Allow Jenkins to trigger deployment through Salt, a subtask of T1750: Import FANTOIR database, as Wontfix.
See also T1784 to improve UX and URLs.
dereckson retitled D4026: Deploy or rotate Vault secrets from Once the AppRole have been created or updated in Vault by Terraform/OpenTofu, the relevant configuration files with AppRole credentials must be provisioned. to Deploy or rotate Vault secrets.
dereckson committed rOPS92ef1ec2e3d1: Block known datacenter ranges flooding Phabricator (authored by dereckson).
Block known datacenter ranges flooding Phabricator
dereckson committed rOPS7f3fde8da814: Help to install Arcanist dependencies (authored by dereckson).
Help to install Arcanist dependencies
Software has been renamed to Redpanda Connect:
Checked today, it works fine:
dereckson updated the task description for T1784: Parse URL in JavaScript in infra.nasqueron.org/config.
dereckson moved T1784: Parse URL in JavaScript in infra.nasqueron.org/config from Backlog to Dev on the good-first-issue board.
dereckson added a project to T1784: Parse URL in JavaScript in infra.nasqueron.org/config: good-first-issue.
Sun, Mar 22
Sun, Mar 22
dereckson triaged T2107: j'aimerais avoir une présence permanente sur internet as Wishlist priority.
dereckson committed rOPSed41f887d991: Revert "Try to install Salt 3006.8 as test dependency" (authored by dereckson).
Revert "Try to install Salt 3006.8 as test dependency"
dereckson added a revision to T2116: Drop of OCSP Service: D4025: Prune OCSP artefact from Git ignore list.
dereckson updated the task description for T2276: Automate CARP VIP MAC reassignment using devd and OVH API.
Ah, that's now what we need, nice for the script!
Provision Vault policy for routers
Log from Terraform apply (grep router)
vault_policy.router: Creating... module.router_approle.vault_approle_auth_backend_role.this: Creating... module.router_approle.vault_approle_auth_backend_role.this: Creation complete after 0s [id=auth/approle/role/router] module.router_approle.data.vault_approle_auth_backend_role_id.this: Reading... module.router_approle.data.vault_approle_auth_backend_role_id.this: Read complete after 0s [id=auth/approle/role/router/role-id] module.router_approle.vault_approle_auth_backend_role_secret_id.this: Creating... vault_policy.router: Creation complete after 0s [id=router] module.router_approle.vault_approle_auth_backend_role_secret_id.this: Creation complete after 1s [id=backend=approle::role=router::accessor=...] module.router_approle.vault_kv_secret_v2.this: Creating... module.router_approle.vault_kv_secret_v2.this: Creation complete after 0s [id=ops/data/secrets/network/router/vault]
The file /usr/local/etc/devd/carp.conf :
You can directly use variables in the action to pass interface and state with $subsystem and $type
notify 0 {
match "system" "CARP";
match "subsystem" "[0-9]+@[0-9a-z.]+";
match "type" "(MASTER|BACKUP)";
action "/usr/local/scripts/carp-test.sh";
};Closed as inactive.
Next: configure DNS records
dereckson moved T2030: Provide wheel Python package for ruamel.yaml.clib in /opt/python from Backlog to Servers config on the Salt board.
dereckson placed T2030: Provide wheel Python package for ruamel.yaml.clib in /opt/python up for grabs.
This method works well, Salt automation is welcome.
dereckson shifted T2143: Hash Tomcat credentials from the Restricted Space space to the S1 Nasqueron space.
Solution is satisfactory and stable all summer long.
dereckson closed T2014: Serve https://nasqueron.org from web-001, a subtask of T1582: Implement XEP-0156, as Resolved.
dereckson removed a revision from T2014: Serve https://nasqueron.org from web-001: D3439: Automate www. deployment through Alkane.
We can consider we're done and handle the remaining as regular tasks.
All server has been upgraded to FreeBSD 15, excepted router-001, which will be decom when router-002/003 will be live.
https://migration.mediawiki.test.ook.space/w/index.php reports an unknown wiki.
[ Not working actively on this, also we'd need a repro URL. ]
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator