At Nasqueron, I maintain this Phabricator instance, and overview the operations infrastructure.
Website: https://www.dereckson.be/
Individual board: User-Dereckson
User Details
User Details
- User Since
- Nov 11 2014, 04:38 (274 w, 6 d)
- Roles
- Administrator
- Availability
- Available
Today
Today
dereckson updated the task description for T1104: Create a mail desk service.
Zammad - T1105 - looks better nowadays and a better fit for modern ticketing desk.
dereckson closed T424: Prepare a OTRS Docker image, a subtask of T1104: Create a mail desk service, as Wontfix.
Create docker group on Dwellers
$ salt dwellers state.sls roles/paas-docker/devel dwellers: ---------- ID: docker_group Function: group.present Name: docker Result: True Comment: The following group attributes are set to be changed: members: ['dereckson', 'sandlayth'] Started: 02:07:57.678065 Duration: 330.523 ms Changes: ---------- Final: All changes applied successfully
dereckson added a comment to T1105: Evaluate if Zammad wouldn't be useful.
A new version 3.2.0 has been released 2019-12-03 and contains an interesting part:
dereckson added a comment to T728: Deploy a MongoDB container.
A small note about why dedicated instances seem a better fit, here the resources consumed by a new container:
dereckson updated the diff for D2221: Create docker group on Dwellers.
Add missing group file
dereckson requested review of D2221: Create docker group on Dwellers.
dereckson committed rOPSa09a8ec40a3e: WIP: Install Docker development tools on Dwellers (authored by dereckson).
WIP: Install Docker development tools on Dwellers
Dwellers
$ sudo salt-call state.sls roles/paas-docker/devel [ERROR ] DNS lookup or connection check of 'ysul.nasqueron.org' failed. [ERROR ] Master hostname: 'ysul.nasqueron.org' not found or not responsive. Retrying in 30 seconds local: ---------- ID: docker_development_utilities Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 01:22:53.750840 Duration: 1107.63 ms Changes: ---------- ID: docker_development_utilities Function: pip.installed Name: docker-compose Result: True Comment: Python package docker-compose was already installed All specified packages are already installed Started: 01:22:55.322302 Duration: 1386.003 ms Changes:
dereckson committed rOPSe74fa7db23e0: Don't allow direct login as root through SSH (authored by dereckson).
Don't allow direct login as root through SSH
dereckson updated the diff for D2220: WIP: Install Docker development tools on Dwellers.
Remove sudo, the group will be created in another change (that's a group, not a sudoers rule)
Yesterday
Yesterday
dereckson closed T1034: Switch from root@ SSH login to sudo capabilities on every server as Resolved.
dereckson moved T1303: Allow _documents.xml to define a status code from Backlog to Feature requests on the Keruald board.
dereckson moved T1398: Allow to extract class name from a fully qualified class name expression from Backlog to Feature requests on the Keruald board.
dereckson moved T1399: Migrate globalfunctions calls to OmniTools from Backlog to Debt on the Keruald board.
dereckson moved T1544: Use PHP 7.4 mb_str_split in OmniString::getBigrams from Backlog to Debt on the Keruald board.
dereckson moved T1576: Methods to count by and group by arrays from Backlog to Feature requests on the Keruald board.
dereckson moved T1577: Arcanist ignores phpunit.xml to run unit tests in OmniTools from Backlog to Bugs on the Keruald board.
dereckson moved T1596: Revisit Sørensen–Dice coefficient from Backlog to Feature requests on the Keruald board.
dereckson requested review of D2220: WIP: Install Docker development tools on Dwellers.
dereckson added a revision to T1595: Reprovision Dwellers: D2220: WIP: Install Docker development tools on Dwellers.
dereckson requested review of D2219: Don't allow direct login as root through SSH.
dereckson added a project to T635: Add a VCS informative prompt to `arc shell`: Operations sprints (Consolidate them all).
zsh + starship looks a good solution too, but it's not packaged for Debian.
dereckson moved T824: Tests for SuEXEC on Ysul from Backlog to Pending review on the Operations sprints (Consolidate them all) board.
dereckson added a project to T824: Tests for SuEXEC on Ysul: Operations sprints (Consolidate them all).
Tests should be extended to development servers and made optional, as we don't currently have an Apache working.
dereckson renamed T1034: Switch from root@ SSH login to sudo capabilities on every server from Switch from root@ SSH login to sudo capabilities on Eglide to Switch from root@ SSH login to sudo capabilities on every server.
So, it works for two years. Let's restrict root login.
Sat, Feb 15
Sat, Feb 15
Normalize spaces
dereckson requested review of D2218: Normalize spaces.
dereckson committed rOPS6411e69c98b8: Use pillar information for IP and gateway in MOTD (authored by dereckson).
Use pillar information for IP and gateway in MOTD
dereckson requested review of D2217: Use pillar information for IP and gateway in MOTD.
dereckson added a revision to T1595: Reprovision Dwellers: D2217: Use pillar information for IP and gateway in MOTD.
dereckson committed rOPS15199849f8e4: Use net-tools to setup Dwellers IPv6 tunnel (authored by dereckson).
Use net-tools to setup Dwellers IPv6 tunnel
dereckson added a revision to T1595: Reprovision Dwellers: D2216: Use net-tools to setup Dwellers IPv6 tunnel.
dereckson requested review of D2216: Use net-tools to setup Dwellers IPv6 tunnel.
Enable Docker service
dereckson updated the diff for D2215: Enable Docker service.
Imports are generally more at top
dereckson requested review of D2215: Enable Docker service.
Fri, Feb 14
Fri, Feb 14
dereckson updated the task description for T1595: Reprovision Dwellers.
dereckson updated the task description for T1595: Reprovision Dwellers.
dereckson updated the task description for T1595: Reprovision Dwellers.
dereckson committed rOPSc0d212c71380: Ensure pip is installed in order to invoke it (authored by dereckson).
Ensure pip is installed in order to invoke it
Dwellers
$ salt-call -ldebug state.sls roles/paas-docker/salt [...] local: ---------- ID: required_python_packages_for_docker_and_salt Function: pkg.installed Name: python3-pip Result: True Comment: The following packages were installed/updated: python3-pip Started: 22:17:40.253082 Duration: 9016.292 ms Changes: ---------- python3-pip: ---------- new: 9.0.3-15.el8 old: python3-setuptools: ---------- new: 39.2.0-5.el8 old: python36: ---------- new: 3.6.8-2.module_el8.1.0+245+c39af44f old: ---------- ID: required_python_packages_for_docker_and_salt Function: pip.installed Name: docker Result: True Comment: All packages were successfully installed Started: 22:17:59.460883 Duration: 5336.004 ms Changes: ---------- docker==4.2.0: Installed
dereckson updated the diff for D2214: Ensure pip is installed in order to invoke it.
Fix SLS syntax
dereckson updated the diff for D2214: Ensure pip is installed in order to invoke it.
Rebase
dereckson updated the diff for D2214: Ensure pip is installed in order to invoke it.
Fix syntax
dereckson requested review of D2214: Ensure pip is installed in order to invoke it.
dereckson added a revision to T1595: Reprovision Dwellers: D2214: Ensure pip is installed in order to invoke it.
dereckson committed rOPSf5d41ce2de3a: Don't try to install last docker-ce version on CentOS (authored by dereckson).
Don't try to install last docker-ce version on CentOS
dereckson updated the diff for D2213: Don't try to install last docker-ce version on CentOS.
+creates
dereckson updated the diff for D2213: Don't try to install last docker-ce version on CentOS.
Confirm with -y to avoid it hangs out with salt-call
dereckson updated the summary of D2213: Don't try to install last docker-ce version on CentOS.
dereckson requested review of D2213: Don't try to install last docker-ce version on CentOS.
dereckson added a revision to T1595: Reprovision Dwellers: D2213: Don't try to install last docker-ce version on CentOS.
dereckson committed rOPS4223a88649d2: Ignore containers if zr isn't available (authored by dereckson).
Ignore containers if zr isn't available
dereckson added a revision to T1595: Reprovision Dwellers: D2212: Ignore containers if zr isn't available.
dereckson updated the summary of D2212: Ignore containers if zr isn't available.
dereckson requested review of D2212: Ignore containers if zr isn't available.
dereckson moved T275: Nginx proxies request with 127.0.0.1 as IP address from Working on to Backlog on the Forum board.
dereckson updated the task description for T275: Nginx proxies request with 127.0.0.1 as IP address.
dereckson added a parent task for T915: Preamble script for Phabricator: T275: Nginx proxies request with 127.0.0.1 as IP address.
dereckson added a comment to T275: Nginx proxies request with 127.0.0.1 as IP address.
Proxy is fine for DevCentral and other Phabricator containers, per T915 / D484 / 892cd0a35934.
OpenSSH now mitigates this.
Can't repro with current Etherpad version.
Done everywhere now, I've installed Salt 3000 and Python 3.6 on Dwellers.
We do'nt use sshguard anymore, as login by password is disabled, keys are required.
dereckson closed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547, a subtask of T743: Mitigate CVE-2015-7547 DNS glibc issue, as Resolved.