Page MenuHomeDevCentral

dereckson (Sébastien Santoro)
Nasqueron founderAdministrator

Projects (89)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Nov 11 2014, 04:38 (517 w, 2 d)
Roles
Administrator
Availability
Available

At Nasqueron, I maintain this Phabricator instance, and overview the operations infrastructure.

Website: https://www.dereckson.be/

Individual board: User-Dereckson

Recent Activity

Yesterday

dereckson moved T2015: Migrate remaining sites from ysul to Alkane from Backlog to Sites migrations on the Alkane board.
Wed, Oct 9, 19:28 · Alkane
dereckson moved T2053: Build a port for Alkane from Backlog to Bugs and features on the Alkane board.
Wed, Oct 9, 19:27 · Alkane, freebsd-port-wanted
dereckson triaged T2053: Build a port for Alkane as High priority.
Wed, Oct 9, 18:55 · Alkane, freebsd-port-wanted
dereckson closed T2048: Setup reverse DNS for 195.154.30.15 as Resolved.

Local cache is OK.

Wed, Oct 9, 18:47 · Servers
dereckson lowered the priority of T2051: Can't renew TLS certificates verified through HTTP on docker engines from High to Normal.
Wed, Oct 9, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Wed, Oct 9, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Salt SELinux module issue

Wed, Oct 9, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to T2052: Salt mixes Python and grep regular expressions for SELinux code.

Priority is high as it can affect our certificate renewal process.

Wed, Oct 9, 18:44 · upstream, Salt
dereckson triaged T2052: Salt mixes Python and grep regular expressions for SELinux code as High priority.
Wed, Oct 9, 18:43 · upstream, Salt
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Wed, Oct 9, 18:07 · security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to D3501: Allow nginx to read /.well-known/acme-challenge.
Complector
$ salt docker-002 state.apply roles/core/certificates/letsencrypt
[…]
          ID: selinux_context_certbot_www
    Function: selinux.fcontext_policy_present
        Name: /var/letsencrypt-auto
      Result: True
     Comment:
     Started: 18:00:54.789434
    Duration: 1865.606 ms
     Changes:
              ----------
              new:
                  ----------
                  /var/letsencrypt-auto:
                      ----------
                      filetype:
                          all files
                      sel_type:
                          httpd_sys_content_t
              old:
                  ----------
----------
          ID: selinux_context_certbot_www_applied
    Function: selinux.fcontext_policy_applied
        Name: /var/letsencrypt-auto
      Result: True
     Comment: SElinux policies are already applied for filespec "/var/letsencrypt-auto"
     Started: 18:00:56.655250
    Duration: 7.813 ms
     Changes:
[…]
Wed, Oct 9, 18:04
dereckson updated the diff for D3501: Allow nginx to read /.well-known/acme-challenge.

+has_selinux

Wed, Oct 9, 17:59
dereckson requested review of D3501: Allow nginx to read /.well-known/acme-challenge.
Wed, Oct 9, 17:48
dereckson added a revision to T2051: Can't renew TLS certificates verified through HTTP on docker engines: D3501: Allow nginx to read /.well-known/acme-challenge.
Wed, Oct 9, 17:48 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Pending review on the Servers board.
Wed, Oct 9, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Working on on the Nasqueron Docker deployment squad board.

SELinux context was the default for anything created under /var, which we didn't allow and aren't interested to allow for nginx.

Wed, Oct 9, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson triaged T2051: Can't renew TLS certificates verified through HTTP on docker engines as High priority.
Wed, Oct 9, 16:02 · security, Nasqueron Docker deployment squad, Servers
dereckson created T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Wed, Oct 9, 16:01 · security, Nasqueron Docker deployment squad, Servers

Tue, Oct 8

dereckson added a revision to T2050: organization.member_invited GitHub event triggers a 500: D3500: Handle organization and projects_v2 GitHub events.
Tue, Oct 8, 22:43 · Notifications center
dereckson added a comment to T2050: organization.member_invited GitHub event triggers a 500.

The same issue is triggered by projects_v2, again because there is no repository.

Tue, Oct 8, 22:27 · Notifications center
dereckson triaged T2050: organization.member_invited GitHub event triggers a 500 as Normal priority.
Tue, Oct 8, 22:23 · Notifications center
dereckson created P361 organization. member_invited payload.
Tue, Oct 8, 22:17 · Notifications center
dereckson closed T319: Prepare a guide to explain how to contribute to dev projects as Resolved.

The documentation is now more comprehensive and include the steps to contribute.

Tue, Oct 8, 00:56 · DevCentral, Agora
dereckson moved T798: Add Signed-Off field to Differential from Backlog to Custom development on the DevCentral board.
Tue, Oct 8, 00:55 · DevCentral
dereckson added a comment to T990: Deploy MetricsGrimoire and vizGrimoire.

Development switched to https://chaoss.github.io/grimoirelab/

Tue, Oct 8, 00:54 · DevCentral
dereckson closed T966: improve how to contribute on agora as Resolved.

That workflow has been added to the main documentation page.

Tue, Oct 8, 00:52 · User-xcombelle, Agora, documentation, DevCentral
dereckson moved T1499: Add Access-Control-Allow-Origin headers to fonts in Phabricator nginx configuration from Backlog to Custom development on the DevCentral board.
Tue, Oct 8, 00:50 · Nasqueron Docker deployment squad, Docker images, DevCentral
dereckson updated the task description for T2035: Tidy up Keruald\GitHub package repository.
Tue, Oct 8, 00:49 · User-Dereckson, Keruald, Notifications center
dereckson moved T987: Add SSH support to Phabricator image from Next to Backlog on the User-Dereckson board.
Tue, Oct 8, 00:48 · User-Dereckson, Docker images
dereckson moved T1678: Health check and reporting library from Next to Backlog on the User-Dereckson board.
Tue, Oct 8, 00:48 · User-Dereckson, Keruald, Zed
dereckson added a comment to T614: Browse and search whole Nasqueron codebase.

code.nasqueron.org with Hound is stable enough to close this task.

Tue, Oct 8, 00:47 · User-Dereckson, Continous integration and delivery, DevCentral
dereckson closed T614: Browse and search whole Nasqueron codebase as Resolved.
Tue, Oct 8, 00:47 · User-Dereckson, Continous integration and delivery, DevCentral
dereckson moved T1676: Serve Zed on webserver-alkane from In progress to Backlog on the User-Dereckson board.
Tue, Oct 8, 00:46 · User-Dereckson, Servers, PHP 8.x support, Zed
dereckson moved T1937: Update FreeBSD packages Nasqueron repository from Backlog to Pending review on the Servers board.
Tue, Oct 8, 00:46 · Servers, User-Dereckson
dereckson moved T1937: Update FreeBSD packages Nasqueron repository from Backlog to Code review / Peering on the User-Dereckson board.
Tue, Oct 8, 00:46 · Servers, User-Dereckson
dereckson moved T1681: Publish schema.nasqueron.org from Next to Backlog on the User-Dereckson board.
Tue, Oct 8, 00:45 · Schemas, Salt, User-Dereckson, Servers
dereckson moved T2049: Release api-exec from Backlog to Next on the User-Dereckson board.
Tue, Oct 8, 00:45 · Nasqueron API, User-Dereckson, Servers
dereckson moved T2049: Release api-exec from Backlog to New ideas on the Nasqueron API board.
Tue, Oct 8, 00:44 · Nasqueron API, User-Dereckson, Servers
dereckson added a project to T2049: Release api-exec: Nasqueron API.
Tue, Oct 8, 00:44 · Nasqueron API, User-Dereckson, Servers
dereckson triaged T2049: Release api-exec as Low priority.
Tue, Oct 8, 00:44 · Nasqueron API, User-Dereckson, Servers
dereckson moved T2039: Automate Poudriere deployment from Backlog to Pending review on the Servers board.
Tue, Oct 8, 00:32 · Servers
dereckson added a comment to D3498: Support several ABI for FreeBSD packages repository.

Reference for ABI: https://wiki.osdev.org/System_V_ABI

Tue, Oct 8, 00:30
dereckson triaged T2043: Switch to acme.sh instead of certbot as High priority.
Tue, Oct 8, 00:15 · Servers
dereckson added a comment to T2048: Setup reverse DNS for 195.154.30.15.

Authoritative DNS

Tue, Oct 8, 00:15 · Servers
dereckson requested review of D3499: Install vault-medusa and roll on devserver role.
Tue, Oct 8, 00:11
dereckson added a revision to T2037: Provide roll on devserver role: D3499: Install vault-medusa and roll on devserver role.
Tue, Oct 8, 00:11 · Servers, freebsd-port-wanted
dereckson added a revision to T2046: Deploy Medusa on devserver role: D3499: Install vault-medusa and roll on devserver role.
Tue, Oct 8, 00:11 · upstream, freebsd-port-wanted, Vault, Servers
dereckson requested review of D3498: Support several ABI for FreeBSD packages repository.
Tue, Oct 8, 00:05
dereckson added a revision to T1937: Update FreeBSD packages Nasqueron repository : D3498: Support several ABI for FreeBSD packages repository.
Tue, Oct 8, 00:05 · Servers, User-Dereckson

Mon, Oct 7

dereckson added a revision to T1850: Move packages from Ysul to WindRiver: D3497: Serve packages.nasqueron.org from WindRiver.
Mon, Oct 7, 23:26 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson requested review of D3497: Serve packages.nasqueron.org from WindRiver.
Mon, Oct 7, 23:26
dereckson added a comment to T1850: Move packages from Ysul to WindRiver.

DNS change

Mon, Oct 7, 23:20 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson added a comment to T1850: Move packages from Ysul to WindRiver.

For RHEL 8, we probably only need docker-processes, but roles/paas-docker/devel refers dive too.

Mon, Oct 7, 22:49 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson added a comment to T2048: Setup reverse DNS for 195.154.30.15.

There are indeed authoritative:

Mon, Oct 7, 22:22 · Servers
dereckson moved T2048: Setup reverse DNS for 195.154.30.15 from Working on to Pending review on the Servers board.
Mon, Oct 7, 22:19 · Servers
dereckson added a comment to T2048: Setup reverse DNS for 195.154.30.15.

Done at the console, but DNS records aren't instantaneously updated, and I'm not even sure those are authoritative (they are for poneytelecom.eu):

Mon, Oct 7, 22:19 · Servers
dereckson moved T2048: Setup reverse DNS for 195.154.30.15 from Backlog to Working on on the Servers board.
Mon, Oct 7, 22:15 · Servers
dereckson triaged T2048: Setup reverse DNS for 195.154.30.15 as High priority.
Mon, Oct 7, 22:15 · Servers
dereckson added a comment to T1850: Move packages from Ysul to WindRiver.

2024-10 plan:

Mon, Oct 7, 21:02 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson added a comment to T1937: Update FreeBSD packages Nasqueron repository .

Choose to only support FreeBSD:14:amd64 ABI or to use /${ABI}/ in path

Mon, Oct 7, 20:52 · Servers, User-Dereckson
dereckson updated the summary of D3495: Create datacube for FreeBSD Nasqueron packages repository.
Mon, Oct 7, 20:48
dereckson retitled D3495: Create datacube for FreeBSD Nasqueron packages repository from Create datacube for FreeBSD Nasqueron packages repository Role freebsd-repo uses the /var/repo directory. It makes sense in the context of the devserver this is a datacube ZFS dataset belonging to the builder user. to Create datacube for FreeBSD Nasqueron packages repository.
Mon, Oct 7, 20:45
dereckson requested review of D3496: Deploy freebsd-repo role on WindRiver.
Mon, Oct 7, 20:44
dereckson added a revision to T1850: Move packages from Ysul to WindRiver: D3496: Deploy freebsd-repo role on WindRiver.
Mon, Oct 7, 20:44 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson requested review of D3495: Create datacube for FreeBSD Nasqueron packages repository.
Mon, Oct 7, 20:40
dereckson added a revision to T1850: Move packages from Ysul to WindRiver: D3495: Create datacube for FreeBSD Nasqueron packages repository.
Mon, Oct 7, 20:40 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson added a subtask for T2046: Deploy Medusa on devserver role: T1850: Move packages from Ysul to WindRiver.
Mon, Oct 7, 20:27 · upstream, freebsd-port-wanted, Vault, Servers
dereckson added a subtask for T2037: Provide roll on devserver role: T1850: Move packages from Ysul to WindRiver.
Mon, Oct 7, 20:27 · Servers, freebsd-port-wanted
dereckson added parent tasks for T1850: Move packages from Ysul to WindRiver: T2046: Deploy Medusa on devserver role, T2037: Provide roll on devserver role.
Mon, Oct 7, 20:27 · Operations sprints (Ignite Alkane Propulsion), Alkane, Servers
dereckson triaged T2047: Dovecot :stats listen to world on port 9900 as Normal priority.
Mon, Oct 7, 20:17 · Servers, Mail
dereckson moved T2047: Dovecot :stats listen to world on port 9900 from Backlog to Pending review on the Servers board.
Mon, Oct 7, 20:17 · Servers, Mail
dereckson moved T2047: Dovecot :stats listen to world on port 9900 from Backlog - On hold pending T1475 to Pending review on the Mail board.
Mon, Oct 7, 20:16 · Servers, Mail
dereckson renamed T2047: Dovecot :stats listen to world on port 9900 from Dovecot :stats listen to world on port 9000 to Dovecot :stats listen to world on port 9900.
Mon, Oct 7, 20:16 · Servers, Mail
dereckson updated the diff for D3494: Serve ccache metrics and other utilities through api-exec.

At first uwsgi.yml and api-exec.conf was two separate files. So the difference of spacing. Let's use 2 spaces everywhere, per .editorconfig.

Mon, Oct 7, 20:15
dereckson updated the diff for D3494: Serve ccache metrics and other utilities through api-exec.

Allow to customize mime-type so we can serve application/openmetrics-text for metrics. Set PATH so /usr/local/bin is always in path, regardless how the service is launched.

Mon, Oct 7, 20:11
dereckson added a comment to T1931: Dovecot Provisioning.

We also need a monitoring script to detect those cases:

Mon, Oct 7, 01:08 · Mail, Restricted Project, Servers
dereckson added a comment to D3494: Serve ccache metrics and other utilities through api-exec.

I've put a live patch in WindRiver to use ccache-metrics with the correct header, Prometheus can then parse correctly the info type.

Mon, Oct 7, 00:52
dereckson added a comment to D3492: Export metrics for ccache.

Tested with Prometheus, we can see the metrics at http://localhost:9090/graph

Mon, Oct 7, 00:51
dereckson updated the diff for D3492: Export metrics for ccache.

Adhere to OpenMetrics format

Mon, Oct 7, 00:49
dereckson planned changes to D3494: Serve ccache metrics and other utilities through api-exec.

Need to customize header to adhere to OpenMetrics specification.

Mon, Oct 7, 00:37
dereckson updated the diff for D3494: Serve ccache metrics and other utilities through api-exec.

Spaces

Mon, Oct 7, 00:18
dereckson updated the summary of D3494: Serve ccache metrics and other utilities through api-exec.
Mon, Oct 7, 00:17
dereckson added a revision to T2039: Automate Poudriere deployment: D3494: Serve ccache metrics and other utilities through api-exec.
Mon, Oct 7, 00:17 · Servers
dereckson requested review of D3494: Serve ccache metrics and other utilities through api-exec.
Mon, Oct 7, 00:16

Sun, Oct 6

dereckson updated the diff for D3493: Provide content for fortune on FreeBSD.

rm extraneous EOL

Sun, Oct 6, 18:54
dereckson requested review of D3493: Provide content for fortune on FreeBSD.
Sun, Oct 6, 18:52
dereckson awarded D3492: Export metrics for ccache a Y So Serious token.
Sun, Oct 6, 17:52
dereckson updated the diff for D3492: Export metrics for ccache.

Remove os and sys unused imports

Sun, Oct 6, 17:51
dereckson requested review of D3492: Export metrics for ccache.
Sun, Oct 6, 17:50
dereckson added a revision to T2039: Automate Poudriere deployment: D3492: Export metrics for ccache.
Sun, Oct 6, 17:50 · Servers
dereckson updated the summary of D3491: Substitute Jinja variables in Dovecot configuration.
Sun, Oct 6, 15:34
dereckson added a revision to T1931: Dovecot Provisioning: D3491: Substitute Jinja variables in Dovecot configuration.
Sun, Oct 6, 15:34 · Mail, Restricted Project, Servers
dereckson added a parent task for T2047: Dovecot :stats listen to world on port 9900: T1931: Dovecot Provisioning.
Sun, Oct 6, 15:33 · Servers, Mail
dereckson added a subtask for T1931: Dovecot Provisioning: T2047: Dovecot :stats listen to world on port 9900.
Sun, Oct 6, 15:33 · Mail, Restricted Project, Servers
dereckson added a comment to D3491: Substitute Jinja variables in Dovecot configuration.
Complector
$ salt hervil state.apply roles/mailserver/dovecot
[…]
----------
          ID: dovecot_file_config_conf_d
    Function: file.recurse
        Name: /usr/local/etc/dovecot/conf.d
      Result: True
     Comment: Recursively updated /usr/local/etc/dovecot/conf.d
     Started: 15:27:53.192961
    Duration: 463.675 ms
     Changes:
              ----------
              /usr/local/etc/dovecot/conf.d/10-mail.conf:
                  ----------
                  diff:
                      ---
                      +++
                      @@ -13,6 +13,6 @@
                       #       and will be lost if the state is redeployed.
                       #   </auto-generated>
Sun, Oct 6, 15:33
dereckson requested review of D3490: Listen to 172.27.27.3 for Dovecot statistics.

To test and merge after D3491.

Sun, Oct 6, 15:32
dereckson requested review of D3491: Substitute Jinja variables in Dovecot configuration.
Sun, Oct 6, 15:31
dereckson planned changes to D3490: Listen to 172.27.27.3 for Dovecot statistics.

Not yet deployed.

Sun, Oct 6, 15:27
dereckson added a revision to T2047: Dovecot :stats listen to world on port 9900: D3490: Listen to 172.27.27.3 for Dovecot statistics.
Sun, Oct 6, 15:19 · Servers, Mail
dereckson requested review of D3490: Listen to 172.27.27.3 for Dovecot statistics.
Sun, Oct 6, 15:19