Activity
From 12/21/2019 to 01/19/2020
01/19/2020
- 02:48 PM Open Infrastructure Task #7543 (Closed): Write image definition script for ubuntu 19.10
- The image has been deployed in ONE and configured for the `public-Ubuntu 19.10` and `ipv6only-Ubuntu 19.10` templates...
01/18/2020
- 07:39 PM Open Infrastructure Task #7496: Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
- It's deployed: there's just monitoring to setup before it can be closed.
- 01:35 PM Open Infrastructure Task #7625: Manually fix consul+node_exporter on new router1.place6
- ...
- 01:27 PM Open Infrastructure Task #7625: Manually fix consul+node_exporter on new router1.place6
- ...
- 01:26 PM Open Infrastructure Task #7625: Manually fix consul+node_exporter on new router1.place6
- Use alpine's init script:...
- 01:02 PM Open Infrastructure Task #7625 (Rejected): Manually fix consul+node_exporter on new router1.place6
- ...
01/15/2020
- 07:28 PM Open Infrastructure Task #6671: Setup mastodon/pleroma for ungleich
- could we have a 13373r name?
01/13/2020
- 07:30 PM Open Infrastructure Task #7604 (In Progress): Find out why ciara2 was not automatically detected to be offline
- * ciara2 is half correctly outside of the consul cluster
** It should actually still be inside the cluster, but mark... - 07:28 PM Open Infrastructure Task #7604 (Rejected): Find out why ciara2 was not automatically detected to be offline
- * Consul status / prometheus / alert manager should have noticed
- 06:54 PM ipv6 Task #7568: Incoming SMTP IPv4 proxy
- This should not be so difficult.
The most basic exim setup using exim4-config allows supplying a list of domains t... - 06:37 PM Open Infrastructure Task #7186: Add support for general VPN including IPv4
- Errrr what is it with your VPN pricing? Did you go skiing and get altitude sickness?
Market price for VPN services i... - 05:52 PM Open Infrastructure Task #7544: Write "beginner's guide" for datacenterlight customers
- -IPv6 and IPv4: making the services on my IPv6 VM visible to the IPv4 world
-Guido to VM Management tools: dashboard... - 12:01 PM Open Infrastructure Task #7602 (Rejected): Align dynamicweb / opennebula with uncloud
- Stuff that we can & should export from our current setup to etcd in an uncloud alike format:
Prefix for everything... - 11:57 AM Open Infrastructure Task #7601: Setup an SSH jump host
- Proxycommand w/ windows exists in putty and usually uses plink - more details soon.
- 11:54 AM Open Infrastructure Task #7601 (Seen): Setup an SSH jump host
- * I am familiar with LDAP-backed auth with nslcd.
* ProxyCommand is standard for SSH bastions, it is even available ... - 11:12 AM Open Infrastructure Task #7601 (Rejected): Setup an SSH jump host
- * Authenticated against our ldap
* Allows user to connect to our IPv6 networks
The ways for users to use it:
*... - 08:37 AM Open Infrastructure Task #7555 (Closed): Setup uncloud at server11 and server12
- 03:14 AM Open Infrastructure Task #7582 (Closed): Add hostname in uncloud file scanning
- 03:14 AM Open Infrastructure Task #7519 (Closed): uncloud test run 2019-12-21
- The above mentioned things were fixed.
01/12/2020
- 09:18 PM Open Infrastructure Task #7580: Preparing for matrix-as-a-service
- channels that can be exported to IRC or matrix:
* ipv6
* foss
* hacking-and-learning
* Town Square
* datacente... - 09:11 PM Open Infrastructure Task #7580 (In Progress): Preparing for matrix-as-a-service
- 09:10 PM Open Infrastructure Task #7580: Preparing for matrix-as-a-service
- * Synapse and Matrix Cdist types are (almost) OK.
- I missed one small thing in my __postgres upstream cdist patch... - 09:12 PM Open Infrastructure Task #6694: Setup matrix server and bridge matermost into it
- Everything's in place, we just have to choose the channels to be bridged.
01/10/2020
- 09:44 PM ipv6 Task #7566 (Feedback): Outgoing SMTP smarthost
01/09/2020
- 08:56 PM Open Infrastructure Task #7596: uncloud-api refactoring & make schemas less horrible
- To see merge request https://code.ungleich.ch/uncloud/uncloud/merge_requests/1
- 08:54 PM Open Infrastructure Task #7596: uncloud-api refactoring & make schemas less horrible
- * Done `uncloud api` refactoring which was due for a long time and is the last refactoring beside https://redmine.ung...
- 08:54 PM Open Infrastructure Task #7596 (Closed): uncloud-api refactoring & make schemas less horrible
- 08:55 PM Open Infrastructure Task #7585 (Closed): Check whether uncloud-api break if some field is missing
- The behavior is verified and corrected.
- 09:32 AM Open Infrastructure Task #7591: uncloud production checklist 2020-01
- Also, please note
uncloud deployed at server{11, 12}. There are still some issues that would be problem for re... - 09:26 AM Open Infrastructure Task #7591: uncloud production checklist 2020-01
- *Can all required components be deployed (checking on server11) -- document the installation procedures*
Documente... - 09:19 AM Open Infrastructure Task #7591: uncloud production checklist 2020-01
- h1. Installation/Setup
Allow etcd prefix for developer role... - 09:17 AM Open Infrastructure Task #7591 (In Progress): uncloud production checklist 2020-01
- 09:16 AM Open Infrastructure Task #7591 (Rejected): uncloud production checklist 2020-01
- h2. Objective
* Migrate internal VMs to uncloud
h2. Checklist
* Can all required components be deployed (che... - 08:55 AM Open Infrastructure Task #7590: Expect everything to fail (uncloud)
- I am little uncertain how to handle failures in etcd. For Example, put every etcd function call in try/except block o...
- 08:48 AM Open Infrastructure Task #7590: Expect everything to fail (uncloud)
- h2. How do we plan to handle failures in etcd
Failures can be temporarily (leadership change) or permanent (etcd c... - 08:48 AM Open Infrastructure Task #7590 (Rejected): Expect everything to fail (uncloud)
- Especially external components, such as
1. etcd
2. netbox
3. otp.ungleich.ch
01/08/2020
- 08:21 PM Open Infrastructure Task #7583: Handle etcd leader change or temporary unavailability gracefully in uncloud
- We have to re-evaluate/re-check all the usage of etcd in uncloud to make sure we handle these events correctly/gracef...
- 07:34 AM Open Infrastructure Task #7583: Handle etcd leader change or temporary unavailability gracefully in uncloud
- The later unavailability is due to election for leader.
- 12:21 PM Open Infrastructure Task #7580: Preparing for matrix-as-a-service
- We can do-it in a second-stage, witout a TURN server VoIP might or might not work depending on the situation.
Note... - 11:27 AM Open Infrastructure Task #7580: Preparing for matrix-as-a-service
- Can we do voip in a second stage or will things "look weird" without it?
redmine@ungleich.ch writes: - 11:17 AM Open Infrastructure Task #7580: Preparing for matrix-as-a-service
- We'll also need a TURN server for VoIP.
- 11:29 AM ipv6 Task #7570 (Seen): Add more questions and answers to official FAQ
01/07/2020
- 06:38 PM Open Infrastructure Task #7555: Setup uncloud at server11 and server12
- uncloud deployed at server{11, 12}. There are still some issues that would be problem for reliably running uncloud fo...
- 06:33 PM Open Infrastructure Task #7582: Add hostname in uncloud file scanning
- Nico Schottelius wrote:
> For the example above: the host would probably often more something like "files1.datacente... - 04:19 PM Open Infrastructure Task #7582: Add hostname in uncloud file scanning
- For the example above: the host would probably often more something like "files1.datacenterlight.ch" or "username.dat...
- 04:18 PM Open Infrastructure Task #7582: Add hostname in uncloud file scanning
- We should have a "created_at" and "deleted_at" for every object.
- 02:44 PM Open Infrastructure Task #7582: Add hostname in uncloud file scanning
- Done. Sample
Before... - 01:41 PM Open Infrastructure Task #7582 (Closed): Add hostname in uncloud file scanning
- It is required as nico said that there would be multiple file hosts and not necessarily all files are available on so...
- 04:45 PM Open Infrastructure Task #7585 (Closed): Check whether uncloud-api break if some field is missing
- The behavior is seen in the past that uncloud-api breaks if we don't pass some fields like *name*, *realm* or *token*...
- 02:07 PM Open Infrastructure Task #7583 (Rejected): Handle etcd leader change or temporary unavailability gracefully in uncloud
- Here is leader change....
- 12:53 PM Open Infrastructure Task #7580 (Closed): Preparing for matrix-as-a-service
- Once matrix is deployed at ungleich:
* Build & document MaaS deployment and maintenance pipeline.
- Wiki page.
...
01/06/2020
- 02:33 PM ipv6 Task #7567 (Closed): Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- Thanks a lot for creating this and the other tickets. I'll close this one in favor for the more specific services tha...
- 12:12 PM ipv6 Task #7567: Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- There are other examples, such as running multiple sshd instances based on different authentication systems, each on ...
- 11:51 AM ipv6 Task #7567 (Waiting): Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- 11:48 AM ipv6 Task #7567: Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- The idea is that rather than implementing protocols one by one, implement all of them with a generic TLS proxy. Why b...
- 12:21 PM Open Infrastructure Task #7543 (In Progress): Write image definition script for ubuntu 19.10
- From Nico:...
- 12:09 PM Open Infrastructure Task #7543 (Waiting): Write image definition script for ubuntu 19.10
- There's already a 19.10 image deployed... ???
- 11:57 AM Open Infrastructure Task #7543 (In Progress): Write image definition script for ubuntu 19.10
- 12:19 PM ipv6 Task #7574 (Rejected): Create and setup VM for prototype Smarthost
- Choose mail server (exim? exim-heavy?)
Setup to enable read access to customer VM and IP-range ownership - 12:15 PM ipv6 Task #7573 (Rejected): Spamlike message filtering
- Add a spamfilter to the smarthost which blocks messages that will cause email providers to blacklist or graylist the ...
- 12:04 PM ipv6 Task #7566 (Waiting): Outgoing SMTP smarthost
- I think it would make more sense for your resident exim guru to implement it with me helping out.
I don't have any...
01/05/2020
- 07:09 PM Open Infrastructure Task #7555: Setup uncloud at server11 and server12
- Remaining things
[ ] IPv6 Prefix on Server 12
[ ] VM with Global IPv6 (2a0a:e5c0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx)
[ ... - 07:02 PM Open Infrastructure Task #7555: Setup uncloud at server11 and server12
- uncloud filescanner has to be modified as it was using xattrs to track files which does not work on rootfs/tmpfs whic...
- 04:58 PM Open Infrastructure Task #7555: Setup uncloud at server11 and server12
- Devuan ascii has too old QEMU i.e 2.8 while the latest is 4.2.
It is a problem because it is showing error message... - 04:42 PM ipv6 Task #7570 (Rejected): Add more questions and answers to official FAQ
- List of questions that should be added and some answers are here:
https://redmine.ungleich.ch/projects/ipv6/wiki/FAQ - 04:26 PM ipv6 Task #7566 (Seen): Outgoing SMTP smarthost
- Moris,
are you interested in creating a prototype for this one? - 03:36 PM ipv6 Task #7566 (Rejected): Outgoing SMTP smarthost
- Implement a smarthost to complement the NAT64 gateway, although ideally also allowing relaying of messages to IPv6 de...
- 04:25 PM ipv6 Task #7567 (Feedback): Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- Hey Moris,
I am not sure if this ticket is sensible, as it contains a lot of unused protocols. I like the other ti... - 04:00 PM ipv6 Task #7567 (Closed): Add support for all TLS encapsulated protocols to IPv4-to-IPv6 incoming proxy
- Here is a partial list of protocols
nntps 563/tcp snntp
ldaps 636/tcp
ldaps ... - 04:12 PM ipv6 Task #7569 (Rejected): IPv6 only DNS
-
* Needs helper/proxy/delegated
* Setup
** Domain IN NS <nameserver>
** nameserver IN AAAA <IPv6 address of ... - 04:09 PM ipv6 Task #7568 (Rejected): Incoming SMTP IPv4 proxy
- Should allow relaying messages to any domain whose primary MX AAAA record is in our IPv6 range.
* Setup
> * Do... - 04:02 PM ipv6 Task #7523: TCP/UDP Services supported by IP4-to-IP6 incoming proxy and NAT64 outgoing gateway
- Added to wiki:
https://redmine.ungleich.ch/projects/ipv6/wiki/Making_an_IPv6-only_VM_a_useful_tool_in_an_IPv4_domi... - 11:03 AM Open Infrastructure Task #7565 (Rejected): uncloud run 2020-01-05
- h2. Objective
A test ride to get more nearby prod use
h2. What Nico wants to do us a customer
* register a...
01/03/2020
- 05:35 PM Open Infrastructure Task #7561: Update mystrom switches to support IPv6 only networks
- ...
- 05:35 PM Open Infrastructure Task #7561 (Rejected): Update mystrom switches to support IPv6 only networks
- Using an experimental firmware from mystrom directly:...
- 04:08 PM Open Infrastructure Task #7560 (Closed): Document DNS64 setup for VMs
- * After #7496
* Document on how to use it in the [[The_ungleich_DNS_infrastructure]]
* Reference it in [[The_unglei... - 11:38 AM Open Infrastructure Task #7555: Setup uncloud at server11 and server12
- Allow etcd prefix for developer role...
- 10:58 AM Open Infrastructure Task #7555 (Closed): Setup uncloud at server11 and server12
- Ensure that both server11 and server12 are running with uncloud today and can be used in production? And please note ...
01/02/2020
- 05:09 PM Open Infrastructure Task #7496: Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
- Merge request opened against dot-cdist: https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/65
- 03:30 PM Open Infrastructure Task #7436 (Closed): Hack-a-ucloud-weekend (2019-12-07)
- 03:30 PM Open Infrastructure Task #7438 (Closed): Explore local ucloud setup
- 03:30 PM Open Infrastructure Task #7437 (Closed): Run ucloud with a single authentication token
- 03:30 PM Open Infrastructure Task #7439 (Rejected): Add support for different authentication methods
- Postponed.
- 01:35 PM Open Infrastructure Task #7553: Setup conntrackd to allow active active firewalls
- And config looks like this:...
- 01:33 PM Open Infrastructure Task #7553: Setup conntrackd to allow active active firewalls
- Seems like the code is in read_config.yy.c:...
- 01:08 PM Open Infrastructure Task #7553: Setup conntrackd to allow active active firewalls
- Added sync section, now getting an IPv6 exception:...
- 12:59 PM Open Infrastructure Task #7553: Setup conntrackd to allow active active firewalls
- router2.place6:...
- 12:50 PM Open Infrastructure Task #7553 (Rejected): Setup conntrackd to allow active active firewalls
- * So that firewall rules still work with state tracking
Change of objective: get this running on two IPv6 only Alp... - 12:47 PM Open Infrastructure Task #7552 (Closed): Add some non-critical traffic to router1.place6
- * might required conntrackd
Networks first stage:
* internal network
* server network
- 12:46 PM Open Infrastructure Task #7306 (Rejected): Phase in new routers
- Closing in favor of #7284
- 12:44 PM Open Infrastructure Task #7307 (Closed): Update __ungleich_bgp_router for IPv6 based multip bgp
- Not doing this atm, as routers still need IPv4 addresses for VMs
- 12:21 PM Open Infrastructure Task #7520 (Closed): Checkout whether OSPF can be helpful for DCL
- It works!
But not for eBGP routes. - 12:07 PM Open Infrastructure Task #6930: cdist configuration for etcd
- Current state I know of:
* there is etcd{1,2,3}.ungleich.ch
* They have an unknown configuration
* And they have...
01/01/2020
- 05:49 PM Open Infrastructure Task #7546: VM Security based on LDAP accounts
- We don't have any rate limiting to any of the apis that we have so far.
I think rate limiting would primarily be n... - 05:05 PM Open Infrastructure Task #7546: VM Security based on LDAP accounts
- * Moris, thanks for reporting.
* Mondi, can you start with your tasks and handover to Timothee when done?
- 05:05 PM Open Infrastructure Task #7546: VM Security based on LDAP accounts
- h2. Clarification 1: "shared login"
We use LDAP servers as a backend to redmine and django (the dashboard). Both s... - 04:53 PM Open Infrastructure Task #7546 (In Progress): VM Security based on LDAP accounts
12/31/2019
- 09:52 PM ipv6 Task #7523: TCP/UDP Services supported by IP4-to-IP6 incoming proxy and NAT64 outgoing gateway
- Readable list here
http://[2a0a:e5c0:2:10d:0:3:1bb:1]/ - 07:40 PM Open Infrastructure Task #7546 (Rejected): VM Security based on LDAP accounts
- Access to VM administration tools should be secured to the same level or higher as root access to the VM itself.
C... - 06:19 PM Open Infrastructure Task #6694 (In Progress): Setup matrix server and bridge matermost into it
- After discussion with nico, Matrix get priority over LDAP setup rebuild.
- 04:25 PM Open Infrastructure Task #6694 (Waiting): Setup matrix server and bridge matermost into it
- The matrix deployment works modulo:
* Federating with the IPv4 world (a few lines to add to haproxy's configuratio... - 04:26 PM Open Infrastructure Task #7345 (Waiting): Cleanup & upstream matrix-related types
- 03:20 PM Open Infrastructure Task #7545 (Closed): Switch production LDAPs to cdist-managed alpine
- Our production LDAP nodes do not seem to be managed by cdist (anymore?):
* No relevant mention in `grep -R __ungle... - 07:36 AM Open Infrastructure Task #7544 (Rejected): Write "beginner's guide" for datacenterlight customers
- Such a guide should cover:
* What is a VM? How do I choose CPU/Memory/Storage?
* How do I choose a GNU/Linux or...
12/30/2019
- 06:03 PM Open Infrastructure Task #6694: Setup matrix server and bridge matermost into it
- The matrix deployment is WIP in https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/64/diffs and is sta...
- 07:37 AM Open Infrastructure Task #6694 (In Progress): Setup matrix server and bridge matermost into it
- 02:40 PM Open Infrastructure Task #7543 (Closed): Write image definition script for ubuntu 19.10
- Similar to what have been done for fedora and CentOS.
- 07:37 AM Open Infrastructure Task #7345: Cleanup & upstream matrix-related types
- The project has been imported under https://code.ungleich.ch/ungleich-public/matrix-cdist-types. Moving to issue #669...
12/25/2019
- 05:55 PM Open Infrastructure Task #7427 (In Progress): Rough draft to support console on our VMs
12/24/2019
- 07:15 PM Open Infrastructure Task #7427 (Closed): Rough draft to support console on our VMs
- Django part done. LDAP account is created as soon as user login to datacenterlight.
- 02:36 PM ipv6 Task #7523: TCP/UDP Services supported by IP4-to-IP6 incoming proxy and NAT64 outgoing gateway
- h2. IPv6 only DNS
* Needs helper/proxy/delegated
* Setup
** Domain IN NS <nameserver>
** nameserver IN AAAA <I...
12/21/2019
- 05:37 PM ipv6 Task #7523 (Rejected): TCP/UDP Services supported by IP4-to-IP6 incoming proxy and NAT64 outgoing gateway
- List of services, as well as the following parameters:
Currently supported { officially unofficially partially uns... - 03:15 PM Swiss School of Digital Education Task #7521 (Rejected): Add IPv6 course offer
- * 1 week
* including food and sleeping
* On request
* For companies / teams who want to learn how to setup, use, m... - 02:53 PM Open Infrastructure Task #7520: Checkout whether OSPF can be helpful for DCL
- parameters mismatch between switch & routers: disable switch for the moment...
- 02:35 PM Open Infrastructure Task #7520: Checkout whether OSPF can be helpful for DCL
- Testing on arista:...
- 02:16 PM Open Infrastructure Task #7520: Checkout whether OSPF can be helpful for DCL
- Seems like these code blocks are already enough for internal route exchange:...
- 01:49 PM Open Infrastructure Task #7520 (Closed): Checkout whether OSPF can be helpful for DCL
- * testing with new routers
* Todo: find out how to limit route imports in arista via ospf - 12:25 PM Open Infrastructure Task #7519: uncloud test run 2019-12-21
- arch
* etcd3 error message might be improve / error out on import error
** fail only when it is required for oper... - 12:22 PM Open Infrastructure Task #7519 (Closed): uncloud test run 2019-12-21
- * Convince Nico that it works ;-)
* On Alpine and Arch
Also available in: Atom