Activity
From 12/02/2019 to 12/31/2019
12/31/2019
- MJ 07:40 PM Task #7546 (Rejected): VM Security based on LDAP accounts
- Access to VM administration tools should be secured to the same level or higher as root access to the VM itself.
Currently the VM dashboard uses a shared login with redmine.
Admin systems and communication systems should not have a... - TF 06:19 PM Task #6694 (In Progress): Setup matrix server and bridge matermost into it
- After discussion with nico, Matrix get priority over LDAP setup rebuild.
- TF 04:25 PM Task #6694 (Waiting): Setup matrix server and bridge matermost into it
- The matrix deployment works modulo:
* Federating with the IPv4 world (a few lines to add to haproxy's configuration)
* Rebuilding ungleich's production LDAP environment to be able to use custom service accounts in a clean way: http... - TF 04:26 PM Task #7345 (Waiting): Cleanup & upstream matrix-related types
- TF 03:20 PM Task #7545 (Closed): Switch production LDAPs to cdist-managed alpine
- Our production LDAP nodes do not seem to be managed by cdist (anymore?):
* No relevant mention in `grep -R __ungleich_ldap dot-cdist/` or `grep -R ldap1 dot-cdist/`
* Deployed configuration do not exactly match `__ungleich_ldap` ty... - TF 07:36 AM Task #7544 (Rejected): Write "beginner's guide" for datacenterlight customers
- Such a guide should cover:
* What is a VM? How do I choose CPU/Memory/Storage?
* How do I choose a GNU/Linux or *BSD distribution?
* How do I connect to my VM?
- GNU/Linux, *BSD
- MacOS
- Windows
* Managing my ...
12/30/2019
- TF 06:03 PM Task #6694: Setup matrix server and bridge matermost into it
- The matrix deployment is WIP in https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/64/diffs and is starting to look quite decent. I hope to have it usable by tuesday or wednesday depending on the work time I can allocate t...
- TF 07:37 AM Task #6694 (In Progress): Setup matrix server and bridge matermost into it
- TF 02:40 PM Task #7543 (Closed): Write image definition script for ubuntu 19.10
- Similar to what have been done for fedora and CentOS.
- TF 07:37 AM Task #7345: Cleanup & upstream matrix-related types
- The project has been imported under https://code.ungleich.ch/ungleich-public/matrix-cdist-types. Moving to issue #6694 for real-world testing (i.e. 'customer-usable' part).
12/25/2019
12/24/2019
- AB 07:15 PM Task #7427 (Closed): Rough draft to support console on our VMs
- Django part done. LDAP account is created as soon as user login to datacenterlight.
12/21/2019
- NS 02:53 PM Task #7520: Checkout whether OSPF can be helpful for DCL
- parameters mismatch between switch & routers: disable switch for the moment
- NS 02:35 PM Task #7520: Checkout whether OSPF can be helpful for DCL
- Testing on arista:
- NS 02:16 PM Task #7520: Checkout whether OSPF can be helpful for DCL
- Seems like these code blocks are already enough for internal route exchange:
- NS 01:49 PM Task #7520 (Closed): Checkout whether OSPF can be helpful for DCL
- * testing with new routers
* Todo: find out how to limit route imports in arista via ospf - NS 12:25 PM Task #7519: uncloud test run 2019-12-21
- arch
* etcd3 error message might be improve / error out on import error
** fail only when it is required for operations!
* don't error out if ucloud.conf is missing
* don't give traceback if keys are missing
** What is the user ex... - NS 12:22 PM Task #7519 (Closed): uncloud test run 2019-12-21
- * Convince Nico that it works ;-)
* On Alpine and Arch
12/20/2019
- NS 09:47 PM Task #7304: Test NAT64 with distributed routers with joold on alpine
- * Configuring router1.place6 for NAT64
** Prefix 2a0a:e5c0:2:10::/96 - TF 04:10 PM Task #7514 (Closed): Investigate slow sshd start on Fedora/CentOS8 images
- * To investigate
- Likely due to low entropy => havegd should help. - NS 12:56 AM Task #7377: Create an active-active NAT64 gateway
- Session exist on one router, session does not exist on other one -> multicast issue?
- NS 12:28 AM Task #7377: Create an active-active NAT64 gateway
- Using the new NAT64 IPv4 address on both machines:
- NS 12:27 AM Task #7377: Create an active-active NAT64 gateway
- Need to add pool entries for each protocol:
- NS 12:23 AM Task #7377 (In Progress): Create an active-active NAT64 gateway
12/19/2019
- TF 07:41 PM Task #7507 (Rejected): Monitor upstream releases / security advisories
- We deploy some application directly from upstream VCS, which means the underlying distribution does not provide us with (security) updates: we have to do it ourselve.
=> It's 100% manual/human for now. Perhaps we could consume events ... - NS 05:41 PM Task #7345: Cleanup & upstream matrix-related types
- Just added you to ungleich-public, please move there
- TF 04:57 PM Task #7345: Cleanup & upstream matrix-related types
- Both matrix-synapse and matrix-riot should be usable now, although they need some real-world testing which will handled by #6694.
The sources are currently hosted on [git.sr.ht](https://git.sr.ht/~fnux/matrix-cdist-types): shall I mov... - TF 05:29 PM Task #7504 (Rejected): Document OpenNebula image creation
- Peoples ask how to build new images from time to time, it would be easier if the requirements/workflow was documented somewhere.
Relevant wiki page: https://redmine.ungleich.ch/projects/open-infrastructure/wiki/OpenNebula_image_manage... - NS 05:14 PM Task #7478 (Closed): Create script to create centos8 image suitable for opennebula
Thanks!
redmine@ungleich.ch writes:- TF 04:46 PM Task #7478 (Resolved): Create script to create centos8 image suitable for opennebula
- From what I saw on #ungleich-web, the CentOS 8 image has been deployed.
- TF 05:11 PM Task #7496 (In Progress): Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
- TF 02:13 PM Task #7503: Create script to create new / updated OpenBSD image for OpenNebula
- Note by @kirill on chat.ungleich.ch // datacenterlight:
> regarding Task #7503 - remember to add family inet6 inet4 to /etc/resolv.conf.tail
> ...
See also: https://chat.ungleich.ch/ungleich/pl/1rwad75wu3nzdcerdyb5gk5ocw - NS 09:58 AM Task #7503 (Rejected): Create script to create new / updated OpenBSD image for OpenNebula
- * Upgrading to 6.6
* The original image was made by @reyk
* The logic is basically the same as the other images, however there is no deb/rpm
** Reyk installed / modified "cloud-agent" - this is what we want to install
* Username is "... - NS 09:55 AM Task #7502 (Closed): Create script to create new / updated FreeBSD image for OpenNebula
- * 12.1 is out for a while
* The original image was made by @kamila
* The logic is basically the same as the other images, however there is no deb/rpm for freebsd
** I am not sure where she added the necessary changes (dns, network, ss...
12/17/2019
- TF 06:45 PM Task #7478 (Feedback): Create script to create centos8 image suitable for opennebula
- Related Merge Request: https://code.ungleich.ch/ungleich-public/ungleich-tools/merge_requests/4
The image has been deployed under the ipv6only-centos8 OpenNebula template and seems to be working properly. - NS 05:41 PM Task #7472 (Closed): Fix the fedora image for resize
Nice job!
redmine@ungleich.ch writes:- TF 05:23 PM Task #7472 (Resolved): Fix the fedora image for resize
- Solved by https://code.ungleich.ch/ungleich-public/ungleich-tools/commit/09a05b6a56f55fe27a37d26aaab13c65aa82a9f5.
- NS 12:49 PM Task #7345: Cleanup & upstream matrix-related types
- Moving ticket to Open Infrastructure
- TF 12:37 PM Task #6694: Setup matrix server and bridge matermost into it
- I've been working on matrix cdists types during the last H4G: https://redmine.ungleich.ch/issues/7345
It's not complete yet as it requires testing & tuning for various distributions but the general structure is done: https://git.sr.ht/~... - NS 12:00 PM Task #7496 (Closed): Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
- h2. Background
We want VPN users or anyone to be able to select if they get NAT64 or not. Currently our bind decides based on the query source IP, whether to provide NAT64 or not and which prefix to use.
We want to have an alternat... - NS 11:14 AM Task #6671: Setup mastodon/pleroma for ungleich
- ack
redmine@ungleich.ch writes: - TF 10:54 AM Task #6671 (Seen): Setup mastodon/pleroma for ungleich
- I just gave a quick look at both the initial Mastodon implementation and Pleroma and will likely go with the later:
* The initial mastodon implementation has a lot of moving parts (Postgres, Redis, ElasticSearch, ...): https://docs.jo...
12/16/2019
- TF 02:02 PM Task #7478 (In Progress): Create script to create centos8 image suitable for opennebula
- TF 02:01 PM Task #7478: Create script to create centos8 image suitable for opennebula
- I bootstraped an initial image but there's still some cleanup to do.
- TF 10:07 AM Task #7482: On Alpine Linux the monit job for node-exporter uses the wrong path
- > Add an "os" check into manifest/dcl in the router section to use a different __ungleich_monit config depending on the OS.
Wouldn't it be better to add this check to the `__ungleich_monit` type, which generate the `/etc/monit/conf.d/...
12/15/2019
- NS 11:03 PM Task #7483 (Closed): Update the __consul cdist type for alpine
- seems like the configuration place is different on current alpine that what we assumed/what is in our normal config file:
- NS 11:01 PM Task #7482 (Closed): On Alpine Linux the monit job for node-exporter uses the wrong path
- Current state is:
- NS 05:31 PM Task #7478 (Closed): Create script to create centos8 image suitable for opennebula
- * centos8-build-opennebula.sh or similar
* goes into ungleich-tools - NS 11:47 AM Task #7472 (Closed): Fix the fedora image for resize
- * In theory the opennebula scripts *should* do that
** I think I have even seen scripts in /etc/one-context.d that *should* do it
** however, it wasn't done...
* it might a missing udev hook???
12/10/2019
- NS 05:04 PM Task #7456 (Rejected): Prototype support for IPv6 only mail servers
- * incoming via bounce/transfer host
** whitelist of domains + smarthost settings?
* outgoing
** check whether MX + NAT64 == AAAA trick works
12/09/2019
- LN 03:04 PM Task #6601: Setup the arista switches at place6-east and place9
- place9 is no more/ partially moved to place10
- LN 11:54 AM Task #6601 (Closed): Setup the arista switches at place6-east and place9
- LN 03:02 PM Task #7185: Setup network monitoring system on new off-site VPS
- ABK is added to sre@
imap mailbox creation is pending - LN 11:46 AM Task #7185 (Seen): Setup network monitoring system on new off-site VPS
- LN 11:54 AM Task #7026 (Closed): place9 hacking for getting ceph + netboot running
- LN 11:54 AM Task #6982 (Closed): Ensure that setting up a new ceph cluster is less than 5 minutes of work
- LN 11:54 AM Task #6582 (Closed): Setup the first router
- LN 11:46 AM Task #7438 (Seen): Explore local ucloud setup
- LN 11:46 AM Task #7437 (Seen): Run ucloud with a single authentication token
- LN 11:46 AM Task #7409 (Seen): Replace ipv4 on internal routes with multip protocol IPv6
- LN 11:46 AM Task #7312 (Seen): Ensure that all available disks are correctly used in ceph
- LN 11:46 AM Task #7261 (Seen): Create ipv6-spoofing nebula n-interface for place5 and understand how and why it exists
- LN 11:46 AM Task #7162 (Seen): Submit a patch for the alpine bird2 package to run as user bird
- LN 11:46 AM Task #7114 (Seen): Test performance of tayga-mt
12/07/2019
- NS 12:50 PM Task #7439 (Rejected): Add support for different authentication methods
- * local/no authentication
* remote
** uotp
** ldap
** etcd based (???) - NS 12:37 PM Task #7438 (Closed): Explore local ucloud setup
- * no public listeners
* all local
* no authentication
* no ceph by default - NS 12:35 PM Task #7437 (Closed): Run ucloud with a single authentication token
- * No uotp
* No ldap
* No nothing - NS 10:58 AM Task #7436 (In Progress): Hack-a-ucloud-weekend (2019-12-07)
- NS 10:57 AM Task #7436 (New): Hack-a-ucloud-weekend (2019-12-07)
- Doc/uotp seems to be outdated:
- NS 10:47 AM Task #7436 (In Progress): Hack-a-ucloud-weekend (2019-12-07)
- NS 10:22 AM Task #7436 (Closed): Hack-a-ucloud-weekend (2019-12-07)
- h2. objective
* get ucloud into a customer usable state
h2. Tasks
* how does a user interact with ucloud?
* where to deploy it
* the usual production things (security, availability, ...)
* etcd instalation
* monitoring
h2...
12/06/2019
- NS 12:44 AM Task #7427 (Rejected): Rough draft to support console on our VMs
- * Migrate dynamicweb user base to ldap
** write script to migrate users (passwords? do we have to reset / have them set it up again?)
*** maybe implement "soft reset": change user to ldap after they successfully logged in
* Connect gu...
12/05/2019
- LN 07:20 PM Task #7182 (Resolved): Update router configuration for place5
- LN 02:37 PM Task #7182: Update router configuration for place5
- done
- NS 06:09 PM Task #7156 (Closed): Add new sunrise link to infrastrucure, introduce policy routing
- Added long time ago
- AB 12:22 PM Task #7402 (Feedback): Reproduce issues in ucloud-pay
- Things are setup at 2a0a:e5c0:0:5:0:78ff:fe11:d75c
- LN 11:38 AM Task #7400: Switch all servers to IPv6 only netboot
- place5 setup is continuing on 12-05
12/04/2019
12/03/2019
- NS 04:23 PM Task #7400: Switch all servers to IPv6 only netboot
- place5 to de done on 2019-12-04
- DR 04:16 PM Task #7172 (Resolved): Setup new VM/service: search.ungleich.ch
- Verified and finished search.ungleich.ch so it's production ready.
cdist types are created, manifest is updated. - NS 04:16 PM Task #7409 (Closed): Replace ipv4 on internal routes with multip protocol IPv6
- Current limitation: need update to newer bird version
* https://gitlab.labs.nic.cz/labs/bird/commit/53401bef63013dfee01b65d071ffbd88e457539f
* Subject "Re: Multi protocol route handling (IPv4 via IPv6)" on the bird mailing list
* wa... - LN 11:48 AM Task #7193 (Closed): Move switches in place8 to a different rack
- duplicate
https://redmine.ungleich.ch/issues/7340
- DR 10:08 AM Task #7122: Setup production etcd cluster in place6
- Dominique Roux wrote:
> ...
> ...
nft problem is fixed now.
Problem was: Alpine has it's own init.d script (which works ;-) ). The cdist type was already updated but the submodule was not.
The submodule is now updated too, therefore,...
12/02/2019
- TF 09:41 PM Task #7345 (In Progress): Cleanup & upstream matrix-related types
- Works but need more testing. I haven't forgotten this issue, which will be updated soon (TM).
- AB 12:13 PM Task #7403 (Rejected): Create customer friendly guide for ucloud
- Where do I go to for creating a VM?
How can I pay?
Where do I store my ssh keys?
How to reboot my VM?
Can I / how can I access the console? - AB 12:11 PM Task #7402 (Closed): Reproduce issues in ucloud-pay
- Reproduce issues in ucloud-pay and share it with mravi
- AB 12:09 PM Task #7401 (Rejected): Create ucloud package for python/alpine
- NS 12:02 PM Task #7400 (Closed): Switch all servers to IPv6 only netboot
- h2. Objective
* Remove one of the last IPv4 bits from our infrastructure (-> less complexity)
* Test that all servers are in a good state (regular reboot)
h2. Steps
* Setup ipxe USB sticks
* Modify the internal network to prov...