Project

General

Profile

Activity

From 12/06/2019 to 01/04/2020

01/03/2020

05:35 PM Task #7561: Update mystrom switches to support IPv6 only networks
... Nico Schottelius
05:35 PM Task #7561 (Rejected): Update mystrom switches to support IPv6 only networks
Using an experimental firmware from mystrom directly:... Nico Schottelius
04:08 PM Task #7560 (Closed): Document DNS64 setup for VMs
* After #7496
* Document on how to use it in the [[The_ungleich_DNS_infrastructure]]
* Reference it in [[The_unglei...
Nico Schottelius
11:38 AM Task #7555: Setup uncloud at server11 and server12
Allow etcd prefix for developer role... Ahmed Bilal
10:58 AM Task #7555 (Closed): Setup uncloud at server11 and server12
Ensure that both server11 and server12 are running with uncloud today and can be used in production? And please note ... Ahmed Bilal

01/02/2020

05:09 PM Task #7496: Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
Merge request opened against dot-cdist: https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/65 Timothée Floure
03:30 PM Task #7436 (Closed): Hack-a-ucloud-weekend (2019-12-07)
Nico Schottelius
03:30 PM Task #7438 (Closed): Explore local ucloud setup
Nico Schottelius
03:30 PM Task #7437 (Closed): Run ucloud with a single authentication token
Nico Schottelius
03:30 PM Task #7439 (Rejected): Add support for different authentication methods
Postponed. Nico Schottelius
01:35 PM Task #7553: Setup conntrackd to allow active active firewalls
And config looks like this:... Nico Schottelius
01:33 PM Task #7553: Setup conntrackd to allow active active firewalls
Seems like the code is in read_config.yy.c:... Nico Schottelius
01:08 PM Task #7553: Setup conntrackd to allow active active firewalls
Added sync section, now getting an IPv6 exception:... Nico Schottelius
12:59 PM Task #7553: Setup conntrackd to allow active active firewalls
router2.place6:... Nico Schottelius
12:50 PM Task #7553 (Rejected): Setup conntrackd to allow active active firewalls
* So that firewall rules still work with state tracking
Change of objective: get this running on two IPv6 only Alp...
Nico Schottelius
12:47 PM Task #7552 (Closed): Add some non-critical traffic to router1.place6
* might required conntrackd
Networks first stage:
* internal network
* server network
Nico Schottelius
12:46 PM Task #7306 (Rejected): Phase in new routers
Closing in favor of #7284 Nico Schottelius
12:44 PM Task #7307 (Closed): Update __ungleich_bgp_router for IPv6 based multip bgp
Not doing this atm, as routers still need IPv4 addresses for VMs Nico Schottelius
12:21 PM Task #7520 (Closed): Checkout whether OSPF can be helpful for DCL
It works!
But not for eBGP routes.
Nico Schottelius
12:07 PM Task #6930: cdist configuration for etcd
Current state I know of:
* there is etcd{1,2,3}.ungleich.ch
* They have an unknown configuration
* And they have...
Nico Schottelius

01/01/2020

05:49 PM Task #7546: VM Security based on LDAP accounts
We don't have any rate limiting to any of the apis that we have so far.
I think rate limiting would primarily be n...
Mondi Ravi
05:05 PM Task #7546: VM Security based on LDAP accounts
* Moris, thanks for reporting.
* Mondi, can you start with your tasks and handover to Timothee when done?
Nico Schottelius
05:05 PM Task #7546: VM Security based on LDAP accounts
h2. Clarification 1: "shared login"
We use LDAP servers as a backend to redmine and django (the dashboard). Both s...
Nico Schottelius
04:53 PM Task #7546 (In Progress): VM Security based on LDAP accounts
Nico Schottelius

12/31/2019

07:40 PM Task #7546 (Rejected): VM Security based on LDAP accounts
Access to VM administration tools should be secured to the same level or higher as root access to the VM itself.
C...
Moris Jones
06:19 PM Task #6694 (In Progress): Setup matrix server and bridge matermost into it
After discussion with nico, Matrix get priority over LDAP setup rebuild. Timothée Floure
04:25 PM Task #6694 (Waiting): Setup matrix server and bridge matermost into it
The matrix deployment works modulo:
* Federating with the IPv4 world (a few lines to add to haproxy's configuratio...
Timothée Floure
04:26 PM Task #7345 (Waiting): Cleanup & upstream matrix-related types
Timothée Floure
03:20 PM Task #7545 (Closed): Switch production LDAPs to cdist-managed alpine
Our production LDAP nodes do not seem to be managed by cdist (anymore?):
* No relevant mention in `grep -R __ungle...
Timothée Floure
07:36 AM Task #7544 (Rejected): Write "beginner's guide" for datacenterlight customers
Such a guide should cover:
* What is a VM? How do I choose CPU/Memory/Storage?
* How do I choose a GNU/Linux or...
Timothée Floure

12/30/2019

06:03 PM Task #6694: Setup matrix server and bridge matermost into it
The matrix deployment is WIP in https://code.ungleich.ch/ungleich-intern/dot-cdist/merge_requests/64/diffs and is sta... Timothée Floure
07:37 AM Task #6694 (In Progress): Setup matrix server and bridge matermost into it
Timothée Floure
02:40 PM Task #7543 (Closed): Write image definition script for ubuntu 19.10
Similar to what have been done for fedora and CentOS. Timothée Floure
07:37 AM Task #7345: Cleanup & upstream matrix-related types
The project has been imported under https://code.ungleich.ch/ungleich-public/matrix-cdist-types. Moving to issue #669... Timothée Floure

12/25/2019

05:55 PM Task #7427 (In Progress): Rough draft to support console on our VMs
Ahmed Bilal

12/24/2019

07:15 PM Task #7427 (Closed): Rough draft to support console on our VMs
Django part done. LDAP account is created as soon as user login to datacenterlight. Ahmed Bilal

12/21/2019

02:53 PM Task #7520: Checkout whether OSPF can be helpful for DCL
parameters mismatch between switch & routers: disable switch for the moment... Nico Schottelius
02:35 PM Task #7520: Checkout whether OSPF can be helpful for DCL
Testing on arista:... Nico Schottelius
02:16 PM Task #7520: Checkout whether OSPF can be helpful for DCL
Seems like these code blocks are already enough for internal route exchange:... Nico Schottelius
01:49 PM Task #7520 (Closed): Checkout whether OSPF can be helpful for DCL
* testing with new routers
* Todo: find out how to limit route imports in arista via ospf
Nico Schottelius
12:25 PM Task #7519: uncloud test run 2019-12-21
arch
* etcd3 error message might be improve / error out on import error
** fail only when it is required for oper...
Nico Schottelius
12:22 PM Task #7519 (Closed): uncloud test run 2019-12-21
* Convince Nico that it works ;-)
* On Alpine and Arch
Nico Schottelius

12/20/2019

09:47 PM Task #7304: Test NAT64 with distributed routers with joold on alpine
* Configuring router1.place6 for NAT64
** Prefix 2a0a:e5c0:2:10::/96...
Nico Schottelius
04:10 PM Task #7514 (Closed): Investigate slow sshd start on Fedora/CentOS8 images
* To investigate
- Likely due to low entropy => havegd should help.
Timothée Floure
12:56 AM Task #7377: Create an active-active NAT64 gateway
Session exist on one router, session does not exist on other one -> multicast issue?... Nico Schottelius
12:28 AM Task #7377: Create an active-active NAT64 gateway
Using the new NAT64 IPv4 address on both machines:... Nico Schottelius
12:27 AM Task #7377: Create an active-active NAT64 gateway
Need to add pool entries for each protocol:... Nico Schottelius
12:23 AM Task #7377 (In Progress): Create an active-active NAT64 gateway
... Nico Schottelius

12/19/2019

07:41 PM Task #7507 (Rejected): Monitor upstream releases / security advisories
We deploy some application directly from upstream VCS, which means the underlying distribution does not provide us wi... Timothée Floure
05:41 PM Task #7345: Cleanup & upstream matrix-related types
Just added you to ungleich-public, please move there Nico Schottelius
04:57 PM Task #7345: Cleanup & upstream matrix-related types
Both matrix-synapse and matrix-riot should be usable now, although they need some real-world testing which will handl... Timothée Floure
05:29 PM Task #7504 (Rejected): Document OpenNebula image creation
Peoples ask how to build new images from time to time, it would be easier if the requirements/workflow was documented... Timothée Floure
05:14 PM Task #7478 (Closed): Create script to create centos8 image suitable for opennebula

Thanks!
redmine@ungleich.ch writes:
Nico Schottelius
04:46 PM Task #7478 (Resolved): Create script to create centos8 image suitable for opennebula
From what I saw on #ungleich-web, the CentOS 8 image has been deployed. Timothée Floure
05:11 PM Task #7496 (In Progress): Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
Timothée Floure
02:13 PM Task #7503: Create script to create new / updated OpenBSD image for OpenNebula
Note by @kirill on chat.ungleich.ch // datacenterlight:
> regarding Task #7503 - remember to add family inet6 inet...
Timothée Floure
09:58 AM Task #7503 (Rejected): Create script to create new / updated OpenBSD image for OpenNebula
* Upgrading to 6.6
* The original image was made by @reyk
* The logic is basically the same as the other images, ho...
Nico Schottelius
09:55 AM Task #7502 (Closed): Create script to create new / updated FreeBSD image for OpenNebula
* 12.1 is out for a while
* The original image was made by @kamila
* The logic is basically the same as the other i...
Nico Schottelius

12/17/2019

06:45 PM Task #7478 (Feedback): Create script to create centos8 image suitable for opennebula
Related Merge Request: https://code.ungleich.ch/ungleich-public/ungleich-tools/merge_requests/4
The image has been d...
Timothée Floure
05:41 PM Task #7472 (Closed): Fix the fedora image for resize

Nice job!
redmine@ungleich.ch writes:
Nico Schottelius
05:23 PM Task #7472 (Resolved): Fix the fedora image for resize
Solved by https://code.ungleich.ch/ungleich-public/ungleich-tools/commit/09a05b6a56f55fe27a37d26aaab13c65aa82a9f5. Timothée Floure
12:49 PM Task #7345: Cleanup & upstream matrix-related types
Moving ticket to Open Infrastructure Nico Schottelius
12:37 PM Task #6694: Setup matrix server and bridge matermost into it
I've been working on matrix cdists types during the last H4G: https://redmine.ungleich.ch/issues/7345
It's not compl...
Timothée Floure
12:00 PM Task #7496 (Closed): Create 2 new IPv6 only unbound based resolving DNS servers providing DNS64
h2. Background
We want VPN users or anyone to be able to select if they get NAT64 or not. Currently our bind decid...
Nico Schottelius
11:14 AM Task #6671: Setup mastodon/pleroma for ungleich
ack
redmine@ungleich.ch writes:
Nico Schottelius
10:54 AM Task #6671 (Seen): Setup mastodon/pleroma for ungleich
I just gave a quick look at both the initial Mastodon implementation and Pleroma and will likely go with the later:
...
Timothée Floure

12/16/2019

02:02 PM Task #7478 (In Progress): Create script to create centos8 image suitable for opennebula
Timothée Floure
02:01 PM Task #7478: Create script to create centos8 image suitable for opennebula
I bootstraped an initial image but there's still some cleanup to do. Timothée Floure
10:07 AM Task #7482: On Alpine Linux the monit job for node-exporter uses the wrong path
> Add an "os" check into manifest/dcl in the router section to use a different __ungleich_monit config depending on t... Timothée Floure

12/15/2019

11:03 PM Task #7483 (Closed): Update the __consul cdist type for alpine
seems like the configuration place is different on current alpine that what we assumed/what is in our normal config f... Nico Schottelius
11:01 PM Task #7482 (Closed): On Alpine Linux the monit job for node-exporter uses the wrong path
Current state is:... Nico Schottelius
05:31 PM Task #7478 (Closed): Create script to create centos8 image suitable for opennebula
* centos8-build-opennebula.sh or similar
* goes into ungleich-tools
Nico Schottelius
11:47 AM Task #7472 (Closed): Fix the fedora image for resize
* In theory the opennebula scripts *should* do that
** I think I have even seen scripts in /etc/one-context.d that *...
Nico Schottelius

12/10/2019

05:04 PM Task #7456 (Rejected): Prototype support for IPv6 only mail servers
* incoming via bounce/transfer host
** whitelist of domains + smarthost settings?
* outgoing
** check whether MX ...
Nico Schottelius

12/09/2019

03:04 PM Task #6601: Setup the arista switches at place6-east and place9
place9 is no more/ partially moved to place10 ll nu
11:54 AM Task #6601 (Closed): Setup the arista switches at place6-east and place9
ll nu
03:02 PM Task #7185: Setup network monitoring system on new off-site VPS
ABK is added to sre@
imap mailbox creation is pending
ll nu
11:46 AM Task #7185 (Seen): Setup network monitoring system on new off-site VPS
ll nu
11:54 AM Task #7026 (Closed): place9 hacking for getting ceph + netboot running
ll nu
11:54 AM Task #6982 (Closed): Ensure that setting up a new ceph cluster is less than 5 minutes of work
ll nu
11:54 AM Task #6582 (Closed): Setup the first router
ll nu
11:46 AM Task #7438 (Seen): Explore local ucloud setup
ll nu
11:46 AM Task #7437 (Seen): Run ucloud with a single authentication token
ll nu
11:46 AM Task #7409 (Seen): Replace ipv4 on internal routes with multip protocol IPv6
ll nu
11:46 AM Task #7312 (Seen): Ensure that all available disks are correctly used in ceph
ll nu
11:46 AM Task #7261 (Seen): Create ipv6-spoofing nebula n-interface for place5 and understand how and why it exists
ll nu
11:46 AM Task #7162 (Seen): Submit a patch for the alpine bird2 package to run as user bird
ll nu
11:46 AM Task #7114 (Seen): Test performance of tayga-mt
ll nu

12/07/2019

12:50 PM Task #7439 (Rejected): Add support for different authentication methods
* local/no authentication
* remote
** uotp
** ldap
** etcd based (???)
Nico Schottelius
12:37 PM Task #7438 (Closed): Explore local ucloud setup
* no public listeners
* all local
* no authentication
* no ceph by default
Nico Schottelius
12:35 PM Task #7437 (Closed): Run ucloud with a single authentication token
* No uotp
* No ldap
* No nothing
Nico Schottelius
10:58 AM Task #7436 (In Progress): Hack-a-ucloud-weekend (2019-12-07)
Nico Schottelius
10:57 AM Task #7436 (New): Hack-a-ucloud-weekend (2019-12-07)
Doc/uotp seems to be outdated:... Nico Schottelius
10:47 AM Task #7436 (In Progress): Hack-a-ucloud-weekend (2019-12-07)
Nico Schottelius
10:22 AM Task #7436 (Closed): Hack-a-ucloud-weekend (2019-12-07)
h2. objective
* get ucloud into a customer usable state
h2. Tasks
* how does a user interact with ucloud?
*...
Nico Schottelius

12/06/2019

12:44 AM Task #7427 (Rejected): Rough draft to support console on our VMs
* Migrate dynamicweb user base to ldap
** write script to migrate users (passwords? do we have to reset / have them ...
Nico Schottelius
 

Also available in: Atom