Activity
From 05/26/2020 to 06/24/2020
06/24/2020
- NS 06:41 AM Task #8202 (Rejected): ceph upstream: ask for one more digit in ceph -s
- Current ceph -s output:
06/23/2020
- TF 05:47 PM Task #8201 (Rejected): Setup our own NTP pool
- Likely on black1..3.
06/16/2020
- NS 02:52 PM Task #8176 (Seen): Verify/update our HSTS, SPF and starttls settings
- * See https://www.hardenize.com/report/ungleich.ch/1592309898
06/15/2020
- NS 04:35 PM Task #7027: Add new command to cdist / extend cdist to easily generate preos with ssh pubkey
- Basically the expected outcome is a pre-os image that can directly be
used to run cdist config/install.
redmine@ungleich.ch writes: - DP 04:19 PM Task #7027: Add new command to cdist / extend cdist to easily generate preos with ssh pubkey
- Nico,
I am not sure I got this right.
Essentially you need some kind of a wrapper command in front of specific preos sub-command (ubuntu, devuan, debian)?
Only parameters to be set are preos type (devuan, debian) and ssh keys? - TF 11:42 AM Task #7162 (In Progress): Submit a patch for the alpine bird2 package to run as user bird
- Patch sent to alpine: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/9267
- TF 10:25 AM Task #7162: Submit a patch for the alpine bird2 package to run as user bird
- ll nu wrote:
> need to verify if its still not implemented
It is not (https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/testing/bird/bird.initd), but totally doable and already done by Fedora: https://src.fedoraproject.org/r... - NS 11:04 AM Task #7553 (Rejected): Setup conntrackd to allow active active firewalls
Not needed atm
redmine@ungleich.ch writes:- TF 09:31 AM Task #7553 (New): Setup conntrackd to allow active active firewalls
- Not a priority at the moment - moving to low.
- TF 10:21 AM Task #8091: Alpine-based Opennebula workers
- Upstreaming RBD support for qemu in alpine is being discussed on https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/8795
- TF 09:59 AM Task #8111 (In Progress): Monitor unbound nodes
- Everything's in prometheus/grafana: we just need alerts.
- TF 09:58 AM Task #7992 (Closed): Make TURN server usable to matrix/synapse instances
- Fixed a long time ago :-) Closing.
- TF 09:57 AM Task #7930: Monitoring LAN in place6
- Up and running! It still need:
* Documentation.
* Testing/checking on cdist-backed vlan creation on ONe workers. - TF 09:56 AM Task #7982 (Closed): Build DCL image for F32
- Deployed some time ago. Closing.
- TF 09:55 AM Task #6671 (Closed): Setup mastodon/pleroma for ungleich
- Mastodon is deployed at social.ungleich.ch.
https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Socialungleichch doe bascis details. - TF 09:50 AM Task #7545: Switch production LDAPs to cdist-managed alpine
- This is at the top of my TODO next time I come to Glarus, I don't want this to be delayed anymore.
- TF 09:48 AM Task #7641 (Waiting): create images for uncloud
- We already have the Fedora and Ubuntu images, which is good enough for the time being. Let's put this on hold for now due to other priorities.
- TF 09:33 AM Task #8110 (Closed): Investigate unbound{1,2}.place6.ungleich.ch crashes
- I updated the unbounds ~ 1 week ago and they have been up and running since then (there's monitoring now, althought not alerts yet).
I'm closing this ticket - to be reopened if it happens again.
06/11/2020
- NS 09:36 AM Task #7317 (Rejected): Create placeA @Diesbach
- NS 09:36 AM Task #7312 (Rejected): Ensure that all available disks are correctly used in ceph
- NS 09:36 AM Task #7261 (Rejected): Create ipv6-spoofing nebula n-interface for place5 and understand how and why it exists
- NS 09:35 AM Task #7182 (Closed): Update router configuration for place5
- NS 09:35 AM Task #7097 (Rejected): Recompile alpine-extended iso for usb booting
- NS 09:34 AM Task #6901 (Rejected): Describe on how to configure the files service
- NS 09:33 AM Task #7239 (Rejected): Explain to Nico how a data block is distributed / saved in ceph and relate it to our missing space problem
- NS 09:33 AM Task #7114 (Rejected): Test performance of tayga-mt
- NS 09:32 AM Task #6972 (Rejected): Learn how to rebuild the server OS with cdist preos and document it in the wiki
06/08/2020
- NS 10:52 AM Task #8129: Phase in AS207996 for place6
- Current route objects in the ripe database from AS209898:
06/07/2020
- NS 03:17 PM Task #8129: Phase in AS207996 for place6
- * Added ROAs
!2020-06-07-151647_1329x916_scrot.png! - NS 10:22 AM Task #8129: Phase in AS207996 for place6
- Test config:
- NS 10:11 AM Task #8129 (Closed): Phase in AS207996 for place6
- * Splitting AS
* Treating other side as eBGP
* Test network: https://netbox.ungleich.ch/ipam/prefixes/232/
06/06/2020
- TF 09:57 AM Task #8048: Unable to log in to matrix/riot
- Removing one is easy but you'll loose access to the related services. If you give a list of linked services I might be able to migrate them to the second account.
06/05/2020
- NS 11:01 AM Task #8123 (Rejected): Document how to update the BGP configuration
- * checkout latest cdist commit
* Upstream contacts are in netbox
* We need to update OUR ripe objects to say that we peer with the specific ASN
** Modify the object *as-set "as-ungleich-downstream"*
** on ripe.net
06/03/2020
- TF 09:42 AM Task #8090 (Closed): DCL image for Alpine 3.12
- Deployed to production - closing.
- TF 09:39 AM Task #8091: Alpine-based Opennebula workers
- Currently working on alpine CEPH packaging for rbd support.
- TF 08:11 AM Task #6671: Setup mastodon/pleroma for ungleich
- I played a bit with Pleroma a few days/weeks ago: IPv6 support is totally broken. Erlang/elixir often separate calls/options for ''inet'' and ''inet6'', which means someone has to think about IPv6 support at some point: it never happened...
- TF 08:06 AM Task #8111 (Rejected): Monitor unbound nodes
- There's a prometheus exporter for unbound: https://github.com/wish/unbound_exporter
TODO: deploy it against service-monitoring, sexy grafana graph + alerts. - TF 08:02 AM Task #8110 (Closed): Investigate unbound{1,2}.place6.ungleich.ch crashes
- I increased log verbosity on unbound1.p6, and will try to see if there's anything amiss.
06/02/2020
05/30/2020
- TF 09:18 AM Task #8093 (Closed): Spring cleaning in dot-cdist/manifest
- Our dot-cdist manifest/ directory is a mess!
TODO:
* Define a policy: what goes where and why.
* Move things around to comply with above policy. - NS 09:13 AM Task #8091: Alpine-based Opennebula workers
- Note:
Ceph is to 85-95% in our cdist. It's basically
a) install 3 monitors
b) install 1+ manager
c) have the network address setup correctly and bind for ipv6
redmine@ungleich.ch writes: - TF 08:57 AM Task #8091 (Closed): Alpine-based Opennebula workers
- Plan: move our ONE workers from devuan to alpine.
* I managed to get an alpine node to join my test ONE cluster.
** Now waiting for llnu to set me up a pet CEPH cluster.
* TODO: package/cdistify/upstream alpine node configuration.
... - TF 08:03 AM Task #8090 (Feedback): DCL image for Alpine 3.12
- Alpine 3.12 VM templates are now available in ONE.
- TF 07:52 AM Task #8090 (In Progress): DCL image for Alpine 3.12
- Currently building.
- TF 07:39 AM Task #8090 (Closed): DCL image for Alpine 3.12
05/29/2020
- NS 04:34 PM Task #7930: Monitoring LAN in place6
- Adding vxlan 33 to apu-routers:
- NS 03:02 PM Task #7930: Monitoring LAN in place6
- Vlan communication works:
- NS 02:49 PM Task #7930: Monitoring LAN in place6
- Check #1 vxlan communication doesn't work:
- SB 09:45 AM Task #8048: Unable to log in to matrix/riot
- Hi,
Thanks for the feedback.
Obviously I don't need two accounts. Is there a way to merge them into one?
-Stefan
Am 29.05.20 um 09:00 schrieb redmine@ungleich.ch: - TF 09:00 AM Task #8048 (Feedback): Unable to log in to matrix/riot
- Hello Sefan!
You have two entries in our internal directory:
* uid=mynameisretro,ou=customer,dc=ungleich,dc=ch
* uid=X2Go-ML-1@baur-itcs.de,ou=customer,dc=ungleich,dc=ch
You can use the `mynameisretro` username/account to l... - TF 09:03 AM Task #7553 (Waiting): Setup conntrackd to allow active active firewalls
- Is this still relevant? A lot of things changed since it has been opened.
- TF 09:02 AM Task #8069 (Waiting): Investigate potential bottleneck on storage/CEPH at DCL
- Waiting for @llnu to test a RAID controller with passthrough.
https://redmine.ungleich.ch/issues/8063?issue_count=4&issue_position=1&next_issue_id=8002#note-22
05/27/2020
- TF 12:42 PM Task #8069: Investigate potential bottleneck on storage/CEPH at DCL
- I'll be AFK for a little while: the big pain point is the hardware RAID controller.
* Unknown effect on IOPS (needs more digging, not obvious).
** The internet says (reddit, random wikis, CEPH mailing list) using RAID0 when passthrou... - TF 11:46 AM Task #8069: Investigate potential bottleneck on storage/CEPH at DCL
- Regarding PCIe AND SAS/SATA:
* Controllers are connected on x8 PCIe 2.0 => 500 MB/s per-lane for PCIe 2.0 -> x8 = 4 GB/s
* 6 GB/s SAS 2.0 connectivity -> how is this split between disks? Should be fine anyway.
- perc h700 support... - TF 11:26 AM Task #8069: Investigate potential bottleneck on storage/CEPH at DCL
- Regarding the RAID controllers:
* RAID0 (striping - redundancy is handled by CEPH across physical servers).
* Some controllers are battery-backed:
- Likely write-back cache.
* Some are not:
- Likely write-though cach... - NS 11:09 AM Task #8069: Investigate potential bottleneck on storage/CEPH at DCL
- Some questions we should be able to answer:
h2. Real scenarios
NOTE: assuming all disks running at 'full speed'.
NOTE: big big unknown here is how the cache of the RAID controller behave.
NOTE: unknown IOPS limitations on raid co... - TF 10:59 AM Task #8069: Investigate potential bottleneck on storage/CEPH at DCL
- Our hardware:
* RAID controllers: perc h700, perc h800
- Technical manual: https://www.dell.com/learn/us/en/04/shared-content~data-sheets/documents~perc-technical-guidebook.pdf
- 2x4 ports, 6GB SAS 2.0, x8 PCIe 2.0
- 512M to ... - TF 10:54 AM Task #8069 (Closed): Investigate potential bottleneck on storage/CEPH at DCL
- NS 12:25 PM Task #8048: Unable to log in to matrix/riot
- Can you coordinate with Stefan to get his account in order? :-)