Open Infrastructure

07/01/2020

NS 11:47 AM Task #7337 (Rejected): Import network documentation to Netbox

Nico Schottelius

NS 11:47 AM Task #7335 (Rejected): Add alpine ceph install/helper scripts to ungleich-tools

Nico Schottelius

NS 11:47 AM Task #7260 (Rejected): Add rng pci-e device to vms

Nico Schottelius

NS 11:41 AM Task #7108 (Rejected): Document / update ceph documentation to bootstrap from zero

Nico Schottelius

TF 06:48 AM Task #8251 (Closed): Matrix homeserver autodiscovery in client does not work.

Well-known URLs such as https://ungleich.ch/.well-known/matrix/client should allow clients to discover the correct HS address -> does not work for some reason.
See https://matrix.org/docs/spec/client_server/r0.6.1#get-well-known-matri... Timothée Floure

06/24/2020

NS 06:41 AM Task #8202 (Rejected): ceph upstream: ask for one more digit in ceph -s

Current ceph -s output: Nico Schottelius

06/23/2020

TF 05:47 PM Task #8201 (Rejected): Setup our own NTP pool

Likely on black1..3. Timothée Floure

06/16/2020

NS 02:52 PM Task #8176 (Seen): Verify/update our HSTS, SPF and starttls settings

* See https://www.hardenize.com/report/ungleich.ch/1592309898 Nico Schottelius

06/15/2020

NS 04:35 PM Task #7027: Add new command to cdist / extend cdist to easily generate preos with ssh pubkey

Basically the expected outcome is a pre-os image that can directly be
used to run cdist config/install.
redmine@ungleich.ch writes: Nico Schottelius

DP 04:19 PM Task #7027: Add new command to cdist / extend cdist to easily generate preos with ssh pubkey

Nico,
I am not sure I got this right.
Essentially you need some kind of a wrapper command in front of specific preos sub-command (ubuntu, devuan, debian)?
Only parameters to be set are preos type (devuan, debian) and ssh keys? Darko Poljak

TF 11:42 AM Task #7162 (In Progress): Submit a patch for the alpine bird2 package to run as user bird

Patch sent to alpine: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/9267 Timothée Floure

TF 10:25 AM Task #7162: Submit a patch for the alpine bird2 package to run as user bird

ll nu wrote:
> need to verify if its still not implemented
It is not (https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/testing/bird/bird.initd), but totally doable and already done by Fedora: https://src.fedoraproject.org/r... Timothée Floure

NS 11:04 AM Task #7553 (Rejected): Setup conntrackd to allow active active firewalls

Not needed atm
redmine@ungleich.ch writes: Nico Schottelius

TF 09:31 AM Task #7553 (New): Setup conntrackd to allow active active firewalls

Not a priority at the moment - moving to low. Timothée Floure

TF 10:21 AM Task #8091: Alpine-based Opennebula workers

Upstreaming RBD support for qemu in alpine is being discussed on https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/8795 Timothée Floure

TF 09:59 AM Task #8111 (In Progress): Monitor unbound nodes

Everything's in prometheus/grafana: we just need alerts. Timothée Floure

TF 09:58 AM Task #7992 (Closed): Make TURN server usable to matrix/synapse instances

Fixed a long time ago :-) Closing. Timothée Floure

TF 09:57 AM Task #7930: Monitoring LAN in place6

Up and running! It still need:
* Documentation.
* Testing/checking on cdist-backed vlan creation on ONe workers. Timothée Floure

TF 09:56 AM Task #7982 (Closed): Build DCL image for F32

Deployed some time ago. Closing. Timothée Floure

TF 09:55 AM Task #6671 (Closed): Setup mastodon/pleroma for ungleich

Mastodon is deployed at social.ungleich.ch.
https://redmine.ungleich.ch/projects/open-infrastructure/wiki/Socialungleichch doe bascis details. Timothée Floure

TF 09:50 AM Task #7545: Switch production LDAPs to cdist-managed alpine

This is at the top of my TODO next time I come to Glarus, I don't want this to be delayed anymore. Timothée Floure

TF 09:48 AM Task #7641 (Waiting): create images for uncloud

We already have the Fedora and Ubuntu images, which is good enough for the time being. Let's put this on hold for now due to other priorities. Timothée Floure

TF 09:33 AM Task #8110 (Closed): Investigate unbound{1,2}.place6.ungleich.ch crashes

I updated the unbounds ~ 1 week ago and they have been up and running since then (there's monitoring now, althought not alerts yet).
I'm closing this ticket - to be reopened if it happens again. Timothée Floure

06/11/2020

NS 09:36 AM Task #7317 (Rejected): Create placeA @Diesbach

Nico Schottelius

NS 09:36 AM Task #7312 (Rejected): Ensure that all available disks are correctly used in ceph

Nico Schottelius

NS 09:36 AM Task #7261 (Rejected): Create ipv6-spoofing nebula n-interface for place5 and understand how and why it exists

Nico Schottelius

NS 09:35 AM Task #7182 (Closed): Update router configuration for place5

Nico Schottelius

NS 09:35 AM Task #7097 (Rejected): Recompile alpine-extended iso for usb booting

Nico Schottelius

NS 09:34 AM Task #6901 (Rejected): Describe on how to configure the files service

Nico Schottelius

NS 09:33 AM Task #7239 (Rejected): Explain to Nico how a data block is distributed / saved in ceph and relate it to our missing space problem

Nico Schottelius

NS 09:33 AM Task #7114 (Rejected): Test performance of tayga-mt

Nico Schottelius

NS 09:32 AM Task #6972 (Rejected): Learn how to rebuild the server OS with cdist preos and document it in the wiki

Nico Schottelius

06/08/2020

NS 10:52 AM Task #8129: Phase in AS207996 for place6

Current route objects in the ripe database from AS209898: Nico Schottelius

06/07/2020

NS 03:17 PM Task #8129: Phase in AS207996 for place6

* Added ROAs
!2020-06-07-151647_1329x916_scrot.png! Nico Schottelius

NS 10:22 AM Task #8129: Phase in AS207996 for place6

Test config: Nico Schottelius

NS 10:11 AM Task #8129 (Closed): Phase in AS207996 for place6

* Splitting AS
* Treating other side as eBGP
* Test network: https://netbox.ungleich.ch/ipam/prefixes/232/ Nico Schottelius

06/06/2020

TF 09:57 AM Task #8048: Unable to log in to matrix/riot

Removing one is easy but you'll loose access to the related services. If you give a list of linked services I might be able to migrate them to the second account. Timothée Floure

06/05/2020

NS 11:01 AM Task #8123 (Rejected): Document how to update the BGP configuration

* checkout latest cdist commit
* Upstream contacts are in netbox
* We need to update OUR ripe objects to say that we peer with the specific ASN
** Modify the object *as-set "as-ungleich-downstream"*
** on ripe.net
Nico Schottelius

06/03/2020

TF 09:42 AM Task #8090 (Closed): DCL image for Alpine 3.12

Deployed to production - closing. Timothée Floure

TF 09:39 AM Task #8091: Alpine-based Opennebula workers

Currently working on alpine CEPH packaging for rbd support. Timothée Floure

TF 08:11 AM Task #6671: Setup mastodon/pleroma for ungleich

I played a bit with Pleroma a few days/weeks ago: IPv6 support is totally broken. Erlang/elixir often separate calls/options for ''inet'' and ''inet6'', which means someone has to think about IPv6 support at some point: it never happened... Timothée Floure

TF 08:06 AM Task #8111 (Rejected): Monitor unbound nodes

There's a prometheus exporter for unbound: https://github.com/wish/unbound_exporter
TODO: deploy it against service-monitoring, sexy grafana graph + alerts. Timothée Floure

TF 08:02 AM Task #8110 (Closed): Investigate unbound{1,2}.place6.ungleich.ch crashes

I increased log verbosity on unbound1.p6, and will try to see if there's anything amiss. Timothée Floure

06/02/2020

LN 07:51 PM Task #7244 (Closed): create CentOS8 image for dcl and ipv6onlyhosting

ll nu