queue: Issueshttp://localhost:3000/http://localhost:3000/favicon.ico?16699092332019-07-18T11:13:48Zungleich redmine
Redmine Task #6981 (Rejected): Add encryption/signing of messages into RT (support.ungleich.ch)http://localhost:3000/issues/69812019-07-18T11:13:48ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>Generate a keypair</li>
<li>Save it in our password store</li>
<li>Configure RT to use it</li>
</ul>
<a name="Objective"></a>
<h2 >Objective<a href="#Objective" class="wiki-anchor">¶</a></h2>
<ul>
<li>Be able to verify signatures of customers</li>
<li>Be able to receive encrypted messages from customers</li>
<li>By default send signed messages</li>
</ul> Task #6811 (Rejected): Create a new easy to use cloud / vmm manager [project name: Kraut cloud, c...http://localhost:3000/issues/68112019-06-08T18:30:44ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Based on ideas from hack4glarus 2019 summer edition: <a class="wiki-page" href="http://localhost:3000/projects/hack4glarus-2019-summer/wiki/Crowd_cloud">Crowd_cloud</a></p> Task #6810 (Rejected): Add a wireguard prometheus exporter to our infrastructurehttp://localhost:3000/issues/68102019-06-08T18:28:04ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Parse output from wg show and make it available for prometheus</p>
<ul>
<li>Export "up" vpns</li>
<li>Export received/sent traffic</li>
<li>Export latest handshake</li>
</ul> Task #6686 (Rejected): Implement game challenges 7-http://localhost:3000/issues/66862019-05-13T22:24:58ZNico Schotteliusnico.schottelius@ungleich.ch
<p>To be defined:</p>
<ul>
<li>challenge 7: </li>
<li>challenge 8: </li>
<li>challenge 9: </li>
<li>challenge 10:</li>
</ul> Task #6685 (Rejected): Implement game challenges 1-6http://localhost:3000/issues/66852019-05-13T21:36:17ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>challenge 1: register an ipv6 network (10 points)
<ul>
<li>we generate a random ip in that network, name it "user ip" </li>
</ul>
</li>
<li>challenge 2: the user needs to configure the "user ip" to be ping'able; gets points when the user triggers/submits and at that time we can ping the ip address (20 points)</li>
<li>challenge 3: the user needs to be reachable by http on her "user ip" (30 points if reachable)</li>
<li>challenge 4: the user needs to configure a DNS server that is answering requests in the domain "$username.ungleich.cloud" (120 points)</li>
<li>challenge 5: the user needs setup a second DNS server; we generate a 2nd random IP and let the user know the ip address; successful if it answers requests in "$username.ungleich.cloud" (20 points)</li>
<li>challenge 6: setup https: we generate a DNS name ("$username.something") and the user needs to retrieve an SSL certificate from letsencrypt and should be reachable via https (80 points)</li>
</ul> Task #6679 (Rejected): Create ungleich game, a flask based game to show system engineering skillshttp://localhost:3000/issues/66792019-05-13T10:20:08ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>high score & intro on landing page</li>
<li>toolchain (= tools that you will use)
<ul>
<li>flask</li>
<li>pipenv</li>
<li>etcd</li>
<li>REST</li>
</ul>
</li>
<li>Tasks
<ul>
<li>get a vm
<ul>
<li>ipv6 only, alpine</li>
</ul>
</li>
<li>create a user, install pipenv, setup flask with pipenv</li>
<li>get hello world running with flask</li>
<li>create a CLI (= a python script) that allows a user to register == (cli = command line interface)
<ul>
<li><code>ungleichgame register nico</code> # creates the user nico</li>
</ul>
</li>
<li>create register page => register user (no passwords!)</li>
<li>create landing page with high score in flask</li>
</ul>
</li>
<li>List of Challenges</li>
</ul> Task #6625 (Closed): Fix our dkim setuphttp://localhost:3000/issues/66252019-04-25T15:24:15ZNico Schotteliusnico.schottelius@ungleich.ch
<pre>
From: Maximilian Eschenbacher <maximilian@XXX>
To: info@ungleich.ch
Subject: DKIM verification failure on ungleich.ch
Flags: seen, signed
Date: Mon 22 Apr 2019 10:21:13 PM CEST
Maildir: /ungleich/inbox
Attachments: [1]1.msgpart(358)
Signature: unverified (Details)
Hey there!
I've recently reconfigured my mail setup an noticed a DKIM verification
failure in my logs for a mail to the bird-users-ML and though I'd give
you a heads up:
Apr 20 18:55:27 qadesch opendkim[24840]: 9AB3215F613: key retrieval failed (s=mail, d=ungleich.ch): 'mail._domainkey.ungleich.ch' record not found
Best regards
Maximilian Eschenbacher
</pre> Task #6519 (Rejected): Stabilisation spring 2019http://localhost:3000/issues/65192019-03-10T11:34:39ZNico Schotteliusnico.schottelius@ungleich.ch
<p>We need to add / change:</p>
<ul>
<li>CHANGE mirror.ungleich.ch cannot be used in cdist types that are used on servers
<ul>
<li>I suggest to introduce "mirror.placeX.ungleich.ch" in each place</li>
<li>I suggest to point mirror.placeX.ungleich.ch to the active router IP (IPv6 only)</li>
<li>I suggest to use http[s]://mirror.placeX.ungleich.ch in the netboot image and cdist</li>
</ul>
</li>
<li>CREATE mirror.placeX.ungleich.ch
<ul>
<li>Install nginx on both routers</li>
<li>Ensure that the essential packages are present
<ul>
<li>Devuan packages</li>
<li>hwraid repo</li>
<li>consul / prometheus (?)</li>
</ul>
</li>
<li>Only usable for our own range (i.e. 2a0a:e5c0::/29 and the other v6 network)</li>
<li>Use nftables for it</li>
</ul>
</li>
<li>code.ungleich.ch cannot be used in cdist types that are used on servers:
<ul>
<li>code.ungleich.ch is a VM</li>
<li>if the VM is down, servers don't get configured</li>
<li>Suggestion: mirror the ungleich-tools repo to the routers, mirror.placeX..., accessible by http(s)</li>
</ul>
</li>
<li>We will try to connect all systems to UPS ONLY
<ul>
<li>My theory is that because they are also connected to the regular grid they experience an outage</li>
<li>We started with router1</li>
<li>Need to get in touch with Juanito or Bernegger (electricity company) to test whether UPS only setup works</li>
</ul>
</li>
<li>Update the monitoring infrastructure:
<ul>
<li>ensure that prometheus (port 9090) is not reachable without authentication</li>
<li>Ensure that there is 1 entry point for both monitoring systems</li>
<li>Ensure that changes (dashboards) are saved to both monitoring systems</li>
<li>Ensure that all production systems are monitored</li>
</ul></li>
</ul>
<p>Objective:</p>
<ul>
<li>Servers only depend on routers</li>
<li>If there is no network to the outside, servers are still booted/configured</li>
<li>If VMs are down, server are still booted/configured</li>
</ul>
<p>Jason, can you coordinate this with Dominique (consultant), Jin-Guk (implementation) and Roli/Marc/Sami (learning, understanding)?</p> Task #6452 (Rejected): Create a new django micro service: IPv6 wishlisthttp://localhost:3000/issues/64522019-02-08T20:28:48ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Hey William,</p>
<p>please implement a service that let's people submit and discuss what they would love to have supported by IPv6</p>
<ul>
<li>Use case A:
<ul>
<li>A user can submit that he / she wants to have IPv6 support for "X" (let's call this "topic")</li>
</ul>
</li>
<li>Use case B:
<ul>
<li>Users can upvote/agree (no downvote) that they would also like to have IPv6 for a created topic</li>
</ul>
</li>
<li>Use case C:
<ul>
<li>Users can comment on a topic
<ul>
<li>reddit alike</li>
<li>with a comment being able to have a comment as a parent (-> threading)</li>
</ul>
</li>
</ul>
</li>
<li>For people who are in our ldap indirectly:
<ul>
<li>we need to finish/revamp/cleanup account.ungleich.ch
<ul>
<li>When a user registers, account.ungleich.ch should create a user in otp.ungleich.ch automatically
<ul>
<li>name = username, realm=customer</li>
</ul></li>
</ul></li>
</ul></li>
</ul>
<p>Before starting, please discuss with Mondi about how to implement it.</p> Task #6211 (Rejected): Change nftrules on routers to DROP by defaulthttp://localhost:3000/issues/62112018-12-07T13:30:31ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>add new entries for forwarding & input that jump to log</li>
<li>use the log entries to find out which other rules we need</li>
<li>analyse over 1-2 weeks
<ul>
<li>log should get empty / no new entries should appear</li>
</ul>
</li>
<li>then set policy to drop</li>
</ul> Task #6068 (Rejected): Move redash (lorawan.ungleich.ch) to a new IPv6 only VM in place6http://localhost:3000/issues/60682018-11-16T10:07:33ZNico Schotteliusnico.schottelius@ungleich.ch
<p>Hey Dongwoo,</p>
<p>this is a great task for practising. It's a lot of small and easy steps to ensure everything works.<br />When migrating to a new IPv6 only VM, we might need to change our setup from "TTN sends data via http post" to "We poll data from TTN via <cite>? (where ?</cite> might be MQTT)"</p>
<ul>
<li>Create a new VM
<ul>
<li>10GB SSD, 100 GB HDD</li>
<li>Setup DNS for the VM: lorawan-dev.ungleich.ch</li>
<li>Setup redash (can be OS or docker, latter might be easier)</li>
<li>Setup postgresql</li>
<li>Setup a new user</li>
<li>Clone <a class="external" href="https://code.ungleich.ch/ungleich-public/lorawan/">https://code.ungleich.ch/ungleich-public/lorawan/</a></li>
<li>Login to <a class="external" href="https://www.thethingsnetwork.org/">https://www.thethingsnetwork.org/</a> (= TTN)</li>
<li>Let Nico know which username you have at TTN</li>
</ul>
</li>
<li>Create a new integration so that you can get the data</li>
<li>Create a new script similar to ttnv2receiver.py (from <a class="external" href="https://code.ungleich.ch/ungleich-public/lorawan/">https://code.ungleich.ch/ungleich-public/lorawan/</a>) that polls the data and writes it into the database</li>
<li>Install monit and configure monit to ensure that the script is always working</li>
<li>Configure redash to use LDAP based login</li>
</ul>
<p>At this point we should have a full replacement of lorawan.ungleich.ch. Now we make things pretty:</p>
<ul>
<li>Put all steps into cdist</li>
<li>Create a new VM</li>
<li>Setup DNS lorawan-new.ungleich.ch</li>
<li>Only run cdist against it</li>
<li>The new VM should be in the same state as the previous VM</li>
<li>Delete the previous VM lorawan-dev.ungleich.ch</li>
</ul>
<p>Now we do the migration:</p>
<ul>
<li>Delete database on lorawan-new.ungleich.ch (i.e. make it clean)</li>
<li>Export old data from lorawan.ungleich.ch to lorawan-new.ungleich.ch</li>
<li>Ensure that new data is still added on lorawan-new.ungleich.ch</li>
<li>If everything is good:
<ul>
<li>Delete old VM</li>
<li>Rename new VM in DNS to lorawan.ungleich.ch</li>
</ul></li>
</ul> Task #5930 (Closed): [user request] Evaluate, if we can replace google analytics with https://mat...http://localhost:3000/issues/59302018-11-01T17:49:57ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>Have a test installation</li>
<li>Use it on ungleich.ch</li>
<li>See results</li>
</ul> Task #5808 (Rejected): Provide 2 ntp servers: one in place5, one in place6 and join the ntp poolhttp://localhost:3000/issues/58082018-10-11T13:29:31ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>See <a class="external" href="https://www.ntppool.org/en/join.html">https://www.ntppool.org/en/join.html</a></li>
<li>Discuss with Dominique on which machines to put the ntp server (I suggest routers or APU, as VMs are not good)</li>
<li>Involve Malcom to write a blog article about us joining afterwards</li>
</ul>
<p>And afterwards adjust our ntp type to use <strong>time</strong> as a time server and define "time.placeX.ungleich.ch" for each place.</p> Task #5611 (Closed): Modify all VM templates in opennebula so that VMs via web are created in pla...http://localhost:3000/issues/56112018-09-13T12:06:27ZNico Schotteliusnico.schottelius@ungleich.ch
<ul>
<li>We have templates that we use from the web</li>
<li>These templates use images that are data center LOCAL (i.e. either place5 or place6)</li>
<li>Modify the templates that are being used by the web team to use images in place6
<ul>
<li>Copy the template, change the image, test it and then change the original template after success</li>
</ul>
</li>
<li>Get in touch with the web team to find out which templates need to be modified</li>
</ul> Task #5436 (Closed): Figure out what the fortinet device is for and checkout if we have a use for ithttp://localhost:3000/issues/54362018-08-14T15:09:52ZNico Schotteliusnico.schottelius@ungleich.ch