February 2017 - Heroes - openSUSE Mailing Lists

[heroes] infra/salt pillar improvement
by Niels Abspoel 05 Mar '17

05 Mar '17

Hello to all, First of all let me introduce myself, my name is Niels Abspoel. I have been asked to join the infra team by Theo. I have worked on the openSUSE salt package before the systemsmanagement team took over. In the meantime I have kept myself busy with the salt-formulas on github. I work for a company named Webscale B.V. as a systems engineer and configuration management expert. Now that is out of the way, Why am I mailing: I think the infra/salt pillar setup on gitlab.opensuse.org can benefit from pillar stack configuration: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html For more information on a real world example: https://www.youtube.com/watch?v=F3K706JJ2EI -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

3 10

[heroes] naming pattern
by Theo Chatzimichos 03 Mar '17

03 Mar '17

Hello, I would like to start a discussion regarding the naming pattern of our VMs. Right now there is a total mess and we need to be consistent. So here is what I propose, after a discussion I already had in a SUSE-IT's team meeting. Please be aware that NONE of the things I describe below have actually been implemented yet, so everything is up for discussion. I would like to start implementing them soon though, so I'll give the topic a deadline of three weeks (until the next team meeting, 5th of March). FQDN form proposal: $unique_ID.$location.$purpose.opensuse.org ### unique_ID This is a unique name for every machine. When one name is used, it can NEVER be reused. Thus, we will need to list them somewhere (at the progress opensuse-admin-wiki for example) (both the current and the deprecated ones) Proposals for the unique ID: 1) pattern like vmXY (X and Y being increasing numbers) 2) the cartoon names we currently have I would prefer: - cartoon names for production instances - vmXY or workerXY for CI/OBS workers - whatever for testing instances, but not cartoon names ### location This can be the country code, or city name. I would prefer the country code ### purpose This could be: - infra or prod for production instances (I prefer infra) - test for testing instances - worker for workers Examples on how our instances' FQDNs will look like: ariel.de.infra.opensuse.org donald.de.infra.opensuse.org goofy.cz.infra.opensuse.org daisy.us.infra.opensuse.org mediawiki.de.test.opensuse.org salt1.us.test.opensuse.org https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Naming_patt… -- Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com> System Administrator SUSE Operations and Services Team

5 9

[heroes] Getting some action
by Nick Mantas 02 Mar '17

02 Mar '17

Greetings guys! My name is Nikos and I am currently an undergraduate student in Computer Science. I have been contributing to the project for almost 2 years now but not in the infrastructure. I really don't know which task is suitable for me but i really want to help out and learn as much as i can at the same time. I code in python and am mostly focused on the security field but i can take up any task as as long as i have a bit of guidance. You know what they say: start form the bottom :) Cheers Nikos Mantas -- Nick Mantas -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

3 2

[heroes] meeting logs and summary
by Theo Chatzimichos 02 Mar '17

02 Mar '17

Hello, I uploaded meeting logs from the last meetings, but I didn't write summaries. You can find them in the progress wiki, but maybe it would be a good idea to move them to en.opensuse.org? Our meetings are public either way, and people could benefit from reading our summaries etc. Opinions? https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Meetings -- Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com> System Administrator SUSE Operations and Services Team

4 5

[heroes] security team informed about openSUSE:infrastructure
by Theo Chatzimichos 01 Mar '17

01 Mar '17

Hello, just fyi, I sent a mail to the security team to monitor openSUSE:infrastructure and its subprojects. I'll let you know about the results of the discussion -- Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com> System Administrator SUSE Operations and Services Team

1 1

[heroes] Dropping/Blocking Email Addresses from our mailing lists
by Lars Vogdt 01 Mar '17

01 Mar '17

Hi Today I got an emergency call from our security team: their mailing list was "spammed" from a bot (aka ticket system) - as the ticket system address (which looks it was in CC of one Email to the list) generated an Email to the list - getting an answer from mlmmj that it is not subscribed, which generated a new ticket with an automated answer, which was answered by mlmmj... (I think you got the loop) As result, I created /etc/postfix/sender_access with : $EMAIL DROP inside, did "postmap /etc/postfix/sender_access" and adapted /etc/postfix/main.cf : smtpd_recipient_restrictions = [...],check_sender_access hash:/etc/postfix/sender_access For the moment, this seems to successful break the loop, but as I'm neither the maintainer of the system nor sure that this is a good/stable solution, I hope that I simply did not break too much... Feel free to adjust/remove/whatever with the above information. Maybe someone has already a better idea...? with kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

3 2

[heroes] RFC: Preparing meeting at 2017-03-05, 18:00 UTC
by Lars Vogdt 24 Feb '17

24 Feb '17

Hi As I had some topics in mind for our next meeting, that I don't want to forget, I started to think about where to save them... Other teams have some information about their meetings in the wiki - so I started to setup https://en.opensuse.org/openSUSE:Heroes/Meetings ...but during that, I felt that it might be also a good idea to use our admin tool also to collect the topics and provide a schedule - so I ended up with: https://progress.opensuse.org/projects/opensuse-admin/issues?query_id=36 which is a custom query containing only issues reported in the Redmine Category "Event". My idea is to use this Category maybe also for Conferences and other stuff later. Using: https://progress.opensuse.org/projects/opensuse-admin/issues/calendar?query… should provide you with an overview of upcoming events. One problem might be that I did not find a way to include the time in the calendar, so I used the summary for it. But I hope this is a not so problematic issue for now. Instead of putting the topics in the description, I hope it's a good idea using a checklist instead (as everybody can easily add a checklist entry that will then be added in the top) - but we can also change this. What do you think? Would that work also for you - and help to organize our meeting? with kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

2 2

[heroes] NOTICE: Please Configure Your openSUSE Mirror Appropriately
by Richard Brown 22 Feb '17

22 Feb '17

Dear openSUSE Mirror Hosts, Thank you for your continued hosting of openSUSE Mirrors. While recently resolving an issue with rsync.opensuse.org we realised that a significant number of you are using rsync.opensuse.org as your content source. rsync.opensuse.org is meant to be a publicly available mirror host, but as registered hosts on this mailing list, you are entitled to use stage.opensuse.org, our dedicated mirror host for you. This server not only provides access to pre-release content, but is the authoritative source for all openSUSE content, including rsync.opensuse.org. As registered mirrors, please configure your sync cronjobs to use stage.opensuse.org instead of rsync.opensuse.org. This is particularly important for mirrors hosting openSUSE Tumbleweed (formerly known as Factory) which has a higher rate of change. While I'm mentioning Tumbleweed, if you are hosting a Tumbleweed mirror, please consider ensuring your sync cronjobs run more often than once every 24 hours. Also, if you are not running a Tumbleweed mirror, please consider altering your configuration to do so. Tumbleweed is more and more a key offering of the openSUSE Project and we really could benefit from more Tumbleweed mirrors. Compared to the "opensuse-full" module the addition of Tumbleweed will take approximately 60GB more disk space with an estimated rate of change of ~5GB per day (with a 'worst-case' rate of change being 60GB which occurs once or twice a year). You can achieve this by altering your sync cronjob to use the "opensuse-full-with-factory" rsync module. This request is part of an ongoing program of improvements including increased bandwidth for stage.opensuse.org expected on 1st March (doubling) & 1st June (4x more, 8x current) If you are experiencing problems with stage.opensuse.org performance, please let us know, especially after the above dates. Your ongoing feedback & support will help us shape and tune these improvements as we go forward. Many Thanks, -- Richard Brown openSUSE Chairman -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

3 3

[heroes] FYI: Infrastructure status
by Lars Vogdt 10 Feb '17

10 Feb '17

Hi @ll I just want to give a short update of the tasks I'm aware of and we discussed during our Christmas meeting: * The FreeIPA machine is up and running now - but currently only reachable via the internal network between the machines in Nuremberg (and we need to make an exception for each machine who wants to have access via firewall rules). So we might be able to switch to a separated LDAP authentication for all services (like Gitlab, Monitoring, Status page, ...) in a few days. => THANKS to darix for his work on this! * I was thinking about the Monitoring part for a while, and came to the conclusion that providing one of the standard monitoring pages to our users might not really be useful for them. So I searched for an alternative and found https://cachethq.io/ - an open source status page system that would allow us to inform our users via personal written notifications, schedule maintenance windows and use an API to automate this. Our users might also benefit from an RSS and Atom feed and can subscribe via Email to services they are interested in. I'm currently working on an initial RPM package in my home and started to play along with the application. * I did not process much in the monitoring area, as I was too busy with other tasks - but at least we have a running VM now that can be used to setup monitoring of the machines running in Nuremberg (volunteers?). And a final question: while I wrote the first two articles of our Christmas meeting on news.opensuse.org, I'm currently not sure if I should also write the final one or if someone else wanted to do this? For me it is important to have such a final article as we discussed about the next steps and their priorities just on the 3rd day - but I'm fine with waiting if someone else just did not find the time to do it. :-) With kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

2 1

[heroes] support for package installation in salt
by Theo Chatzimichos 09 Feb '17

09 Feb '17

Hello, I added support for package installation in salt. Right now I added aaa_base-extras in pillar/common.sls that will be installed in all machines. Assuming we have a proper role grain in a machine set up, we can add packages under pillar/role/$role.sls as well to get it installed on a specific role as well. There is support also for installing packages from a specific repository via the fromrepo attribute, eg zypper: packages: nrpe: fromrepo: openSUSE:infrastructure Let me know if you need further info or if you have further ideas -- Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com> System Administrator SUSE Operations and Services Team

2 4