Hello to all,
First of all let me introduce myself, my name is Niels Abspoel.
I have been asked to join the infra team by Theo.
I have worked on the openSUSE salt package before the
systemsmanagement team took over.
In the meantime I have kept myself busy with the salt-formulas on github.
I work for a company named Webscale B.V. as a systems engineer and
configuration management expert.
Now that is out of the way, Why am I mailing:
I think the infra/salt pillar setup on gitlab.opensuse.org can benefit
from pillar stack configuration:
https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html
For more information on a real world example:
https://www.youtube.com/watch?v=F3K706JJ2EI
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hello,
I would like to start a discussion regarding the naming pattern of our VMs.
Right now there is a total mess and we need to be consistent. So here is what I
propose, after a discussion I already had in a SUSE-IT's team meeting. Please
be aware that NONE of the things I describe below have actually been
implemented yet, so everything is up for discussion. I would like to start
implementing them soon though, so I'll give the topic a deadline of three weeks
(until the next team meeting, 5th of March).
FQDN form proposal: $unique_ID.$location.$purpose.opensuse.org
### unique_ID
This is a unique name for every machine. When one name is used, it can NEVER be
reused. Thus, we will need to list them somewhere (at the progress
opensuse-admin-wiki for example) (both the current and the deprecated ones)
Proposals for the unique ID:
1) pattern like vmXY (X and Y being increasing numbers)
2) the cartoon names we currently have
I would prefer:
- cartoon names for production instances
- vmXY or workerXY for CI/OBS workers
- whatever for testing instances, but not cartoon names
### location
This can be the country code, or city name. I would prefer the country code
### purpose
This could be:
- infra or prod for production instances (I prefer infra)
- test for testing instances
- worker for workers
Examples on how our instances' FQDNs will look like:
ariel.de.infra.opensuse.orgdonald.de.infra.opensuse.orggoofy.cz.infra.opensuse.orgdaisy.us.infra.opensuse.orgmediawiki.de.test.opensuse.orgsalt1.us.test.opensuse.orghttps://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Naming_patt…
--
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
System Administrator
SUSE Operations and Services Team
Greetings guys! My name is Nikos and I am currently an undergraduate
student in Computer Science. I have been contributing to the project
for almost 2 years now but not in the infrastructure. I really don't
know which task is suitable for me but i really want to help out and
learn as much as i can at the same time. I code in python and am
mostly focused on the security field but i can take up any task as as
long as i have a bit of guidance. You know what they say: start form
the bottom :)
Cheers
Nikos Mantas
--
Nick Mantas
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hello,
I uploaded meeting logs from the last meetings, but I didn't write summaries.
You can find them in the progress wiki, but maybe it would be a good idea to
move them to en.opensuse.org? Our meetings are public either way, and people
could benefit from reading our summaries etc. Opinions?
https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Meetings
--
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
System Administrator
SUSE Operations and Services Team
Hello,
just fyi, I sent a mail to the security team to monitor openSUSE:infrastructure
and its subprojects. I'll let you know about the results of the discussion
--
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
System Administrator
SUSE Operations and Services Team
Hi
Today I got an emergency call from our security team: their mailing
list was "spammed" from a bot (aka ticket system) - as the ticket
system address (which looks it was in CC of one Email to the list)
generated an Email to the list - getting an answer from mlmmj that it
is not subscribed, which generated a new ticket with an automated
answer, which was answered by mlmmj... (I think you got the loop)
As result, I created /etc/postfix/sender_access with :
$EMAIL DROP
inside, did "postmap /etc/postfix/sender_access" and
adapted /etc/postfix/main.cf :
smtpd_recipient_restrictions = [...],check_sender_access
hash:/etc/postfix/sender_access
For the moment, this seems to successful break the loop, but as I'm
neither the maintainer of the system nor sure that this is a
good/stable solution, I hope that I simply did not break too much...
Feel free to adjust/remove/whatever with the above information. Maybe
someone has already a better idea...?
with kind regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi
As I had some topics in mind for our next meeting, that I don't want to
forget, I started to think about where to save them...
Other teams have some information about their meetings in the wiki - so
I started to setup https://en.opensuse.org/openSUSE:Heroes/Meetings
...but during that, I felt that it might be also a good idea to use our
admin tool also to collect the topics and provide a schedule - so I
ended up with:
https://progress.opensuse.org/projects/opensuse-admin/issues?query_id=36
which is a custom query containing only issues reported in the Redmine
Category "Event". My idea is to use this Category maybe also for
Conferences and other stuff later.
Using:
https://progress.opensuse.org/projects/opensuse-admin/issues/calendar?query…
should provide you with an overview of upcoming events. One problem
might be that I did not find a way to include the time in the calendar,
so I used the summary for it. But I hope this is a not so problematic
issue for now.
Instead of putting the topics in the description, I hope it's a good
idea using a checklist instead (as everybody can easily add a checklist
entry that will then be added in the top) - but we can also change
this.
What do you think?
Would that work also for you - and help to organize our meeting?
with kind regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Dear openSUSE Mirror Hosts,
Thank you for your continued hosting of openSUSE Mirrors.
While recently resolving an issue with rsync.opensuse.org we realised that a significant number of you are
using rsync.opensuse.org as your content source.
rsync.opensuse.org is meant to be a publicly available mirror host, but as registered hosts on this mailing
list, you are entitled to use stage.opensuse.org, our dedicated mirror host for you.
This server not only provides access to pre-release content, but is the authoritative source for all openSUSE
content, including rsync.opensuse.org.
As registered mirrors, please configure your sync cronjobs to use stage.opensuse.org instead of
rsync.opensuse.org.
This is particularly important for mirrors hosting openSUSE Tumbleweed (formerly known as Factory) which has a
higher rate of change.
While I'm mentioning Tumbleweed, if you are hosting a Tumbleweed mirror, please consider ensuring your sync
cronjobs run more often than once every 24 hours.
Also, if you are not running a Tumbleweed mirror, please consider altering your configuration to do so.
Tumbleweed is more and more a key offering of the openSUSE Project and we really could benefit from more
Tumbleweed mirrors.
Compared to the "opensuse-full" module the addition of Tumbleweed will take approximately 60GB more disk space
with an estimated rate of change of ~5GB per day (with a 'worst-case' rate of change being 60GB which occurs
once or twice a year).
You can achieve this by altering your sync cronjob to use the "opensuse-full-with-factory" rsync module.
This request is part of an ongoing program of improvements including increased bandwidth for
stage.opensuse.org expected on 1st March (doubling) & 1st June (4x more, 8x current)
If you are experiencing problems with stage.opensuse.org performance, please let us know, especially after the
above dates.
Your ongoing feedback & support will help us shape and tune these improvements as we go forward.
Many Thanks,
--
Richard Brown
openSUSE Chairman
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi @ll
I just want to give a short update of the tasks I'm aware of and we
discussed during our Christmas meeting:
* The FreeIPA machine is up and running now - but currently only
reachable via the internal network between the machines in Nuremberg
(and we need to make an exception for each machine who wants to have
access via firewall rules). So we might be able to switch to a separated
LDAP authentication for all services (like Gitlab, Monitoring, Status
page, ...) in a few days. => THANKS to darix for his work on this!
* I was thinking about the Monitoring part for a while, and came to the
conclusion that providing one of the standard monitoring pages to our
users might not really be useful for them. So I searched for an
alternative and found https://cachethq.io/ - an open source status page
system that would allow us to inform our users via personal written
notifications, schedule maintenance windows and use an API to automate
this. Our users might also benefit from an RSS and Atom feed and can
subscribe via Email to services they are interested in. I'm currently
working on an initial RPM package in my home and started to play along
with the application.
* I did not process much in the monitoring area, as I was too busy with
other tasks - but at least we have a running VM now that can be used to
setup monitoring of the machines running in Nuremberg (volunteers?).
And a final question: while I wrote the first two articles of our
Christmas meeting on news.opensuse.org, I'm currently not sure if I
should also write the final one or if someone else wanted to do this?
For me it is important to have such a final article as we discussed
about the next steps and their priorities just on the 3rd day - but I'm
fine with waiting if someone else just did not find the time to do it.
:-)
With kind regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hello,
I added support for package installation in salt. Right now I added
aaa_base-extras in pillar/common.sls that will be installed in all machines.
Assuming we have a proper role grain in a machine set up, we can add packages
under pillar/role/$role.sls as well to get it installed on a specific role as
well. There is support also for installing packages from a specific repository
via the fromrepo attribute, eg
zypper:
packages:
nrpe:
fromrepo: openSUSE:infrastructure
Let me know if you need further info or if you have further ideas
--
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
System Administrator
SUSE Operations and Services Team