Hello, Am Dienstag, 6. Juli 2021, 23:27:55 CEST schrieb Lars Vogdt:
Sorry that I missed the meeting. I just forgot it...
You'll get an extra invitation next month ;-)
Here are my short notes (sorry, long day, just trying to make it short):
* DNSSec is enabled for opensuse.org domain since last weekend. Meanwhile also the caches should be purged and all DNS servers should provide valid responses. Please check, if we missed something...
I didn't do DNS queries to check, but... Nobody complained, and everything "just works", therefore you probably did a good job :-) [...]
* There is still some old stuff up and running, that we should shut down, if we follow our old policy (or should I better say: idea?): + users.o.o -> old ELGG instance + wiki.o.o -> old mediawiki instance + elections.o.o -> old helios instance
Any objections?
Yes ;-) (and I also know that two of these servers are on my TODO list for too long :-/ - I won't complain if someone wants to help upgrading them.)
* We could simply upgrade Redmine (aka progress.o.o) to the latest version, if we would not use these old, self-backed plugins. Some of them might be obsolete already, some not used - but others? Anyway: there is progress-test.o.o - a new machine running the new Redmine on an old DB dump. Authentication does not work (yet), as we might simply switch to one of the supported authentication mechanisms (and get rid of another, old plugin).
If a supported plugin works for us, I see no reason not to use it. Especially if it replaces something we'd have to maintain on our own.
Anyone interested to drive this?
Sorry, my TODO list is already full ;-) (Also, my Ruby knownledge is basically non-existing - I'm still surprised that my very first one-line patch fixed a problem instead of creating new ones.) However, if you are unsure if a specific plugin is still needed, I can probably answer that. [...]
* DNS management is meanwhile on chip: https://chip.infra.opensuse.org/ [...] Note 1: infra.opensuse.org is currently still on FreeIPA. Can be moved at any time. I'm just waiting for *your* go here.
IMHO you can move it so that we have everything in one place.
After that, everything DNS related is on chip.
Well, nearly ;-) The *.vpn.infra.o.o zones are still living on freeipa.i.o.o, and not available on chip. (Note: you'll probably need to update your script to create VPN users when moving these zones.) [...]
* There is a backup.infra.opensuse.org machine with 3T space, waiting to get filled by clients. Anyone who wants to suggest a good, open source, backup tool?
A backup tool? I guess the hard part is to suggest _one_ tool ;-) I'll try nevertheless... For mostly static content (like files uploaded to the wikis) I'd recommend rsnapshot. It's quite simple, "just works" and makes recovery easy. Ideally backup.i.o.o should _fetch_ the files from the (for example) wiki server so that old backups can't be damaged from/by the wiki server. (Technically, this can be a done with a ssh key which is restricted to reading files [1] or a read-only NFS export.) The major problem of rsnapshot is that it will need quite some disk space for content that changes every day (worst case: database dumps) because the only de-duplication it does are hardlinks to the previous backup if a file is unchanged. Speaking about backup - do we have enough disk space in Provo (and a good enough connection) to do backups there? That would be even better than having the backup in the same datacenter.
* I like to build some redundancy of machines running in Nuermberg in Provo and at our CoLo, to survive outages better in the future. Anyone, who wants to join this "project business continuity"?
I'll happily help with doing this for narwal* aka static.o.o - in theory, it will only need a few lines in salt so that the deploy script syncs to another server :-) IIRC the scripting behind the jekyll-based pages (news.o.o etc.) is prepared to deploy to multiple servers, so that also shouldn't be too hard. Regards, Christian Boltz [1] I have a read-only ssh root access on my laptop so that my backup server can login and fetch everything. This is done with a combination of ssh and AppArmor, details on request. -- <sarnold> I don't know how cboltz survives, everything he touches breaks into several pieces .. I fear for his car.. [from #apparmor]