Am January 6, 2020 5:52:47 PM UTC schrieb Christian Boltz <opensuse@cboltz.de>:
If we want to have an instance of static.o.o (as hot standby?) running in Provo, it would be a good idea to replace narwal4 with a fully salted VM. Besides the VM setup, this means maybe two minutes to add it in salt, and then running the highstate. Updating and adjusting narwal4 would need much more time. Note that you'll also need to run a highstate on narwal5 so that the rsync'ing includes the new narwal in Provo.
Totally agree. We might wait until we have setup geo-based DNS: in this case, the static host in Provo would be preferred from clients in AMER region...
#192.168.67.9 water2 (wiki - shut down) #192.168.67.10 riesling2 (wiki - shut down)
IMHO you can delete the water2 (elasticsearch) and riesling2 (Apache + MediaWiki) VMs. They are a leftover from the planned power outage ~2 years ago, and terribly outdated.
Ok, fine with me. Thanks for confirming.
At the risk of adding more work on top: Is scar still running SuSEfirewall? If so, would it make sense to switch to firewalld before doing more config changes for deprecated software? (I guess/hope that SuSEfirewall will stay in all 15.x releases, which makes this less urgent.)
Yes and yes. Yes: scar run SuSEfirewall2 and yes: migrating all machines to firewalld makes sense.
While I was on it, I setup an additional machine named "provo-ns", which is currently empty (Leap 15.1 admin image only) and is waiting to get an external DNS server for the opensuse.org domain.
Is your plan for it to a) base it on the current setup (FreeIPA + chip.i.o.o) as a quick replacement for ns*.novell.com or b) do it right[tm] with the planned new DNS setup
While I would love to say: we have enough time for b), I currently want to go with a). But that should not really be a problem, as we can always replace the main DNS servers once we 'own' them. I mean: we can replace the servers running the main DNS and re-use their IP addresses for the replacements at any time. I just want to use the time window, where SUSE is happy to hand over the DNS (and Email stuff) to us, as I'm not sure when this window might close. Therefor: If nobody objects, I would setup simple bind servers and add them to chip as slaves for now. Once someone wants to replace them with powerdns or any other DNS server: fine with me. I just don't want to learn too much new stuff at the moment (I've enough in the list with the migration of the other services mentioned in the work reports :-) and want to use the situation as long as it exists. :-)) Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org