Hello, thanks for all the status reports, and the work you did in the last weeks! Am Sonntag, 5. Januar 2020, 22:41:32 CET schrieb Lars Vogdt:
We have currently the following machines running in Provo:
192.168.67.5 narwal4 (static.o.o in Provo)
This is probably/AFAIK an "old" narwal, setup manually, and used during the planned NBG power outage ~2 years ago. If we want to have an instance of static.o.o (as hot standby?) running in Provo, it would be a good idea to replace narwal4 with a fully salted VM. Besides the VM setup, this means maybe two minutes to add it in salt, and then running the highstate. Updating and adjusting narwal4 would need much more time. Note that you'll also need to run a highstate on narwal5 so that the rsync'ing includes the new narwal in Provo.
#192.168.67.9 water2 (wiki - shut down) #192.168.67.10 riesling2 (wiki - shut down)
IMHO you can delete the water2 (elasticsearch) and riesling2 (Apache + MediaWiki) VMs. They are a leftover from the planned power outage ~2 years ago, and terribly outdated.
I setup provo-gate as gateway now (running VPN tunnel to Nuremberg via scar), which allows all Provo machines to reach machines in Nuremberg. Sadly, I did not find the time to establish the route back as well. This needs some adaptions on scar's firewall - and I need to read more about this (or better: find someone who volunteers to help) before this can go live.
At the risk of adding more work on top: Is scar still running SuSEfirewall? If so, would it make sense to switch to firewalld before doing more config changes for deprecated software? (I guess/hope that SuSEfirewall will stay in all 15.x releases, which makes this less urgent.)
While I was on it, I setup an additional machine named "provo-ns", which is currently empty (Leap 15.1 admin image only) and is waiting to get an external DNS server for the opensuse.org domain.
Is your plan for it to a) base it on the current setup (FreeIPA + chip.i.o.o) as a quick replacement for ns*.novell.com or b) do it right[tm] with the planned new DNS setup ? Regards, Christian Boltz -- there's clearly a balance between "octopus merges are fine" and "Christ, that's not an octopus, that's a Cthulhu merge". [Linus Torvalds in linux-kernel] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org