Wednesday, July 28, 2021
Attendees: Adam, Aaron, Cody, Heather, Michael
Updates since last time
- Terraform pipeline now runs only to validate stage on all branches
- Only the main branch gets deploy, Ansible stages
- Destroy stage completely blocked out for now
- Destroy stage will be test branch only to prevent Accidents™
- FreeIPA planning work
- Heather has made more progress on integrating Let’s Encrypt into FreeIPA
- Once we have a VM for her (AAAAAAAAAAAAAAAAAAAAAAAAAA) she can get started
- Jira is linked to the repo lol
- The magfest organization in GitHub is linked to the MAGFest Jira, so integrations using Jira issue tags already work
Things we want done for next time
- Turn main branch into the testing branch
- Need to identify a subnet for the test environment
- A separate production branch will be created for the actual deployment using the current production subnet
- Find a usable /20 or /19, allocate /24s to branches as needed
- VLAN 22~ is production, keep that VLAN for test as well
- (ab)use GitLab CI settings to keep the subnet in an environment variable then feed that into Terraform
- First 3 octets in variable, last octet concatenated on in Terraform
- “Super” branch gets the production subnet/VLAN 22
- Every other branch gets the test subnet
- Test branches should be domain name safe
- If you tag a branch with Jira issue codes, Jira will automatically pick it up
- Begin Ansible deployment
- With a testing branch, we can begin copying over things from Salt into Ansible roles etc., then blindly deploy until it looks good, then deploy over top of the existing infrastructure.
- During normal deployment, Ansible should run from the GitLab runner via the CI pipeline integration.
- DNS verification for Let’s Encrypt
- Need DNS based verification for CertBot to generate certs for FreeIPA and whatever else we want
- Rob Scullin may have already done this for magevent.net at least once?
- FreeIPA progress
- Once Heather has a VM (see below) she’ll be able to progress with FreeIPA setup
- Will need a list of usernames for current TechOps staff
- I STILL OWE HEATHER A VM AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAA
- General container host VM, also IPs and names for the FreeIPA containers themselves
- VM will need a secondary disk in Proxmox, provide Heather the mount point for said disk and ensure it’s backed up (~10Gb)
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- Jira task/epic reorganization
- We have things in Jira, but they were just kinda shotgunned in there so they could use an organization pass.
- Documentation
Problems