Wednesday, July 28, 2021

Attendees: Adam, Aaron, Cody, Heather, Michael

Updates since last time

• Terraform pipeline now runs only to validate stage on all branches
  • Only the main branch gets deploy, Ansible stages
  • Destroy stage completely blocked out for now
    • Destroy stage will be test branch only to prevent Accidents™
• FreeIPA planning work
  • Heather has made more progress on integrating Let’s Encrypt into FreeIPA
  • Once we have a VM for her (AAAAAAAAAAAAAAAAAAAAAAAAAA) she can get started
• Jira is linked to the repo lol
  • The magfest organization in GitHub is linked to the MAGFest Jira, so integrations using Jira issue tags already work

Things we want done for next time

• Turn main branch into the testing branch
  • Need to identify a subnet for the test environment
  • A separate production branch will be created for the actual deployment using the current production subnet
    • Find a usable /20 or /19, allocate /24s to branches as needed
    • VLAN 22~ is production, keep that VLAN for test as well
    • (ab)use GitLab CI settings to keep the subnet in an environment variable then feed that into Terraform
      • First 3 octets in variable, last octet concatenated on in Terraform
    • “Super” branch gets the production subnet/VLAN 22
    • Every other branch gets the test subnet
  • Test branches should be domain name safe
    • If you tag a branch with Jira issue codes, Jira will automatically pick it up
• Begin Ansible deployment
  • With a testing branch, we can begin copying over things from Salt into Ansible roles etc., then blindly deploy until it looks good, then deploy over top of the existing infrastructure.
  • During normal deployment, Ansible should run from the GitLab runner via the CI pipeline integration.
• DNS verification for Let’s Encrypt
  • Need DNS based verification for CertBot to generate certs for FreeIPA and whatever else we want
  • Rob Scullin may have already done this for magevent.net at least once?
    • Gandi.net, has CertBot API capabilities
• FreeIPA progress
  • Once Heather has a VM (see below) she’ll be able to progress with FreeIPA setup
  • Will need a list of usernames for current TechOps staff
  • I STILL OWE HEATHER A VM AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  • AAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAA
  • General container host VM, also IPs and names for the FreeIPA containers themselves
  • VM will need a secondary disk in Proxmox, provide Heather the mount point for said disk and ensure it’s backed up (~10Gb)
  • AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
• Jira task/epic reorganization
  • We have things in Jira, but they were just kinda shotgunned in there so they could use an organization pass.
• Documentation
  • https://docs.magfest.net/display/TOPS/BRIDGES
  • Add everyone not present to the jira-techops group, probably by asking #office
    • Ev, Heather, Aaron, Mike

Problems

• TOCUMENTATION