Wednesday, August 25th, 2021
Unfortunate Souls: Heather, Adam, Aaron, Michael, Rob Scialli
Updates since last time
- Multiple subnets in Terraform!
- Separate subnets for dev, main, etc. branches
- Ran into that bug again with the “VM not found” messages, not sure how to fix
- Investigate how Terraform do Ansible
- FreeIPA container deployed and working!
- FreeIPA, docker-1 added to DNS
- Hosts with DNS entries can be enrolled in domain
- Account list
- Send Heather a DM with username requested
- She will send back a temp passwd
- Everyone should be in the jira-techops group now
- This allows access to Confluence docs and Jira itself
Things we want done for next time - Sprint 2: 8/25 - 9/8
- Warehouse day date planning
- Jira organization
- Deploy additional pylons containers and VMs - NEEDS TICKET(S)?
- Identify list of core guests to be present in Terraform
- Stub out hosts
- Hosts:
- DNS
- NTP (already done?)
- DHCP
- Loghost (already defined)
- TFTP
- Other stuff I’m not thinking of
- DNS management via Ansible - TOPS-77
- Migrate host list from legacy Salt DNS stuff
- Deploy two containers for DNS servers
- Also use this info to build /etc/hosts file for each guest
- Registrar transfer magevent.net DNS to Route53 - @rscullin - NEEDS TICKET? DONE. READ SLACK> https://magfest.slack.com/archives/C0270544JLQ/p1628887886066400?thread_ts=1628773345.043600&cid=C0270544JLQ
- Local/break-glass users - NEEDS TICKET?
- Backups - NEEDS TICKET?
- Ensure FreeIPA data is getting backed up to the Synology
- Figure out off-site replication to Backblaze or whatever - TOPS-94
- Not getting backup emails anymore…
- Move notes to Confluence
- Copy these notes there as well
- Page per meeting date
- OTP auth in FreeIPA - NEEDS TICKET
- Low/wishlist priority
- Will happen after we have things to auth into
- Is it possible to do OTP/2 factor for the FreeIPA GUI?
- Existing OTP support is for ALL of FreeIPA
- How granular is OTP?
- Do we require passwords for sudoers?
- Yes for passwords, maybe for OTP?
- Ansible execution - TOPS-102
- Cron lol
- More specifically, scheduled GitLab runner tasks
- Every 30 minutes
- Prevent auto Ansible runs?
- Touch something like /dontrunansible
- Playbook looks for that file and errors out if present
- Ansible logging errors dumping into like Slack enforces not abusing that mechanism
Problems