Wednesday, August 25th, 2021

Unfortunate Souls: Heather, Adam, Aaron, Michael, Rob Scialli

Updates since last time

• Multiple subnets in Terraform!
  • Separate subnets for dev, main, etc. branches
  • Ran into that bug again with the “VM not found” messages, not sure how to fix
    • TOPS-106
  • Investigate how Terraform do Ansible
    • TOPS-102
• FreeIPA container deployed and working!
  • FreeIPA, docker-1 added to DNS
  • Hosts with DNS entries can be enrolled in domain
  • Account list
    • Send Heather a DM with username requested
    • She will send back a temp passwd
• Everyone should be in the jira-techops group now
  • This allows access to Confluence docs and Jira itself

Things we want done for next time - Sprint 2: 8/25 - 9/8

• Warehouse day date planning
  • Whentomeet https://www.when2meet.com/?12637176-fUqsw
    • 9/4
    • 9/11
    • 9/18
• Jira organization
  • I did not get to this previously - yesrod
  • Aaron has taken over Jira organization
  • Rough idea for a 3-tier organization https://www.atlassian.com/agile/project-management/epics-stories-themes
    • Initiative: Event (in this case Super 2022)
    • Epic: Component/category (network, compute, etc.)
    • Story/Task: Specific task
• Deploy additional pylons containers and VMs - NEEDS TICKET(S)?
  • Identify list of core guests to be present in Terraform
  • Stub out hosts
    • Example: https://github.com/magfest/bridges/blob/main/terraform/lxc-dhcp.tf
  • Hosts:
    • DNS
    • NTP (already done?)
      • https://github.com/magfest/bridges/issues/55
    • DHCP
      • https://github.com/magfest/bridges/issues/5
    • Loghost (already defined)
    • TFTP
  • Other stuff I’m not thinking of
• DNS management via Ansible - TOPS-77
  • Migrate host list from legacy Salt DNS stuff
  • Deploy two containers for DNS servers
  • Also use this info to build /etc/hosts file for each guest
    • https://github.com/magfest/bridges/issues/14
• Registrar transfer magevent.net DNS to Route53 - @rscullin - NEEDS TICKET? DONE. READ SLACK> https://magfest.slack.com/archives/C0270544JLQ/p1628887886066400?thread_ts=1628773345.043600&cid=C0270544JLQ
• Local/break-glass users - NEEDS TICKET?
  • https://github.com/magfest/bridges/issues/17
• Backups - NEEDS TICKET?
  • Ensure FreeIPA data is getting backed up to the Synology
  • Figure out off-site replication to Backblaze or whatever - TOPS-94
  • Not getting backup emails anymore…
• Move notes to Confluence
  • Copy these notes there as well
  • Page per meeting date
• OTP auth in FreeIPA - NEEDS TICKET
  • Low/wishlist priority
    • Will happen after we have things to auth into
  • Is it possible to do OTP/2 factor for the FreeIPA GUI?
    • Existing OTP support is for ALL of FreeIPA
    • How granular is OTP?
  • Do we require passwords for sudoers?
    • Yes for passwords, maybe for OTP?
• Ansible execution - TOPS-102
  • Cron lol
    • More specifically, scheduled GitLab runner tasks
    • Every 30 minutes
      • https://docs.gitlab.com/ee/ci/pipelines/schedules.html
  • Prevent auto Ansible runs?
    • Touch something like /dontrunansible
    • Playbook looks for that file and errors out if present
    • Ansible logging errors dumping into like Slack enforces not abusing that mechanism

Problems

• oh $DEITY i’m so tired