9-22-2021 | Notion

Wednesday, September 22, 2021

Unwilling Hostages: Heather, Rob Scialli, Aaron, Cody, Adam, Mike, Rob Scullin

Updates since last time

DNS merged
Services matrix
- https://docs.google.com/document/d/1VcQueVofGseRYGlMvd4NOT4xQH89RanHPY9LiT_EvfQ/edit
- Will use this information to make a spreadsheet to get legacy services claimed by owners
TOPS-104: GitLab exploded
- https://jira.magfest.net/browse/TOPS-104
- feex

Things we want done for next time - Sprint 4: 9/22 - 10/6

Drives for Proxmox/Ceph
- 3 of one brand/line, one of another
- All 1TB
- Also not hosting Uber
Service request form/pipeline/methodology - TOPS-83
- Google Forms lol
- Jira can also do data collection via forms
  - We’d feed this into Jira anyway lol
  - https://support.atlassian.com/jira-cloud-administration/docs/use-the-issue-collector/
- Figure out what we need to ask for
  - Docker vs Proxmox - docker is special
HARD DUE DATE: Wednesday, October 6
Need to have this on the TechOPS request form/presentation
We can have a checkbox for “I’m interested in hosting”
We need a code-to-deployment walkthrough for MAGCon
- Tl;dr: Ansible
Jira organization
- Some progress made, but room for more organization
- Aaron has taken over Jira organization
- Rough idea for a 3-tier organization https://www.atlassian.com/agile/project-management/epics-stories-themes
  - Initiative: Event (in this case Super 2022)
  - Epic: Component/category (network, compute, etc.)
  - Story/Task: Specific task
Windows laptop imaging - TOPS-99
- Models
  - Dell Latitude E6420 - Linux
  - Lenovo Thinkpad T420 - Windows
- Windows imaging automation
  - Designate a couple laptops as build agents to build the core image
  - Yoink that image for deployment to the other laptops
- Licensing concerns - TechSoup has increased prices for Win10 Pro Upgrade ($27)
Ansible execution - TOPS-102
- We need integration into Terraform to proceed with deployment
  - Ansible runs on the GitLab runner need set up
    - Currently using Task...something (Taskfile?) (Go version of make)
    - Task not used for Terraform bits, just for manual runs
  - Need a root-level playbook for main deployment
    - May need a helper script to generate the host file as well
    - Use the existing variables for subnets
- Also need regular runs for deploying changes on existing hosts
  - Cron lol
    - More specifically, scheduled GitLab runner tasks
    - Every 30 minutes
      - https://docs.gitlab.com/ee/ci/pipelines/schedules.html
  - Prevent auto Ansible runs?
    - Touch something like /panic
    - Playbook looks for that file and errors out if present
    - Ansible logging errors dumping into like Slack enforces not abusing that mechanism
Deploy additional pylons containers and VMs - NEEDS TICKET(S)?
- Services matrix at https://docs.google.com/document/d/1VcQueVofGseRYGlMvd4NOT4xQH89RanHPY9LiT_EvfQ/edit
- Identify list of core guests to be present in Terraform - @yesrod
- Stub out hosts
  - Example: https://github.com/magfest/bridges/blob/main/terraform/lxc-dhcp.tf
- Hosts:
  - DNS (merged)
  - Loghost (already defined)
  - NTP (already done?)
    - https://github.com/magfest/bridges/issues/55
  - SMTP relay
  - DHCP
    - https://github.com/magfest/bridges/issues/5
  - TFTP
  - Other stuff I’m not thinking of
Do we want IP management? - TOPS-110
- Options
  - phpIPAM? VERBOTEN - rscullin
  - NetBox - https://netbox.readthedocs.io/en/stable/
    - Digital Ocean
    - Scullin tested, Scullin approved
    - Ansible plugin
  - Snipe-IT
- Might help create a node registry for Terraform/Ansible
Local/break-glass users - NEEDS TICKET?
- https://github.com/magfest/bridges/issues/17
Password/shared cred/secret management?
- Bitwarden?
- Mozilla SOPS?
  - Lives in repo, could live in existing Bridges repo
  - Can replace Vault entirely
  - No more shared Vault password
  - AWS/Google key management for backup access keyset
- We’re kind of abusing Ansible Vault too…