Wednesday, September 22, 2021
Unwilling Hostages: Heather, Rob Scialli, Aaron, Cody, Adam, Mike, Rob Scullin
Updates since last time
- DNS merged
- Services matrix
- TOPS-104: GitLab exploded
Things we want done for next time - Sprint 4: 9/22 - 10/6
- Drives for Proxmox/Ceph
- 3 of one brand/line, one of another
- All 1TB
- Also not hosting Uber
- Service request form/pipeline/methodology - TOPS-83
- Google Forms lol
- Jira can also do data collection via forms
- Figure out what we need to ask for
- Docker vs Proxmox - docker is special
- HARD DUE DATE: Wednesday, October 6
- Need to have this on the TechOPS request form/presentation
- We can have a checkbox for “I’m interested in hosting”
- We need a code-to-deployment walkthrough for MAGCon
- Jira organization
- Windows laptop imaging - TOPS-99
- Models
- Dell Latitude E6420 - Linux
- Lenovo Thinkpad T420 - Windows
- Windows imaging automation
- Designate a couple laptops as build agents to build the core image
- Yoink that image for deployment to the other laptops
- Licensing concerns - TechSoup has increased prices for Win10 Pro Upgrade ($27)
- Ansible execution - TOPS-102
- We need integration into Terraform to proceed with deployment
- Ansible runs on the GitLab runner need set up
- Currently using Task...something (Taskfile?) (Go version of make)
- Task not used for Terraform bits, just for manual runs
- Need a root-level playbook for main deployment
- May need a helper script to generate the host file as well
- Use the existing variables for subnets
- Also need regular runs for deploying changes on existing hosts
- Cron lol
- More specifically, scheduled GitLab runner tasks
- Every 30 minutes
- Prevent auto Ansible runs?
- Touch something like /panic
- Playbook looks for that file and errors out if present
- Ansible logging errors dumping into like Slack enforces not abusing that mechanism
- Deploy additional pylons containers and VMs - NEEDS TICKET(S)?
- Do we want IP management? - TOPS-110
- Options
- Might help create a node registry for Terraform/Ansible
- Local/break-glass users - NEEDS TICKET?
- Password/shared cred/secret management?
- Bitwarden?
- Mozilla SOPS?
- Lives in repo, could live in existing Bridges repo
- Can replace Vault entirely
- No more shared Vault password
- AWS/Google key management for backup access keyset
- We’re kind of abusing Ansible Vault too…