Project

General

Profile

Actions

communication #113369

closed

2022-08-04 18:00 UTC: openSUSE Heroes meeting August 2022

Added by cboltz over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Event
Target version:
-
Start date:
2022-07-07
Due date:
% Done:

100%

Estimated time:

Description

Where: https://meet.opensuse.org/heroes
When: 2022-08-04 18:00 UTC / 20:00 CEST
Who: The openSUSE Heroes team and everybody else!

Topics
see/use checklist


Checklist

  • Questions and answers from the community
  • status reports about everything
  • review old tickets
  • lrupp stepping back from openSUSE infrastructure
Actions #1

Updated by cboltz over 2 years ago

  • Private changed from Yes to No
Actions #2

Updated by lrupp about 2 years ago

  • Checklist item lrupp stepping back from openSUSE infrastructure added

DNS updated

https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/DNS is updated, covering the latest changes.

TL;DR: all (internal and external) heroes networks now have at least one dedicated DNS server.

JFYI: NTP problems

ntp1.opensuse.org and ntp2.opensuse.org lately got hit by a heatwave. Meanwhile, they are back online.

Monitoring

We are back to "just" Update service problems. Which keeps us with:

  • 89 machines
  • 1859 services

New haproxy setup at IPX

We've now ipx-proxy1.infra.opensuse.org up and running, providing the same services as anna/elsa.

  • dehydrated is adjusted (SSL certificates should be deployed automatically)
  • haproxy configurations on anna/elsa and ipx-proxy1 are identical
  • bind is up and running (configuration identical with provo-proxy, anna & elsa)

New narwal setup at IPX

We've now ipx-narwal1.infra.opensuse.org (alias narwal1.infra.opensuse.org) up and running, providing the same services as narwal{4-7}.infra.opensuse.org

  • nginx is up and running
  • sync from narwal5 is tested (script adjusted)

narwal4.infra.opensuse.org nginx config was broken - restored.

Distribution status

1x CentOS Stream 8

EOL: December 31st, 2021

freeipa2.infra.opensuse.org - unused machine?

1x openSUSE Leap 15.2

EOL: January 4, 2022

progress.infra.opensuse.org - progressoo.infra.opensuse.org exists as replacement. But the current redmine package does not build any longer on 15.4.

2x SUSE Linux Enterprise Server 12 SP5

EOL: June 30, 2023

  • community.infra.opensuse.org
  • forum.infra.opensuse.org

6x openSUSE Leap 15.3

EOL: end of November 2022

  1. riesling3.infra.opensuse.org
  2. riesling.infra.opensuse.org
  3. obsreview.infra.opensuse.org
  4. mailman3.infra.opensuse.org
  5. dale.infra.opensuse.org
  6. nuka.infra.opensuse.org

6x openSUSE Tumbleweed

  1. gitlab-runner1.infra.opensuse.org
  2. gitlab-runner2.infra.opensuse.org
  3. gcc-stats.infra.opensuse.org
  4. matrix.infra.opensuse.org
  5. chip.infra.opensuse.org
  6. mickey.infra.opensuse.org

70x openSUSE Leap 15.4

...all other...

New mirror sync

Aside from the push mirroring, rsync.o.o and provo-mirror.o.o now run regular sync jobs. This will hopefully keep our own 3 mirrors in sync, even if there are network problems or power cycles in between the push syncs.

As both mirrors provide currently enough space, there is no need to exclude files from the sync.

In the home of the 'mirror' user on each machine are now simple 'loop' (rsync) scripts (see /home/mirror/bin/ for details). These scripts hopefully split the >30TB of data into small enough chunks to get them synced in time.

A service called 'cscreend' is started during boot. This service runs as mirror user, starting screen with multiple sessions in it. Each session is executing one of the loop-scripts. Most scripts include a short (random) break after each run, to allow stage.o.o to 'cool down' a bit.

Logfiles are provided in /var/log/screen/ on each machine.

If you want to "see" the current sync:

  • Log in on the server
  • Become user 'model's
  • Execute screen -x to attach to the multi-screen
  • Press [Control]-A + [shift]-" to get a list of running sessions
  • Use arrow keys + [enter] to select the interesting one (all have speaking names)
  • Use [Control]-A + d to leave the screen again

openVAS

As it became a ticket lately - yes, we run an internal openVAS scanner since a while, to detect security issues - hopefully before any hacker detect and misuses them.

The machine doing this is called kali.infra.opensuse.org.

From time to time, SUSE-IT Security is also running security scans against the outside/public perimeter of the openSUSE infrastructure. They are using Qualys for this.

Combining the reports of both Vulnerability-Scanners provides a good overview of the security state of our openSUSE infrastructure.

Actions #3

Updated by lrupp about 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
Actions #4

Updated by lrupp about 2 years ago

  • Checklist item Questions and answers from the community set to Done
  • Checklist item status reports about everything set to Done
  • Checklist item review old tickets set to Done
  • Checklist item lrupp stepping back from openSUSE infrastructure set to Done
Actions

Also available in: Atom PDF