communication #113369
closed2022-08-04 18:00 UTC: openSUSE Heroes meeting August 2022
100%
Description
Where: https://meet.opensuse.org/heroes
When: 2022-08-04 18:00 UTC / 20:00 CEST
Who: The openSUSE Heroes team and everybody else!
Topics
see/use checklist
Checklist
- Questions and answers from the community
- status reports about everything
- review old tickets
- lrupp stepping back from openSUSE infrastructure
Updated by lrupp about 2 years ago
- Checklist item lrupp stepping back from openSUSE infrastructure added
DNS updated¶
https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/DNS is updated, covering the latest changes.
TL;DR: all (internal and external) heroes networks now have at least one dedicated DNS server.
JFYI: NTP problems¶
ntp1.opensuse.org and ntp2.opensuse.org lately got hit by a heatwave. Meanwhile, they are back online.
Monitoring¶
We are back to "just" Update service problems. Which keeps us with:
- 89 machines
- 1859 services
New haproxy setup at IPX¶
We've now ipx-proxy1.infra.opensuse.org up and running, providing the same services as anna/elsa.
- dehydrated is adjusted (SSL certificates should be deployed automatically)
- haproxy configurations on anna/elsa and ipx-proxy1 are identical
- bind is up and running (configuration identical with provo-proxy, anna & elsa)
New narwal setup at IPX¶
We've now ipx-narwal1.infra.opensuse.org (alias narwal1.infra.opensuse.org) up and running, providing the same services as narwal{4-7}.infra.opensuse.org
- nginx is up and running
- sync from narwal5 is tested (script adjusted)
narwal4.infra.opensuse.org nginx config was broken - restored.
Distribution status¶
1x CentOS Stream 8¶
EOL: December 31st, 2021
freeipa2.infra.opensuse.org - unused machine?
1x openSUSE Leap 15.2¶
EOL: January 4, 2022
progress.infra.opensuse.org - progressoo.infra.opensuse.org exists as replacement. But the current redmine package does not build any longer on 15.4.
2x SUSE Linux Enterprise Server 12 SP5¶
EOL: June 30, 2023
- community.infra.opensuse.org
- forum.infra.opensuse.org
6x openSUSE Leap 15.3¶
EOL: end of November 2022
- riesling3.infra.opensuse.org
- riesling.infra.opensuse.org
- obsreview.infra.opensuse.org
- mailman3.infra.opensuse.org
- dale.infra.opensuse.org
- nuka.infra.opensuse.org
6x openSUSE Tumbleweed¶
- gitlab-runner1.infra.opensuse.org
- gitlab-runner2.infra.opensuse.org
- gcc-stats.infra.opensuse.org
- matrix.infra.opensuse.org
- chip.infra.opensuse.org
- mickey.infra.opensuse.org
70x openSUSE Leap 15.4¶
...all other...
New mirror sync¶
Aside from the push mirroring, rsync.o.o and provo-mirror.o.o now run regular sync jobs. This will hopefully keep our own 3 mirrors in sync, even if there are network problems or power cycles in between the push syncs.
As both mirrors provide currently enough space, there is no need to exclude files from the sync.
In the home of the 'mirror' user on each machine are now simple 'loop' (rsync) scripts (see /home/mirror/bin/ for details). These scripts hopefully split the >30TB of data into small enough chunks to get them synced in time.
A service called 'cscreend' is started during boot. This service runs as mirror user, starting screen with multiple sessions in it. Each session is executing one of the loop-scripts. Most scripts include a short (random) break after each run, to allow stage.o.o to 'cool down' a bit.
Logfiles are provided in /var/log/screen/ on each machine.
If you want to "see" the current sync:
- Log in on the server
- Become user 'model's
- Execute
screen -x
to attach to the multi-screen - Press [Control]-A + [shift]-" to get a list of running sessions
- Use arrow keys + [enter] to select the interesting one (all have speaking names)
- Use [Control]-A + d to leave the screen again
openVAS¶
As it became a ticket lately - yes, we run an internal openVAS scanner since a while, to detect security issues - hopefully before any hacker detect and misuses them.
The machine doing this is called kali.infra.opensuse.org.
From time to time, SUSE-IT Security is also running security scans against the outside/public perimeter of the openSUSE infrastructure. They are using Qualys for this.
Combining the reports of both Vulnerability-Scanners provides a good overview of the security state of our openSUSE infrastructure.
Updated by lrupp about 2 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Updated by lrupp about 2 years ago
- Checklist item Questions and answers from the community set to Done
- Checklist item status reports about everything set to Done
- Checklist item review old tickets set to Done
- Checklist item lrupp stepping back from openSUSE infrastructure set to Done