Project

General

Profile

communication #113369

2022-08-04 18:00 UTC: openSUSE Heroes meeting August 2022

Added by cboltz about 1 month ago. Updated 13 days ago.

Status:
Closed
Priority:
Normal
Assignee:
opensuse-admin
Category:
Event
Target version:
-
Start date:
2022-07-07
Due date:
% Done:

100%

Estimated time:

Description

Where: https://meet.opensuse.org/heroes
When: 2022-08-04 18:00 UTC / 20:00 CEST
Who: The openSUSE Heroes team and everybody else!

Topics
see/use checklist


Checklist

  • Questions and answers from the community
  • status reports about everything
  • review old tickets
  • lrupp stepping back from openSUSE infrastructure

History

#1 Updated by cboltz about 1 month ago

  • Private changed from Yes to No

#2 Updated by lrupp 14 days ago

  • Checklist item lrupp stepping back from openSUSE infrastructure added

DNS updated

https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/DNS is updated, covering the latest changes.

TL;DR: all (internal and external) heroes networks now have at least one dedicated DNS server.

JFYI: NTP problems

ntp1.opensuse.org and ntp2.opensuse.org lately got hit by a heatwave. Meanwhile, they are back online.

Monitoring

We are back to "just" Update service problems. Which keeps us with:

  • 89 machines
  • 1859 services

New haproxy setup at IPX

We've now ipx-proxy1.infra.opensuse.org up and running, providing the same services as anna/elsa.

  • dehydrated is adjusted (SSL certificates should be deployed automatically)
  • haproxy configurations on anna/elsa and ipx-proxy1 are identical
  • bind is up and running (configuration identical with provo-proxy, anna & elsa)

New narwal setup at IPX

We've now ipx-narwal1.infra.opensuse.org (alias narwal1.infra.opensuse.org) up and running, providing the same services as narwal{4-7}.infra.opensuse.org

  • nginx is up and running
  • sync from narwal5 is tested (script adjusted)

narwal4.infra.opensuse.org nginx config was broken - restored.

Distribution status

1x CentOS Stream 8

EOL: December 31st, 2021

freeipa2.infra.opensuse.org - unused machine?

1x openSUSE Leap 15.2

EOL: January 4, 2022

progress.infra.opensuse.org - progressoo.infra.opensuse.org exists as replacement. But the current redmine package does not build any longer on 15.4.

2x SUSE Linux Enterprise Server 12 SP5

EOL: June 30, 2023

  • community.infra.opensuse.org
  • forum.infra.opensuse.org

6x openSUSE Leap 15.3

EOL: end of November 2022

  1. riesling3.infra.opensuse.org
  2. riesling.infra.opensuse.org
  3. obsreview.infra.opensuse.org
  4. mailman3.infra.opensuse.org
  5. dale.infra.opensuse.org
  6. nuka.infra.opensuse.org

6x openSUSE Tumbleweed

  1. gitlab-runner1.infra.opensuse.org
  2. gitlab-runner2.infra.opensuse.org
  3. gcc-stats.infra.opensuse.org
  4. matrix.infra.opensuse.org
  5. chip.infra.opensuse.org
  6. mickey.infra.opensuse.org

70x openSUSE Leap 15.4

...all other...

New mirror sync

Aside from the push mirroring, rsync.o.o and provo-mirror.o.o now run regular sync jobs. This will hopefully keep our own 3 mirrors in sync, even if there are network problems or power cycles in between the push syncs.

As both mirrors provide currently enough space, there is no need to exclude files from the sync.

In the home of the 'mirror' user on each machine are now simple 'loop' (rsync) scripts (see /home/mirror/bin/ for details). These scripts hopefully split the >30TB of data into small enough chunks to get them synced in time.

A service called 'cscreend' is started during boot. This service runs as mirror user, starting screen with multiple sessions in it. Each session is executing one of the loop-scripts. Most scripts include a short (random) break after each run, to allow stage.o.o to 'cool down' a bit.

Logfiles are provided in /var/log/screen/ on each machine.

If you want to "see" the current sync:

  • Log in on the server
  • Become user 'model's
  • Execute screen -x to attach to the multi-screen
  • Press [Control]-A + [shift]-" to get a list of running sessions
  • Use arrow keys + [enter] to select the interesting one (all have speaking names)
  • Use [Control]-A + d to leave the screen again

openVAS

As it became a ticket lately - yes, we run an internal openVAS scanner since a while, to detect security issues - hopefully before any hacker detect and misuses them.

The machine doing this is called kali.infra.opensuse.org.

From time to time, SUSE-IT Security is also running security scans against the outside/public perimeter of the openSUSE infrastructure. They are using Qualys for this.

Combining the reports of both Vulnerability-Scanners provides a good overview of the security state of our openSUSE infrastructure.

#3 Updated by lrupp 13 days ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

#4 Updated by lrupp 13 days ago

  • Checklist item Questions and answers from the community set to Done
  • Checklist item status reports about everything set to Done
  • Checklist item review old tickets set to Done
  • Checklist item lrupp stepping back from openSUSE infrastructure set to Done

Also available in: Atom PDF