TheRealBro.github.io

openSUSE Heroes offsite meeting minutes

Where: SUSE Event Area, SUSE HQ, Nuremberg, Germany, Earth, Solar System, Milky Way, Universe

When: 2018-03-03 / Day 1/2

Who:

• all-time:
  • Christian Boltz
  • Christian Müller
  • Per Jessen
  • Sarah Julia Kriesch
  • Theo Chatzimichos
  • Thorsten Bro
• part-time:
  • Bernhard Wiedemann
  • Richard Brown

Day 1 - Saturday - 2018-03-03

Coordinator

• We need to organize ourselves a bit different, with the loss of Lars.
• In general we don’t want to have the role of “the Coordinator”, as it is not really clear what the responsibilites should/would be
• We need people who take-over responsibility for several tasks, but we want to organize ourselves managed by our ticket system
• For special purposes - we can define single responsibilities for tasks, e.g.:
  • Organize off-site or other events [choose per event in Heroes Meeting]
  • Talk / coordinate with Release Management and Board [Per Jessen]
  • Hardware / Budget / Sponsoring [Thorsten Bro]
  • Interface-Function to SUSE-IT / MF-IT and SUSE-people in general [Theo Chatzimichos]
  • Heroes security (Sticking to coorporate SUSE / MF guidelines for security certification) [Christian Müller]
  • Onboarding / Guidance of new openSUSE Heroes (Help needed! Ask Theo!) [Theo Chatzimichos, Christian Müller]
    • We need an onboarding wiki page [Theo Chatzimichos]
  • In the Heroes meeting - Check the oldest tickets every month - to not loose track [everybody]

openVPN / Bridging network - Provo / Nuremberg

• PRV <—> NUE - ToDo:
  • Setup transfer network [rwawrig, cmueller]
  • Setup VPN in Provo [tchatzimichos]
  • HA-setup of scar + scarface [mcaj]
  • Add separate gateway machines in Provo/Nuremberg to do routing (not on scar which is facing external) [tchatzimichos, mcaj]
  • FreeIPA Master to Master setup (Provo / Nuremberg) [?]
  • Master-to-Master setup DB? [?]

Board topics

• Boards wants us to be more public - actually putting our SALT / Documentation on public pages
  • The onboarding process should be a starting point, to see which things we can document public and publish to the outside world
  • SALT states (w/o pillars) will go public
  • Documentation is up to everybody, to make it more public on its own extent
• connect.o.o should be replaced in future - this is a long-term ToDo for the next year
  • check possibility of moving those extra DB-fields into eDirectory directly
• Start communication with Heinlein regarding pushing out mailservice, based on results of connect/eDirectory project

SLE 11 / Leap 15 - migration of old SLE 11 hosts / migration to Leap 15 of Leap 42.3 hosts

SLE 11 hosts upgrade to 42.3

• (XX) progress.o.o [tchatzimichos]
• (X) connect.o.o (boosters) - WAIT for more info
  • create disconnect.o.o to disconnect the openSUSE TSP web service from connect.o.o machine / dependencies
• (~)old mysql
  • Wiki-DB [cboltz, tbro] - Move Wiki-DB, Add MySQL-User-Handling to Salt
• (EASY)old postgresql [tchatzimichos]
• (EASY)narwal - servers (static.o.o, studio express, more) [tbro] -> Move to Leap15 beta
• (X)icc.o.o [tbro] (ask Kai about migration)
• (X)conference.o.o [Henne and OSEM maintainers]
• (X)community (irc-bot, some websites, maybe more stuff, etc.) [tchatzimichos]
  • tickets are there to be done: find out if stuff can be moved to static.o.o or needs a new machine
  • IRC-BOT (bugbot) - tchatzimichos will ask Henne about this
• (EASY)osc-collab [mcaj]

Leap 15

Testing Leap 15 BETA

• Kiwi - Images for Leap 15 [tbro, cboltz]
• Salt - Leap 15 Repos [cboltz, bmwiedemann]
• Below tasks are blocked by the above:
  • static.o.o (narwal) move to Leap 15 beta [tbro, see above]
  • osc-collab to Leap 15 beta [mcaj, see above]
• community static pages and bugbot to Leap 15 [tchatzimichos]

After the Leap 15 GM Release

• salt-master [tchatzimichos]
• All other web services [all heroes]
• Move mlmmj to mailman with testing first ;) [pjessen]

Mirrors / Database clusters

Mirrors

• pontifex2.i.o.o in NUE
• pontifex.i.o.o (rename the machine) [tchatzimichos]
• shutdown pontifex3 and be on alert if something breaks (old SLE11) [tchatzimichos]
• fix current mirroring setup
  • fix reverse-DNS for all pontifex machines [mcaj, pjessen, tchatzimichos]
  • do documentation of whole mirroring setup [mcaj, pjessen, tchatzimichos]
  • fix monitoring of mirroring [mcaj, pjessen, tchatzimichos]
• work on mirrors as onboarding setup
  • add mirroring servers to salt
• Widehat tasks
  • widehat maybe out of date
  • replace widehat with new sponsor [tbro]
  • put widehat to infra.o.o VPN (client) [tchatzimichos]
• ask Ludwig about his publishing scripts
• reply fast with a “stock message” to mirroring requests (generic for other simple customer requests)

General advice

Subscribe to admin-auto@o.o mailing list with your account

make you machines / services (root-accounts) sending mails to the above mentioned list

Salt / Automation

• More configs / services
  • Formulas preferred
  • Static files / templates acceptable
• salt-master vs. monitoring machine lists are deviating
  • monitoring client configs should go to the “base” role so that all machines get basic monitoring
  • We need the packages / configs / services / NRPE / check_mk / etc.
  • Check the “deploy CM” doc and see what can be automated
• Webpage git repo -> push -> CI -> Reactor -> git pull on minion
  • GitHub repos cannot access gitlab-ci [bmwiedemann ask jdsn about mirroring git]
• Encrypted GPG Pillars
  • documentation [tchatzichmichos]
  • Missing script to re-encrypt all GPG pillars
• new services should always be configured with Salt!
• master in Provo (syndic)