Page MenuHomeSoftware Heritage

olasd (Nicolas Dandrimont)
UserAdministrator

Projects (7)

User Details

User Since
Sep 7 2015, 3:25 PM (205 w, 5 d)
Roles
Administrator

Recent Activity

Wed, Aug 14

Herald added a reviewer for D1853: Add logging when escaping data fails in BaseDb.copy_to: Reviewers.
Wed, Aug 14, 3:44 PM

Thu, Jul 25

olasd accepted D1772: Fix author parsing on empty email/name..
Thu, Jul 25, 4:43 PM

Tue, Jul 23

olasd accepted D1766: Add Prometheus JMX exporter..

(you could probably revert the conf/cassandra.yaml bit)

Tue, Jul 23, 7:13 PM

Sat, Jul 20

olasd added a comment to T1925: Error: Cron <postgres@belvedere> /usr/local/bin/swh-postgres-backup-logs-nas.

The root cause is that uffizi:/srv/storage/space is full.

Sat, Jul 20, 9:05 PM · System administration
olasd committed rSPSITE1a24274b35e8: add /annex to uffizi backup excludes (authored by olasd).
add /annex to uffizi backup excludes
Sat, Jul 20, 2:10 PM

Jul 16 2019

olasd committed rSPSITE1032fea5f660: Exclude storage array tests from backups (authored by olasd).
Exclude storage array tests from backups
Jul 16 2019, 9:52 PM

Jul 12 2019

olasd committed rDSTOC043c57bf6d07: Drop useless dependency on swh.scheduler (authored by olasd).
Drop useless dependency on swh.scheduler
Jul 12 2019, 12:15 PM

Jul 11 2019

olasd committed rDLDNPM018a815deaf5: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 5:18 PM
olasd committed rCJSWH49e3da874dff: Add automatic buster backport to all packages (authored by olasd).
Add automatic buster backport to all packages
Jul 11 2019, 4:07 PM
olasd accepted D1725: cypress/Dockerfile: Remove invalid pip option.
Jul 11 2019, 3:43 PM
olasd accepted D1688: api/async: add support for content negotiation.
Jul 11 2019, 3:42 PM
olasd accepted D1724: Install missing pyarcanist tool.
Jul 11 2019, 3:22 PM
olasd accepted D1722: Fix errors in swh-cypress groovy script.
Jul 11 2019, 3:22 PM
olasd committed rDWAPPSf340146b1ff4: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 3:00 PM
olasd committed rDLDSVNd8fb9c450ffd: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:57 PM
olasd committed rDLDPY601ae3d6a995: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:56 PM
olasd committed rDLDHGd0cd96c3dab9: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:49 PM
olasd committed rPSD63529dcea6d3: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:44 PM
olasd committed rDLDDEB64f1c15a3f5c: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:40 PM
olasd committed rDDEPbe08eced1883: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:37 PM
olasd committed rDLDTARb48479ee4a28: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:31 PM
olasd committed rDLDDIR62e892fdf7ed: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:30 PM
olasd committed rDVAUb6595f1a18c4: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:29 PM
olasd committed rDLDGfd9f6276395b: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:26 PM
olasd committed rDLDBASEbfa93bfebe16: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:24 PM
olasd committed rDCIDXefee5995950b: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:24 PM
olasd committed rDJNLcdd7548ac441: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:21 PM
olasd committed rDLS11444ce7ce73: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:21 PM
olasd committed rDSCH91aa83c1ea9a: Boostrap buster-swh branch (authored by olasd).
Boostrap buster-swh branch
Jul 11 2019, 2:18 PM
olasd committed rPTPPc80dfea70e77: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:15 PM
olasd committed rPMK143072d0905a: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:13 PM
olasd committed rDSTO7bb5ea61392a: Bootstrap buster-swh branch. (authored by olasd).
Bootstrap buster-swh branch.
Jul 11 2019, 2:06 PM
olasd committed rDSTOe102cd1ede86: No change rebuild with proper distribution in changelog (authored by olasd).
No change rebuild with proper distribution in changelog
Jul 11 2019, 2:04 PM
olasd committed rDSTO8f3009ba7f97: Drop useless build-dependency on swh.scheduler (authored by olasd).
Drop useless build-dependency on swh.scheduler
Jul 11 2019, 1:54 PM
olasd committed rDSTO043c57bf6d07: Drop useless dependency on swh.scheduler (authored by olasd).
Drop useless dependency on swh.scheduler
Jul 11 2019, 1:52 PM
olasd committed rCJSWH95fedc6147c1: There's no ceph repo for buster yet (authored by olasd).
There's no ceph repo for buster yet
Jul 11 2019, 1:52 PM
olasd committed rDOBJS08bf0a5c85ba: Boostrap buster-swh branch (authored by olasd).
Boostrap buster-swh branch
Jul 11 2019, 1:46 PM
olasd committed rDMODf5e56fd3d802: Bootstrap buster-swh (authored by olasd).
Bootstrap buster-swh
Jul 11 2019, 1:39 PM
olasd committed rDCOREd7f1805e2505: No changes rebuild, again (authored by olasd).
No changes rebuild, again
Jul 11 2019, 1:36 PM
olasd committed rDCOREb31a9eabe59b: No changes rebuild (authored by olasd).
No changes rebuild
Jul 11 2019, 1:33 PM
olasd committed rDCORE7ff50d50b77b: Boostrap buster-swh branch (authored by olasd).
Boostrap buster-swh branch
Jul 11 2019, 1:25 PM
olasd committed rCJSWHbb5704d6990c: Create buster debian chroots (authored by olasd).
Create buster debian chroots
Jul 11 2019, 12:28 PM
olasd accepted D1719: Rename Jenkins cypress job for Phabricator Diff.
Jul 11 2019, 11:51 AM

Jul 10 2019

olasd closed T1894: De-containerify uffizi as Resolved.

So, that all happened and uffizi is now bare metal.

Jul 10 2019, 7:08 PM · System administration
olasd closed T1894: De-containerify uffizi, a subtask of T1893: Prepare the addition of the new storage array on 2019-07-12, as Resolved.
Jul 10 2019, 7:08 PM · System administration
olasd closed T1895: De-baremetalify louvre as Resolved.

I've moved the backup crons to uffizi for now.

Jul 10 2019, 6:41 PM · System administration
olasd closed T1895: De-baremetalify louvre, a subtask of T1894: De-containerify uffizi, as Resolved.
Jul 10 2019, 6:41 PM · System administration
olasd committed rSPSITE57a00a8aa4d9: add intel-microcode to uffizi packages (authored by olasd).
add intel-microcode to uffizi packages
Jul 10 2019, 6:28 PM
olasd committed rSPSITE933aea5ace4d: Decommission louvre as a bare metal host, replace it with uffizi (authored by olasd).
Decommission louvre as a bare metal host, replace it with uffizi
Jul 10 2019, 6:25 PM
olasd added a comment to T1895: De-baremetalify louvre.

So, moving it to uffizi then; got it :)

Jul 10 2019, 5:34 PM · System administration
olasd committed rSPSITEaa52bb614b3e: decommission louvre (authored by olasd).
decommission louvre
Jul 10 2019, 5:24 PM
olasd updated the task description for T1894: De-containerify uffizi.
Jul 10 2019, 4:54 PM · System administration
olasd committed rSPSITE263897057cfc: Bump puppet/kafka to 5.3.0 (authored by olasd).
Bump puppet/kafka to 5.3.0
Jul 10 2019, 4:39 PM
olasd committed rSPSITE568fbc6a6c57: Add limit_nofile to kafka broker configuration (authored by olasd).
Add limit_nofile to kafka broker configuration
Jul 10 2019, 4:39 PM
olasd committed rSPSITE362ec3d027a2: Add restart on failure to kafka service (authored by olasd).
Add restart on failure to kafka service
Jul 10 2019, 4:39 PM
olasd added a comment to T1894: De-containerify uffizi.
root@louvre:~# sudo udevadm test-builtin net_id /sys/class/net/eth2
calling: test-builtin
=== trie on-disk ===
tool version:          232
file size:         8441068 bytes
header size             80 bytes
strings            1846908 bytes
nodes              6594080 bytes
Load module index
Found container virtualization none
timestamp of '/etc/systemd/network' changed
timestamp of '/lib/systemd/network' changed
Parsed configuration file /lib/systemd/network/99-default.link
Created link configuration context.
ID_NET_NAME_MAC=enxecf4bbdd4222
ID_OUI_FROM_DATABASE=Dell Inc.
ID_NET_NAME_ONBOARD=eno3
ID_NET_LABEL_ONBOARD=enNIC3
ID_NET_NAME_PATH=enp1s0f2
Unload module index
Unloaded link configuration context.
root@louvre:~# sudo udevadm test-builtin net_id /sys/class/net/eth3
calling: test-builtin
=== trie on-disk ===
tool version:          232
file size:         8441068 bytes
header size             80 bytes
strings            1846908 bytes
nodes              6594080 bytes
Load module index
Found container virtualization none
timestamp of '/etc/systemd/network' changed
timestamp of '/lib/systemd/network' changed
Parsed configuration file /lib/systemd/network/99-default.link
Created link configuration context.
ID_NET_NAME_MAC=enxecf4bbdd4223
ID_OUI_FROM_DATABASE=Dell Inc.
ID_NET_NAME_ONBOARD=eno4
ID_NET_LABEL_ONBOARD=enNIC4
ID_NET_NAME_PATH=enp1s0f3
Unload module index
Unloaded link configuration context.
Jul 10 2019, 3:58 PM · System administration
olasd added a comment to T1894: De-containerify uffizi.

I'm not 100% certain about the config of the array management interfaces as the system is going to move to predictable interface names that I'm not quite sure how to predict...

Jul 10 2019, 3:56 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 10 2019, 3:54 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 10 2019, 3:09 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 10 2019, 2:57 PM · System administration
olasd accepted D1713: Increase rate-limit for swh_api_origin_visit_latest..
Jul 10 2019, 2:45 PM
olasd added a comment to T1895: De-baremetalify louvre.

For backup centralization, it can stay there for now I guess.

Jul 10 2019, 2:12 PM · System administration

Jul 9 2019

olasd committed rSPSITE0385e58a7ea6: Revert "Bump icinga2 to 2.1.1" (authored by olasd).
Revert "Bump icinga2 to 2.1.1"
Jul 9 2019, 7:37 PM
olasd added a reverting change for rSPSITEed401102a1ab: Bump icinga2 to 2.1.1: rSPSITE0385e58a7ea6: Revert "Bump icinga2 to 2.1.1".
Jul 9 2019, 7:37 PM
olasd committed rSPSITEed401102a1ab: Bump icinga2 to 2.1.1 (authored by olasd).
Bump icinga2 to 2.1.1
Jul 9 2019, 7:30 PM
olasd committed rSPSITEdf46526953aa: Bump apt to 7.0.1 (authored by olasd).
Bump apt to 7.0.1
Jul 9 2019, 7:16 PM
olasd committed rSPSITE327bf8bb5de8: Make louvre.internal.softwareheritage.org a new node (authored by olasd).
Make louvre.internal.softwareheritage.org a new node
Jul 9 2019, 7:04 PM
olasd added a comment to T1895: De-baremetalify louvre.
In T1895#35132, @olasd wrote:

I've setup a new virtual machine (aptly called "louvre") and I've given it the following setup:

  • bare buster install, two network interfaces (private one with a temp ip address, public one unplugged)
  • openvpn installed and config copied over from the original louvre (/etc/openvpn)
    • regenerated larger dh parameters so it would start
  • strongswan installed and config copied over from louvre (/etc/ipsec.secrets and /etc/ipsec.conf)
  • network config copied over from louvre and trimmed down

Looks like both services start up properly (and hiccup because the public ip address isn't really working yet).
To actually switch network related stuff over:

  1. give current-louvre a new internal ip address
  2. stop openvpn and strongswan on current-louvre
  3. remove current-louvre's 100.1 and public ip addresses
  4. clean up current-louvre's firewall config
  5. add a new default route to 100.1 on current-louvre
  6. reboot new-louvre with its new network setup

This should only be a minute or two downtime.

Jul 9 2019, 7:03 PM · System administration
olasd added a comment to T1895: De-baremetalify louvre.

I've setup a new virtual machine (aptly called "louvre") and I've given it the following setup:

  • bare buster install, two network interfaces (private one with a temp ip address, public one unplugged)
  • openvpn installed and config copied over from the original louvre (/etc/openvpn)
    • regenerated larger dh parameters so it would start
  • strongswan installed and config copied over from louvre (/etc/ipsec.secrets and /etc/ipsec.conf)
  • network config copied over from louvre and trimmed down
Jul 9 2019, 6:29 PM · System administration
olasd added a comment to T1876: staging infra: Configure DNS zones.

So, internal-staging.softwareheritage.org feels like a really long base domain name, but I don't have a snappy alternative suggestion that gives me warm fuzzies.

Jul 9 2019, 5:34 PM · System administration

Jul 8 2019

olasd added a comment to T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.

I've now started work on refactoring the way we do Apache Virtual hosts in puppet, but it's still somewhat of a mess with the number of settings that still vary across hosts.

Jul 8 2019, 7:02 PM · System administration
olasd updated the task description for T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.
Jul 8 2019, 7:00 PM · System administration
olasd added a comment to T1895: De-baremetalify louvre.

I've moved the clustershell setup to pergamon, by installing the clustershell command then copying the following files over:

Jul 8 2019, 5:58 PM · System administration
olasd changed the status of T1895: De-baremetalify louvre from Open to Work in Progress.

I've done the first step of this, which is separating louvre from the rest of the proxmox cluster, following the instructions on https://pve.proxmox.com/wiki/Cluster_Manager#_remove_a_cluster_node.

Jul 8 2019, 5:45 PM · System administration
olasd changed the status of T1895: De-baremetalify louvre, a subtask of T1894: De-containerify uffizi, from Open to Work in Progress.
Jul 8 2019, 5:45 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 8 2019, 3:47 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 8 2019, 2:55 PM · System administration
olasd updated the task description for T1894: De-containerify uffizi.
Jul 8 2019, 2:51 PM · System administration
olasd triaged T1895: De-baremetalify louvre as High priority.
Jul 8 2019, 2:44 PM · System administration
olasd triaged T1894: De-containerify uffizi as High priority.
Jul 8 2019, 2:13 PM · System administration
olasd triaged T1893: Prepare the addition of the new storage array on 2019-07-12 as High priority.
Jul 8 2019, 2:11 PM · System administration
olasd updated the task description for T1891: Make 'type' an attribute of origin visits, not origins.
Jul 8 2019, 2:07 PM

Jul 5 2019

olasd committed rSPSITE5ba3bc25130e: letsencrypt_gandi_paas: only push each cert once (authored by olasd).
letsencrypt_gandi_paas: only push each cert once
Jul 5 2019, 9:17 AM
olasd committed rSPSITE5bee98485726: Push more TLS certificates on Gandi infrastructure (authored by olasd).
Push more TLS certificates on Gandi infrastructure
Jul 5 2019, 9:14 AM

Jul 4 2019

olasd added a comment to T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.
In T979#34731, @olasd wrote:

After swapping in some memories from the Gandi simple hosting stuff, it's possible to upload certificates to Gandi using the legacy XML-RPC API. There's no explicit linking of certificates between the certificates API and the PaaS API, and ISTR that the PaaS stuff just picks up certificates automatically once uploaded.

Jul 4 2019, 5:53 PM · System administration
olasd updated the task description for T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.
Jul 4 2019, 5:52 PM · System administration
olasd committed rSPSITE40c5992608c5: letsencrypt: support extra options in deploy hooks (authored by olasd).
letsencrypt: support extra options in deploy hooks
Jul 4 2019, 5:26 PM
olasd committed rSPSITEd42413f88cfd: letsencrypt_gandi_paas: Use the proper signature for the rpc command (authored by olasd).
letsencrypt_gandi_paas: Use the proper signature for the rpc command
Jul 4 2019, 5:17 PM
olasd committed rSPSITEc03b2381a437: Add a Let's Encrypt hook to push certificates to Gandi's XML-RPC (authored by olasd).
Add a Let's Encrypt hook to push certificates to Gandi's XML-RPC
Jul 4 2019, 5:07 PM
olasd committed rSPSITE1acc70a5e20e: letsencrypt: Dynamically load deploy hooks (authored by olasd).
letsencrypt: Dynamically load deploy hooks
Jul 4 2019, 5:07 PM
olasd committed rSPPRIVC52250f2ef77c: Add censored production gandi xmlrpc key (authored by olasd).
Add censored production gandi xmlrpc key
Jul 4 2019, 5:00 PM
olasd committed rSPSITE1415e8c0eec7: Drop most mentions of "latest" packages (authored by olasd).
Drop most mentions of "latest" packages
Jul 4 2019, 4:09 PM
olasd added a comment to T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.

After swapping in some memories from the Gandi simple hosting stuff, it's possible to upload certificates to Gandi using the legacy XML-RPC API. There's no explicit linking of certificates between the certificates API and the PaaS API, and ISTR that the PaaS stuff just picks up certificates automatically once uploaded.

Jul 4 2019, 9:14 AM · System administration

Jul 3 2019

olasd updated the task description for T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards.
Jul 3 2019, 8:20 PM · System administration
olasd changed the status of T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards from Open to Work in Progress.

After some puppet work:

Jul 3 2019, 8:19 PM · System administration
olasd changed the status of T979: Migrate TLS certificates away from the *.softwareheritage.org wildcards, a subtask of T1175: renews SSL certificats for {www,}softwareheritage.org, from Open to Work in Progress.
Jul 3 2019, 8:19 PM · System administration
olasd committed rSPSITE402f25159f13: letsencrypt: follow symlinks when exporting certificates to the puppetmaster (authored by olasd).
letsencrypt: follow symlinks when exporting certificates to the puppetmaster
Jul 3 2019, 7:59 PM
olasd committed rSPSITEf68769cdf889: letsencrypt: Don't add a newline at the end of certificate files (authored by olasd).
letsencrypt: Don't add a newline at the end of certificate files
Jul 3 2019, 7:59 PM
olasd committed rSPSITEb1fe703ad4b0: Implement pulling letsencrypt certificates from the puppet master (authored by olasd).
Implement pulling letsencrypt certificates from the puppet master
Jul 3 2019, 7:48 PM
olasd committed rSPSITE0cf9392c96db: Move stats_web vhost to letsencrypt (authored by olasd).
Move stats_web vhost to letsencrypt
Jul 3 2019, 7:48 PM