Workshop:2023/06/10: Difference between revisions

From SUWS-wiki
(Added a task list)
 
(→‎Task list: Fixed typos)
 
(2 intermediate revisions by the same user not shown)
Line 7: Line 7:
}}
}}
== Task list ==
== Task list ==
* Add exisiting web systems to Authentik
* Add existing web systems to authentik
** SUWS wiki
** SUWS wiki
*** Done and MediaWiki upgraded to 1.39.3.  New usernames will need to be used so they correspond with username in authentik.
*** Fixed the timelines for [[Workshops]], [[Meetings]], [[Outings]] and [[Socials]] so they now display like [[Events]]
*** Given up with RSS / iCal exports for events as no one really uses them and they have been broken for a while.
** SUWS WordPress
** SUWS WordPress
* Build new GW-B53
*** Done and fixed issues with upgrading WordPress,  Now running 6.2.2.
* Build new SWITCH-B53
*** Also upgraded all plugins needing upgrading.
** Take a look at [https://github.com/ytti/oxidized Oxidized] - For backup of switch configurations.
*** Removed all of the twenty... themes and upgraded the parent "Iconic One" theme.
*** Removed the iCal link (from the wiki) as this has been discontinued.
*** Updated RSGB icon, so "RSGB" is more readable.
*** Installed WP Mail SMTP plugin.  Configured to relay to Postfix on the server hosting the the WordPress Docker container (modified <tt>mynetworks</tt> and <tt>inet_interfaces</tt> in <b>/etc/postfix/main.cf</b>).
*** Still issues sending emails to SUWS contact email address from the form.  This looks to be an SPF issues with suws.org.uk (but not with sown.org.uk), which David Newman has raised a ticket with iSolutions to fix.
 
 
* Sort out alerts reporting on Icinga2 (some we do not control, some we can fix):
* Sort out alerts reporting on Icinga2 (some we do not control, some we can fix):
** GW-B53-NEW and KEYCLOAK report as down - Latter may benefit for a rename.
** PROCS/GW-B32 - Should we change the procs checks more generally to not include kernel thread (e.g. check_procs -k)
** PROCS/GW-B32 - Should we change the procs checks more generally to not include kernel thread (e.g. check_procs -k)
** IPMI checks for VMS-B32-1, GW-B32, GW-B53 and VMS-B53-1
*** Modified Ansible to generate new config to fix this - https://github.com/sown/ansible/pull/54
** GW-B32 unknown check: TEMP and RAID
** EXT-PING checks - These are dependent on the UoS network, so really only need notifications in extreme circumstances and ideally one in total rather than one for every IP.
** EXT-PING checks - These are dependent on the UoS network, so really only need notifications in extreme circumstances and ideally one in total rather than one for every IP.
* Migrating VMs to LXD (from VMS-B32-1 to VMS-B53-1) and then install LXD on VMS-B32-1
*** Modified monitoring config on MONITOR2 matching on service's <tt>command_endpoint</tt> and setting <tt>times.begin = 15m</tt>. 
* Take a look at [https://www.firezone.dev/ Firezone] - For provisioning VPN (WireGuard) tunnels
*** Only modified for Discord service notifications and not IRC service notifications so they can be compared.
*** Will create a pull request when we have confirmation this issue fixed.
 
 
* Take a look at [https://github.com/warp-tech/warpgate Warpgate] - For SSO backed SSH login.
* Take a look at [https://github.com/warp-tech/warpgate Warpgate] - For SSO backed SSH login.
** Tim and Dan took a look at this and found some aspects are not yet mature. 
** Need to consider whether to wait or maybe make the modifications we need ourselves?
* Switch configuration automation
** Tyler was looking at using Ansible to help deploy/check/maintain switch configuration.
** Able to login to the switch through Ansible
** Was able to read and compare the config
** Able to generate the config out of Netbox but some work needed to get these to align.
** This may also be useful for backing up switch configuration so we won't need [https://github.com/ytti/oxidized Oxidized]
* KMIBot developments
** Dan and Tim have made some modifications

Latest revision as of 19:13, 12 June 2023

[[|]] | Current Workshop:

 | 

[[|]]

Workshop (to be) held from 15:00-19:00 on 2023-06-10 in B32 L3 North Server Room

 

Task list

  • Add existing web systems to authentik
    • SUWS wiki
      • Done and MediaWiki upgraded to 1.39.3. New usernames will need to be used so they correspond with username in authentik.
      • Fixed the timelines for Workshops, Meetings, Outings and Socials so they now display like Events
      • Given up with RSS / iCal exports for events as no one really uses them and they have been broken for a while.
    • SUWS WordPress
      • Done and fixed issues with upgrading WordPress, Now running 6.2.2.
      • Also upgraded all plugins needing upgrading.
      • Removed all of the twenty... themes and upgraded the parent "Iconic One" theme.
      • Removed the iCal link (from the wiki) as this has been discontinued.
      • Updated RSGB icon, so "RSGB" is more readable.
      • Installed WP Mail SMTP plugin. Configured to relay to Postfix on the server hosting the the WordPress Docker container (modified mynetworks and inet_interfaces in /etc/postfix/main.cf).
      • Still issues sending emails to SUWS contact email address from the form. This looks to be an SPF issues with suws.org.uk (but not with sown.org.uk), which David Newman has raised a ticket with iSolutions to fix.


  • Sort out alerts reporting on Icinga2 (some we do not control, some we can fix):
    • PROCS/GW-B32 - Should we change the procs checks more generally to not include kernel thread (e.g. check_procs -k)
    • EXT-PING checks - These are dependent on the UoS network, so really only need notifications in extreme circumstances and ideally one in total rather than one for every IP.
      • Modified monitoring config on MONITOR2 matching on service's command_endpoint and setting times.begin = 15m.
      • Only modified for Discord service notifications and not IRC service notifications so they can be compared.
      • Will create a pull request when we have confirmation this issue fixed.


  • Take a look at Warpgate - For SSO backed SSH login.
    • Tim and Dan took a look at this and found some aspects are not yet mature.
    • Need to consider whether to wait or maybe make the modifications we need ourselves?


  • Switch configuration automation
    • Tyler was looking at using Ansible to help deploy/check/maintain switch configuration.
    • Able to login to the switch through Ansible
    • Was able to read and compare the config
    • Able to generate the config out of Netbox but some work needed to get these to align.
    • This may also be useful for backing up switch configuration so we won't need Oxidized


  • KMIBot developments
    • Dan and Tim have made some modifications