provide ganeti VM for security team sectools
Closed, ResolvedPublic

Description

provide a ganeti VM to the security team for running security tools.

give access to @dpatrick


Labs Project Tested: n/a, used to run on a laptop
Site/Location: CODFW
Number of systems: 1
Service: n/a
Networking Requirements: internal
Processor Requirements: 1
Memory: 2GB
Disks:30G
Other Requirements: none

Dzahn created this task.Jun 25 2016, 9:46 AM
Restricted Application added subscribers: Zppix, Malyacko, Aklapper. · View Herald TranscriptJun 25 2016, 9:46 AM

Change 296206 had a related patch set uploaded (by Dzahn):
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296206

Change 296206 merged by Dzahn:
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296206

Change 296211 had a related patch set uploaded (by Dzahn):
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296211

Dzahn updated the task description. (Show Details)Jun 27 2016, 11:34 AM

Change 296211 merged by Dzahn:
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296211

Dzahn updated the task description. (Show Details)Jun 27 2016, 12:00 PM

Change 296421 had a related patch set uploaded (by Dzahn):
DHCP: add MAC for zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296421

Change 296421 merged by Dzahn:
DHCP: add MAC for zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296421

Dzahn added a comment.Jun 29 2016, 9:12 PM

The machine has been installed with a stub role and is ready to be used. The blocked task is handling the access request for Darian to get on it. That will be handled in ops meeting on Monday.

faidon reopened this task as Open.Jun 30 2016, 2:47 PM
faidon added a subscriber: faidon.

The role is still stub as you said, not sure why this task was resolved.

Dzahn added a comment.EditedJun 30 2016, 2:48 PM

Because it was about creating a VM for it. a vm-request ticket typically does not include puppetizing upcoming roles. when would you consider it resolved ?

Well OK, that's fine :) There is no description on the request on what will be included there and no other task to describe this setup. An access request has been opened for this VM now, but there's little to no information about what this VM is supposed to be :)

dpatrick edited projects, added Security-Team; removed Security.Jul 7 2016, 9:06 PM
Dzahn triaged this task as Normal priority.Jul 14 2016, 11:05 PM
Dzahn changed the task status from Open to Stalled.
Dzahn closed this task as Declined.Oct 11 2016, 6:25 PM

Closing this as the related access request T138873 has been declined. Should be reopened together with that.

It seems this vm is still in site.pp and the role is still present in puppet. Should this be removed?

Dzahn reopened this task as Open.Sep 6 2017, 5:28 PM

@EddieGP Maybe, not sure. I'll take it an reopen to figure it out.

Change 376779 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] site: remove unused virtual host 'zosma'

https://gerrit.wikimedia.org/r/376779

Change 376780 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/dns@master] remove unused VM 'zosma'

https://gerrit.wikimedia.org/r/376780

Mentioned in SAL (#wikimedia-operations) [2017-09-08T19:37:47Z] <mutante> removing ganeti instance 'zosma' on ganeti2001 (T138650)

Change 376779 merged by Dzahn:
[operations/puppet@production] site: remove unused virtual host 'zosma'

https://gerrit.wikimedia.org/r/376779

Mentioned in SAL (#wikimedia-operations) [2017-09-08T19:43:06Z] <mutante> zosma.codfw.wmnet - delete salt key, puppet node clean, puppet node deactivate, remove from Icinga,... (T138650)

Change 376780 merged by Dzahn:
[operations/dns@master] remove unused VM 'zosma'

https://gerrit.wikimedia.org/r/376780

Dzahn added a comment.Sep 8 2017, 7:51 PM

@EddieGP Thanks, yea. I removed it. Should be all done now, also DNS.

Dzahn closed this task as Resolved.Sep 8 2017, 7:52 PM
Dzahn changed the task status from Resolved to Declined.
MoritzMuehlenhoff reopened this task as Open.Sep 11 2017, 7:07 AM

@EddieGP Thanks, yea. I removed it. Should be all done now, also DNS.

There's a remaining empty group sectools-roots in data.yaml, let's also remove this?

Change 377315 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: delete unused group sectools-roots

https://gerrit.wikimedia.org/r/377315

Change 377315 merged by Dzahn:
[operations/puppet@production] admins: delete unused group sectools-roots

https://gerrit.wikimedia.org/r/377315

Dzahn added a comment.Sep 11 2017, 6:19 PM

There's a remaining empty group sectools-roots in data.yaml, let's also remove this?

Oh, thanks. Yes, done.

Dzahn closed this task as Resolved.Sep 11 2017, 6:19 PM