Page MenuHomePhabricator

provide ganeti VM for security team sectools
Closed, ResolvedPublic

Description

provide a ganeti VM to the security team for running security tools.

give access to @dpatrick


Labs Project Tested: n/a, used to run on a laptop
Site/Location: CODFW
Number of systems: 1
Service: n/a
Networking Requirements: internal
Processor Requirements: 1
Memory: 2GB
Disks:30G
Other Requirements: none

Event Timeline

Change 296206 had a related patch set uploaded (by Dzahn):
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296206

Change 296206 merged by Dzahn:
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296206

Change 296211 had a related patch set uploaded (by Dzahn):
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296211

Change 296211 merged by Dzahn:
introduce zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296211

Change 296421 had a related patch set uploaded (by Dzahn):
DHCP: add MAC for zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296421

Change 296421 merged by Dzahn:
DHCP: add MAC for zosma.codfw.wmnet

https://gerrit.wikimedia.org/r/296421

The machine has been installed with a stub role and is ready to be used. The blocked task is handling the access request for Darian to get on it. That will be handled in ops meeting on Monday.

faidon subscribed.

The role is still stub as you said, not sure why this task was resolved.

Because it was about creating a VM for it. a vm-request ticket typically does not include puppetizing upcoming roles. when would you consider it resolved ?

Well OK, that's fine :) There is no description on the request on what will be included there and no other task to describe this setup. An access request has been opened for this VM now, but there's little to no information about what this VM is supposed to be :)

Dzahn changed the task status from Open to Stalled.Jul 14 2016, 11:05 PM
Dzahn triaged this task as Medium priority.

Closing this as the related access request T138873 has been declined. Should be reopened together with that.

It seems this vm is still in site.pp and the role is still present in puppet. Should this be removed?

@EddieGP Maybe, not sure. I'll take it an reopen to figure it out.

Change 376779 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] site: remove unused virtual host 'zosma'

https://gerrit.wikimedia.org/r/376779

Change 376780 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/dns@master] remove unused VM 'zosma'

https://gerrit.wikimedia.org/r/376780

Mentioned in SAL (#wikimedia-operations) [2017-09-08T19:37:47Z] <mutante> removing ganeti instance 'zosma' on ganeti2001 (T138650)

Change 376779 merged by Dzahn:
[operations/puppet@production] site: remove unused virtual host 'zosma'

https://gerrit.wikimedia.org/r/376779

Mentioned in SAL (#wikimedia-operations) [2017-09-08T19:43:06Z] <mutante> zosma.codfw.wmnet - delete salt key, puppet node clean, puppet node deactivate, remove from Icinga,... (T138650)

Change 376780 merged by Dzahn:
[operations/dns@master] remove unused VM 'zosma'

https://gerrit.wikimedia.org/r/376780

@EddieGP Thanks, yea. I removed it. Should be all done now, also DNS.

Dzahn changed the task status from Resolved to Declined.
MoritzMuehlenhoff subscribed.

@EddieGP Thanks, yea. I removed it. Should be all done now, also DNS.

There's a remaining empty group sectools-roots in data.yaml, let's also remove this?

Change 377315 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: delete unused group sectools-roots

https://gerrit.wikimedia.org/r/377315

Change 377315 merged by Dzahn:
[operations/puppet@production] admins: delete unused group sectools-roots

https://gerrit.wikimedia.org/r/377315

There's a remaining empty group sectools-roots in data.yaml, let's also remove this?

Oh, thanks. Yes, done.