Fri, Dec 1
Thu, Nov 30
Turns out John already made a patch for this back in 2022: https://gerrit.wikimedia.org/r/c/operations/puppet/+/790657
We ran into this before with the Buster image, so probably we simply need to carry the previous fix forward: https://phabricator.wikimedia.org/T289694
Wed, Nov 29
Tue, Nov 28
Great work, really useful and well done!
The Ganeti version we currently run lacks support for chained certs in rapid. This was implemented in https://github.com/ganeti/ganeti/pull/1625 which I have backported to an updated ganeti 3.0.2-1~deb11u1+wmf1 package and with that RAPI access over the PKI certs is working fine.
Mon, Nov 27
I'm taking this one, for coordinationd and partly implementing myself.
Fri, Nov 24
Thu, Nov 23
Wed, Nov 22
Tue, Nov 21
There is progress, the last change only happened on October 26. This is a long standing task with low priority which is being worked on when time allows, as such I'm reassigning it myself again.
Mon, Nov 20
@Jhancock.wm Please note that these need to have virtualization enabled during provisioning, they will be used as virtualisation servers.
Fri, Nov 17
Please also enable virtualisation for these in the BIOS, they will serve as virt servers.
crm2001.codfw.wmnet has been created and configured to allow logins by fr-tech SREs. Let me know if you run into any issues, I'm resolving the task for now.
When you reimage to Bookworm, please make sure to directly reimage them into the Puppet 7 environment (by passing the -p7 parameter to the reimage cookbook). The alert* hosts are currently on Buster for which we can't use Puppet 7, that's why the current alert* hosts haven't been migrated to Puppet 7 yet.
Thu, Nov 16
Wed, Nov 15
As part of the Puppet migration we already switched all Buster clients (where version of GNUTLS had problems with the new cert) towards OpenSSL, more details in the task Southparkfan linked.
I'll also open a separate task to eventually also move Bullseye and Bookworm hosts to OpenSSL, the less we use GNUTLS the better.
Tue, Nov 14
@Dwisehaupt I think we have all data now except the hostname, see my earlier comment. crm1001 or something else?