sysadmin issueshttps://gitlab.tails.boum.org/tails/sysadmin/-/issues2020-05-15T14:39:37Zhttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/15071Make our server backup process more usable2020-05-15T14:39:37ZintrigeriMake our server backup process more usable_Originally created by @intrigeri on [#15071 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15071)_
### Subtasks
- [x] tails/sysadmin#16165
- [x] tails/sysadmin#16202
- [x] tails/sysadmin#16211
..._Originally created by @intrigeri on [#15071 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15071)_
### Subtasks
- [x] tails/sysadmin#16165
- [x] tails/sysadmin#16202
- [x] tails/sysadmin#16211
- [x] tails/sysadmin#16214
- [x] tails/sysadmin#16215
- [x] tails/sysadmin#16234
### Related issuesTails_3.16intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/16232Run a nameserver for the {amnesia,tails}.boum.org sub-zones2020-05-15T13:24:10ZintrigeriRun a nameserver for the {amnesia,tails}.boum.org sub-zones_Originally created by @intrigeri on [#16232 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16232)_
… so our mirror admins can keep controlling it once boum.org’s NS has
migrated to its new home.
Then:
- ~~merg..._Originally created by @intrigeri on [#16232 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16232)_
… so our mirror admins can keep controlling it once boum.org’s NS has
migrated to its new home.
Then:
- ~~merge the 2 `mirrors.git` somehow~~
- ~~adapt mirror team scripts if needed~~
- ~~update mirror team doc~~
- ~~add monitoring of this NS~~
- \-document on
<https://tails.boum.org/contribute/working_together/roles/sysadmins/->
(tails/tails#16254)
### Related issues
- [x] **Blocked by** tails/sysadmin#15513Tails_3.16intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/16460Upgrade puppet-git.lizard to Buster2020-05-15T13:14:50ZintrigeriUpgrade puppet-git.lizard to Buster_Originally created by @intrigeri on [#16460 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16460)_
It’s getting too hard to run PuppetDB on Stretch.
What we have to do:
- ~~check release notes & upgrade doc~~
..._Originally created by @intrigeri on [#16460 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16460)_
It’s getting too hard to run PuppetDB on Stretch.
What we have to do:
- ~~check release notes & upgrade doc~~
- ~~check modules compatibility~~
This is a rough plan that might work:
- ~~Move /var/lib/gitolite to its own (virtual) disk. Now we’ll have 3
gitolite disks.~~
- ~~Clone the current puppet master vm (change its mac address) —
creates new master.~~
- ~~Temporarily rename sshd onion service on new VM~~
- ~~Follow important part of the doc on creating new vm.~~
- ~~Add it as a node to itself.~~
- ~~Pin the puppetdb version.~~
- ~~Upgrade to buster~~
- Ensure PuppetDB data goes through schema migration; run `puppetdb
upgrade -c /etc/puppetdb/conf.d/config.ini` if needed.
- ~~Make sure we have the `pg_trgm` PostgreSQL extension enabled.~~
- ~~Unpin the puppetdb version and downgrade.~~
- ~~Check puppetmaster logs for errors and deprecations and fix
them.~~
- ~~Point every agent to the new master *once* with `--noop` to
identify obvious issues.~~
- ~~Deal with issues by pushing fixes to new master.~~
- ~~Migrate from `hiera()` to `lookup()`.~~
- **\[until this point we can easily revert\]**
- ~~Shutdown old vm and mark as no autostart.~~
- ~~Disable Puppet agent on every system.~~
- ~~Point the new system drive to the old VM.~~
- ~~Merge the fixes in topic branches into master/production
branches.~~
- ~~Revert `73966287`, `0cfcfd7f`, `40111d15` and `18f135c4` in the
manifests repo.~~
- ~~Start puppet-git~~
- ~~Push all updated submodules and the main manifests repo.~~
- ~~Rename sshd onion service back to its official name on the new
VM.~~
- ~~Re-enable Puppet agent on every system, one after the other.~~
- ~~Move new VM’s disks to the correct PV (= the same as the old VM’s
disks).~~
- ~~Delete temporary disks created for `puppet-git-buster`.~~
### Related issues
- **Related to** tails/sysadmin#16927Tails_3.16intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/16854collective sysadmin redmine user2020-05-15T13:02:12Zgroentecollective sysadmin redmine user_Originally created by @groente on [#16854 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16854)_
we’d like to have a possibility of assigning tickets to the sysadmin
team in general.
for this we’d need to:
\- c..._Originally created by @groente on [#16854 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16854)_
we’d like to have a possibility of assigning tickets to the sysadmin
team in general.
for this we’d need to:
\- create a role user for our team on Redmine
\- communicate about it to -summit@ (and in our doc?)
\- update or deprecate
<https://redmine.tails.boum.org/code/projects/tails/issues?query_id=262>
and
<https://redmine.tails.boum.org/code/projects/tails/issues?query_id=267>Tails_3.16intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/16984Enable missing cronjobs for Weblate2020-05-15T12:56:14ZhefeeEnable missing cronjobs for Weblate_Originally created by @hefee on [#16984 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16984)_
As I learned from translate-server.git:weblate.mdwn why we need to run
manage.py updatechecks —all
and
manage.py re..._Originally created by @hefee on [#16984 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16984)_
As I learned from translate-server.git:weblate.mdwn why we need to run
manage.py updatechecks —all
and
manage.py rebuild\_index —all
once a day. So we should add this (again) to cronjob list.Tails_3.16intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/16996Rebase our QEMU package on top of 1:2.8+dfsg-6+deb9u82020-05-15T12:55:33ZintrigeriRebase our QEMU package on top of 1:2.8+dfsg-6+deb9u8_Originally created by @intrigeri on [#16996 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16996)_
### Related issues_Originally created by @intrigeri on [#16996 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/16996)_
### Related issuesTails_3.16intrigeriintrigeri