From 102152a14e9f12600853085b4863e23de248262f Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 16 Jan 2024 16:10:29 +0100 Subject: [PATCH 1/9] staging: garage v0.9.1-pre (not yet released nor tagged), diplonat with STUN flapping fix --- cluster/staging/app/core/deploy/diplonat.hcl | 2 +- cluster/staging/app/garage/deploy/garage.hcl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/staging/app/core/deploy/diplonat.hcl b/cluster/staging/app/core/deploy/diplonat.hcl index d8f13b2..16bc27b 100644 --- a/cluster/staging/app/core/deploy/diplonat.hcl +++ b/cluster/staging/app/core/deploy/diplonat.hcl @@ -22,7 +22,7 @@ job "core-diplonat" { "#iptables", "#bash", "#coreutils", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73" + "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493" ] command = "diplonat" } diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl index e5b1dc6..5ba1b4a 100644 --- a/cluster/staging/app/garage/deploy/garage.hcl +++ b/cluster/staging/app/garage/deploy/garage.hcl @@ -26,8 +26,8 @@ job "garage-staging" { packages = [ "#bash", # so that we can enter a shell inside container "#coreutils", - # garage v0.9.0 - "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665", + # garage v0.9.1-rc + "git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef", ] command = "garage" args = [ "server" ] From 56e4dd954fa5e0baa5fbd5fbf1de12ca10318a82 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 16 Jan 2024 16:30:33 +0100 Subject: [PATCH 2/9] staging: add ram for im replicate-db --- cluster/staging/app/im/deploy/im-nix.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/staging/app/im/deploy/im-nix.hcl b/cluster/staging/app/im/deploy/im-nix.hcl index c7b500f..b8a2bbe 100644 --- a/cluster/staging/app/im/deploy/im-nix.hcl +++ b/cluster/staging/app/im/deploy/im-nix.hcl @@ -192,8 +192,8 @@ EOH } resources { - memory = 200 - memory_max = 200 + memory = 500 + memory_max = 500 cpu = 100 } } From a21493745d9ce9791319a06243a2c6f10a55eaaa Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 17 Jan 2024 12:38:53 +0100 Subject: [PATCH 3/9] prod: update diplonat and make garage restart on template changes again Diplonat update prevents unnecessary flapping of autodiscovered ip addresses, which was the cause of useless restarts of the garage daemon. But in principle we want Garage to be restarted if the ipv6 address changes as it indicates changes in the network. --- cluster/prod/app/core/deploy/diplonat.hcl | 2 +- cluster/prod/app/garage/deploy/garage.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/prod/app/core/deploy/diplonat.hcl b/cluster/prod/app/core/deploy/diplonat.hcl index 6f2b796..ce5bccf 100644 --- a/cluster/prod/app/core/deploy/diplonat.hcl +++ b/cluster/prod/app/core/deploy/diplonat.hcl @@ -13,7 +13,7 @@ job "core-diplonat" { driver = "docker" config { - image = "lxpz/amd64_diplonat:6" + image = "lxpz/amd64_diplonat:7" network_mode = "host" readonly_rootfs = true privileged = true diff --git a/cluster/prod/app/garage/deploy/garage.hcl b/cluster/prod/app/garage/deploy/garage.hcl index 4964a37..180f4d9 100644 --- a/cluster/prod/app/garage/deploy/garage.hcl +++ b/cluster/prod/app/garage/deploy/garage.hcl @@ -44,7 +44,7 @@ job "garage" { template { data = file("../config/garage.toml") destination = "secrets/garage.toml" - change_mode = "noop" + #change_mode = "noop" } template { From afb28a690b0c63a0e3b16d4acb4d8ceb7f6fdda8 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 17 Jan 2024 20:07:20 +0100 Subject: [PATCH 4/9] tlsproxy: temporary fix for year 2024 (TODO fix before mid-2024) --- tlsproxy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tlsproxy b/tlsproxy index 1260d21..d6a845c 100755 --- a/tlsproxy +++ b/tlsproxy @@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER" # Do actual stuff -YEAR=$(date +%Y) +#YEAR=$(date +%Y) +YEAR=2023 CERTDIR=$(mktemp -d) From be0cbea19b6304c7de1b407e636b7b705a0e2003 Mon Sep 17 00:00:00 2001 From: ADRN Date: Wed, 17 Jan 2024 20:07:46 +0100 Subject: [PATCH 5/9] =?UTF-8?q?ajout=20cl=C3=A9=20ssh=20boris,=20aeddis=20?= =?UTF-8?q?et=20vincent?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cluster/prod/cluster.nix | 12 ++++++++++++ cluster/staging/cluster.nix | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index e6f71e0..639028a 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -106,6 +106,18 @@ baptiste = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax" ]; + aeddis = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md" + ]; + boris = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0=" + ]; + vincent = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7" + ]; }; # For Garage external communication diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index 951f5bb..3f7c941 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -79,6 +79,18 @@ armael = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix" ]; + aeddis = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md" + ]; + boris = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0=" + ]; + vincent = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7" + ]; }; # For Garage ipv6 communication From 88f8f9fd1ed95e53a87d757d812661fbff75b865 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 17 Jan 2024 20:25:35 +0100 Subject: [PATCH 6/9] staging: add automatic dns names for staging machines --- cluster/staging/app/core/deploy/tricot.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/staging/app/core/deploy/tricot.hcl b/cluster/staging/app/core/deploy/tricot.hcl index 1446359..62c8030 100644 --- a/cluster/staging/app/core/deploy/tricot.hcl +++ b/cluster/staging/app/core/deploy/tricot.hcl @@ -82,6 +82,7 @@ EOH name = "tricot-http" port = "http_port" tags = [ + "d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org", "d53-aaaa ${meta.site}.site.staging.deuxfleurs.org", "d53-aaaa staging.deuxfleurs.org", "(diplonat (tcp_port 80))" From ab481c5e70f3d4a306296890c405911876956209 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 17 Jan 2024 20:30:00 +0100 Subject: [PATCH 7/9] staging: use dynamic dns names to connect to nodes for deployment --- cluster/staging/ssh_config | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index 08cac54..54c0f01 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -1,18 +1,24 @@ UserKnownHostsFile ./cluster/staging/known_hosts Host caribou - HostName caribou.machine.deuxfleurs.fr + #HostName caribou.machine.deuxfleurs.fr + HostName caribou.machine.staging.deuxfleurs.org Host carcajou - HostName carcajou.machine.deuxfleurs.fr + #HostName carcajou.machine.deuxfleurs.fr + HostName carcajou.machine.staging.deuxfleurs.org Host origan - HostName origan.df.trinity.fr.eu.org + #HostName origan.df.trinity.fr.eu.org + HostName origan.machine.staging.deuxfleurs.org Host piranha - ProxyJump carcajou.machine.deuxfleurs.fr - HostName 10.14.3.1 #HostName piranha.polyno.me + #OR + #ProxyJump carcajou.machine.deuxfleurs.fr + #HostName 10.14.3.1 + HostName piranha.machine.staging.deuxfleurs.org Host df-pw5 - HostName df-pw5.machine.deuxfleurs.fr + #HostName df-pw5.machine.deuxfleurs.fr + HostName df-pw5.machine.staging.deuxfleurs.org From 572822093c71a0c93853c75a14dfea09ce4c6fbf Mon Sep 17 00:00:00 2001 From: adrien Date: Wed, 17 Jan 2024 19:33:33 +0000 Subject: [PATCH 8/9] Changement du guide onboarding avec une config ssh aux petits oignons --- doc/onboarding.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/doc/onboarding.md b/doc/onboarding.md index 2ebd9f8..e8d8bd3 100644 --- a/doc/onboarding.md +++ b/doc/onboarding.md @@ -17,12 +17,26 @@ Basically: Edit your `~/.ssh/config` file with content such as the following: ``` -Host dahlia - HostName dahlia.machine.deuxfleurs.fr - LocalForward 14646 127.0.0.1:4646 - LocalForward 8501 127.0.0.1:8501 - LocalForward 1389 bottin.service.prod.consul:389 - LocalForward 5432 psql-proxy.service.prod.consul:5432 +# Deuxfleurs prod +Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk + HostName %h.machine.deuxfleurs.fr + IdentityFile ~/.ssh/deuxfleurs_ed25519 + User adrien + LocalForward 14646 127.0.0.1:4646 + LocalForward 8501 127.0.0.1:8501 + LocalForward 1389 bottin.service.prod.consul:389 + LocalForward 5432 psql-proxy.service.prod.consul:5432 + +# Deuxfleurs staging +Host piranha df-pw5 # et autres + HostName %h.machine.deuxfleurs.fr + IdentityFile ~/.ssh/deuxfleurs_ed25519 + User adrien + LocalForward 14646 127.0.0.1:4646 + LocalForward 8501 127.0.0.1:8501 + LocalForward 1389 bottin.service.prod.consul:389 + LocalForward 5432 psql-proxy.service.prod.consul:5432 + ``` Then run the TLS proxy and leave it running: From 3ff35c552765dc49a8cad8dd9d4c44d05907f5ff Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 17 Jan 2024 20:43:59 +0100 Subject: [PATCH 9/9] staging: new hostnames in known_hosts --- cluster/staging/known_hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/staging/known_hosts b/cluster/staging/known_hosts index cc52366..d6a63da 100644 --- a/cluster/staging/known_hosts +++ b/cluster/staging/known_hosts @@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh 10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co 192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ 2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co +carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ +caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22