Closed Bug 925041 Opened 11 years ago Closed 11 years ago

VM in SCL3 for KRAD/Icecast/AirMozilla encoding

Categories

(Infrastructure & Operations :: Virtualization, task)

Product:
Infrastructure & Operations
Component:
Virtualization
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nmaul, Assigned: afernandez)

References

Details

Not really sure what the specs on this need to be, but let's just start and see where we end up... we can probably ramp up whatever is needed.

Name should be krad1.corpdmz.scl3.mozilla.com

2 CPUs
4GB RAM
20GB disk
RHEL6 64-bit

Thanks!
Assignee: server-ops-virtualization → dparsons
Arch Linux please
Why Arch? Is there a particular reason that we can't / shouldn't use RHEL or Ubuntu?

My concern is that I don't think we have any other Arch systems anywhere in Mozilla IT... we'd be creating something that very few people would be able to work on, and we'd be excluding the possibility of ever hooking up our existing Puppet infrastructure. For that matter we can't even kickstart it like we usually do... installation will take significantly more SRE time than usual.

Just to make sure we're on the same page, this VM is intended to be the replacement for your personal "europa" system so we can start using KRAD for AirMozilla production work.
Note: Arch Linux often breaks hard on update (manual interventions required), which can cause delays for security upgrades due to the additional maintenance time required,  see: https://www.archlinux.org/ (this is where they list such update breakage).

If everyone agrees on Arch regardless, make sure we're ready to do such interventions automatically (its not trivial)
(In reply to David Richards from comment #1)
> Arch Linux please

Infrastructure systems need to run a supported OS, which is RHEL or Ubuntu, for the reasons that Jake states. Arch is a nice OS, and I run it myself, but setting it up, maintaining it, fixing it, and responding to security incidents involving it will take considerably more human time and also break compatibility with automation tools.
Didn't mean to cause a rukus ;P I expected to maintain the system myself so none of this occured to me. Security wise the only exposed ports would be ssh and KR itself. Do I even get shell access? I could live with whatever the most recent supported ubuntu is, RHEL6 is probably so far back that I'd be in dependency hell, last time I was working with KR on ubuntu, all the dependencies were in universe.
Talked to David on this... let's do Ubuntu for this. 64-bit, 13.04. 13.10 should be out within the next month... we should be able to upgrade pretty easily when it's here.
Assignee: dparsons → afernandez
Depends on: 927221
krad1.corpdmz.scl3.mozilla.com is online with Ubuntu 13.04-server, added to inventory, puppetized and basic nagios checks added.

There are some pending errors relating to the following two puppet modules;
audit
mcollective

but all else is good. Will be filing bugs so that the respective module owners could fix.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Side note, ssh+sudo access granted to David Richards.
Oh and CPUs bumped to 4 sockets.

Bump bump!
Please remove the L+IOQhaSN9 oneman@rawdod4 pubkey from my ldap and add the following keys:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH7/hxO3NqxyDNHoRUWqVOK55prb8SJVrTMVoSOnGn+zsIRnPzeV+9abmLM1St4Gav6RGq61OSIGG+VqzLCbIZ3u+VtI2mqhqLALXhpnDWGl4zpTErF/GfKvjXvqgVO942DVLNr7+M7YTuyfBQYa1L1LIsU+ML9lGCUqd+7pq/s9zKKI1lngUjlbTkSimGeSnzOh00K80awaGlhkgrpm95GSzEqBEjhUYYm6KETWHkEIMOIRBgr2HtjmcdjxdMdr0kaWnfn2QgDjAvJgZ0G1Z2jdbk9Uobi5yhr8sv2aLb8ikVhATXNaad6/U4mEDp02fRUuMcCH/i6fbKqKoKt2nJ oneman@kradmoz

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhQdCWXIsAPpYvKmyAqXIUBsntvyq02QzC5ElOrAjkCmBDVaJqiRRUGj1Aw2c6aoReeWw43Rg0Kx57M6X2PGXSGNlsgJPxfGMlw7W122aiXyTHCdAGCP8F4fntsAaKuBoYjkDJRRhfNsptHxR8PYEOCh3x+A+31K/S87hSQlYZ4UCi6hcQZ+v6c9rjtUIgTWv+5SEUFOIFpyG1poQ8NBbVqodhTOnlltTsUPQ7DwBkq16GdyPzlaTrfUKbz3XLReox19ds/USn70l8Qaf7Jn+AomPRpVGdjlNBOSLpr9+3NzhMwDpPTgFHnjUk5PfwLEhWgT/m0OYO2hmriJ8H+c1r oneman@kradhome
ldap updated.

Please allow 15-45 minutes for the changes to take affect.
Added DC proxy settings as well.
Aj is the sysadmin I have been searching for all these years.
(In reply to David Richards from comment #13)
> Aj is the sysadmin I have been searching for all these years.

I'll ask the Bugzilla admins to add an "engagement" flag for this bug.
(In reply to David Richards from comment #13)
> Aj is the sysadmin I have been searching for all these years.

That's how my guys roll! Thanks :D
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.