VM in SCL3 for KRAD/Icecast/AirMozilla encoding

RESOLVED FIXED

Status

Infrastructure & Operations
Virtualization
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: jakem, Assigned: Aj)

Tracking

Details

(Reporter)

Description

4 years ago
Not really sure what the specs on this need to be, but let's just start and see where we end up... we can probably ramp up whatever is needed.

Name should be krad1.corpdmz.scl3.mozilla.com

2 CPUs
4GB RAM
20GB disk
RHEL6 64-bit

Thanks!

Updated

4 years ago
Assignee: server-ops-virtualization → dparsons

Comment 1

4 years ago
Arch Linux please
(Reporter)

Comment 2

4 years ago
Why Arch? Is there a particular reason that we can't / shouldn't use RHEL or Ubuntu?

My concern is that I don't think we have any other Arch systems anywhere in Mozilla IT... we'd be creating something that very few people would be able to work on, and we'd be excluding the possibility of ever hooking up our existing Puppet infrastructure. For that matter we can't even kickstart it like we usually do... installation will take significantly more SRE time than usual.

Just to make sure we're on the same page, this VM is intended to be the replacement for your personal "europa" system so we can start using KRAD for AirMozilla production work.
Note: Arch Linux often breaks hard on update (manual interventions required), which can cause delays for security upgrades due to the additional maintenance time required,  see: https://www.archlinux.org/ (this is where they list such update breakage).

If everyone agrees on Arch regardless, make sure we're ready to do such interventions automatically (its not trivial)

Comment 4

4 years ago
(In reply to David Richards from comment #1)
> Arch Linux please

Infrastructure systems need to run a supported OS, which is RHEL or Ubuntu, for the reasons that Jake states. Arch is a nice OS, and I run it myself, but setting it up, maintaining it, fixing it, and responding to security incidents involving it will take considerably more human time and also break compatibility with automation tools.

Comment 5

4 years ago
Didn't mean to cause a rukus ;P I expected to maintain the system myself so none of this occured to me. Security wise the only exposed ports would be ssh and KR itself. Do I even get shell access? I could live with whatever the most recent supported ubuntu is, RHEL6 is probably so far back that I'd be in dependency hell, last time I was working with KR on ubuntu, all the dependencies were in universe.
(Reporter)

Comment 6

4 years ago
Talked to David on this... let's do Ubuntu for this. 64-bit, 13.04. 13.10 should be out within the next month... we should be able to upgrade pretty easily when it's here.

Updated

4 years ago
Assignee: dparsons → afernandez
(Assignee)

Updated

4 years ago
Depends on: 927221
(Assignee)

Comment 7

4 years ago
krad1.corpdmz.scl3.mozilla.com is online with Ubuntu 13.04-server, added to inventory, puppetized and basic nagios checks added.

There are some pending errors relating to the following two puppet modules;
audit
mcollective

but all else is good. Will be filing bugs so that the respective module owners could fix.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Comment 8

4 years ago
Side note, ssh+sudo access granted to David Richards.
(Assignee)

Comment 9

4 years ago
Oh and CPUs bumped to 4 sockets.

Bump bump!

Comment 10

4 years ago
Please remove the L+IOQhaSN9 oneman@rawdod4 pubkey from my ldap and add the following keys:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH7/hxO3NqxyDNHoRUWqVOK55prb8SJVrTMVoSOnGn+zsIRnPzeV+9abmLM1St4Gav6RGq61OSIGG+VqzLCbIZ3u+VtI2mqhqLALXhpnDWGl4zpTErF/GfKvjXvqgVO942DVLNr7+M7YTuyfBQYa1L1LIsU+ML9lGCUqd+7pq/s9zKKI1lngUjlbTkSimGeSnzOh00K80awaGlhkgrpm95GSzEqBEjhUYYm6KETWHkEIMOIRBgr2HtjmcdjxdMdr0kaWnfn2QgDjAvJgZ0G1Z2jdbk9Uobi5yhr8sv2aLb8ikVhATXNaad6/U4mEDp02fRUuMcCH/i6fbKqKoKt2nJ oneman@kradmoz

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhQdCWXIsAPpYvKmyAqXIUBsntvyq02QzC5ElOrAjkCmBDVaJqiRRUGj1Aw2c6aoReeWw43Rg0Kx57M6X2PGXSGNlsgJPxfGMlw7W122aiXyTHCdAGCP8F4fntsAaKuBoYjkDJRRhfNsptHxR8PYEOCh3x+A+31K/S87hSQlYZ4UCi6hcQZ+v6c9rjtUIgTWv+5SEUFOIFpyG1poQ8NBbVqodhTOnlltTsUPQ7DwBkq16GdyPzlaTrfUKbz3XLReox19ds/USn70l8Qaf7Jn+AomPRpVGdjlNBOSLpr9+3NzhMwDpPTgFHnjUk5PfwLEhWgT/m0OYO2hmriJ8H+c1r oneman@kradhome
(Assignee)

Comment 11

4 years ago
ldap updated.

Please allow 15-45 minutes for the changes to take affect.
(Assignee)

Comment 12

4 years ago
Added DC proxy settings as well.

Comment 13

4 years ago
Aj is the sysadmin I have been searching for all these years.
(In reply to David Richards from comment #13)
> Aj is the sysadmin I have been searching for all these years.

I'll ask the Bugzilla admins to add an "engagement" flag for this bug.
(In reply to David Richards from comment #13)
> Aj is the sysadmin I have been searching for all these years.

That's how my guys roll! Thanks :D
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.