Check-in
by Imre Jonk
Hi all,
TL;DR: we need to talk about keeping DebOps the awesome and healthy
project that it is today, for many years to come. Please voice any
concerns you may have. Also, some battle history, cuz' Maciej is a
sucker for war stories.
Let me start off this lengthy email by congratulating everyone involved
in this project with the sheer progress that we made since DebOps
0.8.1, which is the first DebOps release I got to use. In production
mind you, which may or may not have pressed Maciej to pull forward his
1.0.0 release [1].
There has been even more progress since genesis [2] (is that where the
'ginas' name came from, Maciej?). I had just started my System and
Network Engineering education at the AUAS and landed my first job as a
Debian (or initially, Ubuntu) system administrator at Bits of Freedom.
It would have been good to know a thing or two about Ansible and IT
automation back then. But I got an O'Reilly book on that subject a few
months into the job, so that was nice.
After some time I had been using Ansible for about half a year at Bits
of Freedom, but wrote all playbooks from scratch. They weren't exactly
the best quality and I still felt like I was working hard, not smart. I
had trouble reusing my own roles and had difficulty solving some
automation problems which resulted in me still doing a lot of manual
sysadmin work. This of course felt more like putting out fires instead
of real progress. I thought that Docker could save me, but no, that
only made it worse because now I still had the exact same automation
problems, but with the added complexity of container lifecycle
management.
Then, somewhere at the end of february (or beginning of march) 2019, I
decided to give this "data center in a box" thingy a try. I had just
landed my second sysadmin job at CipherMail, where the previous admin
had been doing everything by hand. Long story short, I turned off the
very last legacy, hand-managed VM last week. We now run ~45 servers
across multiple data center locations and cloud providers. There are
high availability setups in there, like our DNS, LDAP, RADIUS, mail and
web clusters. We have firewalls, load balancers, DNSSEC, Let's Encrypt
and IPv6 everywhere. Our office wifi has WPA2 Enterprise with EAP-TTLS
for authentication against our LDAP database. Our VPN setup is
incredibly easy to enroll for new users and allows login with LDAP
username, password and Yubikey OTP. Simply removing a user from our
LDAP database immediately revokes their access to almost every IT
system we have. Everything is all meticulously monitored with Icinga
and its agents. Security patching takes minutes instead of hours. And
the best thing? It is *all* automated. And that leaves me with lots of
time to automate even more, like our continuous integration setup and
an upcoming cloud service. I actually have the time to visit customers
on-site now, which happened last week for the first time and was really
inspiring to me!
I truly feel like I am in full control of the whole IT infrastructure
at my place of work, which is something that I had definitely not felt
before. That data center in a box thingy, combined with some additional
roles I wrote, has been a major game changer for me. It became the only
open source project that I regularly contribute to, although I don't
put nearly as much time in it as I would want. The small but capable
community around it is just great. I feel indebted to many of you,
especially to Maciej.
Which is why I never want this adventure to end.
Honestly, even the thought of the possibility of this great project
ceasing to exist makes me sweat. I know that DebOps has brought a lot
of joy to many system administrators and homelab hobbyists out there.
CipherMail has also benefited greatly from the steady development over
the last few years. Of course there won't be an immediate operational
or security issue for us if all development would cease, but our
automation progress would most certainly be heavily impacted by it.
So consider this a check-in round. What I would like is an honest
'temperature' reading of all contributors. Not your actual temperature
(although it would be nice to hear that you're COVID-free), but more
how you currently see the future of DebOps and your involvement. Is
there anything you would like to see improved? And, even more important
but not as pleasant to discuss, what would happen if you were to cease
spending time on DebOps due to other priorities or unforeseen
circumstances? Do you feel like the project is (heavily) dependent on
you? Is your involvement causing you any sort of stress?
Lastly I'd like to lend a proverbial ear to any suggestion or comment
on this email. I want to know if I can do something more to ensure the
continued success of this project. I am certainly able to arrange
things like publicity and sponsoring of infrastructural services, and
will probably be able to organize a meetup for all of us once these
tougher times are behind us. Or maybe we should do regular online
meetups. Let me know what you think. My employer and I both recognize
the importance of our shared adventure.
Yours truly, and truly yours,
Imre
[1]
https://lists.debops.org/hyperkitty/list/debops-users@lists.debops.org/me...
[2]
https://github.com/debops/debops/commit/a214ab2c2f1f28d072456204477bd040a...
3 years, 7 months
debops and openstack
by Damiano Venturin
I'm just a few videos into openstack. I never read/learn anything about
it before.
From what I've seen so far it seems like debops could be managing the
architecture underlying openstack.
That's what the Enough community seems be doing
https://lab.enough.community/main/infrastructure/ (thanks Nicolas)
I wonder if any of you has ever worked on openstack with or without
debops. I'd like to exchange a couple of emails (or talk) to get some
guidelines regarding this topic. Anyone?
Cheers!
--
Damiano Venturin
https://dam.venturin.net
3 years, 9 months
Index of third-party DebOps roles
by Maciej Delmanowski
Hello everyone,
Since upgrade of the DebOps Wiki is getting delayed, I decided to set up
a wiki page in the GitHub repository with index of third-party Ansible roles
that are compatible with DebOps. You can find it here[1].
The third-party roles might be undocumented and may not work correctly. The
wiki page is meant to allow people to coordinate development efforts and
prepare those roles for merge in the DebOps monorepo at some point. If you
want to work on a role for some service or application that is not yet in
DebOps, check the wiki page to see if somebody else isn't working on a similar
one.
I've currently added roles from the places that I know about. If you have
links to any other roles, or want to add new ones, or update the status of
existing ones, feel free to do so. If there are problems with the edit mode,
let me know.
[1]: https://github.com/debops/debops/wiki/DebOps-roles-in-development
3 years, 9 months
rsyslog role forwarding without pki
by Jan Kowalsky
Hi all,
in the past we used rsyslog role for log forwarding. Since everything
was in private subnet (inside VPN) we didn't use pki.
With the same configuration:
rsyslog__forward: [ '*.* @@logger0.datenkollektiv.net', '*.* ~' ]
rsyslog__pki: False
the remote-forward rule isn't created anymore in /etc/rsyslog.d/
The reason seems to be complete redesign of the rsyslog role. Looks like
this is responsible:
+ - name: '00forward-logs.conf'
+ state: '{{ "present"
+ if (rsyslog__forward_enabled|bool and
+ rsyslog__pki|bool)
+ else "absent" }}'
+ options:
so any forwarding is ignored if rsyslog__pki is set to false.
Is there any way to work around this? Wouldn't it better to have the
choice between encrypted and unencrypted logging forwarding?
Cheers
Jan
3 years, 9 months
Jitsi meeting tonight
by Imre Jonk
Hi all,
I've been able to claim the same Jitsi room we used last time. The
meeting tonight starts at 18:00 UTC, feel free to join using the same
URL and password. Don't have them (anymore)? No problem, just send me
an email and I'll reply with the details some 15 minutes before we
start.
Imre
3 years, 9 months
Issues when importing ML archive
by Damiano Venturin
Hello,
I just imported (twice) in Thunderbird (local folders) the mbox archive
for debops-users via "ImportExportTools NG".
The process ends with no errors and 264 messages imported but then some
are blank.
As reference the recent "Report of our video call" by Imre is blank in
both the imports and I can only see Imre's .asc file.
It seems like all the email having a .asc file attached turn blank.
Does anyone else have the same issue?
--
Damiano Venturin
https://dam.venturin.net
3 years, 9 months
New project mailing list: debops-devel
by Maciej Delmanowski
Hello everyone,
Yesterday we had our first online meeting via Jitsi which went pretty well.
I think that Imre Jonk will write more about it soon, so I won't spoil too
much here.
Recently there was an idea of creating a separate mailing list focused on
DebOps development instead of its general usage. This comes from the fact
that there are two sets of users of this project: some people just want to use
it to manage their infrastructure and focus on their own work, and some are
interested in contributing ideas or code to DebOps itself.
Due to that, I went ahead and created a new mailing list,
'debops-devel(a)lists.debops.org', meant to be used for discussions about DebOps
development. You can view both lists (debops-devel and debops-users) similarly
to how debian-devel and debian-users lists are used in the Debian project.
Interested users can subscribe to the new mailing list via the Postorius web
interface[1]. I plan to use this list to discuss large changes in the
codebase, explain new ideas planned for implementation in the project, discuss
the problems found in IT infrastructure and how we can solve them via DebOps,
and similar topics.
Cheers,
Maciej
[1]: https://lists.debops.org/postorius/lists/debops-devel.lists.debops.org/
3 years, 9 months
Video call 2020-07-15
by Imre Jonk
Hi all,
There will be a video conference call next wednesday the 15th of July
at 18:00 *UTC*. It will be just a short meeting (allow ~30 minutes,
although there is no hard time limit) to allow everyone to introduce
themselves as well as sharing how you use DebOps and what you would
like to improve. We will use Jitsi Meet for this. Please let me know
(either on- or off-list) if you want to join, I'll send things like the
URL and password off-list a few hours before the meeting.
Imre
3 years, 9 months
