1. guilhem
 2. Brett
 3. cloph

 * Brett: I've noticed a lot of CI builds spending hours in the queue. I have
   two sets of hardware I can donate as tinderboxes:
   + Intel i7 6700k CPU 4.00 Ghz, 16 GB RAM (DDR4 @ 3200 MHz) → sitting in a
     closet right now, tower format
   + 1x Xeon E3-1270v2 3.50GHz, 4GB RAM (DDR3 @ 1333 MHz) (can purchase RAM
     upgrade), rack format but noisy
   + Also have a European Hetzner Debian host operating as a Tor relay/libgen
     seedbox, could share resources as CPU usage only hovers around 20% usage
     (Intel Xeon CPU E31245 3.30GHz, 16 GB RAM (DDR3 @ 1333 MHz ECC).
   + Happy to provide whichever OS is needed most. Looks like win is in highest
     demand but we do also seem to have a low number of mac builders. So long as
     hackintoshes are acceptable, happy to put the work in to provide another 
     - cloph: happy to make use of the offer :-)
       . easiest to use as a linux tb (centos7) — for mac we're waiting for the
         new mac minis; for windows it's easier to stick to an homogeneous
         baseline hosted at tdf
       . can deploy as a salt minion from a bare centos7
       . guilhem: only need the minion pubkey (and client ip to allow in the
     - cloph: can change tb88 to be win-only then
   + Brett: will start with the 6700k
   + guilhem: not sure long queue times suggest a hardware shortage though,
     we've have connection issues lately and jnlpxyz doesn't always restart
     automatically when stopped — should wrap in a `while :; do … done`
 * hypervisor crashes
   + excelsior crashed last week, and also in early dec, but no other time since
     2019 (update: replaced faulty memory module since the call)
   + charly also crashed twice last summer — been stable since though
   + it's not that we have to change hardware asap, but it's also aging and it
     makes sense to replace/upgrade in 2022 or so (would make sense to move away
     from spinning drives also)
     - guilhem to check with manitu what their current offer is
 * upcoming os upgrades:
   + weblate (already python3, hopefully smooth)
     - cloph: please hold upgrade until FOSDEM
   + extensions.lo → can upgrade whenever
   + tb88, tb89
     - cloph: will shutdown the linux VM but stick to a virtualized setup
     - guilhem: occasion to “test” hypervisor upgrade there before proceeding
       with the prod setup, and also to unify the hypervisor setup in salt
   + FYI vm161 is still running Debian 10; on hold for now because planetvenus
     is not ported to python3
 * pg backups
   + Brett: I've been running pgBackRest on vm191 for some time now; it's been
     behaving well. We can easily run full, diff, and incremental backups with
     fairly minimal setup/maintenance.
   + Created three general systemd service/timer files called 
   + The issues are in scalability. Creating separated users on the backup host
     (e.g. vm191 logs in and pushes backups via a different user than vm221 so
     they cannot view each other's backups) is difficult. pgBackRest's docs 
     really talk about this use-case and Debian's package assumes that this will
     all run under a single user (All of the package files/directories are owned
     by the postgres user)
   + Been playing with alterations to fit the vision above but, while any one of
     these issues are easily rectified, all of them put together makes for a 
     onerous and spaghetti-like structure
   + How uncomfortable does Guilhem feel with iterating (since this project has
     been going on for far too long) and starting with a single user for simple
     deployment, then working toward splitting up users?
     - g. no problem
   + If Hetzner ever gets S3-compatible storage, pgBackRest is well-equipped to
     push to buckets, would remove need for these complexities entirely since
     per-server permissions to the buckets could be employed.
   + example of SSH key provisioning:
   + rsnapshot-validate can be adapted at later stage as a form a poor man's 
chroot /
     privilege drop
   + Brett: will send that email to hostmaster@ but the only difficulty left is 
the key provisioning
     — guilhem: awesome!
 * Next call: Feb 15, 17:30 UTC


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:

Reply via email to