[tech] Tech/Wheel Meeting 2021-11-14 14:00 - 24 hour reminder

root root at ucc.gu.uwa.edu.au
Sat Nov 13 14:00:00 AWST 2021


Tech/Wheel Meeting Agenda - Sunday 2021-11-14 14:00
===================================================
- VENUE: UCC Clubroom
  - and online at https://meetings.ucc.asn.au/b/tech

*Meeting opened hh:mm*

## Attendance
- Present
- Apologies
- Absent

## Next meeting
- Schedule next meeting
  - *day 202Y-MM-ddTHH:mm
- ACTION: [???] shall be this meeting's secretary! This entails:
  - Copying the following checklist into a new issue under [[https://gitlab.ucc.asn.au/UCC/tech-todo-list/-/issues]], and assigning it to yourself.
    - This is to keep track of any async secretarial duties detailed ahead. See our new Action Items section below.
    - [NTU] ...or individual ACTION items from last meeting's minutes?
  - [ ] Set and verify reminders of next meeting: `motsugo# crontab -e`
  - [ ] Promptly update agenda.next with the TIME/DATE/VENUE
  - [ ] Perform initial curation of agenda.next, and move any longstanding action items out of it and into GitLab (see Action Items section below).
  - [ ] Check at T-7days that the notice really went out, fix for T-4days if needed
- [ ] Everyone, before next meeting: Curate agenda.next, and move any items you think should be tracked as GitLab issues into GitLab issues, as above.

## Optional items - choose at the start of the meeting
- Ethical guidelines
- Monitoring
- Backups
- Password rotations
- New members
  - [BRD] onboarding?
- Quick check of ChangeLog
- Lessons learnt

## Current Action Items
- We'll start maintaining them in GitLab at [[https://gitlab.ucc.asn.au/UCC/tech-todo-list/-/issues/]]
- Briefly discuss anything in here that's worth discussing, but don't spend too long rehashing unresolved issues that have already been discussed ;)

## Known Broken Stuff
- [NTU] spamassassin training and whitelisting is
  a. inaccessible to most users
  b. poorly documented
    - partial fix: `/home/wheel/docs/Email-Spamassassin.org` , but this should probably
      be in the wiki near the URLs mentioned therein?

## Matters arising previously

- [BRD] noticed that `/home/wheel/docs/universitycomputer.club.passwd.org` contains passwords, when we shouldn't have them in docs
  - Consequently, when `pandoc` is run, these passwords also end up in `/home/wheel/docs/*Everything.html`, which is a problem
  - We need to ensure passwords are not kept in these files, and rotate any that are, as they may have fallen into the wrong hands
  - ACTION: [333] to identify what these passwords are for, assess the impact, and remediate as appropriate.
    - `git log` to see a partial fix; still TODO:
      - regenerate with pandoc
      - put any useful passwords into `uccpass`
      - scrub from history with `git rebase` or accept the leakage
```
motsugo: /home/wheel/docs>ls -l `git diff 8507243136..07771acacc |grep '^-.*INC'|grep -o './[^"]*'`
-rw-rw---- 1 tec wheel  997 Jan 28  2020 ./F-Prot.org
-rw-rw---- 1 tec wheel  242 Jan 28  2020 ./GlobalsignSSL.org
-rw-rw---- 1 tec wheel   77 Jan 29  2020 ./OracleLogin.org
-rw-rw---- 1 tec wheel   89 Jan 29  2020 ./SunDotComLogin.org
-rw-rw---- 1 tec wheel  110 Jan 29  2020 ./SupportDotNetappDotComLogin.org
-rw-rw---- 1 tec wheel 3250 Jan 29  2020 ./universitycomputer.club.passwd.org
-rw-rw---- 1 tec wheel 1399 Jan 29  2020 ./WheelSong.org
```
      - someone's editor is leaving temporary files around the place
```
motsugo: /home/wheel/docs>git status
On branch master
Untracked files:
  (use "git add <file>..." to include in what will be committed)

        RemoteManagement.org~
        meetings/agenda.next~
        software-license/WindowsKeys~
```

- IPv6 inbound
  - ACTION: [TEC] to email UWA IT
- lard
  - Still needs a spare PSU OR replacement with something less... fatty.
  - ACTION: [???] to send email out requesting a 1U Cisco switch to replace Lard
- ACTION: [MTL] to update Ansible scripts for mail*
    - ACTION: [DBA] wants to give it a shot, good reason to try out Proxmox
- samson the https://wiki.ucc.asn.au/ActiveDirectory server has no freshly built DC friends
  - Two AD hack nights in the past month
- mollitz is missing prometheus-node-exporter since the rebuild, months ago?
  - [NTU] anyone want a hand with a https://gitlab.ucc.asn.au/ucc-systems/ansiblemonitoring run ?
  - ACTION: [MPT] to do ansible monitoring run. Try and ping wheel when starting
  - can we use the DebianPkg:prometheus-node-exporter/stable where possible?

- 2021-10-05T0318 Power outage: manual, post-reboot `mount -av`
  - samson, portal, mailfish, ...?
    - try autofs?; and
    - `systemd` mount dependencies?
      - https://www.freedesktop.org/software/systemd/man/systemd.mount.html
      - https://www.freedesktop.org/software/systemd/man/systemd.special.html
      - http://codingberg.com/linux/systemd_when_to_use_netdev_mount_option
      - `_netdev` **is** usually set, but this does not resolve the race condition
      - network is often not yet operational by `mount(2)` time, during startup
      - network is often disabled before `umount(2)` is complete, during shutdown
    - ACTION: [MPT] investigate alternatives to resolve mounting dependencies
      - add a `systemd` unit file with appropriate pre/post dependencies? and completion polling?

- Group Policy and Ansible on Windows machines
  - ACTION: [333] to figure out most supported way to install official SSHD build on Windows
  - ACTION: [MTL] promises to look at this in more detail once back in the clubroom, including WinRM
  - Best host to run playbooks from for the Windows machines?

## Extra items (rename/refile as appropriate)

*Meeting closed hh:mm*

----

```
# https://demo.hedgedoc.org/Hlsapf47RsqpgIjqLVfMUw
cd /home/wheel/docs/meetings
HEDGEDOC_SERVER=https://demo.hedgedoc.org /home/wheel/bin/hedgedoc export --md Hlsapf47RsqpgIjqLVfMUw ./$(date +%Y-%m-%d).txt
git commit -am "Tech meeting minutes $(date +%Y-%m-%d)"
```

<!-- vim: tabstop=2 shiftwidth=2 expandtab
-->
<!-- Local Variables: -->
<!-- tab-width: 2 -->
<!-- End: -->


More information about the tech mailing list