20 May 2021 |
_hc | like proletarius101 said, there will be errors. so just a trial run with a super minimal base image will let us understand how feasible the idea is | 17:38:48 |
Fay (she/her) | In reply to @eighthave:matrix.org 幸猫: I think the main thing is for someone to take ownership of some of those boxes I don't mind doing that. but there's a lot I don't know, like:
- what's (supposed to be) on there now
- what's expected of me
- who's responsible for decision making
- what happens when I'm not available or something "goes wrong"
- how we handle access rights, updates, reboots, monitoring, communication, documentation
| 17:40:57 |
Fay (she/her) | * I don't mind doing that. but there's a lot I don't know, like:
* what's (supposed to be) on there now
* what's expected of me
* who's responsible for decision making
* what happens when I'm not available or something "goes wrong"
* how we handle access rights, updates, reboots, monitoring, communication, documentation | 17:41:36 |
| djBRDF left the room. | 17:41:54 |
Fay (she/her) | * I don't mind doing that. but there's a lot I don't know, like:
what's (supposed to be) on there now
what's expected of me
who's responsible for decision making
what happens when I'm not available or something "goes wrong"
how we handle access rights, updates, reboots, monitoring, communication, documentation | 17:42:08 |
_hc | 幸猫: for a lot of the boxes, none of that is so well established. Like verification.f-droid.org is something I just hacked together and fix every now and then. So mostly you just need to be interested in the idea, and the rest can be determined | 17:43:27 |
_hc | like I'm happy to do updates and reboots on boxes that other people maintain, to cover for othrs | 17:44:00 |
_hc | none of these boxes need high availability | 17:44:17 |
_hc | an outage of a couple of days is fine | 17:44:35 |
| djBRDF joined the room. | 17:44:59 |
Fay (she/her) | In reply to @eighthave:matrix.org this approach would also make it easier to try other base images, like nixOS could be interesting. fwiw: I pretty much only use Debian/Ubuntu myself, but I'm technically a NixOS package maintainer, so I do have some NixOS knowledge :) | 17:45:03 |
Fay (she/her) | In reply to @eighthave:matrix.org none of these boxes need high availability what about monitoring, incidence response etc.? | 17:46:13 |
_hc | monitoring would be nice. | 17:47:15 |
_hc | so far no incidence response has been needed | 17:47:28 |
_hc | CI boxes aren't really a juicy target | 17:47:58 |
proletarius101 | If we want it to be used at scale, we should try our best to make the public services achieve high availability | 17:48:13 |
_hc | yeah, for sure, I have nothing against high availablilty | 17:48:42 |
Fay (she/her) | most of the servers I currently maintain don't need high availability or backups or contain sensitive data. so I mostly just make sure to (automatically) install updates, and reboot when needed and don't really bother with detailed monitoring. | 17:49:43 |
_hc | there are currently 3 gitlab-runner servers hsoted in two different physical locations, so if 2 of 3 go down, we still have runners | 17:49:46 |
_hc | none of these need backups, they are all servers as code in ansible, or at least are close to being so | 17:50:23 |
_hc | unattended-updates is part of our default install | 17:50:55 |
_hc | the buildserver intances and gitlab-runners are hosted on machines with a single spinner disk with no backups, and they have failed, so we know backups aren't neeeded ;-) | 17:52:48 |
Fay (she/her) | In reply to @eighthave:matrix.org I believe nixOS is like that too nixos is "worse": if you don't explicitly depend on a package, you can't use it, even if it's installed. this is often nice, but makes optional dependencies pretty much impossible. | 17:55:33 |
| djBRDF left the room. | 18:31:59 |
| djBRDF joined the room. | 18:32:53 |
| djBRDF left the room. | 19:07:07 |
| djBRDF joined the room. | 19:08:33 |
| djBRDF left the room. | 19:21:51 |
| djBRDF joined the room. | 19:23:52 |
| djBRDF left the room. | 19:57:04 |