Quarantine:
- Lost revenue for clients from the travel domain. We continue to operate, they promise to pay off the debt, but time will tell how it will be.
- We tried to conduct team building in Google Meet. Went good 🙂
In the projects gitlab-server-job, sysadmws-formula the SSH connection functionality for initiating a backup has been fixed. Now the data about the connection to the server is correctly taken from the description of the ssh server in accounting and you can use the IP address.
A script for cleaning up old tags in *-salt projects has been written. Tags are used to bind server-command-date parameters and previously accumulated endlessly, which slowed down the work of the repository and created information noise in them. Runs through accounting/ci-cd/schedules.
Added some cron jobs:
- Cleanup of old job logs job.log (older than 30 days). Previously, they took up a lot of storage.
- Cleaning up text about tags from job logs job.log. Previously, they took up a lot of storage.
Modified git startup on gitlab-runners salt-masters. So that information about tags does not get into the job logs at all.
The salt-project-template client repository pipelines have been updated and no longer use repository cloning at all. Due to this, the execution of the job on the servers does not generate a bunch of connections to GitLab and Github to pull repositories and submodules. Runners began to require significantly less storage to work. Pipelines go faster. Job logs no longer contain information about tags, since the repository is not cloned at all.
New pipelines of client repositories require mandatory os definition for each working server in accounting. Based on this key, a decision is made whether to run some types of jobs. For example, you don’t need to run rsnapshot_backup on Windows.
Work has begun on a large and important task: the licensing model. Currently implemented:
- The licensed components are listed in the tariffs: monitoring, backup, firewall.
- Jobs that require a license are configured to require the required license component in the tariff. For example, the rsnapshot_backup job will not run on tariffs without the backup component.
Much remains to be done to fully implement the licensing model.
Also removed unnecessary jobs such as managing bash settings. Added jobs for managing ssh keys and mail forwards.
Added code to –yaml-check for a sematic check for the presence of the necessary keys in yamls describing clients and servers.
In general, we are now focused on:
- Salt-master migrations to dedicated repositories. This is necessary to test the model of individual repositories, ensure the security of config management data, and so on. Recently, several more clients have been migrated, but subjectively, there are still no 50%.
- Steps to enter the active phase of client engagement.