diff options
| author | Jasper Ras <jras@hostnet.nl> | 2025-01-13 13:16:06 +0100 |
|---|---|---|
| committer | Jasper Ras <jras@hostnet.nl> | 2025-01-13 13:16:06 +0100 |
| commit | 9232b8d817d4cd4122947375156fa2fa1e9fba14 (patch) | |
| tree | e4feb77f2e508f008b78f722e91488bb9a3f3806 /2 areas/Werk | |
| parent | ed0753ad224f0c65133bd7a63180257eecd9f5e3 (diff) | |
vault backup: 2025-01-13 13:16:06
Diffstat (limited to '2 areas/Werk')
22 files changed, 181 insertions, 12 deletions
diff --git a/2 areas/Werk/group.one-infra.md b/2 areas/Werk/Architecture.md index f3d4013..97c0e34 100644 --- a/2 areas/Werk/group.one-infra.md +++ b/2 areas/Werk/Architecture.md @@ -1,3 +1,4 @@ +#groupone #architecture -[[TODO]] +--- I want to have an overview of systems and what they are responsible for. Example, what is OneHOP or OneHome and what do they do. I plan to write that down in this document.
\ No newline at end of file diff --git a/2 areas/Werk/interview-candidates.md b/2 areas/Werk/Interview new candidates/List of questions to ask.md index 08e2f89..5e2cc25 100644 --- a/2 areas/Werk/interview-candidates.md +++ b/2 areas/Werk/Interview new candidates/List of questions to ask.md @@ -1,3 +1,7 @@ +#groupone #interview + + +--- - Ben je bekend met scrum, agile, kanban, jira etc? diff --git a/2 areas/Werk/Inwerken/Evaluatie.md b/2 areas/Werk/Inwerken/Evaluatie.md new file mode 100644 index 0000000..c15eb23 --- /dev/null +++ b/2 areas/Werk/Inwerken/Evaluatie.md @@ -0,0 +1,6 @@ +#Inwerken +Rutger is hoofdverantwoordelijk voor het doen van evaluaties; ik deel mijn notities met hem en zit er mogelijk wel bij. + +Een aantal vragen die ik mogelijk kan stellen; +- Hoe gaat het tot dusver? +- Zijn er dingen die niet zo goed gaan?
\ No newline at end of file diff --git a/2 areas/Werk/Inwerken/Onboarding.md b/2 areas/Werk/Inwerken/Onboarding.md new file mode 100644 index 0000000..43c0930 --- /dev/null +++ b/2 areas/Werk/Inwerken/Onboarding.md @@ -0,0 +1,21 @@ +#Inwerken #groupone +# Systems VPN +#vpn +https://sysdoc.one.com/base/openvpn/generate-systems-config/ +> In de instructies staat dat ze moeten mailen naar vpn@lists.one.com maar die werkt niet meer goed; mailen naar mph@one.com + +- Get their one.com profile ID + * https://hello.group.one/employee-directory/ + * Employee handle +- Clone of ga naar sysdoc repo `git@gitlab.one.com:systems/sysdoc.git` +- `zip -r systems-vpn-bundle.zip base/openvpn/systems-vpn-bundle/` +- Stuur nieuwe collega de `systems-vpn-bundle.zip` & `base/openvpn/generate-systems-config.md`. +# Users +#user-management +Openstack user aanmaken in hieradata. + +Linux user in Chef toevoegen: +https://sysdoc.one.com/base/users+groups/ + +The range 4101-4199 is reserved for "People from other companies in group.one". +Legacy system users are in the range 900-999, new ones should be added to 2900-2999.
\ No newline at end of file diff --git a/2 areas/Werk/MCS.md b/2 areas/Werk/MCS.md new file mode 100644 index 0000000..236fd11 --- /dev/null +++ b/2 areas/Werk/MCS.md @@ -0,0 +1,5 @@ +#mcs #groupone + +Managed & unmanaged projecten.n\ +Kenmerken managed project: +- Geen user voor klant [(ref)](https://gitlab.group.one/groupvps/mcs-cloud-admin/-/merge_requests/169#note_576259)
\ No newline at end of file diff --git a/2 areas/Werk/antagonist-migratie.md b/2 areas/Werk/Migration/Antagonist Migration.md index c04a00b..093dbd7 100644 --- a/2 areas/Werk/antagonist-migratie.md +++ b/2 areas/Werk/Migration/Antagonist Migration.md @@ -1,3 +1,7 @@ +#groupone #migration + + +--- Migrate VMs Not managed by customers, only Antagonist managed diff --git a/2 areas/Werk/Openstack/Add new provider networks.md b/2 areas/Werk/Openstack/Add new provider networks.md new file mode 100644 index 0000000..6a92363 --- /dev/null +++ b/2 areas/Werk/Openstack/Add new provider networks.md @@ -0,0 +1,86 @@ +#openstack #network +# Schematic on switch network + ![[Switch-network]] +# Procedure +Kevin configures the switches so that the public network is routed to the correct private network and sets up a VLAN. + +By now we should have a VLAN tag and a private subnet that will be used, for example we will use VLAN tag 150 as well as subnet 10.8.4.0/2. +# Make sure VLAN interface exists on network node +> For new network nodes this is done with Ansible, however for fear of disrupting live traffic we prefer to add additional ones on existing nodes by hand. + +Check whether an interface exists on the bond for the given vlan (e.g `bond0.150` given VLAN tag 150). + +If not add an entry in `/etc/network/interfaces` so it survives reboots: +``` +auto bond0.150 +iface bond0.150 inet manual + vlan-raw-device bond0 +``` +And then of course we add this interface with `sudo ifup bond0.150` with 150 being the VLAN tag we've been given. +# Create switch network on openstack +Define the switch network and OVN mapping in hieradata. Make sure to run Puppet on relevant controllers and network nodes. +```YAML +group/os-onecom-os1.yaml +profile::openstack::neutron::controller::networks: + switch-network-vps4-cph8: + provider_network_type: flat + provider_physical_network: switch-network-vps4-cph8 + router_external: true + shared: false + project_id: bb8fd38613c6464e8c00cbc332e2c67d + +domain/network.env.vps4-cph8.one.com.yaml +profile::openstack::neutron::ovn::controller::bridge_interface_mappings: + - 'ext-br150:bond0.150' +profile::openstack::neutron::ovn::controller::ovn_bridge_mappings: + - 'switch-network-vps4-cph8:ext-br150' +``` + +>When adding an external or public network openstack will automatically create a RBAC policy that allows any project to access it. Make sure it is removed: `openstack network rbac list --target-project '*'` will contain an entry with **object type network**. Show it, make sure it's the switch network, and delete it. + +>The Puppet module used for creating networks assigns the largest possible MTU to a network. We require it to be set to 1500. After changing the MTU to 1500 disable and enable DHCP so that the DHCP server also takes the configuration in effect. +# Create switch subnets on openstack +Once that's taken care of we can add the switch subnets to neutron via hieradata, usually a group yaml (e.g `group/os-onecom-os1) +```yaml +profile::openstack::neutron::controller::subnets: + switch-subnet-vps4-cph8-ipv4: + cidr: 10.8.4.0/24 + ip_version: 4 + allocation_pools: [ 'start=10.8.4.4,end=10.8.4.254' ] + gateway_ip: 10.8.4.1 + network_name: switch-network-vps4-cph8 + project_id: bb8fd38613c6464e8c00cbc332e2c67d + switch-subnet-vps4-cph8-ipv6: + cidr: 2a02:2350:a:105::/64 + ip_version: 6 + allocation_pools: [ 'start=2a02:2350:a:105::4,end=2a02:2350:a:105::ffff' ] + gateway_ip: 2a02:2350:a:105::1 + network_name: switch-network-vps4-cph8 + project_id: bb8fd38613c6464e8c00cbc332e2c67d + ipv6_address_mode: dhcpv6-stateful + ipv6_ra_mode: dhcpv6-stateful +``` + +> We want to have AZ reflected in the switch network name as shown in our example above "switch-network-vps4-cph8". Older switch-networks do not yet follow this convention. + +> We reserve the first three and last one IP in the pool of a given /24. Hence the allocation pool starts at .4 and ends at .254. These IP's are reserved for routers & switches, for example the .1 is assigned to the gateway. + +> When running Puppet on the controller node to create the subnet it can happen that it complains that the subnet overlaps with another. It might be caused because another controller is running Puppet at the same time and it created the subnet before your run. + +# Create router on openstack +`openstack router create --external-gateway switch-network-vps4-cph8 --fixed-ip subnet_id=switch-subnet-vps4-cph8-ipv4,ip-address=10.8.4.4 --fixed-ip=switch-subnet-vps4-cph8-ipv6,ip-address='2a02:2350:a:105::4' --disable-snat switch-network-vps4-cph8` +# Ensure reverse DNS zone +We should make sure the reverse DNS zone is added to the `service.g1-dns.one` zone to ensure PTR records can be added via SysAPI. +```shell +~ +❯ dig +short 25.95.185.in-addr.arpa DS +4550 13 4 6BFEE8B7692B15EC8EE01C17CF3F7FDD68F2F4A7581B7606A0CDB44A BDFE7BB171763C66938DFB285D4BF8680EA81B74 +4550 13 2 ADC65456F034323B3F1F3F010E637A04AB78B59D0176BE2B17702626 22B3AA39 + +~ +❯ dig +short 25.95.185.in-addr.arpa SOA +auth.g1-dns.one. hostmaster.one.com. 2024011601 1800 900 1209600 300 +``` +Should be via `service.g1-dns.one` rather than `auth`. We can make a ticket in SYSDNS to have it corrected; [example](https://group-one.atlassian.net/browse/SYSDNS-510). + +> Do mention in that ticket that we handle RIPE to prevent them from asking :) diff --git a/2 areas/Werk/Maintain backup-service/Backup verwijderen faalt.md b/2 areas/Werk/Openstack/Backup service/Backup verwijderen faalt.md index 6af3202..c7c42a1 100644 --- a/2 areas/Werk/Maintain backup-service/Backup verwijderen faalt.md +++ b/2 areas/Werk/Openstack/Backup service/Backup verwijderen faalt.md @@ -1,4 +1,4 @@ -#work #backup-service #bug +#groupone #openstack #backup-service #bug --- # Summary diff --git a/2 areas/Werk/maintain-openstack/vps2-lej1 compute mix.md b/2 areas/Werk/Openstack/Compute VPS2-LEJ1 is mixed.md index cb41fae..65977e9 100644 --- a/2 areas/Werk/maintain-openstack/vps2-lej1 compute mix.md +++ b/2 areas/Werk/Openstack/Compute VPS2-LEJ1 is mixed.md @@ -1,5 +1,8 @@ +#compute #openstack + +--- VPS2-LEJ1 is a mixed bag of shared and local storage; nodes 1-8 are BOTH shared and local storage nodes 9-10 are exclusively shared storage -.. wap
\ No newline at end of file +.. wap diff --git a/2 areas/Werk/maintain-openstack/operational/storage-load-2024-12-05.md b/2 areas/Werk/Openstack/Issues/High storage load 05-12-2024.md index 6931d2d..7d26c6a 100644 --- a/2 areas/Werk/maintain-openstack/operational/storage-load-2024-12-05.md +++ b/2 areas/Werk/Openstack/Issues/High storage load 05-12-2024.md @@ -1,3 +1,6 @@ +#issue #groupone + +--- Vraag uitgezet bij Allan voor meer informatie. Allan: het komt al 1.5 maand voor; https://group-onecom.slack.com/archives/C02FT9KEFNH/p1729863978525299 diff --git a/2 areas/Werk/Openstack/Maintenance/10-12-2024.md b/2 areas/Werk/Openstack/Maintenance/10-12-2024.md new file mode 100644 index 0000000..c7f9824 --- /dev/null +++ b/2 areas/Werk/Openstack/Maintenance/10-12-2024.md @@ -0,0 +1,5 @@ +#maintenance + +--- +manually updated instance record host/node for instance `10924c62-7f0f-4df1-9dd8-9108e3cb0764` +suspended guest: virsh dompmwakeup and try again diff --git a/2 areas/Werk/Openstack/OVN.md b/2 areas/Werk/Openstack/OVN.md new file mode 100644 index 0000000..f53b84c --- /dev/null +++ b/2 areas/Werk/Openstack/OVN.md @@ -0,0 +1,4 @@ +#openstack #ovn + +--- +https://dani.foroselectronica.es/ovn-where-is-my-packet-665/g
\ No newline at end of file diff --git a/2 areas/Werk/maintain-openstack/image-updater.md b/2 areas/Werk/Openstack/Our image updater.md index 274d16f..73eff81 100644 --- a/2 areas/Werk/maintain-openstack/image-updater.md +++ b/2 areas/Werk/Openstack/Our image updater.md @@ -1,3 +1,6 @@ +#groupone #openstack + +--- https://gitlab.group.one/groupvps/openstack-image-updater Updater runs in CI. diff --git a/2 areas/Werk/Zelf beoordeling/2024/Final assessment.md b/2 areas/Werk/Zelf beoordeling/2024/Final assessment.md new file mode 100644 index 0000000..c84d466 --- /dev/null +++ b/2 areas/Werk/Zelf beoordeling/2024/Final assessment.md @@ -0,0 +1,25 @@ +#self-assessment #performance-review + +--- +Takeaways: +- Minder focus op latest hippe tech gebruiken +- Eerder om hulp vragen +- Keep it simple, stupid +- POP maken samen met Rutger +- Criteria opstellen voor verschillende niveaus system engineer (junior, medior, senior); focus op senior. + +--- +Over het algemeen is Rutger blij met me; hij zegt dat ik het goed doe. Hij heeft een aantal verbeterpunten: +- Wil te veel bleeding-edge tech gebruiken +- Ik maak het soms te ingewikkeld - te veel lagen abstractie in de backup service API bijvoorbeeld. +Eerder om hulp vragen; meer team betrekken bij wat ik doe. + +Salaris verhoging: 5% +4358 -> 4575,90 + +**Huidige rolbeschrijving** +Mijn huidige rol **Medior Software Engineer**; is niet meer up-to-date. Dit gaat aangepast worden naar **Medior System Engineer**. + +Rutger gaf aan dat hij mij nog niet als senior erkent; maar gaf ook toe dat hij dat puur op gevoel doet en er nu niet een duidelijk pad/criteria bestaan om senior te worden. + +De vacature "OpenStack Engineer" zoals die op internet staat geeft een bepaald loonsbeeld om mensen aan te trekken; dat is wat bestaande engineers niet meteen krijgen (zelfs Rutger niet).
\ No newline at end of file diff --git a/2 areas/Werk/feelings.md b/2 areas/Werk/Zelf beoordeling/2024/How I feel about my job right now.md index c2126bf..c404efd 100644 --- a/2 areas/Werk/feelings.md +++ b/2 areas/Werk/Zelf beoordeling/2024/How I feel about my job right now.md @@ -1,3 +1,5 @@ +#groupone #self-assessment + Realisatie tevreden met baan. Veel vrijheid, niet al te gekke werkdruk, goed salaris. Ik ben tevreden met mijn baan bij group.one, ik heb veel vrijheid en de werkdruk is niet al te hoog. Het salaris en toekomstperspectief ben ik blij mee.=g diff --git a/2 areas/Werk/self-reflection/2024.md b/2 areas/Werk/Zelf beoordeling/2024/Self assessment.md index ba627c2..48be829 100644 --- a/2 areas/Werk/self-reflection/2024.md +++ b/2 areas/Werk/Zelf beoordeling/2024/Self assessment.md @@ -1,3 +1,6 @@ +#self-assessment + +--- I need to become more goal-oriented: set a clear goal with a clear end and work towards that. I'm currently working to improve my skill in note-taking to help achieve current and determine new goals. I'm doing this by setting up a "second brain" using ideas from the book "Building a second brain" by Tiago Forte. diff --git a/2 areas/Werk/self-reflection/what.md b/2 areas/Werk/Zelf beoordeling/what.md index 154e0d6..34f1e4b 100644 --- a/2 areas/Werk/self-reflection/what.md +++ b/2 areas/Werk/Zelf beoordeling/what.md @@ -1,3 +1,6 @@ +#self-assessment + +--- Do a weekly self reflection and keep them documented in this folder. I intend to use these for the yearly performance review. Things to ask myself every week: diff --git a/2 areas/Werk/find-knowledge.md b/2 areas/Werk/find-knowledge.md deleted file mode 100644 index 4d5a31c..0000000 --- a/2 areas/Werk/find-knowledge.md +++ /dev/null @@ -1,4 +0,0 @@ -A lot if not all knowledge is kept in files and repositories usually codified. A critical skill is knowing what to and how to look for things. -Rather ask questions that help you to figure out or find something then ask directly for the result. - -This is a skill for work.
\ No newline at end of file diff --git a/2 areas/Werk/maintain-openstack/operational/maintenance-log.md b/2 areas/Werk/maintain-openstack/operational/maintenance-log.md deleted file mode 100644 index 79c8a7a..0000000 --- a/2 areas/Werk/maintain-openstack/operational/maintenance-log.md +++ /dev/null @@ -1,3 +0,0 @@ -### 2024-12-10 -- manually updated instance record host/node for instance `10924c62-7f0f-4df1-9dd8-9108e3cb0764` -- suspended guest: virsh dompmwakeup and try again diff --git a/2 areas/Werk/maintain-openstack/ovn.md b/2 areas/Werk/maintain-openstack/ovn.md deleted file mode 100644 index b70a4d8..0000000 --- a/2 areas/Werk/maintain-openstack/ovn.md +++ /dev/null @@ -1 +0,0 @@ -https://dani.foroselectronica.es/ovn-where-is-my-packet-665/g
\ No newline at end of file diff --git a/2 areas/Werk/reflection.md b/2 areas/Werk/reflection.md deleted file mode 100644 index e69de29..0000000 --- a/2 areas/Werk/reflection.md +++ /dev/null diff --git a/2 areas/Werk/self-reflection/2025.md b/2 areas/Werk/self-reflection/2025.md deleted file mode 100644 index e6d283e..0000000 --- a/2 areas/Werk/self-reflection/2025.md +++ /dev/null @@ -1 +0,0 @@ -# week 01 |