Hi together, our systems retrieved an update to basic system config and some services. Important for Developers: * Opening an ssh session to our servers asks you to accept new host keys at the first time you connect, please confirm * Putty Clients older than 2017 will refuse to connect to ssh services, please update See release notes below Kind regards Gunnar Release 20.01 Systems Main topics: vmhosts “numa”, postgres, ssh ciphers Added * set up swappiness overcommit memory and ratio with default values, special setup for postgres setup * installed python3 support for CentOS systems * vmhosts: installed, enabled and startet numad service (core/process dispatcher) * postgresql role, deployment user and permission setup, ressource tuning (caches, cores) * ssh client, sshd config: restricted ciphers and key algorithms to secure selection - requires Putty newer than 2017 * tools: o dude <https://github.com/sternmotor/dude>: replacement for |dux|, deep-tree search for big files/folders o ncdu <https://dev.yorhel.nl/ncdu>: cursed-based disc-usage display for interactive scanning o tft <https://github.com/sternmotor/tft>: replacement for |asc-compressor| - renamed *t*erminal *f*ile *t*ransfer o up <https://github.com/akavel/up>: interactive pipe (grepping etc.) helper Changed * NTP sync and DNS resolution now runs against ipa servers cluster address at local site, this is |iparz1.idm.xtrav.de| respectively |ipags.idm.xtrav.de|, cleaned up mess * implemented global |ssh_config| for ssh connections, overriding badly bootstrapped system setting * switched tuned profile for vmhosts from |throughput-performance| to |virtual-host| Dropped * swap file: systemd unit with restart/remove/disable option: no actual use for that Ansible Added * changelog (this file), ansible versioning following GitFlow <https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow> guideline * new |misc| dir to hold docker system for ansible and general and dev stuff * implemented new ansible role structure |misc/role-template| o os-depend settings in |<role>/vars| o files in |<role>/tasks| represent features, only - system architecture is handled via vars, only o naming of files in |<role>/tasks| follows tags/features the tasks represent (like “config”, “pkg”, “setup”) * localhost role test setup (|tests/test.yml| and |test/ansible.cfg| in role directories) * added role development template in |misc/role-template| Changed * |plays/server.yml| loads bootstrap and all server roles * file storage for git clones and big binaries moved to |/srv/ansible/files/<release>| * inventory moved to external repository cloned to |/srv/ansible/inventory/master| and linked into develop/master tree by symlink * split |plays/base| role into |server.yml|, |workstations.yml| -- Mit freundlichen Grüßen Gunnar Mann - Systemadministration - ________________________________________________________ TraSo GmbH Nonnenstraße 42 D-04229 Leipzig Tel.: +49 341 355 740 76 E-Mail: g.mann@traso.de <mailto:g.mann@traso.de> TraSo.de besuchen <https://www.traso.de>TraSo bei facebook besuchen <https://www.facebook.com/TraSoGmbH>TraSo bei XING besuchen <https://www.xing.com/companies/trasogmbh>TraSo bei kununu besuchen <https://www.kununu.com/de/traso1> ________________________________________________________ Geschäftsführer: Haiko Gerdes Handelsregister: Amtsgericht Leipzig, HRB 21850
