17:36:59 <raub> #startmeeting
17:36:59 <Tribot> Meeting started Mon Apr 19 17:36:59 2021 UTC.  The chair is raub. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:36:59 <Tribot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:37:11 <raub> #chair jeoff noway2
17:37:11 <Tribot> Current chairs: jeoff noway2 raub
17:37:26 <raub> #topic 1. check for agenda additions
17:38:00 <raub> I guess nobody has anything here
17:38:07 <raub> #topic 2. current topics
17:38:27 <raub> Next month we currently have no speakers. And it is elections
17:38:38 <raub> I can announce the election
17:39:42 <noway2> I just received the agenda...
17:40:23 <raub> About the pilot OS upgrade, I take you all have read bdmc's posts. He created the service and the ansible VMs
17:40:55 <jeoff> I saw. I didn't make much progress on the actual playbooks
17:41:40 <noway2> Saw the post.  Last time we were still discussing the issues with the ipv6 tunnel.  When I asked about it, it was mentioned that progress was made, but no explaination as to what the problem was.
17:41:47 <raub> OK. You may want to ensure bdmc knows where you are. And probably noway2 if he has the time
17:42:17 <raub> noway2: when that happens, submit it as an item for the meeting
17:42:59 <raub> I honestly do not know where that is, so you will need to get updates from bdmc
17:43:22 <noway2> Ok. I tried everything i could think of to get network configuration working and the only thing that would work was DHCP through Moya and the HE tunnel. I couldn't anything else to work. Then the server image I was using died.
17:43:56 <noway2> This ansible is new to me too.
17:44:23 <raub> The suck jeoff's brain! I doubt he will turn help down
17:44:34 <raub> s/The/Then/
17:44:54 <jeoff> I've learned to never turn down help. I'll probably do a bit of streaming of my ansible work throughout the week
17:45:07 <jeoff> Kinda hard to find time
17:45:55 <noway2> My schedule has been a bit wonky recently with trying to get a house on the market to sell and changing jobs.  That should settle down in a couple of weeks now.
17:47:31 <raub> jeoff and I talked about putting the playbooks -- WITHOUT sensitive data -- on github/gitlab. This way you can check it out
17:47:47 <jeoff> Good luck selling your house. It shouldn't be hard to sell
17:48:52 <noway2> Thank you. We're hoping it goes quickly.
17:49:02 <jeoff> raub: I'm still thinking about what we want to do about sensitive data
17:49:49 <noway2> Encryption an option?
17:50:04 <raub> jeoff: I think initially put in a dir inside the ansible dir that is configured in gitignore
17:50:31 <jeoff> Ansible can encrypt files/strings natively (ansible vault). We'd have to share the encryption key
17:50:42 <noway2> What kinds of things are considered senstive?
17:51:42 <jeoff> login credentials
17:51:52 <jeoff> certificates/keys
17:52:08 <noway2> Stuff that is root read only.
17:52:43 <raub> I would like to have everything as variables
17:53:17 <jeoff> that's pretty easy with Ansible. What is the first thing you want automated/see value in automating? Having a small scope will help me deliver quickly and iterate
17:54:01 <raub> IMHO, either website or LDAP servers
17:54:40 <noway2> Website would be good, because that gets up out of the hot seat with LetsEncrypt.
17:55:03 <jeoff> website it is
17:55:13 <raub> Can letsencrypt be run/configured off ansible conveniently?
17:55:55 <jeoff> I _think_ so, but I'd have to look at the integrations
17:56:02 <jeoff> Also would need to see how it is setup today
17:56:10 <raub> *badly* ;)
17:56:25 <jeoff> not for long :)
17:56:30 <raub> Woohoo!
17:56:48 <jeoff> I think there is a service we can run that gets certs automagically
17:56:59 <jeoff> But I'll have to explore that later
17:57:09 <raub> K
17:59:05 <raub> So we have plans.
17:59:54 <raub> jeoff: usually I let ansible push upgrades to my guests; don't know how you feel about that
18:00:59 <jeoff> raub: I'm thinking we define a version and configure ansible with a play that consumes that version so we can control which version we use
18:01:59 <raub> That makes sense to me, jeoff
18:03:42 <noway2> (watching a video on Ansible)
18:04:11 <raub> noway2: +++
18:04:22 <raub> Anyhing else we should be covering?
18:04:30 <jeoff> I think this is good. I have a good scope
18:04:58 <raub> Alright then. Remember we still need a speaker for May
18:05:13 <noway2> I think we can get something off the ground, that is stable, and has a working network config, were good.
18:05:55 <raub> Exactly
18:06:30 <raub> Alright then. Thank you for showing up
18:06:54 <jeoff> have a good one
18:07:12 <noway2> You too.
18:07:40 <raub> #endmeeting