45 Commits

Author SHA1 Message Date
249d3e472f Add Gitea service
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2024-04-26 16:52:52 +02:00
67bcf7b2a0 Use google.com probe instead of bsc.es
The main website of the BSC is failing every day around 3:00 AM for
almost one hour, so it is not a very good target. Instead, google.com is
used which should be more reliable. The same robots.txt path is fetched,
as it is smaller than the main page.

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2024-02-29 09:57:18 +01:00
bd56c2340d Add another HTTPS probe for bsc.es
As all other HTTPS probes pass through the opsproxy01.bsc.es proxy, we
cannot detect a problem in our proxy or in the BSC one. Adding another
target like bsc.es that doesn't use the ops proxy allows us to discern
where the problem lies.

Instead of monitoring https://www.bsc.es/ directly, which will trigger
the whole Drupal server and take a whole second, we just fetch robots.txt
so the overhead on the server is minimal (and returns in less than 10 ms).

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2024-02-13 11:50:38 +01:00
df5a5e1668 Move slurm client in a separate module
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
2024-02-09 11:14:34 +01:00
d982b45c26 Enable public-inbox at jungle.bsc.es/lists
The public-inbox service fetches emails from the sourcehut mailing lists
and displays them on the web. The idea is to reduce the dependency on
external services and add a secondary storage for the mailing lists in
case sourcehut goes down or changes the current free plans.

The service is available in https://jungle.bsc.es/lists/ and is open to
the public. It currently mirrors the bscpkgs and jungle mailing list.

We also edited the CSS to improve the readability and have larger fonts
by default.

The service for public-inbox produced by NixOS is not well configured to
fetch emails from an IMAP mail server, so we also manually edit the
service file to enable the network.

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-12-07 11:08:15 +01:00
171f26e192 Monitor https://pm.bsc.es/gitlab/ too
The GitLab instance is in the /gitlab endpoint and may fail
independently of https://pm.bsc.es/.

Cc: Víctor López <victor.lopez@bsc.es>
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-12-01 12:17:50 +01:00
1c6e5d8f82 Enable nixseparatedebuginfod module
The module is only enabled on Hut and Eudy because we noticed activity
on the debuginfod service even if no debug session was active.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
2023-12-01 19:57:04 +01:00
8c7d37859b Enable runners for pm.bsc.es/gitlab too
The old runners for the PM gitlab were disabled in configuration in the
last outage, but they remained working until we reboot the node. With
this change we enable the runners for both PM and gitlab.bsc.es.

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-11-23 12:39:43 +01:00
c307fc9bb3 Monitor anella instead of gw.bsc.es
The target gw.bsc.es doesn't reply to our ICMP probes from hut. However,
the anella hop in the tracepath is a good candidate to identify cuts
between the login and the provider and between the provider and external
hosts like Google or Cloudflare DNS.

Reviewed-By: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-10-26 12:36:06 +02:00
6f5f234480 Add ICMP probes
These probes check if we can reach several targets via ICMP, which is
not proxied, so they can be used to see if ICMP forwarding is working in
the login node.

In particular, we test if we can reach the Google (8.8.8.8) and
Cloudflare (1.1.1.1) DNS servers, the BSC gateway which responds to ping
only from the intranet and the login node (ssfhead).

Reviewed-By: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-10-24 11:49:42 +02:00
1e9bc4086f Enable proxy for Grafana too
The alerts need to contact the slack endpoint, so we add the proxy
environment variables to the grafana systemd service.

Reviewed-By: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-10-20 16:04:15 +02:00
734f52e87f Make blackbox exporter use the proxy
By default it was trying to reach the targets using the default gateway,
but since the electrical cut of 2023-10-20, the login node has not
enabled forwarding again. So better if we don't rely on it.

Reviewed-By: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2023-10-20 15:34:06 +02:00
72658ee5e6 Add docker runner too 2023-10-04 07:55:26 +02:00
cfa3e08e4b Monitor gitlab.bsc.es too 2023-10-03 09:45:13 +02:00
10101c631d Monitor PM webpage via blackbox 2023-10-03 08:58:07 +02:00
4d865d7a7e Temporarily disable pm runners 2023-09-28 14:14:41 +02:00
d9511dab22 Add runner for gitlab.bsc.es 2023-09-28 14:11:30 +02:00
c3ecba513d Allow anonymous access to grafana 2023-09-22 10:50:14 +02:00
4ca4e0fae9 Enable slurm-exporter service 2023-09-21 21:38:34 +02:00
de3a28b7df Monitor storage nodes via IPMI too 2023-09-13 15:57:13 +02:00
826d6263fd Serve the nix store from hut 2023-09-12 12:19:43 +02:00
dd616a7fb1 Make exporters listen in localhost only 2023-09-08 18:13:04 +02:00
bdd03dac60 Poweroff idle slurm nodes after 1 hour 2023-09-08 13:31:23 +02:00
d91c9b7473 Unlock ovni gitlab runners 2023-09-05 16:24:27 +02:00
ae4ad95902 Add agenix to all nodes 2023-09-04 22:09:40 +02:00
8fc87885da Remove old secrets 2023-09-04 22:04:32 +02:00
c13022596a Move the ceph client config to an external module 2023-09-04 21:59:04 +02:00
875622ad0f Reorganize secrets and ssh keys
The agenix tools needs to read the secrets from a standalone file, but
we also need the same information for the SSH keys.
2023-09-04 21:36:31 +02:00
48727d3a88 Enable binary emulation for other architectures 2023-08-31 17:22:36 +02:00
4495cbf380 Scrape lake2 too 2023-08-29 12:33:26 +02:00
c47c190c79 Scrape metrics from bay 2023-08-29 11:58:00 +02:00
042e56b5b2 Add fio tool 2023-08-29 11:27:50 +02:00
a510a41eed Add ceph tools in hut too 2023-08-28 17:58:21 +02:00
300690df4c Disable pixiecore in hut for now 2023-08-25 13:21:00 +02:00
9d15c13a44 Add PXE helper 2023-08-25 12:03:30 +02:00
591a4c774e Add agenix to PATH in hut 2023-08-23 17:42:50 +02:00
e8d5eeb5cf Store ceph secret key in age
This allows a node to mount the ceph FS without any extra ceph
configuration in /etc/ceph.
2023-08-23 17:18:17 +02:00
2516559fac Add rarias key for secrets 2023-08-23 17:15:26 +02:00
bb8bf86051 Add ceph metrics to prometheus 2023-08-22 16:33:55 +02:00
2416ec7806 Mount the ceph filesystem in hut 2023-08-22 15:57:49 +02:00
199358a5e3 Monitor power from other nodes via LAN 2023-08-17 18:55:40 +02:00
776a582c10 Increase prometheus retention time to one year 2023-07-28 16:19:59 +02:00
b978839406 Allow access to devices for node_exporter 2023-07-28 13:48:30 +02:00
e0ab4e1408 Add owl and all partition 2023-06-16 11:34:00 +02:00
3cb263ea71 Simplify flake and expose host pkgs
The configuration of the machines is now moved to m/
2023-06-14 17:28:00 +02:00