From Nasqueron Agora
Revision as of 12:32, 24 September 2020 by Dereckson (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Equatower was an infrastructure server used to serve Docker containers. It's hosted on Dreadnought hypervisor.

It has been superseded by docker-001. This page is valid for docker-001, with the only need to replace by

New services, provisioned by SaltStack through our rOPS repository, should be deployed to this docker-001 or to Kubernetes cluster.

PaaS Docker


Group Container Image Purpose
jenkins_cd jenkins jenkinsci/jenkins Jenkins master for CD
jenkins_cd apsile nasqueron/jenkins-slave-php Jenkins slave
jenkins_cd elapsi nasqueron/jenkins-slave-php Jenkins slave
openfire openfire gizmotronic/openfire XMPP server
phpbb phpbb_db nasqueron/mysql MySQL server for phpBB PaaS
phpbb phpbb_ook nasqueron/nginx-php7-fpm QA container for phpBB PaaS
phpbb phpbb_test nasqueron/nginx-php7-fpm dev container for phpBB PaaS


Port Service Purpose
3478 Openfire STUN / TURN
5222 Openfire C2S XMPP
5263 Openfire S2S XMPP
38080 Jenkins back-end web server

Administration tasks

Acquisitariat (MySQL server)

To connect to the MySQL server, you can run a temporary container linked to our production server.

   ssh -t dwellers.nasqueron.org mysql acquisitariat

If you need more control tweak this line:

   docker run -it --rm --link acquisitariat:mysql nasqueron/mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"'

If you need to work with SQL files, connect directly to the server:

   docker exec -it acquisitariat bash

Finally, some containers allow direct access. From a Phabricator container, for example, you can get a MySQL client with:

   /opt/phabricator/bin/storage shell


Let's Encrypt certificates renewal fail

Let's Encrypt resolves in IPv6 first, so if IPv6 is down, renewal will be slow and unsuccessful with timeout messages.

No network at boot time

Access the machine on the hypervisor, then:

Check the interface is up
   ip addr
   ifup ens192 # to bring it up

The interface to use is the one connected to the main network, with 00:50:56:0c:53:94 as MAC address. It normally should be defined at ens192.

If you've reset the configuration and need to add again the IP
   ip addr add dev ens192
Routing is probably the issue
   ip route add dev ens192
   ip route add default via
Same for the case we can ping/ssh (slowly) from Ysul but not from the world
   ip route change dev ens192
   ip route change default via
Reconfigure the IPv6 tunnel

At some point, the Linux route2 method stopped to work, but the Linux net-tools method still work.

   ip tunnel del he-ipv6

Could be broken, if so, use old ifconfig commands like in Dwellers.