https://docs.delftsolutions.nl/api.php?action=feedcontributions&feedformat=atom&user=Thexa4Delft Solutions - User contributions [en]2026-04-03T22:18:15ZUser contributionsMediaWiki 1.39.3https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=691Enroll Mac in Kerberos2026-01-21T13:36:04Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Set bash as your default shell: [[New_Mac_Setup#Use_Bash_as_Shell]]<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents.<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/user.key -out ~/Library/IPA/user.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/user.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/user.crt<br />
# Add the following lines to your ~/.bash_profile - Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="/usr/bin/kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
# Add the following lines to your ~/.zshrc - Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="/usr/bin/kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=679New Mac Setup2025-12-02T11:57:06Z<p>Thexa4: /* TouchID sudo */</p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== TouchID sudo ==<br />
* Run: `sed -e 's/#auth/auth/' /etc/pam.d/sudo_local.template | sudo tee /etc/pam.d/sudo_local`<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== Trust IPA as Root Certificate ==<br />
# Make sure to first execute [[Enroll Mac in Kerberos]]<br />
# Run: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/ipa/ca.crt<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php<br />
<br />
== Install iTerm2 ==<br />
https://iterm2.com<br />
<br />
== Use Bash as Shell ==<br />
# `chsh -s /bin/bash`<br />
# `echo 'export BASH_SILENCE_DEPRECATION_WARNING=1' >> ~/.bash_profile`<br />
<br />
== Use Kerberos Certificate as Mumble Certificate ==<br />
# Make sure to perform: [[Enroll Mac in Kerberos]]<br />
# Make sure to perform: [[#Trust IPA as Root Certificate]]<br />
# Convert certificate to pkcs12: `openssl pkcs12 -export -passout pass: -in ~/Library/IPA/user.crt -inkey ~/Library/IPA/user.key -out ~/Library/IPA/user.pkcs12 -name "IPA Certificate"`<br />
# Open mumble<br />
# On the Certificate Management overview, select "Import a certificate"<br />
# In the Import from field, enter the following text: ~/Library/IPA/user.pkcs12<br />
#</div>Thexa4https://docs.delftsolutions.nl/index.php?title=12%25-time&diff=56512%-time2025-03-04T14:14:43Z<p>Thexa4: </p>
<hr />
<div>'''12%-time''' is an innovation program wherein employees dedicate approximately 12% of their work week (typically four hours out of a 32-hour workweek) to pursue projects of personal interest that could potentially benefit the company. This concept is adapted from [https://en.wikipedia.org/wiki/Side_project_time Google's 20% time concept]. <br />
<br />
== Goals ==<br />
12%-time creates structured slack in employees' schedules. This has two primary goals: <br />
# force us to create slack in project schedules, that can be consumed when time runs over. <br />
# allow for more experimentation and creativity that might not naturally come up in projects. <br />
<br />
Slack in projects is important. A fully utilized project (or team) is [https://blog.danslimmon.com/2016/08/26/the-most-important-thing-to-understand-about-queues/ virtually guaranteed to fail to meet its deadlines]: any small delay during a project would cause you to violate the deadline. One of the ways we ensure slack is included in our workweek, is by booking ''up to 4 hours'' every week of 12%-time. Yes, that's actually 12,5% of your 32-hour workweek, but the shorter name has stuck. <br />
<br />
Secondly, 12%-time allows for experimentation and learning outside our regular projects. The availability of work shapes projects. It might benefit Delft Solutions to have you know React, but a React-based project might not come up for months. 12%-time allows for learning React on your terms. Or we might want a new plugin to calculate vacation hours in Kimai, but can't create a project for that. You could build it in 12%-time. 12%-time allows for exploration of new ideas, innovation outside of your daily responsibilities, skill development, and potential development of new products or features. <br />
<br />
== Doing 12%-time at Delft Solutions ==<br />
# What to work on:<br />
## Choose your own topics & projects. No one assigns you 12% work. While others might have suggestions, you decide how to allocate time. <br />
## You can work on things over multiple weeks, or choose a different topic every week for variation.<br />
## What you work on, should be "work-related". We take an expansive view of that requirement; it doesn't have to be directly related to your job. Learning a new programming language, trying some new technology, building a badge reader for the office door, learning bookkeeping or accounting, making a meeting timer, etc. are all great examples of using 12%-time. On the contrary, underwater basket weaving, sleeping and remodelling your bathroom are not. <br />
# How to budget time:<br />
## Limit your 12%-time to 4 hours per week over a long term average. It's okay to spend more or less time on 12%-time per week, it doesn't have to be exactly 4 hours. <br />
## Try to stick closely to four hours per week though; having you do 0-0-0-16 hours in a month would defeat goal 1 of having slack every week. <br />
## Do not catch-up on 'missed' 12%-time. If a week was quite busy, the work consumes the 12%-time as a buffer, as it was intended. The next week, just do 4 hours rather than 8 hours on 12%-time.<br />
## If you miss 12%-time multiple weeks in a row, especially when you do so as the whole team, bring it up as a topic for the weekly retrospective. It's an early sign that we might be overbooked w.r.t. capacity. <br />
## Missing work objectives or deadlines while still working 12%-time in a particular week is a major cause for concern and should never happen. The 12%-time is a buffer, not a dedicated project. <br />
# Planning when to take 12%-time:<br />
## Spend your 12%-time towards the end of the workweek, probably Thursday or Friday, as it becomes clear that work objectives will be delivered on time for this week. <br />
## Do not spend 12%-time on weekends to catch up on your hours for the week. Weekends should -- practically and legally -- be for rest, while 12%-time is still considered work. <br />
# Demo your work on Friday<br />
## Every week on Friday in the weekly retrospective, we have an agenda item for showing the results of our 12%-time. <br />
## Prepare beforehand to discuss your 12%-time in the past week. In about 3-4 minutes, you should share: <br />
### anything new you've built<br />
### any learnings you had. Don't assume that everyone already knows what you've learned: often that's not the case!<br />
### You can talk about your process of going about it, but the main focus should be on results.</div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=550New Mac Setup2025-02-13T13:53:36Z<p>Thexa4: </p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== Trust IPA as Root Certificate ==<br />
# Make sure to first execute [[Enroll Mac in Kerberos]]<br />
# Run: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/ipa/ca.crt<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php<br />
<br />
== Install iTerm2 ==<br />
https://iterm2.com<br />
<br />
== Use Bash as Shell ==<br />
# `chsh -s /bin/bash`<br />
# `echo 'export BASH_SILENCE_DEPRECATION_WARNING=1' >> ~/.bash_profile`<br />
<br />
== Use Kerberos Certificate as Mumble Certificate ==<br />
# Make sure to perform: [[Enroll Mac in Kerberos]]<br />
# Make sure to perform: [[#Trust IPA as Root Certificate]]<br />
# Convert certificate to pkcs12: `openssl pkcs12 -export -passout pass: -in ~/Library/IPA/user.crt -inkey ~/Library/IPA/user.key -out ~/Library/IPA/user.pkcs12 -name "IPA Certificate"`<br />
# Open mumble<br />
# On the Certificate Management overview, select "Import a certificate"<br />
# In the Import from field, enter the following text: ~/Library/IPA/user.pkcs12<br />
#</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=549Enroll Mac in Kerberos2025-02-12T14:56:50Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Set bash as your default shell: [[New_Mac_Setup#Use_Bash_as_Shell]]<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents.<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/user.key -out ~/Library/IPA/user.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/user.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/user.crt<br />
# Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="/usr/bin/kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=513Enroll Mac in Kerberos2025-01-21T15:01:53Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Set bash as your default shell: [[New_Mac_Setup#Use_Bash_as_Shell]]<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents.<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/user.key -out ~/Library/IPA/user.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/user.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/user.crt<br />
# Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=512New Mac Setup2025-01-21T14:40:55Z<p>Thexa4: </p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== Trust IPA as Root Certificate ==<br />
# Make sure to first execute [[Enroll Mac in Kerberos]]<br />
# Run: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/ipa/ca.crt<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php<br />
<br />
== Use Bash as Shell ==<br />
# `chsh -s /bin/bash`<br />
# `echo 'export BASH_SILENCE_DEPRECATION_WARNING=1' >> ~/.bash_profile`<br />
<br />
== Use Kerberos Certificate as Mumble Certificate ==<br />
# Make sure to perform: [[Enroll Mac in Kerberos]]<br />
# Make sure to perform: [[#Trust IPA as Root Certificate]]<br />
# Convert certificate to pkcs12: `openssl pkcs12 -export -passout pass: -in ~/Library/IPA/user.crt -inkey ~/Library/IPA/user.key -out ~/Library/IPA/user.pkcs12 -name "IPA Certificate"`<br />
# Open mumble<br />
# On the Certificate Management overview, select "Import a certificate"<br />
# In the Import from field, enter the following text: ~/Library/IPA/user.pkcs12<br />
#</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=511Enroll Mac in Kerberos2025-01-21T14:22:25Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents.<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/user.key -out ~/Library/IPA/user.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/user.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/user.crt<br />
# Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="kinit -C FILE:/Users/<mac_username>/Library/IPA/user.crt,/Users/<mac_username>/Library/IPA/user.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=510Enroll Mac in Kerberos2025-01-21T14:12:56Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents.<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/laptop.key -out ~/Library/IPA/laptop.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/laptop.crt<br />
# Add the following lines to your ~/.bash_profile. Make sure to replace <mac_username> with your Mac username and <ipa_username> with your IPA username!<br />
## alias ds_pkinit="kinit -C FILE:/Users/<mac_username>/Library/IPA/laptop.crt,/Users/<mac_username>/Library/IPA/laptop.key --keychain <ipa_username>"<br />
## ds_pkinit & disown<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=509New Mac Setup2025-01-21T14:09:19Z<p>Thexa4: </p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php<br />
<br />
== Use Bash as Shell ==<br />
1. `chsh -s /bin/bash`<br />
2. `echo 'export BASH_SILENCE_DEPRECATION_WARNING=1' >> ~/.bash_profile`</div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=508New Mac Setup2025-01-21T14:07:01Z<p>Thexa4: Protected "New Mac Setup": Contains command line examples ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))</p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php</div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=507New Mac Setup2025-01-21T14:06:43Z<p>Thexa4: </p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`<br />
<br />
== Install MacPorts ==<br />
Follow instructions here: https://www.macports.org/install.php</div>Thexa4https://docs.delftsolutions.nl/index.php?title=New_Mac_Setup&diff=506New Mac Setup2025-01-21T14:05:01Z<p>Thexa4: Created page with "This is a list of tweaks that are useful when setting up a new Mac. == Kerberos authentication == See: Enroll Mac in Kerberos == TouchID sudo == * Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`"</p>
<hr />
<div>This is a list of tweaks that are useful when setting up a new Mac.<br />
<br />
== Kerberos authentication ==<br />
See: [[Enroll Mac in Kerberos]]<br />
<br />
== TouchID sudo ==<br />
* Edit `/etc/pam.d/sudo_local` as root and remove the '#' before this line: `auth sufficient pam_tid.so`</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Internal&diff=505Internal2025-01-21T14:03:11Z<p>Thexa4: /* SRE */</p>
<hr />
<div>== Finance ==<br />
<br />
=== Exact ===<br />
<br />
* [[booking bonus|Booking bonus]]<br />
* [[booking wages|Booking wages]]<br />
* [[booking quarterly hosting invoice|Booking quarterly hosting invoice]]<br />
* [[new receipt|Enter a new receipt]]<br />
* [[reconciliation|Reconciliation of transaction]]<br />
* [[invoicing|Send an invoice]]<br />
* [[payment reminders|Send payment reminder]]<br />
* [[invoice approval|Process for approving invoices (/filed receipts)]]<br />
<br />
=== Bunq ===<br />
<br />
* [[top up account|Top up expense account]]<br />
<br />
== Work Process ==<br />
<br />
* [[Definition of done|Definition of Done]]<br />
* [[Incident Handling|Incident Handling]]<br />
* [[SRE Maintenance|SRE Maintenance]]<br />
<br />
== Internal Process ==<br />
* [[timetracking|Timetracking process]]<br />
* [[Starting work for a new client]]<br />
* [[12 percent|12% time]]<br />
* [[Annual leave|Annual leave]]<br />
* [[Bonus allocation|Bonus allocation]]<br />
* [[Calamity leave|Calamity leave]]<br />
* [[Overtime|Overtime]]<br />
* [[Retrospectives|Retrospectives]]<br />
* [[Sick leave|Sick leave]]<br />
* [[Training and self-study|Training and Self-Study]]<br />
* [[Daily|Daily]]<br />
<br />
== Projects ==<br />
<br />
* Era Inventory [[project_era_inventory_api|API Description]]<br />
<br />
== SRE ==<br />
<br />
''To be further populated with guide from drive''<br />
* [[create gitlab runner host|Create a GitLab runner host]]<br />
* [[vm setup|Create a (Debian) VM]]<br />
* [[border update|Process for updating a border]]<br />
* [[border reboot|Reboot border without downtime]]<br />
* [[WS Proxmox node reboot|Reboot WS Proxmox node without downtime]]<br />
* [[Resize VM Disk]]<br />
* [[SRE tools]]<br />
* [[Enroll Mac in Kerberos]]<br />
* [[New Mac Setup]]<br />
* [[Creating a VM on Hetzner]]<br />
* [[Rebooting VM]]<br />
* [[Rebooting Offsite]]<br />
* [[ssh-fingerprints|Verifying SSH fingerprints]]<br />
* [[Removing VM]]<br />
* [[Install a new Disk in Server]]<br />
* [[Setting Up Wildcard Subdomains with SSL on a Debian Application]]<br />
<br />
== Other ==<br />
<br />
* [[stack|Greenfield stack]]<br />
* [[standard tools|Standard Tools]]<br />
* [[list of unfurl debuggers|List of unfurl debuggers]]<br />
* [[Recommended suppliers]]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=504Enroll Mac in Kerberos2025-01-21T14:02:39Z<p>Thexa4: </p>
<hr />
<div>This will make your laptop automatically log you in to IPA. Only do this on machines that are exclusively used by you!<br />
<br />
# Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents. Make sure to replace <username> with your actual username!<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/laptop.key -out ~/Library/IPA/laptop.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = caIPAserviceCert<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/laptop.crt<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Incident_Handling&diff=491Incident Handling2024-11-22T11:20:34Z<p>Thexa4: </p>
<hr />
<div>== Zulip migration ==<br />
Due to a migration to Zulip, the integration as was available on Mattermost is not available yet on Zulip. This leads to the following process changes:<br />
* Acknowlegements and triggers resolving are not posted to Zulip by Zabbix<br />
* Triggers are grouped in a topic on Zulip per host<br />
* When an incident has been fully resolved, mark the topic as resolved, when any other incidents reported for the host are resolved<br />
* There's no `?ongoing`, instead for now we can track open incidents by checking for unresolved topics<br />
* The posting of incidents is less smart (only posting when not posted yet), so in order to prevent an incident from not being reported due to network issues or the likes, a message is posted after an inteval (8 hours for non-critical and lower, 1 hour for critical and above) while the incident has not been acknowleged.<br />
* Incidents can be manually tracked by creating a topic by hand and reporting the problem.<br />
* There is no automatic gitlab issue creation or syncing anymore.<br />
<br />
Finally, where this process says to do something on Mattermost, you should now do so on Zulip. The updates in the process chapters themselves are WIP.<br />
<br />
== Critical incidents ==<br />
'''Critical incidents are resolved within 16 hours.'''<br />
<br />
As first responder you take on the responsiblity of seeing an incident resolved. This does not mean that you are the person required to do all the work. You can attempt to involve other to help you (often referred to as escalating the incident), but since other are not on-call, they are not obliged to help you, especially outside of normal working hours.<br />
Involving multiple people can quickly be required if multiple critical incidents with different causes occur simultaniously. In that case, the First Responder usually takes on a more information management role and steers those that are brought on into resolving the issues. (Example: if a server crashes, several critical triggers can fire, but the underlying cause can quite quickly be determined to be a single issue, the crashed server. So you wouldn't need to call in people to manage each incident. But a client's service being down in one cluster while in a different cluster a different VM no longer boots is likely to be to different issues, so in order to resolve them on time you'd want to call in help to resolve the incident in time).<br />
<br />
=== Process ===<br />
The general process is made up of the folowing steps. Each step has additional information on how to handle/execute them in the sections below.<br />
# Take responsibility for seeing the incident resolved<br />
# Determine if incident is still ongoing<br />
# If ongoing: Communicate to affected clients that the issue is being investigated<br />
# Communicate plan/next steps (even if that is gathering information)<br />
# Communicate findings/results of executed plan, go back to previous step if not resolved<br />
# Resolve incident + cleanup<br />
<br />
During working on an incident it is expected that all communication is done in the incident's thread. This means all information to a problem can be found in a clear a predictable place. Sometimes an incident can be resolved by work done in another incident. In that case, it is required to post a link to that thread in the incident's thread with the comment that the resolution is done in that thread.<br />
<br />
==== Acknowledge the incident on Zabbix ====<br />
The first step is to take responsibility for seeing the incident resolved by acknowledging the incident on Zabbix. Simply acknowledging the trigger suffices. It is however entirely possible that multiple critical incidents are firing at the same time. This can be a coincidence, or can be because of a share cause of failure. For example, a server crashing will cause server VM' to reboot, or the router having an connectivity issue will lead to most other VM's having connectivity issues as well. If there are multiple critical incidents, it is advised to quickly observe what's ongoing, Zabbix is the best source of firing triggers for this, and pick the incident that is likely the root cause to <br />
<br />
* Acknowledging an incident on Zabbix will stop Zabbix from calling the First Responder to notify them of the ongoing incident. And stops Zabbix from posting reminders on Zulip.<br />
<br />
==== Determine if incident is still ongoing ====<br />
The next step is to check if the reported problem is still ongoing. Depending on the observations made here your process to follow and steps needed to resolve the incident can change. There are three options:<br />
# The trigger resolved itself and the problem cannot be observed. Example: HTTPS is down for a site, but the FR can access the site through HTTPS without incident.<br />
# The trigger resolved itself and the problem can still be observed.<br />
# The trigger is still firing but the problem cannot be observed: Our triggers might not be perfect, so it could be that something else is causing it to fire. A simple example would be that Zabbix reports that the the DNS for a site can't be resolved, but in reality there's a bug in the script we wrote that checks if the DNS resolves and the DNS resolves fine. Final note: keep in mind that an 'it works on my machine' does not necessarily mean it works for most other people, so depening on the trigger you need to do some evaluations if your tests suffice. <br />
<br />
In order to make sure you are actually trying to observe the same thing as the trigger is looking for, make sure to check the trigger definition and the current data of the associated item(s). Some triggers might fire if one of multiple conditions is met (Such as a trigger that monitors the ping response time firing if the value exceeds a certain threshold, or if no data for a certain period of time was observed).<br />
<br />
Make sure to report your findings in the incident's thread. It's advised to post a screenshot of the relevant item(s) and your own observations. (Continuing the ping example, you would post a screenshot of the relevant values, state your conclusion why the trigger is firing, and your own observations/pings)<br />
<br />
==== Communicate to affected clients ====<br />
If the incident is still ongoing and the service is down, we need to communicate to affected clients that we are aware of the problem and that we are investigating it. This is because critical incident usually mean the service is down, something the clients can notice/are affected by, so we to be transparent that something is going on. There are some additional notes to this though:<br />
* If an incident has already resolved itself and the problem is no longer observable, we don't communicate anything. Doing so might only cause confusion, and since the client has not reported any issues, they have not had a noticeable problem with it themselves.<br />
* Although a critical incident generally means that the client service is down or experiencing reduced service, not all critical incidents are of that nature. Some are more administrative, or are only an issue for Delft Solutions itself. As of writing I don't have an exhaustive list, but here is those I can think of:<br />
** SSH Service is down: We don't have any clients that SSH into their services, so it's generally not a problem. But SSH is mostly used for SRE maintenance and publishing new builds. The SRE maintenance is an internal problem, so no need to communicate to the client. The publishing is done to Kaboom, preventing new builds from being published, and the two SM VM's.<br />
** No backup for x days: Clients don't notice it if a backup is running late, so no need to communicate with clients. Just need to make sure the backup gets completed<br />
** SSL certificate is expiring in < 24 hours: This is a bit dependent on how soon this incident is being handled, but if it handled quickly, the certificate never actually expired, and there has not been any disruption to the client's service, so no need for communicating about it.<br />
* Determining which clients are being affected can be done by looking at the host's DNS in the trigger, and/or looking up the VM in Proxmox and checking the tags of the VM's for client names. In the case that this issue is causing multiple other critical triggers to fire, you would have to check for which clients are affected by those incidents.<br />
* Communicating to DS about ongoing incidents is usually assumed to be automaticly have been done by the fact that the incident was reported on Zulip.<br />
<br />
As always, report the decisions taken and actions maded in the incident thread. (e.g.: I've sent a message in the Slack to let Kaboom know that we aware of problem x, and that we are investigating it)<br />
<br />
==== Communicate plan/next steps + Communicate findings/results of executed plan ====<br />
This is the main part of handling an incident. There are several actions you can take in these steps, but at the basis they consist of sharing your next steps, performing those, and reporting the results. The reason all this needs to be reported is to ensure that all known information about a problem is logged, making it easier for someone else to be onboarded into the issue, for later reference if a similar issue is encountered, and even for use during the incident itself in case an older configuration needs to be referenced after you changed it.<br />
The objective from these steps is determining what is actually wrong and how to resolve it. Depending on the observations made earlier on whether the incident is still ongoing and is (still) observable your investigation can go into different directions. (e.g. Find the underlying cause for a trigger, or determining why the trigger is firing while it likely shouldn't, and then how to resolve that underlying cause or how to update the trigger to work better)<br />
<br />
There are three main types of steps defined, but you are not limited to these:<br />
# Hypothesis: If you have an idea what could be causing it, you would state your hypothesis and your next step would be to prove that hypothesis. For example, for an incident 'SSH service is down on X' your hypothesis could be that this is due to 'MaxStartups' throttling, which can be proven by 'grep'ing journalctl for that, and compare the start and end times of throttling with the timestamps of the item reporting the status of the SSH service.<br />
# Information gathering: Sometimes it just helps to get some facts about the situation collected. What is usefull information that is relevant depends on the triggers, but some examples are: The syslog/journalctl of the host from around the time of the incident (it can contain a reference to the an underlying problem in various levels of explicitness), the ping response from several hosts on the route to a host or a traceroute (this helps with networking issues). The gathered information is usually intended to help you come up with an hypothesis on what's wrong.<br />
# Investigative: The most rigorous of process. The full process is described here originally [https://docs.google.com/document/d/1AQYJM1Q9l2Tyk6zfCVaQ2aEq-dpbfUH5okE88bpKkhw/edit#heading=h.5fq2skijqbdc Drive - Final Coundown - General Investigative Process]. To summarize, when you don't know why something is failing, and/or don't have any decent hypotheses to follow up, you can follow this process to systematicly find the problem.<br />
<br />
Regarding the resolution to an incident: The resolution to any incident is usually one of two things:<br />
# Fix the underlying problem.<br />
# Fix the trigger itself.<br />
Fixing the trigger is relavively straightforward, but do make sure document in the thread what you changed to which trigger.<br />
Fixing the underlying problem can be more complex. A trade-off needs to be made sometimes between resolving technical debt, or simply patching the current system to resolve the issue. We usually look for a resolution that ensures that the problem won't re-occur soon, or makes it unexpected/unlikely for the problem to re-occur. Taking into account the timeframe that is available to resolve the incident you can make some trade-offs. An example would be: normal backups of VM's are failing due to the Proxmox backup server being down/unreachable and it is determined that this cannot be resolved at that moment. We can set up automatic backups to local storage temporary to resolve the immediate problem and ensure we keep our SLO's versus setting up a new Proxmox Backup server at a different location. Since we don't have much time to resolve the problem, the resolution would be to set up the automatic backups to local storage, and set up a new Proxmox Backup Server later as a seperate issue.<br />
<br />
Some know issues and their resolutions:<br />
* SSH service is down: The internet is a vile place. There's constant port scanning and hacking attempts ongoing to any machine connected to the internet (mostly IPv4). Due to this, SSH has a throttling functionality build in to prevent a system from being DDOS'ed by the amount of malicious SSH requests. This throttling can cause the Zabbix server from being denied an SSH connection, of which several failures fire this trigger. This hypothesis can be proven with a `journalctl -u ssh | grep 'MaxStartupsThrottling'` (you probably want to select a relevant time period with `--since "2 hours ago"` or something similar to prevent having to process a month of logging). You can then compare the throttling start and end times with the timestamps of the item data itself. The resolution for the issue is to add our custom ssh configuration [https://chat.dsinternal.net/#narrow/stream/23-SRE---General/topic/DS.20Whitelisted.20Custom.20SSH.20configuration/near/1620 Custom SSH Configuration].<br />
* No backup for 3 days: Are S3 backup is very slow. Not much to prove as an underlying issue here. What needs to be done is check that the backup process is ongoing. The Zabbix latest data can be checked to verify that backups are running by checking that that days backups were done for the smaller buckets. The devteam email can be checked for if the backup process could not start on day due to it already running (it takes 24+ hours, and an attempt to start it is done each day by cron).<br />
* git.* HTTPS is down: On Sunday mostly, Gitlab gets automaticly updated, but this incurs some downtime as the service is restarted. This is usually short enough to not be reported to Zulip as per our settings, but sometimes it's longer. If the service does not stay down, the issue can be just resolved.<br />
<br />
==== Resolve incident + cleanup ====<br />
When you've executed and verified the resolution in the previous steps we can proceed resolving the issue in our Mattermost integration. Resolving an incident can be done by doing the following:<br />
# Verify that the trigger is no longer firing. An incident will be immediatly re-opened if the trigger is still firing, and the incident cannot be considered resolved if the trigger is still firing. If the trigger is still firing but you're sure that you've resolved the problem, you might need to force the item the trigger depends on to update. This can be done by finding the item in the host's configuration on Zabbix and selecting 'Execute Now', after a short period this should force Zabbix to re-execute the item. You can check the timestamps in the latest data of an item to check if it was updated.<br />
# Close the incident by marking the topic as resolved, when there are no other triggers firing for the host.<br />
<br />
Unfortunatly, some problems cause multiple critical and non-critical triggers to fire. This means we have to check Zabbix and Zulip for other fired triggers and ongoing incidents. The goal is to identify critical and non-critical incidents that were caused by the incident/underlying issue you just resolved.<br />
# First, these incidents need to be acknowledged on Zabbix, and in the acknowledgement message you mention the incident/problem that caused this.<br />
# Next, check the incident tracked by the integration on Mattermost using the `?ongoing` command. Resolve incidents that were (re-)opened by this incident by executing the following steps. If the first two fail (problem still persists, trigger is still firing), the incident needs to considered it's own issue and the relevant process needs to be followed (critical or non-critical depending on criticality).<br />
## Ensuring the mentioned problem is no longer observable<br />
## The trigger has resolved (You might need to force an update with `Execute Now`).<br />
## Posting a link to the main incident you resolved with the comment that the underlying problem was resolved in that topic.<br />
## Closing the incident by marking the topic as resolved, when there are no other triggers firing for the host.<br />
<br />
When you are done, there should be no more critical triggers firing in Zabbix or open in the Zabbix-Mattermost intergration, for which no-one has taken responsibility or you have taken responsibility for and are not actively handling.<br />
<br />
===Additional context===<br />
* Critical incidents are posted in [https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical '''SLA - Critical'''].<br />
* <s>When it is being tracked on GitLab a heavy check mark is added to the message.</s><br />
* <s>Responses on the thread and on GitLab are automatically synced (to some extend)</s><br />
* <s>When you reply with '''I agree that this has been fully resolved''' eventually our Zabbix-Mattermost integration will pick this up and a green check mark is added to the message.</s><br />
<br />
== Non-Critical incidents ==<br />
* Non-critical incidents are acknowledged within 9 hours and resolved within one week.<br />
<br />
=== Acknowledging ===<br />
Fully acknowledging a non-critical incident requires the following tasks to have been completed:<br />
* Acknowledging the incident on Zabbix<br />
* Add the non-critical incident as a milestone in the metrics sheet<br />
** Start date is the date of the incident<br />
** DoD states what needs to be true for the non-critical incident to be consider resolved<br />
* Add the non-critical incident to Lynx as a project<br />
** Tasks need to be added<br />
** Final tasks needs to have the SLO deadline set as 'contraint'<br />
** Project priority is set to 20 (as a default)<br />
** The tasks are estimated for SP<br />
* The Lynx project ID is reported in the non-critical incident's topic on Zulip<br />
* A Kimai activity is created in Kimai for the non-critical incident<br />
<br />
Checklist (outdated)<br />
# Acknowledge on Zabbix and state who is responsible for resolving this in the description<br />
# Communicate plan/next steps (even if that is gathering information)<br />
# Communicate findings/results of executed plan, go back to previous step if not resolved<br />
# If there is no resolution to the incident, evaluate if the trigger needs updating/disabling<br />
# Resolve incident<br />
<br />
== Informational incidents ==<br />
* Informational incidents are acknowledged within 72 hours<br />
<br />
Checklist<br />
# Acknowledge on Zabbix<br />
# Sanity check the event, post result in thread<br />
# If action needed, perform action<br />
<br />
== If an incident is reported by other means than the Zabbix-Zulip intergration ==<br />
# Acknowledge receipt.<br />
# Classify the incident as critical, non-critical, or informational.<br />
# Create an topic in the relevant SRE channel, stating the problem and that you is responsible for resolving it.<br />
# Proceed to treat the incident according to the criticality you just classified it as. (So for a critical incident, it means you now start the critical incident handling process)<br />
<br />
== Handover ==<br />
When handing over the responsibility of '''first responder''' (FR), the following needs to happen:<br />
* The handover can be initiated by both the upcoming FR or the acting FR<br />
* Acting FR adds the upcoming FR the the IPA sla-first-responder user group and enables Zabbix calling for that the upcoming FR if they have that set by going to Zabbix > Configuration > Actions > [https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0# Trigger actions]<br />
* The upcoming FR makes sure they are aware of the state of the SLA and knows what questions they wants to ask the acting FR.<br />
* The upcoming FR makes sure they are subscribed to the right channels.<br />
<br />
The following steps can be done async or in person:<br />
* The acting FR announces/informs the upcoming FR has been added to the sla-first-responder group (In Zulip's [https://chat.dsinternal.net/#narrow/stream/13-Organisational Organisational channel] if asynq).<br />
* If the acting FR wants to hand over responsibility for any ongoing incident they also state which incidents they want the upcoming FR to take over.<br />
* If there are any particularities the upcoming FR needs to be aware of, those are shared.<br />
* The upcoming FR asks their questions until they are satisfied and able to take over the FR<br />
* The upcoming FR ensures they are subscribed to the following channels on Zulip: [https://chat.dsinternal.net/#narrow/stream/23-SRE---General SRE - General], [https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical SRE # Critical] and if part of the SRE team [https://chat.dsinternal.net/#streams/4/SRE%20##%20Non-critical SRE ## Non-Critical] and [https://chat.dsinternal.net/#streams/5/SRE%20###%20Informational SRE ### Informational].<br />
* The upcoming FR announces/informs that they are now the acting FR over Zulip's [https://chat.dsinternal.net/#narrow/stream/13-Organisational Organisational channel]<br />
* The now acting FR removes the previous FR from IPA the sla-first-responder user group and disables Zabbix calling for the previous FR if they had that enabled by going to Zabbix > Configuration > Actions > [https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0# Trigger actions]<br />
<br />
===Checklist for Handing Over First Responder (FR) Responsibilities===<br />
<br />
When transferring the role of First Responder (FR), follow these steps:<br />
<br />
1. Initiate the Handover:<br />
- Acting FR or Upcoming FR*: Initiate the handover process.<br />
<br />
2. Add Upcoming FR to User Group and Enable Zabbix Calling:<br />
- Acting FR:<br />
- Add the upcoming FR to the IPA `sla-first-responder` user group.<br />
- Enable Zabbix calling for the upcoming FR (if applicable) by navigating to:<br />
- Zabbix> Configuration > Actions > [Trigger actions](https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0#).<br />
<br />
3. Announce Addition to User Group:<br />
- Acting FR:<br />
- Inform the upcoming FR that they have been added to the `sla-first-responder` group.<br />
- If communicating asynchronously, announce this in Zulip's [Organisational channel](https://chat.dsinternal.net/#narrow/stream/13-Organisational).<br />
<br />
4. Communicate Ongoing Incidents and Particularities:<br />
- Acting FR:<br />
- Share details of any ongoing incidents to be handed over.<br />
- Inform the upcoming FR of any specific details they need to be aware of.<br />
<br />
5. Review SLA State and Prepare Questions:<br />
- Upcoming FR:<br />
- Familiarize yourself with the current state of the SLA.<br />
- Prepare any questions for the acting FR.<br />
<br />
6. Clarify and Confirm Understanding:<br />
- Upcoming FR:<br />
- Ask all necessary questions until you are confident in taking over the FR role.<br />
<br />
7. Subscribe to Relevant Zulip Channels:<br />
- Upcoming FR:<br />
- Subscribe to the following channels:<br />
- [SRE - General](https://chat.dsinternal.net/#narrow/stream/23-SRE---General)<br />
- [SRE # Critical](https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical)<br />
- If part of the SRE team, also subscribe to:<br />
- [SRE ## Non-Critical](https://chat.dsinternal.net/#streams/4/SRE%20##%20Non-critical)<br />
- [SRE ### Informational](https://chat.dsinternal.net/#streams/5/SRE%20###%20Informational)<br />
<br />
8. Announce Acceptance of FR Role:<br />
- Upcoming FR (now Acting FR):<br />
- Announce that you are now the acting FR in Zulip's [Organisational channel](https://chat.dsinternal.net/#narrow/stream/13-Organisational).<br />
<br />
9. Remove Previous FR from User Group and Disable Zabbix Calling:<br />
- Now Acting FR:<br />
- Remove the previous FR from the IPA `sla-first-responder` user group.<br />
- Disable Zabbix calling for the previous FR by navigating to:<br />
- Zabbix> Configuration > Actions > [Trigger actions](https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0#).<br />
- Ensure the previous FR's phone number is disabled in Zabbix calling settings.<br />
<br />
10. Confirm Completion of Handover:<br />
- Now Acting FR:<br />
- Verify that all steps have been completed and the handover is fully executed.</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Incident_Handling&diff=490Incident Handling2024-11-21T15:12:23Z<p>Thexa4: </p>
<hr />
<div>== Zulip migration ==<br />
Due to a migration to Zulip, the integration as was available on Mattermost is not available yet on Zulip. This leads to the following process changes:<br />
* Acknowlegements and triggers resolving are not posted to Zulip by Zabbix<br />
* Triggers are grouped in a topic on Zulip per host<br />
* When an incident has been fully resolved, mark the topic as resolved, when any other incidents reported for the host are resolved<br />
* There's no `?ongoing`, instead for now we can track open incidents by checking for unresolved topics<br />
* The posting of incidents is less smart (only posting when not posted yet), so in order to prevent an incident from not being reported due to network issues or the likes, a message is posted after an inteval (8 hours for non-critical and lower, 1 hour for critical and above) while the incident has not been acknowleged.<br />
* Incidents can be manually tracked by creating a topic by hand and reporting the problem<br />
* There is no automatic gitlab issue creation or syncing anymore.<br />
<br />
Finally, where this process says to do something on Mattermost, you should now do so on Zulip. The updates in the process chapters themselves are WIP.<br />
<br />
== Critical incidents ==<br />
'''Critical incidents are resolved within 16 hours.'''<br />
<br />
As first responder you take on the responsiblity of seeing an incident resolved. This does not mean that you are the person required to do all the work. You can attempt to involve other to help you (often referred to as escalating the incident), but since other are not on-call, they are not obliged to help you, especially outside of normal working hours.<br />
Involving multiple people can quickly be required if multiple critical incidents with different causes occur simultaniously. In that case, the First Responder usually takes on a more information management role and steers those that are brought on into resolving the issues. (Example: if a server crashes, several critical triggers can fire, but the underlying cause can quite quickly be determined to be a single issue, the crashed server. So you wouldn't need to call in people to manage each incident. But a client's service being down in one cluster while in a different cluster a different VM no longer boots is likely to be to different issues, so in order to resolve them on time you'd want to call in help to resolve the incident in time).<br />
<br />
=== Process ===<br />
The general process is made up of the folowing steps. Each step has additional information on how to handle/execute them in the sections below.<br />
# Take responsibility for seeing the incident resolved<br />
# Determine if incident is still ongoing<br />
# If ongoing: Communicate to affected clients that the issue is being investigated<br />
# Communicate plan/next steps (even if that is gathering information)<br />
# Communicate findings/results of executed plan, go back to previous step if not resolved<br />
# Resolve incident + cleanup<br />
<br />
During working on an incident it is expected that all communication is done in the incident's thread. This means all information to a problem can be found in a clear a predictable place. Sometimes an incident can be resolved by work done in another incident. In that case, it is required to post a link to that thread in the incident's thread with the comment that the resolution is done in that thread.<br />
<br />
==== Acknowledge the incident on Zabbix ====<br />
The first step is to take responsibility for seeing the incident resolved by acknowledging the incident on Zabbix. Simply acknowledging the trigger suffices. It is however entirely possible that multiple critical incidents are firing at the same time. This can be a coincidence, or can be because of a share cause of failure. For example, a server crashing will cause server VM' to reboot, or the router having an connectivity issue will lead to most other VM's having connectivity issues as well. If there are multiple critical incidents, it is advised to quickly observe what's ongoing, Zabbix is the best source of firing triggers for this, and pick the incident that is likely the root cause to <br />
<br />
* Acknowledging an incident on Zabbix will stop Zabbix from calling the First Responder to notify them of the ongoing incident. And stops Zabbix from posting reminders on Zulip.<br />
<br />
==== Determine if incident is still ongoing ====<br />
The next step is to check if the reported problem is still ongoing. Depending on the observations made here your process to follow and steps needed to resolve the incident can change. There are three options:<br />
# The trigger resolved itself and the problem cannot be observed. Example: HTTPS is down for a site, but the FR can access the site through HTTPS without incident.<br />
# The trigger resolved itself and the problem can still be observed.<br />
# The trigger is still firing but the problem cannot be observed: Our triggers might not be perfect, so it could be that something else is causing it to fire. A simple example would be that Zabbix reports that the the DNS for a site can't be resolved, but in reality there's a bug in the script we wrote that checks if the DNS resolves and the DNS resolves fine. Final note: keep in mind that an 'it works on my machine' does not necessarily mean it works for most other people, so depening on the trigger you need to do some evaluations if your tests suffice. <br />
<br />
In order to make sure you are actually trying to observe the same thing as the trigger is looking for, make sure to check the trigger definition and the current data of the associated item(s). Some triggers might fire if one of multiple conditions is met (Such as a trigger that monitors the ping response time firing if the value exceeds a certain threshold, or if no data for a certain period of time was observed).<br />
<br />
Make sure to report your findings in the incident's thread. It's advised to post a screenshot of the relevant item(s) and your own observations. (Continuing the ping example, you would post a screenshot of the relevant values, state your conclusion why the trigger is firing, and your own observations/pings)<br />
<br />
==== Communicate to affected clients ====<br />
If the incident is still ongoing and the service is down, we need to communicate to affected clients that we are aware of the problem and that we are investigating it. This is because critical incident usually mean the service is down, something the clients can notice/are affected by, so we to be transparent that something is going on. There are some additional notes to this though:<br />
* If an incident has already resolved itself and the problem is no longer observable, we don't communicate anything. Doing so might only cause confusion, and since the client has not reported any issues, they have not had a noticeable problem with it themselves.<br />
* Although a critical incident generally means that the client service is down or experiencing reduced service, not all critical incidents are of that nature. Some are more administrative, or are only an issue for Delft Solutions itself. As of writing I don't have an exhaustive list, but here is those I can think of:<br />
** SSH Service is down: We don't have any clients that SSH into their services, so it's generally not a problem. But SSH is mostly used for SRE maintenance and publishing new builds. The SRE maintenance is an internal problem, so no need to communicate to the client. The publishing is done to Kaboom, preventing new builds from being published, and the two SM VM's.<br />
** No backup for x days: Clients don't notice it if a backup is running late, so no need to communicate with clients. Just need to make sure the backup gets completed<br />
** SSL certificate is expiring in < 24 hours: This is a bit dependent on how soon this incident is being handled, but if it handled quickly, the certificate never actually expired, and there has not been any disruption to the client's service, so no need for communicating about it.<br />
* Determining which clients are being affected can be done by looking at the host's DNS in the trigger, and/or looking up the VM in Proxmox and checking the tags of the VM's for client names. In the case that this issue is causing multiple other critical triggers to fire, you would have to check for which clients are affected by those incidents.<br />
* Communicating to DS about ongoing incidents is usually assumed to be automaticly have been done by the fact that the incident was reported on Zulip.<br />
<br />
As always, report the decisions taken and actions maded in the incident thread. (e.g.: I've sent a message in the Slack to let Kaboom know that we aware of problem x, and that we are investigating it)<br />
<br />
==== Communicate plan/next steps + Communicate findings/results of executed plan ====<br />
This is the main part of handling an incident. There are several actions you can take in these steps, but at the basis they consist of sharing your next steps, performing those, and reporting the results. The reason all this needs to be reported is to ensure that all known information about a problem is logged, making it easier for someone else to be onboarded into the issue, for later reference if a similar issue is encountered, and even for use during the incident itself in case an older configuration needs to be referenced after you changed it.<br />
The objective from these steps is determining what is actually wrong and how to resolve it. Depending on the observations made earlier on whether the incident is still ongoing and is (still) observable your investigation can go into different directions. (e.g. Find the underlying cause for a trigger, or determining why the trigger is firing while it likely shouldn't, and then how to resolve that underlying cause or how to update the trigger to work better)<br />
<br />
There are three main types of steps defined, but you are not limited to these:<br />
# Hypothesis: If you have an idea what could be causing it, you would state your hypothesis and your next step would be to prove that hypothesis. For example, for an incident 'SSH service is down on X' your hypothesis could be that this is due to 'MaxStartups' throttling, which can be proven by 'grep'ing journalctl for that, and compare the start and end times of throttling with the timestamps of the item reporting the status of the SSH service.<br />
# Information gathering: Sometimes it just helps to get some facts about the situation collected. What is usefull information that is relevant depends on the triggers, but some examples are: The syslog/journalctl of the host from around the time of the incident (it can contain a reference to the an underlying problem in various levels of explicitness), the ping response from several hosts on the route to a host or a traceroute (this helps with networking issues). The gathered information is usually intended to help you come up with an hypothesis on what's wrong.<br />
# Investigative: The most rigorous of process. The full process is described here originally [https://docs.google.com/document/d/1AQYJM1Q9l2Tyk6zfCVaQ2aEq-dpbfUH5okE88bpKkhw/edit#heading=h.5fq2skijqbdc Drive - Final Coundown - General Investigative Process]. To summarize, when you don't know why something is failing, and/or don't have any decent hypotheses to follow up, you can follow this process to systematicly find the problem.<br />
<br />
Regarding the resolution to an incident: The resolution to any incident is usually one of two things:<br />
# Fix the underlying problem.<br />
# Fix the trigger itself.<br />
Fixing the trigger is relavively straightforward, but do make sure document in the thread what you changed to which trigger.<br />
Fixing the underlying problem can be more complex. A trade-off needs to be made sometimes between resolving technical debt, or simply patching the current system to resolve the issue. We usually look for a resolution that ensures that the problem won't re-occur soon, or makes it unexpected/unlikely for the problem to re-occur. Taking into account the timeframe that is available to resolve the incident you can make some trade-offs. An example would be: normal backups of VM's are failing due to the Proxmox backup server being down/unreachable and it is determined that this cannot be resolved at that moment. We can set up automatic backups to local storage temporary to resolve the immediate problem and ensure we keep our SLO's versus setting up a new Proxmox Backup server at a different location. Since we don't have much time to resolve the problem, the resolution would be to set up the automatic backups to local storage, and set up a new Proxmox Backup Server later as a seperate issue.<br />
<br />
Some know issues and their resolutions:<br />
* SSH service is down: The internet is a vile place. There's constant port scanning and hacking attempts ongoing to any machine connected to the internet (mostly IPv4). Due to this, SSH has a throttling functionality build in to prevent a system from being DDOS'ed by the amount of malicious SSH requests. This throttling can cause the Zabbix server from being denied an SSH connection, of which several failures fire this trigger. This hypothesis can be proven with a `journalctl -u ssh | grep 'MaxStartupsThrottling'` (you probably want to select a relevant time period with `--since "2 hours ago"` or something similar to prevent having to process a month of logging). You can then compare the throttling start and end times with the timestamps of the item data itself. The resolution for the issue is to add our custom ssh configuration [https://chat.dsinternal.net/#narrow/stream/23-SRE---General/topic/DS.20Whitelisted.20Custom.20SSH.20configuration/near/1620 Custom SSH Configuration].<br />
* No backup for 3 days: Are S3 backup is very slow. Not much to prove as an underlying issue here. What needs to be done is check that the backup process is ongoing. The Zabbix latest data can be checked to verify that backups are running by checking that that days backups were done for the smaller buckets. The devteam email can be checked for if the backup process could not start on day due to it already running (it takes 24+ hours, and an attempt to start it is done each day by cron).<br />
* git.* HTTPS is down: On Sunday mostly, Gitlab gets automaticly updated, but this incurs some downtime as the service is restarted. This is usually short enough to not be reported to Zulip as per our settings, but sometimes it's longer. If the service does not stay down, the issue can be just resolved.<br />
<br />
==== Resolve incident + cleanup ====<br />
When you've executed and verified the resolution in the previous steps we can proceed resolving the issue in our Mattermost integration. Resolving an incident can be done by doing the following:<br />
# Verify that the trigger is no longer firing. An incident will be immediatly re-opened if the trigger is still firing, and the incident cannot be considered resolved if the trigger is still firing. If the trigger is still firing but you're sure that you've resolved the problem, you might need to force the item the trigger depends on to update. This can be done by finding the item in the host's configuration on Zabbix and selecting 'Execute Now', after a short period this should force Zabbix to re-execute the item. You can check the timestamps in the latest data of an item to check if it was updated.<br />
# Close the incident by marking the topic as resolved, when there are no other triggers firing for the host.<br />
<br />
Unfortunatly, some problems cause multiple critical and non-critical triggers to fire. This means we have to check Zabbix and Zulip for other fired triggers and ongoing incidents. The goal is to identify critical and non-critical incidents that were caused by the incident/underlying issue you just resolved.<br />
# First, these incidents need to be acknowledged on Zabbix, and in the acknowledgement message you mention the incident/problem that caused this.<br />
# Next, check the incident tracked by the integration on Mattermost using the `?ongoing` command. Resolve incidents that were (re-)opened by this incident by executing the following steps. If the first two fail (problem still persists, trigger is still firing), the incident needs to considered it's own issue and the relevant process needs to be followed (critical or non-critical depending on criticality).<br />
## Ensuring the mentioned problem is no longer observable<br />
## The trigger has resolved (You might need to force an update with `Execute Now`).<br />
## Posting a link to the main incident you resolved with the comment that the underlying problem was resolved in that topic.<br />
## Closing the incident by marking the topic as resolved, when there are no other triggers firing for the host.<br />
<br />
When you are done, there should be no more critical triggers firing in Zabbix or open in the Zabbix-Mattermost intergration, for which no-one has taken responsibility or you have taken responsibility for and are not actively handling.<br />
<br />
===Additional context===<br />
* Critical incidents are posted in [https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical '''SLA - Critical'''].<br />
* <s>When it is being tracked on GitLab a heavy check mark is added to the message.</s><br />
* <s>Responses on the thread and on GitLab are automatically synced (to some extend)</s><br />
* <s>When you reply with '''I agree that this has been fully resolved''' eventually our Zabbix-Mattermost integration will pick this up and a green check mark is added to the message.</s><br />
<br />
== Non-Critical incidents ==<br />
* Non-critical incidents are acknowledged within 9 hours and resolved within one week.<br />
<br />
=== Acknowledging ===<br />
Fully acknowledging a non-critical incident requires the following tasks to have been completed:<br />
* Acknowledging the incident on Zabbix<br />
* Add the non-critical incident as a milestone in the metrics sheet<br />
** Start date is the date of the incident<br />
** DoD states what needs to be true for the non-critical incident to be consider resolved<br />
* Add the non-critical incident to Lynx as a project<br />
** Tasks need to be added<br />
** Final tasks needs to have the SLO deadline set as 'contraint'<br />
** Project priority is set to 20 (as a default)<br />
** The tasks are estimated for SP<br />
* The Lynx project ID is reported in the non-critical incident's topic on Zulip<br />
* A Kimai activity is created in Kimai for the non-critical incident<br />
<br />
Checklist (outdated)<br />
# Acknowledge on Zabbix and state who is responsible for resolving this in the description<br />
# Communicate plan/next steps (even if that is gathering information)<br />
# Communicate findings/results of executed plan, go back to previous step if not resolved<br />
# If there is no resolution to the incident, evaluate if the trigger needs updating/disabling<br />
# Resolve incident<br />
<br />
== Informational incidents ==<br />
* Informational incidents are acknowledged within 72 hours<br />
<br />
Checklist<br />
# Acknowledge on Zabbix<br />
# Sanity check the event, post result in thread<br />
# If action needed, perform action<br />
<br />
== If an incident is reported by other means than the Zabbix-Zulip intergration ==<br />
# Acknowledge receipt.<br />
# Classify the incident as critical, non-critical, or informational.<br />
# Create an topic in the relevant SRE channel, stating the problem and that you is responsible for resolving it.<br />
# Proceed to treat the incident according to the criticality you just classified it as. (So for a critical incident, it means you now start the critical incident handling process)<br />
<br />
== Handover ==<br />
When handing over the responsibility of '''first responder''' (FR), the following needs to happen:<br />
* The handover can be initiated by both the upcoming FR or the acting FR<br />
* Acting FR adds the upcoming FR the the IPA sla-first-responder user group and enables Zabbix calling for that the upcoming FR if they have that set by going to Zabbix > Configuration > Actions > [https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0# Trigger actions]<br />
* The upcoming FR makes sure they are aware of the state of the SLA and knows what questions they wants to ask the acting FR.<br />
* The upcoming FR makes sure they are subscribed to the right channels.<br />
<br />
The following steps can be done async or in person:<br />
* The acting FR announces/informs the upcoming FR has been added to the sla-first-responder group (In Zulip's [https://chat.dsinternal.net/#narrow/stream/13-Organisational Organisational channel] if asynq).<br />
* If the acting FR wants to hand over responsibility for any ongoing incident they also state which incidents they want the upcoming FR to take over.<br />
* If there are any particularities the upcoming FR needs to be aware of, those are shared.<br />
* The upcoming FR asks their questions until they are satisfied and able to take over the FR<br />
* The upcoming FR ensures they are subscribed to the following channels on Zulip: [https://chat.dsinternal.net/#narrow/stream/23-SRE---General SRE - General], [https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical SRE # Critical] and if part of the SRE team [https://chat.dsinternal.net/#streams/4/SRE%20##%20Non-critical SRE ## Non-Critical] and [https://chat.dsinternal.net/#streams/5/SRE%20###%20Informational SRE ### Informational].<br />
* The upcoming FR announces/informs that they are now the acting FR over Zulip's [https://chat.dsinternal.net/#narrow/stream/13-Organisational Organisational channel]<br />
* The now acting FR removes the previous FR from IPA the sla-first-responder user group and disables Zabbix calling for the previous FR if they had that enabled by going to Zabbix > Configuration > Actions > [https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0# Trigger actions]<br />
<br />
===Checklist for Handing Over First Responder (FR) Responsibilities===<br />
<br />
When transferring the role of First Responder (FR), follow these steps:<br />
<br />
1. Initiate the Handover:<br />
- Acting FR or Upcoming FR*: Initiate the handover process.<br />
<br />
2. Add Upcoming FR to User Group and Enable Zabbix Calling:<br />
- Acting FR:<br />
- Add the upcoming FR to the IPA `sla-first-responder` user group.<br />
- Enable Zabbix calling for the upcoming FR (if applicable) by navigating to:<br />
- Zabbix> Configuration > Actions > [Trigger actions](https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0#).<br />
<br />
3. Announce Addition to User Group:<br />
- Acting FR:<br />
- Inform the upcoming FR that they have been added to the `sla-first-responder` group.<br />
- If communicating asynchronously, announce this in Zulip's [Organisational channel](https://chat.dsinternal.net/#narrow/stream/13-Organisational).<br />
<br />
4. Communicate Ongoing Incidents and Particularities:<br />
- Acting FR:<br />
- Share details of any ongoing incidents to be handed over.<br />
- Inform the upcoming FR of any specific details they need to be aware of.<br />
<br />
5. Review SLA State and Prepare Questions:<br />
- Upcoming FR:<br />
- Familiarize yourself with the current state of the SLA.<br />
- Prepare any questions for the acting FR.<br />
<br />
6. Clarify and Confirm Understanding:<br />
- Upcoming FR:<br />
- Ask all necessary questions until you are confident in taking over the FR role.<br />
<br />
7. Subscribe to Relevant Zulip Channels:<br />
- Upcoming FR:<br />
- Subscribe to the following channels:<br />
- [SRE - General](https://chat.dsinternal.net/#narrow/stream/23-SRE---General)<br />
- [SRE # Critical](https://chat.dsinternal.net/#narrow/stream/24-SRE-.23-Critical)<br />
- If part of the SRE team, also subscribe to:<br />
- [SRE ## Non-Critical](https://chat.dsinternal.net/#streams/4/SRE%20##%20Non-critical)<br />
- [SRE ### Informational](https://chat.dsinternal.net/#streams/5/SRE%20###%20Informational)<br />
<br />
8. Announce Acceptance of FR Role:<br />
- Upcoming FR (now Acting FR):<br />
- Announce that you are now the acting FR in Zulip's [Organisational channel](https://chat.dsinternal.net/#narrow/stream/13-Organisational).<br />
<br />
9. Remove Previous FR from User Group and Disable Zabbix Calling:<br />
- Now Acting FR:<br />
- Remove the previous FR from the IPA `sla-first-responder` user group.<br />
- Disable Zabbix calling for the previous FR by navigating to:<br />
- Zabbix> Configuration > Actions > [Trigger actions](https://status.delftinfra.net/zabbix/actionconf.php?eventsource=0#).<br />
- Ensure the previous FR's phone number is disabled in Zabbix calling settings.<br />
<br />
10. Confirm Completion of Handover:<br />
- Now Acting FR:<br />
- Verify that all steps have been completed and the handover is fully executed.</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Starting_work_for_a_new_client&diff=354Starting work for a new client2024-06-28T19:16:51Z<p>Thexa4: /* Getting agreement from the client */</p>
<hr />
<div>== Creating proposal ==<br />
# Write down document<br />
# Get Max or DJ to sign-off<br />
# Send proposal to client<br />
<br />
== Getting agreement from the client==<br />
# Get the client to agree to the proposal. We require agreement in writing digitally. (Docusign)<br />
<br />
== Administrative ==<br />
⚠️ Do not start work on a client without agreement, as mentioned above. <br />
<br />
# Create a client entry in time-tracking<br />
# Create the project activities in the client in time-tracking.<br />
# Add the client and project in the metrics sheet<br />
# Add the expected invoices as sales opportunities in Exact</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Starting_work_for_a_new_client&diff=353Starting work for a new client2024-06-28T13:17:40Z<p>Thexa4: /* Administrative */</p>
<hr />
<div>== Creating proposal ==<br />
# Write down document<br />
# Get Max or DJ to sign-off<br />
# Send proposal to client<br />
<br />
== Getting agreement from the client==<br />
# Get the client to agree to the proposal. We require agreement in writing digitally. <br />
<br />
== Administrative ==<br />
⚠️ Do not start work on a client without agreement, as mentioned above. <br />
<br />
# Create a client entry in time-tracking<br />
# Create the project activities in the client in time-tracking.<br />
# Add the client and project in the metrics sheet<br />
# Add the expected invoices as sales opportunities in Exact</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=341Enroll Mac in Kerberos2024-06-20T12:37:16Z<p>Thexa4: </p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/laptop.key -out ~/Library/IPA/laptop.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = KDCs_PKINIT_Certs<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/laptop.crt<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
pkinit_identity = FILE:/Users/<username>/Library/IPA/laptop.crt,/Users/<username>/Library/IPA/laptop.key<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=340Enroll Mac in Kerberos2024-06-20T12:36:27Z<p>Thexa4: </p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents<br />
# Download the ca.crt from the debian-delftsolutions-auth repository and place it in /etc/ipa/ca.crt<br />
# As your normal user, create the certificates folder: mkdir ~/Library/IPA; chmod 700 ~/Library/IPA<br />
# Create a certificate request, entering your username for the Common Name and a single dot for the other fields: openssl req -newkey rsa:4096 -nodes -keyout ~/Library/IPA/laptop.key -out ~/Library/IPA/laptop.csr<br />
# Go to your user in IPA<br />
# Click on Actions > New Certificate<br />
# CA = ipa<br />
# Profile ID = KDCs_PKINIT_Certs<br />
# Paste the contents of this command into the big textfield: cat ~/Library/IPA/laptop.csr<br />
# Request the certificate<br />
# Store the resulting certificate in ~/Library/IPA/laptop.crt<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
pkinit_identity = FILE:/etc/ipa/pkinit.crt,/etc/ipa/pkinit.key<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=339Enroll Mac in Kerberos2024-06-20T11:58:48Z<p>Thexa4: /* krb5.conf */</p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents<br />
<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
pkinit_identity = FILE:/etc/ipa/max.crt,/etc/ipa/max.key<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=338Enroll Mac in Kerberos2024-06-20T11:58:04Z<p>Thexa4: </p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022<br />
# Ensure /etc/krb5.conf file has the correct contents<br />
<br />
<br />
== krb5.conf ==<br />
<pre><br />
[libdefaults]<br />
default_realm = DELFTSOLUTIONS.NL<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
fcc-mit-ticketflags = true<br />
ticket_lifetime = 24h<br />
<br />
[appdefaults]<br />
pkinit_anchors = FILE:/etc/ipa/ca.crt<br />
<br />
[realms]<br />
DELFTSOLUTIONS.NL = {<br />
default_domain = delftsolutions.nl<br />
pkinit_identity = FILE:/etc/ipa/max.crt,/etc/ipa/max.key<br />
}<br />
<br />
[domain_realm]<br />
.delftsolutions.nl = DELFTSOLUTIONS.NL<br />
delftsolutions.nl = DELFTSOLUTIONS.NL<br />
</pre></div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=337Enroll Mac in Kerberos2024-06-20T11:56:30Z<p>Thexa4: Protected "Enroll Mac in Kerberos": Security ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))</p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Enroll_Mac_in_Kerberos&diff=336Enroll Mac in Kerberos2024-06-20T11:56:07Z<p>Thexa4: Created page with "# Create host on IPA # Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE"; # On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022"</p>
<hr />
<div># Create host on IPA<br />
# Create a keytab on an enrolled host: TMPFILE="$(mktemp -u)"; ipa-getkeytab -s ipa.delftsolutions.nl -p host/<hostname> -k "$TMPFILE"; base64 -w0 "$TMPFILE" && echo; rm -f "$TMPFILE";<br />
# On the mac as root, create the keytab: umask 026; base64 -D >/etc/krb5.keytab <<<"<key>"; umask 022</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Internal&diff=333Internal2024-06-20T10:22:17Z<p>Thexa4: /* SRE */</p>
<hr />
<div>== Finance ==<br />
<br />
=== Exact ===<br />
<br />
* [[booking bonus|Booking bonus]]<br />
* [[booking wages|Booking wages]]<br />
* [[new receipt|Enter a new receipt]]<br />
* [[reconciliation|Reconciliation of transaction]]<br />
* [[invoicing|Send an invoice]]<br />
* [[payment reminders|Send payment reminder]]<br />
* [[invoice approval|Process for approving invoices (/filed receipts)]]<br />
<br />
=== Bunq ===<br />
<br />
* [[top up account|Top up expense account]]<br />
<br />
== Work Process ==<br />
<br />
* [[Definition of done|Definition of Done]]<br />
* [[Incident Handling|Incident Handling]]<br />
* [[SRE Maintenance|SRE Maintenance]]<br />
<br />
== Internal Process ==<br />
<br />
* [[12 percent|12% time]]<br />
* [[Annual leave|Annual leave]]<br />
* [[Bonus allocation|Bonus allocation]]<br />
* [[Calamity leave|Calamity leave]]<br />
* [[Overtime|Overtime]]<br />
* [[Retrospectives|Retrospectives]]<br />
* [[Sick leave|Sick leave]]<br />
* [[Training and self-study|Training and Self-Study]]<br />
<br />
== Projects ==<br />
<br />
* Era Inventory [[project_era_inventory_api|API Description]]<br />
<br />
== SRE ==<br />
<br />
''To be further populated with guide from drive''<br />
* [[create gitlab runner host|Create a GitLab runner host]]<br />
* [[vm setup|Create a (Debian) VM]]<br />
* [[border reboot|Reboot border without downtime]]<br />
* [[WS Proxmox node reboot|Reboot WS Proxmox node without downtime]]<br />
* [[Resize VM Disk]]<br />
* [[SRE tools]]<br />
* [[Enroll Mac in Kerberos]]<br />
<br />
== Other ==<br />
<br />
* [[stack|Greenfield stack]]<br />
* [[standard tools|Standard Tools]]<br />
* [[list of unfurl debuggers|List of unfurl debuggers]]<br />
* [[Recommended suppliers]]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=318SRE tools2024-05-28T17:09:30Z<p>Thexa4: </p>
<hr />
<div>* [https://www.asterisk.org/community/documentation/ Asterisk]<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* [https://www.freeipa.org/page/Documentation FreeIPA]<br />
* [https://howhttps.works/ HTTPS/TLS]<br />
* [https://web.mit.edu/kerberos/www/krb5-latest/doc/ Kerberos]<br />
* [https://www.keycloak.org/documentation Keycloak]<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* [https://netboxlabs.com/docs/netbox/en/stable/ Netbox]<br />
* [https://nginx.org/en/docs/ Nginx]<br />
* [https://pve.proxmox.com/pve-docs/ Proxmox]<br />
* [https://pbs.proxmox.com/docs/ Proxmox Backup Server]<br />
* [https://www.zabbix.com/manuals Zabbix]<br />
* [https://zulip.com/help/ Zulip]<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=317SRE tools2024-05-28T17:09:23Z<p>Thexa4: </p>
<hr />
<div>* [https://www.asterisk.org/community/documentation/ Asterisk]<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* [https://www.freeipa.org/page/Documentation FreeIPA]<br />
* [https://howhttps.works/ HTTPS/TLS]<br />
* [https://web.mit.edu/kerberos/www/krb5-latest/doc/ Kerberos]<br />
* [https://www.keycloak.org/documentation Keycloak]<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* [https://netboxlabs.com/docs/netbox/en/stable/ Netbox]<br />
* [https://nginx.org/en/docs/ Nginx]<br />
* [https://pve.proxmox.com/pve-docs/ Proxmox]<br />
* [https://pbs.proxmox.com/docs/ Proxmox Backup Server]<br />
* [https://www.zabbix.com/manuals Zabbix]<br />
* [https://zulip.com/help/ Zulip]<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]<br />
<br />
test</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=316SRE tools2024-05-28T17:09:15Z<p>Thexa4: </p>
<hr />
<div>* [https://www.asterisk.org/community/documentation/ Asterisk]<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* [https://www.freeipa.org/page/Documentation FreeIPA]<br />
* [https://howhttps.works/ HTTPS/TLS]<br />
* [https://web.mit.edu/kerberos/www/krb5-latest/doc/ Kerberos]<br />
* [https://www.keycloak.org/documentation Keycloak]<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* [https://netboxlabs.com/docs/netbox/en/stable/ Netbox]<br />
* [https://nginx.org/en/docs/ Nginx]<br />
* [https://pve.proxmox.com/pve-docs/ Proxmox]<br />
* [https://pbs.proxmox.com/docs/ Proxmox Backup Server]<br />
* [https://www.zabbix.com/manuals Zabbix]<br />
* [https://zulip.com/help/ Zulip]<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=315SRE tools2024-05-28T17:08:34Z<p>Thexa4: </p>
<hr />
<div>* [https://www.asterisk.org/community/documentation/ Asterisk]<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* [https://www.freeipa.org/page/Documentation FreeIPA]<br />
* HTTPS/TLS<br />
* [https://web.mit.edu/kerberos/www/krb5-latest/doc/ Kerberos]<br />
* [https://www.keycloak.org/documentation Keycloak]<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* [https://netboxlabs.com/docs/netbox/en/stable/ Netbox]<br />
* [https://nginx.org/en/docs/ Nginx]<br />
* [https://pve.proxmox.com/pve-docs/ Proxmox]<br />
* [https://pbs.proxmox.com/docs/ Proxmox Backup Server]<br />
* [https://www.zabbix.com/manuals Zabbix]<br />
* [https://zulip.com/help/ Zulip]<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=314SRE tools2024-05-28T17:07:07Z<p>Thexa4: </p>
<hr />
<div>* [https://www.asterisk.org/community/documentation/ Asterisk]<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* [https://www.freeipa.org/page/Documentation FreeIPA]<br />
* HTTPS/TLS<br />
* [https://web.mit.edu/kerberos/www/krb5-latest/doc/ Kerberos]<br />
* Keycloak<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=313SRE tools2024-05-28T17:05:25Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* [https://www.gnu.org/software/make/manual/make.html Make]<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=312SRE tools2024-05-28T17:04:56Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* [https://manpages.debian.org/unstable/ldap-utils/ldapsearch.1.en.html LDAP]<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=311SRE tools2024-05-28T17:04:25Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* [https://docs.ceph.com/en/latest/ Ceph]<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=310SRE tools2024-05-28T17:03:54Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* Ceph<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=309SRE tools2024-05-28T17:03:49Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* Ceph<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
== References you want to know exist ==<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=308SRE tools2024-05-28T17:03:31Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* Ceph<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
' References you want to know exist<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=307SRE tools2024-05-28T17:03:21Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* [https://www.gnu.org/software/bash/manual/bash.html Bash]<br />
* Ceph<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip<br />
<br />
" References you want to know exist<br />
* [https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Filesystem Hierarchy Standard]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=305SRE tools2024-05-28T17:02:22Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* Bash<br />
* Ceph<br />
* [https://www.debian.org/doc/manuals/debian-handbook/ Debian]<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=304SRE tools2024-05-28T17:01:05Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* Bash<br />
* Ceph<br />
* Debian<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Proxmox Backup Server<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=303SRE tools2024-05-28T17:00:30Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* Bash<br />
* Ceph<br />
* Debian<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=302SRE tools2024-05-28T16:59:50Z<p>Thexa4: </p>
<hr />
<div>* Asterisk<br />
* Ceph<br />
* Debian<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* Make<br />
* Netbox<br />
* Nginx<br />
* Proxmox<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=301SRE tools2024-05-28T16:59:21Z<p>Thexa4: </p>
<hr />
<div>* Ceph<br />
* Debian<br />
* [https://www.debian.org/doc/manuals/maint-guide/ Debian packaging]<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* MAKE<br />
* Netbox<br />
* Proxmox<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=SRE_tools&diff=300SRE tools2024-05-28T16:58:42Z<p>Thexa4: </p>
<hr />
<div>* Ceph<br />
* Debian<br />
* [Debian packaging](https://www.debian.org/doc/manuals/maint-guide/)<br />
* FreeIPA<br />
* HTTPS/TLS<br />
* Kerberos<br />
* Keycloak<br />
* LDAP<br />
* MAKE<br />
* Netbox<br />
* Proxmox<br />
* Zabbix<br />
* Zulip</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Incident_Handling&diff=151Incident Handling2023-01-18T14:31:33Z<p>Thexa4: Created page with "* Critical incidents are resolved within 16 hours. * Non-critical incidents are diagnosed within 9 hours and resolved within one week."</p>
<hr />
<div>* Critical incidents are resolved within 16 hours.<br />
* Non-critical incidents are diagnosed within 9 hours and resolved within one week.</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Definition_of_done&diff=149Definition of done2021-03-05T14:00:17Z<p>Thexa4: /* Non-Functional Requirements */</p>
<hr />
<div>At Delft Solutions we aim to have a shared understanding what it takes to release an incremental update to one of our projects. Having a shared understanding of what it means to call something **done** also means we don't have to ask "But is it _really_ done?" or "Hey you said it was done but I don't see it, where is it?".<br />
<br />
== Functional Requirements ==<br />
<br />
These are the ''business'' requirements that emerge through conversation about a particular issue or feature, as well as the requirements listed in the issue (acceptance criteria). <br />
<br />
== Quality ==<br />
<br />
In order to keep the code maintainable and relatively bug-free, as well as broaden the amount of people that know about a certain feature's implementation, we expect PRs to be peer-reviewed and senior-reviewed (someone senior to the project, or, if not available, senior in the company).<br />
<br />
Any automated analysis that runs on a project should also be without errors. When there are warnings, it should be explained ''why'' the warning isn't resolved. Yes, some of this tooling sometimes gets it wrong, but overall they make the code more consistent in style, and it often prevents a lot of common issues.<br />
<br />
The code must be tested. This can be a manual test or an automated test. If changes are made after the test has been performed, the test '''must''' be performed again.<br />
<br />
== Non-Functional Requirements ==<br />
<br />
* We make things better, not worse<br />
* Build errors and warnings must be solved or explained (and accepted)<br />
* Existing tests passed<br />
* Peer code review passed<br />
* Deployed (if applicable)</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Main_Page&diff=145Main Page2021-01-19T14:05:51Z<p>Thexa4: </p>
<hr />
<div>This wiki contains our [[API Guidelines | guidelines]] for designing and implementing [[HATEOAS API | HATEOAS APIs]].<br />
<br />
Feel free to add [[Error | error documentation]] on this wiki. [[Special:CreateAccount | Registration]] is free.<br />
<br />
If you're a [https://www.delftsolutions.nl Delft Solutions] employee you might be interested in our [[Internal|Internal pages]].<br />
<br />
* [[Media-Types Validation (Ruby)]]<br />
* [[Media-Types Serialization (Ruby)]]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Ruby-media-types&diff=144Ruby-media-types2021-01-19T14:05:28Z<p>Thexa4: Changed redirect target from Media-Types Validatoin (Ruby) to Media-Types Validation (Ruby)</p>
<hr />
<div>#REDIRECT [[Media-Types Validation (Ruby)]]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Media-Types_Validatoin_(Ruby)&diff=143Media-Types Validatoin (Ruby)2021-01-19T14:05:23Z<p>Thexa4: Thexa4 moved page Media-Types Validatoin (Ruby) to Media-Types Validation (Ruby)</p>
<hr />
<div>#REDIRECT [[Media-Types Validation (Ruby)]]</div>Thexa4https://docs.delftsolutions.nl/index.php?title=Media-Types_Validation_(Ruby)&diff=142Media-Types Validation (Ruby)2021-01-19T14:05:19Z<p>Thexa4: Thexa4 moved page Media-Types Validatoin (Ruby) to Media-Types Validation (Ruby)</p>
<hr />
<div>The repository for the <code>media_types</code> [https://rubygems.org/gems/media_types gem] currently lives at GitHub: <code>[https://github.com/SleeplessByte/media-types-ruby sleeplessbyte/media-types-ruby]</code>.<br />
<br />
= MediaTypes =<br />
<br />
Media Types based on scheme, with versioning, views, suffixes and validations.<br />
<br />
This library makes it easy to define schemas that can be used to validate JSON objects based on their Content-Type.<br />
<br />
== Installation ==<br />
<br />
Add this line to your application’s Gemfile:<br />
<br />
<syntaxhighlight lang="ruby">gem 'media_types'</syntaxhighlight><br />
And then execute:<br />
<br />
<pre>$ bundle</pre><br />
Or install it yourself as:<br />
<br />
<pre>$ gem install media_types</pre><br />
== Usage ==<br />
<br />
Define a validation:<br />
<br />
<syntaxhighlight lang="ruby">require 'media_types'<br />
<br />
module Acme<br />
MediaTypes::set_organisation Acme, 'acme'<br />
<br />
class FooValidator<br />
include MediaTypes::Dsl<br />
<br />
use_name 'foo'<br />
<br />
validations do<br />
attribute :foo, String<br />
end<br />
end<br />
end</syntaxhighlight><br />
<br />
Validate an object:<br />
<br />
<syntaxhighlight lang="ruby">Acme::FooValidator.validate!({ foo: 'bar' })</syntaxhighlight><br />
<br />
== Full example ==<br />
<br />
<syntaxhighlight lang="ruby">require 'media_types'<br />
<br />
class Venue<br />
include MediaTypes::Dsl<br />
<br />
def self.organisation<br />
'mydomain'<br />
end<br />
<br />
use_name 'venue'<br />
<br />
validations do<br />
version 2 do<br />
attribute :name, String<br />
collection :location do<br />
attribute :latitude, Numeric<br />
attribute :longitude, Numeric<br />
attribute :altitude, AllowNil(Numeric)<br />
end<br />
<br />
link :self<br />
link :route, allow_nil: true<br />
end<br />
<br />
version 1 do<br />
attribute :name, String<br />
attribute :coords, String<br />
attribute :updated_at, String<br />
<br />
link :self<br />
end<br />
<br />
view 'create' do<br />
collection :location do<br />
attribute :latitude, Numeric<br />
attribute :longitude, Numeric<br />
attribute :altitude, AllowNil(Numeric)<br />
end<br />
<br />
version 1 do<br />
collection :location do<br />
attribute :latitude, Numeric<br />
attribute :longitude, Numeric<br />
attribute :altitude, AllowNil(Numeric)<br />
end<br />
end<br />
end<br />
end<br />
end</syntaxhighlight><br />
<br />
== Schema Definitions ==<br />
<br />
If you include ‘MediaTypes::Dsl’ in your class you can use the following functions within a <code>validation do</code> block to define your schema:<br />
<br />
=== <code>attribute</code> ===<br />
<br />
Adds an attribute to the schema, if a +block+ is given, uses that to test against instead of +type+<br />
<br />
{| class="wikitable"<br />
!width="26%"| param<br />
!width="23%"| type<br />
!width="50%"| description<br />
|-<br />
| key<br />
| <code>Symbol</code><br />
| the attribute name<br />
|-<br />
| opts<br />
| <code>Hash</code><br />
| options to pass to <code>Scheme</code> or <code>Attribute</code><br />
|-<br />
| type<br />
| <code>Class</code>, <code>===</code>, Scheme<br />
| The type of the value, can be anything that responds to <code>===</code>, or scheme to use if no <code>&amp;block</code> is given. Defaults to <code>Object</code> without a <code>&amp;block</code> and to Hash with a <code>&amp;block</code>.<br />
|-<br />
| optional:<br />
| <code>TrueClass</code>, <code>FalseClass</code><br />
| if true, key may be absent, defaults to <code>false</code><br />
|-<br />
| &amp;block<br />
| <code>Block</code><br />
| defines the scheme of the value of this attribute<br />
|}<br />
<br />
==== Add an attribute named foo, expecting a string ====<br />
<br />
<syntaxhighlight lang="ruby">require 'media_types'<br />
<br />
class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
attribute :foo, String<br />
end<br />
end<br />
<br />
MyMedia.valid?({ foo: 'my-string' })<br />
# => true</syntaxhighlight><br />
<br />
==== Add an attribute named foo, expecting nested scheme ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
attribute :foo do<br />
attribute :bar, String<br />
end<br />
end<br />
end<br />
<br />
MyMedia.valid?({ foo: { bar: 'my-string' }})<br />
# => true</syntaxhighlight><br />
<br />
=== <code>any</code> ===<br />
<br />
Allow for any key. The <code>&amp;block</code> defines the Schema for each value.<br />
<br />
{| class="wikitable"<br />
!width="26%"| param<br />
!width="23%"| type<br />
!width="50%"| description<br />
|-<br />
| scheme<br />
| <code>Scheme</code>, <code>NilClass</code><br />
| scheme to use if no <code>&amp;block</code> is given<br />
|-<br />
| allow_empty:<br />
| <code>TrueClass</code>, <code>FalsClass</code><br />
| if true, empty (no key/value present) is allowed<br />
|-<br />
| expected_type:<br />
| <code>Class</code>,<br />
| forces the validated value to have this type, defaults to <code>Hash</code>. Use <code>Object</code> if either <code>Hash</code> or <code>Array</code> is fine<br />
|-<br />
| &amp;block<br />
| <code>Block</code><br />
| defines the scheme of the value of this attribute<br />
|}<br />
<br />
==== Add a collection named foo, expecting any key with a defined value ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
collection :foo do<br />
any do<br />
attribute :bar, String<br />
end<br />
end<br />
end<br />
end<br />
<br />
MyMedia.valid?({ foo: [{ anything: { bar: 'my-string' }, other_thing: { bar: 'other-string' } }] })<br />
# => true</syntaxhighlight><br />
<br />
=== <code>not_strict</code> ===<br />
<br />
Allow for extra keys in the schema/collection even when passing <code>strict: true</code> to <code>#validate!</code><br />
<br />
==== Allow for extra keys in collection ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
collection :foo do<br />
attribute :required, String<br />
not_strict<br />
end<br />
end<br />
end<br />
<br />
MyMedia.valid?({ foo: [{ required: 'test', bar: 42 }] })<br />
# => true</syntaxhighlight><br />
<br />
=== <code>collection</code> ===<br />
<br />
Expect a collection such as an array or hash. The <code>&amp;block</code> defines the Schema for each item in that collection.<br />
<br />
{| class="wikitable"<br />
!width="26%"| param<br />
!width="23%"| type<br />
!width="50%"| description<br />
|-<br />
| key<br />
| <code>Symbol</code><br />
| key of the collection (same as <code>#attribute</code>)<br />
|-<br />
| scheme<br />
| <code>Scheme</code>, <code>NilClass</code>, <code>Class</code><br />
| scheme to use if no <code>&amp;block</code> is given or <code>Class</code> of each item in the<br />
|-<br />
| allow_empty:<br />
| <code>TrueClass</code>, <code>FalseClass</code><br />
| if true, empty (no key/value present) is allowed<br />
|-<br />
| expected_type:<br />
| <code>Class</code>,<br />
| forces the validated value to have this type, defaults to <code>Array</code>. Use <code>Object</code> if either <code>Array</code> or <code>Hash</code> is fine.<br />
|-<br />
| optional:<br />
| <code>TrueClass</code>, <code>FalseClass</code><br />
| if true, key may be absent, defaults to <code>false</code><br />
|-<br />
| &amp;block<br />
| <code>Block</code><br />
| defines the scheme of the value of this attribute<br />
|}<br />
<br />
==== Collection with an array of string ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
collection :foo, String<br />
end<br />
end<br />
<br />
MyMedia.valid?({ collection: ['foo', 'bar'] })<br />
# => true</syntaxhighlight><br />
<br />
==== Collection with defined scheme ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
collection :foo do<br />
attribute :required, String<br />
attribute :number, Numeric<br />
end<br />
end<br />
end<br />
<br />
MyMedia.valid?({ foo: [{ required: 'test', number: 42 }, { required: 'other', number: 0 }] })<br />
# => true</syntaxhighlight><br />
<br />
=== <code>link</code> ===<br />
<br />
Expect a link with a required <code>href: String</code> attribute<br />
<br />
{| class="wikitable"<br />
!width="26%"| param<br />
!width="23%"| type<br />
!width="50%"| description<br />
|-<br />
| key<br />
| <code>Symbol</code><br />
| key of the link (same as <code>#attribute</code>)<br />
|-<br />
| allow_nil:<br />
| <code>TrueClass</code>, <code>FalseClass</code><br />
| if true, value may be nil<br />
|-<br />
| optional:<br />
| <code>TrueClass</code>, <code>FalseClass</code><br />
| if true, key may be absent, defaults to <code>false</code><br />
|-<br />
| &amp;block<br />
| <code>Block</code><br />
| defines the scheme of the value of this attribute, in addition to the <code>href</code> attribute<br />
|}<br />
<br />
==== Links as defined in HAL, JSON-Links and other specs ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
link :_self<br />
link :image<br />
end<br />
end<br />
<br />
MyMedia.valid?({ _links: { self: { href: 'https://example.org/s' }, image: { href: 'https://image.org/i' }} })<br />
# => true</syntaxhighlight><br />
<br />
==== Link with extra attributes ====<br />
<br />
<syntaxhighlight lang="ruby">class MyMedia<br />
include MediaTypes::Dsl<br />
<br />
validations do<br />
link :image do<br />
attribute :templated, TrueClass<br />
end<br />
end<br />
end<br />
<br />
MyMedia.valid?({ _links: { image: { href: 'https://image.org/{md5}', templated: true }} })<br />
# => true</syntaxhighlight><br />
<br />
== Validation ==<br />
<br />
If your type has a validations, you can now use this media type for validation:<br />
<br />
<syntaxhighlight lang="ruby">Venue.valid?({<br />
#...<br />
})<br />
# => true if valid, false otherwise<br />
<br />
Venue.validate!({<br />
# /*...*/ <br />
})<br />
# => raises if it's not valid</syntaxhighlight><br />
<br />
If an array is passed, check the scheme for each value, unless the scheme is defined as expecting a hash: <br />
<br />
<syntaxhighlight lang="ruby">expected_hash = Scheme.new(expected_type: Hash) { attribute(:foo) } expected_object = Scheme.new { attribute(:foo) }<br />
<br />
expected_hash.valid?({ foo: ‘string’ }) # =&gt; true<br />
<br />
expected_hash.valid?([{ foo: ‘string’ }]) # =&gt; false<br />
<br />
expected_object.valid?({ foo: ‘string’ }) # =&gt; true<br />
<br />
expected_object.valid?([{ foo: ‘string’ }]</syntaxhighlight><br />
<br />
== API ==<br />
<br />
A defined schema has the following functions available:<br />
<br />
=== <code>valid?</code> ===<br />
<br />
Example: <code>Venue.valid?({ foo: 'bar' })</code><br />
<br />
Allows passing in validation options as a second parameter.<br />
<br />
=== <code>validate!</code> ===<br />
<br />
Example: <code>Venue.validate!({ foo: 'bar' })</code><br />
<br />
Allows passing in validation options as a second parameter.<br />
<br />
=== <code>validatable?</code> ===<br />
<br />
Example: <code>Venue.version(42).validatable?</code><br />
<br />
Tests wether the current configuration of the schema has a validation defined.<br />
<br />
=== <code>register</code> ===<br />
<br />
Example: <code>Venue.register</code><br />
<br />
Registers the media type to the registry.<br />
<br />
=== <code>view</code> ===<br />
<br />
Example: <code>Venue.view('create')</code><br />
<br />
Returns a schema validator configured with the specified view.<br />
<br />
=== <code>version</code> ===<br />
<br />
Example: <code>Venue.version(42)</code><br />
<br />
Returns a schema validator configured with the specified version.<br />
<br />
=== <code>suffix</code> ===<br />
<br />
Example: <code>Venue.suffix(:json)</code><br />
<br />
Returns a schema validator configured with the specified suffix.<br />
<br />
=== <code>identifier</code> ===<br />
<br />
Example: <code>Venue.version(2).identifier</code> (returns <code>'application/vnd.application.venue.v2'</code>)<br />
<br />
Returns the IANA compatible [https://en.wikipedia.org/wiki/Media_type Media Type Identifier] for the configured schema.<br />
<br />
=== <code>available_validations</code> ===<br />
<br />
Example: <code>Venue.available_validations</code><br />
<br />
Returns a list of all the schemas that are defined.<br />
<br />
== Related ==<br />
<br />
* [https://github.com/XPBytes/media_types-serialization <code>MediaTypes::Serialization</code>]: :cyclone: Add media types supported serialization to Rails.<br />
<br />
== Development ==<br />
<br />
After checking out the repo, run <code>bin/setup</code> to install dependencies. Then, run <code>rake test</code> to run the tests. You can also run <code>bin/console</code> for an interactive prompt that will allow you to experiment.<br />
<br />
To install this gem onto your local machine, run <code>bundle exec rake install</code>. To release a new version, update the version number in <code>version.rb</code>, call <code>bundle exec rake release</code> to create a new git tag, push git commits and tags, and push the <code>.gem</code> file to rubygems.org.<br />
<br />
== Contributing ==<br />
<br />
Bug reports and pull requests are welcome on GitHub at [https://github.com/SleeplessByte/media-types-ruby SleeplessByte/media-types-ruby]</div>Thexa4