GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Build companion domain controller alongside Samson

samson the https://wiki.ucc.asn.au/ActiveDirectory server has no freshly built DC friends
- (and no successfully tested backups/restores)
  - e.g. export/import style, enabling consistent file-based backups: https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
  - snapshot backups of the whole machine #75 are currently running weekly; but
    - they have not been empirically tested by us for this sort of "database" application
    - can we truly trust them to be a completely atomic snapshot? or to be "crashed" with fresh boot and recover every time?
    - most reliably combined with taking "quiesced" backups with the services or whole server shut down?
- this is risky, a single-point-of-failure
  - which in turn depends on the running VM cluster
- something to do with the current configuration is probably why we still have occasional auth problems, e.g. mussel?
  - can we upgrade or rebuild or document our way out of this?
- ...so making a quick clone and calling it "done" really isn't enough, continuous integration is called for?
- vucc testbed in https://wiki.ucc.asn.au/NewActiveDirectory

Action items:

[BOB], [333], and [NTU] to learn more about (SAMBA) AD and how it works, along with Linux AD integration options
Using this knowledge, build new DC
Fix any other lingering AD issues that can be tracked in this Issue, or otherwise raise separate issues for them

Edited Oct 15, 2024 by Nick Bannon