It seems that there are three big themes to be picked up next in this space:

1. Cleaning up tasks from the Atlassian suite migration

   1. Delete older machines. I expect jira, confluence, id and crowd to not be needed anymore. That also includes their databases and database storage. That would include as well removing ansible code, archiving ID repo, the lot

   2. Update documentation related to how we do our ID now: https://openmrs.atlassian.net/wiki/spaces/ISM/pages/26542216

   3. Improve monitoring for this area

   4. Define if OpenLDAP is what we want in the future. The main concern here is cost. If we go with other solutions, we may need to define the lifecycle of those users, so we limit ourselves to a sensible number of accounts at a time.

   5. https://openmrs.atlassian.net/browse/ITSMOLD-4324 : if openldap is choosen to be kept, we will need to upgrade it

   6. https://openmrs.atlassian.net/browse/ITSMOLD-4231 : if openlap is chosen to stay, we need to get those certificates to automatically restart the container in a way that will actually pick the new certificate. We may go with a cron task, may be easier than the letsencrypt hook. Potentially the ldap upgrade will help here

   7. Verify the future of login of , that used to use our old ID. This system may be considered for sunset as well

2. Bamboo stability

   1. bamboo is likely due to an upgrade! It may be a huge one

   2. We may look if we can change any configuration on predator to make builds more stable

   3. : Bamboo server and agents seem to run out of disk every so often due to logs. We can look at logrotate carefully

   4. : Bamboo backups may not be working as desired

   5. Check monitoring for those instances. Do they need more resources? Check build waiting time, do you need more agents? If we are willing to pay AWS, we could have elastic agents (not sure if desired)

   6. Any other build improvements for reliability needed

3. Monitoring love

   1. Datadog seems to be notifying things non stop. Do some machines need some more memory/CPU/disk? Do we need to do some cleanup?

   2. : having datadog monitoring for unhealthy containers could be rather useful. For unhealthy containers, we may want to automatically restart them or something

   3. : do all machines that need backup are deploying it as expected? Do we have good monitoring for them?

   4. Pingdom is a paid integration. If our datadog isn’t as noisy anymore, we could potentially replace it altogether with slack, unless we actually want any folks on call

Miscellaneous tasks that could be picked as well

• : this is worth testing now the Jetstream got upgraded. It may not be relevant anymore and could potentially be reverted

• : potentially etherpad isn’t used anymore. On that case, archive the card and change docs to reflect that

• : potentially not used anymore. On that case, archive the card and change docs to reflect that /

• It’s always necessary

• Upgrading ansible

• : not every DNS entry is on terraform, which is fine. But as you find more of those, you can add them into IaC

• Reach out to centralised log services (e.g. splunk, sumologic, datadog) and ask if they’d be willing to provide us with an open source licence (preparation for future )

Resources: