2021-02-22T08:21:48  *** ldevulder_ is now known as ldevulder
2021-02-22T15:46:09  *** ldevulder_ is now known as ldevulder
2021-02-22T16:44:13  *** ggardet is now known as guillaume_g
2021-02-22T18:36:41  <theluckymike> hi folks, just to confirm before I do some action, I can add dns zones/records via freeipa gui and it should work fine,right?
2021-02-22T18:37:46  <cboltz> new records - yes
2021-02-22T18:37:49  <cboltz> for new zones, it's not that easy - you'll also need to add them on chip.i.o.o and ns*.o.o
2021-02-22T18:39:17  <cboltz> (if it helps - I have some rough notes [in german] from adding a zone. Probably not complete, but better than nothing)
2021-02-22T18:47:43  <theluckymike> uf, notes in german might not help that much
2021-02-22T18:47:57  <theluckymike> will do the same I did in suse for past year, reverse engineer then :)
2021-02-22T18:48:23  <cboltz> I can translate them to english if you promise to clean them up and to add them to the wiki on progress ;-)
2021-02-22T18:48:51  <theluckymike> ok, I could use your notes, my experience on few zones I want to add and mix it together in something up to date I guess
2021-02-22T18:49:03  <theluckymike> give mse moment please tho, it seems many zones are already added, might be nothing to do
2021-02-22T18:49:59  <theluckymike> ok some are still to add, so yeah we can do that
2021-02-22T18:50:30  <theluckymike> also, I dont have access to salt yet, I guess thats where you add access to servers like chip and ns.o.o?
2021-02-22T18:51:29  <theluckymike> ah, I can use my free ipa credentials to login to chip. I dont like passwords that much, should I just add my key manually to it, or there is some salt master?
2021-02-22T18:51:46  <Lars[m]> theluckymike: most zones should already exist in FreeIPA and on chip. I just did not create the corresponding slave zone entries in the ns{1,2,3,4}.opensuse.org machines. My idea was to do this via Salt...
2021-02-22T18:52:09  <theluckymike> most =! all, let me finish it all
2021-02-22T18:52:40  <Lars[m]> And for FreeIPA: I created the zones there via command-line script. That was easier than using the guy.
2021-02-22T18:52:42  <theluckymike> like .jp, .kr, .mx are still pending. those seems to be vanity domains that are not much in use, but still you have them, why not to add
2021-02-22T18:53:19  <Lars[m]> But on the other side it might be a good training for you ;-)
2021-02-22T18:53:41  <theluckymike> exactly, will add missing stuff
2021-02-22T18:53:55  <theluckymike> and seems will have my chance to prepare first updated howto
2021-02-22T18:54:05  <Lars[m]> Feel free to add them. This is anyway the best way to learn :-)
2021-02-22T18:55:44  <cboltz> my (translated) notes: https://paste.opensuse.org/98447306
2021-02-22T18:56:10  <Lars[m]> The most funny part is on chip, as you need to switch to pdns-util for admin tasks + some lua scripting and maybe sqlite magic, if pdns-util does not do what you want.
2021-02-22T18:56:13  <cboltz> the missing point are the details on chip - the bash and sqlite history should help
2021-02-22T18:56:29  <theluckymike> uf, sqlite :)
2021-02-22T18:56:44  <Lars[m]> The ns{1,2,3,4} machines are plain named installations
2021-02-22T18:57:14  <cboltz> Lars[m]: maybe you should look at my notes to check if everything looks right (can't be too wrong since it worked once, but... ;-)
2021-02-22T18:57:55  <Lars[m]> In former times, I configured ns4 (Provo) to be a (sub-)slave of ns1, as the private network was not reliable. But today it should be ok to handle all external DNS servers identically.
2021-02-22T18:58:04  <theluckymike> it is bit more trickier than I expected, will need tad more time for this. will drop qq here when it comes up
2021-02-22T18:58:34  <theluckymike> and can I ask, are you spinning some vxlan ?
2021-02-22T18:59:19  <Lars[m]> cboltz: looks ok to me. Beside my wish above to put the external DNS stuff in salt.
2021-02-22T19:00:08  <cboltz> right, needing to do the same thing on 4 servers makes it obvious that we should salt it - and we should also use a for loop with the domain list ;-)
2021-02-22T19:01:06  <Lars[m]> theluckymike: at the moment,we have one dedicated network in NUE (192.168.47.0/24) and one in PRV (192.168.67.0/24). Both connected via vpn
2021-02-22T19:02:58  <Lars[m]> The machines in the QSC data center currently use an openVPN user account name after their hostname (only 3 machines), but should become an additional private network once the new widehat is installed.
2021-02-22T19:03:33  <Lars[m]> If you are logged in to the heroes vpn, you should be able to reach all machines directly.
2021-02-22T19:03:40  <theluckymike> yes, it works nice
2021-02-22T19:03:56  <theluckymike> one last thing for now, who can give me access to relevant gitlab repos?
2021-02-22T19:04:26  <theluckymike> im not super smart with salt, but I can take a look if I can make that dns thing to work via your pipeline
2021-02-22T19:04:40  * cboltz could for infra/salt, but not for infra/*
2021-02-22T19:04:51  <Lars[m]> We could think about separating - for example the DB clusters - later, if the infra gets boring enough ;-)
2021-02-22T19:05:22  <theluckymike> ok, fair enough
2021-02-22T19:05:34  <Lars[m]> there should be a list of gitlab admins on the gitlab wiki page in progress.o.o
2021-02-22T19:06:48  <theluckymike> yeah, have to learn to use wiki, sorry
2021-02-22T19:07:27  <Lars[m]> np. Remember to have some fun! :-)
2021-02-22T19:09:54  <cboltz> that admin list is directly and live in gitlab, on the "Members" page ;-)  (avoiding an always-outdated wiki)
2021-02-22T19:10:40  <theluckymike> not sure where to get adminlist, if i dont have access to any repo
2021-02-22T19:10:41  <theluckymike> -.-
2021-02-22T19:11:55  <cboltz> what's your username?
2021-02-22T19:23:03  <theluckymike> mdruvietis
2021-02-22T19:24:56  <cboltz> can to access https://gitlab.infra.opensuse.org/infra/salt now?
2021-02-22T19:30:39  <theluckymike> cboltz: yes, thanks a lot!
2021-02-22T19:31:07  <cboltz> ok, then you have access to the most important part :-)
2021-02-22T19:34:15  <cboltz> I'm afraid I can't give you access to the salt formulas we use (because I don't have owner perms on those repos) - if you need them, I can probably find someone who can
2021-02-22T20:17:10  <theluckymike> thanks, should be good for now. I have quite some info to dig around, will ask when will need something more
2021-02-22T23:16:14  <a-865k> is anyone aware that https://www.suse.com/support/kb/doc/?id=000016506 is useless (no usable links)?
2021-02-22T23:17:04  <a-865k> it is first it from this DDG search "opensuse failure in name resolution -ubuntu -mint -debian"
2021-02-22T23:17:15  <a-865k> first hit
2021-02-22T23:21:19  <a-865k> susepaste-screenshot on 15.2 us broken too with "paste failed"
2021-02-22T23:36:19  <theluckymike> im wondering how this is related to opensuse a-865k ?
2021-02-22T23:37:19  <a-865k> dunno, the line drawing between SLE and openSUSE is clear as mud any more
2021-02-22T23:38:11  <a-865k> stupid search engines see opensuse as first search string yet first hits are anywhere but opensuse.org
2021-02-22T23:38:13  <theluckymike> if i search same as you in ddg, it gives me only opensuse.org results, nothing from suse.com page
2021-02-22T23:38:34  <theluckymike> https://mikedruu.rocks/justtesting.png
2021-02-22T23:38:51  <a-865k> wierd
2021-02-22T23:40:01  <a-865k> maybe something to do with your default browser vs. mine? (SeaMonkey)
2021-02-22T23:41:11  <theluckymike> maybe ¯\_(ツ)_/¯