2021-02-24T08:23:24 *** ldevulder_ is now known as ldevuldedr 2021-02-24T08:23:27 *** ldevuldedr is now known as ldevulder 2021-02-24T09:06:29 ipsilon openid still gives us trouble, confuses return_to addrs. 2021-02-24T09:20:33 okurz / Eighth_Doctor: I would update the ipsilon VM to 15.2 and upgrade ipsilon to the latest version from June. It seems, upstream is really dead since RedHat bought jboss/keycloak 2021-02-24T09:25:51 ok, tell me when I should test something 2021-02-24T10:26:15 still waiting for my branched ipsilon package to publish... 2021-02-24T11:50:58 okurz: can you try now? 2021-02-24T11:51:05 or okurz[m][m] ^^ 2021-02-24T11:51:51 bmwiedemann: looks very good! 2021-02-24T11:52:16 Do you consider it fixed or will it reappear and we are just lucky because you freshly started the service or something? 2021-02-24T11:54:02 we still need to do a better fix. I just asked our mirrorcache maintainer to stop its logins 2021-02-24T11:55:48 and apparently it does a lot of logins as part of some automated tests 2021-02-24T11:58:08 at least, we have a workaround for now and a guess to where it comes from. 2021-02-24T11:59:02 ok, cool! Thank you. I will update the affected users I know of 2021-02-24T12:17:32 bmwiedemann: well, I am upstream for ipsilon more or less 2021-02-24T12:17:34 along with a few other folks in Fedora 2021-02-24T12:17:46 I have refused to make a release until my criteria is met 2021-02-24T15:23:46 Hello, trying to setup up VPN to `https://freeipa.infra.opensuse.org/`. The startup doc mentions `a-certificates-freeipa-opensuse`. Which one is it? the one under home:mstrigl or the one under openSUSE:infrastructure? I guess it's the latter but I'd rather ask. 2021-02-24T15:24:19 * Hello, trying to setup up VPN to `https://freeipa.infra.opensuse.org/`. The startup doc mentions `ca-certificates-freeipa-opensuse`. Which one is it? the one under "home:mstrigl" or the one under "openSUSE:infrastructure"? I guess it's the latter but I'd rather ask. 2021-02-24T20:49:23 Can someone give me a quick hand? Just set up my openvpn settings and my attempts to connect to 'gate.opensuse.org' fail (`AUTH: Received control message: AUTH_FAILED`) 2021-02-24T20:51:46 I can check the log, what's your username? 2021-02-24T20:52:50 Sure 2021-02-24T20:52:52 Sending now 2021-02-24T20:53:49 https://pastebin.com/QVJfaQrz 2021-02-24T20:53:56 "nycticorax" is the username 2021-02-24T20:55:36 I see an auth failure on the server some hours ago, but also some success messages 2021-02-24T20:55:43 are you sure it's still broken? ;-) 2021-02-24T20:57:11 a new failure just appeared in the log, so it might be broken again 2021-02-24T20:57:46 Yup 2021-02-24T20:58:09 Using verbose mode, I've got nothing but error messages. 2021-02-24T20:58:31 AUTH_FAILED. 2021-02-24T20:59:08 the server log says 2021-02-24T20:56:03.317515+00:00 scar openvpn[27865]: pam_sss(common-vpn:auth): received for user nycticorax: 7 (Authentication failure) 2021-02-24T20:59:27 but OTOH there was (10 minutes before) 2021-02-24T20:46:03.708352+00:00 scar openvpn[27865]: pam_sss(common-vpn:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=nycticorax 2021-02-24T21:00:20 it might sound like a silly question, but since it only sometimes fails - do you sometimes mistype your password? 2021-02-24T21:02:42 I don't think so. I just tried now, with a correct password freshly copy-pasted, still failed. 2021-02-24T21:03:20 that's strange, the only new log line I see says 2021-02-24T21:03:23 2021-02-24T21:01:52.466988+00:00 scar openvpn[27865]: pam_sss(common-vpn:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=nycticorax 2021-02-24T21:04:49 Hum. If there is a mismatch between my real-time error messages and the server, not sure what I can do. 2021-02-24T21:05:42 yes, it's indeed interesting[tm] 2021-02-24T21:06:10 just to be sure - are you using the openvpn config file as described in the wiki? 2021-02-24T21:06:48 Yeah, I've followed I think all the instructions found there. 2021-02-24T21:06:59 do you start the vpn with systemctl restart openvpn@heroes or in another way? 2021-02-24T21:07:30 Except for one thing: instead of using the system service I am relying on sudo openvpn --config 2021-02-24T21:07:58 I can try again with systemd 2021-02-24T21:08:25 But it failed to even start when I did, hence the move to the openvpn cli. 2021-02-24T21:08:41 as long as it asks for username and password, sudo openvpn ... should also be fine (even if I never tested it) 2021-02-24T21:09:38 Yeah also systemctl restart openvpn@heroes produces some heat and noise, and seems to timeout 2021-02-24T21:10:38 anything useful in systemctl status -n100 openvpn@heroes ? 2021-02-24T21:12:26 not really, but journalctl is more illuminating, I think: Timeout, and then later Error, failed retrieving username and password 2021-02-24T21:13:12 and finally 'Failed to start OpenVPN tunneling daemon instance using 2021-02-24T21:15:50 ah, maybe the detailed openvpn log on the server is more helpful 2021-02-24T21:16:01 :) 2021-02-24T21:16:04 I think I found the problem, please try again 2021-02-24T21:22:41 Alright much better result `Initialization sequence completed` 2021-02-24T21:24:33 :-) 2021-02-24T21:26:30 Thankyou very much Christian! 2021-02-24T21:26:41 you are welcome ;-) 2021-02-24T21:26:50 What was the culrprit? 2021-02-24T21:26:58 * What was the culprit? 2021-02-24T21:27:00 Wed Feb 24 16:42:58 2021 us=116822 134.21.143.250:57294 TLS Auth Error: --client-config-dir authentication failed for common name 'nycticorax' file='/etc/openvpn/ccd-tcp/nycticorax' 2021-02-24T21:27:31 we have a user-specific file in the openvpn config (so that you always get the same IP), but nobody had created yours 2021-02-24T21:28:04 easy to fix once you know where to look ;-) 2021-02-24T21:28:10 🤗 2021-02-24T21:48:17 pjessen, lcp: does factory@ allow mails from non-subscribers? I've seen 3 spam mails there today :-( 2021-02-24T21:52:14 it shouldn't, maybe a moderator mistook the buttons when trying to remove the spam? 2021-02-24T21:55:01 just checked two of them, no delays in the Received headers, so it probably passed without moderation 2021-02-24T22:04:48 I don't think I see anything wrong there 2021-02-24T22:05:01 that's interesting 2021-02-24T22:14:06 something's also wrong with postorius 2021-02-24T22:14:17 did somebody touch the vm recently? 2021-02-24T22:15:17 From what I've seen in the tickets, Lars added more RAM and CPU (probably followed by a reboot), and pjessen started another index run afterwards 2021-02-24T22:16:44 postorius was probably updated then 2021-02-24T22:17:09 and it didn't have a rerun of the django cache fluff 2021-02-24T22:19:29 ok, I fixed postorius 2021-02-24T22:19:39 idk about factory tho >:D 2021-02-24T22:43:46 Hello team, if somebody would reach out to you that something is wrong with software-o-o then please be aware that I've deployed new build with reduced scope. All downloads will no go through get-o-o 2021-02-24T22:43:51 you can redirect people to https://news.opensuse.org/2021/02/08/reducing-the-scope-of-software-o-o/ 2021-02-24T22:44:17 * All downloads will now go through get-o-o 2021-02-24T22:45:25 just as an idea - maybe add a small note like "looking for the openSUSE distributions? Please head over to get.o.o"? 2021-02-24T22:45:48 that might help to avoid the reports you "fear" ;-)