2022-10-24T04:47:13  <bmwiedemann[m]> pjessen: I disabled rsync access for 3 bad mirrors on pontifex2: coreix, optusnet, intergrid ; saves plenty IO
2022-10-24T04:48:40  <bmwiedemann[m]> and repopush cycles are now down to 30m
2022-10-24T06:40:57  <bmwiedemann[m]> also emailed admins of twrepo.opensuse.id and opensuse.mirrors.estointernet.in about possible broken rsync
2022-10-24T06:41:54  <bmwiedemann[m]> There is a new script `rsyncdstats` that is very valuable to see who is pulling what
2022-10-24T07:30:00  <pjessen> bmwiedemann[m]: sounds goo.  you probably want to inform andrii too.
2022-10-24T07:30:13  <pjessen> good
2022-10-24T07:39:07  <pjessen> LCP0968[m]: discourse question?  I have discourse sending mails from noreply@o.o to notfound@o.o ?
2022-10-24T07:40:03  <LCP0968[m]> notfound is a dummy account
2022-10-24T07:43:29  <pjessen> LCP0968[m]: okay - is there likely to be a lot of that traffic?
2022-10-24T07:44:31  <hellcp> I think I will try to lessen it tbh, I am wondering if I just couldn't not have an email associated at all
2022-10-24T07:45:41  <pjessen> its noit a problem, I can just devnull it - or you can devnull on the discourse machine
2022-10-24T07:48:09  <pjessen> or maybe use a non-existent domain?
2022-10-24T07:50:05  <pjessen> bmwiedemann[m]: I can tell there is a lot less being pushed, for the last two weeks. is there also related that rsync bug?
2022-10-24T07:50:32  <pjessen> bmwiedemann[m]: or is it just herbstferien :-)
2022-10-24T07:51:12  <bmwiedemann[m]> let's say I fixed plenty issues. Maybe I also added some $exclude_misc to some servers, but not sure if we have the previous configs somewhere
2022-10-24T07:54:12  <pjessen> bmwiedemann[m]: well, for e.g. rsync.o.o we went from 1.5Tb pushed daily to not even 500Gb, so less than  30%.
2022-10-24T07:54:55  <bmwiedemann[m]> rsync.o.o now pulls most stuff from stage3
2022-10-24T07:55:10  <pjessen> ah, okay. also for repos?
2022-10-24T07:55:19  <bmwiedemann[m]> just debug and ports are pulled directly and repos are pushed
2022-10-24T07:55:38  <pjessen> hmm, for rsync.o.o, I don't think we can use excludes, it is the dedicated source for private mirrors.
2022-10-24T07:56:36  <bmwiedemann[m]> for some reason IO on rsync.o.o is terribly slow - slower than the Nairobi mirror.liquidtelecom.com
2022-10-24T07:57:10  <pjessen> a month ago, rsync.o.o was the fastest of them all
2022-10-24T07:57:29  <pjessen> peaking at 2.3Tb/day
2022-10-24T07:59:45  <bmwiedemann[m]> hmm. I'll try to disable writeback on the bcache device.
2022-10-24T08:01:00  <bmwiedemann[m]> hah, there was a bwlimit in the push call
2022-10-24T08:05:46  <pjessen> bmwiedemann[m]: that would do :-)
2022-10-24T08:29:18  <bmwiedemann[m]> Though I'm afraid, that the extra write-IO will reduce the read-IO of rsync users.
2022-10-24T08:52:03  <pjessen> any reason to think the mirror scanner is running behind?
2022-10-24T08:54:21  <bmwiedemann[m]> mirrorcache scan seems to always take some minutes... but then, we have frequent 15.3 update repo updates when mirrors need some minutes to catch up first
2022-10-24T08:59:18  <pjessen> this seems to be more than a few minutes, maybe see poo#119209. provo-mirror has the file, but rsync does not (yet).
2022-10-24T09:13:32  *** teepee_ is now known as teepee
2022-10-24T12:22:50  <KottV> Hi All, I'm looking for Marcus Rueckert / darix
2022-10-24T12:24:13  <KottV> has he ever been here? :)
2022-10-24T12:30:52  <tux93[m]> yes
2022-10-24T12:40:05  *** OnuralpSezer[m]1 is now known as thunderbirdtr[m]
2022-10-24T12:50:51  <pjessen> KottV: yes, darix is around quite often.
2022-10-24T12:52:10  <KottV> goog to know, thanx!
2022-10-24T13:01:41  <pjessen> who is in charge of setting up reverse mappings for our ipv6 ranges?
2022-10-24T13:24:26  <acidsys> pjessen: I'm not sure who is in charge, but I can offer writing a pull request
2022-10-24T13:30:29  <acidsys> ah, you already opened a ticket
2022-10-24T13:32:27  <pjessen> acidsys: please go ahead and re-assign if you know what to do
2022-10-24T13:33:52  <acidsys> already on it :)
2022-10-24T13:34:32  <acidsys> if I don't report back within an hour I got lost in the Amazon cloud
2022-10-24T13:34:44  <pjessen> we'll send out a search party
2022-10-24T13:34:57  <acidsys> a self-hosted one, please
2022-10-24T13:38:18  <acidsys> beg my pardon, but are there forward records for these domains? I only find a CNAME and A, no AAAA for anna.opensuse.org and elsa.opensuse.org
2022-10-24T13:42:51  <pjessen> afaict, you're right, no forward records.
2022-10-24T13:44:39  <pjessen> anna+elsa don't actually receive any external email, afaik.
2022-10-24T13:47:24  <acidsys> then I'm not sure how much sense it makes to add PTR records, because if they claim to follow RFC 1912 2.1 then it would still trigger without a matching A record
2022-10-24T13:48:23  <pjessen> hmm, that's probably true - I'll add the AAA records then. I don't see it causing any problems.
2022-10-24T13:48:35  <pjessen> AAAA records.  AAA is for ipv5
2022-10-24T13:48:46  <acidsys> :-)
2022-10-24T13:48:53  <acidsys> cool, A as well?
2022-10-24T13:49:05  <acidsys> funnily enough, RFC 1912 has no mention of AAAA at all
2022-10-24T13:49:48  <pjessen> 192 - it is pretty old. does it specifically mention ipv4 ?
2022-10-24T13:50:14  <acidsys> just that A + PTR shall match
2022-10-24T13:50:23  <acidsys> I'd presume modern mailservers are smarter than that
2022-10-24T13:50:28  <pjessen> interesting.
2022-10-24T13:51:18  <pjessen> yes, I would presume the same, but the option may not have been enabled.
2022-10-24T13:51:21  <LCP0968[m]> what's AA then?
2022-10-24T13:51:21  <LCP0968[m]> I know A, AAA and AAAA now
2022-10-24T13:51:22  <LCP0968[m]> but AA?
2022-10-24T13:52:07  <pjessen> Automobile Association :-)    (runs for cover)
2022-10-24T13:55:13  <pjessen> well. anna is CNAME'd to proxy-nue1, elsa to proxy-nue2, neither of which have an AAAA record.
2022-10-24T13:55:37  <LCP0968[m]> I can't believe car enthusiasts managed to infiltrate networking standards authorities
2022-10-24T13:55:42  <acidsys> I was about to ask, wheter that proxy shouldn't have IPv6 as well
2022-10-24T13:56:07  <acidsys> but then I decided maybe I don't actually want to ask why a service does not have IPv6
2022-10-24T13:56:45  <acidsys> LCP0968[m]: first they infiltrate our cities, then our networks, they're unstoppable
2022-10-24T13:57:25  <pjessen> proxy-nue does have an IPv6 address, but I don't know if I should just add IPv6 to proxy-nue[12].
2022-10-24T13:58:01  <pjessen> I foresee unforeseen things happening
2022-10-24T13:58:07  <acidsys> exciting!
2022-10-24T13:59:22  <pjessen> I suggest you go ahead and add the PTR record at least. Maybe I'll just change the CNAME to A+AAAA for anna+elsa
2022-10-24T13:59:58  <acidsys> I think that would make most sense. what about PTR for the IPv4, do they have their own address or is this some NAT
2022-10-24T14:00:03  <bmwiedemann[m]> is anyone using proxy-nue1 or 2 directly? I thought everyone points their CNAME to the VIP
2022-10-24T14:00:30  <bmwiedemann[m]> OTOH: everything should have an IPv6 address
2022-10-24T14:01:02  <pjessen> agree.
2022-10-24T14:01:11  <acidsys> ++
2022-10-24T14:01:39  <pjessen> the PTR for the IPV4 address say "proxy-nue1.o.o" and "proxy-nue.o.o".
2022-10-24T14:02:10  <bmwiedemann[m]> btw: the best IPv6 equivalent of 192.168 and friends is the fd00::/8 range where you must add 40 random bits to get your globally unique private network range.
2022-10-24T14:03:24  <pjessen> acidsys: for the AAAA PTR, I guess it has to say "proxy-nue1.opensuse.org" and "proxy-nue2.opensuse.org"
2022-10-24T14:05:09  <acidsys> but then that wouldn't line up with the forward records of those two
2022-10-24T14:06:03  <acidsys> I think adding the foward v6 records for anna + elsa would be good. and v4 depending on NAT
2022-10-24T14:06:38  <pjessen> I don't think there's any NAT'ing involved, anna/elsa both have real addresses.
2022-10-24T14:06:49  <acidsys> then we should add the v4 counterparts as  well
2022-10-24T14:07:25  <pjessen> they are already in place, except they say "proxy-nue[12]" .......
2022-10-24T14:08:16  <acidsys> proxy-nue[1|2] == [anna|elsa] ?
2022-10-24T14:08:30  <pjessen> yup.
2022-10-24T14:08:42  <pjessen> haproxy
2022-10-24T14:08:45  <acidsys> aha!
2022-10-24T14:09:43  <pjessen> I wud have to check the haproxy config, but if it is not using any ipv6, I think we can add AAAA record for proxy-nue[12] without causing any problem.s
2022-10-24T14:11:20  <acidsys> ok but for email operation we should still replace the cnames on anna/elsa.o.o with proper forward records and matching ptr (both v4 and v6)
2022-10-24T14:11:45  <acidsys> "PTR records must point back to a valid A record, not a alias defined by a CNAME."
2022-10-24T14:12:18  <acidsys> but of course good to  additionally add it to proxy-nue[12]
2022-10-24T14:12:32  <pjessen> that is what we have now.  the PTR (ipv4) points back to proxy-nue1, and proxy-nue1 points forward to the corect ipv4 address
2022-10-24T14:13:54  <pjessen> I suggest we stick to the current scheme, to avoid too many changes - so add a PTR for the IPv6 address to 'proxy-nue[12].o.o', and I'll add the AAAA records for proxy-nue[12]/
2022-10-24T14:14:52  <acidsys> ok cool
2022-10-24T14:17:13  <pjessen> have updated dns.
2022-10-24T14:18:38  <acidsys> care to double check mine? https://paste.opensuse.org/43825006
2022-10-24T14:28:09  <pjessen> looks good
2022-10-24T14:28:49  <acidsys> thank you!
2022-10-24T15:04:54  <acidsys> hej, https://freeipa.infra.opensuse.org/ipa/ui/#/e/dnszone/search gives me "No entries", do I need some special permissions?
2022-10-24T15:12:56  <pjessen> hmm, not sure. what are you looking for?
2022-10-24T15:14:18  <pjessen> btw, the ipv6 PTRs have gone in.
2022-10-24T15:15:55  <acidsys> according to https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Vm_add_remove#Preparation that's where one is supposed to add new DNS entries for VM's .. but given the rest of that document is pretty outdated, maybe there's a different place now? :)
2022-10-24T15:16:07  <acidsys> yup, went quick
2022-10-24T15:17:53  <pjessen> acidsys: no, for infra.o.o, that sounds correct.
2022-10-24T15:21:53  <acidsys> ah ok, thanks for confirming
2022-10-24T15:34:20  <pjessen> for access, maybe check with cboltz, he might know the secrets
2022-10-24T15:36:11  <acidsys> cool, made a ticket, will ask about it when he's back online