2023-11-08T10:13:54 *** teepee_ is now known as teepee 2023-11-08T11:53:29 acidsys: known_hosts on narwal5 is salt-managed, so if it needed changes, please update the web_static pillar 2023-11-08T11:58:29 hi cboltz, in that case the entries in the pillar should be changed to use the new IP addresses 2023-11-08T18:12:05 *** teepee_ is now known as teepee 2023-11-08T18:25:26 hi cboltz, if I recall correctly you use IPv4 to access the internet 2023-11-08T18:25:47 right 2023-11-08T18:32:42 do you want to v4-test our new Heroes VPN for me? 2023-11-08T18:33:08 do you use the VPN provided DNS servers or configure your own? 2023-11-08T18:33:39 only if you check (and hopefully accept) one of my pending MRs ;-) 2023-11-08T18:33:52 I have my own DNS server 2023-11-08T18:34:15 well guess what just happened ^^ 2023-11-08T18:35:01 ok in that case you will have to change your forwarders for infra.opensuse.org to 2a07:de40:b27e:64::c0a8:2f65 2a07:de40:b27e:64::c0a8:2f66 for the time being 2023-11-08T18:35:17 that one doesn't count ;-) - it just fixes what you "broke" (as in "edited a a salt-managed file") 2023-11-08T18:36:23 what else is there, the nginx one we aleady had a chat regarding me not understanding the intended purpose of the test suite especially now that we apparnetly work around its design flaws 2023-11-08T18:36:41 tsp seems like lcp is reviewing? 2023-11-08T18:37:04 lcp commented, but so far didn't approve (or request more changes) 2023-11-08T18:37:06 svn kernel we already said is not in use anymore 2023-11-08T18:37:27 scar sshd is going to be irrelevant once I turn it off 2023-11-08T18:37:29 ^^ 2023-11-08T18:38:19 and for nginx - right, we talked about that, but IMHO making the test more strict makes sense nevertheless (and we can still change it again later if/when we improve the test in general) 2023-11-08T18:40:40 so - do you want to tell me how I need to adjust my VPN config first, or do you want a bugreport first? 2023-11-08T18:41:51 out of 15 web roles we are letting 8 fail. if more than half of the test suite is so broken one just wants to add patches to hide the errors, I do question the complete test suite 2023-11-08T18:42:15 you just need to connect to odin.opensuse.org instead of whatever you were currently connecting to 2023-11-08T18:42:27 and as said adjust your forwarders if you say you use a custom DNS setup 2023-11-08T18:43:01 (once all works fine we will repoint gate.o.o ) 2023-11-08T18:43:17 ok, that sounds like easy adjustments 2023-11-08T18:47:49 looks like odin.o.o only has a v6 address, which causes "Network is unreachable" 2023-11-08T18:48:17 oops I did not add the A record :-( 2023-11-08T18:48:49 I remember you added a v4 address to hosts.yaml, so it's "just" the DNS entry 2023-11-08T18:49:02 now I added it .. 195.135.223.55 from outside 2023-11-08T18:51:52 thanks, better 2023-11-08T18:52:04 now I end up with AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher) 2023-11-08T18:52:35 my config has cipher AES-256-CBC - do I need to change/update that? 2023-11-08T18:52:44 *** microchip__ is now known as microchip_ 2023-11-08T18:56:12 hmm do you also get a deprecation warning regarding --data-ciphers ? 2023-11-08T18:56:21 I had success with 2023-11-08T18:56:23 cipher AES-256-CBC 2023-11-08T18:56:25 data-ciphers AES-256-CBC 2023-11-08T18:56:27 auth SHA512 2023-11-08T18:58:10 if that doesn't work, can you share your `/usr/sbin/openvpn --show-tls` 2023-11-08T18:59:34 s/$/ --show-ciphers/ 2023-11-08T18:59:49 ah, found it 2023-11-08T18:59:57 what was it? 2023-11-08T19:00:00 if you run systemctl status -n900 openvpn@heroes, you find 2023-11-08T19:00:02 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 2023-11-08T19:00:14 adding data-ciphers helped 2023-11-08T19:00:18 phew good :) 2023-11-08T19:01:02 I now have a tunnel with v4 and v6 IPs 2023-11-08T19:01:25 that doesn't sound right 2023-11-08T19:01:56 you should have a tunnel interface with only an IPv6 address in 2a07:de40:b27e:500[12]::xxx 2023-11-08T19:02:12 do you have some static addresses configured somewhere 2023-11-08T19:03:34 ooh you are connecting using tcp 2023-11-08T19:03:43 i see the problem 2023-11-08T19:03:45 right 2023-11-08T19:05:23 ok, try reconnecting please 2023-11-08T19:06:19 now it's v6 only - 2a07:de40:b27e:5002::1000/64 and fe80::f41a:4a64:409e:ec01/64 2023-11-08T19:06:26 kewl 2023-11-08T19:07:28 so ideally you shouldn't notice any differences when using it 2023-11-08T19:07:58 except maybe if you connect to some obscure ports I did not consider to whitelist (currently ssh, http, https, and mosh are allowed) 2023-11-08T19:10:41 looks good so far :-) 2023-11-08T19:12:02 ^__^ 2023-11-08T19:12:11 now to the bugreport I promised ;-) 2023-11-08T19:12:26 look for example at https://gitlab.infra.opensuse.org/infra/salt/-/jobs/19491#L71 2023-11-08T19:13:26 the tests succeed despite that (which is a bug on its own), but we shouldn't have such errors from prepare_test_env.sh 2023-11-08T19:14:23 ohh that is ugly .. I thought I repaired it when I made my patch the other day 2023-11-08T19:14:53 doesn't look so - and before you really repair it, please add an error check and verify that it causes a failure 2023-11-08T19:15:30 https://gitlab.infra.opensuse.org/infra/salt/-/jobs/19334 didn't have it 2023-11-08T19:18:54 https://gitlab.infra.opensuse.org/infra/salt/-/jobs/19369 is the next merge after that, and shows the error 2023-11-08T19:19:06 could it be that it only shows up after being deployed on the saltmaster? 2023-11-08T19:21:14 that next merge was !942 - and actually it might also be the one that introduced it by adding 2023-11-08T19:21:21 {%- set address = salt['saltutil.runner']('os_pillar.get_host_ip6', arg=[grains['host'], True]) -%} 2023-11-08T19:27:23 !955 2023-11-08T19:29:21 looks good :-) 2023-11-08T19:30:10 any idea why the tests didn't abort? (To make things more interesting - prepare_test_env.sh has set -e therefore $? != 0 should in theory be catched) 2023-11-08T19:34:38 "fails" with 0 .. typical salt problem. just tested and --retcode-passthrough doesn't change the return code upon the error message either 2023-11-08T19:34:43 https://gitlab.infra.opensuse.org/infra/salt/-/commit/5d56e9ec5fe72b7fff773dd0aa27f465758db2f0 - these two salt commands error out, but both set $? = 0 :-( 2023-11-08T19:35:11 nice :-/ 2023-11-08T19:36:22 hey, at least better than some versions prior :) https://github.com/saltstack/salt/pull/48361 2023-11-08T19:37:31 indeed 2023-11-08T19:38:03 I mean, add "exit 0" as last command in all your scripts, and you'll never have problems again ;-) 2023-11-08T19:39:07 echo 'exit 0' > /etc/profile 2023-11-08T19:40:06 I'm afraid that makes login a bit harder - but OTOH, you'll never break something on that machine 2023-11-08T19:44:15 yep! tackling problems from the ground up 2023-11-08T19:44:42 https://paste.opensuse.org/pastes/e655571153c4 it would be nice if it told me how I know if I use databases using the "ts1 inde" 2023-11-08T19:46:41 shutting down monitor.i.o.o and chip.i.o.o now 2023-11-08T21:46:31 acidsys: how many VMs are left? 2023-11-08T21:47:28 check the pad 2023-11-08T22:43:53 *** teepee_ is now known as teepee 2023-11-08T22:48:35 stonehat.i.o.o is running a slightly abnormal amount of dns listeners 2023-11-08T22:48:37 stonehat:~ # ss -tulpn|grep named|wc -l 2023-11-08T22:48:39 258 2023-11-08T22:50:01 sounds like "enough" ;-) 2023-11-08T23:34:19 rebooting ipx-proxy1 2023-11-08T23:41:09 done