2024-03-27T00:10:36 Test 2024-03-27T00:10:42 Fail. 2024-03-27T00:10:58 Good bye irc. 2024-03-27T00:11:04 At least we get your PFP, when you're here on Matrix. 2024-03-27T00:12:42 is pfp a less controversial abbreviation for profile picture ? 2024-03-27T00:13:04 yup, it's a discord term, as far as I know. 2024-03-27T00:13:28 at least that's the first place I ever encountered it. 2024-03-27T00:13:56 interesting. in my circles it's always been propic :p 2024-03-27T00:14:15 I always heard DP for display picture but yeah. PFP works. 2024-03-27T00:19:24 better than hdmi 2024-03-27T00:20:33 rofl 2024-03-27T00:20:45 That was such a stupid debate. 2024-03-27T00:20:53 lol 2024-03-27T00:22:46 Firstyear (Firstyear): Not a debate, nor stupid. It was mutual sharing of personal impressions in life 2024-03-27T01:00:29 if someone is still up and motivated, this came in: Notice(heroes-monitor): Alert! Low memory on matrix.infra.opensuse.org is firing .. otherwise I check later 2024-03-27T01:03:29 acidsys: I have no access. Should I be scared that it forgets all my wonderful posts ? 2024-03-27T22:56:23 acidsys: Which reminds me, speaking of monitoring how do I get enrolled for alerts on things. 2024-03-27T22:58:47 hi firstyear, critical alerts go to the admin-auto@ mailing list, warnings go to #opensuse-admin-alerts (still being worked on though), and https://alerts.infra.opensuse.org gets all categories (critical+warning+info) 2024-03-27T22:59:44 and besides alerts there are various pretty dashboards in https://monitor.opensuse.org/grafana/ 2024-03-27T23:04:34 Hmmm okay. I probably need to look at that more later to find a way to get IDM alerts. 2024-03-27T23:05:20 I want to monitor Kanidm, but I have to set up collection for OpenTelemetry first (we currently only use native Prometheus metrics) 2024-03-27T23:05:43 but you can already find basic machine and HAProxy data which might be useful 2024-03-27T23:07:27 Ahhh. 2024-03-27T23:07:48 You probably want to speak to yaleman about that's, he's the otel person. 2024-03-27T23:08:02 yep you already showed me once what they were working on 2024-03-27T23:08:48 it's quite cool but I will want to feed it into Prometheus (there's experimental otel support now I think) so I don't have to set up something like Tempo just for one service 2024-03-27T23:09:56 For now, if we open up direct https/ldaps to kani1/kani2 and port 12346 on kani1 then i can just monitor it directly with my home nagios setup 2024-03-27T23:10:04 They're all safe to open btw, 2024-03-27T23:10:33 I don't like that, what data would you get out of your nagios which you cannot get out of our monitoring? 2024-03-27T23:11:12 Well, I have no idea how the monitoring for opensuse works 🤣 2024-03-27T23:11:22 And how to enroll my self to only specific alerts 2024-03-27T23:11:59 but the big one rn, is individual server health, but the port 12346 is for ipa -> kani sync monitoring. 2024-03-27T23:13:09 And we don't need otel for anything like that, we just nede "check ports" 2024-03-27T23:13:36 allowing individual people to receive personal alerts for individual machines was more a long term idea of mine, but if you already want it I can easily add an email address or similar to match your machines 2024-03-27T23:13:48 if you just want to check if a port is open that is relatively easy 2024-03-27T23:14:04 Nah, there is actually some data to process on the 12346 port. 2024-03-27T23:14:12 You need to check for specific responses. 2024-03-27T23:14:36 The reason I suggested just opening it up now, is I already have all the templates for nagios good to go so we can monitor "today" and then solve it for the osuse monitoring as we go. 2024-03-27T23:14:53 well show me what you have 2024-03-27T23:15:52 Getting it 2024-03-27T23:16:40 define service { 2024-03-27T23:16:40 ... long message truncated: https://matrix.opensuse.org/_matrix/media/v3/download/opensuse.org/CmYsLZmYFOrMUgnLSycxzqsc (22 lines) 2024-03-27T23:17:52 This is just basic checks for now. 2024-03-27T23:19:11 theoretically we still have the legacy monitoring-plugins (collected with nrpe) running (which I work on replacing) but this seems simple enough to implement, parts I need for other services anyways 2024-03-27T23:19:38 👍 2024-03-27T23:19:59 so I will look into it the next days then we can do it properly to begin with 2024-03-27T23:21:12 Sounds like a plan. Do you want me to help with the machine sssd -> kani client converts? I can do them "overnight" while most people are asleep etc. 2024-03-27T23:23:30 sure, though once we merge it into role.base we can just apply it everywhere 2024-03-27T23:24:11 I already wrote salt/profile/kanidm/client/legacy.sls to remove the old bits 2024-03-27T23:28:00 Wouldn't we want to convert the machines a few at a time to catch any problems? 2024-03-27T23:28:08 As much as I'm keen for "all in" 2024-03-27T23:30:27 I don't expect much issues myself but if you are motivated to do batches then of course you may ^^ 2024-03-27T23:30:38 hahaha 2024-03-27T23:30:50 I don't expect issues, but the rule is "hope for the best, prepare for the worst" 2024-03-27T23:31:05 How about I manually roll out to a few machines as a trial first, then we can just do the rest once we have a sample converted. 2024-03-27T23:31:26 sure 2024-03-27T23:31:32 I'll temporarily need to be in the wheel group to do that though. But I'm happy to be removed after. 2024-03-27T23:31:47 Okay, I'll look through gitlab and stuff today and check everything and I'll do a PR later. 2024-03-27T23:32:19 When you're young, people are so keen to have admin on machines, and then you get old and know that access to machines is radioactive 🤣 2024-03-27T23:32:29 sure but you don't have to go to each machine, saltmaster-admins lets you use witch1.i.o.o 2024-03-27T23:33:03 then just `sudo salt state.apply profile.kanidm.client` 2024-03-27T23:33:44 Ahhhh cool. 2024-03-27T23:34:08 Is it called witch1 becausu it deploys curses to the broader population? 2024-03-27T23:34:42 the previous one was called minnie .. witch in disguise 2024-03-27T23:40:27 you can merge !1617 before or after .. I recommend before so as to not accidentally "roll back" some machines to FreeIPA 2024-03-27T23:41:42 Lol. 2024-03-27T23:41:45 yeah, lol. 2024-03-27T23:41:50 I'll review that today. 2024-03-27T23:41:57 some potentially useful commands for you: https://paste.opensuse.org/pastes/03a22c3d193f, https://paste.opensuse.org/pastes/d0b7a9267726 2024-03-27T23:42:13 Thank you! 2024-03-27T23:42:23 :) 2024-03-27T23:42:36 I'll review all this, make a plan and have a look :) 2024-03-27T23:42:56 I'm a bit of a boomer like that, I like to plan out all the commands and have them in notes before I start anything. 2024-03-27T23:44:16 it's good practice 2024-03-27T23:49:56 Nahhhh. Just yolo everything to prod without backups and without testing. 2024-03-27T23:50:10 *** teepee_ is now known as teepee 2024-03-27T23:54:16 why without testing, if you yolo to prod you are effectively testing 2024-03-27T23:55:30 rofl 2024-03-27T23:55:45 "everyone has a dev environment, some of us are lucky its separute to production 2024-03-27T23:55:59 haha 2024-03-27T23:58:11 now matrix.i.o.o is running out of disk space in addition to out of memory 2024-03-27T23:58:50 63G /var/log/matrix-synapse