2025-04-13T11:55:24  *** teepee_ is now known as teepee
2025-04-13T15:09:06  <matrix-o-o> <egotthold> Hey there! I wanted to finally implement https://progress.opensuse.org/issues/161411 and wanted to ask how to access the BMCs of the nodes. I saw in the ticket that the OS interfaces got firewall zones and networks but where are the BMCs connected? Anyone got a clue?
2025-04-13T15:11:28  <acidsys> hi egotthold, that's still somewhat with me to finish deploying the machines, I will check where I left off
2025-04-13T15:11:55  <matrix-o-o> <egotthold> That would be lovely. Can I assist you somehow?
2025-04-13T15:21:15  <acidsys> thanks; for now I'm good, by the looks of it I prepared apollo01, it should just need dup to 15.6 and a highstate, will do that now, then you can use it
2025-04-13T15:21:41  <acidsys> the others I think I did not do at the time because the BMC was not reachable but that was resolved in the meanwhile
2025-04-13T15:22:09  <matrix-o-o> <egotthold> Okay. In regard to the Netbox issues. As we are in an IPv6 only environment I have no ideas left ad-hoc what we can do.
2025-04-13T15:22:34  <matrix-o-o> <egotthold> (Because I noticed the Netbox issue when trying to research the IPs the four nodes.)
2025-04-13T15:23:35  <acidsys> the openSUSE netbox I somewhat neglected, not only is it broken but I would need to submit various dependency libraries
2025-04-13T15:23:41  <acidsys> it might help to run the machine with tumbleweed
2025-04-13T15:24:11  <acidsys> but as I did NB in SUSE now I was thinking to just copy the same container setup as to not have two different netboxes to maintain
2025-04-13T15:24:21  <acidsys> as much as I dislike the random-docker-foo stack
2025-04-13T15:24:51  <matrix-o-o> <egotthold> Me too but I think it is a reasonable approach to copy the approach to save work.
2025-04-13T15:25:51  <acidsys> yeahp
2025-04-13T15:27:17  <acidsys> now that you are online, I assume you will connect to the vpn again and I can discard https://progress.opensuse.org/issues/179476 ? :-)
2025-04-13T15:27:31  <acidsys> did you receive the headsup email it sent by the way?
2025-04-13T15:27:58  <matrix-o-o> <egotthold> Uhm not that I saw. But yes please don't implement the ticket. :)
2025-04-13T15:28:18  <matrix-o-o> <egotthold> What is the jumphost for apollo? I am not getting a route to connect directly atm. :)
2025-04-13T15:28:45  <acidsys> ah I see the problem, you have "mail: schoolguy@infra.opensuse.org" in your Heroes account which does not look correct
2025-04-13T15:28:52  <acidsys> shall I set it to your @suse.com or to something else?
2025-04-13T15:29:11  <acidsys> thor.infra.opensuse.org
2025-04-13T15:29:17  <matrix-o-o> <egotthold> Nope company mail is fine. All my computers are receiving it.
2025-04-13T15:29:44  <acidsys> but still need some minutes
2025-04-13T15:29:47  <acidsys> ok cool
2025-04-13T15:30:09  <matrix-o-o> <egotthold> I am trying to figure out what SSH Key I used. So no worries. :D
2025-04-13T15:31:04  <acidsys> seems you don't have any ssh keys in your account
2025-04-13T15:31:49  <matrix-o-o> <egotthold> I am about to change that.
2025-04-13T15:34:53  <acidsys> you'll need a key added before being able manage your own ssh keys, shall I add the same I have from work?
2025-04-13T15:35:06  <matrix-o-o> <egotthold> Done now.
2025-04-13T15:35:12  <acidsys> how did you manage that
2025-04-13T15:35:16  <matrix-o-o> <egotthold> I forgot to press save the second time.
2025-04-13T15:35:27  <matrix-o-o> <egotthold> You need to say add SSH Key and then "Save Changes".
2025-04-13T15:35:58  <matrix-o-o> <egotthold> Was that not supposed to work?
2025-04-13T15:36:03  <acidsys> ohh it's possible to do it from the GUI now!
2025-04-13T15:36:07  <acidsys> very nice, that was not possible for a long time in kanidm
2025-04-13T15:37:40  <matrix-o-o> <egotthold> Hm so my private key is obviously not on thor, with what user/key am I supposed to connect?
2025-04-13T15:37:47  <matrix-o-o> <egotthold> Also this looks odd:
2025-04-13T15:38:09  <acidsys> your private key should only be on your client
2025-04-13T15:38:28  <acidsys> thor and other machines you should able to authenticate with the private key matching the public key you just added
2025-04-13T15:38:40  <acidsys> user is schoolguy
2025-04-13T15:38:51  <matrix-o-o> <egotthold> Yes indeed but how do I connect from thor to the other host?
2025-04-13T15:39:05  <acidsys> ah well not yet
2025-04-13T15:39:11  <acidsys> I will let you know shortly
2025-04-13T15:39:31  <matrix-o-o> <egotthold> Oh sorry. Take your time. It is Sunday. :)
2025-04-13T15:51:33  <acidsys> minor fixup https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/2419
2025-04-13T15:52:47  <matrix-o-o> <egotthold> approved
2025-04-13T16:38:32  <acidsys> egotthold: apollo01 is ready now
2025-04-13T16:39:00  <acidsys> I added you to the github_runner-admins group which should give you root access via sudo there
2025-04-13T16:39:23  <acidsys> host key is in https://gitlab.infra.opensuse.org/infra/ssh_known_hosts
2025-04-13T16:39:28  <matrix-o-o> <egotthold> Okay so ssh -J with thor? Or how to connect?
2025-04-13T16:39:31  <acidsys> yep
2025-04-13T16:41:05  <matrix-o-o> <egotthold> It worked just like that. Thanks. Setting up k3s now.
2025-04-13T16:41:38  <acidsys> great, let me know when you need anything else. I will check the others now
2025-04-13T16:41:43  <acidsys> oh and when able please do one more reboot so the failing kdump service goes away
2025-04-13T16:41:57  <matrix-o-o> <egotthold> Then I'll start with that. :)
2025-04-13T16:49:36  <matrix-o-o> <egotthold> Something is off with the firewall...
2025-04-13T16:49:40  <matrix-o-o> <egotthold> schoolguy@apollo01:/home/schoolguy> ping get.k3s.io
2025-04-13T16:50:11  <acidsys> well I don't think you ever told me about any extra allowances you need :)
2025-04-13T16:50:24  <matrix-o-o> <egotthold> Well Internet access is needed. :)
2025-04-13T16:50:40  <acidsys> more specific would be good
2025-04-13T16:51:07  <matrix-o-o> <egotthold> Let me check what ARC needs to give you specifics. Should I write them in the ticket or here?
2025-04-13T16:51:32  <acidsys> you can add it as a comment to https://progress.opensuse.org/issues/161411
2025-04-13T16:51:45  <matrix-o-o> <egotthold> Will do. Give me some minutes.
2025-04-13T16:51:54  <acidsys> and also whether it should the same for the cobbler and opensuse VLANs or if any differences
2025-04-13T16:53:01  <acidsys> meanwhile I try to figure out what absurd javaws security setting was needed to open the BMC console
2025-04-13T16:53:39  <matrix-o-o> <egotthold> I am using a Leap 42.3 VM and connect to the BMC just fine. It stopped working on TW a few weeks ago, even with everything disabled that I could find.
2025-04-13T16:55:15  <acidsys> oh and I thought it was me. because I had `env JAVA_HOME=/usr/lib64/jvm/java-1.8.0-openjdk-1.8.0 javaws.itweb Downloads/jviewer.jnlp` in my shell history, but that now reports "Constraint unknown: c2tnb191v1"
2025-04-13T16:55:29  <matrix-o-o> <egotthold> Same on my end.
2025-04-13T16:55:30  <acidsys> and with newer java 11 it complains about unsigned JARs
2025-04-13T16:55:53  <matrix-o-o> <egotthold> Yes, that is why I switched to the Leap 42.3 VM.
2025-04-13T17:02:50  <acidsys> ok so after not finding "c2tnb191v1" in the java.security strace revealed was being read, I simply moved away /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security/java.security and lo and behold, it runs :P
2025-04-13T17:03:34  <matrix-o-o> <egotthold> Well I find my solution a bit better. Your solution really removes everything security related. 😂
2025-04-13T17:03:34  <acidsys> it might have been some include or variable in the file
2025-04-13T17:03:44  <acidsys> oh and running leap 42 is better security? lol
2025-04-13T17:04:19  <matrix-o-o> <egotthold> Well no idea but it feels better then to remove a core file of the jre... Probably it makes no difference.
2025-04-13T17:04:54  <acidsys> right, well not that I approve of it, but at least I only use 1.8.0 for this, I still have the in tact java.security for my other JREs
2025-04-13T17:06:50  <matrix-o-o> <egotthold> That is true. Anyway I didn't find much in regard to networking but what I found is now in the issue. The GitHub Infrastructure is more then 50 subnets and IP addresses. Although I don't like it I think we should allow the internet as a whole since GitHub says the IP ranges they serve from are dynamic and as such they only provide the list of addresses from their API.
2025-04-13T17:07:59  <acidsys> oh GitHub is not a problem at all, I have https://gitlab.infra.opensuse.org/infra/scripts/-/blob/master/4to6/github-4to6.py
2025-04-13T17:08:49  <matrix-o-o> <egotthold> Very neat. Well then GitHub + get.k3s.io and we are good to get me rolling.
2025-04-13T17:09:41  <matrix-o-o> <Emma [it/its]> 👀 TIL about "/meta"
2025-04-13T17:43:43  <acidsys> I submitted some prior cleanup, after I will add the new rules
2025-04-13T18:11:10  <acidsys> made !2421, waiting for rebase after !2420
2025-04-13T18:40:52  <matrix-o-o> <egotthold> I have never seen nfttable rules so while I could press approve I would like to pass the duty of review to someone else. I will still leave some comments.
2025-04-13T19:08:09  <acidsys> I think we also want to allow https to OBS for containers from registry.o.o
2025-04-13T20:11:00  *** teepee_ is now known as teepee
2025-04-13T20:31:42  *** comrAId is now known as comrad
2025-04-13T21:15:42  <acidsys> egotthold: I tried to deploy what I believe to be apollo02 now, but the MAC addresses of the data interfaces don't show up on the switch ports I have configured as apollo02
2025-04-13T21:15:59  <acidsys> I now also added VLANs to all the other apollo ports thinking maybe it's a wrong comment, but on those I don't find it either
2025-04-13T21:16:28  <acidsys> I will try to find the ticket history and maybe make another one
2025-04-13T21:40:16  <acidsys> interesting, eventually I found it at an obscure port with a different comment. bit of a mess >:(