2025-09-22T09:26:31  <acidsys> egotthold: sorry I did not do any progress with #161963 this weekend, but not forgotten
2025-09-22T09:28:59  <matrix-o-o> <egotthold> Thanks for the update.
2025-09-22T10:11:06  <acidsys> lkocman: regarding our chat, according to the pki your certificate expired in april
2025-09-22T10:11:28  <matrix-o-o> <Lubos Kocman> damn
2025-09-22T10:11:34  <matrix-o-o> <Lubos Kocman> what do I need to do to refresh it?
2025-09-22T10:26:05  <acidsys> we can send you a new one, please just make a short ticket in https://progress.opensuse.org/projects/opensuse-admin/issues for tracking
2025-09-22T10:26:55  <acidsys> but confirm that the one I checked is also the one you have (for example `openssl x509 -noout -dates -in /path/to/your/crt`)
2025-09-22T10:27:34  <cboltz> lkocman: while you are on it, maybe you can also add a comment on poo#187269 ;-)
2025-09-22T10:27:57  <matrix-o-o> <Lubos Kocman> sure
2025-09-22T10:30:22  <matrix-o-o> <Lubos Kocman> the cert refresh acidsys https://progress.opensuse.org/issues/189147
2025-09-22T10:36:40  <matrix-o-o> <Lubos Kocman> cboltz: please check your inbox sir!
2025-09-22T10:37:43  <cboltz> thanks!
2025-09-22T10:42:49  <matrix-o-o> <Lubos Kocman> Thank you sir!
2025-09-22T10:45:59  <matrix-o-o> <Lubos Kocman> crameleon (acidsys): I see that the codes were used internally only for Christian and then one more person. So the remaining 8 are still free. Dirk and Alan Clarke would be people behind the effort. So perhaps just ping them directly.
2025-09-22T11:14:30  <acidsys> ok, will do, thanks
2025-09-22T12:41:40  <matrix-o-o> <Lubos Kocman> folks how much do we care about not bloating pinot with software? (daps + make)
2025-09-22T12:41:42  <matrix-o-o> <Lubos Kocman> daps have quite some dependencies
2025-09-22T12:42:17  <matrix-o-o> <Lubos Kocman> I basically need it to build new-style release notes from source on git
2025-09-22T12:44:10  <cboltz> if you have good arguments for the additional software, I don't see a problem with installing it - as long as you do it via salt ;-)
2025-09-22T12:44:56  <matrix-o-o> <Lubos Kocman> understood, yes that's the plan. I did already talk to Georg, I just wanted to double check that it's okay by everyone. There are alternatives, like building it in OBS (either rpm or container).
2025-09-22T12:45:59  <matrix-o-o> <Lubos Kocman> btw any idea why am I getting pubkey denied on lkocman@community2? It used to work :-)
2025-09-22T12:46:15  <matrix-o-o> <Lubos Kocman> to my knowledge main index page that points to individual release notes, is still there
2025-09-22T12:46:24  <matrix-o-o> <Lubos Kocman> rest seems to be already hosted from pinot
2025-09-22T12:46:57  <cboltz> IIRC package built in OBS + extracting it on pinot is the current workflow, so that way would also be an option -> whatever you prefer ;-)
2025-09-22T12:48:25  <cboltz> right, /release-notes/ is hosted on pinot (because it needs Apache to serve the preferred language)
2025-09-22T12:48:44  <cboltz> everything else on doc.o.o lives on community2
2025-09-22T12:49:52  <cboltz> your login problem there sounds like fun with kanidm
2025-09-22T12:52:00  <cboltz> I restarted kanidm-unixd on community2 (via salt), try again
2025-09-22T12:52:07  <matrix-o-o> <Lubos Kocman> doing so. thx
2025-09-22T12:52:39  <matrix-o-o> <Lubos Kocman> cboltz: still the same lkocman@community2.infra.opensuse.org: Permission denied (publickey).
2025-09-22T12:55:19  <cboltz> I see you just tried again, only log line in /v/l/messages is
2025-09-22T12:55:22  <cboltz> Sep 22 12:54:51 community2 sshd[32445]: Connection closed by authenticating user lkocman 2a07:de40:b27e:5001:4592:8300:9d1b:d1f9 port 44938 [preauth]
2025-09-22T12:55:45  <cboltz> no kanidm_unixd log lines
2025-09-22T12:56:04  <matrix-o-o> <Lubos Kocman> perhaps my pubkey is simply missing
2025-09-22T12:56:09  <cboltz> (but the previous restart clearly helped - it fixed login for me)
2025-09-22T12:56:26  <matrix-o-o> <Lubos Kocman> ah oky
2025-09-22T12:56:27  <cboltz> can you login to other VMs?
2025-09-22T12:57:11  <matrix-o-o> <Lubos Kocman> I never connected to any other vm, just pontifex int he past, community2 and pinot
2025-09-22T12:57:21  <matrix-o-o> <Lubos Kocman> * in the
2025-09-22T12:57:33  <matrix-o-o> <Lubos Kocman> and the old community while it was still there
2025-09-22T12:57:45  <cboltz> does login on pinot work?
2025-09-22T12:57:51  <matrix-o-o> <Lubos Kocman> yup
2025-09-22T12:58:03  <acidsys> that is surpsiring, $ kanidm person ssh list-publickeys lkocman => "No ssh public keys"
2025-09-22T12:58:04  <matrix-o-o> <Lubos Kocman> ah wait, there I login as relsync
2025-09-22T12:58:11  <acidsys> well that explains
2025-09-22T12:58:12  <matrix-o-o> <Lubos Kocman> lkocman@localhost:~> ssh lkocman@pinot
2025-09-22T12:58:12  <matrix-o-o> lkocman@pinot.infra.opensuse.org: Permission denied (publickey).
2025-09-22T12:58:15  <matrix-o-o> <Lubos Kocman> same same
2025-09-22T12:58:54  <matrix-o-o> <Lubos Kocman> my pubkeys in gitlab are also expired so to say
2025-09-22T12:59:36  <cboltz> ok, so you'll need to add your current pubkey to kanidm and to gitlab
2025-09-22T12:59:38  <acidsys> you can manage your ssh keys in https://idm.infra.opensuse.org/ui/update_credentials (or via command line https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Kanidm_Account_Management#SSH-key-management once you have an initial key to reach a shell somewhere)
2025-09-22T13:00:07  <matrix-o-o> <Lubos Kocman> yeah there I have no keys, not even expired ones. Thx!
2025-09-22T13:01:49  <matrix-o-o> <Lubos Kocman> oky keys updated, I'll just wait for the pipeline
2025-09-22T13:21:56  <cboltz> there isn't a pipeline when adding a key, the only thing that could stop you is the kanidm cache timeout - so just try again ;-)
2025-09-22T13:30:14  <matrix-o-o> <Lubos Kocman> https://gitlab.infra.opensuse.org/lkocman/salt/-/merge_requests/1/diffs
2025-09-22T13:30:38  <matrix-o-o> <Lubos Kocman> I think this should be it in general, not sure about all the dependencies though.
2025-09-22T13:46:15  <matrix-o-o> <Lubos Kocman> cboltz: ready to merge. acidsys any thoughts on the PR?
2025-09-22T13:54:05  <matrix-o-o> <Lubos Kocman> my bad https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/2574
2025-09-22T14:39:56  <matrix-o-o> <Lubos Kocman> cboltz: thank you for your feedback Christian. I think addressed all the issues
2025-09-22T14:40:38  <matrix-o-o> <Lubos Kocman> Meanwhile, I'm still getting lkocman@community2.infra.opensuse.org: Permission denied (publickey).
2025-09-22T14:41:45  <matrix-o-o> <Lubos Kocman> ah two factor required, so my changes were not saved. never mind! will fix
2025-09-22T14:44:31  <matrix-o-o> <Lubos Kocman> all set, now it's really just a cache issue
2025-09-22T14:45:18  <cboltz> I just restarted kanidm-unixd on community2, so the cache should be gone
2025-09-22T14:45:35  <matrix-o-o> <Lubos Kocman> thank you very much sir!
2025-09-22T14:45:51  <matrix-o-o> <Lubos Kocman> just got Have a lot of fun...
2025-09-22T14:46:04  <cboltz> :-)
2025-09-22T15:06:21  <matrix-o-o> <Lubos Kocman> cboltz: wait a sec so do we want a newline or not, my current revision doesn't have one. So I suppose want a newline
2025-09-22T15:06:57  <cboltz> yes, we want a newline at EOF (but no additional empty line, that would be too much)
2025-09-22T15:25:50  <matrix-o-o> <Lubos Kocman> waiting for the last pipeline, seems I made linter bit angry with the multiline version part
2025-09-22T16:24:35  <matrix-o-o> <Lubos Kocman> Meanwhile I did build and manually uploaded github.com/openSUSE/doc-o-o to community2. See https://doc.opensuse.org/
2025-09-22T16:24:46  <matrix-o-o> <Lubos Kocman> once we have pipeline, I'll switch link to production build
2025-09-22T16:25:12  <matrix-o-o> <Lubos Kocman> that could be salted as well btw. It's rsync and make build (with bunch of rubygems installed)
2025-09-22T18:43:18  <cboltz> lkocman: doc-o-o is jekyll, so letting our VM that already handles all the other jekyll pages build and serve it would be the most boring solution ;-)
2025-09-22T18:43:50  <cboltz> it will need another directory-specific config in haproxy, but I'd prefer that over having another VM doing jekyll builds