2020-04-07T00:37:59  -heroes-bot- PROBLEM: MySQL WSREP recv on galera3.infra.opensuse.org - CRIT wsrep_local_recv_queue_avg = 585.772691 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=galera3.infra.opensuse.org&service=MySQL%20WSREP%20recv
2020-04-07T02:50:10  *** okurz_ is now known as okurz
2020-04-07T08:31:24  <klein> lcp and cboltz, is the performance of this test instance of bugzilla ok?
2020-04-07T08:43:30  <lcp> klein: comparing to every other bugzilla, it seems it's fast enough ;)
2020-04-07T08:44:09  <lcp> yeah, it loads everything fairly quickly
2020-04-07T09:05:58  <klein> well... if you saw the machine we got from Microfocus.... (we received the image with everything included).... It's a miracle that it was working
2020-04-07T09:06:44  <klein> I know that we do a lot of "non optimal" things.. but those machines were lacking some love for quite some time already
2020-04-07T09:56:13  <lcp> klein: well, better local cruft than remote cruft I guess ;)
2020-04-07T10:16:50  *** agraul_ is now known as agraul
2020-04-07T12:54:28  <tuanpembual> hi, anyone can login to progress.o.o?
2020-04-07T12:54:39  <tuanpembual> I need some config :D
2020-04-07T12:55:03  <tuanpembual> to compare old config.
2020-04-07T14:13:20  <lkocman> tuanpembual, let me check
2020-04-07T14:13:27  <lkocman> tuanpembual, I'm logged in
2020-04-07T14:13:46  <tuanpembual> wait
2020-04-07T14:42:47  *** Martchus_ is now known as Martchus
2020-04-07T15:44:09  <lcp> okurz: would you mind taking a look at https://build.opensuse.org/request/show/791020
2020-04-07T15:44:55  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 84 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-04-07T16:44:55  -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=48 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-04-07T17:03:07  <okurz> lcp: sorry about that. I have accepted the request. I have a huge task backlog lately.
2020-04-07T17:05:48  <lcp> okurz: no worries :P
2020-04-07T17:05:57  <lcp> thanks!
2020-04-07T17:58:59  * Eighth_Doctor waves
2020-04-07T18:00:31  <pjessen> good evening all
2020-04-07T18:00:34  <cboltz> hi everybody, and welcome to the heroes meeting!
2020-04-07T18:00:46  <tuanpembual> hi all,
2020-04-07T18:01:14  <cboltz> so far, we only have the "usual" topics on https://progress.opensuse.org/issues/64168 - but we can add things if needed
2020-04-07T18:02:15  <cboltz> does someone from the community have a question?
2020-04-07T18:04:25  <pjessen> i guess the community is busy elsewhere ?
2020-04-07T18:04:56  <cboltz> or people are too shy to ask us ;-)  (hint: we don't bite!)
2020-04-07T18:05:07  <Eighth_Doctor> eh, well, at least I'm working on ipsilon and noggin atm
2020-04-07T18:05:13  <klein> I just want to say that Lars asked me to build 2 new gitlab runners... and I dind't had time yet :-( (/me in shame)
2020-04-07T18:05:18  <Eighth_Doctor> (their packaging, that is)
2020-04-07T18:05:26  <cboltz> anyway - let's continue with status reports
2020-04-07T18:05:29  <klein> but... I fixed the keepalived upstream formula on the Saltstack repo :-)
2020-04-07T18:06:52  <tuanpembual> I have small update.
2020-04-07T18:07:02  <tuanpembual> from new progress.
2020-04-07T18:07:35  <Eighth_Doctor> new progress?
2020-04-07T18:07:37  <tuanpembual> still working to fix patch for create ticket as private with send email to redmine@o.o
2020-04-07T18:07:48  <cboltz> Eighth_Doctor: progress-test.o.o
2020-04-07T18:07:49  <tuanpembual> https://progress-test.opensuse.org
2020-04-07T18:08:24  <tuanpembual> that all
2020-04-07T18:09:36  <lcp> that's pretty cool, I have had a look at redmine theming and it will require quite a bit of css so I didn't touch it yet
2020-04-07T18:09:49  <Eighth_Doctor> it looks fancy :D
2020-04-07T18:11:57  <pjessen> okay let me continue - last week I enabled TLS for outound on anna and else.
2020-04-07T18:12:21  <tuanpembual> thanks
2020-04-07T18:12:26  <pjessen> I'll learn to type, honestly. one of these days
2020-04-07T18:13:07  <pjessen> TLS for outbound should have no big impact on anything, I doubt if anyone has noticed anything
2020-04-07T18:13:45  <pjessen> I've also been doing some more mirror cleanup, but only minor stuff.
2020-04-07T18:14:11  <cboltz> I've seen some admin-auto mails from pontifex (for example a missing database column) - any idea what's wrong?
2020-04-07T18:14:35  <pjessen> cboltz: I've not seen those, will have to check
2020-04-07T18:14:55  <pjessen> maybe someone is working on the mirroring setup ? otherwise it has not changed
2020-04-07T18:15:43  <klein> Darix/Lars team made changes on mirrorbrain last week
2020-04-07T18:16:31  <cboltz> that might explain it ;-)
2020-04-07T18:16:52  <pjessen> lets forward those mails to lars :-)
2020-04-07T18:17:34  <pjessen> anyway, from me, that's it - no progress on forums, still need someone who understand how to integrate it with our authenticatrion setup
2020-04-07T18:18:48  <lcp> pjessen: I hope to help you with that, but that will entirely depend on how much we actually know ;)
2020-04-07T18:19:17  <pjessen> lcp: together maybe we'll make it to 0 ? 0+0 ?  :-)
2020-04-07T18:19:48  <pjessen> I admit, I have no idea how it works.
2020-04-07T18:20:01  <lcp> I think we might be adding negatives ;)
2020-04-07T18:20:18  <pjessen> lcp: LOL
2020-04-07T18:21:04  <lcp> joking aside, it's saml, so we can set it up with the previous auth that mf had in their infra, since it's not dependent on the local server setup mostly
2020-04-07T18:21:31  <lcp> however that depends on what address the current site has so testing might suck
2020-04-07T18:22:02  <pjessen> that is sort of what I was hoping for, yeah. I just see some missing bits in the apache config, I suspect.
2020-04-07T18:22:07  <lcp> in any case, until we have some local saml setup, either with our own login system or SUSE login system, we kinda have to use that
2020-04-07T18:22:43  <Eighth_Doctor> I'm hoping to get a basic noggin package ready in the coming days
2020-04-07T18:23:28  <cboltz> sounds good, but - IMHO that should be a separate step and not block the forum move ;-)
2020-04-07T18:23:34  <lcp> I didn't setup the freeipa2, because we had the salt issue, and now that salt in the repo was updated, we have more salt issues there
2020-04-07T18:23:44  <cboltz> I'd start with whatever we have already available ;-)
2020-04-07T18:23:58  <lcp> and I also split myself in half and did a bunch of work on porting freeipa to openSUSE out of frustration obviously
2020-04-07T18:24:36  <pjessen> cboltz: agree
2020-04-07T18:25:42  <cboltz> in worst (?) case, it might even be an idea to write a small plugin that works with our auth proxy
2020-04-07T18:26:21  <cboltz> it's just a guess, but I wouldn't be surprised if that's easier than reverse-engeneering the needed saml config
2020-04-07T18:26:44  <pjessen> my main problem remains - I simply don't know how it works today.
2020-04-07T18:27:08  <cboltz> same for me
2020-04-07T18:27:12  <bmwiedemann> Good evening. What is the topic? The new bugzilla auth backend coming in May?
2020-04-07T18:27:30  <lcp> for testing I would probably request we had it pointing entirely at forums.o.o instead of forums-nbg.o.o, so we can test auth at least locally
2020-04-07T18:27:44  <lcp> and I also would request some access so I can take a look
2020-04-07T18:27:46  <cboltz> bmwiedemann: no, we are talking about forum move, especially authentification
2020-04-07T18:28:00  <cboltz> but what you mention also sounds interesting - can you tell us some details?
2020-04-07T18:28:31  <bmwiedemann> yes. I didnt mean to disturb your topic, though.
2020-04-07T18:28:37  <pjessen> lcp: I dont think we can update the DNS until we're ready to move.
2020-04-07T18:29:12  <cboltz> lcp: with "request some access", do you mean sudo on the forum-nbg server?
2020-04-07T18:29:45  <lcp> pjessen: not dns, but juggling forums.opensuse.org to the ip in the /etc/hosts should work
2020-04-07T18:29:51  <lcp> cboltz: yes
2020-04-07T18:30:37  <pjessen> lcp: afaik, the setup does not work on forums-ngb yet, but you should certainly have access
2020-04-07T18:31:10  <lcp> pjessen: unless we request it with provo to add forums-nbg to their saml setup for testing ;)
2020-04-07T18:32:11  <lcp> also I don't really need fully working as long as I can mess with auth plugin and the dump we got from provo
2020-04-07T18:32:51  <pjessen> I probably only need to key, then I can set it up for you.
2020-04-07T18:32:58  <pjessen> I probably only need your key, then I can set it up for you.
2020-04-07T18:33:27  <lcp> I believe it's in freeipa
2020-04-07T18:33:42  <cboltz> pjessen:   fetch_freeipa_ldap_sshpubkey.sh hellcp
2020-04-07T18:33:56  <pjessen> okay
2020-04-07T18:34:12  <lcp> oh yeah, there is a script for that
2020-04-07T18:34:44  <cboltz> normally it's used by sshd, but nobody will stop you from using it manually ;-)
2020-04-07T18:35:23  <lcp> maybe I should status report then now 😛
2020-04-07T18:36:13  <lcp> I have made a bunch of progress on matrix setup, and in salt there is a huuuge PR that does a lot of things like set up integrations and riot and some other stuff
2020-04-07T18:36:23  <lcp> at this point what's left are some pretty cosmetic things
2020-04-07T18:37:13  <lcp> basically only waiting for gitlab runners, and for that issue with firewall and haproxy setup at this point
2020-04-07T18:37:29  <pjessen> lcp: you should have root access on forum.i.o.o now.
2020-04-07T18:37:37  <lcp> thanks
2020-04-07T18:38:02  <lcp> outside of that, you might have noticed we transitioned to news-o-o and planet-o-o this last month
2020-04-07T18:39:08  <bmwiedemann> and discontinued lizards.o.o
2020-04-07T18:39:15  <bmwiedemann> so no more wordpress?
2020-04-07T18:39:16  <cboltz> yes, that was a "boring" (as in: no serious problems) move ;-)
2020-04-07T18:39:46  <cboltz> right, no more wordpress :-)
2020-04-07T18:40:01  <Eighth_Doctor> 🥳
2020-04-07T18:40:07  <lcp> ah yeah, there are also formulas for postman3 and ipsilon and some other stuff waiting for gitlab-runners, but aren't PRs yet
2020-04-07T18:40:31  <tuanpembual> yay.
2020-04-07T18:40:34  * bmwiedemann loves getting rid of another php application.
2020-04-07T18:40:34  <lcp> just the moment gitlab-runners happen there is a bunch of stuff to review ;)
2020-04-07T18:41:40  <cboltz> well, reviews can be done without the gitlab-runners ;-)
2020-04-07T18:42:11  <cboltz> (but especially for the bigger MRs having them checked by the CI would be nice)
2020-04-07T18:42:25  <lcp> yup
2020-04-07T18:42:33  <lcp> and those are big prs, adding services
2020-04-07T18:43:25  <cboltz> yes, but then - the CI might not be too useful for this because it doesn't check everything
2020-04-07T18:44:34  <lcp> well, I feel like the only issues with those PRs might be CI complaining, because the rest looks fine, and there just might be small issues I didn't notice otherwise
2020-04-07T18:45:24  <cboltz> if you only worry about the CI, that's not enough reason to stop you ;-)
2020-04-07T18:45:51  <cboltz> I'll do a review later, and if everything looks good, I can merge it manually
2020-04-07T18:45:58  <cboltz> so that you can continue to work on the server
2020-04-07T18:46:06  <lcp> alrighty
2020-04-07T18:46:42  <cboltz> in worst case, we'll have to do a little follow-up fix once the CI works again ;-) - but if highstate works, it's unlikely that the CI will complain
2020-04-07T18:47:33  <lcp> at this point with matrix tho, I could use the firewall/haproxy more than merging the PR with the contents, since that is much more pressing for testing, because it's testing the base ;)
2020-04-07T18:48:45  <klein> cboltz: are we impacted because the CI is not working, so, my lack of time to finish the gitlab runners setup is the cause, right?
2020-04-07T18:49:40  * klein thinking to install at least one manually, so the work is not stoped because of this
2020-04-07T18:49:46  <cboltz> since you ask this way - I'm afraid the answer is yes
2020-04-07T18:50:48  <lcp> also in case the PR to matrix gets merged, I will need the corresponding setup on pgsql server
2020-04-07T18:50:50  <cboltz> I can work around by doing manual merges, but having the CI back would be nice ;-)
2020-04-07T18:51:43  <pjessen> bmwiedemann: bugzilla - was that why I saw a 2nd email from bugzilla-devel_noreply@suse.de  ?
2020-04-07T18:51:49  <bmwiedemann> yes
2020-04-07T18:52:00  <pjessen> bmwiedemann: very cool!
2020-04-07T18:52:02  <bmwiedemann> As you know, auth for bugzilla, forums, wiki, OBS etc is provided by MicroFocus right now, but there is a carve-out process ongoing since SUSE was sold by them. That means, that MF will stop providing these services and the deadline is already 2020-05-18.
2020-04-07T18:52:10  <bmwiedemann> So we are setting up our own bugizlla right now using a DB dump. And we are also setting up our own LDAP auth backend to serve the login-proxies in front of OBS.
2020-04-07T18:52:10  <bmwiedemann> The same ldap should also serve for the other public openSUSE services that need auth.
2020-04-07T18:52:18  <bmwiedemann> As you might know, the design of the login-proxies is so that the user-password is only ever seen by them and services hidden behind them just receive the authenticated user name in a HTTP header.
2020-04-07T18:52:18  <bmwiedemann> There will also be some kind of migration necessary, because we will not receive user passwords as part of MF's DB dump. Easiest would probably a password-reset email for every user.
2020-04-07T18:53:10  <lcp> bmwiedemann: that is a huge problem then, since we will need a saml server from SUSE side for forums in that case
2020-04-07T18:53:40  <bmwiedemann> forum software cannot be patched to accept http-header as auth?
2020-04-07T18:53:52  <bmwiedemann> I heard, this kind of patch is usually just a few lines
2020-04-07T18:53:58  <lcp> we don't know, we only have saml plugin
2020-04-07T18:54:27  <bmwiedemann> well, it exists: https://wiki.univention.de/index.php/SAML_Identity_Provider
2020-04-07T18:54:34  <pjessen> bmwiedemann: I would expect so, but nbody has much experience with the forums software
2020-04-07T18:55:05  <bmwiedemann> as long as it does not expose user passwords to the forum software, it should be fine.
2020-04-07T18:55:32  <pjessen> bmwiedemann: how can we test this?
2020-04-07T18:56:10  <bmwiedemann> once it is up and running - still takes some more days.
2020-04-07T18:56:29  <pjessen> okay, no hurry
2020-04-07T18:57:00  <pjessen> bmwiedemann: i'll be in touch by email tomorrow.
2020-04-07T18:57:36  <cboltz> bmwiedemann: somewhat related - do you also have a replacement for https://www.opensuse.org/openid/ on your radar?
2020-04-07T18:57:55  <cboltz> (moving the website itsself is easy, but so far /openid/ is a blocker)
2020-04-07T18:57:56  <bmwiedemann> I guess, there could also be an app for it.
2020-04-07T18:58:43  <cboltz> can you please check and report back as soon as you know?
2020-04-07T18:59:19  <bmwiedemann> is 'openid connect' good enough?
2020-04-07T18:59:52  <lcp> not the same thing I'm afraid
2020-04-07T19:03:28  <bmwiedemann> do we know, who consumes this openid endpoint?
2020-04-07T19:03:57  <lcp> we cannot know, since that's auth for users, not for specific services
2020-04-07T19:03:59  <bmwiedemann> I know, I installed an internal dyndns and it is using it for auth
2020-04-07T19:04:13  <lcp> that means that they can auth with any service using that id
2020-04-07T19:04:32  <lcp> any service that supports openid that is
2020-04-07T19:06:17  <lcp> bmwiedemann: alright, let's maybe approach it from this angle, we were planning splitting auth away from SUSE anyway, and we could try to synchronize the efforts from ours and your side so we split away from MF and each other at the same time
2020-04-07T19:06:35  <lcp> we do have software to do that selected, and it supports the things we more or less need
2020-04-07T19:07:27  <lcp> however, we don't have a strategy for getting the list of all of the users we would need to transition, which we would need as you need ;)
2020-04-07T19:07:48  <bmwiedemann> so would there be an openSUSE account separate from the bugzilla account then?
2020-04-07T19:08:22  <lcp> bugzilla is something we are discussing with redhat at this moment, to get their system for auth with multiple account systems
2020-04-07T19:08:41  * Eighth_Doctor has a note to ping Jim about this again
2020-04-07T19:09:27  <lcp> bugzilla would be unique in that it would be the one service where we would have both accounts be able to login
2020-04-07T19:09:51  <lcp> everything else is pretty obvious if it's openSUSE or SUSE
2020-04-07T19:10:06  <pjessen> lcp: afaict, we have the user list in the databaee
2020-04-07T19:10:40  <bmwiedemann> but for users it can still be confusing to have 2 different SSO systems then
2020-04-07T19:11:13  <lcp> pjessen: yeah, I kinda wanted to ask service admins to export the list of people registered in every service, but it's hard to get to everybody everywhere ;)
2020-04-07T19:11:31  <pjessen> 2 SSO systems is an oxymoron ....
2020-04-07T19:11:53  <lcp> bmwiedemann: well, I hope they will be branded sufficiently well, so people can tell which one they need to use
2020-04-07T19:12:37  <pjessen> lcp: i'm blinkered, I just want the forums migration out of the way.
2020-04-07T19:13:18  <bmwiedemann> yes, I guess, they will have green chameleons :-P
2020-04-07T19:13:22  <lcp> pjessen: yeeeeah, me too, we really need to set it up at MF right now
2020-04-07T19:14:24  <pjessen> lcp: if the auth system is going to go away in 6 weeks ?
2020-04-07T19:14:57  <lcp> pjessen:  so forums can work on this account system for 6 weeks
2020-04-07T19:15:01  <lcp> that's a lot of time
2020-04-07T19:16:09  <pjessen> lcp: true - if we can get it working in less than a week. Might be better to aim for the new auth system. We will also have to send a reset-your-pwd to all forums users.
2020-04-07T19:16:15  <lcp> if we rush through it, I and Conan Kudo can get the login system ready to test with forums-nbg next week/ in two weeks tho
2020-04-07T19:17:10  <Eighth_Doctor> yeah...
2020-04-07T19:17:10  <lcp> for testing is the keyword, because it certainly won't work a 100% ;)
2020-04-07T19:17:22  <pjessen> lcp: by all means have a go at it.
2020-04-07T19:18:45  <lcp> pjessen: I will create an issue for exporting usernames from all of the software then
2020-04-07T19:19:41  <lcp> then we will ask bmwiedemann or some contact if you prefer to give us the passwordless dump of those users' accounts
2020-04-07T19:19:43  <pjessen> lcp: okay, no prob
2020-04-07T19:21:17  <bmwiedemann> lcp: with email addrs and real names, it will count as PII and there are pretty strict rules about those in Germany.
2020-04-07T19:21:29  <bmwiedemann> just usernames would be easy, though.
2020-04-07T19:22:01  <pjessen> bmwiedemann: i can do usernames only.
2020-04-07T19:22:28  <lcp> bmwiedemann: hm, but what will the dump you get from MF contain then?
2020-04-07T19:23:26  <lcp> also, considering that openSUSE Project at this moment is not a split entity from SUSE, those things should be able to move around inside SUSE without much problem (but add that to the problems that board has to figure out for foundation)
2020-04-07T19:24:16  <lcp> bmwiedemann: ah yeah, any idea who to contact about deployments of openQA/OBS/OSEM and other stuff hosted by SUSE so we can export usernames there too?
2020-04-07T19:24:33  <bmwiedemann> lcp: the dump we get, should contain everything except passwords. But that also means that we need to be extra careful in handling that data. E.g. we need a workers council agreement.
2020-04-07T19:26:18  <lcp> bmwiedemann: eh, I will discuss that with board then too, I see that is going to be really problematic
2020-04-07T19:27:32  <bmwiedemann> sometimes I wonder if using github accounts for auth wouldnt be easier (for openSUSE stuff)
2020-04-07T19:28:18  <lcp> well, I am hoping to setup git forge right after we get openSUSE Account system, so no
2020-04-07T19:29:43  <cboltz> bmwiedemann: that would mean openSUSE uses Microsoft for authentification, and I'd expect some ;-) funny discussions if we do that *g,d&r*
2020-04-07T19:30:04  <pjessen> cboltz: yup.
2020-04-07T19:30:21  <bmwiedemann> Google does. And Microsoft uses chromium code as base for their browser... not so strange?
2020-04-07T19:30:42  <pjessen> code is one thing, data another
2020-04-07T19:31:08  <lcp> that principle still applies even here, amazing
2020-04-07T19:34:56  <bmwiedemann> so far, I added a reminder to export usernames for the heroes when we have it (hopefully end of April)
2020-04-07T19:36:53  <lcp> bmwiedemann: https://progress.opensuse.org/issues/65405
2020-04-07T19:36:55  <bmwiedemann> I guess, when openSUSE has a working separate auth, we could also send out password-reset mails to users with a link to that new auth system.
2020-04-07T19:37:35  <lcp> yup, that should be easy enough to do
2020-04-07T19:38:14  <bmwiedemann> still will need some effort, because we want to handle email bounces gracefully. And I expect there will be a lot of those.
2020-04-07T19:38:43  <lcp> as an additional point, since that was a request, we do want to allow for change of the username for users that want it, but we will handle that manually, since I don't expect that to be popular
2020-04-07T19:38:53  <lcp> at this point we have 2 requests like that
2020-04-07T19:39:28  <bmwiedemann> wow. Will that even work with all connected services? Or will it just be like a new acocunt for those?
2020-04-07T19:39:31  <lcp> so that's also why I'm asking for contact point for the OBS/openQA/OSEM deployments, since that's something that will have to be covered too
2020-04-07T19:39:47  <lcp> bmwiedemann: it will have to be done per service unfortunately
2020-04-07T19:39:58  <lcp> if we can move accounts there, then yes
2020-04-07T19:39:58  <bmwiedemann> OBS => adrian , openQA=> coolo , OSEM dont know
2020-04-07T19:40:24  <lcp> thanks! that's helpful
2020-04-07T19:40:35  <cboltz> I'm afraid changing usernames will open a can of worms because we'll need to change the username at lots of places (starting with > 20 wikis)
2020-04-07T19:41:02  <cboltz> I slightly ;-) doubt that we want to do this
2020-04-07T19:41:05  <bmwiedemann> lcp: and as we discussed in the openid topic, there can be any number of consumers we dont know about
2020-04-07T19:41:10  <lcp> cboltz: yeah, I do hope they don't just login into everything in our infra
2020-04-07T19:41:35  <lcp> bmwiedemann: we will be able to gracefully redirect to our new openid solution easily
2020-04-07T19:41:37  <cboltz> I don't even want to _check_ 20 wikis if a specific user ever logged in there ;-)
2020-04-07T19:41:52  <lcp> cboltz: I am afraid I will have to then ;)
2020-04-07T19:42:16  <lcp> somebody will have to gather info on who logged into every single service in our infra
2020-04-07T19:42:30  <bmwiedemann> automation could
2020-04-07T19:42:31  <lcp> only username tho
2020-04-07T19:42:42  <lcp> yes, of course
2020-04-07T19:42:58  <cboltz> I won't stop you, but that's not the point ;-) - allowing to change the username causes us lots of work without a big gain
2020-04-07T19:42:59  <lcp> I will automate as far as I can
2020-04-07T19:43:15  <lcp> then we will have to crossreference who was where if they request username change
2020-04-07T19:43:38  <lcp> cboltz: I call that being way too nice 😛
2020-04-07T19:43:38  <cboltz> the "old way" (just register a new username, and stop using the old one) is probably good enough, and doesn't cause work
2020-04-07T19:44:20  <cboltz> and even if we allow changing the username, we should IMHO block the old name from being re-used
2020-04-07T19:44:33  <lcp> of course
2020-04-07T19:45:07  <bmwiedemann> I agree with cboltz there
2020-04-07T19:46:49  <lcp> I know it will be a lot of work, but I think it's worth it as an option
2020-04-07T19:46:57  <lcp> one time offer for the transition
2020-04-07T19:49:03  <lcp> I will regret it later, but oh well
2020-04-07T19:49:19  <bmwiedemann> :-D
2020-04-07T19:49:22  <cboltz> I'm sure you'll regret it ;-)
2020-04-07T19:49:24  <lcp> alternatively we could offer it to the two poor souls that want it >:D
2020-04-07T19:49:52  <lcp> because I know both of them quite well
2020-04-07T19:49:58  <lcp> well, well enough
2020-04-07T19:50:54  <cboltz> still, I'd recommend that these poor souls first register a new account with the username they want
2020-04-07T19:51:21  <cboltz> that's easier than having to block the old username "manually"
2020-04-07T19:51:47  <cboltz> after that, we can chown ;-) their data on specific services
2020-04-07T19:51:49  <lcp> eh, it is a lot of effort to move stuff arround tho
2020-04-07T19:52:18  <bmwiedemann> maybe they have a list of services where they are interested in keeping stuff.
2020-04-07T19:52:33  <bmwiedemann> old forum posts might not be as interesting as OBS package maintainership
2020-04-07T19:52:43  <lcp> yup
2020-04-07T19:53:12  <lcp> I will ask then, I will handle this in https://progress.opensuse.org/issues/30970 and with Conan Kudo later ;)
2020-04-07T19:54:47  <lcp> alright, I think that's enough of accounts talk for now, we have a lot of work for the next few weeks >:D
2020-04-07T19:54:54  <Eighth_Doctor> :D
2020-04-07T19:55:34  <bmwiedemann> so we meet again on 2020-05-05 ?
2020-04-07T19:55:41  <lcp> I hate deadlines, but here we are ;)
2020-04-07T19:55:48  <pjessen> sounds like a plan
2020-04-07T19:56:07  <lcp> hopefully with a working accounts system too
2020-04-07T19:56:28  <lcp> unless there are more subjects we didn't discuss
2020-04-07T19:56:42  <bmwiedemann> If there is something needed - I'm probably reading emails more often than IRC on many days.
2020-04-07T19:58:16  <lcp> alright, got it
2020-04-07T19:58:26  <pjessen> ditto
2020-04-07T19:59:51  <cboltz> looks like that's it for today ;-)
2020-04-07T20:00:00  <cboltz> thanks everybody for joining, and for all the work you do!
2020-04-07T20:01:09  <pjessen> stay healthy everone
2020-04-07T20:02:27  <lcp> thanks, you too!
2020-04-07T20:05:07  <bmwiedemann> have a good night
2020-04-07T20:05:38  <tuanpembual> thanks all
2020-04-07T20:05:50  <tuanpembual> good morning :)
2020-04-07T20:06:02  <lcp> night!
2020-04-07T20:08:49  <lcp> cboltz: quick PR to start the account system then https://gitlab.infra.opensuse.org/infra/salt/-/merge_requests/361
2020-04-07T20:10:01  <lcp> when I get freeipa on a centos machine and connect each other, we can start testing those with forums
2020-04-07T20:10:52  <lcp> and I will avoid salt for freeipa, since the centos machine isn't happy about our salt repo at all
2020-04-07T20:11:31  <lcp> we can setup freeipa with salt when I'm done with porting it to openSUSE later this year, after we have this deployment more or less ready
2020-04-07T20:12:12  <lcp> (more than less, it has to be production ready >:D)
2020-04-07T20:12:36  <cboltz> ;-)
2020-04-07T20:13:26  <cboltz> looking at 361 - the first thing I wonder is why you have   {% set roles = ...   everywhere - "roles" seems to be unused)
2020-04-07T20:14:37  <lcp> aw dang it
2020-04-07T20:16:11  <cboltz> next question: why   template: jinja   for sso.opensuse.org.conf? I don't see any jinja in that file
2020-04-07T20:18:38  <cboltz> for /etc/ipsilon/ipsilon.conf I wonder if the actual file or the symlink will "win"
2020-04-07T20:19:40  <lcp> I wonder if I just mixed up source and target
2020-04-07T20:20:10  <cboltz> also an option ;-)
2020-04-07T20:21:09  <cboltz> another detail: openidc.static.cfg is an empty file, which makes   template: jinja   superfluous
2020-04-07T20:22:26  <lcp> removed that earlier
2020-04-07T20:22:53  <lcp> it's also empty on purpose for now >:D
2020-04-07T20:32:10  <cboltz> ;-)
2020-04-07T20:32:47  <cboltz> the MR looks good now (at least the parts I understand / know ;-)
2020-04-07T20:35:51  <cboltz> do you want to have this (or another) MR merged ASAP, or should we wait for the CI?
2020-04-07T20:41:28  <lcp> I can wait, I need to get freeipa setup first anyway
2020-04-07T20:42:17  <lcp> since otherwise I wouldn't have an account system, just very fancy login screen with no backend >:D
2020-04-07T20:43:48  <cboltz> ;-)