2020-05-12T02:46:25  *** okurz_ is now known as okurz
2020-05-12T04:43:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total waiting locks: 4 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-12T04:48:06  -heroes-bot- PROBLEM: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 385 * total waiting locks: 188 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks
2020-05-12T04:53:26  -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=8 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-12T04:58:07  -heroes-bot- RECOVERY: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=2 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks
2020-05-12T06:27:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 57 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-12T06:43:02  <a-865k> are forums still RO? they say so, but I clicked new post, and got a compose page/window.
2020-05-12T06:54:30  <a-865k> Networking forum claims to have accepted the new thread.
2020-05-12T06:58:34  <lcp> a-865k: huh, yeah, I can see that thread
2020-05-12T06:59:09  <lcp> malcolmlewis: this is something you might want to stop from happening ;)
2020-05-12T06:59:14  <a-865k> Looks like the RO announcement is obsolete, needs removal.
2020-05-12T06:59:54  <lcp> well, no, the forums weren't moved yet
2020-05-12T07:04:32  <bmwiedemann1> moozaad: ah, nice to see the great community helper robot :-)
2020-05-12T10:26:44  <darix> https://www.heise.de/security/meldung/Sicherheitspatches-Online-Foren-ueber-vBulletin-Luecke-attackierbar-4719217.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag
2020-05-12T10:27:28  <darix> If we are using 5.5.2 or older we should upgrade to 5.5.6 or 5.6.1
2020-05-12T10:29:50  <lcp> darix: we are using unsupported 4
2020-05-12T10:30:15  <lcp> so that's not gonna work
2020-05-12T10:59:47  <darix> lcp: so even more reason to discourse the thing
2020-05-12T11:02:29  <lcp> darix: yup, I will take a look at that when I got some time, I will probably fork your package since I am not a /srv kind of guy ;)
2020-05-12T11:06:58  <darix> lcp: you want to keep it like that
2020-05-12T11:07:07  <darix> just symlinking dirs around to make it 100% FHS is not fun
2020-05-12T11:07:46  <lcp> well, /var is a better place for those things
2020-05-12T11:08:03  <lcp> in case you really can't reasonably split them apart
2020-05-12T11:08:10  <darix> no
2020-05-12T11:08:24  <darix> this is just overdoing things
2020-05-12T11:08:43  <darix> and you will quickly learn that it is no fun to fork that package
2020-05-12T11:08:52  <darix> because you will have to chase any dep change I do
2020-05-12T11:08:55  <darix> people tried
2020-05-12T11:08:58  <darix> people didnt like it
2020-05-12T11:09:00  <lcp> well, I will try and see
2020-05-12T11:09:05  <darix> (in case of gitlab)
2020-05-12T11:09:12  <darix> your time is better spent elsewhere
2020-05-12T11:10:17  <lcp> I won't disagree with that statement, for everything that I do
2020-05-12T11:14:27  <darix> lcp: lets just say discourse needs writable directories in places where you dont expect it. (for technical reasons) so splitting that all up and make package upgrades work will be a major pita.
2020-05-12T11:15:01  <darix> The technical reason is the multisite support which updates some files from the DB on startup
2020-05-12T11:15:22  <lcp>  /var is usually writable for the applications
2020-05-12T11:15:51  <lcp> that's why you would use /var and not /usr
2020-05-12T11:16:06  <darix> /srv is too
2020-05-12T11:16:21  <lcp> well, yeah, the difference is FHS
2020-05-12T11:16:27  <darix> and having the whole application in /var is just wrong
2020-05-12T11:17:07  <lcp> having the whole application in /usr/lib is also wrong, but we kinda live with firefox like that
2020-05-12T11:17:14  <darix> well no
2020-05-12T11:17:20  <darix> /usr/lib is our "libexec"
2020-05-12T11:17:29  <darix> (except some people try to change it in TW)
2020-05-12T11:17:38  <darix> so firefox being in /usr/lib/firefox
2020-05-12T11:17:41  <lcp> having the whole application in /usr/libexec is also wrong
2020-05-12T11:17:42  <darix> is totally valid
2020-05-12T11:17:49  <darix> uhm
2020-05-12T11:17:52  <darix> no it is not
2020-05-12T11:17:53  <lcp> firefox has a bunch of static data in there
2020-05-12T11:18:09  <lcp> obviously that's stuff that should be in /usr/share
2020-05-12T11:22:02  <darix> if you wanted to fix that for everything that uses /usr/lib/someprog you are up for major pain
2020-05-12T11:22:49  <lcp> it would
2020-05-12T11:23:03  <lcp> but it wouldn't be that big of a deal to move /srv stuff to /var ;)
2020-05-12T11:23:12  <darix> yes why?
2020-05-12T11:23:28  <darix> /srv is a correct place for stuff like that
2020-05-12T11:24:47  <lcp> I disagree, it is a correct place for system administrators to place unpackaged applications
2020-05-12T11:25:03  <lcp> I do think for the sake of packaging better place is /var
2020-05-12T11:31:40  <darix> no application data should be in /var/
2020-05-12T11:31:42  <darix> *ever*
2020-05-12T11:33:00  <darix> it is meant for data created by the apps during runtime
2020-05-12T12:50:37  <malcolmlewis> lcp, some areas could be like that, as we have no access can't do anything except rely on peoples common sense not to post and read the notice
2020-05-12T12:51:11  <lcp> malcolmlewis: alright
2020-05-12T12:51:24  <malcolmlewis> It's like telling a kid not to touch the oven because it's hot... or nemo and his fin...
2020-05-12T12:52:03  <malcolmlewis> lcp all I was able to do is set permissions
2020-05-12T12:52:20  <lcp> yeah, I get it
2020-05-12T12:52:25  <lcp> how is the dump going?
2020-05-12T12:53:35  <malcolmlewis> lcp, have not received any info as of yet, but AFAIK it can take awhile as they have to sanitize the microfocus.com email addresses..
2020-05-12T12:56:26  <darix> malcolmlewis: forum dump?
2020-05-12T12:56:37  * darix would be happy to give the conversion a try
2020-05-12T12:57:30  <malcolmlewis> darix, the vB data extract, it's in the control of Accenture
2020-05-12T12:57:53  <darix> malcolmlewis: i mean discourse conversion :P
2020-05-12T12:58:16  <darix> of course ... now that I get to my Apparmor question he runs!
2020-05-12T12:58:36  <malcolmlewis> darix, :) anything is possible once get info over....
2020-05-12T13:10:29  <lcp> darix: the previous dump is on the forum.infra.opensuse.org machine, so you can try it
2020-05-12T13:10:53  <darix> also all the assets?
2020-05-12T13:11:26  <lcp> I do believe it's complete overall
2020-05-12T13:13:32  <lcp> look out for conversion of emoticons, SUSE (or actually vanilla) did an awful job with their forums and everything looks awful
2020-05-12T13:13:55  <darix> May 12 15:13:15.111411 tengu synapse[6269]: twisted: [] ValueError: Cannot use this database as it is too new for the server to understand
2020-05-12T13:14:07  <darix> hmm it seems it downgraded my matrix
2020-05-12T13:14:08  <darix> moment
2020-05-12T13:14:31  <darix> better
2020-05-12T15:20:52  -heroes-bot- PROBLEM: HTTP l10n on nuka.infra.opensuse.org - CRITICAL - Socket timeout after 10 seconds ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=nuka.infra.opensuse.org&service=HTTP%20l10n
2020-05-12T15:40:43  -heroes-bot- RECOVERY: HTTP l10n on nuka.infra.opensuse.org - HTTP OK: HTTP/1.1 200 OK - 41249 bytes in 0.427 second response time ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=nuka.infra.opensuse.org&service=HTTP%20l10n
2020-05-12T16:56:02  <tuanpembual> hi cboltz
2020-05-12T16:56:13  <cboltz> hi
2020-05-12T16:57:50  <tuanpembual> anything I can help?
2020-05-12T16:57:51  <tuanpembual> :D
2020-05-12T16:58:14  <tuanpembual> after progress, I dont have any ticket, except bugs issue
2020-05-12T16:59:17  <lcp> with that much talk about login changes and me doing nothing about the topic due to how everything played out I do feel very useless >:D
2020-05-12T17:00:00  <cboltz> tuanpembual: maybe another update to redmine 4.1.x? ;-)
2020-05-12T17:01:15  <tuanpembual> I see, 3.xx will last version, and move to 4.xx
2020-05-12T17:03:46  <cboltz> I guess that might keep you busy for a while - but it should be easier than the last update because you are now more familiar with redmine
2020-05-12T17:04:08  <tuanpembual> got it
2020-05-12T17:04:15  <cboltz> I could also offer some upstream AppArmor work (on aa-logprof etc.) if someone is looking for python coding ;-)  (but I'm somewhat afraid that the code sections that need most love are also the hardest to understand)
2020-05-12T17:04:29  <tuanpembual> but maybe will need new VM again.
2020-05-12T17:05:00  <tuanpembual> not for now. I will try install on local VM first.
2020-05-12T17:05:02  <cboltz> that, or install it to another directory
2020-05-12T17:05:36  <tuanpembual> need vm only when interact with heroes service, like login etc.
2020-05-12T17:17:41  <darix> there is also a redmine rpm
2020-05-12T17:17:48  <darix> which isnt too far behind upstream
2020-05-12T17:28:31  <lcp> kl_eisbaer: what is the solution that SUSE uses internally for managing the stuff for which we use freeipa?
2020-05-12T17:39:17  <kl_eisbaer> lcp: for >twenty years, there was a home grown solution, that had all data in a postgresql database - and scripts exporting these data to all neeeded services. That solution should be replaced by the Univention solution, as far as I know. But @jdsn and  @bmwiedemann know better, for sure.
2020-05-12T17:40:23  <kl_eisbaer> tuanpembual: and I would love to see a redmine.rpm first ;-)
2020-05-12T17:40:40  <jdsn> kl_eisbaer: thats exactly the next steps, we will migrate service by service to Univention and other tools like salt
2020-05-12T17:40:42  <lcp> eh, that does remove some fine-tuned setup in ldap groups since openldap isn't capable of this
2020-05-12T17:40:56  <lcp> that's disappointing
2020-05-12T17:41:27  <tuanpembual> sure ;)
2020-05-12T17:41:56  <lcp> as an aside though, what is the plan for the rest of freeipa services, like dns, ssl etc
2020-05-12T17:42:31  <lcp> since you know, user management is a small part of the system
2020-05-12T17:42:39  <kl_eisbaer> lcp: are you speaking about the freeipa.i.o.o services?
2020-05-12T17:42:48  <lcp> yes
2020-05-12T17:43:00  <kl_eisbaer> lcp: IMHO the only plan I know so far is to migrate everything to a newer installation
2020-05-12T17:43:32  <kl_eisbaer> `slapcat && slapadd` in former times ;-)
2020-05-12T17:43:50  <lcp> well, that was kinda the plan for freeipa2
2020-05-12T17:44:05  <lcp> (there were more plans for that instance too)
2020-05-12T17:44:16  <kl_eisbaer> So just start with this, I would say.
2020-05-12T17:44:24  <lcp> since you know, the current freeipa is still running on fedora 24
2020-05-12T17:44:40  <lcp> well, I can't exactly migrate without having access to it, can I
2020-05-12T17:44:44  <kl_eisbaer> I know, I know....
2020-05-12T17:44:54  <kl_eisbaer> => ^^ @jdsn :-)
2020-05-12T17:45:27  <jdsn> ??
2020-05-12T17:45:36  <darix> tuanpembual: https://build.opensuse.org/package/show/home:darix:apps/redmine
2020-05-12T17:46:04  <kl_eisbaer> lcp wants to get access to freeipa.i.o.o - as this is a "account management system", which is normally something that SUSE has an eye on ....
2020-05-12T17:46:33  <kl_eisbaer> ... I would leave the decision either to you or bmwiedemann
2020-05-12T17:46:37  <darix> tuanpembual: though I havent tested the 4.1.1 package yet
2020-05-12T17:47:06  <kl_eisbaer> or whomever in your team is currently responsible for openSUSE infrastructure stuff
2020-05-12T17:47:22  <jdsn> well that depends what systems are using it, right?
2020-05-12T17:47:48  <jdsn> all heroes :)
2020-05-12T17:47:50  <kl_eisbaer> jdsn: freeipa provides openSUSE heroes accounts + opensuse.org, opensuse.de and opensuse.fr domain entries
2020-05-12T17:48:48  <jdsn> sorry, I don't understand what needs to be decided
2020-05-12T17:48:54  <kl_eisbaer> I'm fine with adding jcp to the system - but I don't want to do this without a go from the official side
2020-05-12T17:49:18  * lcp changes name
2020-05-12T17:49:37  <kl_eisbaer>  the freeipa instance was formerly maintained by OPS-Services -> SUSE-IT -> EngInfra
2020-05-12T17:50:02  <tuanpembual> @darix: show your obs before. But still new on OBS. hope you will be my mentor, how build on obs.
2020-05-12T17:50:11  <kl_eisbaer> so the machine - while heavily used by the heroes - is officially still in your hands (or the one inside your team who is officially assigned to openSUSE stuff)
2020-05-12T17:50:37  <darix> If anything but heroes services is using it
2020-05-12T17:50:47  <darix> that would be very weird as nothing else can reach it
2020-05-12T17:51:05  <jdsn> ah, now I see, so I assume we should have had a handover :)
2020-05-12T17:51:09  <darix> at least I hope that is still the case
2020-05-12T17:51:20  <kl_eisbaer> jdsn: as with many other services, yes :-)
2020-05-12T17:51:24  <lcp> not to mention ssl issues without the certificate
2020-05-12T17:51:27  <lcp> so I assume it is actually openSUSE only
2020-05-12T17:51:41  <kl_eisbaer> jdsn: just think about tarzan/jane, anna/elsa ...
2020-05-12T18:01:26  <Eighth_Doctor> I found out from abompard how FreeIPA migrations work so that's handy to know :)
2020-05-12T18:15:55  <lcp> any new ports we need to open for it? >:D
2020-05-12T18:17:18  <lcp> in any case, it would be nice to get rid of rh family stuff from the infra :P
2020-05-12T18:17:38  <Eighth_Doctor> it's basically setting up IPA replica, replicating all data, then cutting off old node
2020-05-12T18:18:54  <Eighth_Doctor> I need to check on if extra ports are needed for replicas, but I don't think there are