2020-05-13T01:49:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 180 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T01:59:27  -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=16 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T02:45:18  *** okurz_ is now known as okurz
2020-05-13T04:47:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total waiting locks: 13 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T04:52:05  -heroes-bot- PROBLEM: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 294 * total waiting locks: 143 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks
2020-05-13T05:02:06  -heroes-bot- RECOVERY: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=2 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks
2020-05-13T05:37:27  -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=49 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T06:01:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 52 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T09:52:18  <lcp> adrianS: I'm curious, since I heard a bunch of people complain about the login proxy not allowing passwords containing certain characters and 62 characters limit, what is the login proxy actually running?
2020-05-13T09:53:11  <adrianS> hm, where did you hear that?
2020-05-13T09:53:46  <adrianS> IIRC there is a limit inside of UCS atm which we need to report ... I am not aware of a limit in the proxy
2020-05-13T09:54:20  <adrianS> actually, I do not know if we have a limit there ... but given I don't know since > 10 years, I assume there is none :)
2020-05-13T09:54:30  <lcp> I don't actually remember, it was also true with the previous system afaik, but I did bring it up when people had issues with logging in and it generally helped
2020-05-13T09:54:37  <adrianS> the proxy is mainly apache2 plus some modules
2020-05-13T09:54:47  <lcp> yeah, that's what I expected
2020-05-13T09:55:15  <lcp> I would assume mod_auth_ldap with some form overlay
2020-05-13T09:56:09  <adrianS> yes, authentification is done via the usual mod_*ldap modules
2020-05-13T09:56:09  <lcp> err, apparently it's mod_authz_ldap, whatever
2020-05-13T09:56:18  <lcp>  * err, apparently it's mod_authnz_ldap, whatever
2020-05-13T09:56:32  <adrianS> mod_authnz_ldap and mod_ldap
2020-05-13T09:57:36  <adrianS> plus an own variant of auth_memcookie for the header rewrite
2020-05-13T09:57:47  <lcp> something has to be wrong considering with both systems special characters just failed to work, I'm gonna look around maybe I find something
2020-05-13T09:58:15  <adrianS> eg !  ?
2020-05-13T09:58:28  <adrianS> or do you have any other example char?
2020-05-13T09:58:43  <adrianS> or any report somewhere?
2020-05-13T09:59:35  <lcp> apparently & was problematic
2020-05-13T09:59:47  <lcp> I do actually have some example passwords from users tho
2020-05-13T10:00:22  <lcp> &rNQsH5EUH2LkRfWAP%dRMv@eENiryxc%o!EujQi@RvtDr#woQt!q^32tTP275oEYuswUgC6Ji$e9&sQVAC5!4jwdqzsjXszmwms23p4Qe$r7hoqFXB7YBF8h@aDt$U@
2020-05-13T10:01:29  <lcp> they all seem to work just fine in ucs too, they are perfectly usable
2020-05-13T10:03:02  <lcp> just when it comes to the proxy, it hates it
2020-05-13T10:03:54  <adrianS> 129 chars ...
2020-05-13T10:04:19  <adrianS> k, will test a bit after lunch
2020-05-13T10:04:40  <adrianS> but are these new passwords?
2020-05-13T10:04:51  <adrianS> I mean why is the problem surfacing now?
2020-05-13T10:05:53  <lcp> no idea, I assume it's all a side effect of people generating new, more secure passwords for the new stuff
2020-05-13T10:06:13  <lcp> whereas they wouldn't have let's say 10 years ago for the previous one
2020-05-13T11:59:02  <lethliel> cboltz: wrt boo#1134447 When did this happen?
2020-05-13T11:59:33  <cboltz> I noticed it yesterday
2020-05-13T11:59:47  <cboltz> but maybe it was broken a bit longer - I don't use osc daily
2020-05-13T12:00:19  <lethliel> cboltz: Ok. Because the change with the credentials_mgr_class was a while ago now
2020-05-13T12:01:51  <cboltz> to limit it a bit - last known-for-sure osc usage was around April 9th
2020-05-13T12:02:08  <lethliel> which version do you use?
2020-05-13T12:02:17  <cboltz> whatever is in tumbleweed
2020-05-13T12:02:47  <lethliel> Ok. And you migrated your community account since then, right?
2020-05-13T12:02:55  <cboltz> yes
2020-05-13T12:03:17  <cboltz> it's really just the missing   credentials_mgr_class=   line
2020-05-13T12:03:34  <lethliel> Then it is not an osc bug.  credentials_mgr_class was a while ago now
2020-05-13T12:03:42  <cboltz> for the versions - /var/log/zypp/history says
2020-05-13T12:03:43  <cboltz> 2020-03-15 22:00:00|install|osc|0.168.2-2.1
2020-05-13T12:03:47  <lethliel> Jupp
2020-05-13T12:03:49  <lethliel>  credentials_mgr_class was a while ago now
2020-05-13T12:03:50  <cboltz> 2020-04-24 01:00:27|install|osc|0.168.2-1.1
2020-05-13T12:04:01  <lethliel> args. sorry
2020-05-13T12:04:33  <lethliel> .osc_cookiejar is the one to blame. You can use osc without  credentials_mgr_class= line
2020-05-13T12:05:00  <cboltz> I tried deleting it, but it didn't help
2020-05-13T12:05:05  <cboltz> but let me check again to be sure ;-)
2020-05-13T12:06:04  <lcp> kl_eisbaer: aw, dang it, I forgot mailman3 machine also will need postgres
2020-05-13T12:06:26  <lcp> and it took an error for me to realize the error of my ways
2020-05-13T12:07:06  <lethliel> I just removed my credentails_mgr_class= line and still can use osc without problems
2020-05-13T12:07:16  <cboltz> hmm, strange - I can't break it again
2020-05-13T12:07:41  <cboltz> no idea what was broken yesterday :-/  - I only know that with credentails_mgr_class= added it started to work
2020-05-13T12:08:46  <lethliel> I added compat code for oscrc files without the creds line. So that an update wouldn't break old installations
2020-05-13T12:09:04  <lethliel> and tested the hell out of it ;-)
2020-05-13T12:09:08  <cboltz> ;-)
2020-05-13T12:09:47  <cboltz> since I can't reproduce the problem anymore, let's assume it was a temporary issue with an unknown reason
2020-05-13T12:10:06  <cboltz> so nothing to fix for now
2020-05-13T12:10:19  <lethliel> what scares me even more...
2020-05-13T12:11:32  <cboltz> wait, I think I just reproduced it
2020-05-13T12:12:55  <cboltz> .osc_cookiechar   reduced to just a comment:   #LWP-Cookies-2.0   or completely deleted
2020-05-13T12:13:07  <cboltz> .oscrc from yesterday
2020-05-13T12:14:43  <cboltz> .oscrc: https://paste.opensuse.org/174b1d0c  (password edited)
2020-05-13T12:16:42  <cboltz> after removing user and pass (and letting osc re-add it) it works again
2020-05-13T12:17:06  <cboltz> and it also works after removing   credentials_mgr_class=
2020-05-13T12:17:43  <cboltz> but there is another difference - now it's   user=cboltz   instead of   user = cboltz   (and same spacing change for pass)
2020-05-13T12:24:38  <lethliel> That makes it even more weird. I cannot reproduce it at all
2020-05-13T12:25:36  <lethliel> I remove ~/.osc_cooloejar and have this oscrc: https://paste.opensuse.org/92308119
2020-05-13T12:25:41  <lethliel> And it just works
2020-05-13T12:26:06  <lethliel> even with the spaces and without the creds line
2020-05-13T12:34:47  <cboltz> damn, I'm afraid I finally found it - I was blind :-/ (and the whitespace diff helped to hide this)
2020-05-13T12:35:04  <cboltz> in the broken .oscrc there were two lowercase letters that need to be uppercase
2020-05-13T12:35:39  <cboltz> but I'm quite sure I use the same password on the new login server
2020-05-13T12:36:15  <cboltz> just wondering - could it be that the password was checked case-insensitive before?
2020-05-13T12:36:27  <cboltz> (and: sorry for wasting your time!)
2020-05-13T12:42:43  <lethliel> That could be :-) And you never waste my time ;-)
2020-05-13T12:49:46  <cboltz> :-)
2020-05-13T13:06:55  <lcp> cboltz: god, I don't even want to think about what this means for the security
2020-05-13T13:41:12  <bmwiedemann1> adrianS: it is 128 chars. wc counts the newline, too
2020-05-13T13:45:17  <lcp> is it just me or are the emails from progress seriously delayed
2020-05-13T14:05:55  <adrianS> bmwiedemann1: what is 128 chars? a password?
2020-05-13T14:06:24  <adrianS> the long password not working via OBS webui issue got just solved hopefully
2020-05-13T14:06:39  <adrianS> I could not find issues with special chars so far
2020-05-13T14:18:08  <lcp> adrianS: what was it?
2020-05-13T14:18:40  <adrianS> a wrong base64 encoding in auth-up page ... inserting new lines
2020-05-13T14:18:53  <adrianS> seems eDirectory had a size limit for the password ...
2020-05-13T14:19:03  <adrianS> since it was there since beginning
2020-05-13T14:19:23  <lcp> it also apparently accepts passwords regardless of capitalization, which makes this interesting
2020-05-13T14:19:40  <lcp> eh, I am glad it's not gonna be a thing anymore
2020-05-13T17:35:35  <cboltz> lcp: I'm just looking at !399 and have some questions
2020-05-13T17:35:55  <cboltz> you changed the database_host from name to IP - why? ;-)
2020-05-13T17:36:00  <lcp> huh?
2020-05-13T17:36:34  <lcp> ah, because that ip isn't resolvable and kl_eisbaer advised to use the ip for postgres
2020-05-13T17:36:56  <cboltz> ah, ok
2020-05-13T17:37:13  <cboltz> nginx config
2020-05-13T17:37:22  <cboltz> well, not really a question about your config, more a general question
2020-05-13T17:37:40  <cboltz> we typically have "web_*" as role names for webservers
2020-05-13T17:37:56  <cboltz> and IIRC the nginx test only checks web_* roles
2020-05-13T17:38:27  <cboltz> so - do you think renaming the role wo web_mailman 3 would make sense, or should we drop the web_* name requirement in the test?
2020-05-13T17:38:32  <lcp> right, I should probably also break up the matrix one then
2020-05-13T17:38:59  <cboltz> the question is if we should keep the web_* prefix as hard requirement
2020-05-13T17:39:18  <cboltz> it makes sense for services that are "mostly a webserver" (like web_static)
2020-05-13T17:39:33  <lcp> or web_jekyll
2020-05-13T17:39:39  <lcp> I don't know tbh
2020-05-13T17:40:21  <cboltz> but I'm not sure if it makes sense for matrix which is (at least that's my understanding, I only know it from your salt files) "lots of things + a side job web frontend" ;-)
2020-05-13T17:41:49  <cboltz> I tend to change the test so that it checks the nginx config in all roles
2020-05-13T17:42:20  <cboltz> (MR will follow later, and I'll keep it open for a week so that everybody has a chance to object ;-)
2020-05-13T17:43:04  <cboltz> next question: all the /var/log/mailman/* log files
2020-05-13T17:43:27  <cboltz> it looks like they all have the same settings, only different filenames
2020-05-13T17:43:55  <lcp> well, they provide different logs, for every purpose
2020-05-13T17:44:07  <cboltz> right
2020-05-13T17:44:31  <cboltz> but IMHO they are perfect candidates for a   {% for file in ['uwsgi.log', 'uwsgi-error.log', .... ] %}   loop to make the salt code shorter and easier to understand
2020-05-13T17:45:39  <lcp> yeah, you are probably right
2020-05-13T17:46:25  <cboltz> let's just say I have some "experience" with cleaning up duplicated code and know how much pain this can cause ;-)
2020-05-13T19:48:07  <malcolmlewis> lcp, db extract has been finished, woohoo!!
2020-05-13T19:49:25  <lcp> malcolmlewis: I saw
2020-05-13T19:50:51  <cboltz> :-)
2020-05-13T19:52:30  <lcp> we do have login setup already, so it's just a matter of per getting the db imported to vb
2020-05-13T20:15:51  <malcolmlewis> lcp, yes AFAIK he's onto it as soon as he has time, I expect sometime Friday it will be done....
2020-05-13T20:15:58  <malcolmlewis> knurpht, ^^
2020-05-13T20:21:24  <knurpht> malcolmlewis: thanks, let's hope so.
2020-05-13T20:39:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 61 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T20:49:27  -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=47 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T21:03:26  -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 62 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks
2020-05-13T22:27:31  *** nikki[m]1 is now known as nikki6669[m]