2020-05-14T02:44:11 *** okurz_ is now known as okurz 2020-05-14T04:43:26 -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total waiting locks: 4 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-14T04:46:05 -heroes-bot- PROBLEM: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 479 * total waiting locks: 235 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks 2020-05-14T04:53:26 -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=1 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-14T04:56:06 -heroes-bot- RECOVERY: PSQL locks on mirrordb2.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=2 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb2.infra.opensuse.org&service=PSQL%20locks 2020-05-14T07:28:53 @bmwiedemann@lcp: btw, do you plan SAML provider for your instances? 2020-05-14T07:29:13 I am asking, because SAML will be higher on our prio list then open-id, because of SUSE policy .... 2020-05-14T08:19:52 adrianS: probably not a lot, we will most likely need openidc more than saml 2020-05-14T08:20:25 oid and oidc seem to be the much more needed parts 2020-05-14T10:27:10 adrianS: we would probably like to have a proxy or openidc metadata to start setting up forums for example though, since we got a dump and want to launch it at the beginning of the next week if not this week 2020-05-14T10:27:28 we did test with both so it really doesn't matter which one 2020-05-14T11:19:55 *** Eighth_Doctor is now known as Conan_Kudo 2020-05-14T11:20:31 *** Conan_Kudo is now known as Eighth_Doctor 2020-05-14T12:13:45 adrianS: our system supports oidc, oid, and saml2, though we prefer oidc because it's not a pain to manage (JWT auth vs PKI auth) 2020-05-14T13:11:26 -heroes-bot- PROBLEM: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS CRITICAL: DB postgres total locks: 52 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-14T13:20:02 as you mention authentication, openQA uses openID with provider https://www.opensuse.org/openid/user/ . So far my assumption still is that we do not need to change anything in this regard. anyone wants to confirm or deny? 2020-05-14T13:21:26 -heroes-bot- RECOVERY: PSQL locks on mirrordb1.infra.opensuse.org - POSTGRES_LOCKS OK: DB postgres total=47 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=mirrordb1.infra.opensuse.org&service=PSQL%20locks 2020-05-14T13:23:22 okurz: the right person to ask would be jdsn or bmwiedemann since afaik they have been working on getting openid supported 2020-05-14T13:24:00 persons* 2020-05-14T14:04:35 lcp: you want a login proxy for forums ? 2020-05-14T14:05:10 lars or me can set this up .... if you can tell us the host where we should forward to 2020-05-14T14:05:50 lcp: regarding open id you need to ask bmwiedemann 2020-05-14T14:08:37 adrianS: well, https://forums-nbg.opensuse.org is the current setup of forums in nbg 2020-05-14T14:09:55 that's from http://forum.infra.opensuse.org 2020-05-14T14:10:23 k, we can just forward it there .... which public host name should we configure? 2020-05-14T14:11:04 forums.opensuse.org so we can test with a faked DNS entry? 2020-05-14T14:11:54 sure 2020-05-14T14:30:42 hellcp: are you here? 2020-05-14T14:31:09 lcp: ? 2020-05-14T14:45:08 pjessen: yeah, sorry, I had to take care of news-o-o issue 2020-05-14T14:45:16 no prob. 2020-05-14T14:45:34 lcp: didn't really need you after all 2020-05-14T14:46:09 alright 2020-05-14T14:46:31 will later though - need to set a password for a forums user 2020-05-14T14:48:14 alright 2020-05-14T14:49:33 lcp: actually might as well get it done. Userid is "forumsadmin", can you set a new password ? 2020-05-14T14:53:09 pjessen: idk if I can still login, since the new db probably overwrote the old password knurpht set for me in admincp 2020-05-14T14:53:32 i just tried with the old passwd, didnt work 2020-05-14T14:53:41 it would probably be easier to ask either knurpht or malcolmlewis to do it after you make them admin in include/config.php 2020-05-14T14:54:29 but dont the forums use the new sso scheme? 2020-05-14T14:55:03 not yet 2020-05-14T14:55:07 aha 2020-05-14T14:55:20 so the old admin password should really work. 2020-05-14T14:55:30 okay, never mind 2020-05-14T14:56:05 lcp: You should be able to test with this in your /etc/hosts now: 2020-05-14T14:56:07 195.135.221.161 forums.opensuse.org 2020-05-14T14:56:11 not to mention, login to admincp and modcp are independent of the login system for the rest of the users 2020-05-14T14:56:17 and using your new password of course 2020-05-14T14:56:31 adrianS: alright, let me see 2020-05-14T14:58:17 adrianS: yup, works with the new password, perfect 2020-05-14T14:58:39 I would just object it looks like the old proxy so it's gonna be confusing but otherwise it's perfect 2020-05-14T14:58:59 so all what it needs is the DNS change then to make it productive 2020-05-14T14:59:18 adrianS: yep, I've just sent email about that. 2020-05-14T14:59:51 pjessen: the DNS change? 2020-05-14T15:00:02 you should mention the new authentifciation system then on the front page ... 2020-05-14T15:00:18 in large big red blinking letters :) 2020-05-14T15:00:22 adrianS: yes, I suggested we update DNS - not sure if I have the access myself 2020-05-14T15:00:55 the point is, the DNS switch will also lead to the switch of the authentification system 2020-05-14T15:01:07 what is good, but people need to aber of 2020-05-14T15:01:13 aware 2020-05-14T15:02:09 ah, okay. as long as the forums are in read-only, I guess have some time to prepare people? 2020-05-14T15:08:23 they still should be "read-only" (even though technically people still could write to some forums) 2020-05-14T15:10:06 lcp: yep, they are. 2020-05-14T15:11:17 adrianS: I wouldn't mind if the forums also got to use the template from https://build.opensuse.org/ICSLogin/auth-up for some disambiguation ;) 2020-05-14T15:13:25 malcolmlewis: this is also a note to you then to add an alert to forums-nbg.opensuse.org about the new system 2020-05-14T17:10:05 lcp: you're an admin again, password the same I already gave you. You can only use the admincp login since the old ics_login script was imported as well. 2020-05-14T17:12:16 yep 2020-05-14T17:13:43 I tried logging in as forumsadmin, with the password Kim gave me, didn't work 2020-05-14T17:14:04 not that it matters, I don't need the access. 2020-05-14T17:15:24 pjessen: did you use the admincp login? 2020-05-14T17:15:56 knurpht: ah, no - good point. thanks for reminding me. 2020-05-14T17:16:30 it was two months ago, a different age, pre-corona 2020-05-14T17:17:59 knurpht: I have to go and make dinner in a little bit, but what are we doing wrt the change of auth system? 2020-05-14T17:19:37 well, considering we have a chance to use the new system, we probably should 2020-05-14T17:19:49 otherwise we will have to do another change later ;) 2020-05-14T17:21:37 lcp: completely agree. what sort of preparations do we need, that's my question. 2020-05-14T17:21:39 lcp: I agree. Any idea how much time that would take? 2020-05-14T17:22:20 well, it is setup already, if you add `195.135.221.161 forums.opensuse.org` in your /etc/hosts you can access the forums with that login proxy 2020-05-14T17:23:06 lcp: is that meant for me? 2020-05-14T17:23:38 for both of you 2020-05-14T17:24:03 you asked two questions with the same answer ;) 2020-05-14T17:24:40 so it's just a matter of somebody with access to dns to switch us over to there 2020-05-14T17:25:13 right - but I want to make sure the forums users know 2020-05-14T17:25:39 I am actually modifying a notice about read only to reflect that 2020-05-14T17:25:40 know what to do. 2020-05-14T17:25:50 lcp: cool 2020-05-14T17:28:41 I don't think I have the access to the DNS, but I'm sure Lars or Christian will oblige. lets do it tomorrow morning ? 2020-05-14T17:31:50 lcp: added 195.135.221.161 forums.opensuse.org to /etc/hosts, seems to work 2020-05-14T17:32:52 excellent 2020-05-14T17:33:12 please have a look if you see the notification about the auth system when you aren't logged in 2020-05-14T17:35:04 pjessen: fine with me 2020-05-14T17:36:56 kl_eisbaer: I would ask to remove forums-nbg.opensuse.org from the proxy then, since because it uses the old auth it might be a bad idea to keep it up ;) 2020-05-14T17:37:33 and we will switch over to the new forums tomorrow morning 2020-05-14T17:47:31 FYI: tomorrow I can only offer some time in the evening (I'll be away over the day), so if you want to switch over in the morning, you'll need someone else to do it 2020-05-14T17:48:04 (or I can do it somewhen in the next ~4 hours if you want that) 2020-05-14T17:57:29 lcp: I see the auth system notification 2020-05-14T17:58:30 lcp: can do - but I'm on the way out already: too much to do, to much chaos in my brain.... - so I hope it's ok to do this tomorrow? 2020-05-14T17:59:58 sure 2020-05-14T18:00:07 thanks - have a nice evening.. 2020-05-14T18:00:12 kl_eisbaer: you too 2020-05-14T18:32:36 cboltz: if pjessen, knurpht and malcolmlewis will all be here to handle issues, we could do it earlier 2020-05-14T18:34:58 lcp: I'm here this evening 2020-05-14T19:30:00 -heroes-bot- PROBLEM: NRPE on olaf.infra.opensuse.org - CHECK_NRPE: Error - Could not connect to 192.168.47.17. Check system logs on 192.168.47.17 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE 2020-05-14T19:39:59 -heroes-bot- RECOVERY: NRPE on olaf.infra.opensuse.org - NRPE v3.2.1 ; See https://monitor.opensuse.org/icinga/cgi-bin/extinfo.cgi?type=2&host=olaf.infra.opensuse.org&service=NRPE