2020-10-28T03:35:07  *** okurz_ is now known as okurz
2020-10-28T08:16:38  *** ldevulder_ is now known as ldevulder
2020-10-28T09:20:55  <lkocman> Hello team, one question. Do we explicitly allow REST access to progress.opensuse.org only to specific users? I'd like to create tasks for 15.3 but I'm getting authentication failure while trying to connect via rest
2020-10-28T09:21:08  <lkocman> Same user/password works via browser
2020-10-28T09:21:35  <lkocman> and tool works just fine with local redmine container (where my user has rest api access enabled)
2020-10-28T09:25:48  <cboltz> tuanpembual: ^^^^ - any idea?
2020-10-28T09:27:01  <tuanpembual> hi Lubos
2020-10-28T09:27:52  <tuanpembual> it is posible, but need enable. can you create a ticket. what you need, example code. etc.
2020-10-28T09:28:01  <tuanpembual> I will try look for it.
2020-10-28T09:28:57  <lkocman> tuanpembual, will do
2020-10-28T09:29:48  <tuanpembual> thanks.
2020-10-28T09:58:26  <lkocman> tuanpembual, email sent to admin@opensuse.org
2020-10-28T10:01:31  <tuanpembual> sure.
2020-10-28T10:01:33  <lcp> cboltz: err, I guess I will need you to do initial setup on pagure01.i.o.o and discourse01.i.o.o
2020-10-28T10:04:41  <lcp> ah, I missed that you mentioned adding ssh key for root
2020-10-28T10:04:42  <lcp> nvm
2020-10-28T11:20:56  <lcp> klein: your gpg key used for encrypting pillars expired :/
2020-10-28T11:39:25  <klein> no, I have extended it
2020-10-28T11:40:57  <klein> gpg --list-keys | grep -A1 F6BC7 | grep -v F6BC7
2020-10-28T11:40:58  <klein> uid           [ultimate] Ricardo Klein (SUSE) <rklein@suse.com>
2020-10-28T11:41:25  <klein> ops, I was trying to show expiration :facepalm:
2020-10-28T11:41:50  <klein> pub   rsa4096 2019-09-17 [SC] [expires: 2021-09-08]
2020-10-28T11:43:19  <klein> lcp: maybe I haven't uploaded it to some specific key server?
2020-10-28T11:53:23  <lcp> good question
2020-10-28T11:54:27  <darix> lcp: just curious will you use the rpm for discourse?
2020-10-28T11:54:52  <lcp> well, I'm not deploying that yet, so idk
2020-10-28T11:55:44  <lcp> (although I do have a build setup on build.o.o, so probably some rpm will end up being used)
2020-10-28T11:56:03  <darix> lcp: home:darix:apps/discourse
2020-10-28T11:56:10  <darix> lcp: examples for plugins are in the same projectr
2020-10-28T11:56:21  <lcp> I've seen it, yeah
2020-10-28T11:56:31  <darix> lcp: being used on https://discuss.pixls.us and also on the chinese forum
2020-10-28T11:56:53  <darix> (run by Marguerite Su )
2020-10-28T11:57:34  <lcp> I'm trying to also make something cross distro since fedora guys were interested
2020-10-28T11:57:36  <lcp> also kde guys
2020-10-28T11:59:12  <darix> well
2020-10-28T11:59:22  <darix> the ruby packaging differs a bit
2020-10-28T11:59:30  <darix> but it could probably be made work on fedora
2020-10-28T11:59:49  <darix> (i dont want to give up the automatic ruby selection via prjconf)
2020-10-28T12:00:31  <darix> i wanted to get that back into upstream gem2rpm but they preferred spec file per ruby version
2020-10-28T12:02:58  <lcp> yeah, sure
2020-10-28T12:11:41  <darix> lcp: if you want a playground to test discourse admin stuff a bit I can give you access to my instance
2020-10-28T12:13:19  <lcp> nah, I already played around with it
2020-10-28T12:13:25  <lcp> and tested migration of the old forums
2020-10-28T12:13:39  <darix> ah ok
2020-10-28T12:13:44  <lcp> there are some blockers though, mainly the email stuff between vb and discourse
2020-10-28T12:13:44  <lkocman> tuanpembual, let me know once I can try it again https://progress.opensuse.org/issues/75451
2020-10-28T12:14:56  <darix> email stuff?
2020-10-28T12:24:39  <lcp> darix: discourse maps users on email, vb maps users on usernames, and assigns emails on first register and never again
2020-10-28T12:25:06  <lcp> so we need to get emails for usernames from the accounts system, and only then are actually able to migrate
2020-10-28T12:25:46  <darix> aha
2020-10-28T12:26:20  <darix> i am sure if you can compile a list of usernames, that bmwiedemann1 can give you back username+email
2020-10-28T12:26:49  <darix> lcp: btw: when you install it also do zypper in discourse-apparmor :D
2020-10-28T12:31:21  <lcp> sorry for the downtime of pgbouncer, apparently the cert setting was wrong :/
2020-10-28T12:31:46  <lcp> that's related to .de and .fr again tho >:D
2020-10-28T12:31:53  <darix> how so?
2020-10-28T12:32:12  * darix cleaned up that hooks.sh with bmwiedemann1 on friday
2020-10-28T12:32:53  <lcp> well, I assume so, because the name of the cert changed from star_opensuse_org_rsa_letsencrypt_fullchain_key_dh.pem to star_opensuse_org_letsencrypt_fullchain_key_dh.pem.rsa
2020-10-28T12:32:58  <lcp> and pg_bouncer.ini had to be updated
2020-10-28T12:33:12  <lcp> and that only broke on restart of the service :P
2020-10-28T12:33:41  <darix> ah
2020-10-28T12:33:47  <darix> tbh
2020-10-28T12:33:55  <darix> for the internal stuff i would always use the ecdsa certs
2020-10-28T12:34:04  <darix> cheaper handshake and crypto
2020-10-28T12:34:26  <darix> rsa is basically just there for old browsers which do not support ecdsa yet
2020-10-28T12:34:27  <lcp> yeah, you might be right, but I just swapped it to the same thing it was using before
2020-10-28T12:49:48  <lkocman> tuanpembual, is it possible that rest is simply disabled? I was looking for some user specific config, but it seems that there is a global switch
2020-10-28T12:50:29  <lkocman> https://progress.opensuse.org/settings?tab=api
2020-10-28T12:52:08  <lcp> pagure01 (pagure01):~ # salt-call state.apply
2020-10-28T12:52:08  <lcp> [ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
2020-10-28T12:52:08  <lcp> Minion failed to authenticate with the master, has the minion key been accepted?
2020-10-28T12:52:14  <lcp> ehh
2020-10-28T12:52:23  <lkocman> meanwhile when I tried to disable rest on my instance I'm getting different error ("resource is forbidden") compared to     raise exceptions.AuthError
2020-10-28T12:52:23  <lkocman> redminelib.exceptions.AuthError: Invalid authentication details
2020-10-28T12:53:37  <cboltz> lcp: salt-key lists   pagure01.infra.opensuse.orgpagure01.infra.opensuse.org   as unaccepted key
2020-10-28T12:54:12  <cboltz> can you pleae fix the name in /etc/salt/minion_id and then restart the minion?
2020-10-28T12:54:52  <lcp> you got it
2020-10-28T12:54:59  <lcp> that's a thing >:D
2020-10-28T12:56:42  <lcp> cboltz: still the same after restart
2020-10-28T13:03:32  <cboltz> yes, of course ;-)
2020-10-28T13:03:43  <cboltz> but this time it's a name I can (and just did) accept
2020-10-28T13:04:24  <cboltz> so it should work now
2020-10-28T13:16:02  <lkocman> tuanpembual, seems like I simply might not have access to some endpoints. Let me see if I can workaround it
2020-10-28T13:21:33  <tuanpembual> Hmm, interesting.
2020-10-28T13:21:34  <lkocman> tuanpembual, I did write an update
2020-10-28T13:21:48  * lcp sent a long message:  < https://matrix.org/_matrix/media/r0/download/matrix.org/jVBATIGePrJNXlfpccfDrNAD/message.txt >
2020-10-28T13:21:50  <lkocman> tuanpembual, so I was able to do all the required actions, but not user/manipulations as I couldn't get api
2020-10-28T13:21:51  <lcp> hmmmm
2020-10-28T13:22:17  <lkocman> tuanpembual, weird. Meanwhile 15.3 progress-o-o setup is done :-)
2020-10-28T13:22:30  <lkocman> tuanpembual, but we'll hit the same issue next time
2020-10-28T13:22:45  <tuanpembual> any suggestion?
2020-10-28T14:02:56  <lkocman> tuanpembual, I'd like to figure out why I can't access the users.filter
2020-10-28T14:03:26  <lkocman> tuanpembual, let me check my instance if there is some user specific permission (we have plenty of time to resolve it)
2020-10-28T14:04:22  <lkocman> tuanpembual, same issue as e.g. https://www.redmine.org/issues/24889
2020-10-28T14:05:06  <lkocman> tuanpembual, or this one https://github.com/maxtepkeev/python-redmine/issues/162
2020-10-28T14:09:51  <lkocman> tuanpembual, there we go "This endpoint requires admin privileges." https://www.redmine.org/projects/redmine/wiki/Rest_Users
2020-10-28T14:10:09  <lkocman> tuanpembual, seems like the only way for me to be able to get userids etc via api is admin privs
2020-10-28T14:15:37  <tuanpembual> can you try again now?
2020-10-28T14:15:58  <lkocman> tuanpembual, let me try again
2020-10-28T14:22:30  <lkocman> tuanpembual, so far no crash let's wait 2 minutes
2020-10-28T14:23:03  <lkocman> tuanpembual, assignment works (you can see it here https://progress.opensuse.org/projects/opensuse-leap-15-3/issues/gantt )
2020-10-28T14:23:08  <lkocman> tuanpembual, thank you sir!
2020-10-28T14:27:19  <tuanpembual> lets add more testing.
2020-10-28T14:27:37  <tuanpembual> i set your account as admin on progress
2020-10-28T19:09:30  <cboltz> lcp: there were some stale gitfs lockfiles on salt-master
2020-10-28T19:09:38  <cboltz> I just removed them, so highstate should work now
2020-10-28T19:32:55  <lcp> ok, thanks
2020-10-28T19:44:25  <lcp> cboltz: any ideas how to do sshd config management with salt?
2020-10-28T19:44:47  <lcp> I need to set a few values and I'm wondering if there's a simple way
2020-10-28T19:45:21  <cboltz> we use openssh-formula, so you should be able to do it by setting the right pillar values
2020-10-28T19:46:47  <cboltz> https://gitlab.infra.opensuse.org/saltstack-formulas/openssh-formula/-/blob/master/pillar.example
2020-10-28T19:54:57  <lcp> cboltz: hm, do I need to add anything to the role for it to work?
2020-10-28T19:56:52  <cboltz> the formula is included via profile/accounts/init.sls (which is part of role/base.sls
2020-10-28T19:56:59  <cboltz> so you really need to set the pillar values
2020-10-28T19:57:21  <lcp> ok, that sounds easier than expected