2020-11-25T03:44:07 *** okurz_ is now known as okurz 2020-11-25T08:10:24 *** ldevulder_ is now known as ldevulder 2020-11-25T09:02:58 Hi. 2020-11-25T09:03:56 ns3 still reports the wrong IP for meet.opensuse.org and my freeipa account is not working anymore.. 2020-11-25T09:11:41 yep, looks like ns3 has not cought up yet, the soa serial says 2020023072 2020-11-25T09:11:59 ns1 and ns2 say 2020023080 2020-11-25T09:12:09 I don't know who is working on this 2020-11-25T09:12:41 hello team, any plans to put limesurvey back online? https://survey.opensuse.org/admin 2020-11-25T09:12:51 we have a review meeting for survey results in about an hour 2020-11-25T09:13:24 https://survey.opensuse.org/admin returns 503 2020-11-25T09:25:59 hmm, I can't even log in to limesurvey 2020-11-25T09:26:58 pjessen, can you try restarting it? 2020-11-25T09:27:07 pjessen, I think I've seen temp. results on Thursday 2020-11-25T09:27:19 but I'm not sure if service was online on Friday as I had already vacation 2020-11-25T09:32:04 lkocman: no, I don't have access to that side. 2020-11-25T09:46:22 hello there, in our Salt we have this line in `pillar/common.sls`: 2020-11-25T09:46:31 58 AuthorizedKeysCommand: /usr/local/bin/fetch_freeipa_ldap_sshpubkey.sh 2020-11-25T09:46:52 does that get applied to all machines? Even the ones in QSC? 2020-11-25T09:48:35 because we lost the VPN with QSC, and, we let a "safe option" that allows TCP/22 from SUSE Public IPs, the problem is that I can't login there anymore, probably due to this 2020-11-25T10:01:17 oh, and we need that access to slimhat so we can fix this DNS issue you listed above 2020-11-25T10:05:48 klein: is ns3 == widehat ? 2020-11-25T10:09:08 I guess not, but it's in the same network range. from widehat I get a password prompt on slimhat, but I don't have access 2020-11-25T10:22:12 I had access in the past to both, I can access widehat, but not slimhat 2020-11-25T10:22:24 and, I didn't have found any dns service on whidehat 2020-11-25T10:22:45 I was told that some virtual machines was crated on slimhat, ns3 is one of them 2020-11-25T10:23:12 but I am not sure, I was not involved in the creation of it, just found some salt code saying that slimhat is indeed a virt_cluster 2020-11-25T10:24:30 *** Martchus_ is now known as Martchus 2020-11-25T10:34:46 klein: ditto, access to widehat, but not to slimhat. 2020-11-25T10:47:54 and the thing is... I had access to slimhat in the past, at that timeframe when we had the disk space problems in whidehat 2020-11-25T10:48:54 not sure what happened 2020-11-25T10:50:53 who else was involved back then - bmwiedemann ? 2020-11-25T10:51:03 lars 2020-11-25T10:51:16 ah 2020-11-25T11:19:48 we are working on it 2020-11-25T11:21:21 darix, thank you! 2020-11-25T11:40:05 pjessen: gsoc-mentors is a spam fest 2020-11-25T11:40:31 osc ls openSUSE:infrastructure:matrix matrix-synapse 2020-11-25T11:40:33 pjessen: anything you can do? 2020-11-25T11:40:42 lcp: you really do not want to lock the revision there 2020-11-25T11:40:49 you missed tons of CVEs so far 2020-11-25T11:41:17 for things that aren't in factory (except for resteasy) 2020-11-25T11:41:45 I was planning to update resteasy soon though 2020-11-25T11:42:00 lcp: but a warning you will need to linkpac some python modules to update it 2020-11-25T11:42:16 mhm 2020-11-25T11:42:35 oh, you mean in matrix 2020-11-25T11:42:43 yeah, that's a nightmare to maintain >:D 2020-11-25T11:42:59 why not use the package from network:messaging:matrix? 2020-11-25T11:43:17 actually maintaining matrix-synapse is super easy 2020-11-25T11:43:26 (speaking as the someone who did it for the last few releases) 2020-11-25T11:43:43 yeah, pulling in more deps every time the package is updated isn't 2020-11-25T11:43:59 kinda wish we could just have microos vm for it 2020-11-25T11:44:16 lcp: if you have k8s or so 2020-11-25T11:44:26 there is container for synapse in home:darix:apps 2020-11-25T11:44:28 that you could use 2020-11-25T11:45:04 matrix isn't locked on a revision though 2020-11-25T11:45:12 it's just not building because of missing deps 2020-11-25T11:45:26 lcp: osc ls openSUSE:infrastructure:matrix matrix-synapse 2020-11-25T11:45:28 says 2020-11-25T11:45:39 meet2.opensuse.org does not respond to IPv6. 2020-11-25T11:45:40 matrix-synapse-1.10.0.obscpio 2020-11-25T11:45:53 while we are at 1.23.0 2020-11-25T11:46:08 bmwiedemann: we can fix that after you or jdsn help us to get onto slimhat 2020-11-25T11:46:11 deal? 2020-11-25T11:46:21 darix: https://build.opensuse.org/package/show/openSUSE:infrastructure:matrix/matrix-synapse says a different story 2020-11-25T11:46:26 so osc is drunk or something 2020-11-25T11:46:40 https://build.opensuse.org/package/show/openSUSE:infrastructure:matrix/matrix-synapse?expand=0 2020-11-25T11:46:55 maybe someone copied in old sources and then set the link? 2020-11-25T11:47:18 eh, I will just remove it and rebranch 2020-11-25T11:48:20 not like it matters, I believe we are on way newer version of synapse than 1.10 2020-11-25T11:48:22 jfyi for 15.2 the package builds in the devel project 2020-11-25T11:48:28 ok 2020-11-25T11:48:34 1.23 fixed another CVE 2020-11-25T11:48:42 for which it seems they just published the details 2020-11-25T11:48:50 darix: I can ssh to slimhat, but it does not accept the root PW 2020-11-25T11:48:59 yeah, I will get everything updated today 2020-11-25T11:50:34 bmwiedemann: so you can not ;) 2020-11-25T11:58:50 lcp: that riot-web package in network:messaging:matrix is yours no? 2020-11-25T11:59:14 yeah, I also didn't update that for a while 2020-11-25T12:00:17 the default.d dir for nginx is not the normal suse thing 2020-11-25T12:00:37 yup, also aware of that 2020-11-25T12:00:47 I could just submit my riot-web package over yours :) 2020-11-25T12:00:50 that is up2date 2020-11-25T12:01:08 should I put the riot-web config into /etc/nginx/vhosts.d/ ? 2020-11-25T12:01:52 oh i need to do the config to /etc/ part too then I guess 2020-11-25T12:02:02 + updating apparmor profile for it 2020-11-25T12:02:50 eh, I find putting default config in vhosts.d isn't ideal, but it's not like there are any other choices 2020-11-25T12:03:20 lcp: if the vhost doesnt match in server_name it doesnt really matter 2020-11-25T12:03:30 true 2020-11-25T12:03:41 it's also a subpackage, so it matters even less 2020-11-25T12:04:57 I will merge in the config stuff + your nginx vhost config later and then submit it to the devel project 2020-11-25T12:06:44 thanks 2020-11-25T12:07:21 i will kill your changes though :P 2020-11-25T12:07:33 mine has more details 2020-11-25T12:09:24 FWIW: There is a working routing vpn to provo now 2020-11-25T12:10:04 the hosts which do not use 47.254 need some extra routes in their routing table now. but in general it works. 2020-11-25T12:22:39 henne: will check 2020-11-25T12:33:57 henne: none of those should have gotten through, they should all have been moderated. weird 2020-11-25T12:50:15 did you migrate spam settings? 2020-11-25T12:54:58 review@ was the only source of spam for me this morning 2020-11-25T12:55:12 I should really show you rspamd :P 2020-11-25T13:29:54 henne: probably wasnt really needed, we reject spam on the mail server 2020-11-25T13:42:00 darix: rewiew and gsoc-mentors had just about the same spam. from non-members so it should not have gotten through. 2020-11-25T13:42:44 well gsoc-mentors is an open list. anyone can post to it 2020-11-25T13:47:25 not as far I can see in the mm3 settings. it was one setting that was not migrated 2020-11-25T13:48:01 alright 2020-11-25T13:48:33 there isn't any real traffic on it anymore anyway... 2020-11-25T13:49:06 well, looks like maybe it was in fact made open .... I dunno if lcp maybe opened it later 2020-11-25T13:49:58 review@ should also be open too 2020-11-25T13:51:13 darix: yes, it is too - my test messages just went through. 2020-11-25T13:52:21 well, as for the spam, spamassassin didn't catch it, not enough points. 2020-11-25T13:52:51 pjessen: if you want we can do some jitsi session another day where I show you my rspamd setup 2020-11-25T13:57:21 darix: if your setup caught some of those spam, I'll borrow your rule set :-) 2020-11-25T13:57:30 lcp: are you here? 2020-11-25T13:59:21 pjessen: i do not filter things again that come to my suse address :) 2020-11-25T13:59:25 this one is my private setup 2020-11-25T14:03:32 is there a reason this does not work for opensuse but for other distros? sudo virt-install --install opensuse42.3 --video virtio --network bridge:br0 --unattended --noautoconsole 2020-11-25T14:03:59 this works like a charm: sudo virt-install --install fedora31 --video virtio --network bridge:br0 --unattended --noautoconsole 2020-11-25T14:04:12 same for ubuntu. 2020-11-25T14:04:29 hows is opensuse... --- so that is a bit embarrasing? 2020-11-25T14:04:45 tangarora: can you tell us the exact error? 2020-11-25T14:05:17 darix: ERROR OS 'opensuse42.3' does not have a URL location 2020-11-25T14:05:37 so which distro are you running on there? 2020-11-25T14:05:44 it might depend on the libvirt version you have 2020-11-25T14:05:58 i would also like to point out that 42.3 is EOL 2020-11-25T14:06:00 do not use it 2020-11-25T14:07:23 seems like there is a url accoding to osinfo: opensuse42.3 | openSUSE Leap 42.3 | 42.3 | http://opensuse.org/opensuse/42.3 2020-11-25T14:08:10 Operating System: openSUSE Leap 15.2 2020-11-25T14:08:26 hostnamectl 2020-11-25T14:09:03 wait let me try something' 2020-11-25T14:10:20 ok 15 works... seems like th ehigher numbers are actually lower versions... 2020-11-25T14:10:58 yes in this case 2020-11-25T14:11:01 you want 15.2 as latest stable 2020-11-25T14:39:01 hey heroes what do you think about this? https://smallstep.com/blog/use-ssh-certificates/ 2020-11-25T14:51:04 you could use id.opensuse.org to authenticate for it 2020-11-25T14:51:13 or freeipa + another ipsilon 2020-11-25T15:03:40 looks good... if you have bought a cert... so for or its ok 2020-11-25T15:04:54 how do you get an id at id.opensuse.com? 2020-11-25T15:12:06 it is your normal opensuse account 2020-11-25T15:58:22 pjessen: still there? 2020-11-25T16:07:01 pjessen: I am here now :P 2020-11-25T16:08:09 darix: there really are no benefits over using freeipa 2020-11-25T16:08:17 yes there are 2020-11-25T16:08:41 but no time right now to explain why 2020-11-25T16:57:36 i'm back now 2020-11-25T16:58:46 JFYI: 2020-11-25T16:58:57 wireguard connection also up to slimhat 2020-11-25T16:59:01 but no routing via that yet 2020-11-25T16:59:19 darix: tnx 2020-11-25T17:00:04 lcp: fyi, as a work-around, i have rerouted $list-bounces@o.o to $list-bounces@lists.o.o - hopefully that'll get the bounce processing to work. 2020-11-25T17:00:26 yeah, I've seen it on progress 2020-11-25T17:00:38 and ns3 is up2date again 2020-11-25T17:01:10 lcp: ah, okay 2020-11-25T17:05:14 lcp pjessen: how much do you want to keep appending the footer and rewriting the subject? 2020-11-25T17:09:39 pjessen: background is that opensuse ML remove dkim signatures of mails with header From: *@suse.com and our IT wants to enforce all @suse.com mails having a dkim signature 2020-11-25T17:15:02 ok wireguard to provo now independent of openvpn 2020-11-25T17:20:51 jdsn: yes, I have noticed that - I think it is the mailman "dmarc mitigation". 2020-11-25T17:21:47 pjessen: can you turn off that it basically does not modify mails anymore? 2020-11-25T17:21:49 I would like to play with removing signature, but I have been unable to make it work, on .e.g bugs@lists and admin@lists. 2020-11-25T17:22:21 darix: lcp mioght have an idea 2020-11-25T17:23:08 the other option is rewriting all the from headers 2020-11-25T17:23:28 darix: yeah, but that is a no-go. 2020-11-25T17:23:30 to something like encoded_original_from-listname@opensuse.org 2020-11-25T17:23:39 well 2020-11-25T17:23:51 then do not modify the mails at all :P 2020-11-25T17:23:54 we seem to have a standard set of footers which we should be able to override per list. I have tried overriding them with , but didn work 2020-11-25T17:24:07 but it didnt work 2020-11-25T17:29:35 is the provo-ns VM offline? 2020-11-25T17:32:43 it's specified at https://github.com/openSUSE/lists-o-o/tree/master/mailman-templates/site/en to be precise, we probably need to remove them from there and set it on every list that should have footers in postorius 2020-11-25T17:41:18 I tried overriding it for bugs.lists, but it doesn't work 2020-11-25T17:46:27 lcp: do you know if we are using the DMARC Mitigations anywhere at all? 2020-11-25T17:47:28 not sure 2020-11-25T17:47:52 on e.g. factory.lists they are not enabled, yet there are no DKIM signatures when messages from suse.com are distributed. 2020-11-25T18:32:01 I suspect it does something with dkim anyway, even when disabled 2020-11-25T18:33:42 thats what it looks like, yeah 2020-11-25T19:31:19 lcp: just tested it, my DKIM sig was stripped off a mail I sent to test.lists. 2020-11-25T21:56:55 JFYI 2020-11-25T21:56:59 quick restart for openvpn 2020-11-25T21:57:06 to help with some device naming 2020-11-25T21:58:27 done 2020-11-25T23:40:43 Hi. Where can I report a problem with Brazil's mirrors for downloading the install media? 2020-11-25T23:45:07 either contact the admin of the mirror directly (if you know a mail address), or send a mail to admin AT opensuse.org and pjessen will check what's going on 2020-11-25T23:46:07 OK, thanks