2018-12-04 #opensuse-admin

[19:50:40] <tampakrap> I'll be a bit late to the meeting
[19:52:09] <pjessen> okay
[19:56:50] <lcp> ah, another meeting >:D
[19:59:30] <pjessen> hello
[20:02:20] <pjessen> who else is here?
[20:02:28] * cboltz waves
[20:03:08] <pjessen> ah, on the back row.
[20:05:20] <cboltz> should we start the meeting? We could at least do the Q&A until tampakrap is back
[20:06:12] <pjessen> yes lets get started.
[20:06:28] <cboltz> ok, then welcome to the heroes meeting ;-)
[20:06:33] <lcp> hello
[20:06:48] <cboltz> the topics are on https://progress.opensuse.org/issues/43460 - but we can always add something
[20:07:07] <cboltz> let's start with Q&A - does someone from the community have questions?
[20:07:27] <lcp> I do, but it's a long one :/
[20:07:34] <pjessen> lets have it
[20:07:51] <tampakrap> i'm back, hello everybody
[20:07:53] <lcp> this issue: https://github.com/openSUSE/static.opensuse.org/issues/1
[20:08:03] <lcp> it's a long question
[20:08:51] <cboltz> right, the "unused stuff" on static.o.o
[20:09:27] <cboltz> you already know my opinion that it's "probably unused stuff", and that IMHO cleaning it up is not really worth the time
[20:09:45] <cboltz> but if someone has a different opinion, I won't insist on that ;-)
[20:09:59] <lcp> it isn't, but on the other hand, not everything there can function as free ad for us
[20:10:07] <tampakrap> lcp: I can provide you the logs of the past year
[20:10:13] <tampakrap> if they are unused,then remove
[20:10:15] <lcp> that would be great
[20:10:37] <thomic> meh
[20:10:39] <thomic> was gone
[20:10:49] <thomic> https://progress.opensuse.org/issues/44726 < tampakrap cboltz pjessen if you are interested
[20:10:58] <thomic> keyserver.o.o should be "more available" now at least
[20:11:07] <lcp> actually, on the similar topic, is there a way for all the error pages to exist in seperate repo instead of doing repeat of them on all those subdirs in repo?
[20:11:43] <lcp> there's not much point to have to host a lot of the same
[20:12:00] <tampakrap> i'm aware about sks-db frequent crashes, didnt have time to investigate yet
[20:12:20] <thomic> tampakrap: the problem is that people push chunks of bullshit in
[20:12:22] <thomic> and random requests
[20:12:31] <thomic> it's the problem of sks
[20:12:38] <thomic> it was big discussed on the ML
[20:12:47] <thomic> all users of SKS are facing those issues since weeks
[20:12:52] <thomic> lcp: not that i know of
[20:13:00] <cboltz> thomic: just curious - which file did you edit?
[20:13:22] <thomic> cboltz: ah sorry /usr/lib/systemd/system/sks-db + samepath/sks-recon
[20:13:37] <thomic> if somebody is happy
[20:13:45] <thomic> apply those changes to the package :D
[20:13:48] <thomic> i'm unhappy atm
[20:13:49] <tampakrap> understood
[20:13:49] <thomic> :)
[20:13:53] <cboltz> you know that overrides should go into /etc/systemd/system/ ? ;-)
[20:14:03] <thomic> cboltz: well *YOLO*
[20:14:20] <thomic> you didn't forbid me that with your apparmor rule ;)
[20:14:42] <thomic> it's a nasty quickfix
[20:14:55] <thomic> but i don't see atm the software quality improving
[20:14:58] <thomic> i asked for filtering
[20:15:01] <thomic> i asked for more info
[20:15:05] <thomic> the project is stuck
[20:15:18] <thomic> and it seems that people start thinking of "no longer having public gpg servers"
[20:15:27] <thomic> instead using private-based stuff like keybase.io
[20:15:33] <thomic> so gated-communities
[20:15:36] <thomic> i'm not a fan of this
[20:15:49] <tampakrap> do you have a link of that ml discussion?
[20:16:13] <lcp> thomic: you can selfhost keybase, can't you?
[20:17:18] <thomic> lcp: well than still it stays a gated community
[20:17:23] <thomic> and i cant see others' keys
[20:17:28] <thomic> which i need to encrypt
[20:17:41] <thomic> tampakrap: well it's basically following - 1sec links follows
[20:18:40] <tampakrap> nice
[20:18:50] <tampakrap> that sucks big time
[20:19:11] <tampakrap> and i was really curious why it suddenly started crashing
[20:19:49] <tampakrap> i even tripled its cpu/ram and it continued crashing
[20:22:30] <tampakrap> can we move on?
[20:22:34] <cboltz> so at least it now crashes faster and better ;-)
[20:22:42] <cboltz> yes
[20:22:42] <tampakrap> true
[20:22:50] <thomic> fuck
[20:22:54] <thomic> i just had a linklist
[20:23:02] <thomic> and paste.o.o replied with "you are a spammer"
[20:23:03] <thomic> kthx
[20:23:04] <thomic> :(
[20:24:04] <cboltz> the "back" function of your browser should help to get the link list back
[20:24:15] <thomic> nope
[20:24:19] <thomic> it was empty than
[20:24:22] <thomic> the input field :)
[20:24:25] <thomic> dont ask me why
[20:24:27] <cboltz> :-(
[20:25:51] <cboltz> since we already slided into status reports - does someone have more status reports?
[20:26:57] <pjessen> not much to report. have not had much time other than for the regular stuff
[20:27:16] <cboltz> one report from me - I made the "mistake" to install the pending updates on monitor.o.o ~2 weeks ago
[20:27:23] <cboltz> (didn't work automatically because of a conflict)
[20:27:42] <cboltz> the result were lots of conflicting files in the icinga config
[20:28:09] <tampakrap> I updated elsa on leap15
[20:28:14] <tampakrap> anna is still on 42.3
[20:28:33] <thomic> tampakrap cboltz https://pastebin.com/mK9Nwut5
[20:28:33] <tampakrap> I fixed a few issues, but I'd like first to make elsa primary for a few days in case there are more issues
[20:28:37] <thomic> here you go
[20:28:40] <tampakrap> and then move anna as wewll to leap15
[20:28:41] <thomic> with all of the needed links
[20:28:42] <thomic> :)
[20:28:44] <cboltz> I got that fixed by renaming or commenting out "our" custom icinga config, but the monitoring config might now be slightly different than before
[20:29:08] <thomic> it's mostly the gdpr + keyservers + MAGNET URI + attack from raspberry pi possible
[20:29:14] <thomic> that in combined words says - it sucks
[20:29:49] <cboltz> nice[tm]
[20:29:58] <cboltz> nevertheless, thanks for the links!
[20:30:28] <thomic> no problem you're welcome
[20:30:38] <thomic> in one of those, this guy quote my mail to the mailinglist
[20:30:42] <thomic> without even asking me
[20:31:09] <thomic> it's all a firespitting against sks i think
[20:31:16] <thomic> but they are not really willing as well
[20:31:22] <thomic> so i don't know what will happen in future
[20:31:31] <thomic> i just know - it is really bad sit atm
[20:31:56] <tampakrap> cboltz: thomic also found an issue on the check_mk package recently
[20:32:22] <thomic> lol
[20:32:22] <thomic> =)
[20:32:24] <cboltz> ... and I thought finding nasty bugs is my job ;-)
[20:32:27] <thomic> that was a n1 one
[20:32:45] <thomic> check_mk renamed its firewall file from check_mk-service to check_mk
[20:33:00] <thomic> but nobody told SuSEFirewall2 in /etc/sysconfig about it
[20:33:02] <thomic> =)
[20:33:24] <cboltz> I can imagine that this caused some fun ;-)
[20:33:37] <thomic> Error 111 - Connection refused
[20:33:38] <thomic> =)
[20:34:15] <thomic> it's time to migrate to firewalld =)
[20:35:02] <thomic> most of the service files don't exist there - because packagers seem not to care that much about firewalld =) - which puts the blame back to us and our own salt configured service files
[20:35:12] <thomic> which in general - i could support
[20:36:50] <cboltz> well, people are used to SUSEfirewall and, as long as it works, why replace it? ;-)
[20:37:03] <cboltz> note that is the "user view", probably not the "maintainer view"
[20:37:31] <cboltz> (but I have to admit that I prefer sysconfig style over XML config ;-)
[20:37:54] <thomic> i have to say, after using firewalld - it's not completely finished yet - but it has very nice concepts
[20:38:02] <thomic> which take some pain away
[20:38:08] <thomic> and with Leap15 you should use it
[20:39:59] <cboltz> actually - to avoid the XML, https://github.com/saltstack-formulas/firewalld-formula/ could help (just found it, no idea if it works ;-)
[20:42:11] <cboltz> different topic -
[20:42:21] <cboltz> we have pending kernel updates for lots of VMs
[20:42:44] <cboltz> I already updated a few I know, or at least know good enough to know that they survive a reboot
[20:43:02] <cboltz> but I'm not too keen on rebooting machines I never touched before ;-)
[20:44:21] <thomic> so
[20:44:21] <cboltz> does someone who knows those VMs better volunteer to do the kernel updates?
[20:44:33] <thomic> i can help out with that tommorow
[20:44:38] <thomic> but now i need to get to know my bed
[20:44:38] <thomic> =)
[20:45:26] <cboltz> ok, then thanks and good night ;-)
[20:46:00] <thomic> are you around (by any chance) tommorow morning
[20:46:01] <thomic> otherwise
[20:46:09] <thomic> how about thursday afternoon?
[20:46:39] <cboltz> I'm usually available if it's raining or dark ;-)
[20:46:53] <thomic> so full week - :D
[20:46:56] <thomic> it's raining
[20:47:33] <cboltz> it didn't rain today
[20:47:38] <tampakrap> anything urgent?
[20:47:53] <cboltz> but in general, the forecast looks like it will rain more than once this week ;-)
[20:48:08] <tampakrap> anything with public interface would be mostly urgent imho
[20:49:33] <cboltz> check the list in the monitoring - or just assume that everything I didn't touch is waiting for the kernel update ;-)
[20:50:12] <tampakrap> okay
[20:50:18] <cboltz> for public interfaces, candidates are at laanna, baloo,
[20:50:25] <cboltz> err...
[20:50:33] <cboltz> for public interfaces, candidates are at least aanna and baloo,
[20:51:00] <cboltz> but I don't have a full list of machines with public interface in my head
[20:51:11] <tampakrap> okay no worries
[20:51:22] <tampakrap> I might check this week if time permits
[20:52:10] <cboltz> ok, thanks
[20:54:05] <tampakrap> I'd like also to finish the anna/elsa leap15 update as well, so I can move to the daffys
[20:56:19] <tampakrap> so anything else?
[20:56:58] <pjessen> nope
[20:57:21] <pjessen> didn't check the tickets, but ive been wokring a couple
[20:58:01] <tampakrap> I believe we didn't take many after my last cleanup last month
[21:00:25] <tampakrap> cboltz: anything else from your side or can we close?
[21:00:49] <cboltz> IMHO we can close
[21:01:01] <cboltz> so that I don't have to do two meetings in parallel (the board meeting is just starting ;-)
[21:01:11] <tampakrap> cool
[21:01:38] <pjessen> yeah - merry xmas everyone!
[21:02:19] <cboltz> one last question - date of the next meeting
[21:02:51] <cboltz> do you like January 1st, or should we move it by a week?
[21:03:07] <pjessen> maybe postpone until feb?  not much is likely to be done over the holidays I think
[21:03:16] <tampakrap> yes let's postpone please
[21:03:27] <cboltz> ok
[21:03:46] <pjessen> so feb 5
[21:09:17] <tampakrap> perfect
[21:09:29] <tampakrap> thanks everybody, have a nice christmas