#staff | Logs for 2024-05-08
« return
[00:20:00] <sylvester> 2024-05-08 02:20:00 �03soylentnews OK HTTPS Certificate soylentnews.org�00 OK - Certificate *.soylentnews.org will expire on Mon 05 Aug 2024 10:16:15 AM GMT +0000.
[02:48:54] <chromas> Woohoo
[10:20:51] <fab23> since almost 24 hours the packet loss to www.soy is gone, see https://smokeping.home4u.ch
[10:31:20] <janrinok> Sorry, I am being a bit dim - so you mean that there is no longer a packet loss, or that there is now no connection to that URL?
[10:36:13] <fab23> janrinok: no packet loss any more to www.soy with IPv6
[10:37:02] <fab23> some magic or nc did do something during the certificate update
[10:56:37] <sylvester> 2024-05-08 12:56:37 �04mail.soylentnews CRITICAL SMTP Submission Certificate�00 CRITICAL - Certificate *.soylentnews.org expired on Sun 05 May 2024 03:53:45 AM GMT +0000.
[11:09:23] <fab23> I guess the smtpd (probably Postfix) may also need a reload / restart to pickup the new cert.
[11:16:47] <janrinok> is the email still not working?
[13:22:02] <fab23> janrinok: between mail servers even with invalid / expired SSL/TLS certificate the communication still works
[13:24:10] <fab23> janrinok: for the SMTP Submission your mail client may complain with the expired cert
[13:26:15] <fab23> janrinok: SMTP Submission is port 587 (could be used with plaintext, if auth is allowed that way, or the client needs to initiate SSL/TLS with the STARTTLS command).
[15:04:18] <janrinok> fab23, I have emailed NCommander to request that he either grant me access or to restart Postfix.
[15:05:47] <fab23> janrinok: ah thx, maybe IRC as well, but the cert checks are not that often
[15:07:32] <fab23> janrinok: irc was last checked on 2024-05-08 12:54:11 (CEST) and still expired
[15:08:36] <fab23> notification is only every 25 hours
[15:09:48] <fab23> as long as the state did not change, in case of error state the check happens ever 12.5 hours
[15:09:54] <janrinok> I don't think that NCommander will be amenable to picking up the sys-admin role for us again. I think it might be something that we have to fix for ourselves.
[15:10:30] <fab23> I also think so, but for the moment he is the only one able to do something
[15:19:16] <janrinok> He has an alternative - close the site down. He is only keeping it open so that we can get ourselves in a position to take over. And that isn't going too well at the moment. There is a docker file in the git Rehash repo and, if I can get it to build, then we will have the basis of a working system.
[15:19:53] <janrinok> Running a docker container is better than not having a site at all. That is what I am currently working on today.
[15:20:23] <janrinok> ....not with much success so far.
[15:25:15] <fab23> janrinok: I am also lacking expericence with docker, did once looking into something as a workaround for something python based which started to fail on my FreeBSD server, in the end I fixed it on FreeBSD :)
[15:26:31] <fab23> as far as I understand it, the internet facing services in a docker are most often on a different port on a host-internal network and you need to have a reverse proxy to serve it to the public internet
[15:27:58] <fab23> and you also need to have a solution for permanent storage outside of the docker, e.g. for database and other data
[15:29:28] <fab23> Docker is only one solution to all the container stuff which could be done, on Linux there are also other things like lxc or on FreeBSD jails.
[15:39:36] <janrinok> Yes - but I am just trying to get a working server
[15:42:10] <fab23> janrinok: I have not looked into it, but maybe you also need to provide a database independed of the docker image, and probably at least setup the tables as needed.
[15:44:04] <janrinok> Yes, I know that bit. But we can get that as part of the transfer of assets. There is no point in moving forward if we cannot get a working server. Fliptop is also working on this issue.
[15:46:54] <fab23> Depending on how things are setup at Linode (e.g. everything for SN on a dedicated accoount), it could even be, that this could transfer to the new entity.
[15:47:51] <fab23> so for a start the existing infra can be used, with full access, so it would be easier to tranfer everything to new infra.
[15:54:02] <janrinok> There are others looking at various options. You get what you pay for but you also have to pay for what you get. KISS is what I am aiming for.
[15:55:35] <janrinok> The existing infra is causing us some problems. While I would love to simply assume control of it I don't want us to be paying for something that we cannot manage easily. It sounds to me as if the current system is overly complicated for our current needs.
[16:01:30] <fab23> As far as I have understood, it was even more complicated in the past, now it may be simpler (less systems) but in an undocumented state.
[17:13:27] <janrinok> I've just had a 2nd failure while trying to build the docker image of container for Rehash. It seems that one of the files that it needs to download is no longer found at the URL given so the build just fails.
[17:14:31] <janrinok> It would be a shame if it is lost for good because the docker container is/was looking like a promising option. Lets see if anyone can fix it.
[17:56:33] -!- kolie has quit [Changing host]
[17:56:33] -!- kolie [kolie!~kolie@Soylent/Staff/Management/kolie] has joined #staff
[19:18:46] -!- drussell has quit [Ping timeout: 252 seconds]
[19:19:27] -!- drussell [drussell!~drussell@a4627691kd3g1a0z4.wk.shawcable.net] has joined #staff
[19:20:17] <kolie> The current system isnt complex, its just a lot of undocumented shit hand installed.
[19:20:45] <kolie> The stuff that was really complex, got simplified, which caused the initial loss of some features.
[19:21:13] <kolie> But basically runs without touching except for the ssl, but its not in any way a recommended archtiecture or very clean.
[19:21:40] <kolie> The docker stuff on the dev system is well documented and basically follows best practices for all the services and dev ops shit.
[19:21:41] <janrinok> ..... still compiling
[19:21:50] <kolie> yea rehash is a time sink to build.
[19:22:02] <kolie> Trying to get most of the steps cached.
[19:22:19] <kolie> Theres development time, or a trade of for portability.
[19:22:47] <kolie> I think we chose portability which is kind of amusing but yea.
[19:22:50] <janrinok> I was going to say, if only the cpan elements can be precompiled it would make a big difference
[19:23:11] <kolie> Docker stages can be cached depending on how its written.
[19:23:26] <kolie> So you build heavy once, and after that its all fetch existing image.
[19:23:42] <kolie> And if you have a long but stable component, that can be its own image, which you then base other things on top of.
[19:23:50] <janrinok> SUCCESSFUL BUILD!
[19:24:05] <kolie> Yea, that was a lot of effort to get that, its nice that we did that work so its easy for you.
[19:24:16] <kolie> Because it took a perl beard before to get it off the ground.
[19:24:35] <janrinok> I got to sort out the mysql bit now
[19:24:55] <janrinok> but that's a job for tomorrow as it is past my bedtime!
[19:25:37] <janrinok> thanks for your help. Don't forget to make the same change to the git repo please.
[19:37:08] <kolie> https://drive.google.com
[19:37:19] <kolie> self hosted rehash docker compose.
[19:37:37] <kolie> pulled it from staging
[19:38:42] <janrinok> It wants me to log into Google - sorry, but that is not for me :)
[19:39:14] <kolie> https://drive.google.com
[19:39:28] <kolie> doesnt require login.
[19:40:52] <kolie> this doesnt have the frontend, I recommend traefik, of which there is also compose files, again all of this is on the dev system for whoever needs or cares about it.
[19:40:52] <fab23> yep, works without Google login
[19:44:10] <kolie> https://drive.google.com traefik scripts
[19:51:54] <janrinok> It won't download for me...
[19:52:39] <janrinok> I get a message that they are having 'difficulties' - I'll try again later
[19:52:44] <janrinok> g'night all
[20:03:11] <fab23> janrinok: when I just tried to d/l the rehash.tar.gz it took a while but then downloaded just fine. Maybe Google needed a while until it was available from the European end point.