#dev | Logs for 2019-03-14
« return
[11:49:52] <TheMightyBuzzard> sure
[11:50:32] <Bytram> Updating certs on SoylentNews servers... starting at 20190314_115014 UTC
[11:50:40] <Bytram> let me connect
[11:50:55] * Bytram loads putty
[11:51:07] <TheMightyBuzzard> okey doke. refresh the howto page as well. i been editing it up until just now.
[11:51:27] <Bytram> oi! will do
[11:51:37] <Bytram> am on boron... need to kinit
[11:51:49] <TheMightyBuzzard> you'll need three terminal windows
[11:52:06] <TheMightyBuzzard> make sure screen is running on all of them before you do anything else
[11:52:35] <TheMightyBuzzard> the second there is bytram-specific cause your connection isn't incredibly reliable.
[11:53:17] <Bytram> 3.1415926535897932384626433832795028841971
[11:53:32] <Bytram> it's pi day!
[11:53:56] <TheMightyBuzzard> heh, poor TR. ima eat pi in front of his keto-diet ass today
[11:54:30] <Bytram> lol
[11:56:27] <Bytram> okay, I have three terminal windows logged into boron (default target server when I login) and have done kinit on all 3
[11:56:36] <TheMightyBuzzard> start screen on all three
[11:56:57] <Bytram> just ran screen on all three
[11:57:09] <TheMightyBuzzard> okey doke, instructions following time
[11:57:10] <Bytram> need to reload your instructions
[11:57:45] <TheMightyBuzzard> two of them need to stay on boron for now in case that's not clear
[11:59:32] * Bytram wishes he had a bigger monitor
[12:00:19] <TheMightyBuzzard> save up for a cheap, big ole TV and hdmi over to it
[12:00:49] <TheMightyBuzzard> or change font sizes
[12:01:03] <Bytram> is what I *am* doing (43" UHD), but my lappy can only drive it at 2200x1200
[12:01:34] <TheMightyBuzzard> higher rez = smaller text. increase font size.
[12:03:39] <Bytram> okay, I have 3 putty cmd windows left-to-right, then below all 3 I have a palemoon window with the instructions (
[12:03:39] <Bytram> https://tech.soylentnews.org ) up on it, and then below that I have this hexchat window with just this channel ( #dev )
[12:04:11] <TheMightyBuzzard> works i spose
[12:04:35] <Bytram> Ima paste the instructions in as I go, prefaced with ">>>"
[12:04:39] <Bytram> >>> as root on boron: open both /etc/bind/db.soylentnews.org and /etc/bind/db.sylnt.us in your text editor of choice. update the serial on both files to YYYYMMDD and two digits for revision number. keep them open.
[12:04:57] <TheMightyBuzzard> nod nod. thas why the two terminals staying open on boron
[12:04:58] <Bytram> so that would be two separate cmd windows?
[12:05:06] <TheMightyBuzzard> #smake Bytram
[12:05:06] * MrPlow smakes Bytram upside the head with a creampie
[12:05:12] <TheMightyBuzzard> this am linux not winders
[12:05:32] <TheMightyBuzzard> cmd windows indeed
[12:05:50] <Bytram> different TTYs
[12:06:00] * TheMightyBuzzard forgives
[12:06:32] * Bytram TTY1: emacs /etc/bind/db.soylentnews.org
[12:06:39] <TheMightyBuzzard> but yes. just easier that way not crucial that it be done from separate ttys
[12:06:47] <Bytram> k
[12:07:40] <Bytram> I am documenting the **** out of this >here< and logging to a file so I can check back and get any needed hits in the future; plesze forgive the verbosity.
[12:08:12] <Bytram> in TTY2: /etc/bind/db.sylnt.us
[12:08:12] <TheMightyBuzzard> sure sure
[12:08:17] <Bytram> in TTY2: emacs /etc/bind/db.sylnt.us
[12:08:40] * TheMightyBuzzard even forgives the use of emacs
[12:08:56] <Bytram> in tty1 I see: 2018122301 ; serial
[12:09:23] <Bytram> changes: 2018122301 to : 2019031401
[12:09:55] <Bytram> buffer is read only
[12:10:09] <TheMightyBuzzard> right. serials in bind are arbitrary numbers but convention says use YYMMDDRR where RR = two digits worth of revision number. 00 would work just as well but you can start at 01 if you prefer.
[12:10:10] * Bytram needs to sudo, first. right? sudo -i
[12:10:20] <TheMightyBuzzard> yup
[12:10:30] <TheMightyBuzzard> most everything is going to be done as root
[12:10:56] <Bytram> tty1: sudo -i
[12:11:07] <Bytram> tty1: emacs /etc/bind/db.soylentnews.org
[12:11:57] <Bytram> tty1: changed serial to: 2019031401
[12:12:03] <TheMightyBuzzard> you shouldn't be able to ssh around the network as root though, so keep that in mind.
[12:12:06] <Bytram> save now?
[12:12:10] <Bytram> k
[12:12:28] <TheMightyBuzzard> if you like. don't close though. "keep them open."
[12:12:57] <TheMightyBuzzard> no changes in there take effect until the "rndc reload" step.
[12:13:32] <Bytram> okay
[12:13:51] <Bytram> much longer lines displayed when I, in tty2, issued: emacs /etc/bind/db.sylnt.us
[12:14:16] <TheMightyBuzzard> didja sudo over there as well?
[12:15:01] <Bytram> tty2: change 2018122301 to be 2019031401
[12:15:02] <Bytram> yesw
[12:15:07] <TheMightyBuzzard> roger
[12:15:18] <Bytram> tty2: saved
[12:15:52] <Bytram> next step:
[12:16:02] <Bytram> >>> as root on magnesium: /root/bin/newcert.sh yes, let it log our ip it will give you two long values each for _acme-challenge.soylentnews.org and _acme-challenge.sylnt.us that you need to replace the old values in db.sylnt.us and db.soylentnews.org on boron with.
[12:16:12] <Bytram> do this in tty3, right?
[12:16:16] <TheMightyBuzzard> nod nod
[12:16:26] <Bytram> tty3: sudo -i
[12:16:57] <Bytram> tty3: /root/bin/newcert.sh
[12:17:11] <TheMightyBuzzard> make note of the IMPORTANT just below before you go hitting buttons after starting that script
[12:17:15] <Bytram> oops
[12:17:21] <Bytram> tty3: ssh magnesium
[12:17:26] <Bytram> tty3: /root/bin/newcert.sh
[12:17:29] <TheMightyBuzzard> nod nod
[12:18:07] <Bytram> see buncha stuff displayed ending with:
[12:18:09] <Bytram> Are you OK with your IP being logged?
[12:18:09] <Bytram> -------------------------------------------------------------------------------
[12:18:10] <Bytram> (Y)es/(N)o:
[12:18:20] <Bytram> tty3: y
[12:18:59] <Bytram> tty3: see this displayed:
[12:19:03] <Bytram> -------------------------------------------------------------------------------
[12:19:03] <Bytram> Please deploy a DNS TXT record under the name
[12:19:03] <Bytram> _acme-challenge.soylentnews.org with the following value:
[12:19:03] <Bytram> _ZQSrEQ3ThVsa5Rjs40W5yKfXSYCsNLPt7ag5nH6-tg
[12:19:03] <Bytram> Before continuing, verify the record is deployed.
[12:19:04] <Bytram> -------------------------------------------------------------------------------
[12:19:38] <TheMightyBuzzard> you'll get four blocks like that. do not hit enter after the 4th is displayed
[12:20:11] <Bytram> k
[12:20:32] * Bytram just resized his emacs windows to avoid screen wrap
[12:21:32] <TheMightyBuzzard> afk a moment. forgot it's trash day.
[12:21:42] <Bytram> nod nod
[12:22:58] * Bytram just found the pre-existing _acme-challenge.soylentnews.org lines db.soylentnews.org
[12:24:13] <Bytram> huh. there are TWO pre-existing lines acme_challenge lines in db.soylentnews.org
[12:24:36] <Bytram> tty1: contains: _acme-challenge.soylentnews.org. 1 IN TXT "5Jq-crlNXy71eE5MHKslnyZe75DQdkmDs7IvvkHvIW8"
[12:24:36] <Bytram> _acme-challenge.soylentnews.org. 1 IN TXT "2j4D0R4p1Q_Q5uOjs6ZSc1wUFzzSdkFvPWlxkB4Jgks"
[12:24:49] <Bytram> ugh. try again
[12:24:51] <Bytram> _acme-challenge.soylentnews.org. 1 IN TXT "5Jq-crlNXy71eE5MHKslnyZe75DQdkmDs7IvvkHvIW8"
[12:24:51] <Bytram> _acme-challenge.soylentnews.org. 1 IN TXT "2j4D0R4p1Q_Q5uOjs6ZSc1wUFzzSdkFvPWlxkB4Jgks"
[12:25:04] <TheMightyBuzzard> yeah, there's supposed to be. it would be a problem if you were trying to put two values into one record.
[12:26:02] <Bytram> which one do I change... here';s the3 instructions:
[12:26:03] <Bytram> -------------------------------------------------------------------------------
[12:26:03] <Bytram> Please deploy a DNS TXT record under the name
[12:26:03] <Bytram> _acme-challenge.soylentnews.org with the following value:
[12:26:03] <Bytram> _ZQSrEQ3ThVsa5Rjs40W5yKfXSYCsNLPt7ag5nH6-tg
[12:26:03] <Bytram> Before continuing, verify the record is deployed.
[12:26:05] <Bytram> -------------------------------------------------------------------------------
[12:26:10] <Bytram> that looks like only one record to me
[12:26:37] <TheMightyBuzzard> please note "<TheMightyBuzzard> you'll get four blocks like that. do not hit enter after the 4th is displayed"
[12:26:48] <TheMightyBuzzard> that means you DO hit enter after the first three
[12:27:06] <Bytram> do I leave the existing ones there?
[12:27:29] <TheMightyBuzzard> nope, thus the word "replace" in the instructions.
[12:27:36] <Bytram> okay...
[12:27:54] <Bytram> I have two existing records and one new value... replace in the first record?
[12:28:06] <TheMightyBuzzard> which gets replaced with which doesn't matter as long as the ones for soylentnews.org get the soylentnews.org records and ditto sylnt.us
[12:28:24] <Bytram> hrrrrrm.... okaaaaay
[12:28:40] <Bytram> me goes top-to-bottom and updates the first one
[12:28:40] <TheMightyBuzzard> the nameserver doesn't necessarily return them in order anyway
[12:28:47] <Bytram> k
[12:29:34] <TheMightyBuzzard> you can change them one at a time or all at once, entirely up to you.
[12:29:52] <Bytram> first new value is in
[12:30:20] <Bytram> saving the value in the txt record counts as "deployed"?
[12:30:50] <TheMightyBuzzard> not really, no. but they don't need to be deployed until you get the 4th one done.
[12:30:57] <Bytram> ahhh, got it.
[12:31:10] <Bytram> tty3: hit enter and saw:
[12:31:12] <Bytram> -------------------------------------------------------------------------------
[12:31:13] <Bytram> Please deploy a DNS TXT record under the name
[12:31:16] <Bytram> _acme-challenge.sylnt.us with the following value:
[12:31:18] <Bytram> ishj3_Luc1bMNI73VgwKNHOJO2vCHerEUE2Z3N8qj_E
[12:31:20] <Bytram> Before continuing, verify the record is deployed.
[12:31:22] <Bytram> -------------------------------------------------------------------------------
[12:31:23] <Bytram> Press Enter to Continue
[12:32:10] <TheMightyBuzzard> that's a sylnt.us one, so other file
[12:32:41] <Bytram> ooops
[12:32:45] <Bytram> thanky!
[12:32:50] * TheMightyBuzzard nods
[12:33:11] <TheMightyBuzzard> you can tell by how it says _acme-challenge.sylnt.us
[12:33:57] <Bytram> yeah, see it... now. :)
[12:34:16] <Bytram> -------------------------------------------------------------------------------
[12:34:16] <Bytram> Please deploy a DNS TXT record under the name
[12:34:16] <Bytram> _acme-challenge.soylentnews.org with the following value:
[12:34:16] <Bytram> ZEdyHScZ2eAOnCcMpmzR9AYNGiCLlOC9sVGcsGM4qM8
[12:34:16] <Bytram> Before continuing, verify the record is deployed.
[12:34:16] <Bytram> -------------------------------------------------------------------------------
[12:34:19] <Bytram> Press Enter to Continue
[12:37:03] <Bytram> okay... that's 4 of em changed
[12:37:14] <TheMightyBuzzard> you only listed 3
[12:37:26] <TheMightyBuzzard> change the 4th silent like?
[12:37:49] <Bytram> crap... kbd focus messed up and just pressed enter on tty3
[12:38:03] <TheMightyBuzzard> start over =P
[12:38:14] <Bytram> thot so.
[12:38:55] <TheMightyBuzzard> thankfully you didn't rndc reload yet so you don't technically have to change the revision numbers. good habit to anyway though.
[12:40:04] <Bytram> going between kbd/mouse actions/shortcuts on winders, emacs, and shell is... interesting.
[12:40:09] <Bytram> brb
[12:40:37] <TheMightyBuzzard> ya, ima go grab a smoke. pause at the dig step if you get there before i get back.
[12:42:25] <Bytram> k
[12:44:23] <TheMightyBuzzard> back
[12:44:46] * Bytram saw: Failed authorization procedure. and 4 errors displayed; thrown back to command prompt on magnesium
[12:45:06] <Bytram> tty3: (mags) issues cmd: /root/bin/newcert.sh
[12:47:59] <Bytram> okay, got 3 TXT records done: soylentnews.org, sylnt.us, and soylentnews.org
[12:48:13] <TheMightyBuzzard> need to do four
[12:48:19] <Bytram> so one more enter
[12:48:43] * TheMightyBuzzard nods
[12:49:05] <TheMightyBuzzard> annoying things are good teachers i find
[12:49:13] <Bytram> tru dat
[12:49:25] <Bytram> much appreciate your patience thru my newbie mistakes
[12:49:33] <Bytram> okay, that's all 4 of themn
[12:49:40] <TheMightyBuzzard> same ones i made. no worries.
[12:49:46] * Bytram looks back at the instructions.
[12:49:48] <Bytram> ;)
[12:50:35] <Bytram> oh... gotyta change the serial, too!
[12:51:01] <TheMightyBuzzard> both of em, yeah
[12:51:10] <Bytram> got it. done!
[12:51:12] <TheMightyBuzzard> the dig commands can happen from any linux box connected to the internet, FYI
[12:51:38] * Bytram opens another tty
[12:51:48] <TheMightyBuzzard> can do it from one you edited from
[12:52:21] <TheMightyBuzzard> unless you want to keep those open. in which case rock on with your bad self.
[12:52:54] <Bytram> tty4 is up
[12:53:00] <Bytram> kinit
[12:53:03] <Bytram> sudo -i
[12:53:26] <TheMightyBuzzard> changes to the files saved?
[12:53:43] <Bytram> yes
[12:53:47] * TheMightyBuzzard nods
[12:53:49] <Bytram> >>> as root on boron run: rndc reload
[12:54:04] <Bytram> confirm, do that now?
[12:54:13] <Bytram> or did I miss something?
[12:54:24] <TheMightyBuzzard> nope, you're doing good
[12:54:31] <Bytram> =)
[12:54:47] <Bytram> that'll be in tty4
[12:55:33] <Bytram> server reload successful
[12:55:47] <Bytram> now to try digging
[12:55:58] <TheMightyBuzzard> it can take more than 5m for dns on linode's nameservers to catch up to our changes, thus checking them all and waiting.
[12:56:23] <Bytram> nod nod
[12:56:41] <TheMightyBuzzard> i COULD script this all but i dislike automating changes to DNS.
[12:56:48] <Bytram> nod nod
[12:56:55] <Bytram> tty4: dig _acme-challenge.soylentnews.org TXT @ns1.linode.com
[12:58:04] <TheMightyBuzzard> relevant bits: ;; ANSWER SECTION:
[12:58:04] <TheMightyBuzzard> _acme-challenge.soylentnews.org. 1 IN TXT "2j4D0R4p1Q_Q5uOjs6ZSc1wUFzzSdkFvPWlxkB4Jgks"
[12:58:04] <TheMightyBuzzard> _acme-challenge.soylentnews.org. 1 IN TXT "5Jq-crlNXy71eE5MHKslnyZe75DQdkmDs7IvvkHvIW8"
[12:58:12] <Bytram> tty4: dig _acme-challenge.soylentnews.org TXT @ns1.linode.com
[12:58:22] <Bytram> tty4: dig _acme-challenge.soylentnews.org TXT @ns1.linode.com | grep _acme
[12:59:31] <TheMightyBuzzard> doesn't look like rndc reload worked. you did it as root, yes?
[12:59:36] <Bytram> yes
[12:59:51] * TheMightyBuzzard checked dig _acme-challenge.soylentnews.org TXT @boron
[12:59:58] <Bytram> root@boron:~# rndc reload
[12:59:58] <Bytram> server reload successful
[13:00:05] <TheMightyBuzzard> reload again if you would.
[13:00:09] <Bytram> k
[13:00:30] <Bytram> server reload successful
[13:00:53] <Bytram> root@boron:~# dig _acme-challenge.soylentnews.org TXT @ns1.linode.com | grep _acme
[13:00:53] <Bytram> ; <<>> DiG 9.9.5-3ubuntu0.15-Ubuntu <<>> _acme-challenge.soylentnews.org TXT @ns1.linode.com
[13:00:53] <Bytram> ;_acme-challenge.soylentnews.org. IN TXT
[13:00:53] <Bytram> _acme-challenge.soylentnews.org. 1 IN TXT "2j4D0R4p1Q_Q5uOjs6ZSc1wUFzzSdkFvPWlxkB4Jgks"
[13:00:53] <Bytram> _acme-challenge.soylentnews.org. 1 IN TXT "5Jq-crlNXy71eE5MHKslnyZe75DQdkmDs7IvvkHvIW8"
[13:00:54] <Bytram> root@boron:~#
[13:01:32] <TheMightyBuzzard> sumpin's wonky. boron should show the changes immediately.
[13:01:50] <TheMightyBuzzard> ns1..ns5 should take longer but boron should be instant.
[13:02:09] <Bytram> ruh roh.
[13:02:27] <TheMightyBuzzard> oh, you left off a quote mark in the file
[13:02:50] <TheMightyBuzzard> so it borks on parsing the file and doesn't make any changes
[13:02:59] <Bytram> ~blame
[13:03:01] * exec points at Bytram
[13:03:06] <TheMightyBuzzard> increment the serial, fix the quote, rndc reload
[13:03:14] <Bytram> I see it now. tx!
[13:03:16] <TheMightyBuzzard> well and save before the reload
[13:04:24] <TheMightyBuzzard> ya, sylnt.us looks fine but the typo kept soylentnews.org from parsing.
[13:04:47] <TheMightyBuzzard> you can blame cmn32480 if you like. he's our minister of typos.
[13:05:02] <Bytram> he's our Prime Minister of typos!
[13:05:40] <Bytram> do I need a new serial and another pass through getting the four values?
[13:06:02] <Bytram> or... can I just do rndc reload
[13:06:02] <TheMightyBuzzard> no, just a new serial, save, reload
[13:06:11] <Bytram> oh, noiice!
[13:07:10] <Bytram> serials changed to 2019031403 on both files.
[13:07:40] <Bytram> files saved
[13:07:46] <Bytram> root@boron:~# rndc reload
[13:07:46] <Bytram> server reload successful
[13:08:12] <TheMightyBuzzard> okay, showing correctly on boron dig. now wait on ns1-ns5 to all show correct too
[13:10:12] * TheMightyBuzzard pokes Bytram
[13:10:22] * Bytram giggles
[13:10:34] * Bytram needs bio break... 5 minutes?
[13:10:46] <TheMightyBuzzard> sure sure. they're all showing good already but no rush.
[13:10:55] <Bytram> k thx
[13:16:33] <Bytram> ]back
[13:17:21] <TheMightyBuzzard> yar
[13:17:45] <Bytram> ahhh, now I got ya.
[13:18:12] <Bytram> dig _acme-challenge.sylnt.us TXT @ns5.linode.com
[13:19:17] <TheMightyBuzzard> yarp. make sure and check both domains on all five nameservers
[13:19:48] <Bytram> ok, check ns1 through ns5 for both soylentnews.org and sylnt.us and see the changes to the two _amce-challenge records in each of them
[13:20:03] <TheMightyBuzzard> nod nod
[13:20:10] <Bytram> !!
[13:20:52] <Bytram> >>> replacing ns1 with ns1 through ns5. **it is important that all five of them show the new values or you could end up having to start all over.**
[13:20:52] <Bytram> when they have, as root on magnesium:
[13:20:52] <Bytram> hit enter on the fourth value.
[13:21:04] <TheMightyBuzzard> yup
[13:21:13] <Bytram> on tty3 I can now hit enter. right?
[13:21:20] <TheMightyBuzzard> ed zackery
[13:21:48] <Bytram> k
[13:22:00] <Bytram> looks good. here's what it gave me:
[13:22:01] <Bytram> Press Enter to Continue
[13:22:02] <Bytram> Waiting for verification...
[13:22:02] <Bytram> Cleaning up challenges
[13:22:02] <Bytram> IMPORTANT NOTES:
[13:22:02] <Bytram> - Congratulations! Your certificate and chain have been saved at:
[13:22:03] <Bytram> /etc/letsencrypt/live/soylentnews.org/fullchain.pem
[13:22:05] <Bytram> Your key file has been saved at:
[13:22:10] <Bytram> /etc/letsencrypt/live/soylentnews.org/privkey.pem
[13:22:12] <Bytram> Your cert will expire on 2019-06-12. To obtain a new or tweaked
[13:22:14] <Bytram> version of this certificate in the future, simply run certbot
[13:22:14] <TheMightyBuzzard> yays!
[13:22:16] <Bytram> again. To non-interactively renew *all* of your certificates, run
[13:22:17] <Bytram> "certbot renew"
[13:22:19] <Bytram> - If you like Certbot, please consider supporting our work by:
[13:22:21] <Bytram> Donating to ISRG / Let's Encrypt: https://letsencrypt.org
[13:22:23] <Bytram> Donating to EFF: https://eff.org
[13:22:24] <exec> └─ �13Donate - Let's Encrypt - Free SSL/TLS Certificates�
[13:22:25] <Bytram> root@magnesium ~ #
[13:22:55] <TheMightyBuzzard> rest should be fairly quick
[13:23:15] <Bytram> next step(s):
[13:23:19] <Bytram> >>> as root on magnesium:
[13:23:19] <Bytram> rc-service nginx restart
[13:23:43] <TheMightyBuzzard> you missed one
[13:23:48] <Bytram> looks like I am on boron on all ttys...
[13:23:53] <Bytram> oh?
[13:24:01] <TheMightyBuzzard> and tty3 should be on magnesium
[13:24:16] <Bytram> oh, yes it is.
[13:24:44] <TheMightyBuzzard> the next "as root on magnesium" has two commands under it
[13:25:07] <Bytram> nod nod
[13:25:12] <Bytram> copy/paste error.
[13:25:14] <Bytram> >>> as root on magnesium:
[13:25:14] <Bytram> rc-service nginx restart
[13:25:26] <TheMightyBuzzard> ha! irc ate it
[13:25:33] <TheMightyBuzzard> cause it starts with a slash
[13:25:37] <Bytram> hah! hexchat sees the "/" starting the line and ate it
[13:25:41] <Bytram> nodnod
[13:25:45] * TheMightyBuzzard ninjas
[13:25:50] <Bytram> yuppers
[13:25:54] <Bytram> just a sec.
[13:25:57] <Bytram> or two
[13:26:33] <Bytram> # as root on magnesium:
[13:26:34] <Bytram> #
[13:26:34] <Bytram> # /root/bin/fixcertperms.sh
[13:26:34] <Bytram> # rc-service nginx restart
[13:26:42] <Bytram> =)
[13:26:48] * TheMightyBuzzard chuckles
[13:27:06] <Bytram> tty3: /root/bin/fixcertperms.sh
[13:27:47] <Bytram> saw bunch of rsync errors.
[13:28:18] <TheMightyBuzzard> "there will be error messages. don't worry about them for now. i'll try and get rid of them later."
[13:28:44] <Bytram> saw that, but wanted to confirm. tx!
[13:29:29] <Bytram> here's the last part of what was displayed:
[13:29:33] <Bytram> renewal/
[13:29:33] <Bytram> renewal/soylentnews.org.conf
[13:29:33] <Bytram> 609 100% 594.73kB/s 0:00:00 (xfr#9, to-chk=0/89)
[13:29:33] <Bytram> rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1189) [sender=3.1.3]
[13:29:33] <Bytram> * Checking nginx' configuration ... [ ok ]
[13:29:36] <Bytram> * Starting nginx ... [ ok ]
[13:29:41] <Bytram> #########################
[13:29:43] <Bytram> now you need to log out as root and run: kinit
[13:29:44] <Bytram> then ssh to lithium and run: sudo /root/bin/newcert.sh
[13:29:46] <Bytram> then ssh to beryllium and run: sudo /root/bin/newcert.sh
[13:29:48] <Bytram> #########################
[13:29:51] <Bytram> root@magnesium ~ #
[13:29:58] * TheMightyBuzzard nods
[13:30:35] <Bytram> which matches the instructions. =)
[13:30:37] <TheMightyBuzzard> it's okay to say bob. it's not a secret.
[13:31:23] <TheMightyBuzzard> it's not dangerous to have a known username and it's not like it's my actual name or anything, just the username i use when i can't think of anything better.
[13:31:24] <Bytram> ahhh, with new certs "living" out there, kinit is no longer running with the correct certs?
[13:32:00] <TheMightyBuzzard> no, part of the script you just ran broke your kinit status by switching to someone else's
[13:32:16] <Bytram> ahhh. k
[13:32:59] <Bytram> tty3: exit
[13:33:19] <Bytram> am now back to boron
[13:33:35] <TheMightyBuzzard> shouldn't be but that's fine
[13:34:47] <Bytram> tty3: exit
[13:34:56] <Bytram> (to get from root back to martyb)
[13:34:59] <Bytram> kinit
[13:35:12] <TheMightyBuzzard> kinit username not just kinit
[13:35:13] <Bytram> that worked
[13:35:31] <Bytram> martyb@boron:~$ kinit
[13:35:31] <Bytram> Password for martyb@LI694-22:
[13:35:31] <Bytram> martyb@boron:~$
[13:35:54] <Bytram> okay to proceed to lithium?
[13:35:59] <TheMightyBuzzard> sure
[13:36:29] <TheMightyBuzzard> can do the rest as you since there's sudo before the commands.
[13:36:54] <Bytram> that was my next question... thanks!
[13:37:10] <Bytram> sudo /root/bin/newcert.sh
[13:37:38] <Bytram> martyb@lithium:~$ sudo /root/bin/newcert.sh
[13:37:39] <Bytram> * Stopping varnishd ... [ ok ]
[13:37:39] <Bytram> * Starting varnishd ...
[13:37:39] <Bytram> Debug: Version: varnish-6.0.1 revision 8d54bec5330c29304979ebf2c425ae14ab80493c
[13:37:39] <Bytram> Debug: Platform: Linux,4.9.7-x86_64-linode80,x86_64,-junix,-smalloc,-sdefault,-hcritbit
[13:37:40] <Bytram> Debug: Child (28227) Started [ ok ]
[13:37:43] <Bytram> * Checking nginx' configuration ... [ ok ]
[13:37:47] <Bytram> * Stopping nginx ... [ ok ]
[13:37:50] <Bytram> * Starting nginx ... [ ok ]
[13:37:53] <Bytram> Rehash of Charybdis at PID 3673 was attempted
[13:37:55] <Bytram> martyb@lithium:~$
[13:37:56] <Bytram> .
[13:37:58] <Bytram> sudo /root/bin/newcert.sh
[13:38:19] <Bytram> .
[13:38:22] <Bytram> martyb@lithium:~$ sudo /root/bin/newcert.sh
[13:38:23] <Bytram> * Stopping varnishd ... [ ok ]
[13:38:23] <Bytram> * Starting varnishd ...
[13:38:23] <Bytram> Debug: Version: varnish-6.0.1 revision 8d54bec5330c29304979ebf2c425ae14ab80493c
[13:38:23] <Bytram> Debug: Platform: Linux,4.9.7-x86_64-linode80,x86_64,-junix,-smalloc,-sdefault,-hcritbit
[13:38:24] <Bytram> Debug: Child (28802) Started [ ok ]
[13:38:27] <Bytram> * Checking nginx' configuration ... [ ok ]
[13:38:29] <Bytram> * Stopping nginx ... [ ok ]
[13:38:33] <Bytram> * Starting nginx ... [ ok ]
[13:38:36] <Bytram> Rehash of Charybdis at PID 3673 was attempted
[13:38:40] <Bytram> martyb@lithium:~$
[13:38:40] <TheMightyBuzzard> you did it twice?
[13:38:57] <Bytram> doh!
[13:39:07] <TheMightyBuzzard> won't hurt anything but...
[13:39:17] <Bytram> ssh beryllium
[13:39:31] <Bytram> sudo /root/bin/newcert.sh
[13:40:13] <Bytram> [martyb@beryllium ~]$ sudo /root/bin/newcert.sh
[13:40:14] <Bytram> Stopping Dovecot Imap: [ OK ]
[13:40:15] <Bytram> Starting Dovecot Imap: [ OK ]
[13:40:17] <Bytram> Shutting down postfix: [ OK ]
[13:40:20] <Bytram> Starting postfix: [ OK ]
[13:40:22] <Bytram> Stopping httpd: [ OK ]
[13:40:23] <Bytram> Starting httpd: [ OK ]
[13:40:26] <Bytram> [martyb@beryllium ~]$
[13:40:28] <Bytram> .
[13:40:31] <Bytram> that should do it, right?
[13:41:14] <TheMightyBuzzard> check and see.
[13:42:05] * Bytram reloads main page
[13:42:10] <Bytram> checks padlock
[13:42:21] <TheMightyBuzzard> check in a browser
[13:42:45] <Bytram> begins on Thursday, March 14, 2019
[13:42:59] <Bytram> expires on: Wednesday, June 12, 2019
[13:43:01] <Bytram> =)
[13:43:12] <Bytram> is what I did.
[13:43:58] <TheMightyBuzzard> things you need to check that i can think of off hand: https on dev and base domain, irc1.sylnt.us and irc2.sylnt.us in hexchat, sending and receiving mail with a mail client using your sn account (can be to yourself)
[13:45:05] <Bytram> checked https://logs.sylnt.us in my browser; certificate checks out as being updated. =)
[13:45:32] <TheMightyBuzzard> oh ya, forgot all the domains bery hosts.
[13:45:34] <Bytram> dev is good
[13:46:03] <TheMightyBuzzard> like logs and chat and blah blah
[13:46:23] <Bytram> do we have a *complete* list of all our domains somewhere?
[13:47:14] <TheMightyBuzzard> yep. sudo ls -l /etc/bind/
[13:47:22] <TheMightyBuzzard> on boron
[13:47:24] <Bytram> oh, and before I forget, thanks so very much for your patient encouragement during my first time cert install!
[13:47:25] <Bytram> k
[13:48:08] <TheMightyBuzzard> helium hosts internal dns stuff, boron hosts external.
[13:48:24] <Bytram> I see about thirty files listed?
[13:49:14] <TheMightyBuzzard> the ones that start with db. are the ones to look at.
[13:49:59] <TheMightyBuzzard> fucking emacs... do please delete the db.sylnt.us~ and db.soylentnews.org~
[13:50:02] * Bytram is missing something... how do I "look" at them? cat?
[13:50:15] <TheMightyBuzzard> no, the filenames tell you what domain names we host
[13:50:29] <TheMightyBuzzard> top level anyway
[13:51:14] <TheMightyBuzzard> if you want to see our subdomains, look in the relevant file with cat or less or an editor. like the ones you had open earlier.
[13:51:48] <Bytram> okaaay, so for soylentnews.org what would I do to look at it?
[13:52:00] <Bytram> TLI5
[13:52:33] <TheMightyBuzzard> A records, AAAA records, CNAME records
[13:52:46] <Bytram> ahhhh, choo! =)
[13:52:48] <Bytram> k
[13:53:23] <TheMightyBuzzard> nicotine break
[13:54:25] <Bytram> email send went okay
[13:55:10] <Bytram> and... email received !
[13:55:22] <Bytram> thanks zagain
[13:55:39] <Bytram> I need to take a phone call... will be back in a bit; off line until then
[14:03:03] <TheMightyBuzzard> need to check which cert was used sending and receiving if you can, not just that it sends. otherwise all good. anyway, i'm out for a while too.
[14:43:48] * Bytram uses thunderbird and settings are a bit... opaque
[14:46:15] <Bytram> I think I am using our self-signed certs
[17:00:32] -!- NotSanguine [NotSanguine!~notsangui@xmf-69-640-580-028.nyc.res.rr.com] has joined #dev
[17:00:37] <NotSanguine> hey
[17:01:11] <Bytram> TheMightyBuzzard: NotSanguine has expressed an interest in helping out with the site. Has operations experience. Here, let him tell you in his ow words:
[17:01:13] <Bytram> =)
[17:01:26] <Bytram> s/ow /own/
[17:01:34] <NotSanguine> I have some time on my hands, so I can take care of some stuff. But I don't know what you guys need/want
[17:02:09] <NotSanguine> BUt I'm not driving boxes of backup tapes to NCommander's secret lair. Sorry. :)
[17:02:18] <Bytram> how about site and services monitoring?
[17:02:50] <NotSanguine> In terms of doing the monitoring, or implementing/automating it?
[17:02:58] <Bytram> bbbbut the secret lair has volcanoes and coconuts and laserz!
[17:03:09] <Bytram> ummm, yes!
[17:03:18] <NotSanguine> Well...If the lasers are on sharks, okay.
[17:03:28] <Bytram> ISTR that audioguy has something in place, but that's about all I know.
[17:03:58] <Bytram> The real question is would you be able to get along with this strange lot.
[17:04:10] <NotSanguine> I'm not surprised. the level of complexity isn't huge with SN, but certainly enough to warrant centralized monitoring/managment
[17:04:19] <Bytram> nod nod
[17:04:36] <Bytram> would it be okay if the sharks are mounted on the lazerz?
[17:04:56] <NotSanguine> I am uid 285 bytram. And a lapsed editor.
[17:05:06] <NotSanguine> So if I haven't left yet...
[17:05:07] <Bytram> k
[17:05:25] <NotSanguine> sharks mounting lasers? Taht sounds dirty
[17:05:27] <Bytram> so, ultimately, it would be up to them to decide.
[17:05:46] <Bytram> nope. Just really BIG lasers to mount the sharks on.
[17:06:40] <NotSanguine> Sure. Again, I really don't know what outstanding operations/management/sysadmin tasks/issues there are.
[17:07:46] <Bytram> sadly, nor do I. All I know is that we don't have a lot of depth in the various "positions" so TMB is stretched a bit thin.
[17:08:30] <Bytram> He's off doing some stuff atm, but I pinged him above, so he should see this discussion; I'll let him get back to you.
[17:08:52] <NotSanguine> I tell you what. Do you folks want to discuss amonst yourselves and let me know?
[17:10:05] <NotSanguine> I'd be happy to give TheMightyBuzzard a little break so he can post more journals and piss aristarchus off even more. :)
[17:11:09] <Bytram> lol
[17:11:36] <Bytram> I've sent up the bat signal. I'll let him get back to you. k?
[17:13:11] <NotSanguine> Sure. If I'm not around on IRC, you guys can get me at NotSanguine@SoylentNews.Org. That assumes my account hasn't been axed since I stopped editing.
[17:14:03] <Bytram> send yourself an email and check?
[17:14:19] <NotSanguine> Ugh! I have to do everything? :) :) :)
[17:14:33] <Bytram> yes.
[17:15:05] <NotSanguine> lol
[17:15:19] <NotSanguine> no worries. testing already.
[17:15:32] <Bytram> never ask a question unless you are prepared to accept whatever answer you may receive.
[17:15:59] <NotSanguine> Sweet. I got two emails from the test
[17:16:12] <NotSanguine> Now I can get double Buzzard. :)
[17:16:17] <Bytram> lol
[17:18:12] <NotSanguine> Remind me of the name of the server with ssh access please. I'd like to test that my ssh key still works
[17:20:39] <Bytram> would you believe I'm not sure? I just load up putty and then... click here, click there, clicky and then when the promt comes up enter my pwd... I'm guessing it's beryllium or maybe moron
[17:22:29] <NotSanguine> you mean boron, yes?
[17:22:33] <NotSanguine> hee hee
[17:22:44] <Bytram> ooooops!
[17:22:45] <Bytram> yes
[17:23:03] <Bytram> ok. got a buncha stuff to do. catch y'all later.
[17:24:10] <NotSanguine> Looks like my key expired or I forgot my passphrase. Catch you later.
[17:25:56] <NotSanguine> TheMightyBuzzard: If I don't respond here, please email me NotSanguine@SoylentNews.Org
[17:32:30] <TheMightyBuzzard> NotSanguine, ugh, don't make me think right now. just got done turning my moat back into a trench.
[17:32:55] <NotSanguine> No worries.
[17:33:25] <NotSanguine> Have a beer and a smoke. Or several of both
[17:33:40] <TheMightyBuzzard> think i'll have a nap instead
[17:33:49] <NotSanguine> that works too
[17:34:28] <NotSanguine> As I told bytram, I have decades of sysadmin/operations experience on unix/linux systems of various flavors.
[17:34:50] <NotSanguine> I also have some time on my hands. So if I can help out, I'd be happy to do so.
[17:35:24] <NotSanguine> When you have time, let me know when would be good to discuss what you guys may need.
[17:35:28] <NotSanguine> If that works for you
[21:01:35] -!- NotSanguine has quit [Quit: Nettalk6 - www.ntalk.de]
[21:46:35] -!- MrPlow has quit [Remote host closed the connection]
[21:47:01] -!- MrPlow [MrPlow!MrPlow@Soylent/BotArmy] has joined #dev
[21:47:01] -!- MrPlow has quit [Changing host]
[21:47:01] -!- MrPlow [MrPlow!MrPlow@nsa.gov] has joined #dev
[21:48:41] -!- MrPlow has quit [Remote host closed the connection]
[21:49:01] -!- MrPlow [MrPlow!MrPlow@Soylent/BotArmy] has joined #dev
[21:49:01] -!- MrPlow has quit [Changing host]
[21:49:01] -!- MrPlow [MrPlow!MrPlow@nsa.gov] has joined #dev