September 2017 - Heroes - openSUSE Mailing Lists

[heroes] pfx2asn not up to date? (olaf/scanner)

by Per Jessen

On olaf, there is a cronjob that is meant to refresh the pfx2asn table every day. It doesn't look as if it has been done for maybe 2 years. Some scripts or binaries are missing 'asn_get_routeviews' and 'asn_import' ? These are supplied by apache2-mod_asn-tools, which is not installed. I was just wondering - olaf is new, but that data in the pfx2asn table is least 2 years old ? About a week ago, I wrote to the mirroring list about some stats we discovered on our public mirror: ------------------------ ... these are some interesting observations. Looking only at traffic from user-agent "ZYpp <something>" : [snip] 123 different countries, 50 with more than 10 unique addresses. (IPv4 only). These are the top scorers: country addrs | us | 1115 | | de | 768 | | it | 658 | | ch | 639 | | es | 462 | | fr | 315 | | br | 312 | | ru | 234 | | ca | 143 | | in | 131 | | cn | 128 | | mx | 120 | | uk | 119 | | za | 111 | | pl | 105 | ---------------------------- I think this is due to no asn numbers for our IP range (185.85.248.0/22). Before I go ahead and install apache2-mod_asn-tools, can anyone think of a reason I shouldn't ? afaict, all it does is retrieve the daily snapshot from mirrorbrain.org and load that into pfx2asn. -- Per Jessen, Zürich (19.1°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 3 months

2
9
0 0

[heroes] Planned power outage of the Nuremberg office from 2017-10-13 until 2017-10-15

by Lars Vogdt

Just in case you missed it in my last Email - there will be a planned power outage affecting the whole Nuremberg office from Friday afternoon (18:00 CEST), 2017-10-13 until Sunday afternoon (ETA ~22:00), 2017-10-15 Reason: maintenance off the power transformers in the building the whole Saturday. Therefor we should discuss what we can do during that time and coordinate the efforts (might be the announcements or the migration of the workload to other locations). Anything against an initial meeting this week? => Saturday or Sunday around 18:00 or 20:00 ? I expect the initial meeting not to last longer than 30 minutes. With kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 3 months

5
5
0 0

[heroes] stage.opensuse.org is down ?

by Per Jessen

rsync: failed to connect to stage.opensuse.org (2001:67c:2178:8::10): No route to host (113) rsync: failed to connect to stage.opensuse.org (195.135.221.130): Connection timed out (110) rsync error: error in socket IO (code 10) at clientserver.c(128) [Receiver=3.1.1] Since around 08:45 CET. -- Per Jessen, Zürich (14.7°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 3 months

1
1
0 0

[heroes] DNS

by Knurpht - Gertjan Lettink

Looks like something broke the webserver/homepage, all links on opensuse.org are redirected to the homepage -- Gertjan Lettink, a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 3 months

2
3
0 0

[heroes] https://monitor.opensuse.org/icinga/ => please check your machines

by Lars Vogdt

Hi @ll As the offered openSUSE services had some outages during the last weeks, and there is another big issue in front of us[1], I decided to go with manual configuration of our new monitoring system for now. I'm just to silly at the moment to "saltify" everything from the beginning. So here it is: https://monitor.opensuse.org/icinga/ is monitoring 33 hosts now with 594 services. Please create new issues in Category "monitoring" if: a) you miss important checks b) want to get access to your machine All important details should be mentioned at: https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Monitoring With kind regards, Lars PS: so far we have already 20 critical and 4 warning states for services (96.3% health)... -- [1]: Planned power outage in Nuremberg from 2017-10-13 until 2017-10-15 [2]: https://progress.opensuse.org/projects/opensuse-admin/issues/new -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

3
6
0 0

[heroes] vpn restarted, then didn't come up?

by Per Jessen

Sep 20 13:55:59 io64 openvpn[6610]: Re-using SSL/TLS context Sep 20 13:55:59 io64 openvpn[6610]: LZO compression initialized Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link local: [undef] Sep 20 13:56:00 io64 openvpn[6610]: UDPv4 link remote: 195.135.221.151:1194 Sep 20 13:56:00 io64 openvpn[6610]: [scar.opensuse.org] Peer Connection Initiated with 195.135.221.151:1194 Sep 20 13:56:01 io64 openvpn[6610]: AUTH: Received AUTH_FAILED control message Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: ERROR: Linux route delete command failed: shell command exited with error status: 7 Sep 20 13:56:01 io64 openvpn[6610]: SIGTERM[soft,auth-failure] received, process exiting The two lines of "ERROR: Linux route delete command failed" made me curious. I'll see what a restart does now. -- Per Jessen, Zürich (8.6°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

3
4
0 0

[heroes] stage.opensuse.org down?

by Per Jessen

rsync: failed to connect to stage.opensuse.org (2001:67c:2178:8::10): Connection refused (111) rsync: failed to connect to stage.opensuse.org (195.135.221.130): Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(128) [Receiver=3.1.1] -- Per Jessen, Zürich (9.7°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

1
1
0 0

[heroes] Lost ticket

by Christian Boltz

Hello, I just wanted to assign ticket 25448, but only got a 404 :-( It seems someone accidently deleted it, maybe while deleting spam. *** Please take this mail as a reminder to be extra careful when *** deleting spam tickets. FYI: I re-created the lost ticket as #25466 (based on the notification mail), with the original reporter added as watcher. Regards, Christian Boltz -- Wieso Open Source grundsätzlich von betrunkenen Meerscheinchen geschrieben wird hat sich mir noch nicht erschlossen. Oder wo die Viecher Commit-Rechte her haben. [Kristian Köhntopp in https://plus.google.com/+KristianKöhntopp/posts/fTZVJbjNacs] -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

2
3
0 0

[heroes] mirrorbrain ?

by Per Jessen

At mirror.opensuse.org, our (Hostsuisse) public mirror is listed (mirror.hostsuisse.com) as serving 42.3 ISO, 42.3 repo, 42.2 ISOs, 42.2 repo. However, we also have update/ and source/ for 42.2 and 42.3. I've checked a couple of other mirrors, and I think I see the same situation elsewhere too. I've had a look at scanner.infra.o.o, but as I'm completely unfamiliar with mirrorbrain, I can't figure out how or when the status is updated/refreshed. -- Per Jessen, Zürich (12.0°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

2
3
0 0

[heroes] openSUSE VPN config / certificate issue

by Thorsten Bro

Hi all, this evening I sat down in the relaxing chair and try to setup my openVPN for openSUSE finally on my notebook as well... While using my "standard VPN config for this" (as none was provided) I faced the following issue: Mon Sep 11 21:35:52 2017 us=256843 VERIFY nsCertType ERROR: CN=scar.opensuse.org, require nsCertType=SERVER Mon Sep 11 21:35:52 2017 us=256903 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Mon Sep 11 21:35:52 2017 us=256911 TLS Error: TLS object -> incoming plaintext read error Mon Sep 11 21:35:52 2017 us=256919 TLS Error: TLS handshake failed Mon Sep 11 21:35:52 2017 us=256966 Fatal TLS error (check_tls_errors_co), restarting Mon Sep 11 21:35:52 2017 us=256993 TCP/UDP: Closing socket Mon Sep 11 21:35:52 2017 us=257018 SIGUSR1[soft,tls-error] received, process restarting Mon Sep 11 21:35:52 2017 us=257028 Restart pause, 5 second(s) The client (my computer) wants to verify the server (scar.o.o) and fails doing it, because the certificate (server cert) of scar is missing a specific FLAG which marks this cert as a "server cert" - the funny line is: Mon Sep 11 21:35:52 2017 us=256843 VERIFY nsCertType ERROR: CN=scar.opensuse.org, require nsCertType=SERVER So to achieve this, the nsCertType=SERVER should've been set on creation of the certificate of scar. While this is a "bit more" of security, when the server identifies itself correctly, we should maybe fix this and synchronize our configs. Here is my openvpn config - just for anyone interested ... by the way ...the regarding line is commented out now ... which makes VPN work. ####TCP config client dev tun tun-ipv6 keepalive 10 30 auth-user-pass script-security 3 pull dhcp-options persist-key persist-tun #ns-cert-type server comp-lzo verb 4 mute 20 mute-replay-warnings auth SHA512 cipher AES-256-CBC tls-cipher DHE-RSA-AES256-SHA ca /home/tbro/opensuse-openvpn/ca.crt cert /home/tbro/opensuse-openvpn/tbro.crt key /home/tbro/opensuse-openvpn/tbro.key tls-auth /home/tbro/opensuse-openvpn/ta.key 1 # scripts that should automatically update your DNS info when starting and stopping openvpn client. #up /etc/openvpn/client.up #down /etc/openvpn/client.down #Fallback port 443 TCP <connection> proto tcp remote scar.opensuse.org port 443 nobind </connection> ####UDP config client dev tun tun-ipv6 keepalive 10 30 auth-user-pass script-security 3 pull dhcp-options persist-key persist-tun #ns-cert-type server comp-lzo verb 4 mute 20 mute-replay-warnings auth SHA512 cipher AES-256-CBC tls-cipher DHE-RSA-AES256-SHA ca /home/tbro/opensuse-openvpn/ca.crt cert /home/tbro/opensuse-openvpn/tbro.crt key /home/tbro/opensuse-openvpn/tbro.key tls-auth /home/tbro/opensuse-openvpn/ta.key 1 # scripts that should automatically update your DNS info when starting and stopping openvpn client. #up /etc/openvpn/client.up #down /etc/openvpn/client.down Default port 1194 UDP <connection> proto udp remote scar.opensuse.org port 1194 nobind </connection> Cheers, Thorsten -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

4 years, 4 months

2
1
0 0

2022

2021

2020

2019

2018

2017

2016

Heroes September 2017