On olaf, there is a cronjob that is meant to refresh the pfx2asn table
every day. It doesn't look as if it has been done for maybe 2 years.
Some scripts or binaries are missing 'asn_get_routeviews'
and 'asn_import' ?
These are supplied by apache2-mod_asn-tools, which is not installed. I
was just wondering - olaf is new, but that data in the pfx2asn table is
least 2 years old ?
About a week ago, I wrote to the mirroring list about some stats we
discovered on our public mirror:
------------------------
... these are some interesting observations.
Looking only at traffic from user-agent "ZYpp <something>" :
[snip]
123 different countries, 50 with more than 10 unique addresses. (IPv4
only). These are the top scorers:
country addrs
| us | 1115 |
| de | 768 |
| it | 658 |
| ch | 639 |
| es | 462 |
| fr | 315 |
| br | 312 |
| ru | 234 |
| ca | 143 |
| in | 131 |
| cn | 128 |
| mx | 120 |
| uk | 119 |
| za | 111 |
| pl | 105 |
----------------------------
I think this is due to no asn numbers for our IP range
(185.85.248.0/22).
Before I go ahead and install apache2-mod_asn-tools, can anyone think of
a reason I shouldn't ? afaict, all it does is retrieve the daily
snapshot from mirrorbrain.org and load that into pfx2asn.
--
Per Jessen, Zürich (19.1°C)
openSUSE mailing list admin
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Just in case you missed it in my last Email - there will be a planned
power outage affecting the whole Nuremberg office from
Friday afternoon (18:00 CEST), 2017-10-13
until
Sunday afternoon (ETA ~22:00), 2017-10-15
Reason: maintenance off the power transformers in the building the
whole Saturday.
Therefor we should discuss what we can do during that time and
coordinate the efforts (might be the announcements or the migration of
the workload to other locations).
Anything against an initial meeting this week?
=> Saturday or Sunday around 18:00 or 20:00 ?
I expect the initial meeting not to last longer than 30 minutes.
With kind regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
rsync: failed to connect to stage.opensuse.org (2001:67c:2178:8::10): No route to host (113)
rsync: failed to connect to stage.opensuse.org (195.135.221.130): Connection timed out (110)
rsync error: error in socket IO (code 10) at clientserver.c(128) [Receiver=3.1.1]
Since around 08:45 CET.
--
Per Jessen, Zürich (14.7°C)
openSUSE mailing list admin
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Looks like something broke the webserver/homepage, all links on opensuse.org
are redirected to the homepage
--
Gertjan Lettink, a.k.a. Knurpht
openSUSE Board Member
openSUSE Forums Team
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi @ll
As the offered openSUSE services had some outages during the last
weeks, and there is another big issue in front of us[1], I decided to
go with manual configuration of our new monitoring system for now. I'm
just to silly at the moment to "saltify" everything from the beginning.
So here it is: https://monitor.opensuse.org/icinga/ is monitoring 33
hosts now with 594 services.
Please create new issues in Category "monitoring" if:
a) you miss important checks
b) want to get access to your machine
All important details should be mentioned at:
https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Monitoring
With kind regards,
Lars
PS: so far we have already 20 critical and 4 warning states for
services (96.3% health)...
--
[1]: Planned power outage in Nuremberg from 2017-10-13 until 2017-10-15
[2]: https://progress.opensuse.org/projects/opensuse-admin/issues/new
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
rsync: failed to connect to stage.opensuse.org (2001:67c:2178:8::10):
Connection refused (111)
rsync: failed to connect to stage.opensuse.org (195.135.221.130):
Connection refused (111)
rsync error: error in socket IO (code 10) at clientserver.c(128)
[Receiver=3.1.1]
--
Per Jessen, Zürich (9.7°C)
openSUSE mailing list admin
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hello,
I just wanted to assign ticket 25448, but only got a 404 :-(
It seems someone accidently deleted it, maybe while deleting spam.
*** Please take this mail as a reminder to be extra careful when
*** deleting spam tickets.
FYI: I re-created the lost ticket as #25466 (based on the notification
mail), with the original reporter added as watcher.
Regards,
Christian Boltz
--
Wieso Open Source grundsätzlich von betrunkenen Meerscheinchen
geschrieben wird hat sich mir noch nicht erschlossen. Oder wo
die Viecher Commit-Rechte her haben. [Kristian Köhntopp in
https://plus.google.com/+KristianKöhntopp/posts/fTZVJbjNacs]
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
At mirror.opensuse.org, our (Hostsuisse) public mirror is listed
(mirror.hostsuisse.com) as serving 42.3 ISO, 42.3 repo, 42.2 ISOs, 42.2
repo. However, we also have update/ and source/ for 42.2 and 42.3.
I've checked a couple of other mirrors, and I think I see the same
situation elsewhere too.
I've had a look at scanner.infra.o.o, but as I'm completely unfamiliar
with mirrorbrain, I can't figure out how or when the status is
updated/refreshed.
--
Per Jessen, Zürich (12.0°C)
openSUSE mailing list admin
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi all,
this evening I sat down in the relaxing chair and try to setup my
openVPN for openSUSE finally on my notebook as well...
While using my "standard VPN config for this" (as none was provided) I
faced the following issue:
Mon Sep 11 21:35:52 2017 us=256843 VERIFY nsCertType ERROR:
CN=scar.opensuse.org, require nsCertType=SERVER
Mon Sep 11 21:35:52 2017 us=256903 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Mon Sep 11 21:35:52 2017 us=256911 TLS Error: TLS object -> incoming
plaintext read error
Mon Sep 11 21:35:52 2017 us=256919 TLS Error: TLS handshake failed
Mon Sep 11 21:35:52 2017 us=256966 Fatal TLS error
(check_tls_errors_co), restarting
Mon Sep 11 21:35:52 2017 us=256993 TCP/UDP: Closing socket
Mon Sep 11 21:35:52 2017 us=257018 SIGUSR1[soft,tls-error] received,
process restarting
Mon Sep 11 21:35:52 2017 us=257028 Restart pause, 5 second(s)
The client (my computer) wants to verify the server (scar.o.o) and fails
doing it, because the certificate (server cert) of scar is missing a
specific FLAG which marks this cert as a "server cert" - the funny line is:
Mon Sep 11 21:35:52 2017 us=256843 VERIFY nsCertType ERROR:
CN=scar.opensuse.org, require nsCertType=SERVER
So to achieve this, the nsCertType=SERVER should've been set on creation
of the certificate of scar.
While this is a "bit more" of security, when the server identifies
itself correctly, we should maybe fix this and synchronize our configs.
Here is my openvpn config - just for anyone interested ... by the way
...the regarding line is commented out now ... which makes VPN work.
####TCP config
client
dev tun
tun-ipv6
keepalive 10 30
auth-user-pass
script-security 3
pull dhcp-options
persist-key
persist-tun
#ns-cert-type server
comp-lzo
verb 4
mute 20
mute-replay-warnings
auth SHA512
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
ca /home/tbro/opensuse-openvpn/ca.crt
cert /home/tbro/opensuse-openvpn/tbro.crt
key /home/tbro/opensuse-openvpn/tbro.key
tls-auth /home/tbro/opensuse-openvpn/ta.key 1
# scripts that should automatically update your DNS info when starting
and stopping openvpn client.
#up /etc/openvpn/client.up
#down /etc/openvpn/client.down
#Fallback port 443 TCP
<connection>
proto tcp
remote scar.opensuse.org
port 443
nobind
</connection>
####UDP config
client
dev tun
tun-ipv6
keepalive 10 30
auth-user-pass
script-security 3
pull dhcp-options
persist-key
persist-tun
#ns-cert-type server
comp-lzo
verb 4
mute 20
mute-replay-warnings
auth SHA512
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
ca /home/tbro/opensuse-openvpn/ca.crt
cert /home/tbro/opensuse-openvpn/tbro.crt
key /home/tbro/opensuse-openvpn/tbro.key
tls-auth /home/tbro/opensuse-openvpn/ta.key 1
# scripts that should automatically update your DNS info when starting
and stopping openvpn client.
#up /etc/openvpn/client.up
#down /etc/openvpn/client.down
Default port 1194 UDP
<connection>
proto udp
remote scar.opensuse.org
port 1194
nobind
</connection>
Cheers,
Thorsten
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org