#trilug-business log

17:29:03 <Jmainguy> #startmeeting
17:29:03 <Tribot> Meeting started Mon Oct  5 17:29:03 2020 UTC.  The chair is Jmainguy. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:29:03 <Tribot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:29:07 <Jmainguy> #chair jeoff noway2
17:29:07 <Tribot> Current chairs: Jmainguy jeoff noway2
17:31:37 <Jmainguy> #topic check for agenda additions
17:31:43 <Jmainguy> jeoff: noway2 yall got anything to add to agenda today?
17:31:49 <jeoff> No
17:31:54 <noway2> no
17:32:08 <Jmainguy> #topic October
17:32:18 <Jmainguy> jeoff: we all locked in and good for thursday nigth?
17:32:50 <jeoff> Yeah, I just have to make announcements in all of LinkedIn, mailing list, Meetup, website
17:33:08 <Jmainguy> #action jeoff to update the internet on Thursdays meeting
17:33:15 <Jmainguy> jeoff: lemme know if u need any help with that today
17:33:24 <bdmc> Are we going to send our speaker a pizza?
17:33:28 <bdmc> B-)
17:33:31 <Jmainguy> #chair bdmc
17:33:31 <Tribot> Current chairs: Jmainguy bdmc jeoff noway2
17:33:39 <jeoff> Cheese-free if possible
17:33:42 <Jmainguy> its a good point, I think we agreed we would
17:33:49 <Jmainguy> jeoff: you want pizza or somehting else?
17:34:14 <noway2> how about, sausage, onion, anchovie, and hot peppers?
17:34:22 <jeoff> In all seriousness, I'll hold off on pizza. It's a great incentive for other speakers though
17:34:25 <Jmainguy> bdmc: whats best way to facilitate this? have speaker work with you directly?
17:34:30 <Jmainguy> jeoff: ack
17:34:44 <bdmc> Yes.  I would be happy to send cheesy-bread.  B-)
17:34:46 <noway2> @jeoff :P
17:35:12 <Jmainguy> #topic Spam spam spam
17:35:19 <Jmainguy> noway2: hows the war on spam going?
17:35:28 <bdmc> Or perhaps a pickup order at Bada?
17:35:34 <noway2> ok ... here is the status
17:35:54 <Jmainguy> bdmc: yeah I was thinking uber eats or pizza / whatever the speaker wants up to a reasonable number
17:36:00 <Jmainguy> like $20 I guess?
17:36:30 <bdmc> We can talk, after SPAM!!!
17:36:36 <Jmainguy> bdmc++
17:38:37 <noway2> I am quite certain that the reason the RBL checks are not working has to do with the DNS. For some reason the DNS always returns NXDOMAIN which means no spam. If I query localhost for dns instead of the 192.168 it works. I was thinkig of changing reslov.conf, but that might be temporary. I am not 100% sure about the old config files and it will likely require a reboot to pick up the network change. The danger with network changes and reboot is that
17:38:39 <noway2> if it doesn't come back up properly you need a backdoor into the system, so I need to at least coordinate with someone who can do that.
17:39:24 <bdmc> I can certainly help with that.
17:40:36 <noway2> Cool.  I did some reading on the old net config files. There is a nameserver command that is supposed to update resolv.conf. I was thinking of adding that, but then it will need to reboot or take the interface down (disconnects) then up.... (not connected) ... so reboot time.
17:41:44 <Jmainguy> noway2+ bdmc++ sounds solid
17:41:57 <Jmainguy> I am all in favor of trying it
17:42:08 <Jmainguy> lemme know if you need anythign from me or jeoff to help with that
17:42:08 <bdmc> After dark some evening would work for me.
17:42:50 <Jmainguy> #action noway2 to coordinate with bdmc to try adjusting resolv.conf as a way to combat spam
17:43:02 <Jmainguy> anything else on spam before we move on?
17:43:05 <noway2> That will work. The change should only take a few minutes to attempt. Letting the local copy of bind do the DNS instead of the host provider may be slightly slower, but I doubt it will be noticeable.
17:43:34 <Jmainguy> noway2++ id announce it to be safe, but yeah im confident it will be safe
17:43:53 <Jmainguy> I think we have the process for that in the steering wiki, its like emailing the gen pop list a day or so before I think
17:44:10 <bdmc> That usually works.
17:44:29 <noway2> No, that's where we stand.  Have an idea, testing suggests it will work, but spam is, fickle...  I'll look for a procedure.  oddly enough 'trilug-announce' is one of the most abused spam auth attempts.
17:45:00 <Jmainguy> be a huge win if we (yall =) got this solved, be a good look
17:45:08 <Jmainguy> thank you for working on this
17:45:12 <bdmc> I would tend to use "trilug," not "trilug-announce."  Some people only see the one.
17:45:25 <Jmainguy> yeah ^^ id just hit the general mailing list
17:45:52 <Jmainguy> #topic Pilot upgrades
17:46:12 <Jmainguy> noway2: your a popular guy. Need anything on this, or we holding off until we get spam under control?
17:47:47 <noway2> I kind of changed focus on the spam since it was "in my face".  I also think that the upgrade will uiltimatley help with a lot of these kinds of things.  What do we need to do to spin up the new platform / host?  It was either last week or two weeks ago, we talked about the plan, which I think was get a base server up, get the LDAP going and then the key apps from there: postfix, dovecot, apache.
17:48:29 <bdmc> Define the machine.  Decide and obtain the install ISO, go.
17:48:41 <noway2> Then let the members tell us if they need other programs.  Also a lot of disk space is likely taken up by a lot of folks runnin rails and having large installs in their home directories. Not sure if there is a better solution.
17:48:51 <bdmc> Define being RAM and Disk space.
17:49:05 <noway2> Define the machine?  Conceptually there is no problem, but I wouldn't even know who to talk to get one going.
17:49:17 <Jmainguy> yeah I think a good firstr target, would be a VM running ldap, that current pilot can point to
17:49:24 <Jmainguy> and then turn ldap server off on pilot
17:49:31 <Jmainguy> and then do it like that, one service / vm at a time
17:50:19 <noway2> I like that idea.  Have another question.  I am sure the ldap user base is outdated and probably has people that are long gone.  Would we want to clean that up?
17:50:19 <Jmainguy> I am a fedora/centos guy, but trilug has traditionall been buntu/debian, I am personally ok with any of those choices for vm OS, unless you have a diff one you want to propose
17:50:27 <bdmc> noway2: You mean how to set up the VM.  No problem.
17:50:49 <Jmainguy> noway2: yeah at some point, we should eliminate people that no longer live in NC, but its not a big concern atm
17:51:00 <Jmainguy> I would just port all the users, and we can clean it up in the future if we get bored
17:51:33 <noway2> Gotcha.  That will work. I don't think it will create a home directory unless they login.  I am comfortable with either centos or ubuntu, but I have more experience with ubuntu.
17:51:36 <bdmc> Jmainguy: That is the easiest answer, I agree.  Just dump the database and reload.
17:51:44 <Jmainguy> I also acknowledege doing multiple things at once isnt great, so I am perfectly fine with you focusing on spam for now
17:52:06 <Jmainguy> yeah they wont ever really be logging into the new ldap vm
17:52:28 <Jmainguy> its just going to serve ldap out for other vms to consume, eventually there will be a new "pilot" people ssh into, but thats further down the line
17:52:32 <bdmc> Nobody should be logging in to that machine, anyway.
17:52:37 <Jmainguy> bdmc++
17:52:44 <noway2> If we can get the spam toned down, I think it will give us some breathing room.
17:52:57 <Jmainguy> noway2: I concur, that would be a really cool win
17:53:08 <Jmainguy> I miss your emails cuz they get flagged as spam atm with the rest of it
17:53:38 <noway2> After the RBL, we may need to adjust the spamassassin....
17:53:53 <Jmainguy> makes sense
17:54:07 <Jmainguy> my knowledge there is nil, and will defer to your judgement =)
17:54:42 <Jmainguy> you are all doing a great job, and I really appreciate it
17:54:51 <Jmainguy> sorry for missing last week, got sick and forgot about trilug =)
17:55:04 <Jmainguy> looking forward to the meeting this week
17:55:13 <bdmc> Do we want to talk about "instrumenting" LDAP in some way, to help decide on the VM definition?
17:55:21 <Jmainguy> I am ok with that
17:55:27 <Jmainguy> #topic Instrumenting Ldap
17:55:46 <Jmainguy> I got plenty of time, so yall just lemme know if yall gotta bail
17:55:54 <Jmainguy> wanna be respectful of your time
17:56:02 <noway2> I'm ok right now.
17:56:04 <bdmc> I should quit soon.
17:56:20 <Jmainguy> I ahve no idea how much ram / cpu ldap needs
17:56:24 <Jmainguy> I imagine a 20 gig disk would be fine
17:56:25 <bdmc> Can we measure traffic to the LDAP server, required disk space, etc?
17:56:30 <Jmainguy> ^^ good idea
17:57:02 <Jmainguy> if we wanna save on resources, debian runs pretty light
17:57:06 <noway2> A couple of weeks ago, I did look at the ldap auth as I never used it.  It is using the slapd process and has a local database. I wonder if we can watch the process.
17:57:27 <Jmainguy> yeah top can guess how much ram / cpu a process is using
17:57:42 <Jmainguy> would have to reverse engineer to see how its doing that, catting something in /proc im sure =)
17:58:00 <Jmainguy> I imagine 1 gb ram / 1 cpu would be enough off the top of my head
17:58:21 <Jmainguy> but if we have a way to measure that, that would be dope
17:58:36 <bdmc> There are other tools that can focus on one program.  I'm out of touch -- noway2?
17:59:18 <noway2> Was just doing some google foo.  We may be limited in that Ubuntu 12 may be too old to have repositories that will add programs, so we might have to use whats available.
17:59:24 <bdmc> Of course there are the Apache log tools, but that isn't quite it.   Does slapd keep a log like that?
17:59:49 <bdmc> Don't try to upgrade Ubuntu.  That will fail miserably.
17:59:57 <Jmainguy> lol yup
18:00:06 <bdmc> Oh, sorry.  I missed where you were going.
18:00:49 <bdmc> I suppose that you could install from source.
18:01:14 <noway2> just looking now.  no slapd log directly, but it does use the old style auth log.  I am not an expert, but I have tinkered in the area I suspect it is tied into the pam.d ... yes if we need to install something it may be a compile from source.
18:01:40 <Jmainguy> apt-get can still install some things, just not apt-get upgrade / update
18:02:01 <Jmainguy> but yeah if its missing in the repos we got, from source is likely the only answer, which brings its own issues
18:02:28 <bdmc> And solves others.  It is building for the existing environment.
18:02:34 <Jmainguy> I wouldnt waste too much time trying to trace resources, and just go with 1gb ram / 1 cpu / 20 gig disk on perhaps debian
18:02:45 <Jmainguy> we can add observability to our list of tech debt
18:03:02 <bdmc> I lean towards Debian for this type of machine, myself.
18:03:09 <Jmainguy> works for me
18:03:22 <Jmainguy> its my go to for light vm's for sure
18:03:34 <noway2> I agree.... it is probably pretty light in resources.  The auth is always speedy.  How is debian in terms of being noisy with udpates?  One advantage of ubuntu is that they are somewhat controlled.
18:04:06 <bdmc> It varies.  Depends on security, to a large extent.
18:04:41 <bdmc> Anyway, time to pull the plug.  Anything more important?
18:04:49 <Jmainguy> I can be talked into buntu if u prefer that for the vm
18:04:57 <Jmainguy> just strip it down to the packages you need
18:05:03 <Jmainguy> bdmc: noway2 nah, thats all I got
18:05:09 <Jmainguy> ty both
18:05:29 <Jmainguy> #endmeeting