#trilug-business log

17:30:05 <Jmainguy> #startmeeting
17:30:05 <Tribot> Meeting started Mon Oct 26 17:30:05 2020 UTC.  The chair is Jmainguy. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:30:05 <Tribot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:30:15 <Jmainguy> who else is around?
17:30:39 <noway2> Moi
17:30:48 <Jmainguy> #chair noway2
17:30:48 <Tribot> Current chairs: Jmainguy noway2
17:34:27 <Jmainguy> #topic Agenda additions
17:34:37 <Jmainguy> noway2: got anything outside the agenda you wanna talk about today?
17:35:11 <noway2> Not today.
17:37:25 <Jmainguy> #topic November meeting
17:37:37 <Jmainguy> I will email Peter today or tomorrow and confirm he is good to talk for November
17:37:46 <Jmainguy> will probably end up emailing steering email list to get his email
17:38:00 <Jmainguy> anything else before we move onto next topic?
17:38:01 <noway2> Good. What is the planned topic?
17:38:11 <Jmainguy> I do not recall lol
17:38:15 <Jmainguy> I dont know his last name or email
17:38:24 <Jmainguy> but the previous administration set it up well in advance
17:38:29 <Jmainguy> should be able to iron that out today
17:38:35 <Jmainguy> ill email steering for more info after this
17:38:42 <noway2> We will need to start lining up new ones soon, I imagine.
17:38:47 <Jmainguy> yeah true enough
17:39:00 <Jmainguy> Decemeber we will do lightening talks / virtual community hangout
17:39:10 <noway2> Via Jitsi?
17:39:17 <Jmainguy> and then we need to fill up jan-atleast april of next year, though preferably may and a few extra months
17:39:24 <Jmainguy> to make transition easier for new administration
17:39:27 <Jmainguy> yeah via Jitsi
17:39:34 <Jmainguy> unless you want us to move to a diff platform
17:39:43 <noway2> No, it works surprisingly well.
17:39:44 <Jmainguy> Jitsi feels like its working so far
17:39:47 <Jmainguy> yeah
17:40:03 <Jmainguy> if you know of anyone willing to give a talk definitly hit us up
17:40:06 <Jmainguy> or refer them to us
17:40:34 <noway2> I'll have to give it some thought....
17:40:40 <Jmainguy> noway2++
17:40:55 <Jmainguy> #topic Steering spam
17:41:06 <Jmainguy> #action Jmainguy to finalize november meeting
17:41:15 <Jmainguy> noway2: how goes the spam fight? need anything from us?
17:41:23 <Jmainguy> #chair raub
17:41:23 <Tribot> Current chairs: Jmainguy noway2 raub
17:41:51 <noway2> I need to get up with Brian on the spam issue as he can get in if changing the network settings knocks of off line.  If that works, its a temporary stop gap as we will need to upgrade (next topic) for other reasons.
17:42:05 <Jmainguy> ack
17:42:08 <noway2> It won't take long, maybe I can hit him up during the day if we can get a 15 minute window.
17:42:25 <Jmainguy> see if you can get that backdoor as well out of that meeting
17:42:35 <raub> noway2: would the network setting affect the vm server?
17:42:37 <Jmainguy> as you will need it for the upgrades and other stuff I imagine
17:43:57 <noway2> raub, I don't fully understand the question as related to the VM server, but I don't think so.  I did notice that the host has some behind the scenes NAT as you work with 192.168.x.x locally and it translates to the IPv4 public behind the scenes.
17:44:39 <noway2> What we want to do is change the DNS to point to localhost so that Bind does the recursive lookup instead of the host provider, which returns bogus data from email RBL queries.
17:45:48 <raub> Will the vm server also rely on this bind instance?
17:46:45 <raub> noway2: I think the vm guests are NAT'ed, being exposed to the outside world using port forwarding
17:46:52 <noway2> I don't think so.  We're going to try just adjusting the local instance of Ubuntu to point to 127.0.0.1 instead of getting the DNS via DHCP and then reboot.
17:47:37 <Jmainguy> raub++
17:47:59 <raub> I think that can be answered by looking at iptables
17:48:29 <Jmainguy> is a daemon updating /etc/resolv.conf preventing us from editing that by hand?
17:48:34 <Jmainguy> ie, networkmanager?
17:48:50 <Jmainguy> raub: yeah it is definitly just an iptables or similiar rule, getting 22 to the private IP
17:49:24 <noway2> jaminguy, I don't think so.  That was my first thought to try, though it would be temporary, it would be safer too.
17:49:39 <Jmainguy> editing libvirtd to not push dns via dhcp, seems more impactful then just editing /etc/resolv.conf
17:50:07 <Jmainguy> true, could require more work down the line for future vm's
17:50:50 <noway2> This is Ubuntu 12, which has an older style config system. I found some documentation on it. You need to edit one of the init.d type files, and there should be a stanza for DNS.
17:50:54 <noway2> that can be added.
17:51:10 <Jmainguy> interesting
17:51:24 <noway2> editing resolv.conf should be a quick test.... Maybe I will give it a try.
17:51:41 <Jmainguy> noway2: worth a shot, you just gonna use 8.8.8.8 or what you planning to change dns servers to?
17:52:26 <noway2> 127.0.0.1 / the local bind instance.  When I tested it, I got the proper dig response from Spamhaus.
17:53:01 <noway2> I think it currently points to 192.168.1.1 or something similar. I would need to ssh in to check.
17:53:42 <Jmainguy> yeah that sounds right
17:53:44 <raub> noway2: That IP *might* be the IP for the vm server within that network.
17:53:58 <Jmainguy> raub: it will be the moya host I believe
17:54:05 <raub> Which doubles as gateway
17:54:08 <Jmainguy> exactly
17:54:18 <noway2> yes, it's the gateway address.
17:54:49 <raub> Jmainguy: yep; that will be it. Think relationship between Moya and Pilot in Farscape
17:55:33 <noway2> If you execute nslookup and then set server to localhost, it will resolve addresses, e.g. google, yahoo, etc, so it shouldn't break things.
17:55:59 <Jmainguy> are we having trouble resolving names?
17:56:05 <Jmainguy> what is the change fixing?
17:56:16 <Jmainguy> #chair jeoff
17:56:16 <Tribot> Current chairs: Jmainguy jeoff noway2 raub
17:56:31 <jeoff> I thought I clicked join, but didn't
17:56:49 <Jmainguy> jeoff: no worries, we talking over a dns change on pilot as an effort to combat spam atm
17:56:57 <noway2> The RBL query is expecting a response in the form of 127.0.0.x where x is the reject code, or NXDOMAIN when it's not listed.  Querying the VM dns always returns NXDOMAIN even when it is listed.
17:57:05 <Jmainguy> gotcha
17:57:54 <Jmainguy> seems like a sane approach, once you nail down a time, just email the general list letting them know of the maintenance
17:58:03 <Jmainguy> since its possibly impactful
17:58:25 <Jmainguy> anything on this before we move to upgrades topic?
17:58:52 <noway2> I shoot for doing the resolv.conf test on Wed. It looks like it's pretty free. I'll see if I can queue brian in the wings.
18:02:05 <Jmainguy> noway2++
18:02:09 <raub> FYI, it seems our coloco is only open for us to go there during business hours. I could be wrong but AFAIK we do not have some kind of access key and need to coordinate with them
18:02:20 <Jmainguy> #topic Pilot upgrades
18:02:25 <Jmainguy> raub: good info to have
18:02:38 <Jmainguy> noway2: we still punting on this until after spam effort is exausted right?
18:02:58 <raub> bdmc would have more info on that
18:04:16 <noway2> Yes, at least until we try to fix the DNS. I don't want to sink down a rabbit hole, but I think this is worth trying. I saw the notice from the Let's Encrypt that come June (?) next year it will no longer support the protocol the current system is running. I think that may be a drop dead date on forcing our update if there is no package available under U12.
18:05:39 <Jmainguy> ouch, yeah thats good to now
18:05:54 <Jmainguy> always good to have a deadline =)
18:06:53 <noway2> They tend to be motivation. I think it is Brian that will also have to get us a new VM to migrate to. Once we have that, we can start the process, e.g. start with the LDAP authentication and get users to log in.
18:07:21 <noway2> We can also install the basic servers we know we will need, such as email and http.
18:07:50 <noway2> There will be some differences as the config files will be very different and the current versions uses systemd which U12 does not.
18:07:54 <Jmainguy> because Brian is the only one with access to Moya?
18:08:04 <Jmainguy> the vm host?
18:08:16 <noway2> I assume he is. I don't have access to Moya.
18:09:03 <Jmainguy> yeah see if you can get moya access out of your hangout with Brian
18:09:10 <Jmainguy> we need you to have that =)
18:09:20 <Jmainguy> raub: unless you know how to give that out
18:09:37 <Jmainguy> wouldnt hurt to setup jemoore as well since he sometimes has time on his hands and likes building things
18:11:16 <noway2> Good idea.
18:11:37 <raub> I thought Jmainguy and jeoff had login/admin access to moya
18:11:47 <Jmainguy> I probably do, I just forgot how to do it
18:12:04 <Jmainguy> Ill skim through the steering wiki and see if I can find it
18:12:06 <Jmainguy> im sure its in there
18:12:21 <raub> I would have to see the emails if you were given keypair access to it
18:12:35 <Jmainguy> ill ping you if I cant figure it out via the wiki
18:12:46 <raub> K
18:12:46 <Jmainguy> its a good wiki, im sure its in there somewhere
18:12:57 <raub> It needs help
18:13:01 <Jmainguy> raub: the november meeting
18:13:25 <Jmainguy> raub: Peter ? do you have his email and name / topic he was gonna give?
18:13:34 <Jmainguy> I need to email him to confirm he still cool
18:13:46 <Jmainguy> if not, I can email the steering list
18:14:06 <Jmainguy> I put it off for too long and now I need to actually do it =)
18:15:35 <raub> I can llook; it is on the wiki under the presentations page
18:16:37 <Jmainguy> ah cool, I can snag it from there as well then
18:16:41 <Jmainguy> ty sir
18:16:55 <Jmainguy> #action Jmainguy to get on the wiki and find moya access / Peters contact info
18:17:07 <Jmainguy> anythign else before we close this meeting out?
18:17:19 <Jmainguy> sorry for running long today
18:17:28 <noway2> Think we're good on my end.. DOn't worry about the extra long run.
18:18:34 <Jmainguy> huzzah thanks everyone, yall are the best
18:18:37 <Jmainguy> #endmeeting