17:30:05 #startmeeting 17:30:05 Meeting started Mon Oct 26 17:30:05 2020 UTC. The chair is Jmainguy. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:30:05 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:30:15 who else is around? 17:30:39 Moi 17:30:48 #chair noway2 17:30:48 Current chairs: Jmainguy noway2 17:34:27 #topic Agenda additions 17:34:37 noway2: got anything outside the agenda you wanna talk about today? 17:35:11 Not today. 17:37:25 #topic November meeting 17:37:37 I will email Peter today or tomorrow and confirm he is good to talk for November 17:37:46 will probably end up emailing steering email list to get his email 17:38:00 anything else before we move onto next topic? 17:38:01 Good. What is the planned topic? 17:38:11 I do not recall lol 17:38:15 I dont know his last name or email 17:38:24 but the previous administration set it up well in advance 17:38:29 should be able to iron that out today 17:38:35 ill email steering for more info after this 17:38:42 We will need to start lining up new ones soon, I imagine. 17:38:47 yeah true enough 17:39:00 Decemeber we will do lightening talks / virtual community hangout 17:39:10 Via Jitsi? 17:39:17 and then we need to fill up jan-atleast april of next year, though preferably may and a few extra months 17:39:24 to make transition easier for new administration 17:39:27 yeah via Jitsi 17:39:34 unless you want us to move to a diff platform 17:39:43 No, it works surprisingly well. 17:39:44 Jitsi feels like its working so far 17:39:47 yeah 17:40:03 if you know of anyone willing to give a talk definitly hit us up 17:40:06 or refer them to us 17:40:34 I'll have to give it some thought.... 17:40:40 noway2++ 17:40:55 #topic Steering spam 17:41:06 #action Jmainguy to finalize november meeting 17:41:15 noway2: how goes the spam fight? need anything from us? 17:41:23 #chair raub 17:41:23 Current chairs: Jmainguy noway2 raub 17:41:51 I need to get up with Brian on the spam issue as he can get in if changing the network settings knocks of off line. If that works, its a temporary stop gap as we will need to upgrade (next topic) for other reasons. 17:42:05 ack 17:42:08 It won't take long, maybe I can hit him up during the day if we can get a 15 minute window. 17:42:25 see if you can get that backdoor as well out of that meeting 17:42:35 noway2: would the network setting affect the vm server? 17:42:37 as you will need it for the upgrades and other stuff I imagine 17:43:57 raub, I don't fully understand the question as related to the VM server, but I don't think so. I did notice that the host has some behind the scenes NAT as you work with 192.168.x.x locally and it translates to the IPv4 public behind the scenes. 17:44:39 What we want to do is change the DNS to point to localhost so that Bind does the recursive lookup instead of the host provider, which returns bogus data from email RBL queries. 17:45:48 Will the vm server also rely on this bind instance? 17:46:45 noway2: I think the vm guests are NAT'ed, being exposed to the outside world using port forwarding 17:46:52 I don't think so. We're going to try just adjusting the local instance of Ubuntu to point to 127.0.0.1 instead of getting the DNS via DHCP and then reboot. 17:47:37 raub++ 17:47:59 I think that can be answered by looking at iptables 17:48:29 is a daemon updating /etc/resolv.conf preventing us from editing that by hand? 17:48:34 ie, networkmanager? 17:48:50 raub: yeah it is definitly just an iptables or similiar rule, getting 22 to the private IP 17:49:24 jaminguy, I don't think so. That was my first thought to try, though it would be temporary, it would be safer too. 17:49:39 editing libvirtd to not push dns via dhcp, seems more impactful then just editing /etc/resolv.conf 17:50:07 true, could require more work down the line for future vm's 17:50:50 This is Ubuntu 12, which has an older style config system. I found some documentation on it. You need to edit one of the init.d type files, and there should be a stanza for DNS. 17:50:54 that can be added. 17:51:10 interesting 17:51:24 editing resolv.conf should be a quick test.... Maybe I will give it a try. 17:51:41 noway2: worth a shot, you just gonna use 8.8.8.8 or what you planning to change dns servers to? 17:52:26 127.0.0.1 / the local bind instance. When I tested it, I got the proper dig response from Spamhaus. 17:53:01 I think it currently points to 192.168.1.1 or something similar. I would need to ssh in to check. 17:53:42 yeah that sounds right 17:53:44 noway2: That IP *might* be the IP for the vm server within that network. 17:53:58 raub: it will be the moya host I believe 17:54:05 Which doubles as gateway 17:54:08 exactly 17:54:18 yes, it's the gateway address. 17:54:49 Jmainguy: yep; that will be it. Think relationship between Moya and Pilot in Farscape 17:55:33 If you execute nslookup and then set server to localhost, it will resolve addresses, e.g. google, yahoo, etc, so it shouldn't break things. 17:55:59 are we having trouble resolving names? 17:56:05 what is the change fixing? 17:56:16 #chair jeoff 17:56:16 Current chairs: Jmainguy jeoff noway2 raub 17:56:31 I thought I clicked join, but didn't 17:56:49 jeoff: no worries, we talking over a dns change on pilot as an effort to combat spam atm 17:56:57 The RBL query is expecting a response in the form of 127.0.0.x where x is the reject code, or NXDOMAIN when it's not listed. Querying the VM dns always returns NXDOMAIN even when it is listed. 17:57:05 gotcha 17:57:54 seems like a sane approach, once you nail down a time, just email the general list letting them know of the maintenance 17:58:03 since its possibly impactful 17:58:25 anything on this before we move to upgrades topic? 17:58:52 I shoot for doing the resolv.conf test on Wed. It looks like it's pretty free. I'll see if I can queue brian in the wings. 18:02:05 noway2++ 18:02:09 FYI, it seems our coloco is only open for us to go there during business hours. I could be wrong but AFAIK we do not have some kind of access key and need to coordinate with them 18:02:20 #topic Pilot upgrades 18:02:25 raub: good info to have 18:02:38 noway2: we still punting on this until after spam effort is exausted right? 18:02:58 bdmc would have more info on that 18:04:16 Yes, at least until we try to fix the DNS. I don't want to sink down a rabbit hole, but I think this is worth trying. I saw the notice from the Let's Encrypt that come June (?) next year it will no longer support the protocol the current system is running. I think that may be a drop dead date on forcing our update if there is no package available under U12. 18:05:39 ouch, yeah thats good to now 18:05:54 always good to have a deadline =) 18:06:53 They tend to be motivation. I think it is Brian that will also have to get us a new VM to migrate to. Once we have that, we can start the process, e.g. start with the LDAP authentication and get users to log in. 18:07:21 We can also install the basic servers we know we will need, such as email and http. 18:07:50 There will be some differences as the config files will be very different and the current versions uses systemd which U12 does not. 18:07:54 because Brian is the only one with access to Moya? 18:08:04 the vm host? 18:08:16 I assume he is. I don't have access to Moya. 18:09:03 yeah see if you can get moya access out of your hangout with Brian 18:09:10 we need you to have that =) 18:09:20 raub: unless you know how to give that out 18:09:37 wouldnt hurt to setup jemoore as well since he sometimes has time on his hands and likes building things 18:11:16 Good idea. 18:11:37 I thought Jmainguy and jeoff had login/admin access to moya 18:11:47 I probably do, I just forgot how to do it 18:12:04 Ill skim through the steering wiki and see if I can find it 18:12:06 im sure its in there 18:12:21 I would have to see the emails if you were given keypair access to it 18:12:35 ill ping you if I cant figure it out via the wiki 18:12:46 K 18:12:46 its a good wiki, im sure its in there somewhere 18:12:57 It needs help 18:13:01 raub: the november meeting 18:13:25 raub: Peter ? do you have his email and name / topic he was gonna give? 18:13:34 I need to email him to confirm he still cool 18:13:46 if not, I can email the steering list 18:14:06 I put it off for too long and now I need to actually do it =) 18:15:35 I can llook; it is on the wiki under the presentations page 18:16:37 ah cool, I can snag it from there as well then 18:16:41 ty sir 18:16:55 #action Jmainguy to get on the wiki and find moya access / Peters contact info 18:17:07 anythign else before we close this meeting out? 18:17:19 sorry for running long today 18:17:28 Think we're good on my end.. DOn't worry about the extra long run. 18:18:34 huzzah thanks everyone, yall are the best 18:18:37 #endmeeting