#trilug-business log

18:37:59 <raub> #startmeeting
18:38:00 <Tribot> Meeting started Mon Mar  1 18:37:59 2021 UTC.  The chair is raub. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:38:00 <Tribot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:38:23 <raub> #chair bdmc jeoff noway2
18:38:23 <Tribot> Current chairs: bdmc jeoff noway2 raub
18:38:34 <raub> #topic 1. Check for Agenda Additions
18:39:59 <raub> Anything besides pilot?
18:40:05 <jeoff> nope
18:40:18 <raub> K
18:40:25 <raub> #topic 2. Current Topics
18:40:25 <noway2> not on my end.
18:40:42 <raub> Dwai in giving a talk this month
18:40:49 <raub> s/Dawi/Dawin
18:40:55 <raub> DWain
18:41:01 <bdmc> B-)
18:41:18 * raub is either dyslexic or typing challenged
18:41:30 <raub> So, onwards to Pilot OS Upgrade
18:41:56 <bdmc> You said something this morning that is worth discussing.
18:42:10 <noway2> Yes, Thurs-Friday made a big breakthrough and figured out how to get a modern ISO up and running. Now I need to get it on the network.
18:43:06 <bdmc> If you saw it a few days ago, somebody pointed out that everybody's mail is within their Home directory tree.  "move mail from Pilot to elsewhere" was said earlier today.
18:43:46 <raub> bdmc: it could have been me. I would like that decoupled so it is easier to upgrade either
18:44:06 <bdmc> I agree with the sentiment, but it may be difficult.
18:44:25 <bdmc> Anybody else?
18:45:13 <jeoff> it's postfix?
18:45:18 <noway2> I saw that.  I can pretty well guarantee that the config files for Dovecot have been changed.  I was thinking of using a combination of the (more modern) one that I am running and mix-matching it with the one on Pilot to get many of the same settings. It used virtual users in a database but could be set for /home rather than /var.
18:45:23 <raub> jeoff: yes
18:45:24 <bdmc> Think so.
18:45:26 <noway2> Its both postfix and dovecot.
18:45:54 <raub> They do diff tasks
18:46:02 <jeoff> I know nothing about postfix or dovecot. I'd have to look into how to consolidate mail directories
18:46:12 <bdmc> Postfix is MTA, Dovecot is MUA.
18:46:36 <noway2> But they need to hold hands to deliver mail
18:48:40 <raub> Neither postfix or dovecot care where the mail ends up as long as we tell them
18:49:28 <raub> So, we should find out how much disk space is being used to store emails total, and min/max/ave per user
18:50:20 <bdmc> /home is VERY big.
18:50:38 <noway2> How many people store their mail on Pilot?
18:50:47 <bdmc> All of them, as far as I know.
18:51:18 <bdmc> As far as I know, that is how Postfix is configured -- home directory mail.
18:51:26 <bdmc> Have to confirm that.
18:51:51 <raub> A script can be made to get answers to my question
18:52:05 <raub> I can write it
18:55:08 <raub> Assume that is addressed, next step is to rsync said directories
18:55:20 <raub> Hopefully maildir
18:56:53 <raub> Next?
18:56:54 <bdmc> Probably
18:57:55 <bdmc> Actually, long before that ( but just after the statistics ) would be to build the new machine, with at least two ( but probably four or more ) LVs.
18:59:07 <noway2> To back up a second, looking in main.cf for Postfix, it looks like it uses Dovecot delivery to the users mailbox to enable per user Sieve filtering.
18:59:08 <bdmc> rsync would need a target
19:00:18 <noway2> Ok,. it uses maildir "~/Maildir" with ldap lookup.
19:00:32 <bdmc> noway2: It's actually using Dovecot to deliver mail, or to allow users to read it?
19:01:26 <noway2> If I understand the config files correctly, the Postfix Master daemon hands the mail off to Dovecot for delivery, which puts it in the mail dir.  I may be mistaken, though, thats how the config file and comments read.
19:01:52 <bdmc> OK.  Just checking.  What's the "protocol" column?
19:01:56 <raub> bdmc: postfix should hand the emails to dovecot after it is done with them, who then can use sieve to do some extra filtering and then store emails
19:02:11 <bdmc> Understood.
19:02:31 <noway2> The only reference to Maildir in the Postfix conf is main.cf:home_mailbox = Maildir/  Maildir is defined in dovecot.conf
19:02:39 <raub> user talks to dovecot to access emails. TO send an email, user talks to postfix
19:03:14 <bdmc> noway2: Yes, that is normal.  It defines the Type of mailbox being used.
19:03:20 <raub> So path is ~user/Maildir ?
19:03:34 <bdmc> Should be.
19:04:20 <noway2> It also looks like Dovcot is being used for auth, with a comment about "this being weird".
19:04:43 <bdmc> Probably using the SASL library.
19:04:49 <raub> Yep
19:05:54 <noway2> Yes, I recall from YEARS ago, that you need to eithr use Dovecot or Cyrus. .... I just compared to my setup and it is the same.
19:06:23 <noway2> Currently pilot will receive for "trilug.org", "pilot.trilug.org", or there is a virtual map but I would have to look at it to see if anything is in it.
19:07:47 <noway2> ok: three other (non existent ?) hosts dargo, chiana, fatalpha dot trilug dot org.
19:09:08 <raub> Probably hosts that no longer exist after pilot became a vm
19:10:22 <bdmc> At least one of those ( dargo ) has a VM configuration file on Moya.
19:14:50 <bdmc> Off topic: Pilot is currently not responding on IPv6.
19:15:09 <raub> So, is the first service to be moved mail?
19:16:23 <bdmc> Probably.  Although we might look at the "shopping list" again.
19:16:45 <noway2> I think http/s would have to go first, at least get instantiated because that's how Let's encrypt does the certs which Dovecot / Postfix piggy back off of.
19:16:47 <bdmc> Perhaps try some easier services as a tet.
19:16:52 <bdmc> ( tet == test )
19:17:16 <raub> One of the easiests is LDAP IMHO
19:17:51 <raub> The hard part is then ensuring pilot can find it. And then having the wiki finding it
19:18:19 <raub> Later is port redirection. FOrmer is reconfiguring services that rely on LDAP on pilot
19:18:45 <noway2> The wiki didn't recognize me via ldap... I had to create an account in the wiki with a different password.
19:19:35 <raub> Oh ok. Then that is an issue we do not have to deal with
19:21:52 <bdmc> Do we want to take a step back and decide what services go on which new machines?  ( and how many new machines there are? )
19:22:27 <raub> Sure, since I do not know all the services that are being run off pilot
19:23:48 <noway2> That is one of the question I have... where is the DNS handled and what about the records for the various domains?  Is that currently on Pilot too and is the Linode just pointing to it?
19:23:57 <bdmc> I thought that we had done an inventory a couple of years ago, and that Matt had done that again recently.
19:24:08 <noway2> Whois shows Linode as the authoritative DNS.
19:24:51 <bdmc> Name servers are ns(1-4).linode.com
19:25:19 <bdmc> Again, I would talk to Alan.
19:25:43 <raub> bdmc: makes sense
19:27:19 <bdmc> Darn!  I thought that we had unique IPv6 addresses on both machines, even if they were sharing IPv4, but it doesn't appear that way in the DNS.
19:27:56 <noway2> Pilot and Moya are both 2001:470:8:11ec:0:0:0:2
19:28:35 <bdmc> But, as I said, IPv6 is not responding.
19:29:07 <raub> Well, bdmc, as you said, Allan time
19:29:19 <noway2> I was curious about that too.... looking at the configuration for Pilot2(?). They share the same ethernet bridge / port but a port can handle multiple IP. I was looking for a way to try to test the IPV6.... I am not on a v6 network.
19:29:43 <bdmc> I am happy to help in any way you like.
19:31:19 <noway2> When you say it's not responding do you mean pulling up the webpage via ipv6 or something else?  It pings from my ipv6 linode machine but both Moya and Pilot have the same IP so which one is responding.
19:32:11 <raub> noway2: arp time?
19:32:22 <bdmc> I am getting "all ports blocked."
19:33:40 <bdmc> Here is what I see for IPv4:
19:33:47 <bdmc> Not shown: 985 closed ports
19:33:47 <bdmc> PORT    STATE    SERVICE
19:33:47 <bdmc> 22/tcp  open     ssh
19:33:47 <bdmc> 25/tcp  open     smtp
19:33:47 <bdmc> 53/tcp  open     domain
19:33:49 <bdmc> 80/tcp  open     http
19:33:52 <bdmc> 111/tcp open     rpcbind
19:33:54 <bdmc> 113/tcp open     ident
19:33:57 <bdmc> 135/tcp filtered msrpc
19:33:59 <bdmc> 139/tcp filtered netbios-ssn
19:34:02 <bdmc> 143/tcp open     imap
19:34:04 <bdmc> 443/tcp open     https
19:34:07 <bdmc> 445/tcp filtered microsoft-ds
19:34:09 <bdmc> 465/tcp open     smtps
19:34:12 <bdmc> 587/tcp open     submission
19:34:14 <bdmc> 593/tcp filtered http-rpc-epmap
19:34:17 <bdmc> 993/tcp open     imaps
19:34:19 <bdmc> IPv6, "no response."
19:35:12 <bdmc> That might imply firewall or other blockage inside the machine. ( either Moya or Pilot )
19:35:46 <noway2> Pretty much all those processes are listening on IPv6 ports per the Netstat command on Pilot.
19:36:10 <bdmc> Interesting.  So the blockage is upstream from there.
19:36:22 <noway2> So either they're blocked or there is a conflict.  Like I said, though Pilot and Moya share the same public IPv6 (global scope) address.
19:36:33 <bdmc> What does Netstat on Moya say?
19:36:45 <noway2> let me check....
19:37:52 <noway2> Not many ports: exim4, rpc.statd, sshd, rpcbind, oidentd, dnsmasq, sshd are listening on ipv6
19:39:09 <bdmc> I can get in touch with ( darn, what's their name? ) the host and ask them if the IPv6 has been disabled, and what our address block is.  It SHOULD be at least /64, preferably /56, but I will ask.
19:40:07 <bdmc> noway2: That implies that they expect to be on different addresses, since the port lists are different but overlap.
19:40:40 <noway2> I agree.  I think that's a mistake. I don't think ipv6 is blocked because ping worked on it, but not http / https
19:41:50 <bdmc> Or SSH
19:42:00 <noway2> PING moya.trilug.org(tunnel153960-pt.tunnel.tserv13.ash1.ipv6.he.net) 56 data bytes
19:42:01 <noway2> 64 bytes from tunnel153960-pt.tunnel.tserv13.ash1.ipv6.he.net: icmp_seq=1 ttl=58 time=13.1 ms
19:43:43 <noway2> I'll see what happens when I configure the Pilot(2) protoype / test with an addres and I'll pick another one. As long as the switch upstream knows that it handles the block, it shoudl go through.
19:44:19 <bdmc> Exactly
19:44:41 <bdmc> Maybe something creative like ::3!.
19:44:55 <noway2> lol....
19:46:33 <raub> So, I guess we are going to fist find out about the linode DNS thingie and then TCPv6?
19:48:08 <noway2> I think we are pretty well limited to Ipv6 by having more than one host. We can always work with IP addresses during test, but the DNS will need to have name to number records and someone has to do that if it's in Linode. Today / Tomorrow the next step for the test VM will be to get it on the network.
19:48:48 <raub> I see. For some reason I thought we were going to use port forwarding
19:49:56 <noway2> Hmmm... we would have to split up the services, and make them unique, wouldn't we?
19:50:14 <noway2> SNI in Apache isn't very reliable either.
19:50:45 <bdmc> Ultimately, yes, with a single IPv4 address, we need to create a map of port forwards, but we could have it "just work" with IPv6 to begin testing.
19:51:49 <raub> OK
19:52:39 <noway2> Guess, I don't completely follow how that works on IPv6, my thinking is still v4.  How about we focus on the mail / web / ldap up and port them off pilot so we can get Let's Encrypt off our back and then circle back on refining.  I.e. Lets first make it work then polish.
19:53:51 <raub> That is what I was thinking. IPv6 is nice but if it is going to be a blocker we need to put it lower on the priority list
19:56:51 <bdmc> Perhaps I don't understand.  IPv6 a blocker?  If you mean that the ports appear blocked at the moment, that is easily corrected if it is outside Moya.
19:57:23 <raub> By blocker I mean how much time we are going to spend on it?
19:58:00 <bdmc> It is just part of creating the machine.  No time except assigning an address.
19:59:07 <raub> K
20:01:37 <bdmc> Looks as if we lost Jeoff a while ago.
20:01:46 <raub> yep
20:03:12 <bdmc> I have sent a message to Alan, and will contact Tech Support now.
20:03:23 <bdmc> Anything else for now?
20:03:47 <noway2> Not on my end.  I have a goal for the next steps.
20:04:12 <bdmc> Don't hesitate to contact me for anything.
20:04:32 <noway2> Thank you.  I tried contact raub a few times, but I wonder if it wound up in the spam bucket.
20:05:00 <bdmc> He has a deep one.
20:05:12 <bdmc> Either that or the Bit Bucket.
20:05:16 <raub> I could not find your emails
20:05:37 <raub> Try again? O rwork with bdmc and let me know if my help is needed
20:06:26 <noway2> Hmm... Ok. at a minimum I will send to both of you. I have better email addresses than the one I use on Trilug which is a freebie domain. It was my first.
20:06:36 <noway2> It tends to get flagged as junk more often.
20:06:45 <raub> Aha
20:10:05 <noway2> Shall we pull the plug for today, then?
20:10:25 <raub> Unless anyone wants to add a thought, I think we are done
20:11:59 <bdmc> Agreed.
20:12:04 <raub> Well then
20:12:08 <raub> #endmeeting