| brobostigon | morning boys and girls. | 07:33 |
|---|---|---|
| SuperMatt | morning all | 09:14 |
| SuperMatt | how are we all today? | 09:14 |
| SuperMatt | Just tried installing corebird from a snap, and it tells me I also need to install a snap called gnome-3-26-1604 and connect it to the corebird snap. This I don't mind doing right now, and I understand why it technically needs to be done, but I don't know why it's not just automatic | 09:28 |
| brobostigon | morning, could be better, and you? | 09:29 |
| SuperMatt | I'm slightly ill, so I could be better too | 09:29 |
| brobostigon | hope better soon. | 09:29 |
| foobarry | did someone tell me that lets encypt can manage certs for sites with internal IP too? | 09:56 |
| SuperMatt | apparently so | 09:56 |
| SuperMatt | though I don't know how to get that working | 09:56 |
| SuperMatt | I'm certainly looking forward to wildcard certs landing | 09:56 |
| diplo | Morning all | 10:35 |
| SuperMatt | ahoy | 10:36 |
| diplo | How's the new job going SuperMatt ? | 10:39 |
| SuperMatt | going well thank you. I've been there a month right now and I haven't wanted to murder anyone | 10:39 |
| SuperMatt | The tech stack is brilliant | 10:40 |
| SuperMatt | there's lots of free food | 10:40 |
| SuperMatt | and fridays are a write off, which is mavellous | 10:40 |
| diplo | I do sometimes think I should look at something like that | 10:42 |
| diplo | But not sure I want to much pressure atm | 10:42 |
| diplo | And I guess that can be there | 10:42 |
| SuperMatt | Well at the moment there's no pressure because I am too new | 10:42 |
| SuperMatt | b | 10:42 |
| SuperMatt | oops | 10:43 |
| SuperMatt | But from what I've seen of the veterans is that there's no too much pressure either, at least not until the site goes down | 10:43 |
| SuperMatt | but the stack is such that the customer is rarely affected when a node or two go down | 10:43 |
| diplo | I'd like to run stuff like that, we probably couldn't ( very old software ) | 10:44 |
| SuperMatt | you gotta convice the bosses that stacks with service discovery and self healing are awesome | 10:46 |
| diplo | I could say it's awesome, just not enough staff to do anything about it | 10:47 |
| diplo | Most have been here 20ish years | 10:47 |
| SuperMatt | eek! | 10:57 |
| SuperMatt | An aging staff in tech is not a good idea. It increases the chance of knowledge residing solely in brains, rather than in documents | 10:58 |
| diplo | There were literally 3 documents when I joined, I've written 1000's of pages now in sphinx (rst ) and also in a seperate git repo too | 11:03 |
| diplo | And you're right, some things are only known by 1 or 2 people, I'm trying to change that | 11:03 |
| SuperMatt | You need to do a bus test | 11:03 |
| SuperMatt | Pretend that someone has been hit by a bus and send them home for a week, fully paid | 11:04 |
| SuperMatt | Then see if you can get through the whole week and a DR recovery test without contacting them | 11:04 |
| diplo | Yeah, we can with the knowledge but it would be slow, they don't listen tbh but happy for me to start fixing the problems myself with not a lot of help | 11:08 |
| diplo | Gone from taking 1 1/2 days to deploy / set up our software to 20 mins with Ansible :) | 11:08 |
| diplo | 4-5 hours to install / setup new hardware to 5-6 mins | 11:08 |
| SuperMatt | good man | 11:09 |
| diplo | They love it now, deploy ssh keys out to clients and remove them all when someone leaves, it's just a god damn slow process and hard work | 11:11 |
| SuperMatt | puppet is good for ssh keys | 11:11 |
| diplo | I use ansible for that too | 11:11 |
| diplo | Just hard to keep on top of this plus doing everything else :) | 11:12 |
| diplo | Can't get my new Cent7 image to PXE boot either :/ | 11:12 |
| Nafallo | why would you need ssh keys, and accounts, on the servers when you have ansible though? ;-) | 11:12 |
| diplo | For out staff to logon to fix application specific issues at our clients | 11:13 |
| diplo | Oh noticed the smiley at the end :P | 11:13 |
| * diplo is tired | 11:13 | |
| Nafallo | ansible -m command -a ? :-D | 11:13 |
| diplo | That would take users understanding anything apart from what they've learnt over 20 years | 11:13 |
| Nafallo | aye :-) | 11:14 |
| diplo | They still use some ps commands that don't really return what they really need, but it's what they've always used | 11:14 |
| Nafallo | not as easy to implement as it sounds always :-) | 11:14 |
| diplo | We only moved to SVN about 5-6 years ago, that was HELL! | 11:14 |
| Nafallo | thank god my home lab is different from $WORK ;-) | 11:14 |
| diplo | Trying to move to git now :) | 11:14 |
| Nafallo | I'm considering allowing ansible to ssh to the hosts and use the lxd connection plugin to actually manage the containers... and then stop having ssh :-P | 11:15 |
| Nafallo | could be a fun exercise ;-) | 11:15 |
| Nafallo | s/stop having ssh/& in the containers/ | 11:16 |
| SuperMatt | yeah, removing ssh is a double plus good idea | 11:20 |
| Nafallo | hmm. ansible automates in netherlands 14/3 :-) | 11:29 |
| Nafallo | tempting | 11:29 |
| SuperMatt | going abroad on the company dime ftw | 11:29 |
| czajkowski | aloha | 11:31 |
| Nafallo | hola czajkowski | 11:37 |
| czajkowski | Nafallo: howdy | 11:42 |
| diplo | So disabling sshd on the lxd's Nafallo ? sounds good.. may have to think about that, I use lxc currently and haven't had chance to setup/check out lxd and the slight changes | 12:17 |
| diplo | But I guess I ought to at some point | 12:18 |
| Nafallo | now I just need time to play with it ;-) | 12:21 |
| diplo | That's my problem too :) | 12:25 |
| Nafallo | ansible -m command -a "netstat -ltn" lxd <- working fine :-) | 12:29 |
| Nafallo | using the dynamic inventory on my laptop ;-) | 12:29 |
| Nafallo | did ansible -m service -a "name=ssh state=stopped" lxd before | 12:29 |
| diplo | I never use the single liners, how do you know what host that is being deployed against? | 12:32 |
| diplo | I take it that it reads /etc/ansible/hosts by default | 12:32 |
| Nafallo | I've specified inventory in ansible.cfg, and created a folder that contains lxd.ini lxd.py and localhost. | 12:33 |
| diplo | Ah right, I've never thought of playing in there, will take a look later, I've pretty much solely used playbooks so far as they suit my needs, but want to tinker some more at some point soon | 12:34 |
| Nafallo | localhost being a static inventory config with ansible_connection=local set, and the other files being slightly modified versions of the dynamic inventory scripts at ansible github contrib/inventory files. | 12:34 |
| Nafallo | the script is just set to put all the local lxd hosts in an lxd group, and tell it to use ansible_connection: lxd ;-) | 12:35 |
| diplo | ah OK, that sounds easy enough | 12:35 |
| diplo | Going to install it on my solus box as it is in the repos | 12:36 |
| Nafallo | obviously, running ansible binary instead of ansible-playbook above as well. just need to do one task on the lxd group quickly ;-) | 12:36 |
| diplo | yeah, I keep meaning to play | 12:37 |
| diplo | So going to try it right now | 12:37 |
| diplo | Also haven't tinkered with sudo yet, I have a playbook ready to do it and tinker | 12:39 |
| Nafallo | what are you planning for sudo? :-) | 12:39 |
| Nafallo | lxd connection always uses root, since that was lxc exec <machine> <command> does ;-) | 12:39 |
| diplo | Running commands on all our customer sites as our one user so our staff don't need root - can run same commands on all sites out of hours | 12:40 |
| Nafallo | other than that, I tend to work around requiring to remember setting -B for playbooks by setting them to use become: false global and use a pre-task that runs sudo -v :-) | 12:40 |
| diplo | As I said earlier, we had lots of issues with the way our staff did things, like can't get something working, lets 777 the home directory | 12:41 |
| Nafallo | obviously for that sort of deployment your best options is probably public key + sudoers.d/ file with nopasswd locally for the deploy user :-) | 12:41 |
| diplo | Yeah, that's my intention, just got to get all the tasks they require root for :) | 12:43 |
| Nafallo | ah right. I see where you're going now... you want to modularise root a bit rather than allow all for these people that prefer logging in? :-P | 12:43 |
| diddledan | SuperMatt: the installation of gnome-3-26-1604 is not automoatic because currently there's no way of defining that dependency, but if it is already installed then the "connect" part is done automatically - so other snaps depending on it will pick it up now you've got it installed | 13:18 |
| Nafallo | hrmpf. writing a module. I've spent half the day documenting it :-P | 15:30 |
| Nafallo | diplo, SuperMatt: if you Ansible guys use Ubuntu, I'm currently attempting to re-write https://code.launchpad.net/~tribaal/ubuntu-repository-cache/trunk in Ansible ;-) | 15:31 |
| Nafallo | might be helpful. | 15:31 |
| Nafallo | started writing and realised I need roles for apache2, squid and squid-deb-proxy as dependencies ;-) | 15:32 |
| diplo | Use it against CentOS boxes mainly for work, but will take a look on one of my ubuntu machines tomorrow | 16:31 |
| diplo | Afternoon has been manic :( | 16:31 |
| diddledan | gog.com freebie: https://www.gog.com/#giveaway | 17:28 |
| daftykins | hrmm got forward a few of the Google G Suite GDPR emails, so have to find out what the deal with that is... | 23:36 |
| daftykins | my instinct is that being outside of the EU, there isn't much for us rock dwellers to do | 23:36 |
| zmoylan-pi | you're not outside of the eu yet... and the final deal might mean it applies to you rock dwellers too? | 23:45 |
| daftykins | yes we are :) never been in the EU | 23:46 |
| zmoylan-pi | ...please send me a crate of happy sleepy sleep snoozy snooze... :-) | 23:46 |
| daftykins | o0 | 23:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!