[07:33] <brobostigon> morning boys and girls.
[09:14] <SuperMatt> morning all
[09:14] <SuperMatt> how are we all today?
[09:28] <SuperMatt> Just tried installing corebird from a snap, and it tells me I also need to install a snap called gnome-3-26-1604 and connect it to the corebird snap. This I don't mind doing right now, and I understand why it technically needs to be done, but I don't know why it's not just automatic
[09:29] <brobostigon> morning, could be better, and you?
[09:29] <SuperMatt> I'm slightly ill, so I could be better too
[09:29] <brobostigon> hope better soon.
[09:56] <foobarry> did someone tell me that lets encypt can manage certs for sites with internal IP too?
[09:56] <SuperMatt> apparently so
[09:56] <SuperMatt> though I don't know how to get that working
[09:56] <SuperMatt> I'm certainly looking forward to wildcard certs landing
[10:35] <diplo> Morning all
[10:36] <SuperMatt> ahoy
[10:39] <diplo> How's the new job going SuperMatt ?
[10:39] <SuperMatt> going well thank you. I've been there a month right now and I haven't wanted to murder anyone
[10:40] <SuperMatt> The tech stack is brilliant
[10:40] <SuperMatt> there's lots of free food
[10:40] <SuperMatt> and fridays are a write off, which is mavellous
[10:42] <diplo> I do sometimes think I should look at something like that
[10:42] <diplo> But not sure I want to much pressure atm
[10:42] <diplo> And I guess that can be there
[10:42] <SuperMatt> Well at the moment there's no pressure because I am too new
[10:42] <SuperMatt> b
[10:43] <SuperMatt> oops
[10:43] <SuperMatt> But from what I've seen of the veterans is that there's no too much pressure either, at least not until the site goes down
[10:43] <SuperMatt> but the stack is such that the customer is rarely affected when a node or two go down
[10:44] <diplo> I'd like to run stuff like that, we probably couldn't ( very old software )
[10:46] <SuperMatt> you gotta convice the bosses that stacks with service discovery and self healing are awesome
[10:47] <diplo> I could say it's awesome, just not enough staff to do anything about it
[10:47] <diplo> Most have been here 20ish years
[10:57] <SuperMatt> eek!
[10:58] <SuperMatt> An aging staff in tech is not a good idea. It increases the chance of knowledge residing solely in brains, rather than in documents
[11:03] <diplo> There were literally 3 documents when I joined, I've written 1000's of pages now in sphinx (rst ) and also in a seperate git repo too
[11:03] <diplo> And you're right, some things are only known by 1 or 2 people, I'm trying to change that
[11:03] <SuperMatt> You need to do a bus test
[11:04] <SuperMatt> Pretend that someone has been hit by a bus and send them home for a week, fully paid
[11:04] <SuperMatt> Then see if you can get through the whole week and a DR recovery test without contacting them
[11:08] <diplo> Yeah, we can with the knowledge but it would be slow, they don't listen tbh but happy for me to start fixing the problems myself with not a lot of help
[11:08] <diplo> Gone from taking 1 1/2 days to deploy / set up our software to 20 mins with Ansible :)
[11:08] <diplo> 4-5 hours to install / setup new hardware to 5-6 mins
[11:09] <SuperMatt> good man
[11:11] <diplo> They love it now, deploy ssh keys out to clients and remove them all when someone leaves, it's just a god damn slow process and hard work
[11:11] <SuperMatt> puppet is good for ssh keys
[11:11] <diplo> I use ansible for that too
[11:12] <diplo> Just hard to keep on top of this plus doing everything else :)
[11:12] <diplo> Can't get my new Cent7 image to PXE boot either :/
[11:12] <Nafallo> why would you need ssh keys, and accounts, on the servers when you have ansible though? ;-)
[11:13] <diplo> For out staff to logon to fix application specific issues at our clients
[11:13] <diplo> Oh noticed the smiley at the end :P
[11:13]  * diplo is tired
[11:13] <Nafallo> ansible -m command -a ? :-D
[11:13] <diplo> That would take users understanding anything apart from what they've learnt over 20 years
[11:14] <Nafallo> aye :-)
[11:14] <diplo> They still use some ps commands that don't really return what they really need, but it's what they've always used
[11:14] <Nafallo> not as easy to implement as it sounds always :-)
[11:14] <diplo> We only moved to SVN about 5-6 years ago, that was HELL!
[11:14] <Nafallo> thank god my home lab is different from $WORK ;-)
[11:14] <diplo> Trying to move to git now :)
[11:15] <Nafallo> I'm considering allowing ansible to ssh to the hosts and use the lxd connection plugin to actually manage the containers... and then stop having ssh :-P
[11:15] <Nafallo> could be a fun exercise ;-)
[11:16] <Nafallo> s/stop having ssh/& in the containers/
[11:20] <SuperMatt> yeah, removing ssh is a double plus good idea
[11:29] <Nafallo> hmm. ansible automates in netherlands 14/3 :-)
[11:29] <Nafallo> tempting
[11:29] <SuperMatt> going abroad on the company dime ftw
[11:31] <czajkowski> aloha
[11:37] <Nafallo> hola czajkowski
[11:42] <czajkowski> Nafallo: howdy
[12:17] <diplo> So disabling sshd on the lxd's Nafallo ? sounds good.. may have to think about that, I use lxc currently and haven't had chance to setup/check out lxd and the slight changes
[12:18] <diplo> But I guess I ought to at some point
[12:21] <Nafallo> now I just need time to play with it ;-)
[12:25] <diplo> That's my problem too :)
[12:29] <Nafallo> ansible -m command -a "netstat -ltn" lxd <- working fine :-)
[12:29] <Nafallo> using the dynamic inventory on my laptop ;-)
[12:29] <Nafallo> did ansible -m service -a "name=ssh state=stopped" lxd before
[12:32] <diplo> I never use the single liners, how do you know what host that is being deployed against?
[12:32] <diplo> I take it that it reads /etc/ansible/hosts by default
[12:33] <Nafallo> I've specified inventory in ansible.cfg, and created a folder that contains lxd.ini lxd.py and localhost.
[12:34] <diplo> Ah right, I've never thought of playing in there, will take a look later, I've pretty much solely used playbooks so far as they suit my needs, but want to tinker some more at some point soon
[12:34] <Nafallo> localhost being a static inventory config with ansible_connection=local set, and the other files being slightly modified versions of the dynamic inventory scripts at ansible github contrib/inventory files.
[12:35] <Nafallo> the script is just set to put all the local lxd hosts in an lxd group, and tell it to use ansible_connection: lxd ;-)
[12:35] <diplo> ah OK, that sounds easy enough
[12:36] <diplo> Going to install it on my solus box as it is in the repos
[12:36] <Nafallo> obviously, running ansible binary instead of ansible-playbook above as well. just need to do one task on the lxd group quickly ;-)
[12:37] <diplo> yeah, I keep meaning to play
[12:37] <diplo> So going to try it right now
[12:39] <diplo> Also haven't tinkered with sudo yet, I have a playbook ready to do it and tinker
[12:39] <Nafallo> what are you planning for sudo? :-)
[12:39] <Nafallo> lxd connection always uses root, since that was lxc exec <machine> <command> does ;-)
[12:40] <diplo> Running commands on all our customer sites as our one user so our staff don't need root - can run same commands on all sites out of hours
[12:40] <Nafallo> other than that, I tend to work around requiring to remember setting -B for playbooks by setting them to use become: false global and use a pre-task that runs sudo -v :-)
[12:41] <diplo> As I said earlier, we had lots of issues with the way our staff did things, like can't get something working, lets 777 the home directory
[12:41] <Nafallo> obviously for that sort of deployment your best options is probably public key + sudoers.d/ file with nopasswd locally for the deploy user :-)
[12:43] <diplo> Yeah, that's my intention, just got to get all the tasks they require root for :)
[12:43] <Nafallo> ah right. I see where you're going now... you want to modularise root a bit rather than allow all for these people that prefer logging in? :-P
[13:18] <diddledan> SuperMatt: the installation of gnome-3-26-1604 is not automoatic because currently there's no way of defining that dependency, but if it is already installed then the "connect" part is done automatically - so other snaps depending on it will pick it up now you've got it installed
[15:30] <Nafallo> hrmpf. writing a module. I've spent half the day documenting it :-P
[15:31] <Nafallo> diplo, SuperMatt: if you Ansible guys use Ubuntu, I'm currently attempting to re-write https://code.launchpad.net/~tribaal/ubuntu-repository-cache/trunk in Ansible ;-)
[15:31] <Nafallo> might be helpful.
[15:32] <Nafallo> started writing and realised I need roles for apache2, squid and squid-deb-proxy as dependencies ;-)
[16:31] <diplo> Use it against CentOS boxes mainly for work, but will take a look on one of my ubuntu machines tomorrow
[16:31] <diplo> Afternoon has been manic :(
[17:28] <diddledan> gog.com freebie: https://www.gog.com/#giveaway
[23:36] <daftykins> hrmm got forward a few of the Google G Suite GDPR emails, so have to find out what the deal with that is...
[23:36] <daftykins> my instinct is that being outside of the EU, there isn't much for us rock dwellers to do
[23:45] <zmoylan-pi> you're not outside of the eu yet... and the final deal might mean it applies to you rock dwellers too?
[23:46] <daftykins> yes we are :) never been in the EU
[23:46] <zmoylan-pi> ...please send me a crate of happy sleepy sleep snoozy snooze... :-)
[23:47] <daftykins> o0