27 Jan 2023 |
mattdm | .oncall | 18:21:37 |
zodbot | darknao is oncall. My normal hours are 0700 UTC to 1600 UTC Monday through Friday. If I do not answer or it is outside those hours, please file a ticket (https://pagure.io/fedora-infrastructure/issues) | 18:21:39 |
mattdm | login timeouts -- getting:
Gateway Timeout
The gateway did not receive a timely response from the upstream server or application. | 18:21:56 |
mattdm | (trying to log into commblog, but that error is from id.fedoraproject.org | 18:22:50 |
mattdm | ok, worked now. | 18:23:15 |
mattdm | so i guess intermittent, but that was happening for a few minutes there | 18:23:26 |
darknao | I didn't notice any outage on my side, and there is no monitoring alert ongoing | 18:28:50 |
darknao | maybe a network issue, not sure.... | 18:29:18 |
mattdm | ok thanks for checking. it was at least down for a few minutes but not sure if more | 18:33:24 |
linux-modder | nirik, finally have time to file a ticket for getting ssh key added to the cloud instance respins* which pagure part shall I send the ticket request ? | 19:14:58 |
linux-modder | feodra-infra or somewhere else | 19:15:06 |
nirik | linux-modder: infra I guess... unless someone else with access can just add you? it's just a local authorized_keys file, it's not tied to anything...(as far as I know) | 19:25:38 |
linux-modder | right, but I can never get on when nb who has access is on and it's been suggested to just run up a ticket for it | 19:26:53 |
nirik | sure, feel free. I think nb has been busy of late. ;) | 19:30:49 |
daMaestro | is the yubi key still the recommended hardware for fas? i'm using a software token currently but figured i should upgrade | 21:38:51 |
nirik | no. yubikeys won't work (well, you can run a desktop thing to do TOTP with them, but otherwise there's no way to enroll them) | 21:42:31 |
smooge | wait.. I have a yubikey for my OTP in fas | 21:43:22 |
smooge | how did that work | 21:43:28 |
nirik | you're special smooge. | 21:45:08 |
smooge | oh ok | 21:45:28 |
nirik | kidding aside, you can do it, but it requires you to run the ipa command from a shell on the ipa host... which isn't a good solution for anyone who doesn't have access. ;) | 21:45:43 |
nirik | the reason it doesn't work is because noggin doesn't expose the right info... ipa supports it fine | 21:46:07 |
daMaestro | okay, good to know. i assume you could do the enrollment on any full ipa client? or does it have to be on the server itself? | 21:47:25 |
nirik | good question. I am not sure. ;) | 21:50:50 |
nirik | I think I had someone try from the web ui too... but it's possible that works now. You could try it? | 21:52:56 |
daMaestro | cool, i'll buy some hardware and be a guinea pig | 21:59:24 |
darknao | I don't think the webui allows registering a yubikey yet (via hotp) and you can't use the ipa command without joining the IPA realm first | 23:07:16 |
darknao | one day, we'll have webauthn/u2f support, and that would be awesome | 23:08:33 |
darknao | https://github.com/fedora-infra/noggin/issues/202 | 23:08:56 |
28 Jan 2023 |
nirik | yep | 01:02:20 |