| Satheesh_ | hi | 00:11 |
|---|---|---|
| Satheesh_ | ?? | 01:41 |
| *** Satheesh_ has quit (Ping timeout: 245 seconds) | 02:26 | |
| *** Satheesh_ (6a3300ba@gateway/web/freenode/ip.106.51.0.186) has joined #wikid | 02:37 | |
| Satheesh_ | hi | 02:38 |
| *** Satheesh_ has quit (Ping timeout: 245 seconds) | 03:09 | |
| *** Satheesh_ (67fb6c04@gateway/web/freenode/ip.103.251.108.4) has joined #wikid | 05:13 | |
| Satheesh_ | hi | 05:13 |
| *** Satheesh_ has quit (Ping timeout: 245 seconds) | 05:28 | |
| *** Rudy6 (~Rudy6@213.132.115.194) has joined #wikid | 12:17 | |
| *** Satheesh_ (6a3300ba@gateway/web/freenode/ip.106.51.0.186) has joined #wikid | 12:24 | |
| Satheesh_ | hi | 12:25 |
| *** coolacid has quit (Read error: Connection reset by peer) | 13:15 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 13:16 | |
| Satheesh_ | hi | 13:21 |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:29 | |
| *** Rudy6 has quit (Quit: Leaving) | 13:44 | |
| Satheesh_ | hi | 13:46 |
| Satheesh_ | nowen | 13:46 |
| *** coolacid has quit (Remote host closed the connection) | 14:04 | |
| nowen | Hi Satheesh_ | 14:05 |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 14:06 | |
| Satheesh_ | Hi | 14:07 |
| Satheesh_ | regarding GoogleSSO configuration | 14:07 |
| nowen | ok | 14:07 |
| Satheesh_ | I have created NC | 14:07 |
| Satheesh_ | and uploaded the certificate in Google application configuration | 14:07 |
| nowen | ok | 14:08 |
| Satheesh_ | whenever I login to google web mail | 14:08 |
| Satheesh_ | it redirects to wikid/GoogleSSO for authentication | 14:08 |
| Satheesh_ | post providing credentials I get page not found error | 14:09 |
| Satheesh_ | address bar is https://SERVER/wikid/GoogleSSOServlet | 14:09 |
| nowen | what did you put as your GoogleSSO acsURL? | 14:09 |
| Satheesh_ | https://www.google.com/a/freedomhack.in/acs | 14:10 |
| nowen | did you restart wikid after adding the network client? | 14:12 |
| Satheesh_ | yes multiple times :( | 14:12 |
| nowen | let me do some testing | 14:15 |
| Satheesh_ | sure | 14:15 |
| *** immotus (~immotus@rrcs-24-153-193-34.sw.biz.rr.com) has joined #wikid | 14:25 | |
| immotus | WiKid is having trouble starting up... http://paste.opensuse.org/22168458 | 14:27 |
| nowen | immotus: what version? | 14:27 |
| immotus | may be because of the rsync error? | 14:27 |
| immotus | v3.5.0 | 14:28 |
| immotus | don't laugh ;^) | 14:28 |
| immotus | nowen: we do have a support contract | 14:28 |
| nowen | who are you with again? | 14:28 |
| immotus | Genares | 14:28 |
| nowen | ahh yes | 14:28 |
| immotus | we keep pestering ya'll ;^) | 14:28 |
| nowen | you need to update the server and create new certs | 14:29 |
| nowen | our CA expired. The new one expires in 2023 or something | 14:29 |
| immotus | ahh.. so the rsync is copying stuff from your severs? | 14:29 |
| nowen | no, | 14:30 |
| nowen | wauth uses the certs | 14:30 |
| nowen | hmm | 14:30 |
| nowen | is the other server up and running? | 14:31 |
| immotus | I believe so.. | 14:31 |
| * immotus checks now | 14:31 | |
| immotus | checking "service wikid status" says that it is not functioning properly | 14:32 |
| immotus | but I have java processes running | 14:32 |
| nowen | you have to edit a file for status to work | 14:32 |
| nowen | there shouldn't be any java services on the secondary | 14:33 |
| immotus | right now I'm not quite sure which of the two is the master :^) | 14:34 |
| nowen | hmm does status not say master or slave? | 14:34 |
| immotus | no.. it just says "Error: WiKID services not functioning properly." | 14:34 |
| *** coolacid has quit (Remote host closed the connection) | 14:35 | |
| immotus | however.. I see a master_ip_old=XXX.XXX.XXX.XXX in the /opt/WiKID/conf/setup.conf file | 14:35 |
| nowen | that could be because of the old code | 14:35 |
| nowen | I think upgrading is required | 14:36 |
| immotus | nowen: my boss is out for the week, so we won't be able to discuss it with him until then :^| | 14:36 |
| nowen | Satheesh_: do you have 'Use a domain specific issuer' checked or not? | 14:37 |
| nowen | immotus: can you ssh from one to the other using the keys that are in /opt/WiKID/private ? | 14:37 |
| immotus | nowen: I'll try ssh'ing from the master server (the one that is down) to the slave with the keys I find there | 14:38 |
| immotus | nowen: what user should I ssh as ? | 14:39 |
| immotus | wikid? | 14:39 |
| nowen | root | 14:39 |
| immotus | nowen: I'm using the "replication.ssh" key and our WiKID slave is asking for a password anyways.. maybe PAM isn't letting it get to the login.. ssh as root being bad | 14:41 |
| nowen | what changed on the sever? | 14:41 |
| immotus | nowen: these two servers don't change very often.. I don't know of any recent changes | 14:42 |
| immotus | nowen: this morning I saw a Nagios alert saying that the WiKID master server had an exceptionally high load.. WiKID java processes were having a party | 14:43 |
| nowen | well, you need to update them ;-) | 14:44 |
| immotus | nowen: :^) | 14:44 |
| immotus | nowen: I'm looking forward to updating them more and more :^) | 14:44 |
| nowen | the latest one is great, IMO | 14:44 |
| immotus | nowen: if the biggest problem with the current one is the SSL cert.. would I be able to copy the correct cert in place and restart WiKID? | 14:46 |
| nowen | i think try to take it out of replication and start it | 14:46 |
| nowen | I'm thinking this is actually a replication issue | 14:47 |
| *** Satheesh_ has quit (Ping timeout: 245 seconds) | 14:49 | |
| immotus | nowen: so, take the current wikid slave, comment out the "master_ip_old" line, restart the slave, and then restart the previous master? | 14:50 |
| nowen | how about this. | 14:51 |
| nowen | re-run setup on both | 14:51 |
| immotus | run this "/opt/WiKID/sbin/wikid_setup" ? | 14:53 |
| nowen | 'wikidctl setup' | 14:53 |
| immotus | nowen: I've never done a WiKID installation. What things will I need to do during/after the setup? | 14:56 |
| immotus | will I need to keep track of any config files or pass phrases? | 14:56 |
| nowen | immotus: I'm guessing that your passphrase is in /etc/WiKID/security | 14:57 |
| immotus | nowen: yes | 14:57 |
| nowen | so, you will be prompted to set up the network, I recommend you run through that to check it | 14:57 |
| nowen | then prompted to set up replication, run through that too | 14:58 |
| nowen | then try to restart | 14:58 |
| immotus | nowen: what does "set up the network" entail? This isn't a dedicated WiKID server | 14:59 |
| nowen | you're running other software on it? | 14:59 |
| immotus | nowen: yes.. it's also one of our DNS servers | 15:00 |
| nowen | you shouldn't need to change any settings | 15:01 |
| nowen | we recommend that WiKID be stand-alone. a bug in bind could allow an attacker to take over the server | 15:01 |
| immotus | nowen: so running wikid_setup launches a wizard that will pick up the current settings from the WiKID config files? | 15:01 |
| nowen | yes | 15:02 |
| immotus | sounds like an excellent recomendation.. running WiKID standalone.. I wish I could re-do it right now :^) | 15:02 |
| nowen | well, you probably can if you want. Is 'none' an option for replication? | 15:04 |
| immotus | I've discussed running through the WiKID re-config with a superior (who is in charge until the boss comes back) and he's asked me to hold off on fixing WiKID until the boss comes back | 15:05 |
| immotus | he hinted that there was some custom configuration that we have in place that may also break | 15:05 |
| nowen | oh. | 15:05 |
| * immotus is asking what that custom configuration is | 15:05 | |
| immotus | asking my superior.. not you :^) | 15:06 |
| immotus | not that you aren't superior in WiKID knowledge.... n/m | 15:06 |
| immotus | :^) | 15:06 |
| nowen | ;-) | 15:06 |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 15:06 | |
| *** coolacid has quit (Remote host closed the connection) | 15:07 | |
| *** coolacid (~CoolAcid@unaffiliated/coolacid) has joined #wikid | 15:11 | |
| nowen | immotus: did you try to restart? | 15:20 |
| immotus | I tried a restart on the WiKID master, but it hung with the error I pastebin'd earlier | 15:58 |
| immotus | nowen: I was hesitant to try a restart of the slave after that :^) | 15:58 |
| nowen | I doubt it matters since your service is down anyway | 15:59 |
| immotus | nowen: the master is currently down.. rather.. the wikid.pl process is running, waiting for wAuth to come back | 15:59 |
| immotus | nowen: good point :^) | 15:59 |
| immotus | nowen: I'll restart the wikid slave, then | 15:59 |
| nowen | did you try to set the master as stand alone or just reset for replication? | 16:00 |
| immotus | nowen: I have not tried setting any of them up as stand-alone | 16:01 |
| nowen | I think trying to set the master up without replication would be the fastest way to recover | 16:04 |
| nowen | what were the options for replication when you ran setup? | 16:04 |
| nowen | also, are there java processes running ? | 16:06 |
| nowen | might need to 'killall -9 java' | 16:06 |
| immotus | nowen: I haven't run setup yet. I don't know what options where used the last time | 16:10 |
| nowen | you didn't run 'wikidctl setup'? | 16:11 |
| immotus | nowen: true. we'll feel more comfortable working with this when my boss comes back. since he has a better idea of what was done during the setup last time | 16:12 |
| nowen | so, are you just going to leave it down? | 16:12 |
| immotus | nowen: yeah, I'm afraid so.. unless something minimal like restarting the WiKID slave resolves the problem. But since it's hanging on wAuth I doubt it will | 16:13 |
| nowen | look, there's no magic in running setup. your service is down. why not? | 16:13 |
| immotus | nowen: I got a little bit more feedback on the custom setup.. apparently our Puppet server adjusts some WiKID config values (I don't know what yet) for our environment. And if I'm going to have to reconfigure the network interface then I'd rather not risk messing with the first DNS server in /etc/resolv.conf on most of our machines | 16:17 |
| nowen | you don't have to reconfigure the network interface. you have to get past that part to setup replication. they are both in the same script | 16:17 |
| immotus | nowen: so what sort of network interface configuring does WiKID need to do, then? Or does it simply need to know which network interface to use for what? | 16:26 |
| nowen | just knowledge. I doubt that the network has changed, but why not look? | 16:26 |
| nowen | running the command won't change the network settings | 16:34 |
| immotus | nowen: the network settings haven't chagned | 16:38 |
| immotus | s/chagned/changed | 16:38 |
| nowen | ok - do you want to turn off replication? | 16:38 |
| immotus | nowen: as a temporary measure? | 16:39 |
| nowen | well, you can try to turn it back on, but it's not working so... | 16:40 |
| immotus | nowen: let me see what changes puppet is making first. Our installation was installed by a clever person who had a prediliction for customizing. | 16:46 |
| nowen | there's really not much that puppet can do to wikid. it's almost all done through the web UI | 16:47 |
| immotus | nowen: heh.. speaking of which, I've never logged into the web ui. I don't think I have access to that. .just the OS stuff | 16:48 |
| immotus | nowen: sry, I keep getting pulled away | 17:21 |
| immotus | I'll be back in about an hour.. hopefully less | 17:21 |
| nowen | ok | 17:27 |
| *** AccentureDan (3f7c1664@gateway/web/freenode/ip.63.124.22.100) has joined #wikid | 17:57 | |
| AccentureDan | Sir Nicholas! | 17:57 |
| AccentureDan | question | 17:57 |
| nowen | hi dan | 17:57 |
| AccentureDan | so im filling out a runbook for the prod WiKID server I built on Friday...do you guys have any information on back ups? | 17:57 |
| AccentureDan | like what to back up if we needed a disaster recovery solution | 17:58 |
| nowen | well, the big ones: /etc/WiKID/, /opt/WIKID/ /var/lib/pgsql/data | 17:58 |
| AccentureDan | Thanks man :) | 18:00 |
| AccentureDan | gotta run to a meeting, have a good one! | 18:00 |
| *** AccentureDan has quit (Client Quit) | 18:00 | |
| *** immotus has quit (Quit: Konversation terminated!) | 21:32 | |
| *** nowen has quit (Quit: Leaving.) | 22:35 | |
| *** AccentureDan (3f7c1664@gateway/web/freenode/ip.63.124.22.100) has joined #wikid | 22:55 | |
| *** AccentureDan has quit (Client Quit) | 22:55 | |
| *** Satheesh_ (6a3300ba@gateway/web/freenode/ip.106.51.0.186) has joined #wikid | 23:35 | |
| Satheesh_ | hi | 23:37 |
| Satheesh_ | Is Nick available in chat | 23:38 |
| Satheesh_ | I have queried Nick on Google SSO connection issue | 23:44 |
| Satheesh_ | can somebody who is online can help me on that | 23:45 |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 23:51 | |
| nowen | Satheesh_: can you paste the 404 error here? | 23:52 |
| nowen | Satheesh_: are you here? | 23:53 |
| Satheesh_ | yes | 23:54 |
| nowen | ok | 23:54 |
| nowen | can you post the 404 url here? | 23:55 |
| Satheesh_ | https://<servername>/wikid/GoogleSSOServlet | 23:55 |
| nowen | no, the actual url | 23:55 |
| nowen | mine was https://ec2-54-83-42-36.compute-1.amazonaws.com/GSSO/?SAMLRequest=fVJNT%2BMwEL0j7X%2BwfG%2FSsJUAqwnqgtBW4iOiYQ97c5xp6uLMFI%2FTwr%2FHTUGwh63kg%2FXmed5745levnZObMGzJcxlloylADTUWGxz%2BVTdjM7lZfHjZMq6cxs168MKH%2BGlBw4ivkRWQyGXvUdFmi0r1B2wCkYtZne36jQZq42nQIacFPPrXK6XrtUrqtdQI2Fn0bnnNTzXzUrXddsZRO32Vyn%2BfNo63duaM%2FcwRw4aQ4TG2WQ0juesyiZq8lNNLv5KUX4o%2FbJ4SHDMVn0gsfpdVeWofFhUQ4OtbcDfR3YuW6LWQWKo28uXmtluI7zUjkGKGTP4EA1eEXLfgV%2B | 23:56 |
| Satheesh_ | https://<servername>/wikid/GSSO?SAMLRequest=fVLLbtswELwXyD8QvFuSnQQtCEuBmyCogbQVYqWH3mhyJdMiuSqXstu%2FLy0nSHpoAJ6Gw3ksd3nz21l2gEAGfcnnWcEZeIXa%2BK7kT8397BO%2FqS4%2BLEk6O4jVGHf%2BEX6NQJGll57EdFHyMXiBkgwJLx2QiEpsVl8fxCIrxBAwokLL2fqu5HIPuN2h67Hr5dDv%2B71tvdZt11p0Urf9Xlvltj1nP15iLU6x1kQjrD1F6WOCivnVrEjnY7O4FNdXorj%2ByVn97PTZ%2BHOD92JtzyQSX5qmntXfN80kcDAawrfELnmH2FnIFLqTfS2JzCHBrbQEnK2IIMQU8BY9jQ7CBsLBKHh6fCj5LsaBRJ4fj8fsVSaXeRsANLqdVH1mf | 23:57 |
| nowen | what is your server name? | 23:57 |
| Satheesh_ | Actually it is internal now | 23:57 |
| Satheesh_ | I have disabled external access | 23:57 |
| nowen | ok - how will Google reach it? | 23:57 |
| Satheesh_ | I am connected to VPN | 23:58 |
| nowen | yeah, but google isn't | 23:58 |
| nowen | google needs to talk SAML to your serer | 23:58 |
| Satheesh_ | it does | 23:58 |
| Satheesh_ | from gmail.com page when I try to login | 23:58 |
| Satheesh_ | it redirects to wikid server with SAML request | 23:59 |
| nowen | ok and what is that url? | 23:59 |
| nowen | I need to go to it | 23:59 |
| Satheesh_ | ok let me enable outside access | 23:59 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!