ChanServ changed the topic of #freedesktop to: https://www.freedesktop.org infrastructure and online services || for questions about freedesktop.org projects, please see each project's contact || for discussions about specifications, please use https://gitlab.freedesktop.org/xdg or xdg@lists.freedesktop.org
jwatt has joined #freedesktop
ybogdano has quit [Ping timeout: 480 seconds]
jarthur has joined #freedesktop
Seirdy has joined #freedesktop
Seirdy has quit [Ping timeout: 480 seconds]
Seirdy has joined #freedesktop
ngcortes has quit [Remote host closed the connection]
Seirdy has quit [Ping timeout: 480 seconds]
Seirdy has joined #freedesktop
Seirdy has quit [Ping timeout: 480 seconds]
Seirdy has joined #freedesktop
ximion has quit []
jarthur has quit [Ping timeout: 480 seconds]
GNUmoon has quit [Ping timeout: 480 seconds]
GNUmoon has joined #freedesktop
alanc has quit [Remote host closed the connection]
alanc has joined #freedesktop
MajorBiscuit has joined #freedesktop
danvet has joined #freedesktop
frytaped has joined #freedesktop
Major_Biscuit has joined #freedesktop
MajorBiscuit has quit [Ping timeout: 480 seconds]
frytaped has quit [Quit: frytaped]
ishitatsuyuki has quit [coherence.oftc.net nucleus.oftc.net]
ishitatsuyuki has joined #freedesktop
mvlad has joined #freedesktop
eroux_ has joined #freedesktop
eroux has quit [Ping timeout: 480 seconds]
MrCooper has quit [Remote host closed the connection]
MrCooper has joined #freedesktop
vbenes has quit [Remote host closed the connection]
vbenes has joined #freedesktop
<emersion>
daniels: ahah, i'll have a look
eroux_ has quit []
ximion has joined #freedesktop
jarthur has joined #freedesktop
ezequielg_ has quit []
ezequielg has joined #freedesktop
V_ is now known as V
ximion has quit []
<emersion>
i don't have access to helm-gitlab-secrets, can someone give me access?
<emersion>
also, where is the "packet" python module coming from?
<daniels>
ooh
<daniels>
the module is pip packet-python
<daniels>
there you go, you've got the keys to the kingdom now
<emersion>
thanks!
<daniels>
thank _you_ !
<emersion>
hm, which server should i select with `fdo-infra.py add-peer`?
<emersion>
hm and it seems like someone will also need to add my SSH fingerprint to existing servers?
<daniels>
use k3s-server-2
<daniels>
`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhSqHAPksA82NU1bNN98ytZqKV1Cl+46pSGn8PMoo0s contact@emersion.fr` is already root@ on of them
<emersion>
actually i already use id_fdo as an SSH key name for gabe.fdo
<emersion>
but it's using /tmp/tmp1u9y1vie/id_fdo so maybe it's fine
<bentiss>
emersion: basically the script is supposed to create a new temporary key and upload it for its purposes because my own key was not compatible
<emersion>
okay
<emersion>
but then i wonder why it's encrypted'
<bentiss>
(I need a physical touch of my yubikey to enable it and it was not compatible with scripting)
<bentiss>
I thinkthe encrypted part is because it failed at asking for a password
<bentiss>
so it can not use it
Haaninjo has joined #freedesktop
<bentiss>
emersion: I just tested. I got the exact same error when the initial upload of the ssh key fails (yubikey not plugged in), so maybe either ssh-agent is not running, either you were not prompted for your password
<bentiss>
actually no, instead of "Private key file is encrypted" I had "Authentication failed"
<emersion>
i can login to other ssh hosts just fine
<emersion>
but i were def not prompted for any password
<bentiss>
emersion: well, worse case I can create your wg credentials and upload them on server-2 so you can retrieve them
<bentiss>
it might be easier than debugging this right now
<emersion>
how is it supposed to ask for a password?
<emersion>
does a GUI show up on your setup?
<emersion>
if so, might be because stdin is not inherited, will try to fix that
<bentiss>
I got a prompt for unlocking my yubikey with the password, and then I hit the button on it
<bentiss>
a gui prompt
<daniels>
(going to guess you might not have a background agent which supports out-of-band prompts?)
<emersion>
is my key added to 139.178.65.18?
<emersion>
oh wait
<emersion>
sorry for the fuss
<emersion>
you've added my id_fdo key, not my regular key
<bentiss>
emersion: right... you are missing a file, simply because I forgot to commit it
<bentiss>
daniels: in the config.yaml file there are 2 ips: the control plane elastic IP and the kilo peers range. I wonder if that is problematic to publish in the repo publicly...
<daniels>
bentiss: you mean k3s-server-2's IP? if so, eh, it's got SSH open to the whole world, it's going to get brute-force hammered anyway
<bentiss>
the elastic IP is already in plain in the kube-vip daemonset, so that's one down
<bentiss>
the kilo peer range is 10.x.x.x/24, in theory you can access part of it from the pods
<bentiss>
the default wg config prevents us to communicate directly, but we need to have connectivity to the pods
<bentiss>
emersion: oops, the problem is you need to be in the dir gitlab-k3s-provision. The file config.yaml is there already
<emersion>
let's see
<emersion>
works!
<bentiss>
\o/
<bentiss>
emersion: your peer name is 'k3s-server-2', can you create one with emersion in it?
<emersion>
oops.
<emersion>
mixed up server and local peer name
<bentiss>
no worries
<emersion>
generated a new one, feel free to rm the old
ybogdano has joined #freedesktop
<bentiss>
yep, much better, thanks
<bentiss>
it's mostly so we can keep tabs on who has access, in case we need to revoke a key
<bentiss>
in the same way, mk_kubeconfig will generate a dedicated key for you, so if you lose it, we don't have to reset the entire cluster
<daniels>
thanks for guinea-pigging :)
<bentiss>
daniels: I am under the impression that we are both using the main kubeconfig...
<bentiss>
not the ones we can revoke :(
<daniels>
bentiss: yeah, I'm pretty sure I am - I'm happy to recreate mine tomorrow
<bentiss>
I guess I'll do mine now
<emersion>
> kubectl get namespace
<emersion>
The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?