IRC logs for #aegir, 2015-12-23 (GMT)

2015-12-22
2015-12-24
TimeNickMessage
[11:00:24]* Egyptian[Home] has joined #aegir
[11:01:36]* ergonlog2c has joined #aegir
[11:04:42]* ergonlogic has quit (Ping timeout: 250 seconds)
[11:04:50]* ergonlog2c is now known as ergonlogic
[11:22:41]* keke420 has quit (Remote host closed the connection)
[11:28:53]* anarcat has quit (Ping timeout: 265 seconds)
[12:19:15]* gandhiano has quit (Ping timeout: 260 seconds)
[12:31:34]* gandhiano has joined #aegir
[13:01:50]* Egyptian[Home] has quit (Read error: Connection reset by peer)
[13:01:57]* Egyptian[Home] has joined #aegir
[13:08:50]* gandhiano has quit (Ping timeout: 260 seconds)
[14:06:50]* Egyptian[Home] has quit (Quit: Leaving.)
[14:07:06]* Egyptian[Home] has joined #aegir
[14:27:14]* Egyptian[Home] has quit (Ping timeout: 245 seconds)
[14:40:20]* Yaazkal has quit ()
[15:04:29]* Egyptian[Home] has joined #aegir
[15:05:25]* Egyptian[Home] has quit (Client Quit)
[15:05:36]* Egyptian[Home] has joined #aegir
[15:15:38]* fathima has joined #aegir
[15:23:38]* fathima has quit (Ping timeout: 246 seconds)
[15:39:52]* Egyptian[Home] has quit (Ping timeout: 250 seconds)
[18:41:00]* rominronin has joined #aegir
[18:58:20]* zz_drakythe has quit (Ping timeout: 250 seconds)
[18:58:46]* kvanderw has quit (Ping timeout: 250 seconds)
[19:41:15]* zz_drakythe has joined #aegir
[19:41:39]* zz_drakythe is now known as drakythe
[19:41:45]* kvanderw has joined #aegir
[19:55:44]* Captain_Haddock has joined #aegir
[19:55:48]* Captain_Haddock has quit (Changing host)
[19:55:48]* Captain_Haddock has joined #aegir
[19:57:27]* rominronin has quit (Remote host closed the connection)
[20:09:48]* rominronin has joined #aegir
[20:31:18]* David_Hernandez has joined #aegir
[20:48:05]* kvanderw has quit (Ping timeout: 245 seconds)
[20:48:50]* drakythe has quit (Ping timeout: 250 seconds)
[20:49:00]* rominronin has quit (Remote host closed the connection)
[20:49:52]* zz_drakythe has joined #aegir
[20:50:05]* zz_drakythe is now known as drakythe
[20:50:47]* rominronin has joined #aegir
[20:51:22]* kvanderw has joined #aegir
[21:54:56]* gandhiano has joined #aegir
[22:17:25]* daften has joined #aegir
[22:30:55]* gandhiano has quit (Ping timeout: 240 seconds)
[22:36:58]* daften has quit (Remote host closed the connection)
[22:37:23]* daften has joined #aegir
[22:41:42]* daften has quit (Ping timeout: 255 seconds)
[22:54:59]* daften has joined #aegir
[22:59:42]* daften has quit (Ping timeout: 250 seconds)
[23:18:52]* daften has joined #aegir
[23:50:01]* rominronin has quit (Remote host closed the connection)
[23:55:22]* daften has quit ()
[23:57:08]* gandhiano has joined #aegir
[23:57:21]* rominronin has joined #aegir
[23:57:53]* rominronin has quit (Client Quit)
[00:03:12]* noecc has joined #aegir
[00:10:26]* gandhiano has quit (Read error: Connection reset by peer)
[00:14:56]* Yaazkal has joined #aegir
[00:18:38]* David_Hernandez has quit (Quit: :wq!)
[00:18:58]* David_Hernandez has joined #aegir
[00:19:23]* David_Hernandez has quit (Remote host closed the connection)
[00:19:47]* David_Hernandez has joined #aegir
[00:21:34]* David_Hernandez has quit (Client Quit)
[00:25:00]* gandhiano has joined #aegir
[00:27:57]* zombiebeard has joined #aegir
[00:48:29]* keke420 has joined #aegir
[00:49:51]* daften has joined #aegir
[01:26:00]* Egyptian[Home] has joined #aegir
[01:31:18]* gandhiano has quit (Ping timeout: 256 seconds)
[01:33:49]* gandhiano has joined #aegir
[01:40:02]* gandhiano has quit (Ping timeout: 250 seconds)
[01:44:09]* gandhiano has joined #aegir
[02:11:28]* ergonlogic has quit (Quit: leaving)
[02:11:54]* ergonlog1c is now known as ergonlogic
[02:12:19]<ergonlogic>bgm: happy holidays :)
[02:12:45]<ergonlogic>I seem to recall you pinging me about something, but I've been swamped lately, and I don't recall whether I'd followed up with you
[02:13:34]<ergonlogic>also, I think I've narrowed down the CiviCRM temp files path issue that NDI has been seeing
[02:13:46]<bgm>ergonlogic: hmm, not that I recall. I updated the civicrm ticket you had opened for i18n
[02:14:12]<ergonlogic>ok, I'll need to catch up on that then
[02:14:39]<ergonlogic>as for the temp path thing, I documented the work-around in some depth in their Jira issue UACASE-51
[02:15:25]<bgm>is that on i.c.o or an ndi jira?
[02:15:50]<bgm>I don't think i'm aware of that issue (and I don't have access to their jira)
[02:15:50]<ergonlogic>ndi jira
[02:15:55]<ergonlogic>ok
[02:16:01]<ergonlogic>it's the iddue here: https://www.drupal.org/node/2571101
[02:16:02]<hefring>https://www.drupal.org/node/2571101 => Update some variables in Config.IDS.ini [#2571101] => 5 comments, 1 IRC mention
[02:16:11]<ergonlogic>I'll paste the relevant stuff there
[02:16:45]<bgm>oh ok
[02:18:29]* Egyptian[Home] has quit (Remote host closed the connection)
[02:18:39]<ergonlogic>done
[02:19:08]<ergonlogic>I'm not sure if that's something that ought to be in hosting_civicrm or civicrm.drush.inc
[02:20:27]<bgm>ergonlogic: i'm just confused as to why you would edit the Config.IDS.ini, rather than just delete it.
[02:20:43]<bgm>"there's a setting that specifies the path for temporary files" => in Config.IDS.ini?
[02:21:35]<bgm>just the clarify, the IDS is a library that detects sql injections and other common attacks
[02:24:08]<ergonlogic>the site can be inaccessible due to this
[02:24:20]<ergonlogic>and the tmp_path is stored in the db
[02:24:38]<ergonlogic>so re-generating the Config.IDS.ini just puts back the same path
[02:25:23]<ergonlogic>I don't doubt that there's a better way to do this, btw
[02:25:32]<ergonlogic>but this works
[02:25:51]<bgm>hmm ok
[02:25:57]<bgm>the civi paths/settings have terribly confusing names
[02:26:02]<bgm>but it's possible to override them in PHP
[02:26:08]<bgm>similarly to how drupal does
[02:26:12]<ergonlogic>right
[02:26:53]<ergonlogic>I'd think we could just update the tmp_path var somewhere in a deploy hook
[02:27:03]<bgm>i've been thinking for a while to always declare them in PHP.. I often declared them in a local.settings.php in a way that's migration-friendly
[02:27:26]<ergonlogic>well, these are absolute paths, aren't they?
[02:27:35]<ergonlogic>at least in Config.IDS.ini, they are
[02:27:47]<ergonlogic>so changing platforms would break it
[02:27:52]<ergonlogic>as would clones
[02:28:32]<ergonlogic>at this point, is civicrm.drush.inc generating the civicrm.settings.php?
[02:28:35]<bgm>hmm, right, possibly.. I think there was a work-around, but then the variables change between drush vs web
[02:28:39]<bgm>yep
[02:28:47]<ergonlogic>ok
[02:29:09]<ergonlogic>we'd talked about using the Aegir templating system to generate it instead
[02:29:24]<ergonlogic>that'd be a convenient way to hardcode those vars
[02:29:34]<bgm>the civicrm.settings.php changes rather often :/
[02:29:42]<ergonlogic>oh?
[02:29:52]<bgm>usually not in a way that breaks upgrades, but they add stuff regularly between versions
[02:29:57]<ergonlogic>outside of Aegir-like operations?
[02:30:04]<ergonlogic>ah
[02:30:17]<bgm>no no, just saying I don't want to spend time merging changes after each new civi release
[02:30:24]<ergonlogic>ok
[02:30:50]<ergonlogic>that was part of the reason to ship our own civicrm.drush.inc, at one point, right?
[02:31:21]<bgm>we had "forked" civicrm.drush.inc, because the core was wasn't very aegir-friendly
[02:31:31]<bgm>but it's not necessary anymore, and it makes it easier to support multiple versions of civi
[02:31:41]<bgm>without having "if version > 4.x.x" etc
[02:32:11]<ergonlogic>maybe we could inject an include somewhere
[02:32:30]<ergonlogic>right above the functional stuff at the bottom
[02:33:25]<bgm>similar to local.settings.php ?
[02:33:37]<ergonlogic>right, but generated by Aegir
[02:33:48]<bgm>would be good to have it at the beginning of civicrm.settings.php, this way we could easily override the constants
[02:34:27]<ergonlogic>at the beginning?
[02:34:40]<ergonlogic>let me refresh my memory on what it looks like
[02:35:26]* gusaus has joined #aegir
[02:35:28]<bgm>i guess there are 3 types of configurations in that file..
[02:36:02]<bgm>the constants, the $civicrm_root global, and settings overrides (which are all commented out by default)
[02:36:20]<ergonlogic>ok, I see
[02:36:41]<ergonlogic>does setting.php get parsed first?
[02:36:49]<bgm>yep
[02:37:06]<ergonlogic>so we could just add it via the settings hook
[02:37:20]<bgm>(I guess there can be some rare cases where civicrm will bootstrap drupal, but we usually call it using Drush, ex: crons)
[02:39:04]<ergonlogic>$civicrm_root is the only thing we can't override, atm, then
[02:39:18]<ergonlogic>oh, I see
[02:39:23]<bgm>that's generated using an aegir/drush variable, so not a big deal
[02:39:57]<ergonlogic>what would happen in an API call to Civi?
[02:40:14]<ergonlogic>is drupal/settings.php bootstrapped?
[02:40:32]<ergonlogic>I guess it must be, since it relies on Drupal for users, etc. right?
[02:40:47]<bgm>yep
[02:42:18]<bgm>although now i'm doubting about the URL tracking thing for civimail..
[02:42:39]<bgm>things that don't get called from the CSM are usually in civicrm/extern/*
[02:43:13]<ergonlogic> // Override the Temporary Files directory. // $civicrm_setting['Directory Preferences']['customFileUploadDir'] = '/path/to/upload';
[02:43:32]<ergonlogic>so, presumably setting that would resolve the specific issue here
[02:43:38]<bgm>yep
[02:43:53]<bgm>but .. I checked, and the URL tracker is indeed that one in extern/url.php
[02:43:58]<ergonlogic>I'll post a link to this discussion in the drupal.org issue, so I can follow-up with a fix
[02:44:01]<ergonlogic>ok
[02:44:05]<bgm>so I'd probably avoid putting things only in drupal confs, not called from civicrm.settings.php
[02:44:14]<bgm>k, thanks :)
[02:44:25]<ergonlogic>hefring: log pointer
[02:44:25]<hefring>http://hefring.mig5.net/bot/log/aegir/2015-12-23#T603423
[02:45:44]<ergonlogic>hmm, ok
[02:45:57]<ergonlogic>so what would you suggest for exterm/*?
[02:46:04]<ergonlogic>also, https://www.drupal.org/node/2378175
[02:46:05]<hefring>https://www.drupal.org/node/2378175 => Run file operations under sudo [#2378175] => 5 comments, 2 IRC mentions
[02:46:29]* gandhiano has quit (Ping timeout: 255 seconds)
[02:46:30]<ergonlogic>the recurring file permissions issues with Civi under Aegir could be resolved by that ^^^
[02:47:02]<bgm>yeah, that would be nice
[02:47:44]<bgm>I don't get the fuss about the risk of privilege escalation
[02:48:22]* gandhiano has joined #aegir
[02:48:23]<ergonlogic>well, we can wrap is securely
[02:48:51]<ergonlogic>we don't want www-data to be able to chmod 777 just anything
[02:49:03]<ergonlogic>but still, shouldn't be too difficult
[02:49:21]<bgm>yeah, just make a shell script that can be run by the aegir user only, and without any arguments
[02:49:30]<ergonlogic>and itd be optional with a sudoers entry that'd have to be configured
[02:49:31]<bgm>well, erm, just the destination path
[02:49:34]<bgm>"fix this directory"
[02:50:12]<ergonlogic>oh, good idea
[02:50:13]<bgm>(and the script would validate that it's a valid site directory, etc)
[02:50:27]<ergonlogic>if the aegir user can't cd into the dir, they can't run those ops
[02:51:12]<ergonlogic>right, and we'd presumably call it using the site/platform alias
[02:51:35]<ergonlogic>where the site or platform root is specified anyway
[02:51:50]<bgm>makes sense
[02:53:09]* bgm stuck on an icinga2 monitoring issue, grumble grubmle
[02:53:30]<ergonlogic>so, to inject settings that'll be accessible to extern/* scripts...
[02:53:35]<ergonlogic>any ideas there?
[02:54:08]<bgm>probably not the cleanest thing to do, but how about appending variables to the civicrm.settings.php directly?
[02:54:25]* ergonlogic has to tackle a DKAN JS graphing issue next :-/
[02:54:33]<bgm>:)
[02:54:35]<ergonlogic>prepending?
[02:55:24]<ergonlogic>wouldn't they have to be above the "Do not change anything below this line. Keep as is"
[02:55:29]<ergonlogic>maybe not
[02:55:51]<bgm>nah, it's not a big deal
[02:56:02]<bgm>civi anyway calls hook_civicrm_config() afterwards
[02:56:07]<bgm>which is another way to change settings
[02:56:36]<ergonlogic>ah, interesting
[02:57:29]<ergonlogic>that'd have to be in the site code-base though, right?
[02:58:11]<ergonlogic>so we'd have to ship that at the platform level or something
[02:58:20]<bgm>yeah
[02:58:30]<bgm>civi can have global extensions in ~/platform/civi-foo/vendor/
[02:58:40]<bgm>but it would still need to be enabled, updated, etc
[02:58:46]<ergonlogic>right
[02:58:49]<ergonlogic>seems messy
[02:58:52]<bgm>yep
[02:59:59]<bgm>also, we could ask to add a smarty variable in the civicrm.settings.php to have a clean way to inject stuff in there
[03:00:06]<bgm>like a pre/post kind of variable
[03:00:25]<bgm>but the civicrm.drush.inc code is messy, and it sounds time-consuming..
[03:01:35]<ergonlogic>that'd certainly make injecting custom stuff easier
[03:01:53]<ergonlogic>I'm looking in extern/widget.php
[03:02:48]<ergonlogic>which requires civicrm.config.php
[03:03:02]<bgm>civicrm.config.php finds civicrm.settings.php
[03:03:16]<bgm>it's messy, but it deals with detecting the CMS and all that
[03:03:53]<ergonlogic>right
[03:04:04]<ergonlogic>just checking what all it's doing there
[03:04:20]<ergonlogic>so there it'll only bootstrap the civi settings
[03:04:53]<ergonlogic>what if a widget needs something from the Drupal side?
[03:05:01]<ergonlogic>user perms or something
[03:05:04]<bgm>in some places, it's hard to say, but yeah, I think it's safer to assume that sometimes Drupal doesn't get bootstrapped
[03:05:26]<bgm>extern/widget.php is kind of crappy, and no one uses it :)
[03:05:33]<ergonlogic>hmm, ok
[03:05:33]<bgm>the only important thing there is extern/url.php
[03:05:43]<ergonlogic>ok, I'll take a look at that then
[03:05:58]<bgm>although some of the IPN code in there could be important for paypal ipns
[03:06:07]<bgm>normally that stuff should have been migrated to something more proper
[03:09:20]<ergonlogic>ok, so there might be some corner cases
[03:09:48]<ergonlogic>but re-setting temp path var during deploy would resolve the immediate issue
[03:10:22]<ergonlogic>also "$this->userFrameworkUsersTableName = $dbprefix . 'users';"
[03:10:42]<ergonlogic>that looks like how users table is bootstrapped from various CMSs
[03:11:17]<bgm>where do you see that?
[03:11:29]<bgm>but yes, I'm OK with fixing the immediate issue and keep it simple :)
[03:12:02]<ergonlogic>vi CRM/Core/Config.php +331
[03:12:29]<ergonlogic>so, right... injecting into settings.php would work in most cases
[03:12:56]<ergonlogic>but some stuff in extern/* might break, if we aren't careful
[03:13:32]<ergonlogic>ideally the CMS would be bootstrapped in extern/*
[03:13:47]<ergonlogic>except that it'd presumably make things much slower
[03:13:57]<ergonlogic>as there'd be a lot more code loaded
[03:14:25]<ergonlogic>pre- and post- includes in civicrm.settings.php would help
[03:14:36]<ergonlogic>but then we'd need to generate those, as required
[03:15:20]<ergonlogic>bgm: does that sum it up well?
[03:15:24]<bgm>yep
[03:16:07]<ergonlogic>if time permits, would you mind posting an issue to civicrm for that?
[03:16:40]<ergonlogic>the pre- and post- hooks, that is
[03:17:23]<ergonlogic>I'm not sure I speak enough civicrm-ese to document the requirement properly :)
[03:18:37]<bgm>sure.. although I'll open the issue when ready to work on it
[03:19:00]<bgm>i'm probably going to a sprint in end-january where we'll work on the d8 & backport ports
[03:19:23]<bgm>so it'll be a good time to add those changes
[03:19:40]<ergonlogic>ok, great
[03:19:48]<bgm>(fwiw: https://civicrm.org/blogs/colemanw/sprint-for-civi-drupal8-backdrop-wp-j...)
[03:19:50]<ergonlogic>let me know, and I'll try to set aside some time to help
[03:20:17]<ergonlogic>d8 support should help with i18n some too, I'd think
[03:20:29]<ergonlogic>well, maybe not
[03:21:03]<ergonlogic>ok, I think I have enough to fix the tmp_path thing
[03:21:15]<ergonlogic>so I'll try to tackle that in early Jan
[03:21:41]<bgm>:)
[03:30:01]<bgm>ot: icinga2 is mind-blowingly simple and awesome, but.. you-just-need-to-unlearn-all-those-bad-nagios-habits
[03:52:19]* daften has quit (Remote host closed the connection)
[03:52:46]* daften has joined #aegir
[03:55:10]* gandhiano has quit (Ping timeout: 245 seconds)
[03:57:08]* daften has quit (Ping timeout: 255 seconds)
[03:58:11]* gandhiano has joined #aegir
[04:09:53]<ergonlogic>neat
[04:10:19]<ergonlogic>I'd been working with shinken, which re-implements nagios in python
[04:10:33]<ergonlogic>allowing re-use of nagios plugins
[04:43:20]* gandhiano has quit (Ping timeout: 260 seconds)
[05:22:15]* Egyptian[Home] has joined #aegir
[05:42:40]* Egyptian[Home] has quit (Ping timeout: 265 seconds)
[06:22:01]* kvanderw is now known as zz_kvanderw
[06:22:47]* zz_kvanderw is now known as kvanderw
[06:24:19]* gusaus has quit (Quit: gusaus)
[06:24:37]* daften has joined #aegir
[06:51:00]* Egyptian[Home] has joined #aegir
[06:52:55]* noecc has left #aegir ("pax")
[07:06:45]* Captain_Haddock has quit ()
[07:36:09]* gusaus has joined #aegir
[08:14:41]* daften has quit ()
[08:15:36]* sierkje has joined #aegir
[08:20:26]* Egyptian[Home] has quit (Ping timeout: 240 seconds)
[08:22:27]* sierkje has left #aegir ()
[09:13:03]* kvanderw is now known as zz_kvanderw
[09:13:19]* zz_kvanderw is now known as kvanderw
[10:02:14]* zombiebeard has quit (Quit: zombiebeard)
[10:37:19]* gandhiano has joined #aegir
[10:38:41]* drakythe is now known as zz_drakythe
[10:38:46]* zz_drakythe is now known as drakythe
[10:39:35]* drakythe is now known as zz_drakythe
[10:40:36]* zz_drakythe is now known as drakythe
[10:41:21]* drakythe is now known as zz_drakythe
[10:53:07]* Egyptian[Home] has joined #aegir