| [15:46:12] | * realityloop has quit (Quit: Leaving..) |
| [18:33:47] | * reaper013 has joined #aegir |
| [19:13:33] | * ybabel has joined #aegir |
| [22:26:14] | * ybabel has quit (Remote host closed the connection) |
| [22:26:16] | * ybabel1 has joined #aegir |
| [22:28:36] | * ybabel1 is now known as ybabel |
| [23:50:09] | * reaper013 has quit (Quit: Page closed) |
| [00:25:21] | * GK_1wm___SU has joined #aegir |
| [00:25:23] | * GK_1wm___SU has left #aegir () |
| [00:45:51] | * mlhess has quit (Remote host closed the connection) |
| [00:48:22] | * mlhess has joined #aegir |
| [00:50:11] | * v20th has joined #aegir |
| [01:24:41] | * roycroft has quit (Ping timeout: 255 seconds) |
| [01:33:09] | * roycroft has joined #aegir |
| [03:08:02] | * theMusician has joined #aegir |
| [05:08:13] | * ybabel has quit (Quit: ybabel) |
| [05:08:43] | * ybabel has joined #aegir |
| [05:14:08] | * ybabel1 has joined #aegir |
| [05:15:01] | * ybabel has quit (Ping timeout: 240 seconds) |
| [05:15:01] | * ybabel1 is now known as ybabel |
| [05:31:07] | * shaneonabike1 has joined #aegir |
| [05:39:40] | * v20th has quit (Ping timeout: 246 seconds) |
| [05:41:26] | * shaneonabike1 has quit (Quit: Leaving.) |
| [05:51:38] | * v20th has joined #aegir |
| [05:51:54] | * ybabel has quit (Quit: ybabel) |
| [06:54:17] | <roycroft> | hello, folks |
| [06:54:31] | <roycroft> | so today i'm working on our old aegir master for my boss |
| [06:54:37] | <roycroft> | it's been a day of frustration |
| [06:54:44] | <roycroft> | we have a production site that uses ssl |
| [06:54:50] | <roycroft> | it's spun off on its own virtual machine |
| [06:55:00] | <roycroft> | my boss also generated a test site on that same vm |
| [06:55:16] | <roycroft> | he needs to test some new modules to update the site, and attempted to do so with the test site |
| [06:55:22] | <roycroft> | when he did that the production site broke completely |
| [06:55:57] | <roycroft> | i restored a backup of the production site's database (the breakages was undefined columns in the db), and both the production and test sites worked again, but without his changes |
| [06:56:19] | <roycroft> | note that there are two aegir-created databases on that vm - one for the production site and one for the test site |
| [06:56:45] | <roycroft> | so i'm not sure how 1. the test site was talking to the production database when it has its own, and 2. why restoring he production database fixed both sites (related to 1, i'm sure) |
| [06:57:26] | <roycroft> | and in that vein, he asked me to spin off a new vm so he could test with that, not wanting to mess with the vm that runs the production site again |
| [06:58:08] | <roycroft> | it was a series of frustrations - i had to create a symlink from /etc/apache2/conf-available/aegir.conf to /var/aegir/conf... |
| [06:58:15] | <roycroft> | i can deal with that though |
| [06:58:33] | <roycroft> | i also had to manually change permissions of sites/sitename/files |
| [06:58:37] | <roycroft> | again, i can deal with that |
| [06:59:05] | <roycroft> | but, when i create the site on the aegir master, it fails to install, with a missing directory |
| [06:59:45] | <roycroft> | the aegir master creates a /var/aegir/config/server_mytestsite directory for the plaform that installs on the test server |
| [07:00:48] | <roycroft> | however, it tries to put the ssl cert in /var/aegir/config/server_master/ssl.d/testsite, not /var/aegir/config/server_myestsite/ssl.d/testsite |
| [07:01:11] | <roycroft> | and fails because it does not create the directory under server_master/testsite |
| [07:01:21] | <roycroft> | is this something that has been or will be fixed? |
| [07:01:35] | <roycroft> | ssl seems to be the bane of aegir |
| [07:31:23] | * mengi has joined #aegir |
| [07:55:06] | * theMusician has quit (Ping timeout: 256 seconds) |
| [07:59:55] | * theMusician has joined #aegir |
| [08:35:50] | <colan> | roycroft: Not sure about everything else, but you definitely should not have dev/test/staging environments on the same VM as Production. |
| [08:37:06] | <colan> | The Staging VM should be virtually identical to Prod. If stuff works there, then you try on Production. |
| [08:37:51] | <colan> | so if you've got separate VMs for the web & DB servers, you need at least 4 VMs. |
| [08:38:39] | <colan> | Also, no development on Staging or Prod. |
| [08:39:54] | <colan> | So no trying out modules.. Only releases & patches (that have been tested on Staging first). That's what Dev is for, trying new things that may or may not work. |
| [08:47:26] | <roycroft> | colan: i'm well aware of this |
| [08:47:37] | <roycroft> | i'm trying to come up with something that makes sense |
| [08:47:49] | <roycroft> | here's another issue regarding that |
| [08:47:56] | <roycroft> | a platform is tied to a server |
| [08:48:29] | <roycroft> | so if my boss wants to develop on a new plaform he has me crate a server for that |
| [08:48:36] | <roycroft> | then he pushes the site in production on the same server |
| [08:48:46] | <roycroft> | because he can't use that same platform with a different server |
| [08:49:03] | <roycroft> | to me, there should be two copies of the platform - one for development and one for production |
| [08:49:34] | <roycroft> | i'm really trying to set this all up so that production is never impacted |
| [08:49:57] | <roycroft> | but i have a boss who is impatient, impetuous, non-communicative, and extremely demanding |
| [08:50:07] | <roycroft> | so i'm kind of in a tough position most of the time :) |
| [08:50:49] | <roycroft> | he also tends to work at night and on the weekend a lot, when i'm not working |
| [08:51:00] | <roycroft> | and that's when he is best at breaking production sites |
| [08:51:12] | <roycroft> | so please believe me, i want to isolate production from development |
| [08:51:22] | <roycroft> | i hate having to get up in the middle of the night to restore a website that he just broke |
| [08:51:52] | <roycroft> | i'm trying to figure out a good approach to keeping development isolated from staging/production |
| [08:52:12] | <roycroft> | someone pointed to a migration module the other day that hsould help me move from one aegir master to another |
| [08:52:17] | <roycroft> | and i'm going to be testing that soon |
| [08:52:33] | <roycroft> | my bigger immediate concern is how poorly ssl is handled in aegir |
| [08:52:41] | <colan> | hosting_remote_import++ |
| [08:52:59] | <roycroft> | yes, that's the one |
| [08:53:19] | <colan> | roycroft: we've been doing a lot of working on https://gitlab.com/aegir/hosting_https/ - should cause fewer issues that the older methods. |
| [08:53:22] | <roycroft> | it's on my list to test tomorrow - i'll be spinning up a couple aegir master vms and installing that module on them |
| [08:53:36] | <colan> | er, a lot of work. |
| [08:53:51] | <roycroft> | it requires aegir 3.9+ |
| [08:54:04] | <roycroft> | msot of our sites are on aegir 2 right now, but i don't expect any back porting |
| [08:54:23] | <colan> | a bunch of us are now running it on Prod. |
| [08:54:28] | <colan> | Ouch. Can you upgrade? |
| [08:54:29] | <roycroft> | this may be a tool i can use to push my boss into migrating more of our sites to aegir 3/drupal 8 |
| [08:54:37] | <roycroft> | my boss does not want to upgrade unless he has to |
| [08:54:46] | <colan> | that would solve a lot of problems. :) |
| [08:54:48] | <roycroft> | he thinks that once a site is developed it is 100% hands-off |
| [08:54:57] | <roycroft> | because he never prices maintenance into his quotes |
| [08:55:06] | <colan> | that's nuts, IMHO. |
| [08:55:10] | <roycroft> | and he has no concern about security/orphaning |
| [08:55:12] | <roycroft> | yes |
| [08:55:18] | <roycroft> | but it is what it is |
| [08:55:28] | <colan> | I hope it all goes well then. |
| [08:55:31] | <roycroft> | thanks |
| [08:55:44] | <roycroft> | also |
| [08:55:50] | <roycroft> | before you say anything |
| [08:55:54] | <roycroft> | because everyone says it |
| [08:56:07] | <roycroft> | i am old and essentially unemployable :) |
| [08:56:14] | <roycroft> | that's why i don't just quit and go elsewhere |
| [08:56:54] | <roycroft> | when i list 40+ years of unix experience on my resume it gets binned immediately |
| [08:57:49] | <roycroft> | i'll definitely look hard at hosting_https when i create those aegir 3 vms tomorrow |
| [08:58:07] | <roycroft> | because the current method is insane |
| [09:01:39] | <colan> | you wouldn't be lying if you said you had 15 years unix experience. ;) |
| [09:16:59] | <roycroft> | lies of omission are still lies |
| [09:17:04] | <roycroft> | dammit, i'm too honest |
| [09:19:28] | <roycroft> | that https module appears to be more about certificate management, with let's encrypt as the certificate issuer |
| [09:19:37] | <roycroft> | i don't have problems managing certificates |
| [09:19:44] | <roycroft> | and we get our own certificates elsewhere |
| [09:20:04] | <roycroft> | it's getting aegir to put the certificate in the right place that's the major problem |
| [09:20:15] | <roycroft> | does that module address that? |
| [09:30:46] | * theMusician has quit (Quit: theMusician) |
| [09:32:31] | <colan> | roycroft: not yet, follow https://gitlab.com/aegir/hosting_https/issues/10 . But it's possible ergonlogic started working on that as he said he needed it for something. |
| [09:33:20] | <colan> | roycroft: having said that, you shouldn't need those certs anymore if you're using LE. |
| [09:33:40] | <colan> | Unless you want extended validation or wildcards or some such. |
| [09:33:55] | <colan> | And then this module will actually work for you. :) |
| [09:37:54] | <roycroft> | ok |
| [09:38:00] | <roycroft> | i said a lot of stuff earlier |
| [09:38:13] | <roycroft> | because there are several things that are frustrating :) |
| [09:38:16] | <roycroft> | but this is the big one: |
| [09:38:43] | <roycroft> | when i generate a ssl site, aegir complains because the directory where its self-signed certificate does not exist |
| [09:39:06] | <roycroft> | the certificate should go on /var/aegir/config/server_myserver/ssl.d/site.domain |
| [09:39:26] | <roycroft> | but aegir tries to put it in /var/aegir/config/server_master/ssl.d/site.domain |
| [09:39:46] | <roycroft> | and since aegir never creats the site.domain directory in /var/aegir/config/server_master it fails |
| [09:40:09] | <roycroft> | this is on aegir 2 still - if that's been fixed in aegir 3 then it's yet another reason for us to move to aegir 3 asap |
| [09:40:36] | <roycroft> | i can write a procedure to create that directory manually before generating the site |
| [09:40:48] | <roycroft> | and i would follow that procedure |
| [09:40:55] | <roycroft> | but my boss will not follow it |
| [09:41:20] | <roycroft> | he demands that i just "make it work" without his having to do anthing but run the install site job |
| [09:41:36] | * theMusician has joined #aegir |
| [09:42:17] | <roycroft> | i understand why some of the stuff must be done manually, such as making the files directory writable by the web user |
| [09:42:30] | <roycroft> | although that might be able to handled by sudo |
| [09:42:38] | <roycroft> | but that is kind of scary :) |
| [09:43:05] | <roycroft> | putting the cert in the wrong place is a bug, imo |
| [09:43:56] | <roycroft> | and i think putting it in server_master is the wrong place |
| [09:44:09] | <roycroft> | it seems it should go in the config directory for the server on which it will be installed |
| [09:50:34] | * v20th has quit (Quit: Leaving) |
| [09:59:07] | * theMusician has quit (Quit: theMusician) |
| [10:12:49] | * realityloop has joined #aegir |
| [10:40:34] | * theMusician has joined #aegir |
