Perl 6 - the future is here, just unevenly distributed

IRC log for #opentreeoflife, 2015-06-10

| Channels | #opentreeoflife index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 jar286 joined #opentreeoflife
01:18 jar286 joined #opentreeoflife
01:38 jar286 joined #opentreeoflife
03:05 eugene_s joined #opentreeoflife
12:55 jar286 joined #opentreeoflife
13:16 jar286 jimallman, I’m going to reinstate the *new* .pem and .crt on ot16, just for testing
13:18 kcranstn joined #opentreeoflife
13:21 jar286 kcranstn, we’re getting “SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch”
13:21 jar286 which I think is what we’d see if the CSR had been made for the wrong private key
13:22 jar286 but there could be other causes.
13:22 kcranstn I only copied over the pem file, not the csr
13:22 kcranstn that’s probably the reason
13:22 jar286 no, it would have been before that
13:23 jar286 you had to make a csr on one of our servers, then upload it to namecheap to get it signed, with the resulting .crt
13:23 kcranstn yes
13:23 jar286 i.e. something like openssl req -new -key opentreeoflife.org.key.with-passphrase -out opentreeoflife.org.csr
13:24 kcranstn yes
13:24 jar286 openssl rsa -in opentreeoflife.org.key.with-passphrase -out opentreeoflife.org.key
13:25 jar286 I guess I’d have to look up the magic…
13:25 kcranstn https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
13:25 kcranstn thats what I did
13:25 jar286 and you started with /etc/ssl/private/opentreeoflife.org.key ?
13:26 jar286 as the private key for the csr?
13:26 jar286 if so then… I’m baffled…
13:27 kcranstn should have kept better notes, sorry. The .key file I used is in /home/opentree on ot14
13:28 jar286 oh… hang on .. those instructions say to create a new key.
13:28 kcranstn which I did
13:28 jar286 that would explain the apache problem, if the new key didn’t get installed in /etc/ssl/private
13:29 kcranstn openssl req -new -newkey rsa:2048 -nodes -keyout opentreeoflife.key -out opentreeoflife.csr
13:29 jar286 so you did make a new key.  ok, we just need to install that new key on ot16 (and ot10) for our dev test
13:30 kcranstn and production
13:30 kcranstn but not for the dev test, correct
13:30 jar286 ok. i will do that for ot16 now & see if it works
13:30 kcranstn thanks
13:31 jar286 sorry I was confused about that when I rushed off yesterday… remember I first said make a new key, then I said don’t.  not a big deal, I’ll fix it
13:31 jar286 the namecheap instructions assume you’re going to make a new key and don’t say how you make a new csr with the old key
13:38 jar286 kcranstn, success on ot16
13:41 kcranstn yay
13:43 jar286 in case you didn’t quite get what happened, apache needs the private key to be able to respond to ssl challenges, and it looks for the key in /etc/ssl/private, and the old key was still there.  all I’m doing now is putting the new key in /etc/ssl/private and retrying
13:43 kcranstn got it
13:49 jar286 devapi is working too, now.  https://devtree.opentreeoflife.org/opentree/argus/opentree3.0@1
13:49 kcranstn yup
13:50 kcranstn and curator
13:50 kcranstn thanks
13:51 jar286 how we need to merge the commit that updates the .pem back into the production branch… I suppose that ought to be done as a PR
13:52 kcranstn I can do that
13:52 jar286 great
13:53 jar286 just looking to see if there are any other PRs ready, and there aren’t
13:54 jar286 unfortunately there’s no way to do the cert update without a minute or two of downtime.  I’ll try to minimize it
13:55 kcranstn https://github.com/OpenTreeOfLife/opentree/pull/656
13:55 jar286 ok
14:10 jar286 updating ot20 (production api) now…
14:20 jar286 jimallman, you there?
14:21 jimallman yes, hi (catching up now)
14:21 jar286 wondering why there is any collections action on production
14:21 jar286 api is failing to start up because
14:21 jar286 Cloning into 'collections'...
14:21 jar286 ~ ~
14:21 jar286 ~
14:21 jar286 favorites-1...
14:21 jar286 Using branch master of repo favorites-1
14:21 jar286 Cloning into 'favorites-1'...
14:21 jar286 fatal: could not read Username for 'https://github.com': No such device or address
14:21 jar286 ./setup/install-api.sh: line 184: cd: repo/favorites-1_par/favorites-1: No such file or directory
14:22 jimallman repos are cloned by the deployment tools. what branch of opentree do you have checked out?
14:22 jimallman regardless, this should be harmless, so the error is a surprise..
14:23 jar286 it’s harmful, since now our production api server is hosed
14:23 jimallman right, i’m just trying to understand what exactly is going wrong.
14:23 jar286 ahh… I should check out the master branch of the deployment tools.
14:23 jar286 it’s not supposed to be that sensitive… will try it though
14:24 jimallman that should fix it, i think. we have a few more tangles like this, in server-config settings and the renamed apache-config files.
14:24 jar286 but I do see COLLECTIONS_API mentioned in production/api.config
14:25 jar286 looks harmless, but it’s confusing
14:25 jimallman yes, i went ahead and sketched in preliminary support for collections (and favorites) ahead of full implementation.
14:26 jimallman as you say, harmless but confusing. esp with the delays in moving these features to production.
14:28 josephwb joined #opentreeoflife
14:28 josephwb jar286 i am hoping the travis thing is as easy as this: http://blog.travis-ci.com/2013-11-26-test-your-java-libraries-on-java-8/
14:29 josephwb i.e. https://github.com/OpenTreeOfLife/treemachine/commit/b275762eac1ae474bfe83f4023f8ca815265e29a
14:31 jar286 ok, got past that, but still getting Certificate and private key ot20.opentreeoflife.org:443:0 from /etc/ssl/certs/opentree/STAR_opentreeoflife_org.pem and /etc/ssl/private/opentreeoflife.org.key do not match
14:31 jar286 I know what that is...
14:31 jar286 I need to manually copy the .pem into /etc/ssl
14:31 josephwb oops. i missed a line.
14:33 jar286 better… now getting ‘invalid request’
14:35 jar286 that’s sort of funny, I was expecting the ‘welcome’ web2py app (that’s what I got before)
14:37 josephwb ok, looks like the java version thing is fixed
14:37 jar286 well, ot20 looks functional to me - germinator tests pass and main site works.
14:38 jar286 so now I need to review what I did wrong on ot20, so I don’t reproduce it on ot14
14:38 jar286 (tree.opentreeoflife.org)
14:40 josephwb passed now.
14:40 josephwb https://github.com/OpenTreeOfLife/treemachine/pull/181
14:52 jar286 jimallman, I just deleted a ton of old merged branches on github (opentree repo)
14:53 jimallman thanks
14:53 jar286 I’m thinking I should wait to do this ssl update until our usual maintenance window this afternoon.  we’ve succeeded in 3 out of 4 cases, so it should work the next time (ot14)
14:53 jar286 site may be too busy right now.
14:54 jimallman normal window seems like a good idea to me.
15:24 kcranstn me too
15:28 eugene_s joined #opentreeoflife
16:26 jar joined #opentreeoflife
16:27 jar Test
16:32 kcranstn test
16:33 jar286 I got 10 points, what about you?
16:33 kcranstn ?
16:33 jar286 kidding
16:34 kcranstn brb
16:35 kcranstn joined #opentreeoflife
16:35 kcranstn connecting from new laptop. whee!
16:36 jar286 whee indeed.  I was connecting from iphone
17:11 jimallman joined #opentreeoflife
17:15 jar286 joined #opentreeoflife
17:53 kcranstn joined #opentreeoflife
19:38 kcranstn joined #opentreeoflife
19:45 jimallman joined #opentreeoflife
20:41 kcranstn joined #opentreeoflife
21:34 jimallman joined #opentreeoflife
23:03 kcranstn joined #opentreeoflife
23:17 kcranstn joined #opentreeoflife

| Channels | #opentreeoflife index | Today | | Search | Google Search | Plain-Text | summary