Time
S
Nick
Message
00:42 andrewSC joined #dataverse
12:46 donsizemore joined #dataverse
13:35 pdurbin
donsizemore: mornin'. Slide 6 especially. :)
14:28 pdurbin
we're talkin' sample data :)
14:38 donsizemore joined #dataverse
17:26 donsizemore joined #dataverse
17:38 donsizemore
@pdurbin pull requests welcome =) (or send me what y'all want and i'll cobble it into place)
17:38 pdurbin
The design team is figuring out what they want. I'm happy enough with my birds and trees.
17:45 pdurbin
donsizemore: how's the API test suite treating you? :)
17:46 * pdurbin
kicks off a build
17:47 donsizemore
@pdurbin i was kicking the tires with dataverse-kubernetes this morning (bootstrap container stays stuck in init)
17:48 pdurbin
nice!
17:48 donsizemore
@pdurbin there were so many ec2 images piling up i just commented out the ec2 create line. i can enable it again if you want
17:48 donsizemore
@pdurbin i was just picking up the letsencrypt stuff to knock certs and proxy out of the way
17:49 donsizemore
@pdurbin but if you want me to do api test suite stuff first i can switch gears?
17:49 pdurbin
sounds good. do you want me to try the "bring your own cert" use case?
17:49 donsizemore
that part should work but i haven't done much testing
17:49 pdurbin
ok, is it documented?
17:50 donsizemore
@pdurbin checkout 53_http_proxy and note the new group_vars
17:54 pdurbin
ok, so I just put full file paths in cert, interm, and key, it looks like
17:55 pdurbin
and I guess I would modify the ec2 create script to scp them into place first, right?
17:55 donsizemore
just the filenames. drop them in files/
17:56 pdurbin
ok, scp them to files?
17:57 pdurbin
scp them to /home/centos/dataverse/files it looks like
17:59 donsizemore
eh, with the ec2 bit that'd be easy to make them available via url somewhere
17:59 pdurbin
even the key?
18:01 donsizemore
unless you made your own fork of the repo, probably.
18:02 pdurbin
sounds a bit insecure to have the key out there... I guess the url could be password protected
18:02 pdurbin
basic auth or whatever
18:06 donsizemore
@pdurbin i'm searching to see whether we could include the pem in the group_vars like in other yaml files
18:10 pdurbin
I'm not sure how often the "bring your own" use case will come up.
18:10 pdurbin
my dev1 cert did expire so I guess I could go get a new one
18:10 pdurbin
but now I have dev2
18:11 pdurbin
I guess if dev2 gets pown'd and I need to spin up a replacement, that'll be a good time to use the bring your own cert thing
18:11 donsizemore
you could try the syntax like https://zero-to-jupyterhub.readthedocs.io/en/latest/security.html#set-up-manual-https
18:11 donsizemore
which would keep everything in your private group_vars file
18:13 pdurbin
huh. interesting!
18:13 donsizemore
i remembered the syntax but it took me a minute to find an example
18:13 pdurbin
well worth a minute, thanks!
19:50 pdurbin
donsizemore: "interm" is three certs for me. Hope it works.
19:55 pdurbin
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find or access '-----BEGIN CERTIFICATE-----\nMIIG8...
20:30 pdurbin
I switched to scp'ing the certs etc over and dropping them in "files". Now I'm getting this: AH00526: Syntax error on line 50 of /etc/httpd/conf.d/ssl.conf
20:31 pdurbin
Invalid command 'ShibRequestSetting', perhaps misspelled or defined by a module not included in the server configuration
20:33 pdurbin
If I uncomment the shib stuff in ssl.conf and restart apache it looks like my certs is correctly in place.
20:34 pdurbin
so maybe a workaround is to always enable shib
21:57 dataverse-user joined #dataverse
