2025-03-02 19:06:17 lesigh 2025-03-02 19:54:03 whats happening? very colorful here 2025-03-02 19:55:26 Lots of scraping, but I'm not sure what exactly is causing the load issues 2025-03-02 19:56:03 Tried increasing the amount of workers, but that just increases the amount requests being able to be handled 2025-03-02 19:56:25 Not sure if it's just plain crawling that's the issue, or that there are specific requests which are heavy 2025-03-03 09:37:04 oh, git.a.o is 502 2025-03-03 09:38:41 ikke: any particular ip ranges that are guilty? 2025-03-03 10:07:13 pj: I see some ranges making the most requests, but I'm not entirely sure those requests cause most of the load 2025-03-03 10:07:28 I need to quantify that somehow 2025-03-03 10:14:39 there's been an ongoing problem for gitea/forgejo instances where bots keep scraping git archive tarballs which blows up their git archive cache 2025-03-03 10:16:14 an example from admin of my fedi instance: https://donotsta.re/notice/AreSNZlRlJv73AW7tI 2025-03-03 10:23:42 I may start sending the access logs to loki, may help to make it easier to analyse the requests 2025-03-03 11:10:40 not sure if we could do something like this? https://fosstodon.org/@dalias@hachyderm.io/114055514402836782 2025-03-03 11:16:55 I'm already doing something like that with nginx 2025-03-03 11:17:10 well, not a download speed, but more rate limit delay 2025-03-03 11:17:57 But, understanding where the slowness comes from is step 1 2025-03-03 15:17:10 if you find out it's from crawlers, it's a bit of whack-a-mole listing ips, but even where i see site operators doing that, they drop requests instead of returning something, which probably just gets the crawl job moved to a different queue/ip/asn. i personally favor returning 402. 2025-03-03 15:17:31 in any case site operators need to get better about working together because this is war 2025-03-03 15:27:54 invoked: agree 2025-03-04 00:33:51 From Trusted and Vouched Dealers... (full message at ) 2025-03-04 00:34:26 pj 2025-03-04 00:34:34 :3 2025-03-04 00:34:44 i can't do anything, no op here 2025-03-04 00:34:58 oh damn 2025-03-04 00:38:23 maybe I could reactive my mjolnir instance that I used for lapce 2025-03-04 00:38:39 would make it easier to ban across all channels 2025-03-04 00:39:31 they are all coming from :matrix.org, if they could just spend their money right and ban them immediatley 2025-03-04 06:38:18 pj: seems to be lots of addresses from brazil 2025-03-04 06:38:21 different ISPs 2025-03-04 06:38:46 45.x.y.z 2025-03-04 06:39:42 many requests from unique addresses 2025-03-04 06:43:46 is that like consistent scraping? 2025-03-04 06:43:52 seems to be 2025-03-04 06:44:03 That was just the last 5000 requests 2025-03-04 06:44:11 and I've seen that before as well 2025-03-04 12:31:09 Took some more drastic measures, see how that helps 2025-03-04 12:32:15 Regarding git.a.o that is (deu1-dev1) 2025-03-04 12:32:50 I'm not that impressed with loki at the moment 2025-03-04 12:33:31 Something very simple like getting the amount of requests per IP address proves extremely difficult 2025-03-04 12:40:46 Put a lot of ASNs in a single rate-limit bucket 2025-03-04 12:41:29 I now see an average of 7 429 responses per second 2025-03-04 12:42:08 git.a.o is gbr-app-1. here 2025-03-04 12:42:36 opensearch dashboards is much nicer but it's heavy to host 2025-03-04 12:42:52 vkrishn: not for me.. 2025-03-04 12:43:50 some routing geo- based? gbr-app-1. is a.o owned? 2025-03-04 12:44:04 yes, it is 2025-03-04 12:44:10 but it does not host git.a.o 2025-03-04 12:46:54 ok, seems it redirected from it, as both gbr-app-1. (1st), then deu1-dev1. (2nd) 2025-03-04 12:48:26 The load on deu2-dev1 decreased significantly 2025-03-04 12:59:15 got it, https://wiki.alpinelinux.org/images/alogo.svg on git.a.o webpage connects to gbr-app-1. 2025-03-04 13:07:58 general rule for modern search engine A reviting same commit-id on git repo should be considered bad(dos attach like) 2025-03-04 13:08:15 revisiting^ 2025-03-04 13:09:17 search engine should learn its a git repo and not visit same commit 2025-03-04 14:09:58 The current traffic comes from many residential ip addresses from many ISPs. Sounds like a botnet or some vpn abusing customers 2025-03-04 14:14:12 if i had lots of slurps (brain freeze) with pizza, I would live publish those logs (with some parts scrubbed) 2025-03-04 14:17:25 i also create lists of IPs that concoct urls(forge) for pages/services 2025-03-04 14:18:01 i found quite a few from MS 2025-03-04 14:25:22 also look for IPs that do POSTs on pages/services that don't exist 2025-03-04 16:14:01 Similar to gitlab 2025-03-04 16:14:14 a long tail of ip addresses from different countries all making a single request 2025-03-04 16:15:35 But even from apple, and microsoft apparently 2025-03-04 16:27:08 been there, follow the trails aka breadcrumbs ;) 2025-03-04 16:27:49 interesting events unfold 2025-03-04 16:29:23 make sure to keep the ip list trails or if possible temporarily backup those logs 2025-03-04 16:35:41 these are few reasons to have only IPv6 rolled globally, and every living human have 2fs(ff) ip assigned as digital/path ID 2025-03-04 16:36:39 maybe time to switch to allowlist vs denylist? (I'm only partially kidding) 2025-03-04 16:38:51 wonder how hard it'd be to engineer some sort of system of IP web-of-trust or maybe rate limit everyone and then non-abusers get extra tokens in their bucket 2025-03-04 16:41:56 there were some methods/suggestion in hachyderm url posted yesterday, 2025-03-04 16:42:42 i.e deny them and invoke/revoke based on some rule(maybe time) 2025-03-04 16:43:48 Would exclude too many legitimate users 2025-03-04 16:45:15 i noticed quite a lot of crawlers are crond so would visit your IP segment at perticular time 2025-03-04 16:46:03 that's when it should be locked out 2025-03-04 16:46:18 its not easy initially 2025-03-04 16:46:49 The hard part is determining the traffic is legitimate or harmful 2025-03-04 16:47:06 And mostly, what traffic is causing the issues 2025-03-04 16:47:36 but gradually a foggy IP map gets somewhere in your mind 2025-03-04 16:47:49 start small 2025-03-04 16:48:21 Yes, that's what I'm already doing 2025-03-04 16:53:38 isn't there a nginx module that slurp streams all css/js into single request? 2025-03-04 16:55:34 add that to cache(varnish), might smoothen out some more 2025-03-04 17:18:20 I must say I really like the geo module of nginx 2025-03-04 17:29:52 I think I have at least shedded some of the load now 2025-03-04 17:29:55 Hi there! I was investigating an issue we - as a security business - are experiencing while pulling information from secdb.alpinelinux.org (originally every 6 hours, descreased it to once a day). I noticed logs from this channel saying that you are experiencing some load problems because of heavy crawling / scraping. We are hosted on Azure and may have been caught in your most recent protection 2025-03-04 17:30:01 actions, likely because of noisy and not very mindful neighbors using the same IP ranges. 2025-03-04 17:30:22 Is there anything we can do to help, and to get our connectivity to secdeb restored? 2025-03-04 17:30:25 gplessis: Ok, would you mind sending the ip adres in a dM? 2025-03-04 17:30:31 / subnet 2025-03-04 17:31:24 sure 2025-03-04 17:32:40 Ok, I've removed the block 2025-03-04 17:33:14 thank you very much for your help! 2025-03-04 20:28:24 Seems like the rate limiting does have effect 2025-03-04 20:44:14 how would you describe it from "crawlers vantage point" ;) 2025-03-04 20:46:50 From their vantage point, they are certainly affected 2025-03-04 20:51:36 :), i mean what would gptAI say to itself when visiting a.o sites 2025-03-04 20:52:06 This tastes rather bland 2025-03-04 20:52:11 nm, offtopic 2025-03-04 20:52:14 :) 2025-03-04 21:01:22 looks like your allowlist has got its first entry 2025-03-04 22:19:32 I think I got ratelimited too. Loading any gitlab.a.o page results in 429 for some requests which cases the page to be broken. 2025-03-05 05:45:43 sertonix[m]: should be fixed now 2025-03-05 09:24:30 i inquired with sjtug and they are changing and working on architecture migration. 2025-03-05 15:41:30 qaqland: thanks 2025-03-06 18:51:46 ikke: an example of IPs that fall in not good list, https://tpaste.us/Ro9Y 2025-03-06 18:52:12 That's Alibaba Cloud 2025-03-06 18:52:14 already covered 2025-03-06 18:52:42 Oh no, this one is different 2025-03-06 18:54:40 its trying to get, GET /static../.git/config , something that don't exist, 2025-03-06 18:54:57 Yeah, trying to find accidentally exposed credentials 2025-03-06 18:54:59 sometimes i sit and scan looking for similar entry in logs 2025-03-06 18:55:21 But right now, that kind of traffic is not what I'm focussing on 2025-03-06 18:56:00 And, at least for now, it appears things are under control 2025-03-06 18:56:57 yes, thanks for the effort, noticed some improvement 2025-03-07 09:53:21 Hi, I'm trying to register an account on the Alpine GitLab, but I'm not receiving the confirmation email. I've tried different email providers, but none of them worked. I also tried signing up with GitHub, but that didn’t work either. Is there an issue? 2025-03-07 10:00:05 darim: I can check in an hour 2025-03-07 10:00:59 The only issue I'm aware of is outlook.com blacklisting us 2025-03-07 10:04:01 Okay, that might be the issue. My email is hosted on Outlook.com, and my GitHub account is also linked to an Outlook.com email address. I will try it with gmail. 2025-03-07 15:05:09 is it normal to have a ~25 s wait between new page loads to gitlab.a.o sometimes? this has improved over the past few days, just wondered if my ip was caught in some filtering 2025-03-07 15:37:27 mio: are you opening a lot of pages at the same time? 2025-03-07 15:38:51 2-3 tabs? 2025-03-07 15:39:40 it occurs on the first load usually, or refreshing same tab after some time 2025-03-07 16:09:48 mio: that should not trigger it 2025-03-07 16:10:00 The IP address I see for you is not rate limited 2025-03-07 16:11:17 mio: if you open the network tab, you should see 429 responses if you're rate limited 2025-03-07 16:13:41 ikke: okay, thanks! 2025-03-07 16:15:27 have had 1 tab open of the merge_requests page that is refreshed a few times an hour or a few hours, and 1-2 new tabs potentially opened from that 2025-03-07 16:16:35 the list refresh seems to have the wait, then reading MRs after that initial period is fine for a while 2025-03-07 16:18:05 will try to keep the number of open tabs low and see if that helps, thanks 2025-03-07 16:18:18 (based on what you mentioned) 2025-03-07 17:16:48 i use mouse, but noticed that there are key-bindings to pages too, it slightly faster that F5(full refresh) 2025-03-07 17:44:07 interesting, will try that as well, thanks 2025-03-07 18:23:52 mio: I sometimes open 8 tabs in sequence without issue 2025-03-07 18:41:23 ikke: okay, good to know. just switched to firefox, page loading seems to be fine so far 2025-03-07 18:42:55 maybe my other browser is having some issue or cached some old setting 2025-03-10 19:50:41 I have cleaned up distfiles a bit 2025-03-12 01:53:45 ikke: around? can i lock-discussion to a TSC issue? 2025-03-12 01:54:02 pls lock-it, https://gitlab.alpinelinux.org/alpine/tsc/-/issues/93 2025-03-12 01:54:07 seems i cannot 2025-03-12 01:54:10 thanks 2025-03-12 01:55:18 finally, really wanted to get off irc, now got a reason ;) 2025-03-12 02:23:14 seems there is no export to pdf to take a backup of the issue, so just copy-pasting the page for backup 2025-03-12 05:17:56 nice, the brower gave a nice screenshot too - for the TSC issue page 2025-03-12 14:10:08 looks like gitlab is sending me 5x the same email again 2025-03-12 14:10:15 i think i noticed that yesterday already 2025-03-12 14:30:20 psykose would be _alice here? 2025-03-12 14:30:32 https://d.insteps.net/scr/screenshot-2025-03-12-at-06-59-25-TSC-93.png, pls see there is not reply btn 2025-03-12 14:32:18 fossdd[m]: I just noticed that as well, I just assumed gitlab REALLY wanted me to know my CI job failed 2025-03-12 14:32:30 haha 2025-03-12 14:32:43 i am planning 2 more TSC, please enable them this time, play nice pls (i have been jotting the points for all 3 for yrs), they have no linking to current irc postings 2025-03-12 14:33:46 durrendal: wanted to say but missed, a tester has can be independant role and not associated with AL 2025-03-12 14:33:54 Please keep the scope reduced 2025-03-12 14:33:55 a tester can^ 2025-03-12 14:34:03 ok sorry 2025-03-12 14:35:29 in img, seems all participants said all at once and were talking to themselves 2025-03-12 14:36:13 i can also formulate "TSC: Rules off engagement" if gitlab is buggy 2025-03-12 14:36:20 vkrishn: yes that makes sense, I only meant yesterday that by participating in some of the current maintenance workflow you might be better able to emphasize that difference. 2025-03-12 14:37:12 gitlab is not buggy? you know that comments happen in threads, right? https://docs.gitlab.com/user/discussions/ 2025-03-12 14:38:17 yes, but if you reply , new reply btn should be on it, so that sub-reply can be a hierarchy 2025-03-12 14:39:00 but if 2 reply happens on same orig posts, the replay field is in the end 2025-03-12 14:41:23 which means, the 2nd replier has to wait(rules of enagement) 2025-03-12 14:41:40 reading the docs now 2025-03-12 14:43:05 or I can leave the page unlocked for 12hrs, get reply, lock it, do my reply, unlock 2025-03-12 14:43:20 cycle repeat 2025-03-12 14:43:42 but need privilege to do locking/unlocking 2025-03-12 14:48:51 just fun, but why use "hearts up" instead 'thumbs up', sounded like social forum (no hard feelings as its a feature) 2025-03-12 14:52:28 Formulated rules like these, will always feel like an 'outsider thing', it cannot have partialiaty in it 2025-03-12 14:53:20 fight it at its tech point 2025-03-12 14:53:43 partiality^ 2025-03-12 14:56:36 its targetted towards a running system, not one person 2025-03-12 15:00:04 if AL survives the next generation(AI infested era) in its principals, your kids would thank you 2025-03-12 15:07:52 vkrishn: my suggestion would be to focus (constrain) what you're proposing to things you've worked out some basic concept how it would be implemented (with gitlab or a tool, that ideally adds no additional steps to what everyone is currently doing). cut out everything else (or set it aside for later) 2025-03-12 15:08:51 this process is about getting buy-in from others 2025-03-12 15:09:39 i could be wrong, but anything that drastically changes -- or adds steps to -- what everyone currently does, is likely to face a bunch of resistance 2025-03-12 15:12:19 why does Formulated rules always look like corporate/business :), coz they are never implemented at lower level, need costs to do it 2025-03-12 15:12:44 the reasons don't matter. it's your job to figure out how to get the buy-in, that's all i'm saying 2025-03-12 15:14:11 if enough people are giving you a clear negative signal on something, you need to rework it or maybe cut it out. 2025-03-12 15:17:17 tech feasibility or not, I am open to ikke's suggestions, can only suggest when tools have been selected, based on available funds 2025-03-12 15:19:18 there are enough tools. it's probably more about "how would $foo be done with the tools we already have" 2025-03-12 15:21:08 if you can answer that question on each point of what you're proposing, and it doesn't much impact what people are currently doing, you'll probably face less resistance 2025-03-12 15:21:11 can you pick one small $foo and its tools if possible, let me think on it 2025-03-12 15:22:08 meaning answer with tech codes/implimented details? 2025-03-12 15:23:42 just start with gitlab. for example: https://gitlab.alpinelinux.org/alpine/infra/aports-testing-ttl 2025-03-12 15:24:08 that part is already in effect with TSC #2 2025-03-12 15:24:13 look at past issues and how the team has solved them in the past 2025-03-12 15:24:26 wait, sorry, let me check 2025-03-12 15:25:02 yup 2025-03-12 15:25:59 Ftr, it's not in effect yet 2025-03-12 15:27:26 yes, thanks need to know, but that is not something new added in 2025-03-12 15:33:50 ikke: just pick any contigous part and say - feasible or not feasible 2025-03-12 15:34:14 will start on it 2025-03-12 15:35:09 but then i think core TSC team has to ad-hoc pass it first 2025-03-12 15:46:34 most people (i assume) prefer to see code. like: "here's a subset of these initial ideas, and here's a script that implements & automates those". even if you do that (as you can see with the link i sent) it will take time to be accepted and then made active 2025-03-12 15:47:47 even then some may want stuff taken out... 2025-03-12 15:48:37 yes, that second part is what is closer to #93:) 2025-03-12 15:48:47 AH! 2025-03-12 15:50:23 so just... mentally: think about how each thing works, with code, and what you're asking of people who are already used to working the current way. summarize succinctly how this helps anything, and be clear about how it would change how people currently work (if it does) 2025-03-12 15:50:52 right or wrong, people get annoyed by big proposals, especially when there's no code 2025-03-12 15:53:14 summarize it, will do, just need to pick aleady replied into one section 2025-03-12 15:54:05 already^ 2025-03-12 15:55:34 will do in context of current running infra 2025-03-12 15:56:33 ikke: would need just small info helps, was thinking to put in https://gitlab.alpinelinux.org/alpine/tsc/-/issues/82, but ask here if ok? 2025-03-12 16:02:56 I don't think rehashing issue 93 in issue 82 is the way to go. 82 is focused on finding a technical solution to our build infrastructure, 93 is more documentation/process oriented. 2025-03-12 16:03:16 thanks for trying algitbot 2025-03-12 16:04:35 no, was going to ask to give a rough diagramatic sketch (nothing fancy) of current infra 2025-03-12 16:04:58 current bump codes that maintainers use 2025-03-12 16:07:02 I don't believe we currently have any topology diagrams that are accessible generally. But I can speak somewhat to the infrastructure, what do you want to know? 2025-03-12 16:07:58 yes, its probably need to be done. Void linux has a webpage like that 2025-03-12 16:08:18 but just rough sketch 2025-03-12 16:09:01 i need to understand the IO flow mostly, thats all 2025-03-12 16:09:47 I think i mentioned it here, before 2025-03-12 16:10:16 yes, when i asked for signed key-flow 2025-03-12 16:11:37 gtg, need to check on my other router, seems not ok, will check logs for link 2025-03-12 16:12:12 we're currently migrating away from Equinix metal, so our infra is in flux currently. 2025-03-12 16:13:10 anyways, since you'll check the logs and see this, I'll continue 2025-03-12 16:14:04 Someone makes an MR making a change to an aport, this could be anything from a new package to a metadata change. Lets say I need to upgrade sbcl from 2.5.1 to 2.5.2 2025-03-12 16:14:34 I'd bump pkgver in the APKBUILD in my MR, it would then queue up a series of CI jobs across all the enabled cpu arches supported by that package, build it and test it 2025-03-12 16:15:19 then someone with developer access would come along and review the MR, this would be folks like fossdd[m], they'd let me know if I made a mistake or did something incorrectly, advise on best practice 2025-03-12 16:15:48 once ready, the MR would be merged. Only a few key folks have merge access. Those people are vetted before they get this level of access. 2025-03-12 16:16:11 Once the MR is merged it is queued to the builders via an MQTT pub/sub broker. 2025-03-12 16:16:43 When the builder sees a new package is available it attempts to build it, upon success it signs and publishes the built artifact using rsync. 2025-03-12 16:17:24 https://build.alpinelinux.org/ <- you can watch that process here if you'd like 2025-03-12 16:18:06 and if you happen to know the name/version of a package, what repo it comes from, and what version of Alpine it's being built for you can see the log from the build process 2025-03-12 16:18:08 https://build.alpinelinux.org/buildlogs/build-3-21-x86_64/community/woodpecker/woodpecker-2.8.0-r2.log 2025-03-12 16:18:48 this information is accessible via the MQTT broker, you can sub to it if you'd like and watch the build process. 2025-03-12 16:19:35 ftr, #alpine-infra is not the best channel for these discussions 2025-03-12 16:21:08 that's an extremely valid point, this would be better in #-linux or #-devel since we're only tangentially talking about infrastructure here. Normally people would field "how does this work" questions there. 2025-03-12 16:23:51 sorry for the noise ikke, if anything else comes up and I'm around I'll try to redirect it elsewhere. 2025-03-12 17:28:51 durrendal: thanks, will chew on it 2025-03-12 17:29:27 btw the way, try a analytics done from MQTT , https://b.infosight.in/alpine 2025-03-12 17:31:06 after password input, re-hit on the url input area 2025-03-12 17:31:59 open->mqtt build edge 2025-03-12 23:25:10 ikke: there are not, as far as i can tell, any bang-bang ways to convert antora playbooks to mkdocs. 2025-03-12 23:25:44 minor styling issues aside, i don't think it would be a lot of work to convert them manually, and i can do that. 2025-03-12 23:26:22 but i'll hold off on that for now, let me know what you want to be done 2025-03-12 23:28:44 my opinion is that mkdocs would probably be easier to own. but i'm not a tech writer. 2025-03-13 16:14:58 totally non-urgent question, can someone confirm whether a certain ip address was caught in filtering for gitlab.a.o? did some troubleshooting on my connection issue, think might have accidentally gotten an ip rate-limited early on and hadn't realised 2025-03-13 16:16:49 mio: can you DM the address? 2025-03-13 16:19:01 dm-ed ... found a workaround to the load delay was seeing earlier, but would be good to know for future reference 2025-03-13 16:27:22 issue resolved over dm, thanks ikke 2025-03-13 17:14:53 ikke: speaking of rate limiting and mio's connection, had a couple of questions spring to mind while mio and I were troubleshooting their connection issues yesterday. Is gitlab on k0s now? Do we have a dualstack ipv4/v6 load balancer in front of it, and do is the VPC network also dualstack? All just curiosity on my part. 2025-03-13 17:15:27 No, gitlab is still runing in docker 2025-03-13 17:15:38 No VPC or anything, just plain connectivity 2025-03-13 17:17:55 Ah so our AAAA points directly to the server running the gitlab container then, that makes sense. 2025-03-13 17:18:23 It points directly to the ip address of the reverse proxy even ;-) 2025-03-13 17:18:31 (traefik container) 2025-03-13 17:20:11 haha of course, that makes a lot more sense :) 2025-03-14 10:31:19 Hmm.. 2025-03-14 11:37:25 bots? 2025-03-14 11:38:07 Yes, most likely 2025-03-14 11:38:19 But all coming from different IPs 2025-03-14 11:38:29 max 2 requests per IP 2025-03-14 17:24:03 This must be some crazy botnet 2025-03-14 17:42:12 I've seen some mentions of LLM scraping getting worse 2025-03-14 17:56:49 Yeah, but this seems like someone is purchasing botnets for scraping 2025-03-14 20:32:00 ikke: why does it return 502? 2025-03-14 20:32:36 just now the cpu load was not that high 2025-03-14 20:32:46 Because the workers are busy 2025-03-14 20:34:22 I've been rate limiting quite some subnets already 2025-03-14 20:35:21 should we try to put cloudflare in front if it? 2025-03-14 20:35:27 or wouldnt that matter 2025-03-14 20:37:49 It wouldn't be transparent (ie, getting "Verifying you're a human preloaders") 2025-03-14 23:19:42 The gnome gitlab has added something against AI scrapers. Is that something that could be used? 2025-03-15 03:59:05 sertonix[m]: reference? 2025-03-15 03:59:31 I guess I saw it, some javascript 2025-03-15 07:43:34 ikke: Yes. If you are fast enough (or the browser is slow enough) you get to this link: https://xeiaso.net/blog/2025/anubis/ 2025-03-15 15:21:17 unfortunate it's come to that. (which consequently prevents simple browsers/browsing without js -- ie even if that is a small % of users, it's collateral damage) 2025-03-15 15:59:51 When you change your user agent to not contain "Mozilla" anubis would let you pass without needing js. 2025-03-15 16:30:11 really? i think gnome infra itself has some heavy limitations on user agents (has to be the latest chrome etc) but didnt think that anubis itself would restrict that 2025-03-15 16:32:50 anubis doesn't restrict user agents. If you want to know how it works just read the blog post I linked 2025-03-15 17:28:53 seems like an obvious hole, which assumes people working on the crawlers won't read the same blog post 2025-03-15 17:32:33 it's been ~14 years since i've written a crawler (i did write one that successfully crawled over a billion pages), but then again i wrote one that respected robots.txt. the ai crawlers don't respect boundaries, and i assume they'd quite readily switch user agent if they knew. 2025-03-15 17:44:57 I wonder if it works in this case though 2025-03-15 17:45:03 single page requests from arbitrary IPs 2025-03-15 21:07:30 The blog post mentions that the AI crawlers need to look like a browser to get around normal bot protections. Which means that they probably wouldn't switch user agents just cause of anubis. 2025-03-16 06:55:53 sertonix[m]: looks like gnome badly configured their anubis deployment 2025-03-16 06:56:05 Either that or I'm apparently an AI bot 2025-03-16 06:57:15 I saw anubis being used in other git instances too 2025-03-16 06:57:59 invoked: yeah there's colateral damage of using Anubis.. but if it's just for the gitlab there shouldn't be any colateral damage at all .. because gitlab requires JS anyway 2025-03-16 14:42:44 3.21 armv7 builder has been on php84-pecl-imagick-3.8.0_rc2-r0 for 10+ hours, looks like the build might be stuck 2025-03-16 15:32:05 f_: true. i was making commentary on how this is an arms race. to quote the post: "This is a tradeoff that I am not happy about, but it is the world we live in now." 2025-03-17 07:25:52 it seems like edge/community packages do not get propagated: last is go 1.24.1-r0 update yesterday 1pm 2025-03-17 07:55:11 macmpi: builders are stuck building rebuilding go packages 2025-03-17 07:56:10 https://build.alpinelinux.org 2025-03-17 08:03:50 already built packages are not available in community repo (but are in main): https://pkgs.alpinelinux.org/packages?name=&branch=edge&repo=community&arch=x86_64&origin=&flagged=&maintainer= 2025-03-17 08:07:17 It only uploads packages after the whole repo is completely built for consistency 2025-03-17 08:38:21 ok, thanks 2025-03-17 15:27:36 we are running out of diskspace on build-edge-aarch64 2025-03-17 15:28:57 the machine has a 2TB nvme, right? I wonder if we should replace it with a 4TB 2025-03-17 15:41:08 I was thinking something similar 2025-03-17 15:41:48 s390x iirc is also very constrained 2025-03-17 16:08:45 are you talking physical nvme drives or vm slice? if physical, beware those qlc drives 2025-03-17 16:11:46 physical 2025-03-17 16:35:17 ok. yes, i urge you to hard pass any and all qlc devices. absolute rubbish 2025-03-17 16:35:39 even if they're free, more trouble than they are worth for write-heavy anything 2025-03-17 16:41:09 We do have some funds now, so we do not need to cheap out 2025-03-17 17:11:48 at 4tb density in a single m2 i think the good options are rather limited (mainly like samsung 990 pro, which are just okay in terms of endurance, but substantially better than any qlc) 2025-03-17 17:12:24 if you have multiple m2s, or u2s, then your options open up 2025-03-17 17:14:44 (also pci, of course) 2025-03-17 17:17:58 i recently stuck a few samsung 990 pros in my personal machines. i've not used the samsung ssds prior to this. they seem to be decent... but my write load is well below that of a builder. 2025-03-18 01:43:23 edge s390x builder looks to be low on disk space, `mkdir: can't create directory '/home/buildozer/aports/testing/lomiri-indicator-location/src': No space left on device` 2025-03-18 07:46:07 mio: I have cleaned it up a bit now 2025-03-18 07:55:08 ncopa: i cleaned it up yesterday as well 2025-03-18 07:57:00 we should probably delete some of the older versions 2025-03-18 11:49:17 this is waiting for available runners. https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/361 2025-03-18 11:49:49 we have had various providers offered CI power. are there any of them we could accept and add CI runners sooner than later? 2025-03-18 12:00:24 We are in contact with some, though, we have been focussing first on getting T1 mirror servers 2025-03-18 13:03:38 ncopa: thanks! 2025-03-23 19:24:25 not sure why, but i can't write to dev.a.o/archive/ncftp/ 2025-03-23 19:24:41 the permissions seem alright (g+w, and i'm in the correct group) 2025-03-23 19:25:15 actually no 2025-03-23 19:25:20 it doesn't have g+w on the directory 2025-03-23 19:25:45 well, it's nothing urgent 2025-03-23 19:36:16 ptrc: fixed 2025-03-23 19:36:27 thanks! 2025-03-23 19:37:50 fwiw, i guess all directories should have group write permissions, in case another dev needs to place an archive/patch there 2025-03-23 19:38:47 fixed 2025-03-24 12:54:53 could someone maybe check on the edge armhf builder to see if py3-pebble is progressing? it looks to be hanging, it's been over 10 h 2025-03-24 12:57:46 thanks 2025-03-24 16:37:57 mio: I restarted build-edge-armhf 2025-03-24 16:38:15 it appeared to be deadlocked in the pebble testsuite 2025-03-24 16:38:46 ncopa: I've received details for 1 (of 4 to come) VMs for CI 2025-03-24 17:09:42 ncopa: thanks! 2025-03-24 18:15:50 ncopa: I've added a new x86_64 CI runner now 2025-03-25 10:08:02 awesome! thanks ikke! 2025-03-25 15:42:17 Could dev.alpinelinux.org perhaps get some extra storage? It currently only has 3.1G available, sadly not enough for the full source of a package I'm making 2025-03-26 13:43:56 would you like to have a bigger storage medium for che-bld-1? i see a lot of 95%+ used alerts 2025-03-26 15:02:08 yeah, I think thats a good idea. Not sure what ikke and clandmeter thinks 2025-03-26 16:07:11 ncopa: I think it's a good idea as well. I was thinking we might be able to use the opencollective funds for that 2025-03-26 16:57:22 +1 2025-03-26 17:16:40 yeah 2025-03-26 17:19:16 nu_: see if you find a good 4TB nvme. you can expense it to our opencollective 2025-03-26 18:47:21 The joys of OpenCollective :) 2025-03-27 16:40:47 durrendal: We will be receiving quite some infra structue in the coming time, which needs to be installed. We were thinking about starting to use Ansible to automate it 2025-03-27 16:42:17 One question we need to answer is what execution model for ansible we will use 2025-03-27 16:55:53 ikke: ooh exciting! There's a few different ways to go about it that's for sure. You could pre-seed ansible playbooks using cloud init, git clone them and then execute them that way. Or you could seed them through terraform (maybe opentofu?) and execute them from a controlling system or directly on the system. If you could assume SSH access to a system you could tie it into CI 2025-03-27 16:55:55 and ssh into the system to apply the playbook. Probably so many more 2025-03-27 16:56:50 I have to step off for a work meeting, but I'm super curious to hear your thoughts 2025-03-27 17:03:10 I'd like to start small, first focussing on those new systems. We cannot rely on a single automation system since we work with many vendors. We could perhaps use netbox for the inventory, but I wouldn't mind manually keeping track of the inventory either 2025-03-27 17:17:22 One thing I saw is that you also have a pull base workflow 2025-03-27 18:21:58 ikke: a pull model is an interesting idea, then each node would essentially manage itself. Maybe a base image could be made that self bootstraps and then clones a repo, applies the state from it 2025-03-27 18:22:35 though I'm assuming a lot about initial configuration, dunno if these are servers that already have alpine installed ot them and then we just get our ssh key distributed to them? 2025-03-27 18:23:05 durrendal: Not necessarily 2025-03-27 18:23:33 We received 4 VMs for CI this week that we needed to do the installation on 2025-03-27 18:27:01 Oh excellent so a custom ISO could be an option. Or maybe an initial push bases playbook that sets up pull based state orchestration 2025-03-27 18:27:45 yeah, was thinking about the latter 2025-03-27 18:29:01 It would keep things unified. Simple. All that we'd to ensure is a base install, ssh key access, and that python was installed. Easy stuff 2025-03-28 07:31:01 durrendal: thanks for thinking with us. Maybe we could plan a meeting just to sync ideas. I have a bit more time the coming weeks. ok with you ikke? 2025-03-28 11:21:53 clandmeter: fine with me 2025-03-28 11:29:58 I'm testing having gitlab-runners in a kubernetes cluster 2025-03-28 11:31:50 sadly kubernetes does not support image platforms (when using manifest images) to download a different arch image 2025-03-28 11:31:56 so we have to rely on dedicated tagged images 2025-03-28 11:57:09 https://gitlab.alpinelinux.org/alpine/aports/-/jobs/1786470 has been waiting a while for a risc-v runner. I think I should set up another one. I have a p550 under my desk 2025-03-28 11:57:24 or I could setup a couple on scaleway 2025-03-28 11:58:03 I see that nld-bld-2 is unreachable 2025-03-28 11:58:45 fyi, there are MRs with some large builds running 2025-03-28 11:59:12 s390x is also pending 2025-03-28 11:59:19 yeah 2025-03-28 11:59:25 now sure what we can do about s390x 2025-03-28 11:59:34 https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/82026 has been running for 13 hours 2025-03-28 11:59:35 would be nice with another runner 2025-03-28 12:00:01 maybe that could've been split in multiple MRs 2025-03-28 12:00:42 i suppose my push of icu-76 rebuilds didnt help 2025-03-28 12:00:59 chromium, firefox, libreoffice etc 2025-03-28 12:01:13 and 3 copies of webkit 2025-03-28 12:03:46 ikke: did you have the docs to set up a new runner somewhere? 2025-03-28 12:14:39 i think i found it. the setup-runners.sh script 2025-03-28 12:23:46 but im holding it wrong 2025-03-28 12:23:51 curl: (22) The requested URL returned error: 401 2025-03-28 12:23:51 ERROR: could not create runner 2025-03-28 12:39:51 clandmeter: that sounds like a great idea to me. I think the only blocking item I have on my calendar is travel for a wedding next month, but I'd rather relay the specifics on that privately. 2025-03-28 15:46:32 git branch 2025-03-28 17:47:32 Ah, so that's why riscv64 pipelines are queuing up 2025-03-28 17:48:43 ncopa: curious, I'm using it constantly without issue. Did you use a personal access token with the create runner scope? 2025-03-29 09:57:34 ncopa: I've added my banapi f3 2025-03-29 14:39:37 I've enabled a new gitlab-runner running on a kubernetes cluster for x86_64 now 2025-03-29 14:39:41 Let's see how it works 2025-03-29 14:44:46 \o/ cool addition! I assume that means light weight stuff like linting will just scale out across the kubernetes cluster 2025-03-29 14:46:52 durrendal: not yet, I'd need another tag for that, but can do that 2025-03-29 14:47:51 But I guess I need to tell kubernetes these jobs require less resources 2025-03-29 14:55:20 Ah so it's just to scale put jobs for a specific CPU architecture then? I think if the experiment works well it might be good to make the resource constraint changes, then you may even be able yo gate the creation of the actual build steps behind lint passing successfully 2025-03-29 14:56:40 We used to only run the build jobs after linting, but that was deemed too anoying 2025-03-29 14:57:09 Right now, I'm setting cpu / memory limits for the jobs, but these are quite large, which means only a limited amount of jobs per node can be executed 2025-03-29 14:57:39 I'm trying to figure out how to override it per job, but the documentation is hard to find 2025-03-29 14:58:45 Ah, here: https://docs.gitlab.com/runner/executors/kubernetes/#overwrite-container-resources 2025-03-29 15:03:19 Ah yeah I guess I can get that. And it ignores the very real scenario that the linting might falsely flag an issue. 2025-03-29 15:04:38 Per job limitations sound excellent addition though 2025-03-29 15:05:18 durrendal: linting is a warning anyway right now, so it would not prevent the pipeline from continuing 2025-03-29 15:10:26 Great point, and it really should be a warning anyways. 2025-03-29 15:11:09 do you have experience with kubernetes? 2025-03-29 15:14:45 https://gitlab.alpinelinux.org/alpine/aports/-/commit/69d3c798586b8a4253de010660dfdaef15e9d6c1 2025-03-29 15:26:33 Only in a homelab setting. I started experimenting with it when you mentioned you were testing k0s recently. 2025-03-29 15:26:54 ah ok 2025-03-29 15:27:16 What kind of specs do the systems running the kubernetes cluster have? 2025-03-29 15:27:38 The ones I've just talkes about: 48 cores, 128G memory :) 2025-03-29 15:27:53 It's one of those technologies I've been telling myself to learn for years and haven't had a good impetus until now 2025-03-29 15:27:54 They are qemu VMs, so no idea how fast the cores are 2025-03-29 15:28:13 Those are seriously nice specs though! All donated hosting? 2025-03-29 15:28:25 Yes 2025-03-29 15:29:39 I need to figure out how we want to manage the deployments for our clusters 2025-03-29 15:29:56 I do have a solid idea how to manage deployments themselves 2025-03-29 15:30:24