WEBVTT 1 00:01:16.250 --> 00:01:19.010 Ingolf Kuss: Alright, hello. 2 00:01:19.010 --> 00:01:20.240 Mahrad Zoonematkermani: So, how are you? 3 00:01:21.160 --> 00:01:22.590 Ingolf Kuss: Fine, thank you. 4 00:01:24.670 --> 00:01:25.860 Ingolf Kuss: And you're… 5 00:01:26.360 --> 00:01:27.350 Mahrad Zoonematkermani: Also fine. 6 00:01:27.350 --> 00:01:29.979 Ingolf Kuss: How many systems have you set up? 7 00:01:30.130 --> 00:01:43.070 Mahrad Zoonematkermani: Actually, I stopped exactly, at that step, like, I haven't refreshed it anymore, I'm just working on figuring out how to migrate, so… yeah. 8 00:01:43.070 --> 00:01:43.980 Ingolf Kuss: Oh, okay. 9 00:01:44.200 --> 00:01:48.549 Mahrad Zoonematkermani: Am I gonna have to 10 that? Okay, no, two more times. 10 00:01:48.960 --> 00:01:51.029 Mahrad Zoonematkermani: To be accurate, now I remember. 11 00:01:51.030 --> 00:01:51.939 Ingolf Kuss: You've set up to… 12 00:01:51.940 --> 00:01:52.600 Mahrad Zoonematkermani: Thanks. 13 00:01:53.290 --> 00:01:55.779 Ingolf Kuss: Two systems, and how many tenants? 14 00:01:56.320 --> 00:01:59.099 Mahrad Zoonematkermani: Oh, just one tenant for the moment, so… 15 00:01:59.610 --> 00:02:06.069 Mahrad Zoonematkermani: I keep removing and installing the same thing, by now, it's become… 16 00:02:06.540 --> 00:02:08.759 Mahrad Zoonematkermani: Easier to go through all these steps. 17 00:02:10.340 --> 00:02:10.710 Ingolf Kuss: Oh. 18 00:02:10.710 --> 00:02:17.789 Mahrad Zoonematkermani: Because I know what the tricks are, and how long to wait for what, or rather, for what to wait before I go to the next step. 19 00:02:24.540 --> 00:02:28.099 Ingolf Kuss: I have also made some progress with my installation. 20 00:02:28.100 --> 00:02:29.529 Mahrad Zoonematkermani: Glad to hear. 21 00:02:30.340 --> 00:02:35.229 Ingolf Kuss: And, it's the most, 22 00:02:36.200 --> 00:02:42.739 Ingolf Kuss: Reason was, that I had artifacts from old installations. This is why it didn't work. 23 00:02:42.740 --> 00:02:46.489 Mahrad Zoonematkermani: So glad to hear that the cleanup worked. 24 00:02:46.490 --> 00:02:47.210 Ingolf Kuss: Oh. 25 00:02:47.250 --> 00:02:47.920 Mahrad Zoonematkermani: Nope. 26 00:02:48.900 --> 00:02:50.420 Ingolf Kuss: Hello, Florian. 27 00:02:50.990 --> 00:02:54.369 Ingolf Kuss: So I found out I had an old installation of 28 00:02:55.460 --> 00:03:02.559 Ingolf Kuss: Some platform snapshot, and this has been, had been entitled, and 29 00:03:03.540 --> 00:03:05.989 Ingolf Kuss: It was still in the discovery. 30 00:03:06.190 --> 00:03:08.580 Ingolf Kuss: Didn't delete it from the discovery. 31 00:03:08.840 --> 00:03:13.509 Ingolf Kuss: And this was… is a problem for Kong. Kong wasn't able to do the routing. 32 00:03:13.740 --> 00:03:18.210 Ingolf Kuss: I found out after many, many hours of research, Kong did not… 33 00:03:18.320 --> 00:03:26.970 Ingolf Kuss: route to the module, because it had two modules in its discovery. And I think this is exactly the problem with the GBV reports. 34 00:03:27.990 --> 00:03:30.990 Ingolf Kuss: we gard. 35 00:03:31.680 --> 00:03:34.310 Ingolf Kuss: with GBV reports. 36 00:03:34.460 --> 00:03:37.470 Ingolf Kuss: That, you cannot have two modules. 37 00:03:37.640 --> 00:03:40.189 Ingolf Kuss: with different versions in Kong. 38 00:03:40.570 --> 00:03:42.520 Florian Kreft (LRZ): Yeah, for the same interface. 39 00:03:43.560 --> 00:03:45.720 Florian Kreft (LRZ): Or what's the problem? So you cannot… 40 00:03:45.720 --> 00:03:53.910 Ingolf Kuss: all. You cannot… in my case, you couldn't have them in the discovery. If you can't have them in the discovery, you can't have them at all. 41 00:03:54.310 --> 00:03:54.820 Ingolf Kuss: You know? 42 00:03:54.820 --> 00:04:07.079 Florian Kreft (LRZ): That's interesting. So, because in the discovery, there's, like, we've actually looked at this today, there's actually the full module ID that's responsible for, like, a specific path. 43 00:04:07.310 --> 00:04:14.820 Florian Kreft (LRZ): But… If not even different versions are possible, yeah, that's definitely a problem. 44 00:04:16.019 --> 00:04:18.729 Ingolf Kuss: Right, and yeah, this, this was a… 45 00:04:19.019 --> 00:04:22.439 Florian Kreft (LRZ): So you had to delete that, and then… 46 00:04:22.440 --> 00:04:28.620 Ingolf Kuss: delete, I had to delete an old discovery, and then it was not a problem with 47 00:04:29.500 --> 00:04:40.740 Ingolf Kuss: It takes a long time to find out. It was not a problem with resources, it was not a problem with mod data export, it was not a problem with mod configuration, it was, in the end, a problem with Kong routing. 48 00:04:41.530 --> 00:04:43.280 Ingolf Kuss: Kong then finds a module. 49 00:04:43.510 --> 00:04:44.050 Florian Kreft (LRZ): Yep. 50 00:04:44.820 --> 00:04:48.230 Ingolf Kuss: And I had some more little things. 51 00:04:50.050 --> 00:04:54.270 Ingolf Kuss: We needed to add one more environment variable, which I have never heard of. 52 00:04:55.160 --> 00:04:56.950 Ingolf Kuss: Maybe you have heard of it. 53 00:04:57.300 --> 00:04:58.470 Ingolf Kuss: And look it up. 54 00:05:00.560 --> 00:05:02.259 Ingolf Kuss: So it's, you know… 55 00:05:12.120 --> 00:05:14.210 Ingolf Kuss: It's already so long ago… 56 00:05:18.750 --> 00:05:21.150 Ingolf Kuss: First of all, for mod search. 57 00:05:21.640 --> 00:05:25.079 Ingolf Kuss: You have to add, of course, the elastic search variables. 58 00:05:25.800 --> 00:05:29.510 Ingolf Kuss: But this is not the problem with, entitlement. 59 00:05:32.710 --> 00:05:40.500 Florian Kreft (LRZ): I mean, it could be a problem with entitlement, right? Because the module tries to probably access open such in the moment of entitlement? 60 00:05:41.990 --> 00:05:46.900 Florian Kreft (LRZ): I'm not sure. But it could actually be a problem during entitlement already. 61 00:05:47.570 --> 00:05:52.760 Mahrad Zoonematkermani: One question is, do you create the user for mod search 62 00:05:53.460 --> 00:05:57.740 Mahrad Zoonematkermani: Before the entitlement, or does it create it for you automatically? 63 00:05:57.740 --> 00:05:59.550 Ingolf Kuss: It creates them in the entitlement. 64 00:06:00.070 --> 00:06:04.990 Mahrad Zoonematkermani: The weird part is it didn't do it for me, so I had to do it manually. 65 00:06:04.990 --> 00:06:11.940 Ingolf Kuss: I'm not sure about mod search, but what I did was mod configuration. It doesn't even have system. 66 00:06:11.940 --> 00:06:14.349 Mahrad Zoonematkermani: No, no, it doesn't have it for me either, so… 67 00:06:14.350 --> 00:06:17.869 Ingolf Kuss: But I did create them, I'm not sure if I had to create them. 68 00:06:18.020 --> 00:06:22.989 Ingolf Kuss: But I still have the impression, after I created it, It went better. 69 00:06:24.220 --> 00:06:32.180 Mahrad Zoonematkermani: Then it might be that that's something I have to do or figure out, because for mod search… 70 00:06:32.990 --> 00:06:35.549 Mahrad Zoonematkermani: I had to create the user manually. 71 00:06:36.010 --> 00:06:41.140 Mahrad Zoonematkermani: And also in the vault, do you create the secrets by hand, or do they get created? 72 00:06:41.350 --> 00:06:44.640 Ingolf Kuss: Usually, Marat, it works automatically. You. 73 00:06:44.640 --> 00:06:46.690 Mahrad Zoonematkermani: That also doesn't work for us. 74 00:06:48.180 --> 00:06:56.799 Mahrad Zoonematkermani: For me, it complains, like, it complains that, tenant name-application doesn't exist in Vault. 75 00:06:57.450 --> 00:06:59.759 Mahrad Zoonematkermani: Or it complains that… 76 00:06:59.760 --> 00:07:00.440 Ingolf Kuss: blamed. 77 00:07:01.270 --> 00:07:04.460 Mahrad Zoonematkermani: Let's say your tenant name is, 78 00:07:04.800 --> 00:07:11.789 Mahrad Zoonematkermani: DQU, D-I-K-U dash application, secret doesn't exist. 79 00:07:11.790 --> 00:07:12.420 Ingolf Kuss: Oh, I have to… 80 00:07:12.420 --> 00:07:14.029 Mahrad Zoonematkermani: Create that manually. 81 00:07:14.030 --> 00:07:20.100 Ingolf Kuss: I have to look this up. Maybe you have to create it in Vault, but you don't have to create it in Geeklog. 82 00:07:20.300 --> 00:07:23.240 Mahrad Zoonematkermani: No, no, no, not Key Cloak, involved. Like… 83 00:07:23.240 --> 00:07:25.830 Ingolf Kuss: Yeah. 84 00:07:26.320 --> 00:07:35.379 Mahrad Zoonematkermani: involved for, for example, DIKU-application, do you have a secret key called mod search? 85 00:07:35.780 --> 00:07:39.289 Mahrad Zoonematkermani: Because that's a manual step that… yeah. 86 00:07:41.170 --> 00:07:42.710 Ingolf Kuss: I have to look it up. 87 00:07:43.000 --> 00:07:46.939 Mahrad Zoonematkermani: Oh yeah, but I also had to create the KeyCloak user manually. 88 00:07:47.040 --> 00:07:52.800 Mahrad Zoonematkermani: So I had to have the secret and create the user manually, so I'm probably… Something wrong. 89 00:07:52.800 --> 00:07:57.359 Ingolf Kuss: You can do this, but… As I said, you shouldn't have to do this. 90 00:07:57.930 --> 00:08:01.580 Ingolf Kuss: See involved. 91 00:08:11.290 --> 00:08:14.050 Ingolf Kuss: Yeah, you have to create a vault structure. 92 00:08:17.670 --> 00:08:20.169 Ingolf Kuss: You have to create void secrets. 93 00:08:20.170 --> 00:08:23.760 Mahrad Zoonematkermani: Okay, that's good to know. So, I'm not the only one, then. 94 00:08:26.090 --> 00:08:27.910 Ingolf Kuss: Can you do a screen sharing. 95 00:08:29.060 --> 00:08:33.110 Ingolf Kuss: It's becoming chaotic, sorry. Hello, Shelly! 96 00:08:35.490 --> 00:08:36.059 Florian Kreft (LRZ): Nope. 97 00:08:36.450 --> 00:08:37.049 Shelley Doljack: I agree. 98 00:08:37.059 --> 00:08:37.699 Mahrad Zoonematkermani: Lee. 99 00:08:43.960 --> 00:08:44.929 Ingolf Kuss: What login? 100 00:08:47.480 --> 00:08:51.380 Ingolf Kuss: In what… I think involved. 101 00:08:56.830 --> 00:09:05.159 Ingolf Kuss: Create this… So, involved, you have to… Do secrets… 102 00:09:07.420 --> 00:09:11.689 Ingolf Kuss: secret, and then this path you have to create. That's the… 103 00:09:13.590 --> 00:09:18.240 Mahrad Zoonematkermani: How about the secrets underneath it? If you don't mind, please click through. 104 00:09:18.240 --> 00:09:22.750 Ingolf Kuss: Yeah, these are the sick… I don't know where… I don't know where Eureka testing comes from, actually. 105 00:09:22.750 --> 00:09:24.999 Mahrad Zoonematkermani: That would be your environment name. 106 00:09:26.240 --> 00:09:28.450 Ingolf Kuss: It's not the namespace, yeah, it's environment. 107 00:09:28.450 --> 00:09:29.700 Mahrad Zoonematkermani: Yeah, that's the end. 108 00:09:30.590 --> 00:09:34.910 Ingolf Kuss: Environment, yes, environment, right, the A and V, the N variable, yes. 109 00:09:34.910 --> 00:09:35.410 Mahrad Zoonematkermani: Exactly. 110 00:09:35.410 --> 00:09:38.740 Ingolf Kuss: And then for each tenant, you have to create a subpar, and. 111 00:09:38.740 --> 00:09:39.680 Mahrad Zoonematkermani: Exactly. 112 00:09:39.680 --> 00:09:43.850 Ingolf Kuss: for each… I think I created those myself, but I'm not. 113 00:09:43.850 --> 00:09:48.420 Mahrad Zoonematkermani: Okay, that was exactly my question, because I had to create… yes? 114 00:09:48.900 --> 00:09:50.300 Shelley Doljack: What's the question? What do you. 115 00:09:50.300 --> 00:09:53.670 Mahrad Zoonematkermani: My point was, do I have to create these secrets by hand? 116 00:09:54.390 --> 00:09:55.920 Shelley Doljack: Which ones? 117 00:09:56.140 --> 00:09:57.010 Ingolf Kuss: Vault secret. 118 00:09:57.010 --> 00:10:05.150 Mahrad Zoonematkermani: For example, in this scenario, DIKU-application. Also not C… no? 119 00:10:06.230 --> 00:10:10.340 Shelley Doljack: No, you should not have to create… Those by hand. 120 00:10:10.620 --> 00:10:12.150 Mahrad Zoonematkermani: That… then that's a problem. 121 00:10:12.150 --> 00:10:15.489 Shelley Doljack: Not… not the Dash application one, let me… 122 00:10:15.490 --> 00:10:16.859 Ingolf Kuss: I didn't buy that. 123 00:10:16.860 --> 00:10:23.960 Mahrad Zoonematkermani: during entitlement, like, in here it will be, HPZ test that application, yep. 124 00:10:24.260 --> 00:10:28.769 Mahrad Zoonematkermani: So, that's what complained on my side, and I had to do it manually. 125 00:10:29.350 --> 00:10:30.420 Shelley Doljack: Yeah… 126 00:10:30.770 --> 00:10:31.240 Ingolf Kuss: Don't know. 127 00:10:31.240 --> 00:10:32.139 Mahrad Zoonematkermani: And what I did it. 128 00:10:32.140 --> 00:10:40.120 Shelley Doljack: If you had to do it manually, then something wasn't set up right. Let's see, the only secrets you need to create… 129 00:10:41.860 --> 00:10:43.139 Mahrad Zoonematkermani: Are the master ones. 130 00:10:43.300 --> 00:10:44.560 Shelley Doljack: Are the master ones. 131 00:10:44.560 --> 00:10:45.760 Mahrad Zoonematkermani: Okay, so… 132 00:10:45.760 --> 00:10:51.550 Shelley Doljack: When you entitle everything, it should create them, what it needs to create. 133 00:10:51.960 --> 00:10:55.570 Shelley Doljack: If you have to go in and create a secret here, 134 00:10:55.570 --> 00:10:55.920 Ingolf Kuss: What do you mean? 135 00:10:55.920 --> 00:10:58.870 Shelley Doljack: under your tenant, then something's not right. 136 00:10:58.870 --> 00:11:00.210 Mahrad Zoonematkermani: Yeah, now I have. 137 00:11:00.210 --> 00:11:00.829 Ingolf Kuss: Oh, thank you, girl. 138 00:11:00.830 --> 00:11:04.100 Mahrad Zoonematkermani: What? That's… that's good to know, but also… 139 00:11:04.100 --> 00:11:07.830 Ingolf Kuss: Oh yeah, you have to create folio backend admin client, yes. This is… 140 00:11:07.830 --> 00:11:09.239 Shelley Doljack: How many ones do you need to create? 141 00:11:09.240 --> 00:11:12.419 Mahrad Zoonematkermani: And the other three as well, but… Un… 142 00:11:12.420 --> 00:11:13.479 Ingolf Kuss: Yeah, yeah, it can be. 143 00:11:13.480 --> 00:11:14.049 Mahrad Zoonematkermani: I'm worried about… 144 00:11:14.050 --> 00:11:19.369 Ingolf Kuss: If Shelly says it's true, yes. Yeah, you have to create only these. Interesting, yeah, interesting. 145 00:11:19.390 --> 00:11:19.880 Mahrad Zoonematkermani: Oh, so… 146 00:11:19.880 --> 00:11:22.660 Shelley Doljack: We're in Prada right now. 147 00:11:22.830 --> 00:11:34.659 Mahrad Zoonematkermani: Okay. Interesting. So, I also had to manually go ahead and, create the mod search user the way we do for mod roles key cloak and mod user keycloak. 148 00:11:35.020 --> 00:11:36.100 Shelley Doljack: Huh. 149 00:11:36.100 --> 00:11:39.920 Mahrad Zoonematkermani: What's the step between, entitling 150 00:11:40.430 --> 00:11:43.940 Mahrad Zoonematkermani: Platform minimal and Platform Complete, right? 151 00:11:44.760 --> 00:11:47.180 Mahrad Zoonematkermani: I have to create these two users for… 152 00:11:47.180 --> 00:11:47.690 Ingolf Kuss: Yes. 153 00:11:47.690 --> 00:11:51.359 Mahrad Zoonematkermani: Mod roles key cloak and mod users key cloak. 154 00:11:51.570 --> 00:11:52.200 Shelley Doljack: No. 155 00:11:52.600 --> 00:11:53.280 Mahrad Zoonematkermani: Nope. 156 00:11:53.620 --> 00:11:54.050 Shelley Doljack: No. 157 00:11:54.050 --> 00:11:58.040 Mahrad Zoonematkermani: saw that in the documentation, also your documentation, that this was… 158 00:11:58.040 --> 00:12:03.120 Shelley Doljack: Wrong. Did we update that? We probably… we should have updated that. 159 00:12:03.120 --> 00:12:04.180 Mahrad Zoonematkermani: Okay. 160 00:12:04.790 --> 00:12:06.399 Mahrad Zoonematkermani: Don't have to do it anymore. 161 00:12:06.790 --> 00:12:11.980 Shelley Doljack: You… right, so… When you entitle at Platform Minimal. 162 00:12:12.350 --> 00:12:16.899 Shelley Doljack: the mod roles KeyCloak user is created. 163 00:12:16.900 --> 00:12:17.280 Mahrad Zoonematkermani: involved. 164 00:12:17.280 --> 00:12:19.399 Shelley Doljack: and in Key Cloak. 165 00:12:19.730 --> 00:12:20.530 Ingolf Kuss: Oh, and… 166 00:12:20.530 --> 00:12:28.600 Shelley Doljack: And then there's also, like, maybe another one, the… the tenant-system. 167 00:12:28.600 --> 00:12:28.920 Mahrad Zoonematkermani: Education. 168 00:12:28.920 --> 00:12:30.020 Shelley Doljack: or maybe? 169 00:12:30.390 --> 00:12:31.220 Mahrad Zoonematkermani: Okay, okay. 170 00:12:31.220 --> 00:12:41.759 Shelley Doljack: And then when you entitle, app platform complete. 171 00:12:43.890 --> 00:12:48.729 Mahrad Zoonematkermani: Together with, app acquisitions, apparently, because… 172 00:12:48.730 --> 00:12:50.339 Shelley Doljack: Yeah, correct. Yeah. 173 00:12:50.490 --> 00:12:51.670 Mahrad Zoonematkermani: It's a… Everything. 174 00:12:51.670 --> 00:12:57.470 Shelley Doljack: should… everything should be created in Vault and… in. 175 00:12:57.470 --> 00:12:58.450 Mahrad Zoonematkermani: Key Cloak. 176 00:12:58.770 --> 00:13:02.349 Shelley Doljack: You shouldn't have to go back in and create anything. 177 00:13:02.350 --> 00:13:02.960 Mahrad Zoonematkermani: and which. 178 00:13:02.960 --> 00:13:10.639 Shelley Doljack: And if you do, then you should go back and look at your deployment and make sure that anywhere it says… 179 00:13:10.930 --> 00:13:17.379 Shelley Doljack: System username enabled, or system user enabled should be false. 180 00:13:18.580 --> 00:13:20.880 Mahrad Zoonematkermani: Data have already been set to false. 181 00:13:21.310 --> 00:13:22.040 Shelley Doljack: Sorry, go ahead. 182 00:13:22.930 --> 00:13:30.730 Mahrad Zoonematkermani: Yeah, but that I already have false. The point is, maybe I'm setting the environment variable for vault somehow wrong, but… 183 00:13:31.050 --> 00:13:35.860 Mahrad Zoonematkermani: Probably not, because it can access it once it's already created. 184 00:13:36.160 --> 00:13:41.470 Shelley Doljack: There's… there's several permutations of this environment variable about 185 00:13:41.730 --> 00:13:45.480 Shelley Doljack: Folio system user, or system user? 186 00:13:45.940 --> 00:13:54.230 Shelley Doljack: And then there's also in the Java options for some modules, where you, pass in a flag. 187 00:13:54.530 --> 00:13:56.689 Shelley Doljack: System user enabled false. 188 00:13:57.220 --> 00:13:58.650 Shelley Doljack: I agree. 189 00:13:59.380 --> 00:14:00.890 Ingolf Kuss: Old credentials only have… 190 00:14:00.890 --> 00:14:08.849 Shelley Doljack: Only one. So what happens is if you don't… if it thinks that it needs to create a system user, 191 00:14:08.850 --> 00:14:27.800 Shelley Doljack: So, in Okapi-based environments, you had a system user for, like, mod search, and then it gets… it gets tripped up on the creden… the difference of the credentials, because it… it creates… the entitlement process creates new credentials in KeyCloak for the system users, but then you also have 192 00:14:27.800 --> 00:14:36.329 Shelley Doljack: like a credential in the Folio database under… mod… auth token schema, I think? 193 00:14:36.330 --> 00:14:37.210 Mahrad Zoonematkermani: Probably. 194 00:14:37.210 --> 00:14:38.760 Shelley Doljack: And so… 195 00:14:38.760 --> 00:14:40.209 Mahrad Zoonematkermani: I have to migrate those? 196 00:14:41.010 --> 00:14:42.080 Shelley Doljack: Say again? 197 00:14:42.080 --> 00:14:45.259 Mahrad Zoonematkermani: So you have to migrate those exact same secrets, right? 198 00:14:48.890 --> 00:14:50.210 Shelley Doljack: We've tried that. 199 00:14:50.600 --> 00:14:54.840 Shelley Doljack: We tried that, because we went down this path of, like, why is it… 200 00:14:56.160 --> 00:15:05.440 Shelley Doljack: why… why are… why is it complaining about a system user during entitlement? And then we went and we looked, and we saw, oh, well, we have these users, and… 201 00:15:05.620 --> 00:15:13.569 Shelley Doljack: But, the, the, user migration does not, migrate credentials. 202 00:15:14.220 --> 00:15:18.649 Shelley Doljack: So, you have to, recreate credentials. 203 00:15:18.810 --> 00:15:23.129 Shelley Doljack: Yourself, after the fact, for any users that… 204 00:15:23.700 --> 00:15:27.139 Shelley Doljack: I don't want to say the system users, I want to say, like. 205 00:15:27.300 --> 00:15:31.320 Shelley Doljack: like your, Edge module users. 206 00:15:33.070 --> 00:15:35.860 Shelley Doljack: You have to recreate those credentials. 207 00:15:36.020 --> 00:15:45.249 Shelley Doljack: By hand. Or you could script it or something. But, And then in my… 208 00:15:45.600 --> 00:15:51.079 Shelley Doljack: if you read my document, there's… we got tripped up with modpubSubSystemUser. That's, like, the. 209 00:15:51.080 --> 00:15:51.440 Mahrad Zoonematkermani: only. 210 00:15:51.440 --> 00:15:59.700 Shelley Doljack: That needs to… I don't know, maybe they'll fix it by the time you go to… . 211 00:15:59.960 --> 00:16:05.940 Mahrad Zoonematkermani: I did add something for it, let me see… Yep. 212 00:16:06.510 --> 00:16:10.100 Mahrad Zoonematkermani: Modules, values, pops up. 213 00:16:11.240 --> 00:16:23.410 Mahrad Zoonematkermani: Oh, extra and var secrets, mod pops up system user, so you have to also mount a secret. I guess I took this from you as well. So mine failed, and I was like… 214 00:16:23.560 --> 00:16:29.980 Mahrad Zoonematkermani: what do the colleagues at Stanford do? And it was like, yay, you have the solution, thank you. 215 00:16:32.200 --> 00:16:38.959 Mahrad Zoonematkermani: So yeah, that's what I did with that, but still, I don't know what I'm doing wrong that I have to… 216 00:16:40.600 --> 00:16:43.520 Mahrad Zoonematkermani: Create all of these secrets manually. 217 00:16:44.460 --> 00:16:46.560 Mahrad Zoonematkermani: And do I used to it? 218 00:16:46.760 --> 00:16:47.610 Mahrad Zoonematkermani: it's… 219 00:16:47.930 --> 00:16:54.669 Mahrad Zoonematkermani: probably not the right behavior. But at the same time, as soon as I create it, things start working. 220 00:16:54.790 --> 00:16:58.110 Mahrad Zoonematkermani: So that means my token is correct. 221 00:16:58.750 --> 00:17:03.720 Mahrad Zoonematkermani: It's just that some entity that needs to create these does not do it. 222 00:17:05.900 --> 00:17:13.740 Shelley Doljack: The sidecars… We add… 223 00:17:14.349 --> 00:17:19.249 Shelley Doljack: Secret store vault token and Secret Store Vault Address to the sidecars. 224 00:17:20.180 --> 00:17:30.529 Mahrad Zoonematkermani: I think my sidecars also have this. Quick question from Florian. This is in a production system, so I can't share everything about it, right? 225 00:17:30.950 --> 00:17:32.470 Florian Kreft (LRZ): Yeah, sure. 226 00:17:32.750 --> 00:17:33.279 Mahrad Zoonematkermani: Oh, okay. 227 00:17:33.280 --> 00:17:33.680 Florian Kreft (LRZ): Right? 228 00:17:33.680 --> 00:17:35.659 Mahrad Zoonematkermani: So, if you don't mind, yeah, I mean. 229 00:17:35.660 --> 00:17:36.190 Florian Kreft (LRZ): Yeah. 230 00:17:36.190 --> 00:17:37.609 Mahrad Zoonematkermani: I wanted a second opinion. 231 00:17:37.610 --> 00:17:39.050 Florian Kreft (LRZ): No, look, you have to ditch your mind. 232 00:17:39.050 --> 00:17:44.050 Ingolf Kuss: modify the sidecar template. I had to modify the sidecar template in… 233 00:17:44.180 --> 00:17:46.949 Ingolf Kuss: all your comments to integrate Vault. 234 00:17:48.000 --> 00:17:53.909 Mahrad Zoonematkermani: Let me see, but I think I did. Just give me a second, if that's fine. 235 00:17:56.410 --> 00:18:03.529 Mahrad Zoonematkermani: How do I want to share this? So, presenter is… Out by sight… 236 00:18:04.880 --> 00:18:05.640 Florian Kreft (LRZ): I mean, do you owners? 237 00:18:05.640 --> 00:18:07.559 Mahrad Zoonematkermani: All those ones shared the screen. 238 00:18:07.560 --> 00:18:10.349 Florian Kreft (LRZ): There's, a share button in… 239 00:18:10.350 --> 00:18:11.090 Mahrad Zoonematkermani: Okay. 240 00:18:11.530 --> 00:18:19.790 Florian Kreft (LRZ): I mean, if you leak some credentials that are actually used elsewhere, we just need to change them, because this is recorded, yeah. 241 00:18:20.310 --> 00:18:21.150 Florian Kreft (LRZ): Oh, but… 242 00:18:21.150 --> 00:18:25.859 Mahrad Zoonematkermani: The… at the same time, this is completely internal, and we decided. 243 00:18:25.860 --> 00:18:33.230 Florian Kreft (LRZ): Yeah, I mean, if for some reason you click the credentials we use elsewhere, we just have to change that. 244 00:18:33.230 --> 00:18:34.290 Mahrad Zoonematkermani: Oh, no, no, no, nothing. 245 00:18:34.290 --> 00:18:37.400 Florian Kreft (LRZ): Yeah, then, then, yeah. 246 00:18:37.400 --> 00:18:39.900 Mahrad Zoonematkermani: Even the wall token, I'm gonna change. Yeah. 247 00:18:39.900 --> 00:18:40.640 Florian Kreft (LRZ): Yeah. 248 00:18:40.810 --> 00:18:41.470 Florian Kreft (LRZ): I mean, that's. 249 00:18:42.110 --> 00:18:43.280 Mahrad Zoonematkermani: the sidecar? 250 00:18:43.280 --> 00:18:44.720 Shelley Doljack: It's really small. 251 00:18:44.720 --> 00:18:45.080 Florian Kreft (LRZ): Yeah. 252 00:18:45.080 --> 00:18:46.109 Ingolf Kuss: What kind of… 253 00:18:46.110 --> 00:18:46.969 Mahrad Zoonematkermani: Okay, I'm gonna… 254 00:18:46.970 --> 00:18:47.510 Ingolf Kuss: See, you're… 255 00:18:47.510 --> 00:18:48.500 Mahrad Zoonematkermani: Sorry. 256 00:18:49.460 --> 00:18:50.460 Mahrad Zoonematkermani: Very sensitive. 257 00:18:50.460 --> 00:18:54.149 Ingolf Kuss: The screen is the same size, and I'm not able to see only one. 258 00:18:54.150 --> 00:18:54.800 Shelley Doljack: Yeah, when I… 259 00:18:54.800 --> 00:18:55.180 Mahrad Zoonematkermani: Better? 260 00:18:55.180 --> 00:18:59.570 Shelley Doljack: is I see your video, and I see the… what you're. 261 00:18:59.570 --> 00:19:01.020 Mahrad Zoonematkermani: Oh, I shared the wrong screen. 262 00:19:01.020 --> 00:19:01.590 Shelley Doljack: Okay. 263 00:19:01.670 --> 00:19:04.060 Mahrad Zoonematkermani: Yeah. Apologies. 264 00:19:04.460 --> 00:19:09.569 Mahrad Zoonematkermani: And my not so… 265 00:19:09.570 --> 00:19:14.739 Ingolf Kuss: I think in standard models, it should show only one picture. I have standard and… 266 00:19:15.500 --> 00:19:20.059 Mahrad Zoonematkermani: So I have to change the layout? Content only? Is this better? 267 00:19:20.060 --> 00:19:21.220 Ingolf Kuss: Yeah, that's lovely. 268 00:19:21.220 --> 00:19:21.690 Mahrad Zoonematkermani: Okay. 269 00:19:22.990 --> 00:19:24.020 Mahrad Zoonematkermani: Thank you. 270 00:19:24.560 --> 00:19:26.960 Mahrad Zoonematkermani: And… is this too big, or… 271 00:19:26.960 --> 00:19:27.650 Ingolf Kuss: So… 272 00:19:27.650 --> 00:19:31.339 Mahrad Zoonematkermani: So this is the normal size. If it's too small, let me know so I can zoom in. 273 00:19:31.340 --> 00:19:32.280 Ingolf Kuss: small. 274 00:19:32.890 --> 00:19:33.230 Mahrad Zoonematkermani: Now? 275 00:19:33.230 --> 00:19:33.940 Shelley Doljack: go up. 276 00:19:33.940 --> 00:19:35.250 Ingolf Kuss: Yeah, good. 277 00:19:35.250 --> 00:19:36.210 Shelley Doljack: Good. 278 00:19:36.350 --> 00:19:40.229 Mahrad Zoonematkermani: Okay, here. That's okay. Let's do this. Okay, so… 279 00:19:40.780 --> 00:19:43.429 Mahrad Zoonematkermani: Just so you know, this is mod settings. 280 00:19:43.700 --> 00:19:49.600 Mahrad Zoonematkermani: It's a deployment, and I'm basically just… Going to the sidecar. 281 00:19:49.980 --> 00:19:57.220 Mahrad Zoonematkermani: And… looking at all the ends… Probably we want to… drip secrets. 282 00:19:57.550 --> 00:20:03.400 Mahrad Zoonematkermani: So… This token doesn't matter. It's gonna expire in a couple of days, don't worry about it. 283 00:20:03.400 --> 00:20:03.870 Ingolf Kuss: No. 284 00:20:04.490 --> 00:20:12.289 Mahrad Zoonematkermani: And of course, I don't know if you've noticed, but the sidecar template from Folio Common 285 00:20:12.890 --> 00:20:16.939 Mahrad Zoonematkermani: Requires this variable to exist, even though we don't use it. 286 00:20:17.800 --> 00:20:19.640 Shelley Doljack: Okay. 287 00:20:19.640 --> 00:20:21.879 Mahrad Zoonematkermani: Yeah, AWS SSM region. 288 00:20:22.130 --> 00:20:26.109 Ingolf Kuss: This looks good, if the address is correct. 289 00:20:26.680 --> 00:20:29.420 Mahrad Zoonematkermani: Yeah, so I have one vault. 290 00:20:30.390 --> 00:20:34.069 Mahrad Zoonematkermani: I don't want to show all the namespaces, because it's being recorded. 291 00:20:34.630 --> 00:20:36.740 Mahrad Zoonematkermani: Let me do that on the other screen. 292 00:20:37.130 --> 00:20:39.730 Mahrad Zoonematkermani: Please ignore what I have here. 293 00:20:40.500 --> 00:20:48.179 Mahrad Zoonematkermani: Namespace, vault… Okay, back here. Basically, in the namespace vault. 294 00:20:48.460 --> 00:20:50.850 Mahrad Zoonematkermani: I have an instance of Vault. 295 00:20:51.010 --> 00:20:54.799 Mahrad Zoonematkermani: So… That's pretty much… 296 00:20:54.800 --> 00:20:59.439 Ingolf Kuss: I have it all in the same namespace. Could this be a problem? 297 00:20:59.670 --> 00:21:04.089 Florian Kreft (LRZ): Not if you don't have network… I mean, it shouldn't be a problem, because. 298 00:21:04.090 --> 00:21:05.140 Mahrad Zoonematkermani: Yeah. 299 00:21:05.760 --> 00:21:12.979 Florian Kreft (LRZ): Like, where exactly you access this is not a problem if you don't have, like, network policies preventing this, which we don't have, so… 300 00:21:14.030 --> 00:21:14.550 Mahrad Zoonematkermani: And I mean… 301 00:21:14.550 --> 00:21:24.299 Shelley Doljack: Fine. As long as it can communicate to the other namespace, it should work. Yeah, of course. Although that's not what we did. And I don't think that's what EBSCO does, I think they do, like. 302 00:21:24.300 --> 00:21:24.900 Ingolf Kuss: Jason. 303 00:21:24.900 --> 00:21:36.739 Mahrad Zoonematkermani: No, no, they suggested that we install one vault per namespace, but I… since we have envs, I don't see a point of doing that, especially since in Vault we have the policy that 304 00:21:36.990 --> 00:21:44.040 Mahrad Zoonematkermani: The token that we create on that… based on that policy, based on that role, can… 305 00:21:44.230 --> 00:21:51.690 Mahrad Zoonematkermani: only, access all the secrets that are under that specific invite. 306 00:21:52.050 --> 00:21:53.040 Shelley Doljack: Yeah. 307 00:21:53.040 --> 00:21:53.570 Mahrad Zoonematkermani: So… 308 00:21:53.570 --> 00:21:54.140 Shelley Doljack: should work. 309 00:21:54.360 --> 00:22:03.610 Mahrad Zoonematkermani: Yeah, yeah, and I mean, if it didn't work, it would have complained during entitlement. All that it doesn't do for me is… 310 00:22:03.950 --> 00:22:09.600 Mahrad Zoonematkermani: Not creating the secrets and creating the user, for example, for mod search. 311 00:22:10.360 --> 00:22:12.100 Mahrad Zoonematkermani: And I have to do that on my own. 312 00:22:13.670 --> 00:22:17.520 Shelley Doljack: Yeah, that… yeah, yeah. 313 00:22:17.520 --> 00:22:20.739 Mahrad Zoonematkermani: And, but I, I think… 314 00:22:21.880 --> 00:22:24.810 Mahrad Zoonematkermani: It's more than valuable for me to know that 315 00:22:24.920 --> 00:22:28.039 Mahrad Zoonematkermani: there is a problem and I need to fix it. 316 00:22:28.680 --> 00:22:34.350 Mahrad Zoonematkermani: If you have a immediate opinion on that. 317 00:22:34.540 --> 00:22:40.869 Mahrad Zoonematkermani: That would be great, otherwise I can try to figure it out on my own, and then in two weeks, if nothing happened. 318 00:22:41.380 --> 00:22:43.519 Mahrad Zoonematkermani: I will bother you guys again with it. 319 00:22:48.580 --> 00:22:51.490 Shelley Doljack: That's such a big deal. 320 00:22:51.490 --> 00:22:53.770 Ingolf Kuss: to create this involved, is it? 321 00:22:54.510 --> 00:22:58.260 Mahrad Zoonematkermani: I mean, I would like to get it right. 322 00:22:58.940 --> 00:23:02.560 Mahrad Zoonematkermani: You know what I mean? Cuz… not be such a… yes? 323 00:23:03.150 --> 00:23:08.029 Shelley Doljack: Just double checking, like, what we have, 324 00:23:09.610 --> 00:23:21.960 Shelley Doljack: We do add, to our sidecar this, KCJWKS base URL. 325 00:23:22.560 --> 00:23:24.769 Mahrad Zoonematkermani: I think I have that, but… 326 00:23:24.770 --> 00:23:29.830 Shelley Doljack: And we set it to the internal key cloak service, so that. 327 00:23:31.520 --> 00:23:34.770 Mahrad Zoonematkermani: I don't have the KCJWT. 328 00:23:34.770 --> 00:23:50.490 Shelley Doljack: So you could… so, okay, if you read the README for the folio module sidecar, it kind of explains what this is, and we at Stanford pushed for this because we were, at first, having tons of problems with the 329 00:23:50.490 --> 00:23:55.129 Shelley Doljack: The sidecars being able to, 330 00:23:55.880 --> 00:24:02.149 Shelley Doljack: parse the JWT that it gets back from KeyCloak, because… 331 00:24:02.940 --> 00:24:17.969 Shelley Doljack: EBSCO kind of expected that you would use the fully qualified domain name for KeyCloak, and so when the issuer URL is embedded in the JWT. 332 00:24:18.180 --> 00:24:18.580 Florian Kreft (LRZ): Yep. 333 00:24:18.580 --> 00:24:24.780 Shelley Doljack: We would use that, and, like, we had a problem with our sidecars communicating, like, going. 334 00:24:24.780 --> 00:24:25.130 Florian Kreft (LRZ): Margot. 335 00:24:25.130 --> 00:24:28.810 Shelley Doljack: fully qualified domain name, and, so we… 336 00:24:28.810 --> 00:24:31.190 Florian Kreft (LRZ): Look at the sidecar, not the… 337 00:24:31.190 --> 00:24:31.560 Mahrad Zoonematkermani: Oh, my. 338 00:24:31.560 --> 00:24:35.640 Florian Kreft (LRZ): search. Okay. Sorry to interrupt, but Marat was searching in the wrong place. 339 00:24:35.640 --> 00:24:36.430 Shelley Doljack: Yeah. 340 00:24:36.620 --> 00:24:42.630 Shelley Doljack: It's a folio module sidecar with, yeah, dashes in between. 341 00:24:44.990 --> 00:24:49.800 Ingolf Kuss: Sorry to interrupt also. I can definitely say that I had to create some users 342 00:24:50.950 --> 00:24:54.070 Ingolf Kuss: in Vault and key clock. 343 00:24:55.090 --> 00:25:03.659 Ingolf Kuss: configuration, mod user's key clo… I have the error messages here, before and after. Before… It said, 344 00:25:04.870 --> 00:25:19.130 Ingolf Kuss: Secret not found. What configuration? Then I created a secret involved, manually, and then it had some other error. It had authentication error, because I didn't create the secret properly. But I had to create it by hand. 345 00:25:19.280 --> 00:25:23.020 Ingolf Kuss: The same was for… Mot… 346 00:25:23.880 --> 00:25:26.650 Shelley Doljack: So the whole deployment should… 347 00:25:26.990 --> 00:25:33.909 Shelley Doljack: you shouldn't have to go back and create things for the whole deployment. Only for the master realm. 348 00:25:37.360 --> 00:25:46.380 Shelley Doljack: And I think it really comes down to making sure that you are not setting a system user 349 00:25:46.850 --> 00:25:50.950 Shelley Doljack: You're not telling the deployment to use a system user. 350 00:25:50.950 --> 00:25:52.710 Mahrad Zoonematkermani: Okay, so. 351 00:25:52.710 --> 00:26:02.769 Shelley Doljack: Also, there's also, in the FolioHelm V2 charts, there's, under integrations, there's a system user key that should be set to false. 352 00:26:05.390 --> 00:26:11.020 Ingolf Kuss: Except if you need a system user. So there are some models which need a system user, and for those… 353 00:26:11.020 --> 00:26:14.190 Shelley Doljack: Oh, I know, I know, but you set it to… 354 00:26:14.900 --> 00:26:18.649 Shelley Doljack: Like, even for Mod PubSub, let me look what we did. 355 00:26:18.800 --> 00:26:21.500 Shelley Doljack: You have to set it to false. 356 00:26:21.820 --> 00:26:26.610 Shelley Doljack: I would say that it… that's just a bug in the… the deployment. 357 00:26:27.620 --> 00:26:28.960 Mahrad Zoonematkermani: So, you mean… 358 00:26:28.960 --> 00:26:32.610 Ingolf Kuss: I don't agree, but how doesn't… but then did you say this, moose, moose? 359 00:26:32.950 --> 00:26:38.499 Ingolf Kuss: variable system user unable to true, or what? It must somehow… otherwise it wouldn't create it. 360 00:26:39.970 --> 00:26:49.499 Mahrad Zoonematkermani: No, I think what she's saying is that there's a bug in how the, folio, common template library chart is written. 361 00:26:49.610 --> 00:26:53.820 Mahrad Zoonematkermani: And this flag does not do what it's supposed to. 362 00:26:54.250 --> 00:26:58.169 Shelley Doljack: No, no, I… That's not what I'm saying. 363 00:26:58.920 --> 00:27:02.670 Shelley Doljack: Okay, so, the, 364 00:27:03.350 --> 00:27:10.480 Shelley Doljack: this integration, system user enabled false. I think that's the thing that creates a Kubernetes secret. 365 00:27:10.730 --> 00:27:12.360 Shelley Doljack: for the module. 366 00:27:12.740 --> 00:27:14.330 Ingolf Kuss: Yes. Yes. 367 00:27:14.740 --> 00:27:19.570 Shelley Doljack: That's what this does. If you… if you enable true, then it'll create a Kubernetes secret. 368 00:27:19.570 --> 00:27:20.500 Ingolf Kuss: Yes, exactly. 369 00:27:20.500 --> 00:27:21.850 Shelley Doljack: Or the… Self-observed, yeah. 370 00:27:21.850 --> 00:27:22.380 Ingolf Kuss: Yes. 371 00:27:22.380 --> 00:27:25.029 Shelley Doljack: The module's system user. 372 00:27:25.160 --> 00:27:29.330 Shelley Doljack: And, we have it set to false, because 373 00:27:29.590 --> 00:27:33.539 Shelley Doljack: with our Okapi-based deployment, we had… 374 00:27:33.640 --> 00:27:36.890 Shelley Doljack: We didn't have different system user 375 00:27:37.440 --> 00:27:43.350 Shelley Doljack: credentials for all of the system users. We use the same one. And at some point, they're like. 376 00:27:43.620 --> 00:27:48.759 Shelley Doljack: oh, they being, like, the EBSCO devs, were like, oh, well, that's… 377 00:27:48.970 --> 00:27:56.329 Shelley Doljack: People should be able to have, different credentials for all the different system users, so we're going to… 378 00:27:56.970 --> 00:28:01.219 Shelley Doljack: add this to the Helm chart so that you can you know. 379 00:28:02.020 --> 00:28:03.679 Shelley Doljack: Put in a password for that. 380 00:28:03.680 --> 00:28:07.989 Ingolf Kuss: How do you steal that the system user gets created upon entitlement? 381 00:28:08.180 --> 00:28:11.519 Shelley Doljack: The… so, this is where it's like… 382 00:28:11.560 --> 00:28:29.380 Shelley Doljack: we're… we're all used to saying system user for Okapi-based deployments, and then we also say system user for the Eureka deployment, but what it is, it's a KeyCloak user that's getting created for the module for, like… 383 00:28:29.480 --> 00:28:32.120 Shelley Doljack: I don't know, I guess intermodule communication. 384 00:28:32.120 --> 00:28:34.789 Ingolf Kuss: But it has to have the name of the module, it has to be… 385 00:28:34.790 --> 00:28:42.340 Shelley Doljack: And it ends up, yeah, it ends up being the… the username ends up being the name of the module. 386 00:28:42.340 --> 00:28:44.229 Ingolf Kuss: Where do you configure that? 387 00:28:44.660 --> 00:29:01.730 Shelley Doljack: I don't configure it. I just say in… I say integration, System User Enabled false, and then in the extra env for a whole bunch of these modules, actually all of them, we just, across the board, we say System User Enabled false. 388 00:29:02.300 --> 00:29:05.939 Shelley Doljack: In the. 389 00:29:07.350 --> 00:29:08.210 Mahrad Zoonematkermani: over here. 390 00:29:09.100 --> 00:29:09.770 Shelley Doljack: Yeah, somewhere. 391 00:29:09.770 --> 00:29:11.549 Mahrad Zoonematkermani: In the value files. 392 00:29:11.580 --> 00:29:14.310 Shelley Doljack: Yes, in the, in the value file. 393 00:29:14.310 --> 00:29:16.490 Ingolf Kuss: Above there, you have it, the system user. 394 00:29:16.640 --> 00:29:19.560 Ingolf Kuss: Enabled in the third line, the fourth line. 395 00:29:21.390 --> 00:29:22.150 Mahrad Zoonematkermani: I see. 396 00:29:22.150 --> 00:29:25.100 Shelley Doljack: I think for some of them, 397 00:29:25.250 --> 00:29:29.229 Shelley Doljack: Let me search our repo for where we have Java ops. 398 00:29:30.500 --> 00:29:38.819 Mahrad Zoonematkermani: Okay, but this polio system user enabled false gets automatically created when we set integration to false, right? 399 00:29:38.820 --> 00:29:40.479 Florian Kreft (LRZ): But you also have it up top. 400 00:29:41.050 --> 00:29:43.100 Florian Kreft (LRZ): So you also have an extra, yes. 401 00:29:43.100 --> 00:29:44.200 Ingolf Kuss: Oh, I think. 402 00:29:44.200 --> 00:29:46.300 Mahrad Zoonematkermani: That's… That's weird. 403 00:29:46.300 --> 00:29:49.309 Florian Kreft (LRZ): I mean, it's the same for both, but you have it here as well. 404 00:29:49.310 --> 00:29:53.430 Mahrad Zoonematkermani: Yeah, then let me see, because… 405 00:29:54.770 --> 00:29:58.749 Mahrad Zoonematkermani: Maybe I created this because this didn't work. 406 00:30:02.970 --> 00:30:12.500 Mahrad Zoonematkermani: Okay, so what you're saying is that, folio system user enabled should be set to true for… 407 00:30:12.680 --> 00:30:15.869 Mahrad Zoonematkermani: for example, Maude. 408 00:30:15.870 --> 00:30:17.370 Ingolf Kuss: says that. She said it to. 409 00:30:17.370 --> 00:30:19.639 Mahrad Zoonematkermani: No, no, but this environment variable. 410 00:30:19.840 --> 00:30:23.159 Florian Kreft (LRZ): I mean, the example of Shellius, everything is false as well. 411 00:30:23.160 --> 00:30:24.110 Ingolf Kuss: Exactly. 412 00:30:24.290 --> 00:30:33.239 Mahrad Zoonematkermani: For everything, including, including mod, roles, key cloak, and everything. 413 00:30:34.440 --> 00:30:35.620 Shelley Doljack: Yeah. 414 00:30:35.620 --> 00:30:36.370 Mahrad Zoonematkermani: Okay. 415 00:30:36.720 --> 00:30:39.260 Mahrad Zoonematkermani: I mean, I can check your repository. 416 00:30:39.530 --> 00:30:40.160 Shelley Doljack: Yeah. 417 00:30:40.160 --> 00:30:43.110 Mahrad Zoonematkermani: of bothering you with that, I'm sorry. 418 00:30:43.380 --> 00:30:48.580 Shelley Doljack: No, it's fine. Yep, including Mod Roll's Key Cloak. 419 00:30:48.580 --> 00:30:49.020 Mahrad Zoonematkermani: Okay. 420 00:30:49.540 --> 00:30:50.800 Mahrad Zoonematkermani: Check, that's perfect then. 421 00:30:51.310 --> 00:30:53.799 Shelley Doljack: the only one that… 422 00:30:53.800 --> 00:31:03.929 Mahrad Zoonematkermani: I think the key one is KCJW jock space URL. I think this is what we're not setting, and this is what's breaking the whole thing. 423 00:31:05.930 --> 00:31:12.459 Mahrad Zoonematkermani: Cause if you check here… Oh, you said something. 424 00:31:12.720 --> 00:31:14.980 Mahrad Zoonematkermani: That's something, let me check that out. 425 00:31:16.220 --> 00:31:22.039 Mahrad Zoonematkermani: A copy URL… this is mod Pops Up. This I also stole from you, thank you. 426 00:31:22.040 --> 00:31:26.830 Shelley Doljack: Yeah, some of… some of them, you know, need a no copy URL that's… 427 00:31:27.830 --> 00:31:38.799 Shelley Doljack: got the localhost 8082, and when I was chatting with the AI agent, it revealed… this is in the early adopters channel, they have an AI agent. 428 00:31:38.800 --> 00:31:39.320 Florian Kreft (LRZ): Nope. 429 00:31:40.210 --> 00:31:50.580 Shelley Doljack: It was, like… you don't want to set a copy URL to Kong8000, ever, because then that would… 430 00:31:51.900 --> 00:32:00.930 Shelley Doljack: Go around the… the, like, authentication path through the sidecars, or something like that, so you always. 431 00:32:00.930 --> 00:32:03.639 Florian Kreft (LRZ): It would work, but it's, like, insecure, right? 432 00:32:03.640 --> 00:32:14.970 Shelley Doljack: Yeah, well, I mean, it's not… I'm not sure if it's that it would work, and that it's insecure, it's just that it's not the way Eureka should be deployed. 433 00:32:15.240 --> 00:32:15.800 Florian Kreft (LRZ): Okay. 434 00:32:16.840 --> 00:32:20.659 Florian Kreft (LRZ): It's just not… Not the idea for that. 435 00:32:20.660 --> 00:32:38.310 Shelley Doljack: You want the intermodule communication to go through the sidecars, and if you're setting a copy URL to Kong8000, you're going around the sidecar for intermodule communication, and you could run into problems, because that's not how it's designed. 436 00:32:38.740 --> 00:32:39.110 Mahrad Zoonematkermani: Okay. 437 00:32:39.110 --> 00:32:55.170 Florian Kreft (LRZ): Yeah, that's the reverse of one of the issues we had, I think, we mistakenly set some Elasticsearch URL to the sidecar, which doesn't make sense. So, for mod search, the Elasticsearch URL, obviously, that doesn't go through the sidecar, that doesn't make sense to go through the sidecar. 438 00:32:55.630 --> 00:32:56.290 Florian Kreft (LRZ): Nope. 439 00:32:56.710 --> 00:33:00.389 Mahrad Zoonematkermani: Okay, so the way I see it, you're using… 440 00:33:00.580 --> 00:33:09.930 Mahrad Zoonematkermani: Not the Eureka system user, because I didn't know what to create. You have a system user for the module specifically, which makes more sense. 441 00:33:10.460 --> 00:33:10.790 Shelley Doljack: Yeah. 442 00:33:10.790 --> 00:33:12.949 Mahrad Zoonematkermani: And the passport… okay. 443 00:33:13.170 --> 00:33:15.870 Shelley Doljack: Right, for PubSub, because, 444 00:33:16.810 --> 00:33:24.939 Shelley Doljack: It's special. Because the circulation log wasn't working or something, I don't know, and we used the username… 445 00:33:25.420 --> 00:33:31.299 Shelley Doljack: is ModPubsub, which is the username from our Ocopy-based deployment. 446 00:33:32.320 --> 00:33:39.169 Shelley Doljack: And, as I wrote in our document, I thought by adding 447 00:33:39.580 --> 00:33:54.380 Shelley Doljack: a password to our deployment, it would use that when it… when it created the ModPubSub keycloak user, but it doesn't. It just happily creates… it should create its own, like, 448 00:33:54.540 --> 00:34:01.139 Shelley Doljack: password in vault, and then in KeyCloak for that particular user, and then you have to… 449 00:34:01.300 --> 00:34:05.440 Shelley Doljack: After the fact, make sure everything is in sync. 450 00:34:05.440 --> 00:34:06.500 Mahrad Zoonematkermani: So… 451 00:34:07.030 --> 00:34:21.699 Mahrad Zoonematkermani: So, I don't create the user for ModPubSub, it creates it on its own, but the password that it's going to use is going to be wrong, because it's referencing the wrong thing, so I have to restart it and make sure that it gets the right password. 452 00:34:21.949 --> 00:34:28.510 Mahrad Zoonematkermani: So, if I'm using a static vault secret to, basically synchronize that. 453 00:34:28.980 --> 00:34:32.799 Mahrad Zoonematkermani: to a secret that I want to use in mod pops up. 454 00:34:33.150 --> 00:34:38.459 Mahrad Zoonematkermani: then I have to let it create that, have the vault static secret. 455 00:34:38.790 --> 00:34:42.490 Mahrad Zoonematkermani: Reference that is supposed to create it. 456 00:34:42.870 --> 00:34:46.789 Mahrad Zoonematkermani: Wait for it to be created, then restart it again. 457 00:34:46.790 --> 00:35:02.110 Shelley Doljack: I think so. And this issue will not come up when you entitle. You won't… you won't see this as a problem when you entitle. You'll see it when somebody says the circulation log is not populating with check-ins and check-ins. 458 00:35:02.110 --> 00:35:03.930 Mahrad Zoonematkermani: Oh, those, I still have. 459 00:35:03.930 --> 00:35:04.970 Shelley Doljack: So you, you would have… 460 00:35:04.970 --> 00:35:05.590 Mahrad Zoonematkermani: Not at all. 461 00:35:05.740 --> 00:35:14.139 Shelley Doljack: Look at the log, and you'll see, oh, there's an unauthorized Thing happening here. 462 00:35:14.140 --> 00:35:14.600 Mahrad Zoonematkermani: Why? 463 00:35:14.600 --> 00:35:15.480 Shelley Doljack: It's that? 464 00:35:16.510 --> 00:35:19.170 Shelley Doljack: Because it doesn't have the right credentials. 465 00:35:19.800 --> 00:35:36.389 Shelley Doljack: But yeah, if anything I've learned is that, if you have to go back in and create some kind of user in KeyCloak and Vault manually, then there's something… there's a bug in your deployment. You're missing something. 466 00:35:37.860 --> 00:35:38.559 Mahrad Zoonematkermani: Oh, I am? 467 00:35:38.560 --> 00:35:41.049 Shelley Doljack: The system user thing. 468 00:35:42.200 --> 00:35:44.130 Mahrad Zoonematkermani: You mean… Just… You're not. 469 00:35:44.130 --> 00:35:45.630 Shelley Doljack: Not you in general, just overall. 470 00:35:45.630 --> 00:35:49.069 Mahrad Zoonematkermani: Oh, okay, so that tells me. I'm like, okay. 471 00:35:49.070 --> 00:35:49.410 Shelley Doljack: Yeah. 472 00:35:49.410 --> 00:35:51.300 Mahrad Zoonematkermani: what? 473 00:35:51.300 --> 00:35:54.630 Shelley Doljack: One is missing this stuff in their deployment. 474 00:35:54.630 --> 00:36:04.079 Mahrad Zoonematkermani: But the question is, did you create the pops up user in KeyCloak manually, like, using mod, user's KeyCloak, or… 475 00:36:04.410 --> 00:36:09.570 Mahrad Zoonematkermani: Did you let mod pops up do it during entitlement? 476 00:36:09.890 --> 00:36:13.019 Mahrad Zoonematkermani: Then introduce that in the environment variable. 477 00:36:13.270 --> 00:36:14.350 Mahrad Zoonematkermani: Yeah, okay. 478 00:36:14.350 --> 00:36:19.820 Shelley Doljack: Oh, what do you… No. 479 00:36:20.490 --> 00:36:30.340 Shelley Doljack: I didn't… I didn't, we… we didn't, like, introduce this extra… these extra NVARs after entitlement. 480 00:36:30.860 --> 00:36:35.489 Shelley Doljack: We did… we deployed it with that, and then did the entitlement. 481 00:36:36.780 --> 00:36:41.220 Mahrad Zoonematkermani: But then… Won't the entitlement create the system user? 482 00:36:42.240 --> 00:36:42.930 Shelley Doljack: Yes. 483 00:36:45.640 --> 00:36:49.720 Mahrad Zoonematkermani: And then it will create it based on the secret that you're referencing here. 484 00:36:51.670 --> 00:36:55.739 Shelley Doljack: It doesn't use the password based on the secret I'm referencing. 485 00:36:56.330 --> 00:36:59.939 Mahrad Zoonematkermani: So, it creates a new password, and I have to go change the secret. 486 00:37:00.570 --> 00:37:01.420 Shelley Doljack: Yes. 487 00:37:01.420 --> 00:37:09.030 Mahrad Zoonematkermani: Okay, so then what that means is what I can do is I can mount this as N from, but optionally. 488 00:37:09.700 --> 00:37:15.020 Mahrad Zoonematkermani: So that if it doesn't exist, it won't complain and crash the whole thing. 489 00:37:15.360 --> 00:37:15.870 Shelley Doljack: Yeah, maybe. 490 00:37:15.870 --> 00:37:23.289 Mahrad Zoonematkermani: comes up, creates a secret, then the vault's static, secret will… 491 00:37:23.530 --> 00:37:30.119 Mahrad Zoonematkermani: Replicate that, and set it in my environment, And once that happens. 492 00:37:30.350 --> 00:37:37.649 Mahrad Zoonematkermani: I would just have to restart my pops up, and it's gonna work. Sorry, let me see what engulf is suggesting. 493 00:37:37.650 --> 00:37:39.540 Ingolf Kuss: We're on different lines now, Shelly. 494 00:37:39.540 --> 00:37:39.980 Mahrad Zoonematkermani: Yeah. 495 00:37:39.980 --> 00:37:42.819 Ingolf Kuss: I, I have… Created these lines. 496 00:37:43.180 --> 00:37:49.610 Ingolf Kuss: in my various files for all modules which have a system user, and I've asked the AI bot 497 00:37:50.020 --> 00:37:55.119 Ingolf Kuss: what are those modules? Again, possible, but you can also look it up. There's a couple of modules. 498 00:37:55.430 --> 00:37:58.060 Ingolf Kuss: 10 or 15, whoever, system user. 499 00:37:58.860 --> 00:38:04.650 Ingolf Kuss: And for those, I have set, system user to true. 500 00:38:05.160 --> 00:38:11.340 Ingolf Kuss: Then it creates, a secret, what pops up… System user. 501 00:38:12.040 --> 00:38:17.409 Ingolf Kuss: which has this password, which I have set there. So it's not a generated password, it's my password. 502 00:38:19.570 --> 00:38:23.140 Ingolf Kuss: And, I think it also uses this in the… 503 00:38:24.540 --> 00:38:30.599 Shelley Doljack: The… the annoying thing is, like, you can't really go into KeyCloak and look at. 504 00:38:30.600 --> 00:38:31.040 Ingolf Kuss: No, no. 505 00:38:31.040 --> 00:38:31.920 Shelley Doljack: user. 506 00:38:31.920 --> 00:38:34.709 Ingolf Kuss: You can't look at the passport in a key cloak, yeah. No, no. 507 00:38:35.040 --> 00:38:35.370 Ingolf Kuss: No, no. 508 00:38:35.370 --> 00:38:36.819 Shelley Doljack: See that it, like, uses. 509 00:38:36.820 --> 00:38:37.340 Ingolf Kuss: No, no. 510 00:38:38.800 --> 00:38:49.580 Ingolf Kuss: No, no, this is what the system does automatically. If it doesn't do it automatically, like, for mod configuration, then I create, a secret in what configuration. 511 00:38:50.020 --> 00:38:53.100 Ingolf Kuss: Which is called mod configuration, with a generated 512 00:38:53.360 --> 00:38:55.900 Ingolf Kuss: with a password which I generate myself. 513 00:38:56.590 --> 00:39:01.490 Ingolf Kuss: And then I go to Key Clog in the realm of my client. 514 00:39:02.920 --> 00:39:09.760 Ingolf Kuss: and create a user mod configuration, a system user mod configuration. And for this system user, I said. 515 00:39:10.020 --> 00:39:14.900 Ingolf Kuss: Credential type password, type equal password. 516 00:39:15.020 --> 00:39:20.710 Ingolf Kuss: And then set the password, and then set the same password as involved. And then it also works. 517 00:39:21.660 --> 00:39:25.710 Mahrad Zoonematkermani: Okay, but that would be quite similar to if you, 518 00:39:25.940 --> 00:39:29.459 Mahrad Zoonematkermani: Actually do it our way, so let… 519 00:39:30.200 --> 00:39:33.989 Mahrad Zoonematkermani: The system take care of creating the password and everything? 520 00:39:34.870 --> 00:39:41.289 Mahrad Zoonematkermani: And then use, Vault's static secret to, replicate that, and… 521 00:39:42.200 --> 00:39:47.719 Mahrad Zoonematkermani: Have your system use it, but in that scenario, then you're taking an extra step, so… 522 00:39:47.720 --> 00:39:48.350 Ingolf Kuss: Yes. 523 00:39:48.350 --> 00:39:52.820 Mahrad Zoonematkermani: you already have it in Vault, and you have it already in Keyclog. 524 00:39:52.940 --> 00:39:58.450 Mahrad Zoonematkermani: Let that handle it, and just not use the system user integration altogether. 525 00:39:59.800 --> 00:40:11.240 Mahrad Zoonematkermani: Because the way I realized it, this is probably not even meant for Eureka, it's more or less for a copy edition, that you end up putting everything as a secret itself. 526 00:40:11.550 --> 00:40:14.150 Ingolf Kuss: I had errors when doing entitlement. 527 00:40:15.960 --> 00:40:17.009 Mahrad Zoonematkermani: That could be… 528 00:40:17.010 --> 00:40:18.399 Ingolf Kuss: sector naming of the. 529 00:40:18.400 --> 00:40:19.969 Mahrad Zoonematkermani: Similar issue that could have… 530 00:40:20.900 --> 00:40:21.770 Ingolf Kuss: You know… 531 00:40:22.010 --> 00:40:25.899 Mahrad Zoonematkermani: Yeah, when it says the secret is missing, that's exactly when I went to create it. 532 00:40:25.900 --> 00:40:30.289 Ingolf Kuss: Yeah, not even a secret is missing, a system user is missing. It's looking for a system user. 533 00:40:30.590 --> 00:40:37.510 Ingolf Kuss: In KeyCloak, for mod configuration, in common where mod configuration is a module which doesn't have a system user, but if I don' 534 00:40:38.190 --> 00:40:42.860 Ingolf Kuss: If you create this manually, then titillation will not work, you know? 535 00:40:44.170 --> 00:40:53.689 Shelley Doljack: I put in a screenshot of what we have in KeyCloak for all of the system users that were created by the entitlement process. 536 00:40:55.080 --> 00:40:59.840 Shelley Doljack: So you can go back and double-check your deployment and make sure you're saying. 537 00:41:00.340 --> 00:41:03.549 Shelley Doljack: System user enabled false for those. 538 00:41:05.520 --> 00:41:06.290 Ingolf Kuss: Oh, look at… 539 00:41:06.290 --> 00:41:09.130 Shelley Doljack: Because you don't want… you don't want a… 540 00:41:09.760 --> 00:41:16.570 Shelley Doljack: you don't want the… you don't want the system user… the OCopy… System user. 541 00:41:16.570 --> 00:41:18.959 Ingolf Kuss: This is Bald, right? What you're showing? 542 00:41:18.960 --> 00:41:20.509 Shelley Doljack: No, it's Key Cloak. 543 00:41:20.950 --> 00:41:22.889 Shelley Doljack: But it… let me. 544 00:41:22.890 --> 00:41:28.390 Ingolf Kuss: Yes. And these were created automatically, or did you create them? 545 00:41:28.880 --> 00:41:31.180 Shelley Doljack: No, they were created automatically. 546 00:41:32.240 --> 00:41:33.309 Shelley Doljack: Didn't create any of. 547 00:41:33.310 --> 00:41:38.570 Ingolf Kuss: Yeah, this looks good, I have the same number, maybe the same, system users. 548 00:41:38.910 --> 00:41:42.069 Ingolf Kuss: So if I don't get this… do this, I get this kind of… 549 00:41:42.770 --> 00:41:45.400 Ingolf Kuss: This is not readable, sorry. 550 00:41:45.400 --> 00:41:46.380 Mahrad Zoonematkermani: No, it's fine. 551 00:41:47.340 --> 00:41:47.860 Shelley Doljack: You could… 552 00:41:47.860 --> 00:41:54.250 Ingolf Kuss: messages. This user, system user, user equal mod configuration. 553 00:41:54.630 --> 00:41:56.130 Ingolf Kuss: It's, it's complaining about… 554 00:41:56.130 --> 00:41:58.530 Mahrad Zoonematkermani: It's an info message, it's not a complaint. 555 00:42:00.360 --> 00:42:01.520 Shelley Doljack: It stops it. 556 00:42:01.520 --> 00:42:04.490 Ingolf Kuss: Yeah, okay, you're right, but it stops there. 557 00:42:06.790 --> 00:42:08.070 Ingolf Kuss: Doesn't continue. 558 00:42:08.700 --> 00:42:10.400 Shelley Doljack: I don't have the restoration. 559 00:42:10.400 --> 00:42:11.010 Ingolf Kuss: so… 560 00:42:11.490 --> 00:42:16.309 Shelley Doljack: like you said, why is there a mod configuration system user? Like, we don't even… 561 00:42:16.310 --> 00:42:16.700 Ingolf Kuss: Personal. 562 00:42:16.700 --> 00:42:20.469 Shelley Doljack: We had that with our copy-based enviro- deployment anyways. 563 00:42:21.390 --> 00:42:26.650 Shelley Doljack: So, go back and check the deployment for that, and make sure 564 00:42:26.810 --> 00:42:29.830 Shelley Doljack: You're saying, don't create a system user. 565 00:42:29.830 --> 00:42:35.520 Ingolf Kuss: Okay, after there must be an error message, which I cannot post, you know, because I don't have it, so… 566 00:42:36.330 --> 00:42:38.999 Shelley Doljack: So, I'm gonna… I'm gonna log into our… 567 00:42:39.820 --> 00:42:40.480 Shelley Doljack: the… 568 00:42:40.480 --> 00:42:43.110 Ingolf Kuss: Yes, this is the overall message, but, 569 00:42:43.220 --> 00:42:53.600 Ingolf Kuss: I don't know, I don't want to dig on this. I get an error message in, let's say, carefully, in connection with mod configuration, where I assume that it's the same error. 570 00:42:59.170 --> 00:43:01.570 Shelley Doljack: Ugh, let's see… 571 00:43:04.390 --> 00:43:09.549 Mahrad Zoonematkermani: Okay, are you looking? 572 00:43:09.850 --> 00:43:13.800 Mahrad Zoonematkermani: Otherwise, I will ask for a clarification. 573 00:43:14.740 --> 00:43:16.200 Shelley Doljack: So here… 574 00:43:16.200 --> 00:43:16.670 Mahrad Zoonematkermani: You know, you know? 575 00:43:17.000 --> 00:43:17.870 Mahrad Zoonematkermani: something. 576 00:43:18.350 --> 00:43:23.859 Shelley Doljack: Here is involved what, was created when we entitled. 577 00:43:24.580 --> 00:43:27.789 Shelley Doljack: Those are all the keys that got created for… 578 00:43:27.980 --> 00:43:40.830 Shelley Doljack: you know, probably sole application, sole system user, impersonation client, and Mod Rules KeyCloak, I think, were the ones created for App Platform Minimal. 579 00:43:41.860 --> 00:43:44.710 Shelley Doljack: Oh, and the Sidecar Module Access Client. 580 00:43:45.180 --> 00:43:51.609 Shelley Doljack: probably password reset client, I don't… I don't know what that's for. But then all the rest were… 581 00:43:51.610 --> 00:43:56.610 Ingolf Kuss: Don't mess up. What I had to learn is not to miss up clients with users. 582 00:43:56.980 --> 00:43:57.590 Shelley Doljack: Yeah, I know. 583 00:43:57.590 --> 00:44:01.880 Ingolf Kuss: Access client as a client, the others are users, and it's also… 584 00:44:02.630 --> 00:44:05.649 Ingolf Kuss: What's it… what is… is it vault or key clock, what you're showing? 585 00:44:05.650 --> 00:44:06.310 Shelley Doljack: smoke. 586 00:44:06.310 --> 00:44:17.459 Ingolf Kuss: Yeah, and in KeyCloud, there's a client sidecar module access client, But not, user, but not a… 587 00:44:18.110 --> 00:44:21.800 Ingolf Kuss: But not the user, so I… you don't have to have that as a user. 588 00:44:29.640 --> 00:44:35.620 Shelley Doljack: Okay, so, yeah, we added that, Casey… 589 00:44:36.200 --> 00:44:40.290 Shelley Doljack: Thingy, because the sidecars weren't able to get it 590 00:44:41.130 --> 00:44:46.160 Shelley Doljack: To, verify the… the token from KeyCloak for us. 591 00:44:47.300 --> 00:44:50.419 Mahrad Zoonematkermani: Okay, and it looks like I don't have it, so… 592 00:44:50.640 --> 00:45:00.190 Mahrad Zoonematkermani: If I do jocks, nothing here, I was on the sidecar, and here, grab… oh, sorry, n… breath. 593 00:45:01.100 --> 00:45:14.929 Shelley Doljack: So, if you don't have it, then that means, your sidecars are going out to the fully qualified domain name for Key Cloak in order to get the, 594 00:45:15.420 --> 00:45:19.990 Shelley Doljack: What is that thing in the token? The… 595 00:45:21.330 --> 00:45:29.049 Shelley Doljack: the JWT contains the issuer URL, right? And the issuer URL is going to be your fully qualified domain name. 596 00:45:29.050 --> 00:45:29.430 Mahrad Zoonematkermani: freak. 597 00:45:29.430 --> 00:45:30.080 Shelley Doljack: cloak. 598 00:45:30.320 --> 00:45:39.500 Shelley Doljack: And then the sidecars, in order to… Verify the certificate, I think? 599 00:45:40.000 --> 00:45:44.870 Shelley Doljack: Yeah, they go out and use that issuer URL. 600 00:45:45.250 --> 00:45:49.639 Shelley Doljack: So they're using the fully qualified domain name. If you don't want to… 601 00:45:50.110 --> 00:45:53.550 Shelley Doljack: If you want to use the internal Kubernetes service instead. 602 00:45:54.010 --> 00:46:01.339 Shelley Doljack: for verifying the certificate, then you would set up this KCJWKS base URL. 603 00:46:01.340 --> 00:46:01.880 Mahrad Zoonematkermani: Yep. 604 00:46:01.990 --> 00:46:07.579 Mahrad Zoonematkermani: And I would say then probably that's the better idea, because externally, all… 605 00:46:07.580 --> 00:46:07.939 Shelley Doljack: all the fun. 606 00:46:07.940 --> 00:46:14.490 Mahrad Zoonematkermani: and we're… Switching from, HTTP to HTTPS. 607 00:46:15.190 --> 00:46:20.310 Mahrad Zoonematkermani: And… Who knows if it can verify even the certificate, so… 608 00:46:20.780 --> 00:46:23.010 Mahrad Zoonematkermani: I mean, it works, that's how they've… 609 00:46:23.120 --> 00:46:28.110 Shelley Doljack: they first deployed it, EBSCO, and, you know, I think they're using… 610 00:46:28.980 --> 00:46:36.469 Shelley Doljack: AWS, maybe, for their customers, and… So… They didn't really think that… 611 00:46:37.010 --> 00:46:44.700 Shelley Doljack: When they designed it, they didn't really think that maybe you would want to use the internal key cloak service. Yep. 612 00:46:45.770 --> 00:46:54.680 Mahrad Zoonematkermani: Okay, but, which entity creates the secrets involved? Is that the sidecar, is that Key Cloak, or is that, 613 00:46:55.670 --> 00:46:56.240 Shelley Doljack: I don't know. 614 00:46:56.240 --> 00:47:00.220 Mahrad Zoonematkermani: the main container. I'm guessing main container, it isn't? 615 00:47:01.170 --> 00:47:02.270 Ingolf Kuss: Sidecar. 616 00:47:02.800 --> 00:47:03.599 Mahrad Zoonematkermani: Should be the site? 617 00:47:03.600 --> 00:47:12.730 Shelley Doljack: Sidecar is the thing that is responsible for all of the communication between modules, so I suspect it's the sidecar container. 618 00:47:12.930 --> 00:47:14.600 Shelley Doljack: Yep. That. 619 00:47:14.600 --> 00:47:16.090 Mahrad Zoonematkermani: I would guess so, too. 620 00:47:16.090 --> 00:47:17.650 Shelley Doljack: Responsible for this. 621 00:47:17.650 --> 00:47:22.100 Mahrad Zoonematkermani: But then, maybe I have an error… 622 00:47:22.830 --> 00:47:32.470 Mahrad Zoonematkermani: in the sidecar configuration, maybe since it can't… I mean, you just mentioned that it uses the external one. An external, 623 00:47:32.710 --> 00:47:37.230 Mahrad Zoonematkermani: key clock URL address is accessible even internally. 624 00:47:37.730 --> 00:47:39.460 Mahrad Zoonematkermani: So that shouldn't be a problem. 625 00:47:40.020 --> 00:47:42.150 Shelley Doljack: Sometimes. I mean, we had some weird. 626 00:47:42.150 --> 00:47:42.780 Mahrad Zoonematkermani: I'm gonna set it. 627 00:47:42.780 --> 00:47:52.980 Shelley Doljack: our load balancer that our operations team had to fix in order to… Allow the sidecar to… 628 00:47:53.520 --> 00:47:55.629 Shelley Doljack: Use the fully qualified domain name. 629 00:47:55.630 --> 00:47:56.990 Mahrad Zoonematkermani: We. 630 00:47:57.200 --> 00:47:57.920 Shelley Doljack: That's how… 631 00:47:57.920 --> 00:48:00.749 Mahrad Zoonematkermani: I don't think we have a problem with that at the moment, but… 632 00:48:00.750 --> 00:48:01.090 Shelley Doljack: It's. 633 00:48:01.090 --> 00:48:01.799 Mahrad Zoonematkermani: Good point that you. 634 00:48:01.800 --> 00:48:11.740 Shelley Doljack: But you would see, like, you would see an error in the sidecar or something, like, cannot access the JWT, or some error message like that. 635 00:48:11.740 --> 00:48:13.569 Mahrad Zoonematkermani: Okay. 636 00:48:13.570 --> 00:48:17.920 Shelley Doljack: It might be in the very, very long time ago in the early adopters. 637 00:48:17.920 --> 00:48:20.390 Mahrad Zoonematkermani: Yeah. Okay. 638 00:48:21.480 --> 00:48:26.260 Mahrad Zoonematkermani: Because… You can see that it says, 639 00:48:27.020 --> 00:48:30.220 Mahrad Zoonematkermani: System user authentication is actually successful. 640 00:48:32.130 --> 00:48:38.010 Mahrad Zoonematkermani: So, we don't have a problem with this. Basically, it can obtain credentials. 641 00:48:38.210 --> 00:48:40.559 Mahrad Zoonematkermani: How does it obtain the credentials? 642 00:48:41.240 --> 00:48:45.859 Mahrad Zoonematkermani: I'm gonna go ahead and say it uses, Vault for that, but I might… 643 00:48:46.990 --> 00:48:47.810 Ingolf Kuss: Fucked. 644 00:48:49.320 --> 00:48:53.940 Shelley Doljack: I'm not sure. 645 00:48:54.460 --> 00:48:58.799 Mahrad Zoonematkermani: So it uses KeyCloak to obtain credentials? I don't think that's a possibility. 646 00:49:00.000 --> 00:49:04.729 Mahrad Zoonematkermani: So the credentials for the user, username mod search. 647 00:49:05.850 --> 00:49:09.449 Ingolf Kuss: But the username is existing key clock, so… 648 00:49:09.650 --> 00:49:14.039 Mahrad Zoonematkermani: Yes, but it's created based on the secret that exists involved. 649 00:49:14.040 --> 00:49:14.870 Ingolf Kuss: Yes. 650 00:49:15.840 --> 00:49:18.599 Mahrad Zoonematkermani: And the point is, the way KeyCloaks 651 00:49:18.890 --> 00:49:29.069 Mahrad Zoonematkermani: stores your, password is not by storing a password. It's a one-way hash of your username and password combination that's 652 00:49:29.800 --> 00:49:33.279 Mahrad Zoonematkermani: You cannot go back from a hash to a password. 653 00:49:33.700 --> 00:49:41.549 Mahrad Zoonematkermani: You can only check the hash of a combination of username and password against the hash that you already store. 654 00:49:41.780 --> 00:49:44.679 Mahrad Zoonematkermani: So, Kiklo doesn't know the exact password. 655 00:49:45.000 --> 00:49:49.960 Shelley Doljack: No, but, the sidecar is likely going to mod… 656 00:49:50.530 --> 00:50:01.430 Shelley Doljack: login key cloak, maybe? The mod logging key cloak module, and doing an API call to, 657 00:50:01.650 --> 00:50:02.900 Shelley Doljack: log in. 658 00:50:06.510 --> 00:50:08.430 Mahrad Zoonematkermani: mod logging key cloak. 659 00:50:10.840 --> 00:50:11.710 Mahrad Zoonematkermani: Okay. 660 00:50:12.440 --> 00:50:13.310 Shelley Doljack: So it's gonna… 661 00:50:14.730 --> 00:50:25.090 Shelley Doljack: It's like… I mean, it's not… it's not looking it up in Vault, and like you said, I don't think it's looking it up in Vault, because everything is communicating through APIs. 662 00:50:25.780 --> 00:50:26.390 Mahrad Zoonematkermani: Okay. 663 00:50:26.390 --> 00:50:30.769 Shelley Doljack: Vault has an API, but I don't think the sidecar is using Vault's API. 664 00:50:30.770 --> 00:50:31.749 Ingolf Kuss: I think so, too. 665 00:50:32.250 --> 00:50:36.439 Shelley Doljack: It's likely going to ModLogin KeyCloak and logging in. 666 00:50:36.580 --> 00:50:40.580 Shelley Doljack: And, if it can't log in, then… 667 00:50:41.770 --> 00:50:46.559 Shelley Doljack: It would throw an error, and if it can log in, it'll say, yep. 668 00:50:47.070 --> 00:50:48.359 Shelley Doljack: I logged in. 669 00:50:49.230 --> 00:50:54.109 Shelley Doljack: So maybe… I don't know, I mean, maybe the log message is… 670 00:50:55.550 --> 00:51:04.279 Shelley Doljack: Maybe we're reading too much into the log message, saying obtaining credentials, because maybe it's not really obtaining credentials, it's just trying to log in. 671 00:51:05.380 --> 00:51:07.739 Mahrad Zoonematkermani: Oh, wait, security enabled true? 672 00:51:08.310 --> 00:51:11.539 Mahrad Zoonematkermani: Oh, yeah, this should be… yeah, never mind. 673 00:51:12.400 --> 00:51:18.690 Mahrad Zoonematkermani: Yep. Okay, so… I guess I have enough information to try to debug this. 674 00:51:20.650 --> 00:51:28.310 Mahrad Zoonematkermani: Yeah, thanks. But, okay, I'm gonna stop sharing, because this was the part that I needed, 675 00:51:28.640 --> 00:51:30.070 Mahrad Zoonematkermani: Screen sharing. 676 00:51:30.400 --> 00:51:39.769 Mahrad Zoonematkermani: Rest of the questions, if it's fine with everyone. Just a couple of ones to see, how you guys are handling some stuff, like… 677 00:51:41.020 --> 00:51:46.930 Mahrad Zoonematkermani: Which secret do you use for… Sorry, where's the Zoom window? 678 00:51:47.800 --> 00:51:50.660 Mahrad Zoonematkermani: I can't see you guys anymore. 679 00:51:51.580 --> 00:51:53.540 Ingolf Kuss: How many screens do you have? 680 00:51:53.540 --> 00:51:56.069 Mahrad Zoonematkermani: I have 3, but… 681 00:51:56.860 --> 00:51:58.360 Ingolf Kuss: That's the problem. 682 00:51:58.360 --> 00:52:02.059 Mahrad Zoonematkermani: No, no, the point is that… Window disappeared. 683 00:52:03.230 --> 00:52:08.050 Shelley Doljack: Yeah, you gotta go to, like, show meeting or something like that, or… 684 00:52:08.890 --> 00:52:10.919 Mahrad Zoonematkermani: Return to meeting, yeah, thank you. 685 00:52:11.080 --> 00:52:12.300 Mahrad Zoonematkermani: But it doesn't. 686 00:52:15.060 --> 00:52:16.260 Mahrad Zoonematkermani: Thank you, Linux! 687 00:52:16.470 --> 00:52:18.930 Mahrad Zoonematkermani: Yeah. 688 00:52:19.030 --> 00:52:22.569 Mahrad Zoonematkermani: Doesn't matter, I think that's good enough at the moment. 689 00:52:24.260 --> 00:52:35.100 Mahrad Zoonematkermani: Where are we? Yep. So, what kind of a token do you use for your vault installation? Do you use the root token, or… 690 00:52:35.320 --> 00:52:38.940 Mahrad Zoonematkermani: Do you create a token and then refresh it regularly? 691 00:52:39.690 --> 00:52:40.819 Mahrad Zoonematkermani: What's a void? 692 00:52:41.030 --> 00:52:42.350 Shelley Doljack: Oh. 693 00:52:42.350 --> 00:52:44.049 Ingolf Kuss: Toy Vault? What do you mean? 694 00:52:44.050 --> 00:52:50.550 Shelley Doljack: We don't get paid enough to do something like that, so we just keep everything static. 695 00:52:50.550 --> 00:52:52.410 Mahrad Zoonematkermani: Oh, you use the root token, then? 696 00:52:53.150 --> 00:52:53.620 Shelley Doljack: Yeah. 697 00:52:53.620 --> 00:52:55.920 Mahrad Zoonematkermani: token that you get… okay, got it. 698 00:52:56.110 --> 00:52:58.999 Shelley Doljack: We didn't set it to rotate anything. 699 00:52:59.400 --> 00:53:04.090 Mahrad Zoonematkermani: You know, here's the point, so I would be happy if it didn't rotate, but… 700 00:53:04.090 --> 00:53:04.969 Shelley Doljack: Does it rotate? 701 00:53:04.970 --> 00:53:07.180 Mahrad Zoonematkermani: If you… the root token not. 702 00:53:07.360 --> 00:53:10.880 Mahrad Zoonematkermani: Any other token, Absolutely. 703 00:53:11.700 --> 00:53:14.490 Mahrad Zoonematkermani: So, when you try to get 704 00:53:15.110 --> 00:53:24.089 Mahrad Zoonematkermani: When you try to be more secure, let's say, and not use a root token that has full access to everything in your vault. 705 00:53:24.090 --> 00:53:24.910 Ingolf Kuss: Okay. 706 00:53:26.240 --> 00:53:28.220 Mahrad Zoonematkermani: Then the token that you… 707 00:53:28.460 --> 00:53:38.570 Mahrad Zoonematkermani: Git is based on a role that has specific policies, yadda yadda yadda. Important part, That… token. 708 00:53:40.410 --> 00:53:42.410 Mahrad Zoonematkermani: Does have a lifetime. 709 00:53:42.690 --> 00:53:45.759 Mahrad Zoonematkermani: And it does have a refresh interval. 710 00:53:46.180 --> 00:53:52.609 Mahrad Zoonematkermani: Which is a mandatory field. So, there has to be a refresh interval of 711 00:53:53.350 --> 00:53:55.580 Mahrad Zoonematkermani: Let's say once every 30 days. 712 00:53:56.070 --> 00:53:58.840 Mahrad Zoonematkermani: I think the max is actually 1 or 2 months. 713 00:53:59.160 --> 00:54:01.299 Mahrad Zoonematkermani: So you have to keep refreshing that. 714 00:54:02.920 --> 00:54:05.000 Ingolf Kuss: Let me see… 715 00:54:05.000 --> 00:54:07.849 Shelley Doljack: This is if you're not using the root token. 716 00:54:07.850 --> 00:54:09.050 Mahrad Zoonematkermani: Exactly. 717 00:54:09.210 --> 00:54:20.629 Florian Kreft (LRZ): Yeah, the root token is per vault instance, so that is one sad reason to have one vault per folio instance, I guess. If you want to use the root token, you basically have to, right? Otherwise, you… 718 00:54:20.800 --> 00:54:23.300 Florian Kreft (LRZ): Like, share access. 719 00:54:23.910 --> 00:54:26.999 Florian Kreft (LRZ): Between folio instances, which is not a good idea. 720 00:54:27.260 --> 00:54:28.090 Shelley Doljack: Yeah. 721 00:54:28.400 --> 00:54:28.990 Ingolf Kuss: I don't know. 722 00:54:31.940 --> 00:54:32.890 Shelley Doljack: flips at all? 723 00:54:32.890 --> 00:54:36.100 Ingolf Kuss: gun, heavy… Three months, or what did you say, Marat? 724 00:54:36.100 --> 00:54:38.509 Mahrad Zoonematkermani: Every one or two months. 725 00:54:38.990 --> 00:54:40.960 Ingolf Kuss: If it's not doing… I don't do that. 726 00:54:40.960 --> 00:54:46.339 Mahrad Zoonematkermani: Yeah, because it's… you're using the root token, right? Yeah, okay, then no problem at all. 727 00:54:47.520 --> 00:54:52.240 Mahrad Zoonematkermani: Yeah, but that's not the most secure way to do it. 728 00:54:52.240 --> 00:54:54.330 Ingolf Kuss: No, it does… it doesn't need to be. 729 00:54:54.480 --> 00:54:55.760 Mahrad Zoonematkermani: Yeah. 730 00:54:55.760 --> 00:54:56.330 Shelley Doljack: You'd have to. 731 00:54:56.330 --> 00:54:57.200 Ingolf Kuss: Oh, my God. 732 00:54:57.200 --> 00:55:01.760 Shelley Doljack: Some seem to, like, update that in the sidecar, and then restart all your models. 733 00:55:01.760 --> 00:55:11.080 Mahrad Zoonematkermani: Oh, no, no, no need to update. The secret doesn't need to rotate. The secret needs to be refreshed. Sorry, the token doesn't need to be updated, it needs to be refreshed. 734 00:55:11.660 --> 00:55:18.120 Mahrad Zoonematkermani: So, I can probably create another, deployment that basically is always on, and… 735 00:55:18.430 --> 00:55:21.359 Mahrad Zoonematkermani: It… every day refreshes the token. 736 00:55:21.510 --> 00:55:26.849 Mahrad Zoonematkermani: And… In that scenario, the lifespan of the token is going to be infinite. 737 00:55:28.830 --> 00:55:31.440 Mahrad Zoonematkermani: If I keep refreshing it once every month. 738 00:55:32.080 --> 00:55:32.740 Shelley Doljack: Hmm. 739 00:55:34.280 --> 00:55:43.619 Mahrad Zoonematkermani: And, of course, for everything else, I am using a Kubernetes login method, so Vault has a plugin that allows connecting your 740 00:55:43.730 --> 00:55:53.520 Mahrad Zoonematkermani: Kubernetes service accounts to actual credentials with specific, roles. You connect it… you connect it to a role. 741 00:55:53.940 --> 00:56:08.879 Mahrad Zoonematkermani: And… long story short, you can use that as well, it's nice, but the lifetime of your token and the requirement to refresh it is going to become hours, not days, and I don't want to risk that, so I'm not going to go for that approach. 742 00:56:10.530 --> 00:56:11.400 Shelley Doljack: No. 743 00:56:11.400 --> 00:56:12.649 Mahrad Zoonematkermani: Yep, you know. 744 00:56:13.500 --> 00:56:14.310 Mahrad Zoonematkermani: So… 745 00:56:14.310 --> 00:56:21.980 Shelley Doljack: Yeah, I mean, I guess if, you know, you go to prod and suddenly nothing is working, then just go look at Vault. 746 00:56:21.980 --> 00:56:22.770 Mahrad Zoonematkermani: Yeah. 747 00:56:26.820 --> 00:56:32.080 Mahrad Zoonematkermani: Yep, so that was one point, 748 00:56:33.290 --> 00:56:39.929 Mahrad Zoonematkermani: Am I the only one who uses still Elasticsearch, or have any of you migrated to open search? 749 00:56:39.930 --> 00:56:41.729 Ingolf Kuss: No, I use Elasticsearch. 750 00:56:41.730 --> 00:56:45.429 Mahrad Zoonematkermani: I didn't manage to get it to work on the first try, then I gave up. 751 00:56:45.740 --> 00:56:46.680 Mahrad Zoonematkermani: Alaska. 752 00:56:46.680 --> 00:56:58.979 Florian Kreft (LRZ): Yeah, but here you may be not up to date because you were sick, so Florian managed to get it to work in Test 060, so we can look at that, at least if nobody here has any advice on open search. 753 00:56:59.200 --> 00:57:00.540 Florian Kreft (LRZ): But, like, 754 00:57:00.840 --> 00:57:11.810 Florian Kreft (LRZ): There was quite some additional configuration needed, so we can look at that in our environment. But, Shelly, I interrupted you. Are you still using Elasticsearch, or are you… 755 00:57:12.280 --> 00:57:13.120 Florian Kreft (LRZ): Yeah. Research. 756 00:57:13.220 --> 00:57:16.390 Shelley Doljack: Elasticsearch 8.6.2. 757 00:57:16.390 --> 00:57:19.480 Florian Kreft (LRZ): Yeah, okay, makes sense. Yeah, mine doesn't work. 758 00:57:20.350 --> 00:57:21.880 Florian Kreft (LRZ): Elasticsearch 9 doesn't. 759 00:57:21.880 --> 00:57:24.549 Ingolf Kuss: Yeah, yeah, just… 760 00:57:24.550 --> 00:57:27.579 Mahrad Zoonematkermani: That's exactly why I was, like, we need to move. 761 00:57:27.580 --> 00:57:28.099 Ingolf Kuss: Oh my god. 762 00:57:28.100 --> 00:57:29.180 Mahrad Zoonematkermani: Columbus. Yep. 763 00:57:29.180 --> 00:57:29.670 Florian Kreft (LRZ): Yes. 764 00:57:29.670 --> 00:57:30.220 Ingolf Kuss: Yo! 765 00:57:30.220 --> 00:57:31.920 Florian Kreft (LRZ): I mean, open search has the same problem. 766 00:57:31.920 --> 00:57:38.790 Ingolf Kuss: 8.151 still works, I've written, but not 912, is it some… Yep. 767 00:57:39.280 --> 00:57:39.710 Florian Kreft (LRZ): I think… 768 00:57:39.710 --> 00:57:40.750 Ingolf Kuss: Policy to… 769 00:57:40.750 --> 00:57:44.610 Florian Kreft (LRZ): But OpenSearch has the same problem, like, OpenSearch has a newer version 770 00:57:45.040 --> 00:57:48.389 Florian Kreft (LRZ): equivalent to 9, and that also doesn't work. 771 00:57:48.760 --> 00:57:50.029 Florian Kreft (LRZ): As far as I know, yep. 772 00:57:50.030 --> 00:57:52.240 Shelley Doljack: What doesn't work about it? 773 00:57:52.240 --> 00:58:06.319 Florian Kreft (LRZ): I actually don't know. So we can definitely… so, as of last week, we managed to get sunflower installations working with OpenSearch. Interestingly enough, we still have some re-indexing problems, which are weird, but, 774 00:58:06.320 --> 00:58:17.200 Florian Kreft (LRZ): That might not be actually related to OpenSearch itself, but the amount of data and sunflower. So, I'm still on that. Yeah? Do you have any advice here? 775 00:58:17.200 --> 00:58:24.059 Shelley Doljack: Well, just the amount of data. I mean, there's a lot more… there's many more indexes, and they're bigger. 776 00:58:24.060 --> 00:58:24.800 Florian Kreft (LRZ): Yes. 777 00:58:25.510 --> 00:58:29.840 Shelley Doljack: And, I mean, we have 11 million instances. 778 00:58:30.250 --> 00:58:32.200 Shelley Doljack: So we have a lot of… we have a… 779 00:58:32.200 --> 00:58:37.029 Florian Kreft (LRZ): How long did the re-indexing take you for 11 million indices? 780 00:58:37.250 --> 00:58:49.199 Shelley Doljack: Actually, we… so we bump up the resources for data, Elasticsearch data, and we leave them all at, 3. 781 00:58:49.560 --> 00:58:55.180 Shelley Doljack: And we leave mod search at 2, and the indexing completed 782 00:58:55.350 --> 00:59:02.470 Shelley Doljack: I don't know, like, within 12, 16 hours? Yep. It's actually a lot faster than it was. 783 00:59:02.470 --> 00:59:03.370 Florian Kreft (LRZ): Oh, okay. 784 00:59:03.370 --> 00:59:03.870 Shelley Doljack: Run. 785 00:59:03.870 --> 00:59:20.520 Florian Kreft (LRZ): But that's good to know that you don't actually have too many mod search instances, I think we have 3 at the moment, and we have 4 data instances of open searches with quite a lot of RAM, so I don't think it's, like, a resource problem. But the merge step itself fails at random points, and I don't. 786 00:59:20.520 --> 00:59:20.910 Shelley Doljack: Yes. 787 00:59:20.910 --> 00:59:22.710 Florian Kreft (LRZ): error method, yeah? Do you have. 788 00:59:22.710 --> 00:59:28.300 Shelley Doljack: Yes, so yeah, there's this whole new, like, upload, a merge step in. 789 00:59:28.300 --> 00:59:29.400 Florian Kreft (LRZ): Yes, yes. 790 00:59:29.400 --> 00:59:33.819 Shelley Doljack: The merge step is, like, essentially replicating the… 791 00:59:34.070 --> 00:59:40.089 Shelley Doljack: the document in your portfolio database under the mod search schema. 792 00:59:40.090 --> 00:59:42.389 Florian Kreft (LRZ): Okay, interesting, yeah. 793 00:59:42.390 --> 00:59:48.530 Shelley Doljack: Yeah, and, there's also some tables there that, you might, 794 00:59:49.060 --> 01:00:01.669 Shelley Doljack: if it… if the merge step fails, we had that. When we went to, on production, the holdings… for the holdings records, the merge failed, so then we did the… 795 01:00:02.020 --> 01:00:04.540 Shelley Doljack: Retry the merge failures. 796 01:00:04.680 --> 01:00:11.299 Shelley Doljack: And it seemed to have worked, but then the numbers didn't add up. 797 01:00:11.300 --> 01:00:12.139 Florian Kreft (LRZ): Yeah, yeah, okay. 798 01:00:12.140 --> 01:00:15.340 Shelley Doljack: I went back in the table and said it completed. 799 01:00:15.340 --> 01:00:19.290 Florian Kreft (LRZ): Yeah, okay. 800 01:00:19.900 --> 01:00:21.370 Florian Kreft (LRZ): Hold on. 801 01:00:21.370 --> 01:00:22.990 Mahrad Zoonematkermani: Story short, they also have. 802 01:00:22.990 --> 01:00:31.810 Shelley Doljack: Josh… my colleague Josh has… knows more about this, because he's dealt… he… he did this more, and he, like… 803 01:00:32.010 --> 01:00:38.920 Shelley Doljack: Yeah, we found out… he found out something where he had to go back and just, like, force it to say it completed, or it… 804 01:00:38.920 --> 01:00:54.029 Florian Kreft (LRZ): That's… that's actually… but that's specific to… for, the new versions of ModSearch in general, right? So this is not something Eureka… you did that earlier already, or did you re… did you need to re-index for Eureka? 805 01:00:54.320 --> 01:00:57.439 Shelley Doljack: Yes, we had to re-index for Eureka. 806 01:00:57.740 --> 01:00:58.470 Florian Kreft (LRZ): Okay. 807 01:00:58.720 --> 01:01:03.340 Shelley Doljack: I think it's because of just Sunflower, from Ramson's to Sunflower. 808 01:01:03.340 --> 01:01:04.549 Florian Kreft (LRZ): You did REM? 809 01:01:04.550 --> 01:01:18.200 Shelley Doljack: No, no, no, I know why, I know why. The indexes, because the… they're now using your env… I mean, they've always used your env value for the, for the indexes and the Kafka topics. 810 01:01:18.200 --> 01:01:18.640 Florian Kreft (LRZ): Yeah? 811 01:01:18.640 --> 01:01:27.970 Shelley Doljack: And we… we… our end value is folio, because it's used for Vault, right? For Secrets, folio, and then… 812 01:01:27.970 --> 01:01:29.860 Mahrad Zoonematkermani: You don't have to, actually. 813 01:01:30.140 --> 01:01:31.240 Shelley Doljack: No, I know, yeah. 814 01:01:31.240 --> 01:01:32.069 Mahrad Zoonematkermani: cover, yeah. 815 01:01:32.070 --> 01:01:41.919 Shelley Doljack: So we… we just let… we did… so we ended up changing the env variable, and so that's why we… I think that's one of the main reasons why we had to re-index. 816 01:01:41.920 --> 01:01:42.380 Mahrad Zoonematkermani: Got it. 817 01:01:42.380 --> 01:01:43.980 Florian Kreft (LRZ): Okay, so, so, what… 818 01:01:43.980 --> 01:01:46.060 Shelley Doljack: our old indexes, and… 819 01:01:46.570 --> 01:02:08.099 Florian Kreft (LRZ): So what you're telling me is that I should maybe ask Josh directly, because, like, our re-indexing of that is somewhat time-critical, because it's, like, the first test of the sunflower re-indexing, which is then used for some test migration in mid-April, so I don't think it can actually wait for 2 weeks, but then… 820 01:02:08.100 --> 01:02:25.259 Florian Kreft (LRZ): So for us, sometimes it just failed. I think mod link data had not enough resources, we increased that, but maybe something got messed up in that process. But even a full re-index stops at random points without any errors, and that's… what… 821 01:02:25.350 --> 01:02:31.700 Florian Kreft (LRZ): I don't get any errors, it just stops the merge process, and then at some point says merge fails, failed, it's… 822 01:02:31.700 --> 01:02:34.960 Shelley Doljack: So… That's weird. Yeah. 823 01:02:35.090 --> 01:02:40.640 Shelley Doljack: One thing is we didn't create linked data indexes. 824 01:02:41.610 --> 01:02:42.520 Florian Kreft (LRZ): At all. 825 01:02:42.520 --> 01:02:47.449 Shelley Doljack: Because, yeah, we don't have that, or nobody's… nobody said we should, so… 826 01:02:47.450 --> 01:02:51.710 Florian Kreft (LRZ): Okay, but… but still, that shouldn't be the source of the problem, right? 827 01:02:51.710 --> 01:02:59.479 Shelley Doljack: Yeah, we did, you know, instances, and then the locations, and call number, and. 828 01:02:59.480 --> 01:02:59.800 Florian Kreft (LRZ): Yeah. 829 01:02:59.800 --> 01:03:02.929 Shelley Doljack: subjects and whatever. Yeah. 830 01:03:03.630 --> 01:03:08.260 Shelley Doljack: I know with Ramson's, we ended up… 831 01:03:08.490 --> 01:03:17.319 Shelley Doljack: the indexing failed for some reason, and we're like, ex… and this is all copy-based. Expand the access token. 832 01:03:17.700 --> 01:03:20.860 Shelley Doljack: in, mod auth token. 833 01:03:21.160 --> 01:03:27.600 Florian Kreft (LRZ): Okay, so that's… so that's maybe something I should try first, just set a really long time for the, 834 01:03:27.600 --> 01:03:46.409 Florian Kreft (LRZ): Off-token upgrade. Yeah, exactly. Maybe something is fucked up here. I think… I remember vaguely that you, presented this problem already at some point, but, then maybe I'll just try that, because I want to try the, to start the re-add indexing, I think, tomorrow, it's too late today. 835 01:03:46.410 --> 01:03:54.620 Florian Kreft (LRZ): So that people can work on the rest of the data input. So for us, it fails in the instance, not the instances, the… 836 01:03:55.000 --> 01:04:11.349 Florian Kreft (LRZ): Yes, the instances, which is the first one, but this needs to be completed for the rest of the data import. Like, they do some requests to mod search for confirmation of stuff, and so they can't continue with the data imports currently, which is a bit sad. 837 01:04:11.480 --> 01:04:25.689 Shelley Doljack: Yeah, so, yeah, with Ramson's, I remember it was like, you would kick off the instances one, and it's supposed to do all the other ones, but then it would fail, so then we did all the other ones first, and then we went back and did the instance, and then it was okay. 838 01:04:25.690 --> 01:04:26.460 Florian Kreft (LRZ): Oh, okay. 839 01:04:26.460 --> 01:04:32.310 Shelley Doljack: So we had to increase the lifespan of the mod auth token. 840 01:04:32.310 --> 01:04:52.250 Florian Kreft (LRZ): Yeah, I think that's now the first thing, because I increased all the relevant resources, and our mod search instances are… and at some point, it just fails. Kafka itself is also somewhat of a bottleneck, it seems, in our current environment. I need to see if I can improve something here, but, yeah, it's like… 841 01:04:52.510 --> 01:05:16.229 Florian Kreft (LRZ): sadly, it's quite a bit of a problem. But those are also, like, the first time in Sunflower, we… and Open… first time Sunflower, first time OpenSearch, we imported a large amount of data. So quite a lot of new module versions, and maybe we missed some configurations on Kubernetes side, maybe something on the module side, but for some reason, it's not working correctly, yeah. But thanks… 842 01:05:16.240 --> 01:05:25.250 Florian Kreft (LRZ): for the reminder that you already told about your token problem. So maybe it's just something simple like that. 843 01:05:25.660 --> 01:05:28.120 Shelley Doljack: Yeah, maybe. Hopefully. 844 01:05:28.370 --> 01:05:40.530 Florian Kreft (LRZ): Hopefully, yeah. I'll see you tomorrow, but maybe if I can't get it to work tomorrow, I'll just ask Josh, maybe he has some more advice for a specific problem, if he's the expert on re-indexing. Yeah, thank you. 845 01:05:40.530 --> 01:05:41.280 Shelley Doljack: Yeah. 846 01:05:41.280 --> 01:05:46.939 Florian Kreft (LRZ): But now I need to go, because I need to drive to the cinema, and I don't want to miss my movie. 847 01:05:46.940 --> 01:05:49.030 Mahrad Zoonematkermani: Is it okay if I ask two more. 848 01:05:49.030 --> 01:05:50.499 Ingolf Kuss: Where else to report. 849 01:05:50.500 --> 01:05:51.820 Mahrad Zoonematkermani: Real quick ones. 850 01:05:51.820 --> 01:05:52.350 Shelley Doljack: I, yeah. 851 01:05:52.350 --> 01:05:55.049 Ingolf Kuss: We're out of time, but okay. 852 01:05:55.050 --> 01:05:55.689 Mahrad Zoonematkermani: No, no, but… 853 01:05:55.690 --> 01:06:01.939 Ingolf Kuss: I wanted to say, you have so many questions and problems that I don't have to say anything. 854 01:06:01.940 --> 01:06:03.850 Shelley Doljack: Sorry. 855 01:06:04.200 --> 01:06:06.840 Ingolf Kuss: Yeah, okay, yeah, to address your question. 856 01:06:06.840 --> 01:06:17.259 Mahrad Zoonematkermani: one is, what is the process of suggesting, changes to, folio hemp V2 hem charts? 857 01:06:17.590 --> 01:06:25.619 Mahrad Zoonematkermani: There are some errors that… I mean, I caught an actual error, and I had to modify it to be able to use that chart for. 858 01:06:26.790 --> 01:06:32.380 Mahrad Zoonematkermani: For the sidecar, library chart. 859 01:06:32.490 --> 01:06:33.270 Mahrad Zoonematkermani: Right? 860 01:06:34.090 --> 01:06:40.559 Shelley Doljack: Is it because you can't… they… you basically have to copy all of the NVARs for the sidecar if you want to… 861 01:06:40.560 --> 01:06:45.450 Mahrad Zoonematkermani: It's… one is that, the other one is when I use, 862 01:06:45.770 --> 01:07:03.759 Mahrad Zoonematkermani: external secrets instead of using bars one bar at a time. It has a templating error that I guess went untested, and what I'm doing right now is just pulling all the Helm charts, modifying that in all of the charts I pulled. 863 01:07:03.930 --> 01:07:07.839 Mahrad Zoonematkermani: Through a script, and then installed based on that, so… 864 01:07:08.010 --> 01:07:14.530 Mahrad Zoonematkermani: There are also other things that would be nice to have it improved, so the question is. 865 01:07:15.410 --> 01:07:17.340 Mahrad Zoonematkermani: Is there a way to suggest 866 01:07:17.470 --> 01:07:21.990 Mahrad Zoonematkermani: changes to that, because right now on Ocopy, we have our own Helm charts. 867 01:07:22.280 --> 01:07:24.800 Mahrad Zoonematkermani: And we could just… 868 01:07:25.030 --> 01:07:37.200 Mahrad Zoonematkermani: go our own way, like we've done for Okapi, but if there is a chance to make pull requests, and there's a process for someone to review them, and merge it, and so on and so forth. 869 01:07:38.960 --> 01:07:48.999 Mahrad Zoonematkermani: then we could go for the way of actually improving the folio comment chart, because that's mainly what we will probably end up using at the end of the day. 870 01:07:49.380 --> 01:07:51.990 Shelley Doljack: Yes, I agree. 871 01:07:52.140 --> 01:07:53.859 Shelley Doljack: I don't know… 872 01:07:54.390 --> 01:08:00.559 Mahrad Zoonematkermani: I saw you had an open merge request, but nobody did anything about it. I know. 873 01:08:00.610 --> 01:08:08.379 Shelley Doljack: And, yeah, and it was trying to fix another one that… is not right. 874 01:08:08.380 --> 01:08:11.880 Mahrad Zoonematkermani: So if that's the case, then we're gonna use our own. 875 01:08:12.010 --> 01:08:21.470 Shelley Doljack: I know, that's why currently we are using a forked version of FolioHome V2. . 876 01:08:21.479 --> 01:08:28.049 Ingolf Kuss: If you, if you… sorry to interrupt, if you ask the AI bot, you get an answer like this. Create a Jira bot ticket. 877 01:08:28.549 --> 01:08:31.059 Ingolf Kuss: in the Eureka sub-project. 878 01:08:31.839 --> 01:08:32.589 Ingolf Kuss: Nope. 879 01:08:32.809 --> 01:08:36.909 Ingolf Kuss: I mean, what I would do it, I haven't seen you posting this in… 880 01:08:37.259 --> 01:08:41.459 Ingolf Kuss: In the fully car, Eurocar early adopters, I mean, I'm glad you… 881 01:08:41.569 --> 01:08:45.569 Ingolf Kuss: Mentioned it here in person, but the… if you post it there, it will be… 882 01:08:45.739 --> 01:08:47.949 Ingolf Kuss: Discussed, everyone will see it, and… 883 01:08:48.329 --> 01:08:51.699 Ingolf Kuss: Maybe they will suggest you to create a Jira ticket, like… 884 01:08:52.130 --> 01:08:55.539 Mahrad Zoonematkermani: Yeah, but the Jira ticket, somebody else has to fix it, and I… 885 01:08:55.750 --> 01:09:02.390 Mahrad Zoonematkermani: have to wait a couple of months for them to do it, and this is a one-liner, for example, so… 886 01:09:02.390 --> 01:09:05.769 Ingolf Kuss: I don't know if it's months, but… 887 01:09:05.779 --> 01:09:14.229 Mahrad Zoonematkermani: Yeah, no, no, but the point is that the reaction time on this is minutes, the reaction on time for that is days or weeks, and… 888 01:09:14.229 --> 01:09:14.719 Ingolf Kuss: Piss. 889 01:09:14.720 --> 01:09:18.569 Mahrad Zoonematkermani: If we have the possibility to contribute. 890 01:09:18.859 --> 01:09:25.449 Mahrad Zoonematkermani: and get things improved, then it's a good way to, use… good thing to use for your comment. 891 01:09:25.750 --> 01:09:37.059 Mahrad Zoonematkermani: If it is something set in stone and completely fixed and out of our control, and we can only make change requests, then I would say that would be a problem. 892 01:09:37.200 --> 01:09:45.580 Mahrad Zoonematkermani: And maybe we should go for the same approach that Shelly does, or even contribute on your repository, so that we use your charts. 893 01:09:45.750 --> 01:09:50.519 Mahrad Zoonematkermani: And we improve it together. We could figure this out in the future. 894 01:09:50.750 --> 01:09:56.599 Shelley Doljack: Yeah, I think this is something we need to figure out. There's… I don't… yeah, maybe… 895 01:09:57.300 --> 01:10:01.820 Shelley Doljack: I don't know where to start, because I've tried this, and they seem… 896 01:10:02.100 --> 01:10:10.940 Shelley Doljack: they, being EBSCO, seems really like we want to control, because we're using this for something, and yeah. 897 01:10:10.940 --> 01:10:17.000 Mahrad Zoonematkermani: has an error in it. Yeah. Like, it has a formatting error that breaks the whole YAML. 898 01:10:17.310 --> 01:10:18.120 Mahrad Zoonematkermani: Yeah. 899 01:10:18.120 --> 01:10:24.549 Shelley Doljack: I mean, you could fork it and open a PR against that and see what happens. 900 01:10:25.050 --> 01:10:25.430 Ingolf Kuss: August. 901 01:10:25.430 --> 01:10:25.920 Mahrad Zoonematkermani: No. 902 01:10:25.920 --> 01:10:26.260 Ingolf Kuss: and then the. 903 01:10:26.260 --> 01:10:26.789 Shelley Doljack: question is… 904 01:10:26.790 --> 01:10:28.020 Ingolf Kuss: And what branch was it? 905 01:10:28.020 --> 01:10:28.380 Shelley Doljack: Perfect. 906 01:10:28.720 --> 01:10:33.439 Shelley Doljack: Slack channel, hey, I did this because we're trying to do… use these charts. 907 01:10:33.440 --> 01:10:35.700 Mahrad Zoonematkermani: I'm sorry, it's not fast enough to. 908 01:10:35.700 --> 01:10:36.130 Shelley Doljack: No, I… 909 01:10:36.130 --> 01:10:47.119 Mahrad Zoonematkermani: to go for that. We'll either fork it or go our own way, because there are many things that have room for improvement when it comes to the helm design over there. 910 01:10:47.280 --> 01:10:53.220 Mahrad Zoonematkermani: Especially on the sidecar, common library, so… 911 01:10:53.990 --> 01:10:54.910 Mahrad Zoonematkermani: Major. 912 01:10:54.910 --> 01:11:03.509 Ingolf Kuss: I did fork it, but I also remember I made a change requested, and they were done by LDR in the beginning. He committed a new version. 913 01:11:03.970 --> 01:11:04.560 Ingolf Kuss: Absolutely. 914 01:11:04.560 --> 01:11:10.300 Mahrad Zoonematkermani: Yeah, I know, but somebody else will do it, and… Yeah. 915 01:11:10.300 --> 01:11:10.950 Ingolf Kuss: Yeah, yeah, some of the. 916 01:11:10.950 --> 01:11:12.130 Mahrad Zoonematkermani: You have to be part of. 917 01:11:12.130 --> 01:11:13.340 Ingolf Kuss: the team to do it. 918 01:11:13.340 --> 01:11:13.830 Mahrad Zoonematkermani: I'm doing it to you. 919 01:11:13.830 --> 01:11:15.560 Ingolf Kuss: Seraph, yes. Yep. 920 01:11:15.560 --> 01:11:22.039 Mahrad Zoonematkermani: And when it's open source, it means the community will contribute, and I would say… 921 01:11:22.040 --> 01:11:24.550 Ingolf Kuss: But there's always one person. 922 01:11:24.550 --> 01:11:29.979 Mahrad Zoonematkermani: Yeah, but I saw a request that Shelly made a couple of years ago, and it hasn't been merged, so… 923 01:11:29.980 --> 01:11:32.459 Ingolf Kuss: Yeah, because they don't have capacities to… 924 01:11:32.460 --> 01:11:34.050 Mahrad Zoonematkermani: Therefore… 925 01:11:34.050 --> 01:11:34.980 Ingolf Kuss: view it. 926 01:11:34.980 --> 01:11:54.740 Mahrad Zoonematkermani: Strategically, I would say it's going to be a big, bottleneck if we want to go for that approach, so either fork our own or create another version of community charts for, folio that follows the same approach. And especially since… 927 01:11:55.000 --> 01:12:07.140 Mahrad Zoonematkermani: I'm not sure if we're going to end up using one Helm chart for each module. Rather, go for one Helm chart per application, or list a set of applications. We'll figure that out. 928 01:12:07.530 --> 01:12:08.240 Shelley Doljack: Hmm. 929 01:12:09.020 --> 01:12:10.670 Mahrad Zoonematkermani: Because having… 930 01:12:10.670 --> 01:12:12.590 Ingolf Kuss: web applications, or if you. 931 01:12:12.590 --> 01:12:19.930 Mahrad Zoonematkermani: Like, it could be a list of all the modules that we want to install, and we could set up multiple of them at the same time. 932 01:12:20.910 --> 01:12:25.749 Mahrad Zoonematkermani: Because that way, It's not gonna be a huge mess of… 933 01:12:27.390 --> 01:12:41.100 Mahrad Zoonematkermani: a million Argo CD applications for one deployment, and since we want to have multiple tenant, multiple simultaneous instances of this, it's not gonna be manageable anymore. So… 934 01:12:41.270 --> 01:12:51.559 Mahrad Zoonematkermani: current approaches. We create a collection of deployments. We have one very testly environment that we use Argo for right now. 935 01:12:51.850 --> 01:12:54.740 Mahrad Zoonematkermani: And in it, we have… 936 01:12:54.910 --> 01:12:57.860 Mahrad Zoonematkermani: One for, let's say, base modules. 937 01:12:58.530 --> 01:13:07.120 Mahrad Zoonematkermani: and another one for the team that wants to develop something that can add their own modules. So, we call them dev modules. 938 01:13:07.510 --> 01:13:12.519 Mahrad Zoonematkermani: basically two Argo CD applications, way easier to manage. 939 01:13:12.960 --> 01:13:17.850 Mahrad Zoonematkermani: And of course, we could use one application and have 100 dependencies. 940 01:13:18.600 --> 01:13:22.340 Mahrad Zoonematkermani: Which will be each and every one of those mods. 941 01:13:22.540 --> 01:13:23.980 Mahrad Zoonematkermani: However. 942 01:13:24.880 --> 01:13:39.259 Mahrad Zoonematkermani: you cannot template values for dependencies, so it makes it very hard to not copy and paste values and reuse the same variables that come down the hierarchy. So, we might end up just going our own way on this. 943 01:13:39.380 --> 01:13:43.680 Mahrad Zoonematkermani: But the… Folio Common would have been a useful one to use. 944 01:13:43.880 --> 01:13:48.010 Mahrad Zoonematkermani: Because that just templates everything we need as a baseline. 945 01:13:48.010 --> 01:13:48.730 Ingolf Kuss: Bye. 946 01:13:48.910 --> 01:13:49.640 Mahrad Zoonematkermani: Yep. 947 01:13:50.270 --> 01:14:03.789 Mahrad Zoonematkermani: Yeah, anyway, one more, I hope it's a very small one, does mod search work for us? Sorry, mod settings. Like, in the interface, in your Stripes image, can you change settings? 948 01:14:03.970 --> 01:14:05.000 Mahrad Zoonematkermani: Because… 949 01:14:05.620 --> 01:14:16.379 Mahrad Zoonematkermani: I didn't see the option. I went to the URL, it opened, but I didn't have any options, looked at the logs of mod settings, and it told me there's this permission problem. 950 01:14:16.850 --> 01:14:17.410 Shelley Doljack: Hmm. 951 01:14:18.520 --> 01:14:22.759 Shelley Doljack: Is it that you only see software versions on settings? 952 01:14:22.760 --> 01:14:23.850 Mahrad Zoonematkermani: Yes. 953 01:14:24.050 --> 01:14:29.740 Shelley Doljack: Yeah, we had this exact same problem when we first Built stripes. 954 01:14:30.520 --> 01:14:31.939 Mahrad Zoonematkermani: So, it's a build problem. 955 01:14:32.130 --> 01:14:34.519 Shelley Doljack: It's a build problem. 956 01:14:34.520 --> 01:14:35.880 Mahrad Zoonematkermani: Perfect. Good. 957 01:14:38.930 --> 01:14:43.900 Shelley Doljack: I don't think I have anything else to add to that. I have to look. 958 01:14:45.250 --> 01:14:57.550 Mahrad Zoonematkermani: I mean, if we're over time and I'm saving a lot of your time, I can write it in the chat, the early adopters, and we could discuss it there, because I… I think we're 15 minutes over time, and I… 959 01:14:57.920 --> 01:14:59.900 Mahrad Zoonematkermani: Yeah, we got… Sorry. 960 01:14:59.900 --> 01:15:04.270 Shelley Doljack: Chad had that, too, and I think it was… 961 01:15:04.580 --> 01:15:08.540 Shelley Doljack: We… we tried building stripes based on… 962 01:15:08.980 --> 01:15:17.770 Shelley Doljack: like, snapshot or something like that, and that wasn't right. We had to build stripes on sunflower. 963 01:15:18.150 --> 01:15:20.239 Mahrad Zoonematkermani: Exactly, I want it based on a release. 964 01:15:20.600 --> 01:15:20.970 Shelley Doljack: Yeah. 965 01:15:20.970 --> 01:15:36.560 Mahrad Zoonematkermani: So I go to the LSP, automatically grab everything on the right version, the modules, the applications, everything that it's supposed to be, and I want my front-end and backend based on the application descriptors, or the application manifest file. 966 01:15:36.690 --> 01:15:37.449 Mahrad Zoonematkermani: Did you say… 967 01:15:37.450 --> 01:15:38.920 Shelley Doljack: Platform LSP. 968 01:15:38.920 --> 01:15:39.550 Mahrad Zoonematkermani: Yes. 969 01:15:39.900 --> 01:15:42.560 Shelley Doljack: We went to Platform Complete. 970 01:15:43.890 --> 01:15:45.920 Shelley Doljack: And built based on that. 971 01:15:48.120 --> 01:15:48.800 Mahrad Zoonematkermani: O. 972 01:15:49.300 --> 01:15:53.559 Shelley Doljack: Yeah, and I don't know if that really makes a difference or not. It might. 973 01:15:53.650 --> 01:15:57.389 Mahrad Zoonematkermani: I think there were a couple of patch versions that were different. 974 01:15:58.490 --> 01:15:59.759 Mahrad Zoonematkermani: One or two. 975 01:16:00.080 --> 01:16:01.030 Shelley Doljack: I don't know. 976 01:16:01.930 --> 01:16:05.229 Ingolf Kuss: Platform LSP is just a list, which… 977 01:16:05.230 --> 01:16:06.660 Mahrad Zoonematkermani: It's a list of which version of… 978 01:16:06.660 --> 01:16:08.090 Ingolf Kuss: The other platforms, yeah. 979 01:16:08.090 --> 01:16:09.549 Mahrad Zoonematkermani: Yes, exactly. 980 01:16:09.950 --> 01:16:11.200 Shelley Doljack: And you're, you're, like… 981 01:16:11.200 --> 01:16:13.959 Ingolf Kuss: Not a contradiction to use both. 982 01:16:14.800 --> 01:16:18.520 Shelley Doljack: Your admin user has all of the capabilities? 983 01:16:18.850 --> 01:16:20.390 Shelley Doljack: I'm assuming. 984 01:16:21.220 --> 01:16:22.410 Mahrad Zoonematkermani: You, yeah. 985 01:16:22.410 --> 01:16:23.220 Shelley Doljack: you… 986 01:16:23.530 --> 01:16:32.610 Mahrad Zoonematkermani: I mean, what I did was, I actually, again, used the idea of your script, create that, list everything that is possible. 987 01:16:32.640 --> 01:16:46.380 Mahrad Zoonematkermani: I downloaded it, but other… except for, instead of paginating, I used a larger number that is, like, 100,000 or something, that I get all of that in one, request. 988 01:16:46.720 --> 01:16:50.260 Mahrad Zoonematkermani: And then created a role, admin role, based on that. 989 01:16:51.280 --> 01:16:57.320 Mahrad Zoonematkermani: So… Your… your mechanism basically uses pagination that if 990 01:16:57.680 --> 01:17:00.649 Mahrad Zoonematkermani: There are more than 3,000 or so. 991 01:17:00.900 --> 01:17:01.540 Shelley Doljack: Yeah. 992 01:17:02.270 --> 01:17:05.739 Mahrad Zoonematkermani: it'd do it that way? 993 01:17:06.430 --> 01:17:16.710 Shelley Doljack: I put… I put in the chat a link to our Stripes config for… that we used. And… 994 01:17:21.390 --> 01:17:24.710 Shelley Doljack: It's something… it could be something in, 995 01:17:25.140 --> 01:17:45.860 Shelley Doljack: You make sure you have folio authorization roles, folio authorization policies, folio… Tenant settings… Yeah. 996 01:17:49.120 --> 01:17:49.660 Mahrad Zoonematkermani: Okay, okay. 997 01:17:49.660 --> 01:17:58.449 Shelley Doljack: grab this… this list of dependencies in package JSON from… the Folio platform complete. 998 01:17:59.450 --> 01:18:03.519 Mahrad Zoonematkermani: And I see you're not mentioning any versions here. 999 01:18:04.840 --> 01:18:05.500 Shelley Doljack: not for. 1000 01:18:05.500 --> 01:18:06.139 Mahrad Zoonematkermani: So, look. 1001 01:18:06.140 --> 01:18:06.810 Shelley Doljack: Greg. 1002 01:18:08.410 --> 01:18:12.620 Mahrad Zoonematkermani: The way I see it… In a sec… 1003 01:18:14.060 --> 01:18:20.730 Mahrad Zoonematkermani: But did I use the Stripes config? It's actually checked in, so give me a few seconds. 1004 01:18:28.000 --> 01:18:29.999 Mahrad Zoonematkermani: Where is the stripes built? 1005 01:18:31.510 --> 01:18:32.760 Mahrad Zoonematkermani: Yep, there it is. 1006 01:18:32.980 --> 01:18:35.750 Mahrad Zoonematkermani: And I have a URE conversion. 1007 01:18:35.900 --> 01:18:36.700 Mahrad Zoonematkermani: Yep. 1008 01:18:37.770 --> 01:18:41.530 Mahrad Zoonematkermani: I should probably share my screen, or you probably have 1009 01:18:41.830 --> 01:18:47.520 Mahrad Zoonematkermani: Do you have access to this? Yeah, this is folio public, so you can access it. I'll just share the link. 1010 01:18:47.960 --> 01:18:48.670 Shelley Doljack: Okay. 1011 01:18:49.080 --> 01:18:52.809 Mahrad Zoonematkermani: This is what I'm doing here. 1012 01:18:55.530 --> 01:18:56.250 Ingolf Kuss: Hmm. 1013 01:18:56.740 --> 01:19:04.269 Mahrad Zoonematkermani: And please ignore the underline, triple underlines. Those are something that get replaced during the startup. 1014 01:19:10.830 --> 01:19:15.380 Shelley Doljack: Yeah, so your Stripes config… 1015 01:19:17.350 --> 01:19:20.909 Shelley Doljack: I mean, it looks like you have everything in there. 1016 01:19:20.910 --> 01:19:30.719 Mahrad Zoonematkermani: I mean, I got a mix of everything you, the suggestion from the official docs, and we have done in our previous Stripes builds. 1017 01:19:31.160 --> 01:19:31.720 Shelley Doljack: Yeah. 1018 01:19:31.840 --> 01:19:32.580 Mahrad Zoonematkermani: Oh, yeah. 1019 01:19:33.330 --> 01:19:47.149 Mahrad Zoonematkermani: maybe the package JSON is problematic here. So, for the version of package JSON, I guess I manually went through and used the version of everything we'd installed. 1020 01:19:47.830 --> 01:19:52.010 Mahrad Zoonematkermani: And my reference was, application descriptors. 1021 01:19:52.890 --> 01:19:56.759 Mahrad Zoonematkermani: So I extracted all those versions, whatever we had here. 1022 01:19:57.890 --> 01:20:04.520 Mahrad Zoonematkermani: I added the versions to it. So, I made sure that they're compatible with one another, because otherwise it's going to complain. 1023 01:20:05.060 --> 01:20:05.860 Shelley Doljack: Yeah. 1024 01:20:06.350 --> 01:20:14.710 Mahrad Zoonematkermani: Now, apart from this, I might be doing something wrong, because this was my first try at building a Stripes image, and… 1025 01:20:15.060 --> 01:20:18.020 Mahrad Zoonematkermani: Florian was surprised that it succeeded, so… 1026 01:20:19.940 --> 01:20:26.640 Mahrad Zoonematkermani: It could actually be the case here. Like, package.json and stripesconfig.js. 1027 01:20:27.910 --> 01:20:28.980 Shelley Doljack: I don't know. 1028 01:20:29.500 --> 01:20:36.160 Shelley Doljack: I don't think the… the RTR config has anything… Has any bearing on anything. 1029 01:20:36.420 --> 01:20:38.260 Shelley Doljack: In your Stripes config. 1030 01:20:38.650 --> 01:20:39.530 Shelley Doljack: Excite. 1031 01:20:39.880 --> 01:20:44.049 Shelley Doljack: I think that's, although we have 8, as well. 1032 01:20:44.050 --> 01:20:57.599 Mahrad Zoonematkermani: Yeah, I think that's the reason I added it. I saw that, I saw a message, I guess in the chat or somewhere, mentioning that RTR is important, and I was like, okay, I'll just accept it and not try to dig too deep into it. 1033 01:20:57.950 --> 01:20:58.810 Shelley Doljack: Yeah. 1034 01:20:59.550 --> 01:21:01.389 Shelley Doljack: Yeah, I don't… I don't know. 1035 01:21:06.470 --> 01:21:08.729 Mahrad Zoonematkermani: Yeah, okay, Ben, I'm not gonna bother you with… 1036 01:21:08.730 --> 01:21:23.880 Shelley Doljack: The other thing to do is, when you log in, like, inspect the network traffic, and see what is returned from the user's BL underscore self endpoint, and get that list of permissions. 1037 01:21:24.230 --> 01:21:28.939 Shelley Doljack: And double-check that it includes settings. 1038 01:21:29.510 --> 01:21:36.690 Shelley Doljack: But there was this problem that we had, and it's in the early adopters channel from 1039 01:21:37.310 --> 01:21:39.290 Shelley Doljack: maybe December, or… 1040 01:21:39.600 --> 01:21:44.030 Mahrad Zoonematkermani: Oh, so very recent, then I'm gonna take a look at that as well. I think I saw it? 1041 01:21:44.700 --> 01:21:51.940 Mahrad Zoonematkermani: But… I don't remember my course of actions afterwards. I've been sick for 2 weeks, so… Yeah. 1042 01:21:51.940 --> 01:21:56.400 Shelley Doljack: We… but we had this exact same problem, where we logged in, and… 1043 01:21:56.510 --> 01:22:00.180 Shelley Doljack: The only thing we saw in settings was software versions. 1044 01:22:01.320 --> 01:22:08.249 Shelley Doljack: And we don' Checked all of our permissions and capabilities and didn't understand 1045 01:22:08.410 --> 01:22:10.699 Shelley Doljack: And then I think it was… 1046 01:22:12.880 --> 01:22:14.790 Shelley Doljack: I don't… I don't remember what it was. 1047 01:22:15.530 --> 01:22:16.330 Mahrad Zoonematkermani: Okay. 1048 01:22:16.800 --> 01:22:21.630 Mahrad Zoonematkermani: So… Then, let's just ignore that for now. 1049 01:22:21.800 --> 01:22:25.830 Mahrad Zoonematkermani: Let's see… So… nope. 1050 01:22:26.050 --> 01:22:27.630 Mahrad Zoonematkermani: This is how I copy it. 1051 01:22:28.760 --> 01:22:31.440 Mahrad Zoonematkermani: Just to make sure that this is also what 1052 01:22:32.710 --> 01:22:36.079 Mahrad Zoonematkermani: you're having issues with, oh, I don't remember the password. 1053 01:22:38.260 --> 01:22:44.549 Mahrad Zoonematkermani: Oh, actually, it's running too late for me, so I'm gonna head out, but yeah. 1054 01:22:44.870 --> 01:22:50.709 Mahrad Zoonematkermani: Thank you very much for all the help. Yeah. And… yup. Thank you. 1055 01:22:50.830 --> 01:22:52.699 Ingolf Kuss: Happy Easter, Happy Holidays. 1056 01:22:52.840 --> 01:22:53.440 Shelley Doljack: Yeah. 1057 01:22:53.440 --> 01:22:54.219 Mahrad Zoonematkermani: Have a good one. 1058 01:22:54.220 --> 01:22:55.389 Shelley Doljack: Easter. See you. Bye! 1059 01:22:55.390 --> 01:22:56.700 Ingolf Kuss: Geeks. Bye. 1060 01:22:56.700 --> 01:22:58.049 Mahrad Zoonematkermani: Till two weeks. Bye-bye. 1061 01:22:58.050 --> 01:22:59.450 Ingolf Kuss: Oh, bye.