16:00:33 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Role Call 16:00:35 < mmcgrath> Who's here? 16:00:36 * ricky 16:00:36 -!- warren [i=warren@redhat/wombat/warren] has quit Remote closed the connection 16:00:37 -!- jeremy [i=katzj@nat/redhat/x-0f82d1e06695232a] has quit Remote closed the connection 16:00:39 < mmcgrath> quick before they drop 16:00:40 < ricky> Haha. 16:00:41 < mmcgrath> doah, too late. 16:00:48 < jima> oops 16:01:01 * jima here 16:01:18 * kyriakos_ (not that it really makes any difference :P) 16:01:23 < mmcgrath> skvidal: abadger1999 paulobanon f13 ivazquez ricky jima lmacken dgilmore kyriakos_ ping? 16:01:24 < londo> heh 16:01:28 < mmcgrath> londo: ping :) 16:01:30 < paulobanon> here 16:01:35 < abadger1999> pong 16:01:38 < londo> here 16:01:40 < jima> pong 16:01:40 < ivazquez> Pong. 16:02:01 < jima> (not that sets off my nick detection...maybe i should work on that) 16:02:17 < paulobanon> can we change the meeding for friday, to see if they still disconnect :D 16:02:29 < mmcgrath> paulobanon: we could :) 16:02:39 < mmcgrath> Ok, I think we have enough to get started. 16:02:46 < ricky> Or move the time :) 16:02:57 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- First tickets 16:02:59 < mmcgrath> https://hosted.fedoraproject.org/projects/fedora-infrastructure/query?status=new&sta tus=assigned&status=reopened&group=milestone&keywords=%7EMeeting&order=priority 16:03:49 < mmcgrath> Ok, one thing I wanted to talk to everyone about is some of the architectural changes I've been planning / making. 16:04:00 < mmcgrath> Long story short we're slowly decentralizaing our infrastructure. 16:04:10 < mmcgrath> this is A) cool and B) not simple. 16:04:15 < mmcgrath> B's the part I'm worried about. 16:04:29 < mmcgrath> Basically we're adding a bunch of redundancy to our environment but also adding complexity and points of failure. 16:04:38 < jima> mmhmm 16:04:42 * daMaestro is here 16:04:45 < mmcgrath> I recently created another domain to help ease this transition, right now its public but in the future it probably won't be. 16:04:48 < mmcgrath> daMaestro: yo 16:05:15 < mmcgrath> Once complete, every machine will be able to get to every other machine via "hostname.vpn.fedoraproejct.org" once you're connected to a machine. (firewall permitting) 16:05:34 < jima> oh, neat. 16:05:42 < mmcgrath> Part of this is the vpn configuration and part of this is naming our machines. 16:05:51 -!- rdieter_away is now known as rdieter 16:06:00 -!- jeremy [i=katzj@nat/redhat/x-824cfb21e0d420e3] has joined #fedora-meeting 16:06:00 < mmcgrath> Long story short, once you're on the network, use hostname.v.fp.o (vpn.fedoraproject.org) 16:06:16 < mmcgrath> whereas all other external requests will come through just fedoraproject.org 16:06:31 < mmcgrath> we'll no longer have the fedora.redhat.com domain (including the test boxes) and we'll be done with fedora.phx.redhat.com. 16:06:32 < paulobanon> when will this be fully functional ? 16:06:37 < jima> mmcgrath: GOOD! 16:06:47 < mmcgrath> paulobanon: *fully* functional, probably after F8 but long long before F9 16:06:51 < ricky> Nice. 16:06:57 * jima is a little tired of guessing "fedoraproject.org? or fedora.redhat.com?" 16:07:00 < mmcgrath> but we will have at least one remote proxy. 16:07:06 < mmcgrath> jima: I think others are as well. 16:07:22 * mmcgrath realizes its not second nature for most people. 16:07:29 * jima nods 16:07:46 < mmcgrath> I did test the proxy2 box, it was handling all of the fp.o traffic yesterday on a xen guest, with one processor and 1G ram. 16:07:48 < ricky> But does this mean that simply ssh puppet1, for example will need to be ssh puppet1.vpn.fedoraproject.org instead? 16:07:53 < mmcgrath> the physical box itself will allow for MUCh more than that. 16:08:03 < mmcgrath> ricky: its all in how we decide to search domains. 16:08:09 < ricky> Aha, OK. 16:08:16 < ivazquez> And configure ssh. 16:08:29 < ricky> Good point :) 16:09:00 < mmcgrath> I'm also slowly getting together a network map, this will greatly complicate our current network setup which is currently "Its in PHX or a one off in duke" 16:09:05 < paulobanon> ~when do we need to start renaming everything _ 16:09:06 < paulobanon> ? 16:09:12 < mmcgrath> hopefully the day to day functionality will be different. 16:09:22 < mmcgrath> paulobanon: not sure yet, we may not need to rename anything. 16:09:32 < mmcgrath> just change to the new scheme when we rebuild. 16:09:54 < paulobanon> k k 16:09:59 < mmcgrath> The biggest hangup I have right now is bootstrapping a build on a box that is off of the network. 16:10:21 < mmcgrath> I'd like to build over vpn so that the ks isn't sent in clear text and anaconda doesn't seem to support https (I could be wrong on that) 16:10:24 < mmcgrath> jeremy: ping? 16:11:13 < mmcgrath> I've given some thought to having xen do a bridge on the tap device, that way the xen guests wouldn't need VPN at all, they'd use the xen bridge and it'd go over the vpn from there but there are some security worries I have with that, as well as SPOF worries. 16:11:13 < jeremy> mmcgrath: what's up? 16:11:20 < londo> mmcgrath: you can do a wget, %include from kickstart would that be enough? 16:11:28 < mmcgrath> jeremy: does anaconda support https to get a ks? 16:11:34 < notting> no 16:11:39 < mmcgrath> notting: thanks 16:11:54 < jeremy> mmcgrath: well, it's more complicated than that 16:12:00 < mmcgrath> londo: the problem is getting the ks file in the first place, we'll just have to figure something else out. 16:12:05 < jima> mmcgrath: bridge + ebtables to redirect the traffic to the vpn? 16:12:10 < jima> (or such) 16:12:12 < jeremy> mmcgrath: you can have a minimal kickstart config that is just enough to get to the second stage. then you can have it include %ksappend https://... 16:12:24 < mmcgrath> jima: yeah. 16:12:39 < mmcgrath> jeremy: I'm mostly worried about sending even a fake, encrypted root password over the net. 16:13:09 < mmcgrath> no worries, we'll figure something out. 16:13:13 < jeremy> mmcgrath: you don't include the root pass in the first snippet 16:13:30 < jeremy> mmcgrath: you have lang, keymap, network, and url (or nfs or whatever) + the %ksappend line 16:13:31 < kyriakos_> mmcgrath: how feasible would it be to have local buildboxes with http proxies for the packages? 16:13:40 < mmcgrath> <nod> we could do that. 16:13:52 < mmcgrath> kyriakos_: for personal or global use? 16:13:56 < mmcgrath> s/global/public/ 16:14:07 < kyriakos_> mmcgrath: global 16:14:30 < mmcgrath> kyriakos_: people actually do all the time for local builds + squid and such 16:14:44 < mmcgrath> jeremy: ahh, I can give that a go. 16:15:05 < mmcgrath> Ok, anyone have any other questions on the vpn + new domain topic? 16:15:06 -!- GeroldKa [n=GeroldKa@fedora/geroldka] has joined #fedora-meeting 16:15:09 < mmcgrath> if not we'll move on. 16:15:10 < nirik> just FYI, we have a pretty complete mirror at our site local to proxy3, so if it pulls packages from there it should be quite zippy. 16:15:22 < mmcgrath> nirik: actually thats good to know, thanks. 16:16:05 < mmcgrath> That was ticket https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/154 BTW 16:16:06 < nirik> (mirrormanager should already point fedora stuff using mirrorlists to the right place, but you would need IP for centos/debian/ubuntu/whatever other things) 16:16:25 < mmcgrath> its still in the very early stages so I hope to keep communcations open on ideas and such when we get to actual implementation. 16:16:35 < mmcgrath> nirik: <nod> 16:16:48 < kyriakos_> is there a standard vpn package that you use? 16:16:53 < mmcgrath> Ok, next ticket is the VCS choice. 16:16:57 < mmcgrath> kyriakos_: we're using openvpn. 16:17:14 < mmcgrath> jcollie is absent again so we'll skip that. /me wonders how he's doing its been a while. 16:17:36 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Schedule 16:17:38 < mmcgrath> http://fedoraproject.org/wiki/Infrastructure/Schedule 16:17:54 < mmcgrath> Ok, Corporate Sponsorship has gone ok. 16:18:06 -!- warren [i=warren@nat/redhat/x-8a9f6cb294f7e3f1] has joined #fedora-meeting 16:18:14 < mmcgrath> right now we're still waiting for legal to get back to us with the official ok for tummy.com but its all setup and ready for the go ahead 16:18:19 * mmcgrath makes note to follow up about that. 16:18:46 < mmcgrath> Nothing terribly new this week, we have funding to purchase a server for the colo in Germany. 16:18:54 < jima> oh, cool. 16:18:56 < paulobanon> mmcgrath: nice! 16:18:56 < mmcgrath> Just waiting on the quote to come back and that should be a pretty new/good thing. 16:19:08 * mmcgrath thanks paulobanon, it could be EXTREMELY useful in the coming months. 16:19:22 < mmcgrath> I mean, a half rack in Europe is nothing to shake a stick at. 16:19:30 < paulobanon> nothing to thank for :P 16:19:47 < paulobanon> i had the contacts, so i provided them thats it :) 16:20:05 < mmcgrath> I've sent a couple of more emails out but had nothing concrete come back with a yes or no. 16:20:13 < mmcgrath> ricky: ping 16:20:18 < ricky> mmcgrath: pong 16:20:20 -!- giarc [i=hidden-u@xxxxxxxxxxxxxxxx] has joined #fedora-meeting 16:20:32 < mmcgrath> ricky: I've kind of ignored the status of that sponsorship page, are we just waiting on the new templating system? 16:20:35 < mmcgrath> how close is it? 16:20:39 < jima> a half rack? wow. 16:20:53 < mmcgrath> jima: no kidding. 16:21:13 < ricky> mmcgrath: Well, I'd say that it works now (as in can generate the static pages that we have now). 16:21:21 < mmcgrath> ..but ? 16:22:00 < ricky> It could possibly use some cleanup, though- I might not have done things in the smartest way. 16:22:08 < mmcgrath> k 16:22:14 < ivazquez> I can take a look after if you like. 16:22:44 < mmcgrath> ricky: is your stuff in the fedora CVS already? 16:22:46 < ricky> I'd like to possibly try to setup a generated site at /_/ or something and hope that we can use templates for F8. 16:22:47 < paulobanon> ricky/mmcgrath: is this something for pre-F8 or after ? 16:22:49 < mmcgrath> you're using genshi or kid or something else? 16:22:57 < paulobanon> ricky: already replied :) 16:23:07 < mmcgrath> paulobanon: pre-F8, I'm actually hoping for it in the next week or so (the sponsorship page that is) 16:23:15 < mmcgrath> and if its blocking on the templating system thats ok. 16:23:22 < ricky> mmcgrath: Genshi, and it's currently in http://ricky.fedorapeople.org/fedora-web/.git/. 16:23:42 * mmcgrath forgot about that. 16:23:54 < mmcgrath> ricky: remind me after the meeting, I'll get the websites team setup with control over that. 16:24:00 < ricky> Sure thing. 16:24:48 < ivazquez> Hrm. I can't seem to clone it. 16:25:02 -!- notting [i=notting@redhat/notting] has quit "Ex-Chat" 16:25:18 < ricky> ivazquez: Oops, running that now. 16:25:31 < paulobanon> ricky: if this is something that will go forward, why not get it into hosted ? 16:25:36 < ricky> ivazquez: Try now. 16:25:48 < paulobanon> as an actual project :) 16:25:52 < ivazquez> Much better. 16:25:59 < mmcgrath> paulobanon: welll, this one's actually going to be a place just for the websites team. 16:26:11 < mmcgrath> so it'll be going on git.fedoraproject.org, I've just been bad about getting it on there :( 16:26:21 < paulobanon> ahh ok ok 16:26:39 < mmcgrath> ricky: ivazquez: can you two give that a look over and get it up early next week? We can test in /_/ 16:27:03 < ivazquez> I'm a bit busy here, but I'll do what I can. 16:27:11 < ricky> Thanks. 16:27:18 < mmcgrath> ivazquez: thanks, I'd greatly appreciate it. 16:27:22 * jima has to roll out before the meeting endtime 16:27:26 < mmcgrath> Ok we'll move on to architecture. 16:27:48 < mmcgrath> Is there anyone here that'd be willing to document some stuff for me on SOP's or in kivio/dia? 16:28:03 < mmcgrath> I'm working on some of this as well but we can always use help :) 16:28:23 < paulobanon> mmcgrath: if u drop me what u want, i can give u a hand 16:28:37 < mmcgrath> paulobanon: excellent, I'll take you up on that. 16:28:40 -!- clarkbw [i=clarkbw@nat/redhat/x-a033520974148b46] has quit "Ex-Chat" 16:28:54 < mmcgrath> not much has happened during this week on that but more is on the way. 16:29:04 < mmcgrath> Next thing on the Schedule is SOP's, nothing new there. 16:29:08 < mmcgrath> So I'll open the floor 16:29:16 < paulobanon> proxies 16:29:17 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 16:29:21 < paulobanon> caching that is 16:29:27 < mmcgrath> paulobanon: yes, discuss the caching on the proxies. 16:29:56 < paulobanon> so we had a nice "impersonating experience" of lmacken in bodhi this week 16:30:00 -!- mdomsch [n=mdomsch@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] has joined #fedora-meeting 16:30:13 < paulobanon> mod_cache was playing some tricks on us 16:30:21 < jima> heh 16:30:25 < lmacken> :) 16:30:31 -!- stahnma [n=stahnma@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] has joined #fedora-meeting 16:30:38 < mmcgrath> that was fun. 16:30:47 < paulobanon> a fully functional caching bodhi is setup in pt1.f.rh.c/updates 16:31:07 < jima> i tried impersonating lmacken at a store, but they didn't believe me. 16:31:17 < mmcgrath> For those that are interested - wget -SO/dev/null http://fedoraproject.org/wiki/ 16:31:28 < paulobanon> one thing we need to make sure we do, is standardize the static content 16:31:31 < jima> lmacken: btw, if you hear something about a shoplifting trial, it wasn't me. 16:31:34 < mmcgrath> thats a good way to get the headers (and thus information about the content you're looking at) 16:32:10 < paulobanon> so if we could take a look into our TG apps, and make sure that everything is using /static/ for images, CSS, etc 16:32:36 < mdomsch> paulobanon, mm does 16:32:37 < mmcgrath> <nod> 16:32:41 < lmacken> jima: haha 16:32:46 < paulobanon> right now, smolt/stats and docs.fp.o/ are being cached 16:32:53 < abadger1999> Cool. Will do 16:33:11 < paulobanon> hopefully early next week, bodhi will be the first app to be cached also 16:33:21 -!- Aaronfc7 [n=Aaron@xxxxxxxxxxxxx] has joined #fedora-meeting 16:33:22 < paulobanon> so testing is appreciated in PT1/updates 16:33:25 * mdomsch needs db2 cached 16:33:26 < lmacken> I will probably be updating bodhi tonight or tomorrow with TG 1.0.3.2, so we can utilize the secure cookies, and some other fixes 16:34:03 < paulobanon> if u guys have suggestions, please comment/talk/whatever :) 16:34:16 < Aaronfc7> b43 module 16:34:19 < mmcgrath> <nod> cool. 16:34:21 * jima maintains no TG apps :) 16:34:30 < lmacken> paulobanon: i'll play around with it tonight, thanks for setting it up 16:34:33 < paulobanon> if you guys want to test your app with mod_cache let me know where the testing app is, and ill setup some rewrites in PT1 16:34:37 < ivazquez> Aaronfc7: Wrong group. 16:34:38 < lmacken> jima: want to help ? :) 16:34:51 < mmcgrath> paulobanon: no doubt, thanks for getting that all setup and tested in our environment. 16:34:53 < jima> lmacken: wouldn't that typically require knowing...what, python? 16:34:54 < Aaronfc7> still learning 16:35:09 < paulobanon> mmcgrath: no prob 16:35:18 < ivazquez> jima: So... in 2 hours then? 16:35:26 < mmcgrath> paulobanon: I'd love to get some of our WikiGraphics cached 16:35:26 < paulobanon> another thing, stickum :) 16:35:30 < mmcgrath> see: http://fedoraproject.org/wiki/WikiGraphics?action=AttachFile&do=get&target=fedoralogo-224x80.jpg 16:35:33 < mmcgrath> for example 16:35:38 < jima> ivazquez: ...? 16:35:44 < paulobanon> mmcgrath: pt1/wiki ;) 16:35:52 < ivazquez> In about 2 hours you'll be able to help with TG. 16:35:53 < lmacken> jima: TG turns python into a different sort of beast.. it's usually just best to dive in head first 16:35:55 < jima> ivazquez: well, for starters, i have to roll out in about 5 minutes, so definitely not. :P 16:36:25 < paulobanon> mmcgrath: forget the PT1/wiki, its not defined in modcache.conf 16:36:31 < mmcgrath> paulobanon: I actually added some caching to the production wiki (they're in puppet) 16:36:46 < paulobanon> mmcgrath: ill take a look tomorrow 16:37:07 < paulobanon> lmacken / ricky: daMaestro was interested in joining your stickum interest group 16:37:13 < mmcgrath> paulobanon: cool, anything else? If not we'll move on 16:37:14 * jima doesn't know any python, and has things like a job and family that make free time a bit erratic. :| 16:37:41 < daMaestro> +1 with helping with stickum devel 16:37:47 < ricky> daMaestro: Ask abadger1999 about getting SVN access when you see him. 16:37:51 < kyriakos_> what's stickum ? 16:37:52 < daMaestro> sure 16:37:54 < paulobanon> ricky: you wanna try pushing a testing version under pastebin.fp.o ? 16:37:58 < paulobanon> :P 16:38:00 < ricky> (Google accounts required, of course) 16:38:03 < daMaestro> kyriakos_, pastebin: example: http://f3dora.org./ 16:38:10 < daMaestro> damnit, http://f3dora.org/ 16:38:26 < daMaestro> there is also a fedora project test one, i don't have the url handy 16:38:33 < abadger1999> paulobanon, mdomsch:BTW, there's some ExpiresActive lines in pt1's mirrors.conf file that don't work. 16:38:36 < ricky> paulobanon: Hm, would we need it to be packaged first? I think mmcgrath mentioned that on the ticket. 16:38:55 < paulobanon> ricky: true true 16:38:56 < abadger1999> Not sure who's working on that but I commented them out for now 16:39:04 < ricky> publictest5.fedora.redhat.com/stickum/, may not be latest SVN- I will update it when I have the chance. 16:39:11 < paulobanon> abadger1999: mirrors.conf its not me 16:39:20 < mdomsch> abadger1999, oh? 16:39:31 < mdomsch> probably me, but I don't recall doing it on pt1 16:39:33 < jima> okay, i'm off -- have a nice night everyone. 16:39:39 < paulobanon> abadger1999: im usually under modRewrite.conf and modcache.conf 16:39:44 < ricky> jima: See you. 16:39:46 < mmcgrath> jima: later 16:39:48 < abadger1999> mdomsch: /etc/httpd/conf.d/publictest1.fedora.redhat.com/mirrors.conf 16:39:50 < paulobanon> jima: later 16:39:53 * mmcgrath attempts to get the meeting back up 16:40:11 < mmcgrath> do we have anything else we need to discuss in the meeting or should we head on over to #fedora-admin and continue discussing some of this there? 16:40:24 < abadger1999> mdomsch: I thought it was something puppet dragged in but I didn't see it in the configs on puppet1 16:40:48 < paulobanon> mmcgrath, ricky: is the pastebin something we still want for pre f8 ? 16:41:19 < mdomsch> odd 16:41:23 < mmcgrath> paulobanon: It'd be nice but we have some other priorities. 16:41:43 < mdomsch> how are we on donated resources? 16:41:46 < paulobanon> mmcgrath: that was what i was thinking 16:41:48 < mdomsch> sorry if it was covered earlier 16:41:52 < mmcgrath> but if it will just take a couple of hours to get up and running, I say have at it. 16:42:22 < mmcgrath> mdomsch: ahh, we talked about it a bit. 16:42:31 < mdomsch> ok, I'll read the logs later 16:42:44 < mmcgrath> so the tummy.com stuff is up and ready, we actually ran fedoraproject.org and wiki off of it yesterday for a couple of hours without incident. 16:42:49 < mmcgrath> mdomsch: cool 16:42:56 < lmacken> daMaestro: nice! f3dora.org++ 16:42:56 < mmcgrath> ok, if no one has anything else we'll close the meeting in 30 16:43:34 < mmcgrath> 10 16:43:40 < paulobanon> 5 16:43:42 < paulobanon> :) 16:43:51 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End 16:43:52 < daMaestro> lmacken, yeah.. it's up just so i could learn the stickum codebase and learn TG 16:43:56 < mmcgrath> Thanks for coming everyone. 16:44:01 < ricky> Thanks a lot. 16:44:04 < paulobanon> daMaestro: cool!! 16:44:09 < paulobanon> mmcgrath: thanks! 16:44:11 < abadger1999> Thanks!
Attachment:
pgpdb0jJfTn3H.pgp
Description: PGP signature