============================================ #fedora-meeting: Infrastructure (2013-12-19) ============================================ Meeting started by nirik at 19:00:03 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2013-12-19/infrastructure.2013-12-19-19.00.log.html . Meeting summary --------------- * welcome y'all (nirik, 19:00:04) * New folks introductions and Apprentice tasks (nirik, 19:01:40) * Applications status / discussion (nirik, 19:08:46) * ACTION: nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal (nirik, 19:16:27) * new python-fedora out later today for testing (nirik, 19:20:49) * badges server can now authorize specific users to hand out specific badges. (nirik, 19:23:07) * Sysadmin status / discussion (nirik, 19:24:25) * upgraded to puppet 2.7 without too much pain (nirik, 19:24:44) * updates will be applied later today and non outage causing reboots done. (nirik, 19:31:10) * Upcoming Tasks/Items (nirik, 19:33:41) * LINK: https://apps.fedoraproject.org/calendar/list/infrastructure/ (nirik, 19:33:41) * Open Floor (nirik, 19:40:45) * LINK: http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29 (tyll_, 19:43:57) * LINK: http://www.data.gouv.fr/ (threebean, 19:46:44) * no meetings next two weeks. (nirik, 19:49:44) Meeting ended at 19:50:01 UTC. Action Items ------------ * nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal Action Items, by person ----------------------- * nirik * nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal * pingou * nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * nirik (107) * abadger1999 (30) * threebean (29) * tyll_ (10) * relrod (8) * zodbot (6) * smooge (4) * janeznemanic (4) * lmacken (3) * ianweller (1) * fchiulli (1) * docent (1) * tflink (1) * puiterwijk (0) * mdomsch (0) * pingou (0) * dgilmore (0) -- 19:00:03 <nirik> #startmeeting Infrastructure (2013-12-19) 19:00:03 <zodbot> Meeting started Thu Dec 19 19:00:03 2013 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:00:04 <nirik> #meetingname infrastructure 19:00:04 <nirik> #topic welcome y'all 19:00:04 <nirik> #chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk 19:00:04 <zodbot> The meeting name has been set to 'infrastructure' 19:00:04 <zodbot> Current chairs: abadger1999 dgilmore lmacken mdomsch nirik pingou puiterwijk relrod smooge threebean 19:00:34 * ianweller is hereish 19:00:38 * tflink is lurking 19:00:44 * threebean is here 19:01:23 * relrod here 19:01:25 * abadger1999 is here 19:01:34 <nirik> morning everyone. 19:01:40 <nirik> #topic New folks introductions and Apprentice tasks 19:01:55 <nirik> any new folks like to introduce themselves? or apprentices with questions or comments? 19:02:11 <janeznemanic> me 19:02:25 <nirik> hey janeznemanic 19:02:32 <janeznemanic> guys do i ask to many questions 19:02:35 * lmacken here 19:02:49 <nirik> janeznemanic: not at all. ;) questions are good... 19:02:50 <threebean> janeznemanic: no 19:02:54 <threebean> :) 19:03:16 <janeznemanic> okey then 19:03:50 <nirik> we may not get to them as fast as you like, but we will get there. ;) 19:04:15 <janeznemanic> the important thing is that you get there 19:04:33 <tyll_> I would like to become an apprentice 19:05:02 <nirik> hey tyll_ 19:05:15 <nirik> love to have you help out and look around... I can add you after the meeting. 19:06:04 * docent is late :) 19:06:17 <nirik> hey docent 19:06:50 <tyll_> thanks, not sure what to write to introduce myself - I wold like to get a fedmsg service running for rel-eng 19:07:15 * fchiulli is also late 19:07:23 <nirik> thats a good quantifyable goal. ;) 19:07:38 <nirik> morning fchiulli 19:07:42 <threebean> tyll_: cool :) I'm glad to try and help wherever I can 19:08:27 <nirik> ok, shall we move on to applications? 19:08:46 <nirik> #topic Applications status / discussion 19:08:49 <tyll_> threebean: thank you, I assume I will need it 19:08:56 <nirik> any application news this week or upcoming? 19:09:53 * nirik listens to the crickets. :) 19:09:57 <threebean> nothing much here. ;) 19:09:59 <tyll_> Is cnucnuweb already an officially planned Fedora App? I was wondering whether it will be ok to use it for RPMFusion as well 19:10:23 <threebean> tyll_: well, pingou has been spearheading it and he's not here today. 19:10:36 <threebean> but I'm pretty sure resources have already been allocated for it. 19:10:37 <nirik> yeah. it is in the planning stages tho 19:10:46 * threebean nods 19:11:09 <nirik> tyll_: you were thinking of using the same fedora one for rpmfusion? or a seperate install somewhere? 19:11:23 <nirik> I guess if it could work to treat that as another distro... 19:11:38 <smooge> and I am here sorry 19:11:43 <nirik> morning smooge 19:12:15 <tyll_> yes, it would be a different distro I suppose - I was wondering whether there will be legal problems 19:12:28 <abadger1999> I'll get a new python-fedora out today for fedora/epel updates-testing 19:12:37 <abadger1999> nirik: Hmm.... might have to ask spot that. 19:12:48 <nirik> yeah, not sure, so yeah, we should ask spot 19:12:50 <abadger1999> nirik: because cnucnu does have links to the upstream source. 19:12:57 <abadger1999> which might be contributory infringement :-( 19:13:10 <nirik> yeah 19:13:17 <tyll_> it might be a problem for debian as well or other distros in general 19:13:31 <nirik> tyll_: yep. if they ship something we don't, etc. 19:13:54 <tyll_> nirik: usually they ship mp3 stuff 19:14:06 <nirik> so, should I send such an email? or would one of you like to and cc me? ;) 19:14:20 <nirik> or should we ask pingou to... 19:14:34 <nirik> since he likely knows more about what it contains, etc. 19:15:09 <nirik> how about I drop pingou a note about it and we can go from there. 19:15:18 <tyll_> this sounds good 19:16:27 <nirik> #action nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal 19:16:52 <nirik> abadger1999: what changes in that new python-fedora? 19:17:08 <abadger1999> Numerous bugfixes to the flask_fas_openid identity provider. 19:17:15 <abadger1999> Shold work with the flask i nfedora. 19:18:07 <abadger1999> Some improvements to how it's built 19:18:20 <abadger1999> Which should help people who are using it in a virtualenv 19:18:23 <nirik> does this mean dropping some hotfixes we are using now? 19:19:02 <abadger1999> yes, I'll have to check to make sure but I think it'll take care of all our python-fedora hotfixes. 19:19:39 <abadger1999> nirik: You may need a bit of help with some of that... I'm not sure how to find all the ansible-based hotfixes. 19:19:40 <nirik> nice. do we want to try and land that tomorrow? or punt until after the holidays? 19:19:51 <abadger1999> nirik: I'd punt 19:19:56 <nirik> ok. 19:20:04 <abadger1999> I don't know of anything that's broken right now 19:20:23 <abadger1999> So I'd rather let it sit in fedora/epel update-testing repo than get called over vacation :-) 19:20:30 <nirik> fair enough. 19:20:45 <threebean> oh - I pushed out a new badges release earlier this week. It adds a feature allowing us to authorize certain users to hand out certain badges. 19:20:49 <nirik> #info new python-fedora out later today for testing 19:21:09 <nirik> threebean: oh yeah? how does that work? 19:21:13 <threebean> it opens the door for a bunch of new badges that have been sitting in the queue. 19:21:38 <nirik> nice... like blessing of the fpl? 19:21:39 <threebean> I go to the admin panel and say "nirik" is authorized for the "Infrastructure Gold Star" badge 19:22:02 <threebean> then if you want to hand out gold stars to people who do good work, you go to the page for that badge and you'll see two new buttons. 19:22:20 <threebean> one to award the badge directly to a person, and another to create an invitation/qrcode for that badge. 19:22:29 <threebean> we'll use it for the "FPL's blessing" badge 19:22:33 <nirik> nice! 19:22:37 <threebean> but moreso for the upcoming docs writing badges 19:23:07 <nirik> #info badges server can now authorize specific users to hand out specific badges. 19:23:15 <nirik> sounds great. :) 19:23:35 * threebean makes a note to blog about it after the holidays 19:23:58 <nirik> sounds goodly. 19:24:25 <nirik> #topic Sysadmin status / discussion 19:24:33 <nirik> so, on the sysadmin front... 19:24:44 <nirik> #info upgraded to puppet 2.7 without too much pain 19:25:09 <nirik> I've been trying to quiet things that send email so they don't do so over the holidays. 19:25:23 <nirik> I'm also going to try and land the ansible cron thing soon. 19:25:45 <nirik> I'm planning a lot of ansible changes to fix old syntax. 19:25:54 <nirik> I might do some of that over the break, but will try and be quiet about it. ;) 19:26:06 <threebean> ha :) cool 19:26:23 <threebean> I haven't yet found a way to get ansible to tell me where the deprecated warnings come from 19:26:24 <nirik> I was thinking we might also want to do a mass update (no rebooting, just update) today or tomorrow... so we are all rolled up on security... 19:26:42 <nirik> threebean: yeah, I was going to look for $'s mostly. 19:26:49 <abadger1999> Hmm... why no rebooting? 19:27:07 <nirik> there's --syntax-check also 19:27:09 * relrod votes today if we do it, so we have tomorrow to fix any issues that crop up from it... 19:27:18 <nirik> abadger1999: well, no time to schedule outages? 19:27:31 <abadger1999> nirik: <nod> just thinking -- if they reboot on their own over the break. 19:27:38 <nirik> I guess we could just do them with no notice... but I dislike that. 19:27:40 <abadger1999> then something might break at that time. 19:27:49 <nirik> the kernel update doesn't have anything important to us... 19:27:55 <nirik> I don't think 19:28:56 <nirik> abadger1999: true... but better break than be insecure... it's usually a lot easier to clean up from a boot breakage over a compromise. ;) 19:29:03 <abadger1999> <nod> 19:29:08 <abadger1999> roger that. 19:29:50 <nirik> relrod: yeah, today would be fine with me too... more time to fix. 19:29:51 <abadger1999> Maybe we can reboot the "app" servers and the proxies? 19:30:00 <abadger1999> since they all have redundancy. 19:30:08 <nirik> yeah, there's a number we can do... 19:30:11 <abadger1999> and they're a likely vector of entry 19:30:18 <nirik> just not db servers or the like 19:30:23 <abadger1999> yeah. 19:30:39 <nirik> so, sure, we can do all the non outage causing ones. ;) 19:31:10 <nirik> #info updates will be applied later today and non outage causing reboots done. 19:31:16 <smooge> fas of course :) 19:31:42 <nirik> oh, on the fas servers... I might like to try and switch them to virtio at least too. 19:31:51 <nirik> should make them a bit faster 19:32:28 <nirik> as a side note, they are some of our last 32bit machines... when we move to rhel7 we won't have that option... ;) 19:33:00 <abadger1999> k. We'll just need to scale up the RAM on the hosts if we need to. 19:33:02 <lmacken> need more ram then :) 19:33:04 <lmacken> heh 19:33:10 <nirik> yep 19:33:41 <nirik> #topic Upcoming Tasks/Items 19:33:41 <nirik> https://apps.fedoraproject.org/calendar/list/infrastructure/ 19:33:53 <nirik> anything upcoming folks would like to note or schedule? 19:34:04 <nirik> we are out of freeze now, but heading into holidays. 19:34:23 <nirik> Do we want to do some kind of holiday freeze? or just hope people are careful? 19:34:40 <smooge> nothing on my part. I will be away from keyboard from 21st -> 6th 19:34:45 <abadger1999> we've done a holiday freeze in the past. 19:34:55 * nirik looks back 19:36:14 <nirik> can't find it. 19:36:32 <abadger1999> I guess it depends on who's around and willing to work on fixing stuff though -- I think I shouldn't touch stuff because I can definitely break more than I can fix ;-) 19:36:35 <nirik> anyhow, I'm ok either way... some kind of relaxed freeze, or just ask everyone to be careful 19:36:56 <relrod> I think relaxed holiday freeze is reasonable. I will be around intermittently and be able to +1 things if people need. 19:36:58 <nirik> well, I am going to be around (not planning any trips or anything). 19:37:26 <nirik> however, I'm hoping to not get paged or be pulled into working on something when I am not wanting to. ;) 19:37:41 <abadger1999> nirik: <nod> I wouldn't have a problem with you doing things or authorizing other people to work on a change. 19:38:12 <nirik> I think most of us are going to be taking it easy... so, just trying to be careful and chastising anyone who breaks things works for me. ;) 19:38:13 <threebean> yeah, let's just freeze. 19:38:19 <abadger1999> because I know if you break it you'll be up all of christmas eve working on a fix ;-) 19:38:20 <threebean> if we authorize nirik to authorize people 19:38:27 <nirik> heh. 19:38:29 <threebean> then people will ping him 19:38:32 <nirik> I really hope not to. 19:38:39 <abadger1999> threebean: good pooint. 19:38:54 <nirik> how about this: any changes, get a +1 on list 19:39:00 <nirik> from anyone 19:39:14 <nirik> that shows at least two people are around and it looks ok to them 19:39:29 <abadger1999> <nod> and fixing things doesn't need approval. Just things that are new. 19:39:35 <nirik> right. 19:39:43 <threebean> sounds good 19:39:47 <relrod> works for me 19:40:01 <nirik> I can send out a note to the list... unless someone else would like to? ;) 19:40:36 <nirik> I can. ;) 19:40:38 <threebean> :D 19:40:45 <nirik> #topic Open Floor 19:40:57 <nirik> anyone have anything for open floor? 19:41:00 <relrod> A question that came up in -apps a bit ago, does anyone know if it is intentional that our subdomains (apps, admin, etc) don't gzip their output? If it's not intentional or nobody knows, I would like to enable gzip at least for apps.fp.o in staging for now, and see if anything breaks. Nothing that doesn't send "Accept: gzip" should see any difference. 19:41:02 <nirik> questions, suggestions, comments? 19:41:21 <nirik> relrod: yes, there were several tickets around this... 19:41:34 <nirik> blindly gzipping resulted in double gzipping things. ;( 19:41:56 <nirik> I can find the tickets 19:42:52 <nirik> .ticket 3859 19:42:53 <zodbot> nirik: #3859 (http://dl.fedoraproject.org sends incorrect content-encoding header) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/3859 19:42:59 <nirik> .ticket 4005 19:43:00 <zodbot> nirik: #4005 (pkgs.fedoraproject.org content encoding misconfiguration) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/4005 19:43:13 <tyll_> I believe there are some possible attacks against TLS with compression enabled 19:43:45 <nirik> reminds me, we should figure out actions from that ticket asking us to change tls options. ;) 19:43:57 <tyll_> http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29 19:44:29 * relrod notes that fp.o does gzip (including the wiki, and including with https) 19:44:35 <relrod> just not subdomains 19:45:04 <nirik> yeah, not sure the permutations off hand. Lets continue discussing in #fedora-admin? 19:45:17 <relrod> nirik: I'll read over those tickets and see what I can see ;) 19:45:29 <nirik> ok, sounds good. 19:45:44 <threebean> other news -> ansible galaxy just launched https://groups.google.com/forum/#!msg/ansible-announce/W40GgVxbU6U/KfY4nmng6H8J 19:45:51 <nirik> yes indeed. ;) 19:45:58 * nirik needs to look at it more, haven't had time. 19:46:26 <nirik> also, there's a new fedmsg user in the world now right? 19:46:32 <threebean> oh, right! 19:46:44 <threebean> http://www.data.gouv.fr/ 19:46:59 <threebean> ^^ is a new fedmsg deployment 19:47:25 <threebean> the devs have been too busy getting ready for their debut (yesterday) to give me many details. 19:47:29 <nirik> thats pretty awesome. ;) 19:47:34 <threebean> i'll try to have a writeup for it in the new year :) 19:47:43 <nirik> yeah, would make a great story 19:48:10 <nirik> ok, if nothing else, will close out in a minute... 19:49:33 <nirik> oh, note no meeting next week or week after! :) 19:49:40 <smooge> NO MEETING!!!!! 19:49:44 <nirik> #info no meetings next two weeks. 19:49:59 <nirik> Thanks for coming everyone. 19:50:01 <nirik> #endmeeting
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
