March 2011 - infrastructure - Fedora Mailing-Lists

Sign-vault01 outage Retrospective - 2011-03-22 at 20UTC

by Kevin Fenzi

Greetings. As some of you may know, we had an outage of our signing server on friday (2011-03-18). The outage was caused by hardware failure on that physical machine, but there are a number of issues around this we should discuss and address. Due to heroic efforts from a number of folks, things were back up and functioning later friday. Thanks to all involved! We would like to hold a retrospective on this outage in #fedora-meeting at 20:00UTC on 2011-03-22. Agenda/Items to discuss: * Timeline/Background info * Setup of sensitive boxes * func/puppet/fasClient or not? * encrypted / * Updates for sensitive boxes * regular with other updates? * do not schedule on fridays? * Backups of sensitive boxes * Avoiding single points of failure * Notifications on outages like this Please join us and add input to help make things better. kevin

13 years, 1 month

1
1
0 / 0

Removing users from sysadmin-* accounts

by Stephen John Smoogen

System administration is a privilege as it gives access and control over many users resources and data. In order to best protect those assets, it is a normal procedure to remove people who do not seem to have need for that access anymore. Fedora Infrastructure policy is to remove special access to people who have not been using it in 60 days. Having gone through the user lists in wtmp, web logs and other data the following accounts will be removed from various system administration groups. People who are removed may reapply later to the infrastructure program when they feel they need access again. Accounts will not be removed from the infrastructure mailing list. Accounts will be removed by 2011-03-17 2000 UTC. sysadmin akistler sysadmin benbeecher sysadmin billchen sysadmin ccielogs sysadmin dianam sysadmin ff4273 sysadmin ggruener sysadmin gsieranski sysadmin jasonwalsh sysadmin jaxjax sysadmin jeffreyt sysadmin jonrob sysadmin jorn sysadmin kolesovdv sysadmin marcelomgarcia sysadmin mkearey sysadmin nman64 sysadmin rordway sysadmin santosp sysadmin sbathe sysadmin thierry sysadmin valholla sysadmin wfoster sysadmin yingbull cmsadmin cyrushmh cmsadmin itbegins cmsadmin matheo cmsadmin schendje cmsadmin teb cmsadmin wonderer sysadmin-cloud arjunroy sysadmin-cloud hbrock sysadmin-cloud lutter sysadmin-cloud pmyers sysadmin-cloud sheid sysadmin-cloud slinabery sysadmin-cloud sseago sysadmin-dba mikeb sysadmin-devel davivercillo sysadmin-devel huzaifas sysadmin-devel itbegins sysadmin-devel ivazquez sysadmin-hosted huzaifas sysadmin-hosted jaxjax sysadmin-main mikeb sysadmin-noc badone sysadmin-noc billchen sysadmin-noc ggruener sysadmin-noc huzaifas sysadmin-noc jdieter sysadmin-noc jorn sysadmin-noc kanarip sysadmin-noc rigeld2 sysadmin-noc sgrubb sysadmin-noc sheid sysadmin-noc wakko666 sysadmin-noc yingbull sysadmin-spin kanarip sysadmin-spin maxamillion sysadmin-spin sandeen sysadmin-test akistler sysadmin-test anujmore sysadmin-test badone sysadmin-test drak sysadmin-test emichan sysadmin-test huzaifas sysadmin-test itbegins sysadmin-test jhutar sysadmin-test jtluka sysadmin-test kanarip sysadmin-test mapleoin sysadmin-test marcelomgarcia sysadmin-test matheo sysadmin-test mbacovsk sysadmin-test mganisin sysadmin-test schendje sysadmin-test zc00gii sysadmin-tools huzaifas sysadmin-tools santosp sysadmin-tools tgalyean sysadmin-web adrian sysadmin-web akistler sysadmin-web asgeirf sysadmin-web badone sysadmin-web glezos sysadmin-web huzaifas sysadmin-web ivazquez sysadmin-web johnp sysadmin-web jokajak sysadmin-web jorn sysadmin-web mbacovsk sysadmin-web wakko666 sysadmin-web yingbull sysadmin-web zoglesby -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren

13 years, 1 month

5
7
0 / 0

FAS password complexity requirements

by Ricky Zhou

Hey, so we discussed in the meeting, FAS's password requirements are currently very lax - just a minimum length of 8 characters. What do we think the requirements should be changed to? One possible strength checker that I mentioned during the meeting was: http://www.nongnu.org/python-crack/ This can use a dictionary to detect weak passwords. Thoughts? Ricky

13 years, 1 month

6
7
0 / 0

Can I authenticate against FAS without python?

by Sean Flanigan

Hi, I'm part of a team which is working on a Java-based web translation system called Zanata (formerly Flies) which needs to authenticate against the Fedora Account System (ideally SSO). What's the state of http://fedoraproject.org/wiki/OpenID ? This seems like it would be fairly easy to integrate into Java. That page says it's in beta. Would it be a really bad idea to build a system which depends on it, even as a stop-gap? Apart from authentication, I would like to check if the user has signed a CLA before letting them enter translations. What options are available to a Java system for checking CLAs? I know there's python-fedora, but is there a documented web service underneath, which I could access from Java? I guess I'm looking for an XML/JSON version of https://admin.fedoraproject.org/accounts/user/view/{username}, preferably one which doesn't require my system to authenticate itself as a Fedora user. Also, I've been looking at the python-fedora API, and I have some questions: 1. is there an attribute which tells me the user has signed a CLA? 2. can I fetch this attribute without authenticating? 3. if I do need to authenticate, how can I get a non-human Fedora account for my web server to use? Thanks! Sean. -- Sean Flanigan Senior Software Engineer Engineering - Internationalisation Red Hat

13 years, 1 month

3
3
0 / 0

Re: Removing users from sysadmin-* accounts

by Matt Domsch

Ack. Sent from my Dell Streak -----Original Message----- From: Adrian Reber [adrian(a)lisas.de] Received: Thursday, 17 Mar 2011, 1:55am To: Fedora Infrastructure [infrastructure(a)lists.fedoraproject.org] Subject: Re: Removing users from sysadmin-* accounts On Wed, Mar 16, 2011 at 09:59:21PM -0600, Stephen John Smoogen wrote: > sysadmin-web adrian Please do not delete my sysadmin-web account. I need for MirrorManager admin rights. Adrian _______________________________________________ infrastructure mailing list infrastructure(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure

13 years, 1 month

1
0
0 / 0

RFR Owner Expectations

by Toshio Kuratomi

https://fedorahosted.org/fedora-infrastructure/ticket/2674 https://fedoraproject.org/wiki/Infrastructure/RFR_Responsibilities%28draf... We're currently suffering under the weight of too many services and too few admins. Some of that is because the expectations of people submitting RFR's isn't well defined. Here's the start of a document to address that. You're welcome to brainstorm additions to that and later we can work at organization/making it better reading for people making an RFR. I've made it a meeting discussion item to gain visibility and more feedback, but there's no decisions to be made at this time. Just need to be fleshed out more. -Toshio

13 years, 1 month

2
1
0 / 0

Meeting *Tomorrow* 2011-03-17 at 1900 UTC in #fedora-meeting **NOTE NEW TIME**

by Derek Carter

The infrastructure team will be having it's weekly meeting Tomorrow at 1900UTC in #fedora-meeting on the freenode network. Suggested topics (suggested by whom): * RFR docs (Toshio): https://fedorahosted.org/fedora-infrastructure/ticket/2674 * Meeting tagged tickets: https://fedorahosted.org/fedora-infrastructure/query?status=new&status=as... Submit your agenda items, as tickets in the trac instance and/or send a note replying to this thread. Thanks -- Derek aka goozbach

13 years, 1 month

1
0
0 / 0

Intro

by Marco Grigull

Dear infra team, I am based in Brisbane, Australia and spend most of my time extending and looking after engineering resources. I have some experience with templating tool cfengine (and some exposure to puppet) and nagios. I would like to help out with establishing localised resources for existing content and to keep core systems running. I look forward to participating and helping to cover during the Autralasian-Pacific hours. Regards, Marco irc: ciphernaut

13 years, 1 month

2
1
0 / 0

mismatch_cnt on various raid's

by Kevin Fenzi

So, we have been getting weekly mismatch_cnt emails from a number of machines with raid setups. http://fedoraproject.org/wiki/Infrastructure/SOP/Raid_Mismatch_Count Describes a process to run repair and check on them, but in these cases the mismatches have come back right away. Why is that you might ask? It's because these are all raid-1 setups. There are cases where raid1 can and does have a mismatched sector setup and it's perfectly fine. It's still good to run the weekly check on them in case there is a marginal drive that drops out or otherwise shows lower layer problems. See: https://bugzilla.redhat.com/show_bug.cgi?id=566828 So, moving forward I think I will try and do a "hotfix" for /etc/cron.weekly/99-raid-check and make it not mail for raid1 mismatches. (see patch in above bug) Longer term, perhaps there will be a mdadm update for rhel5, or we will get everything moved to rhel6 (which has the fix already). kevin

13 years, 1 month

1
0
0 / 0

Converting old fedora-git-commit-mail-hook users to gnome mail hook on hosted

by Todd Zullinger

Jim Meyering mentioned in #fedora-admin today that pushing to repos which use the fedora-git-commit-mail-hook can produce unwanted output 15:40:23 <meyering> hi guys, I've pushed two batches of c-sets, and noticed what may be a trace of a bug in a git update hook (or maybe some other): 15:40:23 <meyering> $ git push 15:40:23 <meyering> ... 15:40:27 <meyering> Total 13 (delta 10), reused 0 (delta 0) 15:40:30 <meyering> remote: git: 'refs/heads/master' is not a git command. See 'git --help'. 15:40:33 <meyering> To ssh://git.fedorahosted.org/git/iwhd.git 15:40:36 <meyering> b57b085..25ef441 master -> master 15:40:44 <meyering> Note the "remote: git: ... is not a git command." diagnostic I updated the check-perms script to look for repos using the old hook, but before I run it with the --fix option to convert them to the newer hooks we borrowed from the folks at gnome.org, it seems wise to check whether anyone has reasons to avoid doing so or suggestions on how to make sure this doesn't annoy users of fedorahosted.org. The gnome hook is what we use for the infrastructure puppet repo as well as all of the git repos for packages. The formatting should be fairly similar to what the old hook produced, and it does include similar X- headers for folks using those to filter mail. Here's the list of repos which use the old mail hook: [tmz@hosted1 ~ (master)]$ time ~/bin/git-check-perms /git/389/admin-console.git: uses old mail hook /git/389/admin.git: uses old mail hook /git/389/adminutil.git: uses old mail hook /git/389/console.git: uses old mail hook /git/389/ds-console.git: uses old mail hook /git/389/ds.git: uses old mail hook /git/389/dsgw.git: uses old mail hook /git/389/dsmlgw.git: uses old mail hook /git/389/winsync.git: uses old mail hook /git/CloudFS.git: uses old mail hook /git/OpenAPC.git: uses old mail hook /git/TinyEarth.git: uses old mail hook /git/anaconda-help.git: uses old mail hook /git/anaconda-images.git: uses old mail hook /git/anaconda.git: uses old mail hook /git/bharati.git: uses old mail hook /git/bluecurve-classic-metacity-theme: uses old mail hook /git/bluecurve-gdm-theme: uses old mail hook /git/bluecurve-gnome-theme: uses old mail hook /git/bluecurve-gtk-themes: uses old mail hook /git/bluecurve-icon-theme: uses old mail hook /git/bluecurve-kde-theme: uses old mail hook /git/bluecurve-kdm-theme: uses old mail hook /git/bluecurve-kwin-theme: uses old mail hook /git/bluecurve-metacity-theme: uses old mail hook /git/bluecurve-qt-engine: uses old mail hook /git/bluecurve-xmms-skin: uses old mail hook /git/bodhi.git: uses old mail hook /git/booty.git: uses old mail hook /git/cas.git: uses old mail hook /git/certmaster.git: uses old mail hook /git/cloud-kickstarts.git: uses old mail hook /git/comps.git: uses old mail hook /git/courses.git: uses old mail hook /git/d-feet.git: uses old mail hook /git/ding-libs.git: uses old mail hook /git/docbook-utils.git: uses old mail hook /git/docs/about-fedora.git: uses old mail hook /git/docs/elections-guide.git: uses old mail hook /git/docs/fedora-doc-utils.git: uses old mail hook /git/docs/homepage.git: uses old mail hook /git/docs/install-guide.git: uses old mail hook /git/docs/readme-burning-isos.git: uses old mail hook /git/docs/readme.git: uses old mail hook /git/docs/storage-administration-guide.git: uses old mail hook /git/docs/systemtap-beginners-guide.git: uses old mail hook /git/dorrie.git: uses old mail hook /git/elections.git: uses old mail hook /git/fas.git: uses old mail hook /git/fedora-gnome-theme: uses old mail hook /git/fedora-icon-theme: uses old mail hook /git/fedora-infrastructure.git: uses old mail hook /git/fedora-kontributor.git: uses old mail hook /git/fedora-packager.git: uses old mail hook /git/fedora-project-schedule.git: uses old mail hook /git/fedora-screensaver-theme: uses old mail hook /git/fedora-security.git: uses old mail hook /git/fedora-tour.git: uses old mail hook /git/fedora-trans-es.git: uses old mail hook /git/fedora-web.old.git: uses old mail hook /git/fedorabubbles-gdm-theme: uses old mail hook /git/fedoradna-gdm-theme: uses old mail hook /git/fedoradna-kdm-theme: uses old mail hook /git/fedoraflyinghigh-gdm-theme: uses old mail hook /git/fedoraflyinghigh-kdm-theme: uses old mail hook /git/fedorainfinity-gdm-theme: uses old mail hook /git/fedorainfinity-screensaver-theme: uses old mail hook /git/firstboot.git: uses old mail hook /git/fontpackages.git: uses old mail hook /git/freeipa.git: uses old mail hook /git/func.git: uses old mail hook /git/gnome-applet-vm.git: uses old mail hook /git/grid/carod.git: uses old mail hook /git/grid/caroniad.git: uses old mail hook /git/grid/configuration-tools.git: uses old mail hook /git/grid/job_hooks.git: uses old mail hook /git/grid/spqr.git: uses old mail hook /git/grid/wallaby.git: uses old mail hook /git/grid/win32-packaging.git: uses old mail hook /git/grubby.git: uses old mail hook /git/indic-typing-booster.git: uses old mail hook /git/isomd5sum.git: uses old mail hook /git/koji: uses old mail hook /git/libnmserver.git: uses old mail hook /git/livecd: uses old mail hook /git/liveusb-creator.git: uses old mail hook /git/mkinitrd: uses old mail hook /git/moksha.git: uses old mail hook /git/music-creation.git: uses old mail hook /git/newt-syrup.git: uses old mail hook /git/ogrechess.git: uses old mail hook /git/openussd.git: uses old mail hook /git/osutil.git: uses old mail hook /git/piranha.git: uses old mail hook /git/pirut.git: uses old mail hook /git/pyblock.git: uses old mail hook /git/pyjigdo.git: uses old mail hook /git/pykickstart.git: uses old mail hook /git/redhat-rpm-config: uses old mail hook /git/reflector.git: uses old mail hook /git/revisor: uses old mail hook /git/revista-fedora-latam.git: uses old mail hook /git/rhpl.git: uses old mail hook /git/rhq/rhq-config.git: uses old mail hook /git/rhq/rhq-manage-jboss.git: uses old mail hook /git/rhq/rhq-manage-os.git: uses old mail hook /git/rhq/rhq.git: uses old mail hook /git/sanlock.git: uses old mail hook /git/secstate.git: uses old mail hook /git/simon.git: uses old mail hook /git/smolt.git: uses old mail hook /git/snap.git: uses old mail hook /git/spacewalk.git: uses old mail hook /git/sssd.git: uses old mail hook /git/symbolic.git: uses old mail hook /git/system-config-kickstart.git: uses old mail hook /git/timpus-events.git: uses old mail hook /git/trustedcomputing.git: uses old mail hook /git/utrrs.git: uses old mail hook /git/virt_web.git: uses old mail hook /git/webzash.git: uses old mail hook /git/wikirename.git: uses old mail hook /git/xo.git: uses old mail hook 123 problems remain unfixed -- Todd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Every actual state is corrupt. Good men must not obey the laws too well. -- Ralph Waldo Emerson

13 years, 1 month

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

infrastructure March 2011