Freeze break request: Disable puppet on compose-x86-01
by Kevin Fenzi
Greetings.
I'd like to disable the puppet cron job on compose-x86-01.
This machine is our Fedora 17/rawhide compose machine. Sadly, puppet is
currently broken in f17/rawhide due to the ruby 1.9.3 upgrade there.
So, currently, we just get 2 emails an hour saying it failed to work.
I'd like to disable this until such a time as we have again a working
puppet client in f17/rawhide to test out.
This shouldn't affect anything on the machine as it's not been able to
run in a long time anyhow.
kevin
12 years, 1 month
Meeting Agenda Item: Introduction Nicholas Alonge
by Nicholas Alonge
IRC nick: cafejunkie (on freenode)
Hello! My name is Nick and I'm a (junior) Linux Admin looking to help
out the Fedora Infrastructure team. Fedora has always been my favorite
Linux distro and I want to contribute back to the Fedora Project to help
Fedora advance and to also gain personal experience with a variety of
technologies.
I am proficient with Python for writing administrative scripts and
recently started branching out into web application development. I also
help operate an IRC network where I just recently rolled out Puppet and
Nagios.
I am mostly interested in joining the NOC team and would also love to
help out with development of the web apps.
I'll be hanging around IRC for the next week or so to see how things
work and where I can help out. Hope to see you there.
12 years, 1 month
Re: setting up new user account - Fedora
by Buddhike Kurera
On Fri, Mar 23, 2012 at 3:03 PM, Waldemar Antonik
<waldemar.antonik(a)yahoo.ie> wrote:
> hi,
> I wanted to set up my user account on the below website:
> https://admin.fedoraproject.org/accounts
>
> I have alredy tried couple of times using my email and login ( 'breadfan' or
> breadfan1979' ) and nothing! I havent got any email confirmation and my
> password which I could then reset.
>
> it looks like the functionality of this page isnt up to the right standards.
>
> it's really dissapointing when one wants to translate docs for Fedora and is
> not able to even sign up!! I dont see there even the right point of contact
> in case of any issues. i saw your mail written with vy vy small letters, so
> I am hoping you could help here somehow...?
>
> many thanks in advance
> Waldi
>
Dear Waldi,
Please do not disappointed, one of members from the web site team will
help you soon.
For more attention I m ccing this mail to infrastructure team as well.
THanks for your interest and support and please wait for assistant.
--
Regards,
Buddhike Chandradeepa Kurera(bckurera)
Fedora Ambassador - APAC region
Event Liaison - Design Team
Email: bckurera@fedoraproject.org | IRC: bckurera
12 years, 1 month
Fwd: [Mailman-Developers] RELEASED: GNU Mailman 3.0 beta 1 and Postorius 1.0 alpha 1
by Christopher Meng
This is mailman 3 beta 1 newsletter.Is it helpful for FY13 Plan's
Mailing List Improvement Application?
https://fedoraproject.org/wiki/Fedora_Engineering/FY13_Plan
Thanks.
---------- Forwarded message ----------
From: Barry Warsaw <barry(a)list.org>
Date: Sat, Mar 24, 2012 at 10:00 AM
Subject: [Mailman-Developers] RELEASED: GNU Mailman 3.0 beta 1 and
Postorius 1.0 alpha 1
To: mailman-announce(a)python.org
Cc: mailman-developers(a)python.org, mailman-i18n(a)python.org,
mailman-users(a)python.org
Hello Mailman enthusiasts!
Use the key, unlock the door
See what your fate might have in store...
Building on the excitement and amazing progress at our sprints at Pycon 2012,
I am very happy to announce the availability of GNU Mailman 3.0 beta 1, code
named "The Twilight Zone".
After nearly four years of design, discussion, and development, we can now see
a clear path to a final release. I thank everyone who has helped us get here,
by participating on the mailman-developers mailing list, the bug tracker, in
private conversations, and code contributions, both to Mailman itself and all
the great projects it builds on. Special thanks go to our recent sprinters,
Andrea Crotti, Florian Fuchs, Toshio Kuratomi, Daniel Mizyrycki, Terri Oda,
Mark Sapiro, and Stephen Turnbull.
While you do want to be careful using 3.0b1 in production, I hope that you
will get a copy of the code and run it through its paces. Several people are
known to be running real mailing lists using the code base. At this point,
the feature set is frozen, as is the database schema. We'll use the schema
migration machinery to do any schema changes from here to the final release.
I'm also ecstatic to announce the first alpha release of Postorius, our new
official name for the Django-based Mailman 3 web user interface. The name was
suggested by core developer Florian Fuchs in honor of a bass hero of both of
ours, Jaco Pastorius. Postorius 1.0 alpha 1 is code named "Space Farm".
Postorius is in large part based on the great work of Anna Senarclens de
Grancy and Benedict Stein who worked on a new Mailman web ui during their
Google Summer of Code projects in 2010 and 2011. This alpha version connects
to Mailman 3.0's REST API to add and edit lists and domains, as well as to
moderate messages. It uses Django's auth app and Mozilla's BrowserID for
authentication (a list of the current features is contained in the NEWS file
of the package). Apart from the current state there are many more ideas left
for the upcoming releases. There is a great team working on the web ui as
well as on a new archiver, so stay tuned, and come join us!
You can download GNU Mailman 3.0b1 from Launchpad or the Python Cheeseshop:
https://launchpad.net/mailman
http://pypi.python.org/pypi/mailman
Postorius 1.0a1 is available from Launchpad and Cheeseshop as well:
https://launchpad.net/postorius
http://pypi.python.org/pypi/postorius
The GNU Mailman documentation is available online at:
http://packages.python.org/mailman/
You can submit bug reports to GNU Mailman and Postorius at:
https://bugs.launchpad.net/mailman
https://bugs.launchpad.net/postorius
GNU Mailman and Postorius are released under the GNU General Public License
version 3 or later.
Enjoy!
-Barry
(On behalf of the entire GNU Mailman development team)
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers(a)python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/cickumqt%40gmai...
Security Policy: http://wiki.list.org/x/QIA9
12 years, 1 month
add pkg on lockbox01
by Seth Vidal
I don't think I need the +1's for this but I'll ask anyway.
I need to install python-paramiko on lockbox so I can test out
something for the builder reinstall process I'm working on.
I don't want it permanently installed (yet) just trying it out.
can I get two +1s?
-sv
12 years, 1 month
Freeze Break request: set httponly True in all our TG1 apps
by Kevin Fenzi
Greetings.
See this ticket for some background:
https://fedorahosted.org/fedora-infrastructure/ticket/3022
I have tested all these in staging, so I don't think there will be any
issues with anything, but if so we can always revert pretty easily.
I also set secure on all our TG1 apps that didn't have that set.
+1s?
kevin
--
diff --git a/modules/bodhi/templates/bodhi-prod.cfg.erb b/modules/bodhi/templates/bodhi-prod.cfg.erb
index 9c176de..d554253 100644
--- a/modules/bodhi/templates/bodhi-prod.cfg.erb
+++ b/modules/bodhi/templates/bodhi-prod.cfg.erb
@@ -71,6 +71,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
+visit.cookie.httponly = True
# Our identity that we use to fetch bugzilla details and such
bodhi_password='<%= bodhiBugzillaPassword %>'
diff --git a/modules/elections/templates/elections-prod.cfg.erb b/modules/elections/templates/elections-prod.cfg.erb
index d1bfc24..0b379fd 100644
--- a/modules/elections/templates/elections-prod.cfg.erb
+++ b/modules/elections/templates/elections-prod.cfg.erb
@@ -45,6 +45,9 @@ autoreload.on=False
autoreload.package="elections"
server.log_to_screen=False
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# Auto-Reload after code modification
# autoreload.on = True
diff --git a/modules/fas/templates/fas.cfg.erb b/modules/fas/templates/fas.cfg.erb
index 08b58ff..3232b40 100644
--- a/modules/fas/templates/fas.cfg.erb
+++ b/modules/fas/templates/fas.cfg.erb
@@ -117,7 +117,7 @@ server.log_to_screen = False
# Make the session cookie only return to the host over an SSL link
visit.cookie.secure = True
session_filter.cookie_secure = True
-
+visit.cookie.httponly = True
###
### Communicating to other services
diff --git a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
index 32c3d91..a3674b6 100644
--- a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
+++ b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
@@ -61,6 +61,7 @@ identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
visit.manager="jsonfas2"
visit.saprovider.model="fedora.accounts.tgfas.Visit"
visit.cookie.secure = True
+visit.cookie.httponly = True
mirrormanager.admin_group = 'sysadmin-web'
mirrormanager.max_stale_days = 2
diff --git a/modules/smolt/templates/prod.cfg.erb b/modules/smolt/templates/prod.cfg.erb
index 0e10dbd..2c34b3d 100644
--- a/modules/smolt/templates/prod.cfg.erb
+++ b/modules/smolt/templates/prod.cfg.erb
@@ -60,6 +60,9 @@ tg.strict_parameters = True
tg.ignore_parameters = ["_csrf_token"]
tg.scheduler = True
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
# LOGGING
# Logging configuration generally follows the style of the standard
# Python logging module configuration. Note that when specifying
12 years, 1 month
Fw: networking questions
by Dennis Gilmore
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey all i asked a couple of questions of calxeda about networking on
thier arm hardware im forwarding on the attached response. if we have
more questions we can ask.
Dennis
Inicio del mensaje redirigido:
Fecha: Wed, 21 Mar 2012 18:38:26 -0500
Desde: Mark Langsdorf <mark.langsdorf(a)calxeda.com>
Para: Dennis Gilmore <dennis(a)ausil.us>
Asunto: Re: networking questions
On 03/20/2012 04:04 PM, Dennis Gilmore wrote:
> Hi Mark,
>
> finally sorted out email. a corrupt imap cache caused claws to sigbus,
> always fun. so to the networking question.
>
> in fedora infrastructure today we have 4 different vlans i think. how
> we see would do things would be to have a single 10g uplink into the
> network. say we had a 100 node system.
>
> we would bond all 4 vlans into the uplink, then want to setup the
> switch fabric on the system to be something like
>
> nodes 1-20 - fedora infra public vlan <where we run our proxies and
> appservers etc>
> nodes 21-40 - qa vlan for tying into the qa infrastructure
> nodes 41-100 - build vlan, where all our builders live.
It will possible to set up a system this way. The ECMEs will have
support for VLAN tagging, and you would set up the VLAN IDs as part of
the normal process of configuring the network and fabric. The basic
process would be a sequence of IMPI and TFTP transfers to request the
node configuration files, edit them, return them to the nodes, and
commit them. You'd have to do some of that anyway just to set up things
like static IP vs DHCP.
The network guys did have this to say specifically:
"I would like to note, that while your configuration is perfectly valid,
it may result in uneven performance. Using only one of the four uplinks
means connecting at only one point on our fabric. I understand that 10Gb
ports may be hard to come by, but four 1Gb uplinks may provide a more
even performance than a single 10Gb uplink.
"And since you have four VLANS, if you went to four 1Gb links, you could
have your switch ports act as termini for the four VLANS and then
through our configuration interface map the network interfaces to match
your VLAN needs. In that fashion, you would not need to have the
management engine and servers add/remove VLAN tags at all."
Hope this information helps you guys decide your provisioning plans.
- --Mark Langsdorf
Calxeda, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEYEARECAAYFAk9rd40ACgkQkSxm47BaWffR3gCfd8UI1QszISLVI3BMf1fVUCRc
hiYAn2awU6rzBeNPBLNjH2VgC2mu2+v8
=ZpMQ
-----END PGP SIGNATURE-----
12 years, 1 month
Soliciting Infrastructure feedback on Fedora ARM primary arch proposal
by Dennis Gilmore
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everybody.
This Monday FESCo did an initial review of the ARM team's ARM PA Feature
proposal. As part of that review, they requested we get in touch with
affected groups including Infrastructure. What we need is to get
feedback on what's been written and what still needs to be written as
it pertains to Infrastructure. I know we have had some brief
discussions already but id like to get everything together in one place
to make sure we capture all of the requirements from infra, and that we
have a workable, scalable, manageable solution. I do realise some of
its a bit hard right now as we are not 100% sure how the hardware will
look and work in practice.
The feature page in question is:
https://fedoraproject.org/wiki/Features/FedoraARM
As you might have already ready on devel@, this is a work in
progress and has some known deficits. We'll keep updating it based on
the feedback we receive until we have a plan that works for all the
stakeholders. If you have some feedback that you haven't already
shared on devel@, or that you want to share again because it's really
important and infra related please reply to this message and let us
know.
Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iEYEARECAAYFAk9ra2oACgkQkSxm47BaWfeY9QCfRAahzvzOa10Z4nCwG0AuW77c
j4gAoIYJ/N6bQPR3KEOfmAc8DeNjQwWa
=dsfC
-----END PGP SIGNATURE-----
12 years, 1 month
Plan for tomorrow's Fedora Infrastructure meeting (2012-03-22)
by Kevin Fenzi
The infrastructure team will be having it's weekly meeting tomorrow
2012-03-22 at 20:00 UTC in #fedora-meeting on the freenode network.
Suggested topics (suggested by whom):
#topic New folks introductions and Apprentice tasks.
If any new folks want to give a quick one line bio or any apprentices
would like to ask general questions, they can do so here.
#topic two factor auth status
#topic Staging re-work status
#topic Applications status / discussion
Check in on status of our applications: pkgdb, fas, bodhi, koji,
community, voting, tagger, packager, dpsearch, etc.
If there's new releases, bugs we need to work around or things to note.
#topic Upcoming Tasks/Items
#info 2012-03-20 to 2012-04-03 - F17 Beta Freeze
#info 2012-03-27 - drop inactive maintainers from packages.
#info 2012-04-01 - nag fi-apprentices.
#info 2012-04-03 - F17Beta release day
#info 2011-04-03 - gitweb-cache removal day.
#info 2012-04-10 - drop inactive fi-apprentices
#info 2012-04-24 to 2012-05-08 - F17 Final Freeze.
#info 2012-05-01 - nag fi-apprentices.
#info 2012-05-08 - F17 release
#topic Tickets from Ages past
In this topic we will dredge up old tickets, discuss them and decide if
we should do them, retarget them, close them or break them into smaller
tickets.
#topic Meeting tagged tickets:
https://fedorahosted.org/fedora-infrastructure/report/10
#topic Open Floor
Submit your agenda items, as tickets in the trac instance and send a
note replying to this thread.
More info here:
https://fedoraproject.org/wiki/Infrastructure/Meetings#Meetings
Thanks
kevin
12 years, 1 month