About cnucnu web
by Pierre-Yves Chibon
Dear all,
As you may know, over the last few weeks I have been working on a small project
called (for the moment) cnucnu web.
You can already see it in place at: http://209.132.184.188/cnucnu/
The idea is to provide a web-interface to the release monitoring script that is
being run for the moment via the wiki: http://fedoraproject.org/wiki/Upstream_release_monitoring
So this web-application replaces the wiki page, allows mapping of projects into
linux distributions and anyone with an OpenID account can contribute to it.
On the back, there is a cron job that runs, check for new version of the project
with the information provided and send a message on fedmsg for every new version
found.
The idea is to host the project on the Fedora infrastructure but, I would prefer
not have it under the fedoraproject.org name as I see it as a broader project than
just for Fedora: Debian, Ubuntu, Arch, Slack, Suse, we all can benefit from this.
I also would like to have it broadcast messages on the debian version of fedmsg
(I'm already in contact with Olsad for this).
So, what I would like to ask is:
* what do you think of the project? Worth pursuing or not?
* Where should it live?
* Domain name suggestions? (release-monitoring.org, cnucnu.org, cnucnuweb.org,
<insert here you own idea>?)
So if we agree to get it up and running, I foresee few steps:
* Check with legal if there are any limitations (ie: can we put non-FOSS projects
in there?)
* Get the domain name
* Update the UI: we already have a design but I think it could be made nicer
(especially the front page) -- Any volunteers?
* Deploy it and see w/ Debian how to have it send messages onto their bus
* Set the DNS to point to the website
I will start the first step now already.
Thoughts?
Pierre
10 years, 2 months
Updating CSI Security Policy
by Joerg Stephan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
it was topic during the last infrastructure meeting that the CSI
Security Policy may is a bit outdated.
https://docs.fedoraproject.org/en-US/Community_Services_Infrastructure/1/...
i would like to review, expand and update it.
If nobody else is currently working on it, I will start to go through
the text and and commit changes and updates.
Cheers
- --
Joerg Stephan
https://fedoraproject.org/wiki/User:Johe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJS3u3KAAoJEMkH+YqO31/BCvEH/j1dnPAE1OI4OPhwQ5UXCipJ
gXlGP4K8Tm1GfJe4zpbIE5RiOcEfTSkjmbEATM6SrPH04ro0orHsgLjrBt28OuER
x/NNL3toG7lelVlHNdTp2Kp0vp//pzxDpTbwG72aJFLxX2XC9KUXneWBB1vG7Q4a
tcr+2EdR9r0BNT/HTPX4v2LP5yo2mGKqY0K6DKQLHGJ/Vm7bMAKFgOnjhhuJsUUh
CJz0/MedA5U/vOAYRD1hAv6k+DCNqnTvXWALywlDa6iBcZKEid1ejigs/kv/nq7I
l9U/zN3VaqeYhD/gmj24MKidFTaKMDFDE6gTG7Wft6gBN+HH9tXbu7rH/1JT79o=
=ecIv
-----END PGP SIGNATURE-----
10 years, 3 months
For dgilmore
by Janez Nemanič
Hi,
here is a patch for ticket
https://fedorahosted.org/fedora-infrastructure/ticket/3632. Dgilmore could
you have a look at it? Let me know if something is wrong?
diff --git a/utils/spam-o-matic b/utils/spam-o-matic
index ba9e059..53c7b32 100755
--- a/utils/spam-o-matic
+++ b/utils/spam-o-matic
@@ -12,6 +12,7 @@ from optparse import OptionParser
from yum.constants import *
from yum.misc import getCacheDir
from collections import defaultdict
+from email.mime.text import MIMEText
# HAAACK
import imp
@@ -168,11 +169,19 @@ Subject: Broken dependencies: %s
%s
""" % (fromaddr, guilty, string.join(conspirators,','), pkgname, data)
+
+ email = MIMEText(msg)
+ email['Precedence'] = 'bulk'
+ email['Auto-Submitted'] = 'auto-generated'
+ email['Subject'] = 'Broken dependencies'
+ email['From'] = fromaddr
+ email['To'] = guilty
+ email['Cc'] = ','.join(conspirators)
if sendmail:
try:
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
- server.sendmail(fromaddr, toaddrs, msg)
+ server.sendmail(fromaddr, toaddrs, email.as_string())
except:
print 'sending mail failed'
--
Janez Nemanic
Lep pozdrav
Best regards
10 years, 3 months
Meeting Agenda Item: Introduction Mario Cavero
by Mario Cavero
Hello! My name is Mario, from Barcelona (Spain). Currently studying
Computer Engineering. I've been using Linux OSes for 3 years; two months
ago switched to Fedora. You'll find me at IRC as mariocav.
I've joined the websites and infrastructure mail lists; actually I don't
think I can contribute so much, as my experience is very limited;
"sysadmin" of a CentOS server that offer web-related services:
dns/mail/http/other-basic-stuff. Some experience in web development:
html/css/js/php, and C/C++ applications.
I'll keep around here and the wikis and hopefully will start helping
with easy fixes soon.
So little things to offer, so many things to learn...
Bye! :)
10 years, 3 months
QA Client Network Isolation and FAS Groups
by Tim Flink
One of the things that QA is focusing on ATM is getting better
automation support for Fedora. We're currently doing this in two ways
(that will eventually combine):
- taskotron (replacing autoqa)
- beaker (different type of system - used by Red Hat QE, who is
interested in running some of their tests upstream in Fedora)
Before we start granting access to the systems to Fedora contributors,
we want to a) make the process relatively easy and b) isolate the
client machines so that if something goes wrong or a bad actor gains
access to them, any potential problems can be limited.
To do this, I'd like to propose one change and ask for input on another.
The first change is with FAS groups and shell access. To the best of my
knowledge, in order to ssh into the bastion hosts, a user needs to be a
member of the sysadmin group. While this works well for sysadmin
people, I'm not sure I see a benefit of sending all sysadmin email to
folks who are just looking to debug beaker or taskotron clients. I'd
like to propose the creation of a new FAS shell group for qa automation
and separate groups for beaker users, beaker admins, taskotron users
and taskotron admins (qa-automation, beaker, beaker-admin, taskotron,
taskotron-admin).
The qa-automation group wouldn't need access to bastion01, just
whichever bastion host has access to the automation clients
(bastion-comm01 for now). The other groups would be kind of like the
relationship between the various sysadmin FAS groups and the base
sysadmin group (ie, sysadmin access for all members, sysadmin-dns,
sysadmin-qa etc. for farther access).
Does this seem reasonable and do-able? If so, I'd like to get the FAS
group stuff done in the relatively near future - not "drop everything
and do it now" but ideally in the next couple of weeks if possible.
For network isolation, I don't pretend to be an expert on networking so
I'll describe the functionality that we're looking for and what I think
might work for a solution, but I'll defer to the expertise here on
whether it's a good idea or not :)
The beaker and taskotron clients will need network access to several
Fedora systems in order to work.
Taskotron Clients:
- Taskotron buildmaster
- bodhi, koji, repos, dist-git, task-git (part of taskotron, not yet
created), resultsdb (also part of taskotron)
Beaker Clients:
- Beaker server and lab controller (same system for now)
- repos, maybe grabbing packages from koji/bodhi
I put together a quick diagram with the various network connections:
http://tflink.fedorapeople.org/taskotron/client-network-connections.png
From a few previous conversations, I think that a private network for
the clients could provide the isolation that we're looking for. As far
as getting network access to the systems needed to function, I figured
that the beaker server and taskotron master would have network
interfaces on this private network and a gateway could be used to
restrict outgoing traffic to only the resources required.
All of the clients would be hosted on the qa virthosts, which are
currently in the same rack. I was thinking that it would be possible to
use one of the network interfaces in these virthosts to create this
private network (assuming that the network switch capacity is
available) but I'm definitely open to other ideas.
Does this idea for network access and isolation seem reasonable and
do-able? I figure that the network isolation/access part will require
more discussion and time for implementation after a decision is
reached. Our systems will work fine with the current network
configuration but I wanted to get this part of the conversation started
so that the implementation could happen before we get too far with
automation development.
Thanks,
Tim
10 years, 3 months
Contributing to Fedora on Websites and Infrastructure projects
by Nitin Agarwal
Hi,
Here, its Nitin Agarwal, Software Developer and Programmer. I am currently
pursuing Computer Science and Engineering at International Institute of
Information Technology, INDIA.
I would like to contribute to Fedora on the Websites and Infrastructure
Projects. My interests lies in Programming, Web Development, System
Administration, Linux Operating System and working with Open Source
Organisations. I code in GNU C/C++, Python, JavaScript and also familiar
with many Content Management Systems and Web Applications Development
tools.
I would like to work on the ongoing Websites and Infratstructure project
works of Fedora and carry on with the project through Gsoc 2014 and
afterwards, become a regular contributor to Fedora.
One can see my username as Fedora over here :
https://fedoraproject.org/wiki/User:Nitin3006
Github : *https://github.com/NitinAgarwal <https://github.com/NitinAgarwal>*
IRC : nitinagarwal3006
--
*Nitin Agarwal*
Department of Computer Science and Engineering
International Institute of Information Technology
Gachibowli, Hyderabad 500 032
Andhra Pradesh, India
Phone : +91-9573572831
Website : www.nitinagarwal.in
Github :
*https://github.com/NitinAgarwal <https://github.com/NitinAgarwal>*IRC :
nitinagarwal3006
Skype : nitinagarwal3006
10 years, 3 months
state of the askbot
by Kevin Fenzi
Greetings.
I thought I would write up an email where we stand with
ask.fedoraproject.org and things we need to get done and things I would
like to see. ;)
Staging:
- Thanks to anshprat and echevemaster we got a askbot-0.7.49 rpm put
together.
- We got our old staging all working with it.
- However, being the paranoid sort and seeing that we had a bunch of
people poking at it locally and doing all kinds of things to it, I
decided to do a clean staging instance to make sure it would work as
expected.
- I migrated ask01.stg over to ansible and destroyed the old instance
and made a new one with 0.7.49 and the config/etc we had in puppet.
- I had to tweak some more things to get it up and going.
- It's now up, but it tracebacks in trying to add new questions (at
least).
- I didn't do anything to the database, it's the same one we were using
for staging before.
So, what we need here is to figure out whats wrong with it now and get
it working, or possibly wipe the db and put the production one over
there (downside there is that it might send emails, which would confuse
users, so we need to make sure that doesn't happen if we go that
route).
Once we have it all working. I will wipe and make a fresh instance of
it. I want it to come up working from whats in ansible before we touch
production.
Production / misc:
- feedback link is broken, so people send feedback to
admin(a)fedoraproject.org. This is not great as I don't have time/know
about specific things some people ask.. Where should we point these?
sysadmin-ask-members(a)fedoraproject.org?
- I have no idea who all is still active in wanting to work on askbot.
We should figure that out. Perhaps we could cull the sysadmin-ask
group down to those people who are still around and are willing to
work on it?
- Fedora theme: Ryan was working on that a whlile back. It would sure
be nice to get something out there, even if it's not perfect.
- It would also be nice to have some way to communicate/collaborate
with moderators/admins. Sometimes people ask for karma changes or
voting changes or whatever, and it would be nice to have a place to
discuss that. I guess meta on the site itself might work, but we
should decide.
- multilang support. The new 0.7.49 has multilang support, but it
wasn't working last we tried it. We should really try and get this
working. There are already communities with their own ask instances
that could be using the main Fedora one. ;)
- The rawhide/Fedora version is still on 0.7.48. There's at least one
issue with python-celery and django-celery needing to sync up, but it
still needs someone interested in watching that and updating it and
testing it, etc. We should make sure it works in Fedora. :)
- Theres 8 open ask infrastructure tickets:
#3654 Ask Fedora uses flags to show a user's location
(needs working with upstream to enable disabling them)
#4012 ask.fedoraproject.org 'give feedback' broken
#3818 Enable multilingual support in ask
( hopefully fixed with upgrade )
#3840 [HOTFIX] Adding upstream fix to post-office to re-enable
html mailing
(needs someone to make sure this went upstream, if it's in 0.7.49, etc)
#3884 Apply Fedora theme to Ask Fedora
#3528 Banner for new user points to FAQ but doesn't provide link
(needs the theme to exist)
#3919 Disable identi.ca login
#3675 Unable to re-tag posts on Ask Fedora
(needs working with upstream/making hotfixes)
kevin
10 years, 3 months
Meeting Agenda Item: Introduction Lexi Farar
by af
Hello,
My IRC handle is: kawaii-50
I am an Information Assurance Engineer with a background in systems administration and general technical support. In my daily work I make sure the systems, Red Hat Enterprise, CentOS, Solaris and various flavors of Windows are secure and that appropriate security controls are in place. I do manual audits for both Linux and Windows, but am still a beginner with Linux. So, I would like to start out by helping maintain the Linux servers and hopefully put my security knowledge to work as well.
I look forward to joining the team and want to be a hands-on contributor to the project.
Thanks.
Lexi
10 years, 3 months
