Plan for tomorrow's Fedora Infrastructure meeting (2014-09-18)
by Kevin Fenzi
The infrastructure team will be having it's weekly meeting tomorrow,
2014-09-18 at 18:00 UTC in #fedora-meeting on the freenode network.
Suggested topics:
#topic New folks introductions and Apprentice tasks.
If any new folks want to give a quick one line bio or any apprentices
would like to ask general questions, they can do so in this part of the
meeting. Don't be shy!
#topic Freeze reminder
#topic Applications status / discussion
Check in on status of our applications: pkgdb, fas, bodhi, koji,
community, voting, tagger, packager, dpsearch, etc.
If there's new releases, bugs we need to work around or things to note.
#topic Sysadmin status / discussion
Here we talk about sysadmin related happenings from the previous week,
or things that are upcoming.
#topic nagios/alerts recap
Here we go over the last weeks alerts and see if we can find ways to
make it so they don't happen again.
#topic Upcoming Tasks/Items
https://apps.fedoraproject.org/calendar/list/infrastructure/
#topic Open Floor
Submit your agenda items, as tickets in the trac instance and send a
note replying to this thread.
More info here:
https://fedoraproject.org/wiki/Infrastructure/Meetings#Meetings
Thanks
kevin
9 years, 6 months
FedOAuth deprecation: merging efforts with Ipsilon
by Patrick Uiterwijk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
As most of you probably know, the authentication system in use at the Fedora Infrastructure currently is FedOAuth[1], of which I am the original author (original name was FAS-OpenID) and primary maintainer.
A little while ago, Petr Spacek let me know[2] that there was a project with the same goals (multi-protocol federated identity provider) also going on: ipsilon[3] (he also notified ipsilon upstream[4]).
After discussing with the ipsilon author, we decided that we are going to merge efforts, because we are currently duplicating a lot of effort on both ends.
After consideration of the state of both codebases, we decided we would move forward with the ipsilon codebase.
The ipsilon codebase does lack some features that FedOAuth has, and we are now working on getting all those features that FedOAuth has but ipsilon lacks into ipsilon.
After this is completed, and ipsilon gets stable enough, I will be going to move all current FedOAuth instances over to using ipsilon, this includes the Fedora Infrastructure instance.
To keep track of the features that ipsilon is currently missing and the steps required to replace FedOAuth with ipsilon in the Fedora Infrastructure, we have a wiki page[5]: please let me know if we missed anything or if it needs clarification.
There is currently no hard schedule for the migration yet, because we first need to get all missing features into ipsilon.
I will keep this list updated on when we have all required features into ipsilon and when we will start the next steps of the migration process.
If anyone has any comments, remarks or questions regarding this, please let me know!
[1]: https://github.com/FedOAuth/FedOAuth
[2]: https://github.com/FedOAuth/FedOAuth/issues/61
[3]: https://fedorahosted.org/ipsilon/
[4]: https://www.redhat.com/archives/freeipa-devel/2014-August/msg00046.html
- --
Patrick Uiterwijk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJUGf0wAAoJEIZXmA2atR5QOewP/2KsH6DxBDKVmmX7S/K+oDle
njWsk3QUrjhM3IyDrP853pCAgvXCkhLz6lpkM6SxmlTW82Rqyf6AeQitgv5MYFMB
VPq5s5mA7mYpFLPeom6HD/taxyCHifZwU27qGTZ8Ohr2VCcNIJdUCAcVknBHDRC7
vcW+yDha7DE0GZMMBl5jOQycWsnMP0yhcqjtsh9g5yL9u/Y004pe60mIlC5Lyy5R
wXENJOe3KPPL0Nfm2u540xIRYbE4oj8+z/BXvCqX4hem71X29+qEuPgFkuyrcdBl
pN27uItFCCzysqtH2qoyHTgYupyhv2/KRNLCbx0RUKV8X49qajeZffHmeB2/SJuk
EIXVrf+7csE2cEL+OkKojNpxP5wfAiuO27dIJxebGriissOXedPHyAUyAo+AHXi/
AyKfqfDhE1kVpExXUqYzXgHTe1hNr5cB649GNURpp0Sk4ROQwAjh3p7tc51itjC+
nuKqSXrrHg5GBQHZTC2134GiNqr9P0j/6VIokqPVeW1boGx8KSPKKDiKG/2gUcF3
D9SxI+1i9G0V2mFp8b3rb5oYVAfA1HCIPdF06tdU1SWF80ATc9TBm8DuIMxQL2Q8
Mow/pXX0KFsk677KqlGt85S4zVvipXvWyf6LhAQwqvvngKNJSnxjqiuNj4gkrjtA
szSAk9znPqvwSBURf1Yb
=Knn4
-----END PGP SIGNATURE-----
9 years, 6 months
System freeze break: Clean out old files in puppet
by Stephen John Smoogen
There are 3 gigs of old files in puppet buckets. These are the original
files before puppet updates them on the system. I would like to remove all
files older than 90 days in the buckets as they shouldn't be useful for our
needs.
--
Stephen J Smoogen.
9 years, 6 months
Atomic/infra/rel-eng meeting
by Paul W. Frields
We agreed ad hoc in IRC to move our regular Atomic/infra/releng sync
meeting for *this week* to tomorrow (Wed 2014-Sep-17) at 2:00pm EDT /
1:00pm CDT / 1800 UTC so we can catch Dennis without making it hard
for him to pick up his daughter from school.
In the future the meeting will be back on Tuesday, but again at that
*new* time of 2:00pm EDT / 1:00pm CDT / 1800 UTC.
Dennis, does that work better for you?
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
The open source story continues to grow: http://opensource.com
9 years, 6 months
September status update for Fedora Infrastructure Apprentices
by Kevin Fenzi
Greetings.
You are getting this email because you are in the 'fi-apprentice' group
in the fedora account system (or are reading this on the
infrastructure list).
Feel free to reply just directly to me, or cc the infrastructure list
for everyone to see and comment on.
https://fedoraproject.org/wiki/Infrastructure_Apprentice
At the first of every month(or so), I am going to be sending out an
email like this one. I would like feedback on how things are going for
you.
I'd like to ask for everyone to send me a quick reply with the
following data or anything related you can think of that might help us
make the apprentice program more useful.
0. Whats your fedora account system login?
1. Have you logged in and used your fi-apprentice membership to look at
our machines/setup in the last month? Do you plan to?
2. Has it helped you decide any area you wish to focus on or contribute
to more?
3. Have you looked at or been able to work on any of the fi-apprentice
'easyfix' tickets?
https://fedorahosted.org/fedora-infrastructure/report/14
4. Do you still wish to be a member of the group? If not (for whatever
reason) could you provide any hints to help others down the road?
5. Is there any help or communication or ideas you have that would help
you do any of the above?
6. What do you find to be the hardest part of getting involved?
Finding things to work on? Getting attention from others to help you?
Finding tickets in your interest area?
7. Have you been able to make any weekly irc meetings? Do you find them
helpful or interesting?
8. What is your favorite book of all time? :)
Any other general feedback is also quite welcome, including
improvements to this email, the wiki page, etc.
Any folks I do not hear from in the next week will be removed from the
group. (Note that it's easy to be readded when you have time or
whatever and it's nothing at all personal, we just want to keep the
group up to date with active folks).
Thanks, and looking forward to your feedback!
kevin
9 years, 6 months
Entropy on VM for gpg
by Valentin Gologuzov
Hi,
I need to generate a lot of gpg keys for package signing in Copr,
and VMs in cloud have low entropy for cryptography, that results
in very-very slow key generation.
I've have solved it with `haveged` daemon, is it proper solution or
i need something else?
--
Best regards,
Gologuzov Valentin.
9 years, 6 months
Freeze break: install ansible-openstack-modules on lockbox01
by Kevin Fenzi
I'd like to install ansible-openstack-modules rpm on lockbox01.
This is for ticket 4519 and will help us get our new cloud install up
and running.
+1s?
kevin
--
diff --git a/modules/ansible/manifests/init.pp b/modules/ansible/manifests/init.pp
index 0c2c81c..3db1ee3 100644
--- a/modules/ansible/manifests/init.pp
+++ b/modules/ansible/manifests/init.pp
@@ -4,6 +4,10 @@ class ansible::ansible {
ensure => present,
}
+ package { ansible-openstack-modules:
+ ensure => present,
+ }
+
file { '/etc/ansible/ansible.cfg':
source => 'puppet:///ansible/ansible.cfg',
require => Package['ansible']
9 years, 6 months
Freeze break: update exclude list for clamav scan on pkgs01
by Kevin Fenzi
Newer versions of the fwsnort package have a false positive with clamav
virus scanning.
I'd like to make the exception for that package more general so we
don't have to keep updating versions.
I don't see any impact from this really...
+1s?
kevin
--
diff --git a/manifests/services/distgit.pp b/manifests/services/distgit.pp
index c9ec76a..8f3137b 100644
--- a/manifests/services/distgit.pp
+++ b/manifests/services/distgit.pp
@@ -44,7 +44,7 @@ class distgit {
clamav::clamscan { 'admin(a)fedoraproject.org':
paths => '/srv/cache/lookaside/pkgs',
- excludes => ['clamav-', 'amavisd-new-2.3.3.tar.gz', 'bro-20080804.tgz', 'mailman-', 'sagator-', 'nicotine', 'fwsnort-1.0.6.tar.gz', 'psad-2.1.7.tar.bz2', 'pymilter-', 'linkchecker-' ]
+ excludes => ['clamav-', 'amavisd-new-2.3.3.tar.gz', 'bro-20080804.tgz', 'mailman-', 'sagator-', 'nicotine', 'fwsnort-*', 'psad-2.1.7.tar.bz2', 'pymilter-', 'linkchecker-' ]
}
git::git-server { '/srv/git/rpms': }
diff --git a/modules/ansible/manifests/ini
9 years, 6 months