You are getting this email because you are in the 'fi-apprentice' group
in the fedora account system (or are reading this on the
Feel free to reply just directly to me, or cc the infrastructure list
for everyone to see and comment on.
At the first of every month(or so), I am going to be sending out an
email like this one. I would like feedback on how things are going for
I'd like to ask for everyone to send me a quick reply with the
following data or anything related you can think of that might help us
make the apprentice program more useful.
0. Whats your fedora account system login?
1. Have you logged in and used your fi-apprentice membership to look at
our machines/setup in the last month? Do you plan to?
2. Has it helped you decide any area you wish to focus on or contribute
3. Have you looked at or been able to work on any of the fi-apprentice
4. Do you still wish to be a member of the group? If not (for whatever
reason) could you provide any hints to help others down the road?
5. Is there any help or communication or ideas you have that would help
you do any of the above?
6. What do you find to be the hardest part of getting involved?
Finding things to work on? Getting attention from others to help you?
Finding tickets in your interest area?
7. Have you been able to make any weekly irc meetings? Do you find them
helpful or interesting?
8. Whats your favorite type of pet?
Any other general feedback is also quite welcome, including
improvements to this email, the wiki page, etc.
Any folks I do not hear from in the next week will be removed from the
group. (Note that it's easy to be readded when you have time or
whatever and it's nothing at all personal, we just want to keep the
group up to date with active folks).
Thanks, and looking forward to your feedback!
To access the crawler logs from the MM2 web-interface (small code
changes still required) I need a web-server on mm-crawler01 which
exports /var/log/mirrormanager/crawler so that I can access the files
for example. I am not really sure what changes are necessary to get the
reverse proxies to forward that request to the right backend
(mm-crawler01) and some help setting this up would be appreciated.
The infrastructure team will be having it's weekly meeting tomorrow,
2015-03-19 at 18:00 UTC in #fedora-meeting on the freenode network.
This week we are continuing to try something new.
We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
fedora-infrastructure-meeting-next is the document.
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of this
morning is included in this email.
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and info and
discussion items and so forth, then use it in the irc meeting to transfer
information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2015-03-19)
#chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk
#topic New folks introductions / Apprentice feedback
= Status / information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info datanommer performance enhancements complete in production, resulting in significant speed gains. - ralph
#info new zodbot feature deployed: karma+fedmsg plugin - ralph
#info new zodbot feature deployed: more granular meetbot fedmsg messages - ralph
#info converted another mirrorlist server to mirrormanager2 - kevin
= Things we should discuss =
(Use #topic your discussion topic - your username)
#topic Update Fedora Infrastructure Apprentice wiki with Ansible ticket workflow - mhurron
Specifically there is a http://infrastructure.fedoraproject.org/infra/docs/puppet.txt but not a complimentary ansible.txt
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for improvement,
etc. Whoever would like to do this, just add the info in this section)
#topic Learn about sigul (our rpm signing server) - kevin
= Meeting end stuff =
#topic Open Floor
While the rbac-playbook script helps people run playbooks, it's missing
some significant features that make ansible much easier to use. We're
replacing the old rbac-playbook script with a new piece of code that
does the same role-based access control but has some new features.
The usage of rbac-playbook will be pretty much the same as it has been
with some new options which should make make life easier. The old
script will be replaced with ansible_utils later today.
the '-t <tagname>' option will run only the parts of a playbook which
are tagged with that <tagname> which allows single sections of a
playbook to be run instead of running through everything, every time
the '-l <inventory name>' option will run a playbook but exclude all
targets that don't match <inventory name>. This is very useful when
you want to run a playbook without targeting all the hosts it was
Start At Task:
the '--start-at-task <task name>' option runs the entire playbook but
skips all tasks before <task name> which is useful when re-running a
longer playbook to correct a failure.
The new script is part of the ansible_utils package which can be found
If you find any issues, please let me know or file an issue in the
I work for the Red Hat Product security team, and have been a fedora
contributor for several years. I was involved with Linux security issues
like heartbleed, shellshock etc.
For some time, I have noticed that due to the way fedora mirrors work,
it takes a lot of time for the packages with security fixes (specially
ones which have critical impact like openssl) to sync to mirrors. We
have been announcing links to koji builds for our users in the meantime,
which is really not scalable for large installs etc.
Also many times, while talking in conferences and otherwise to fedora
users, it seems the main concern is the time it takes these security
fixes to hit our mirrors.
I have tried talking to several people about a possible solution,
including CentOS guys and it seems there needs to be a solution to this
One possible solution which i can think of, is to have a security repo,
which is not mirrored but centrally location, of-course there are
several problems with this approach and needs more discussion.
Let me know if this is the wrong list, or i need to mail someone else to
get the ball rolling.
Thanks for your time.
Huzaifa Sidhpurwala / Red Hat Product Security Team
Right now the MM2 backend and MM2 crawler cronjobs in staging are all
running as root. This seems unnecessary and I would like to change it to
the user mirrormanager (like it is on the mirrorlist server).
The mirrorlist has in the systemd service the user and group
mirrormanager mentioned. I would like to create this user in the RPM for
the mirrorlist, backend and crawler sub-package and also change the cron
It would also be possible to create the user in ansible. What would
make more sense? Ansible sound easier but for me it would make more
sense in the RPM.
I'm ali elkhalidi, dotEast2015 on irc, a SysAdmin from Saudi Arabia and I
am interested in assisting the Fedora Project. I've worked as a Linux
systems engineer and administrator for a long time, small-Med, enterprise
and public environments. I'm interested in helping out with administration
to keep my skills sharp and build experience working in large and diverse
projects such as Fedora.
The next pkgdb2 release (1.24) will be a pretty big releases, to give you an
idea this is its current changelog:
- Allow package admins to retire a package
- Anitya integration on the package's detail page
- Fix orphaning package having a group as PoC
- Add the possibility to request action from the pkgdb admins and releng.
These actions include:
- Request a new package to be added to pkgdb (after completed its review on
- Request a new branch for an existing package
- When requesting a new branch, current package admins have 1 week to agree
or disagree with the request
- If they disagree the request is blocked (they have to specify a reason)
- After a week, or earlier if they agree, the request is passed onto the
pkgdb admins and releng for processing.
These new actions can be processed via pkgdb-admin which is shipped as part of
packagedb-cli (ie next to pkgdb-cli).
Since these changes might be pretty big and impact multiple person, I would like
to hear when people think it would be best to make the release.
Note: I will not do it today, but basically I could from tomorrow :)
Note2: As it will likely take a little time for people to get adjusted to the
new workflow (that needs to be documented & so on), there will likely be a time
for pkgdb admins and releng when they will have to check both bugzilla and
Note3: As I would not be surprised that we run into some bugs and since freeze
is not that far either, the earlier the better :)
PS: Also sent to the rel-eng list but please let's keep this on the infra list