March status update for Fedora Infrastructure Apprentices
by Kevin Fenzi
Greetings.
You are getting this email because you are in the 'fi-apprentice' group
in the fedora account system (or are reading this on the
infrastructure list).
Feel free to reply just directly to me, or cc the infrastructure list
for everyone to see and comment on.
https://fedoraproject.org/wiki/Infrastructure_Apprentice
At the first of every month(or so), I am going to be sending out an
email like this one. I would like feedback on how things are going for
you.
I'd like to ask for everyone to send me a quick reply with the
following data or anything related you can think of that might help us
make the apprentice program more useful.
0. Whats your fedora account system login?
1. Have you logged in and used your fi-apprentice membership to look at
our machines/setup in the last month? Do you plan to?
2. Has it helped you decide any area you wish to focus on or contribute
to more?
3. Have you looked at or been able to work on any of the fi-apprentice
'easyfix' tickets?
https://fedorahosted.org/fedora-infrastructure/report/14
4. Do you still wish to be a member of the group? If not (for whatever
reason) could you provide any hints to help others down the road?
5. Is there any help or communication or ideas you have that would help
you do any of the above?
6. What do you find to be the hardest part of getting involved?
Finding things to work on? Getting attention from others to help you?
Finding tickets in your interest area?
7. Have you been able to make any weekly irc meetings? Do you find them
helpful or interesting?
8. Whats your favorite type of pet?
Any other general feedback is also quite welcome, including
improvements to this email, the wiki page, etc.
Any folks I do not hear from in the next week will be removed from the
group. (Note that it's easy to be readded when you have time or
whatever and it's nothing at all personal, we just want to keep the
group up to date with active folks).
Thanks, and looking forward to your feedback!
kevin
9 years, 1 month
Webserver on mm-crawler01 and reverseproxy
by Adrian Reber
To access the crawler logs from the MM2 web-interface (small code
changes still required) I need a web-server on mm-crawler01 which
exports /var/log/mirrormanager/crawler so that I can access the files
via
https://admin.stg.fedoraproject.org/mirrormanager2/crawler/218.log
for example. I am not really sure what changes are necessary to get the
reverse proxies to forward that request to the right backend
(mm-crawler01) and some help setting this up would be appreciated.
Thanks.
Adrian
9 years, 1 month
Plan for tomorrow's Fedora Infrastructure meeting (2015-03-19)
by Kevin Fenzi
The infrastructure team will be having it's weekly meeting tomorrow,
2015-03-19 at 18:00 UTC in #fedora-meeting on the freenode network.
This week we are continuing to try something new.
We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
fedora-infrastructure-meeting-next is the document.
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of this
morning is included in this email.
kevin
--
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and info and
discussion items and so forth, then use it in the irc meeting to transfer
information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2015-03-19)
#meetingname infrastructure
#topic aloha
#chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk
#topic New folks introductions / Apprentice feedback
= Status / information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info datanommer performance enhancements complete in production, resulting in significant speed gains. - ralph
#info new zodbot feature deployed: karma+fedmsg plugin - ralph
#info new zodbot feature deployed: more granular meetbot fedmsg messages - ralph
#info converted another mirrorlist server to mirrormanager2 - kevin
= Things we should discuss =
(Use #topic your discussion topic - your username)
#topic Update Fedora Infrastructure Apprentice wiki with Ansible ticket workflow - mhurron
Specifically there is a http://infrastructure.fedoraproject.org/infra/docs/puppet.txt but not a complimentary ansible.txt
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for improvement,
etc. Whoever would like to do this, just add the info in this section)
#topic Learn about sigul (our rpm signing server) - kevin
= Meeting end stuff =
#topic Open Floor
#endmeeting
9 years, 1 month
Announcement: Replacing old rbac-playbook with ansible_utils
by Tim Flink
While the rbac-playbook script helps people run playbooks, it's missing
some significant features that make ansible much easier to use. We're
replacing the old rbac-playbook script with a new piece of code that
does the same role-based access control but has some new features.
The usage of rbac-playbook will be pretty much the same as it has been
with some new options which should make make life easier. The old
script will be replaced with ansible_utils later today.
Tags:
the '-t <tagname>' option will run only the parts of a playbook which
are tagged with that <tagname> which allows single sections of a
playbook to be run instead of running through everything, every time
Limit Targets:
the '-l <inventory name>' option will run a playbook but exclude all
targets that don't match <inventory name>. This is very useful when
you want to run a playbook without targeting all the hosts it was
designed for
Start At Task:
the '--start-at-task <task name>' option runs the entire playbook but
skips all tasks before <task name> which is useful when re-running a
longer playbook to correct a failure.
The new script is part of the ansible_utils package which can be found
at https://bitbucket.org/tflink/ansible_utils
If you find any issues, please let me know or file an issue in the
bitbucket project.
Tim
9 years, 1 month
BFO sync
by poma
Fedora 19 through 22 - in line with the current state.
---
bfo/pxelinux.cfg/fedora_eol.conf | 16 +++++++++++++++
bfo/pxelinux.cfg/fedora_install.conf | 18 -----------------
bfo/pxelinux.cfg/fedora_prerelease.conf | 18 +++++++++++++++++
bfo/pxelinux.cfg/fedora_rescue.conf | 36 ++++++++++++++++-----------------
4 files changed, 52 insertions(+), 36 deletions(-)
diff --git a/bfo/pxelinux.cfg/fedora_eol.conf b/bfo/pxelinux.cfg/fedora_eol.conf
index a987646..b249ad8 100644
--- a/bfo/pxelinux.cfg/fedora_eol.conf
+++ b/bfo/pxelinux.cfg/fedora_eol.conf
@@ -6,6 +6,22 @@ TEXT HELP
Install end of life and no longer supported versions of Fedora
ENDTEXT
+label Fedora-19-i386
+ MENU LABEL Fedora-19-i386
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
+ TEXT HELP
+ Selecting this will boot the Fedora 19 i386 installer.
+ ENDTEXT
+
+label Fedora-19-x86_64
+ MENU LABEL Fedora-19-x86_64
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
+ TEXT HELP
+ Selecting this will boot the Fedora 19 x86_64 installer.
+ ENDTEXT
+
label Fedora-18-i386
MENU LABEL Fedora-18-i386
kernel http://download.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/i38...
diff --git a/bfo/pxelinux.cfg/fedora_install.conf b/bfo/pxelinux.cfg/fedora_install.conf
index 1adecd3..ce928c0 100644
--- a/bfo/pxelinux.cfg/fedora_install.conf
+++ b/bfo/pxelinux.cfg/fedora_install.conf
@@ -42,24 +42,6 @@ label Fedora-20-i386
Selecting this will boot the Fedora 20 i386 installer.
ENDTEXT
-label Fedora-19-x86_64
- MENU LABEL Fedora-19-x86_64
- kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
- initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
- APPEND repo=http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedor...
- TEXT HELP
- Selecting this will boot the Fedora 19 x86_64 installer.
- ENDTEXT
-
-label Fedora-19-i386
- MENU LABEL Fedora-19-i386
- kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
- initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
- APPEND repo=http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedor...
- TEXT HELP
- Selecting this will boot the Fedora 19 i386 installer.
- ENDTEXT
-
label uplvl
MENU LABEL Back
MENU EXIT
diff --git a/bfo/pxelinux.cfg/fedora_prerelease.conf b/bfo/pxelinux.cfg/fedora_prerelease.conf
index f3da4aa..a5e2a78 100644
--- a/bfo/pxelinux.cfg/fedora_prerelease.conf
+++ b/bfo/pxelinux.cfg/fedora_prerelease.conf
@@ -6,6 +6,24 @@ TEXT HELP
Install Pre-release versions of Fedora (Alpha, Beta). (when available)
ENDTEXT
+label Fedora-22-Alpha-x86_64
+ MENU LABEL Fedora-22-Alpha-x86_64
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-Alpha...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-Alpha...
+ APPEND repo=http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-...
+ TEXT HELP
+ Selecting this will boot the Fedora 22 x86_64 Server installer.
+ ENDTEXT
+
+label Fedora-22-Alpha-i386
+ MENU LABEL Fedora-22-Alpha-i386
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-Alpha...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-Alpha...
+ APPEND repo=http://download.fedoraproject.org/pub/fedora/linux/releases/test/22-...
+ TEXT HELP
+ Selecting this will boot the Fedora 22 i386 Server installer.
+ ENDTEXT
+
label uplvl
IPAPPEND 3
MENU LABEL Back
diff --git a/bfo/pxelinux.cfg/fedora_rescue.conf b/bfo/pxelinux.cfg/fedora_rescue.conf
index d68549a..08ccb4d 100644
--- a/bfo/pxelinux.cfg/fedora_rescue.conf
+++ b/bfo/pxelinux.cfg/fedora_rescue.conf
@@ -7,6 +7,24 @@ TEXT HELP
Rescue currently supported versions of Fedora
ENDTEXT
+label Fedora-21-i386-rescue
+ MENU LABEL Fedora-21-i386-rescue
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/21/Fedora/i38...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/21/Fedora/i38...
+ APPEND rescue
+ TEXT HELP
+ Selecting this will boot the Fedora 21 i386 installer in rescue mode
+ ENDTEXT
+
+label Fedora-21-x86_64-rescue
+ MENU LABEL Fedora-21-x86_64-rescue
+ kernel http://download.fedoraproject.org/pub/fedora/linux/releases/21/Fedora/x86...
+ initrd http://download.fedoraproject.org/pub/fedora/linux/releases/21/Fedora/x86...
+ APPEND rescue
+ TEXT HELP
+ Selecting this will boot the Fedora 21 x86_64 installer in rescue mode.
+ ENDTEXT
+
label Fedora-20-i386-rescue
MENU LABEL Fedora-20-i386-rescue
kernel http://download.fedoraproject.org/pub/fedora/linux/releases/20/Fedora/i38...
@@ -25,24 +43,6 @@ label Fedora-20-x86_64-rescue
Selecting this will boot the Fedora 20 x86_64 installer in rescue mode.
ENDTEXT
-label Fedora-19-i386-rescue
- MENU LABEL Fedora-19-i386-rescue
- kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
- initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/i38...
- APPEND rescue
- TEXT HELP
- Selecting this will boot the Fedora 19 i386 installer in rescue mode
- ENDTEXT
-
-label Fedora-19-x86_64-rescue
- MENU LABEL Fedora-19-x86_64-rescue
- kernel http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
- initrd http://download.fedoraproject.org/pub/fedora/linux/releases/19/Fedora/x86...
- APPEND rescue
- TEXT HELP
- Selecting this will boot the Fedora 19 x86_64 installer in rescue mode.
- ENDTEXT
-
label uplvl
MENU LABEL Back
MENU EXIT
--
2.1.0
9 years, 1 month
Syncing fedora packages with security patches to mirrors
by Huzaifa Sidhpurwala
Hi All,
I work for the Red Hat Product security team, and have been a fedora
contributor for several years. I was involved with Linux security issues
like heartbleed, shellshock etc.
For some time, I have noticed that due to the way fedora mirrors work,
it takes a lot of time for the packages with security fixes (specially
ones which have critical impact like openssl) to sync to mirrors. We
have been announcing links to koji builds for our users in the meantime,
which is really not scalable for large installs etc.
Also many times, while talking in conferences and otherwise to fedora
users, it seems the main concern is the time it takes these security
fixes to hit our mirrors.
I have tried talking to several people about a possible solution,
including CentOS guys and it seems there needs to be a solution to this
problem.
One possible solution which i can think of, is to have a security repo,
which is not mirrored but centrally location, of-course there are
several problems with this approach and needs more discussion.
Let me know if this is the wrong list, or i need to mail someone else to
get the ball rolling.
Thanks for your time.
--
Huzaifa Sidhpurwala / Red Hat Product Security Team
9 years, 1 month
MirrorManager user on backend and crawler
by Adrian Reber
Right now the MM2 backend and MM2 crawler cronjobs in staging are all
running as root. This seems unnecessary and I would like to change it to
the user mirrormanager (like it is on the mirrorlist server).
The mirrorlist has in the systemd service the user and group
mirrormanager mentioned. I would like to create this user in the RPM for
the mirrorlist, backend and crawler sub-package and also change the cron
definitions.
It would also be possible to create the user in ansible. What would
make more sense? Ansible sound easier but for me it would make more
sense in the RPM.
Adrian
9 years, 1 month
Meeting Agenda Item: Introduction ali elkhalidi
by Ali Khalidi
I'm ali elkhalidi, dotEast2015 on irc, a SysAdmin from Saudi Arabia and I
am interested in assisting the Fedora Project. I've worked as a Linux
systems engineer and administrator for a long time, small-Med, enterprise
and public environments. I'm interested in helping out with administration
to keep my skills sharp and build experience working in large and diverse
projects such as Fedora.
cheers,
Ali
9 years, 1 month
Pkgdb2 1.24
by Pierre-Yves Chibon
Hi everyone,
The next pkgdb2 release (1.24) will be a pretty big releases, to give you an
idea this is its current changelog:
- Allow package admins to retire a package
- Anitya integration on the package's detail page
- Fix orphaning package having a group as PoC
- Add the possibility to request action from the pkgdb admins and releng.
These actions include:
- Request a new package to be added to pkgdb (after completed its review on
bugzilla)
- Request a new branch for an existing package
- When requesting a new branch, current package admins have 1 week to agree
or disagree with the request
- If they disagree the request is blocked (they have to specify a reason)
- After a week, or earlier if they agree, the request is passed onto the
pkgdb admins and releng for processing.
These new actions can be processed via pkgdb-admin which is shipped as part of
packagedb-cli (ie next to pkgdb-cli).
Since these changes might be pretty big and impact multiple person, I would like
to hear when people think it would be best to make the release.
Note: I will not do it today, but basically I could from tomorrow :)
Note2: As it will likely take a little time for people to get adjusted to the
new workflow (that needs to be documented & so on), there will likely be a time
for pkgdb admins and releng when they will have to check both bugzilla and
pkgdb.
Note3: As I would not be surprised that we run into some bugs and since freeze
is not that far either, the earlier the better :)
Thanks,
Pierre
PS: Also sent to the rel-eng list but please let's keep this on the infra list
9 years, 1 month
Make MM2 (umdl) use the real data
by Adrian Reber
I would like to change the MM2 configuration file to access the real
content instead of the testdata:
commit 06cec996d9ef9a94c428b8f10bd3d2bdc327f279
Author: Adrian Reber <adrian(a)lisas.de>
Date: Wed Mar 18 15:20:44 2015 +0000
Make umdl use the real content
To prepare MM2 for production let's switch to the real data
instead of the testdata. Additionally specify a timeout
of 4 hours on rsync crawls.
diff --git a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
index a792d31..b81f584 100644
--- a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
+++ b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
@@ -86,7 +86,9 @@ APPLICATION_URL = None
# in front of the application).
CHECK_SESSION_IP = True
-
+# Specify additional rsync parameters for the crawler
+# # --timeout 14400: abort rsync crawl after 4 hours
+CRAWLER_RSYNC_PARAMETERS = '--no-motd --timeout 14400'
###
# Configuration options used by the crons
@@ -99,27 +101,27 @@ CRAWLER_SEND_EMAIL = False
umdl_master_directories = [
{
'type': 'directory',
- 'path': '../testdata/pub/epel/',
+ 'path': '/srv/pub/epel/',
'category': 'Fedora EPEL'
},
{
'type': 'directory',
- 'path': '../testdata/pub/fedora/linux/',
+ 'path': '/srv/pub/fedora/linux/',
'category': 'Fedora Linux'
},
{
'type': 'directory',
- 'path': '../testdata/pub/fedora-secondary/',
+ 'path': '/srv/pub/fedora-secondary/',
'category': 'Fedora Secondary Arches'
},
{
'type': 'directory',
- 'path': '../testdata/pub/archive/',
+ 'path': '/srv/pub/archive/',
'category': 'Fedora Archive'
},
{
'type': 'directory',
- 'path': '../testdata/pub/alt/',
+ 'path': '/srv/pub/alt/',
'category': 'Fedora Other'
},
# {
9 years, 1 month
