About JS framework
by Pierre-Yves Chibon
Good Morning Everyone,
Our infrastructure is mostly a python store, meaning almost all our apps are
written in python and most using wsgi.
However in python we are using a number of framework:
* flask for most
* pyramid for some of the biggest (bodhi, FAS3)
* Django (askbot, Hyperkitty)
* TurboGears2 (fedora-packages)
* aiohttp (python3, async app: mdapi)
While this makes sometime things difficult, these are fairly standard framework
and most of our developers are able to help on all.
However, as I see us starting to look at JS for some of our apps (fedora-hubs,
wartaa...), I wonder if we could start the discussion early about the different
framework and eventually see if we can unify around one.
This would also allow those of us not familiar with any JS framework to look at
the recommended one instead of picking one up semi-randomly.
So has anyone experience with one or more JS framework? Do you have one that
would you recommend? Why?
Thanks for your inputs,
Pierre
16 hours, 34 minutes
otp resets
by Kevin Fenzi
Greetings.
FAS2 (The old account system) supported 2fa tokens, but they were not in
the main interface, you had to go and find a infra sop and go to the
right place or run the right command line tool. This was fine as the
only thing we were using them for was sudo (so only sysadmins were
affected). In order to reset a token in this setup, we required a gpg
encrypted email or other proof of you being who you say you are before
resetting. Since this was admins, it was just a few per month (if that).
In the new account system, they are integrated right into the interface,
so tons of people are playing around with them. A number of folks are
not able to properly save their token, or run into problems adding it
and need to have that token removed so they can try again. Many of these
are new users that don't have a gpg key set in their account. We have
been getting a lot of these of late. ;(
So, the questions are:
1. How can we cut down on the people who are not able to enroll/run into
problems with their token requesting removal?
Random thoughts:
* Could we require someone enter their password + token before accepting
the token? ie, they try and enroll, ipa adds it, they have to verify, if
they can't, it's removed?
* Could we add 'recovery codes' so if someone enrolls and it's
wrong/broken, they could use a code to login and add a new token and
remove the old broken one?
* Could we perhaps make a 'dev' noggin that people could test with and
wipe all accounts from every day or something? Then ask people to test
there if they are unsure how to add otp
* Could we 'hide' the otp setup until you have X groups or something?
2. How can we verify identity on people who request the removal of their
last otp? Do we just tell them to make a new account?
Random ideas:
* If they are not in any groups, how about we just reset based on email?
* Or perhaps if they are not in any sysadmin* groups?
* If they are Red Hat employees we can use the internal verify thing
* We could use gpg signed email if there is a gpg key assigned to the
account.
* Could we use ssh key to verify them?
Any thoughts welcome.
kevin
1 day, 9 hours
Meeting Agenda Item: Introduction Antonio Yusta Esplá
by Antonio Yusta Esplá
Hello everyone,
my name is Antonio Yusta Esplá. I live in Spain and work as IT Consultant. I have been using Linux for the last decade (Fedora in particular around 80% of the time).
For the last year I have been thinking about joining an open source project and around 2 weeks ago I found about the Fedora infrastructure group.
I have experience with Linux system administration, bash scripting, programming with Python (though I know a little bit about C++), AWS, Terraform, Openshift and Ansible.
I would really like to support in anything involving any of these technologies. From the list of opened issues I could maybe start with [#9693](https://pagure.io/fedora-infrastructure/issue/9693) (it has the "easyfix" label, so if I am not wrong is available to people new to the project). I am nevertheless also interested in stuff like [#9681](https://pagure.io/fedora-infrastructure/issue/9681), though maybe it is still a little bit early for me.
I kindly ask you for your support to be onboarded and to be granted access to the Fedora Infrastructure Apprentice group.
Best regards,
Antonio Yusta
2 days, 10 hours
Where to report accounts.fedoraproject.org issues
by Miroslav Suchý
I used the new accounts.fedoraproject.org for the first time today (btw it is neat).
But I immediately spot first issue. I struggle to find where to report it. It is more application issue and not
operational, so I hesitate to report it as fedora-infra issue.
Where I can report it? Can someone add a link to footer where to report an issue?
BTW the issue for me is that when I want to sponsor someone to packager group. I go to:
https://accounts.fedoraproject.org/group/packager/
And first there is 161 Sponsors; scrolling down; it is inconvenient to find where members start :9 But the badge beside
the members shows just 100 members. I am pretty sure that we have more packagers :)
--
Miroslav Suchy, RHCA
Red Hat, Associate Manager, Community Packaging Tools, #brno, #fedora-buildsys
5 days, 18 hours
Redirecting and testing the new fedocal in openshift
by Pierre-Yves Chibon
This is both a call for more testing as well as the first FBR of this
new freeze.
I have deployed fedocal in openshift, using OIDC and fedora-messaging,
running on python 3 at: https://calendar.fedoraproject.org
I have done some testing and for what I looked at and for everything
seems to work (including the sending of the reminder email).
If you have a little time, please have a look at it.
Do note that this instances uses the prod database so be reasonable, if
you want to do more testing feel free to poke at the staging instance
at: https://calendar.stg.fedoraproject.org.
Unless I hear otherwise, I would like to redirect the current (VM-based)
fedocal over to its new location (openshift) using the attached patch.
+1?
Thanks,
Pierre
1 week
Fedora 34 Final freeze now in effect!
by Kevin Fenzi
Greetings.
we are now in the infrastructure freeze leading up to the Fedora 34
Final release. This is a final release freeze.
We do this to ensure that our infrastructure is stable and ready to
release Fedora 34 when it's available.
You can see a list of hosts that do not freeze by checking out the
ansible repo and running the freezelist script:
git clone
https://infrastructure.fedoraproject.org/infra/ansible.git
ansible/scripts/freezelist -i inventory
Any hosts listed as freezes is frozen until 2021-04-20 (or later if
release slips). Frozen hosts should have no changes made to them without
a sign-off on the change from at least 2 sysadmin-main or rel-eng
members, along with (in most cases) a patch of the exact change to be
made to this list.
Thanks,
kevin
1 week, 1 day
Congrats to Nick Bebout
by Kevin Fenzi
Greetings.
I'm happy to announce that Nick Bebout(fas: nb, irc: nb)
has been added to our sysadmin-main group.
This is the core group of trusted folks that high level access to most
everything in fedora infrastructure.
Nick has been doing infrastructure tasks for various groups for many
years in sysadmin-noc, sysadmin-web, and too many other groups to list.
He's proved his dedication, trustworthiness, and ability.
Congrats!
Use your powers for good! :)
kevin
1 week, 1 day
Can we please update fedora-repo-zdicts on the metadata generation
servers for F34 zchunk dictionaries?
by Jonathan Dieter
Right now, we're not using zdicts for the F34 zchunk metadata because
they were only added in fedora-repo-zdicts-2103.1-2 (which should now
be in the updates repo in all current Fedora releases).
If we could update fedora-repo-zdicts to 2103.1-2 on whichever servers
generate the metadata (preferably before the 34 GA metadata is
generated), that should significantly reduce the size of the metadata.
Thanks,
Jonathan
1 week, 2 days