#cockpit log

13:04:27 <mvollmer> #startmeeting
13:04:27 <zodbot> Meeting started Mon Jul 13 13:04:27 2015 UTC.  The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:04:27 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
13:04:32 <mvollmer> .hello mvo
13:04:32 <andreasn> .hello andreasn
13:04:39 <stefw> .hello stefw
13:04:43 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com>
13:04:46 <zodbot> andreasn: andreasn 'Andreas Nilsson' <anilsson@redhat.com>
13:04:49 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com>
13:05:10 <dperpeet> .hello dperpeet
13:05:11 <zodbot> dperpeet: dperpeet 'Dominik Perpeet' <dperpeet@redhat.com>
13:05:14 <mvollmer> #topic Agenda
13:05:26 <stefw> * Big ... storaged ... merge
13:05:39 <andreasn> wowowow
13:06:35 <andreasn> * ssh key auth
13:07:36 <mvollmer> * journal update?
13:07:56 <dperpeet> mvollmer, not much new from last week
13:07:56 <mvollmer> ok, let's go.
13:08:06 <mvollmer> #topic  Big ... storaged ... merge
13:08:18 <mvollmer> just found/fixed one more mdraid bug
13:08:23 <stefw> so i think there's nothing blocking this now ...
13:08:25 <mvollmer> https://github.com/storaged-project/storaged/pull/14
13:08:58 <andreasn> do you want help with more testing, or we're pretty much good to go?
13:09:03 <mvollmer> that fix is not a blocker for the merge
13:09:25 <mvollmer> personally, I am a it unsure of the level of quality
13:09:46 <stefw> so code review ... will fix that?
13:09:51 <mvollmer> yeah
13:09:56 <mvollmer> and manual testing
13:09:57 <stefw> what are the pull requests?
13:10:07 <mvollmer> only one
13:10:15 <mvollmer> https://github.com/cockpit-project/cockpit/pull/2308
13:10:30 <andreasn> #info https://github.com/cockpit-project/cockpit/pull/2308
13:11:03 <mvollmer> we can remove one HACK
13:11:10 <mvollmer> I make a note
13:12:43 <mvollmer> phatina, what do you think about https://github.com/storaged-project/storaged/pull/14 ?
13:13:05 <petervo> so once we merge, we are stop pushing updates into f22 right?
13:13:13 <stefw> i think so
13:13:25 <mvollmer> yes, but w should set up a copr
13:13:30 <stefw> we have a copr
13:13:34 <mvollmer> true
13:13:34 <stefw> and we always build there
13:14:06 <mvollmer> then we need to tell people that they also need phatina/storaged
13:14:17 <phatina> mvollmer: I'm OK with #14
13:14:35 <mvollmer> phatina, cool.
13:15:25 * stefw will do some review
13:15:31 <stefw> petervo, dperpeet, can you also review?
13:15:35 <stefw> worth doubling up on this one
13:15:36 <petervo> sure
13:15:40 <dperpeet> yeah
13:15:46 <dperpeet> petervo, want to go first?
13:15:50 <mvollmer> thanks!
13:15:55 <stefw> i'll leave the review to one of you guys
13:16:02 <stefw> since i'll be doing some other prep before vacation, if that's okay
13:16:12 <dperpeet> sure
13:16:19 <mvollmer> #action dperpeet petervo andreasn, review https://github.com/cockpit-project/cockpit/pull/2308
13:17:29 <andreasn> sounds good
13:17:30 <petervo> sure
13:17:30 <dperpeet> petervo, just assign to yourself once you start
13:17:30 <dperpeet> if I start before then, I'll assign to myself
13:18:02 <petervo> next topic?
13:18:05 <mvollmer> yep
13:18:14 <mvollmer> #topic ssh key auth
13:18:57 <petervo> first part made it in, i'm still working on tests for the pam module
13:19:35 <stefw> gladiac, if you have cmock PAM support ^^
13:19:41 <mvollmer> petervo, can you give a short overview of what this does?
13:19:46 <petervo> sure
13:20:18 <gladiac> ?
13:20:53 <gladiac> we plan to implement a pam_wrapper to test PAM modules
13:20:55 <gladiac> if you mean that
13:21:05 <gladiac> but this is https://cwrap.org
13:21:23 <stefw> gladiac, ok
13:21:51 <gladiac> I've started to implement it bug haven't had the time to work on it again
13:22:02 <petervo> so the plan is that we will add a pam module so that when you log into cockpit that pam module will start a ssh-agent
13:22:32 <petervo> and look at that standard locations and load any private keys that either have no password
13:23:01 <petervo> or use the same password you used to login with
13:23:20 <petervo> then when you try to connect to another machine in the same cockpit-ws session
13:23:36 <petervo> we use an internal channel to proxy that agent
13:24:01 <petervo> to the new ssh session, so it can offer the keys it has loaded
13:24:34 <petervo> as part of the ui, we want to add a way to manage the authorized keys for each account
13:24:39 <andreasn> I did some more work on the mockups https://raw.githubusercontent.com/cockpit-project/cockpit-design/master/users/administrator-accounts-keys.png
13:24:57 <andreasn> and version 2 https://raw.githubusercontent.com/cockpit-project/cockpit-design/master/users/administrator-accounts-keys-2.png
13:25:01 <petervo> as well as load / unload keys from the agent for the logged in account
13:25:18 <petervo> i think that pretty much covers it
13:25:26 <mvollmer> ok, thanks!
13:25:49 <mvollmer> what about key creation and automatic ssh-copy-id when adding a machine to the dashboard?
13:26:11 <stefw> later
13:26:17 <mvollmer> ok, fair enough
13:26:18 <stefw> right now we're just focusing on making teh core functionality work
13:26:26 <stefw> and the cloud use cases
13:26:33 <stefw> where people are pasting keys into other places etc.
13:27:23 <mvollmer> sounds nice
13:27:53 <mvollmer> can cockpit-ws be the ssh-agent?  is ssh-agent a lot of complicated code?
13:28:19 <mvollmer> no, it's unprivileged
13:28:32 <mvollmer> sorry, just thinking loud.
13:28:45 <stefw> yes it's complicated
13:28:48 <stefw> lots of crypto
13:29:08 <mvollmer> and cockpit-ws can't read $HOME
13:29:10 <mvollmer> right?
13:29:29 <stefw> right
13:29:37 <dperpeet> I think it's better to keep those permissions separate
13:30:41 <mvollmer> ok, so to try this out, I need to set up the keys 'manually', and then I don't need to keep the passwords in sync.
13:32:02 <petervo> yes to setting up manually, the passwords do need to be the same
13:32:29 <petervo> until we add ui for unlocking loading others
13:33:09 <petervo> and you'll need #2469 as well
13:33:22 <mvollmer> ok, thanks.
13:33:29 <petervo> otherwise you won't have a running agent
13:35:05 <petervo> i did have a question related to this, when we test "clean" we don't install the selinux package
13:35:47 <andreasn> I had some issues with a missing package
13:35:51 <andreasn> or a new enough version
13:36:08 <andreasn> but we figured it out after a while
13:36:16 <petervo> ah yes, this requires libssh 0.7.1
13:37:15 <petervo> does that mean that basically any time we change anything in our selinux rules, we have stop pushing updats to that os?
13:37:43 <mvollmer> petervo, yes, until we get the selinux changes as well.
13:37:56 <mvollmer> "get the selinux changes _in_ as well"
13:38:11 <mvollmer> stefw, that's correct, right?
13:38:28 <stefw> well unless we disable the test there temporarily
13:38:34 <petervo> and that's done by opening a ticket on bugzilla?
13:38:35 <stefw> have we filed a bug with the selinux change yet?
13:38:38 <stefw> yes
13:38:58 <petervo> not yet, figured once tests were done i'd do that
13:39:36 <petervo> also i think that part probably needs review to make sure what i'm doing is sane
13:40:46 <stefw> that'll happen in the bug
13:40:48 <stefw> the selinux bug
13:41:10 <petervo> i meant this part
13:41:41 <petervo> https://github.com/cockpit-project/cockpit/pull/2469/files#diff-26a90ad5ed850422fe8837ea8823c205R341
13:42:03 <petervo> loading the context into the exec context
13:44:04 <stefw> yeah, i don't understand why that's necessary
13:44:16 <stefw> but the selinux guys should be able to help
13:44:24 <petervo> without that, i get the undefined_t context only
13:44:37 <petervo> ok i'll open a ticket
13:47:35 <dperpeet> mvollmer, next topic?
13:47:38 <mvollmer> yep
13:47:59 * mvollmer had lost the keyboard somhow
13:48:11 <mvollmer> couldn't type into irc anymore, weird.
13:48:13 <mvollmer> anyway
13:48:24 <mvollmer> #topic journal update
13:48:37 <dperpeet> not much new to add
13:48:48 <dperpeet> I moved everything back into the systemd package
13:48:59 <dperpeet> after we cleared that up last time
13:49:05 <dperpeet> and fixed the issues andreasn found
13:49:06 <mvollmer> do you need more help?
13:49:30 <dperpeet> no, I just need some more time, since last week was very limited
13:49:39 <mvollmer> ok
13:49:49 <dperpeet> I'm reasonably sure we can merge just the new layout this week
13:50:00 <dperpeet> and then change the features in a follow-up
13:50:15 <andreasn> what's the pull request issue?
13:50:26 <dperpeet> https://github.com/cockpit-project/cockpit/pull/2467
13:50:39 <dperpeet> I haven't pushed the changes yet (for some reason)
13:51:06 <andreasn> #info https://github.com/cockpit-project/cockpit/pull/2467
13:51:17 <dperpeet> there is one design issue
13:51:53 <dperpeet> andreasn and I talked about it: if there are log messages from multiple machines, we decided that the affected hostname would get its own fixed-width column
13:52:28 <dperpeet> andreasn, have you decided where that should go?
13:53:04 <dperpeet> you could write that down in the wiki, maybe https://github.com/cockpit-project/cockpit/wiki/Feature:-Journal-v2
13:53:29 <dperpeet> and then I can put it into the mustache template, ready to be used when necessary
13:53:36 <andreasn> dperpeet: I feel that's the best solution. If it had it's own dropdown for selecting and deselecting machines. You could have 5 machines, but you would deselect 3 to get the correlation between the two remaining
13:54:00 <andreasn> and it's then also clear where the log message is from
13:54:05 <andreasn> sure, I'll add it
13:54:17 <dperpeet> thanks!
13:54:34 <dperpeet> as a side note, andreasn and I couldn't detect any significant performance impacts
13:54:39 <dperpeet> from using the templates
13:54:50 <dperpeet> instead of "optimized string concatenation"
13:55:26 <dperpeet> that's it from me on that topic
13:56:32 <stefw> sounsd good
13:56:34 <mvollmer> ok
13:56:50 <mvollmer> any other business?
13:57:51 <andreasn> not from me
13:58:27 <mvollmer> #endmeeting