15:09:03 <mitr> #startmeeting Server Working Group Weekly Meeting (2014-07-15) 15:09:03 <zodbot> Meeting started Tue Jul 15 15:09:03 2014 UTC. The chair is mitr. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:09:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:09:14 <mitr> #chair sgallagh mizmo nirik davidstrauss stefw adamw simo tuanta mitr 15:09:14 <zodbot> Current chairs: adamw davidstrauss mitr mizmo nirik sgallagh simo stefw tuanta 15:09:22 <nirik> .hellomynameis kevin 15:09:23 <mitr> #topic Release Media Status and Tasks 15:09:23 <zodbot> nirik: kevin 'Kevin Fenzi' <kevin@scrye.com> 15:09:27 <mitr> #info fedora-release-server: done 15:09:30 <adamw> .hellomynameis adamwill 15:09:31 <zodbot> adamw: adamwill 'Adam Williamson' <adamw+fedora@happyassassin.net> 15:09:33 <mitr> #info Comps updated to include Server packages, selectable roles: Patch sent to rel-eng 15:09:38 <mitr> #info Finish kickstart (install fedora-release-server by default): Depends on comps 15:09:43 <mitr> #info rolekit: close to first upstream+RPM release, client and roles work still outstanding 15:09:49 <mitr> #info role implementations: only bare skeletons exist, help needed 15:10:06 <danofsatx-work> .hellomynameis dmossor 15:10:07 <zodbot> danofsatx-work: dmossor 'Dan Mossor' <danofsatx@gmail.com> 15:10:49 <adamw> how was the comps "Patch sent to rel-eng" precisely? 15:10:51 <adamw> i usually send comps@ changes to devel@ for review, i'm not sure it's exactly considered to be 'owned' by releng... 15:11:01 <nirik> yeah, please send to devel list. ;) 15:11:02 <tuanta_> .hellomynameis tuanta 15:11:03 <zodbot> tuanta_: tuanta 'Truong Anh Tuan' <tuanta@iwayvietnam.com> 15:11:12 <mitr> adamw, nirik: My mistake, will resend. 15:11:13 <nirik> patches are so rare there, we should treasure them. ;) 15:11:24 <mitr> #action mitr to resend comps changes to devel@ 15:11:39 <mitr> #action mitr to finish kickstart after comps changes land 15:11:54 <mitr> nirik: Is anything else needed for getting the initial release media done? 15:12:12 <nirik> not that I can think of off hand. 15:12:28 <adamw> anaconda will use the groups from the modified comps without a patched anaconda being needed, presumably? 15:12:31 <nirik> where are the role implementations? 15:13:03 <twoerner> nirik: in rolekit/config/roles from ssh://git.fedorahosted.org/git/rolekit.git 15:13:23 <mitr> adamw: My tentative patches create a "Fedora Server" environment, place it first (i.e. to be selected by default by anaconda), and include fedora-release-server in that environment. 15:13:27 <twoerner> nirik: there are only skeletons right now 15:14:42 <adamw> mitr: i was expecting the env groups would be per-role, and fedora-release-server would just be pulled in via a group that can't be un-selected, i.e stick it in @core 15:15:03 <twoerner> nirik: the docs in the skeletons need some changes according to the changes I am working on atm 15:15:10 <adamw> assuming the approach we want is 'if you install from Fedora Server media, you're installing Fedora Server'... 15:15:21 <mitr> adamw: That would require a different @core for different products, right now there is only one for all of f21. 15:15:41 <nirik> ok, cool. 15:15:54 <adamw> but the whole of comps is forked between products, isn't it? in what sense can there be 'one for all of f21'? 15:16:16 <mitr> No, it's not forked in https://git.fedorahosted.org/cgit/comps.git/tree/ at the moment. 15:16:33 <nirik> forked comps? no. 15:17:11 <adamw> nirik: oh, i thought dgilmore said that was a thing. per-product comps. 15:17:29 <mitr> It's a reasonable idea, but it would also be rather a hassle with the current mechanism (would need includes/overrides to avoid editing everything in 2 releases * 3 products = 6 places) 15:17:31 <nirik> huh, not that I know of. 15:17:39 <adamw> wasn't it part of the argument against having a generic boot.iso ? 15:19:21 <nirik> well, the main argument is that it would need another tree I think 15:19:39 * nirik 's main confusion around boot isos is what the show when with what repos enabled. 15:19:55 <adamw> oh, i found the conversation. 15:20:22 <adamw> http://fpaste.org/118132/05437588/ 15:20:43 <adamw> so...comps will be different between each product tree because of how the product trees are created, rather than actually being forked at time of writing 15:21:15 <nirik> ok, that makes sense yeah 15:21:30 <adamw> so i guess we can influence that process via the kickstart used to create the server product tree 15:21:40 <adamw> which would be...which kickstart? is it part of the public spin-kickstarts repo? 15:21:50 <nirik> yeah, I would think so. 15:21:58 <mitr> adamw: https://git.fedorahosted.org/cgit/spin-kickstarts.git/tree/fedora-install-server.ks 15:22:37 <adamw> ah, yeah, i think you're right. 15:25:59 <mitr> Anything else on comps? 15:26:03 <adamw> feel free to proceed with the conversation at any time ;) 15:26:12 <mitr> For the record... 15:26:17 <adamw> for now i guess we can see how it turns out. 15:26:20 <mitr> #action twoerner to work on rolectl client 15:26:54 <mitr> And I will try to look at the role implementations (starting with the postgres one, which is simpler), but can't promise it; so more help would very much be welcome. 15:27:05 <adamw> i will note that as the Alpha criteria wound up, for Alpha, the firewall configuration is required to be as described in the tech spec, and Cockpit is required to be running ootb. 15:27:14 <adamw> so those things need to get done (or someone needs to object to the criteria.) 15:27:25 <twoerner> so.. I have to implement the firewall stuff now 15:27:40 <twoerner> #action twoerner implemnt firewall handling 15:27:41 <adamw> the criterion says: "After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 (ssh), port XX (Cockpit web interface), and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly. " 15:27:52 <adamw> the bits about run-time configuration don't have to be done for alpha. 15:27:56 <stefw> adamw, we have cockpit firewall open by default 15:28:05 <mitr> adamw: Cockpit running is handled by https://git.fedorahosted.org/cgit/fedora-release.git/commit/?h=f21&id=1a2ac7edfd30bf34408fa09beda228bb82541730 15:28:09 <stefw> well, it should be in theory given the fedora-server-release package 15:28:32 <stefw> there may be a tweak on the exact cockpit ports due to IANA ... but we won't and shouldn't block on that. 15:28:39 <adamw> mitr: well, you need to ensure it actually gets installed too 15:28:44 <mitr> adamw: Yes 15:28:54 <stefw> sgallagh_afk, worked on a preset to enable cockpit in the fedora-server-release package 15:29:04 <adamw> mitr: as written, the requirement would be that unless the user passes a kickstart with '-cockpit' in it, it would get installed in any Server install. 15:29:22 <mitr> adamw: fedora-release-server Requires: cockpit 15:29:47 <adamw> yeah, or have the two in a mini comps group together and have all the other groups that exist in server include that group, or whatever. 15:29:49 <mitr> stefw: I can't see anything to open the firewall up, but twoerner signed up for it above 15:29:59 <stefw> he has a zone for it 15:30:09 <adamw> stefw: that's why the actual port in the criterion is (still) listed as XX :) 15:30:14 <stefw> ah, ok 15:30:23 <stefw> that zone needs to be the default on fedora server 15:30:24 <mitr> yeah, we do need comps / ks for actually installing fedora-release-server, that was the above conversation about comps/environments. 15:31:00 <adamw> mitr: well, i was suggesting a slightly different way of doing it, but eh. we can sort out the details in the wash 15:32:13 <twoerner> mitr: https://fedoraproject.org/w/index.php?title=Per-Product_Configuration_Packaging_Draft is not accepted yet, right? 15:32:23 <mitr> twoerner: don't know 15:32:42 <mitr> adamw: yeah, we could have used requires: or a comps group; 1) we've been talking about having the "release" package define what the product "is", and in that sense I think requiring cockpit is reasonable, 2) ATM I'm not sure we want to be spending time patching things that already work rather than getting missing functionality done 15:32:51 <twoerner> mitr: I have sub packages.. but I was told that changes are (highly) possible 15:33:31 <mitr> https://fedorahosted.org/fpc/ticket/446 says it was approved 15:35:27 <mitr> Anything else to discuss today? Any ideas of how to find people to help us with the roles? 15:35:30 <twoerner> good 15:35:54 <twoerner> I might need to have a look at the zone for server again to make sure that only the requested ports are open 15:36:10 <mitr> Unfortunately both our FreeIPA experts are unavailable this week, which puts our primariy deliverable role rather at risk :( 15:37:24 <mitr> #topic Open Floor 15:37:39 <mitr> Anything else to discuss today? If not, I'll close the meeting in 3 minutes 15:39:33 * nirik has nothing off hand. 15:40:03 <dgilmore> adamw: pungi strips out non available comps groups. 15:40:19 * adamw has nothing else 15:40:34 <dgilmore> adamw: so each products install tree will only have in it the comps groups for that product 15:41:55 <mitr> Allright; Thanks everyone! 15:41:57 <mitr> #endmeeting