#fedora-meeting-1 log

15:09:03 <mitr> #startmeeting Server Working Group Weekly Meeting (2014-07-15)
15:09:03 <zodbot> Meeting started Tue Jul 15 15:09:03 2014 UTC.  The chair is mitr. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:09:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:09:14 <mitr> #chair sgallagh mizmo nirik davidstrauss stefw adamw simo tuanta mitr
15:09:14 <zodbot> Current chairs: adamw davidstrauss mitr mizmo nirik sgallagh simo stefw tuanta
15:09:22 <nirik> .hellomynameis kevin
15:09:23 <mitr> #topic Release Media Status and Tasks
15:09:23 <zodbot> nirik: kevin 'Kevin Fenzi' <kevin@scrye.com>
15:09:27 <mitr> #info fedora-release-server: done
15:09:30 <adamw> .hellomynameis adamwill
15:09:31 <zodbot> adamw: adamwill 'Adam Williamson' <adamw+fedora@happyassassin.net>
15:09:33 <mitr> #info Comps updated to include Server packages, selectable roles: Patch sent to rel-eng
15:09:38 <mitr> #info Finish kickstart (install fedora-release-server by default): Depends on comps
15:09:43 <mitr> #info rolekit: close to first upstream+RPM release, client and roles work still outstanding
15:09:49 <mitr> #info role implementations: only bare skeletons exist, help needed
15:10:06 <danofsatx-work> .hellomynameis dmossor
15:10:07 <zodbot> danofsatx-work: dmossor 'Dan Mossor' <danofsatx@gmail.com>
15:10:49 <adamw> how was the comps "Patch sent to rel-eng" precisely?
15:10:51 <adamw> i usually send comps@ changes to devel@ for review, i'm not sure it's exactly considered to be 'owned' by releng...
15:11:01 <nirik> yeah, please send to devel list. ;)
15:11:02 <tuanta_> .hellomynameis tuanta
15:11:03 <zodbot> tuanta_: tuanta 'Truong Anh Tuan' <tuanta@iwayvietnam.com>
15:11:12 <mitr> adamw, nirik: My mistake, will resend.
15:11:13 <nirik> patches are so rare there, we should treasure them. ;)
15:11:24 <mitr> #action mitr to resend comps changes to devel@
15:11:39 <mitr> #action mitr to finish kickstart after comps changes land
15:11:54 <mitr> nirik: Is anything else needed for getting the initial release media done?
15:12:12 <nirik> not that I can think of off hand.
15:12:28 <adamw> anaconda will use the groups from the modified comps without a patched anaconda being needed, presumably?
15:12:31 <nirik> where are the role implementations?
15:13:03 <twoerner> nirik: in rolekit/config/roles from ssh://git.fedorahosted.org/git/rolekit.git
15:13:23 <mitr> adamw: My tentative patches create a "Fedora Server" environment, place it first (i.e. to be selected by default by anaconda), and include fedora-release-server in that environment.
15:13:27 <twoerner> nirik: there are only skeletons right now
15:14:42 <adamw> mitr: i was expecting the env groups would be per-role, and fedora-release-server would just be pulled in via a group that can't be un-selected, i.e stick it in @core
15:15:03 <twoerner> nirik: the docs in the skeletons need some changes according to the changes I am working on atm
15:15:10 <adamw> assuming the approach we want is 'if you install from Fedora Server media, you're installing Fedora Server'...
15:15:21 <mitr> adamw: That would require a different @core for different products, right now there is only one for all of f21.
15:15:41 <nirik> ok, cool.
15:15:54 <adamw> but the whole of comps is forked between products, isn't it? in what sense can there be 'one for all of f21'?
15:16:16 <mitr> No, it's not forked in https://git.fedorahosted.org/cgit/comps.git/tree/ at the moment.
15:16:33 <nirik> forked comps? no.
15:17:11 <adamw> nirik: oh, i thought dgilmore said that was a thing. per-product comps.
15:17:29 <mitr> It's a reasonable idea, but it would also be rather a hassle with the current mechanism (would need includes/overrides to avoid editing everything in 2 releases * 3 products = 6 places)
15:17:31 <nirik> huh, not that I know of.
15:17:39 <adamw> wasn't it part of the argument against having a generic boot.iso ?
15:19:21 <nirik> well, the main argument is that it would need another tree I think
15:19:39 * nirik 's main confusion around boot isos is what the show when with what repos enabled.
15:19:55 <adamw> oh, i found the conversation.
15:20:22 <adamw> http://fpaste.org/118132/05437588/
15:20:43 <adamw> so...comps will be different between each product tree because of how the product trees are created, rather than actually being forked at time of writing
15:21:15 <nirik> ok, that makes sense yeah
15:21:30 <adamw> so i guess we can influence that process via the kickstart used to create the server product tree
15:21:40 <adamw> which would be...which kickstart? is it part of the public spin-kickstarts repo?
15:21:50 <nirik> yeah, I would think so.
15:21:58 <mitr> adamw: https://git.fedorahosted.org/cgit/spin-kickstarts.git/tree/fedora-install-server.ks
15:22:37 <adamw> ah, yeah, i think you're right.
15:25:59 <mitr> Anything else on comps?
15:26:03 <adamw> feel free to proceed with the conversation at any time ;)
15:26:12 <mitr> For the record...
15:26:17 <adamw> for now i guess we can see how it turns out.
15:26:20 <mitr> #action twoerner to work on rolectl client
15:26:54 <mitr> And I will try to look at the role implementations (starting with the postgres one, which is simpler), but can't promise it; so more help would very much be welcome.
15:27:05 <adamw> i will note that as the Alpha criteria wound up, for Alpha, the firewall configuration is required to be as described in the tech spec, and Cockpit is required to be running ootb.
15:27:14 <adamw> so those things need to get done (or someone needs to object to the criteria.)
15:27:25 <twoerner> so.. I have to implement the firewall stuff now
15:27:40 <twoerner> #action twoerner implemnt firewall handling
15:27:41 <adamw> the criterion says: "After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 (ssh), port XX (Cockpit web interface), and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly. "
15:27:52 <adamw> the bits about run-time configuration don't have to be done for alpha.
15:27:56 <stefw> adamw, we have cockpit firewall open by default
15:28:05 <mitr> adamw: Cockpit running is handled by https://git.fedorahosted.org/cgit/fedora-release.git/commit/?h=f21&id=1a2ac7edfd30bf34408fa09beda228bb82541730
15:28:09 <stefw> well, it should be in theory given the fedora-server-release package
15:28:32 <stefw> there may be a tweak on the exact cockpit ports due to IANA ... but we won't and shouldn't block on that.
15:28:39 <adamw> mitr: well, you need to ensure it actually gets installed too
15:28:44 <mitr> adamw: Yes
15:28:54 <stefw> sgallagh_afk, worked on a preset to enable cockpit in the fedora-server-release package
15:29:04 <adamw> mitr: as written, the requirement would be that unless the user passes a kickstart with '-cockpit' in it, it would get installed in any Server install.
15:29:22 <mitr> adamw: fedora-release-server Requires: cockpit
15:29:47 <adamw> yeah, or have the two in a mini comps group together and have all the other groups that exist in server include that group, or whatever.
15:29:49 <mitr> stefw: I can't see anything to open the firewall up, but twoerner signed up for it above
15:29:59 <stefw> he has a zone for it
15:30:09 <adamw> stefw: that's why the actual port in the criterion is (still) listed as XX :)
15:30:14 <stefw> ah, ok
15:30:23 <stefw> that zone needs to be the default on fedora server
15:30:24 <mitr> yeah, we do need comps / ks for actually installing fedora-release-server, that was the above conversation about comps/environments.
15:31:00 <adamw> mitr: well, i was suggesting a slightly different way of doing it, but eh. we can sort out the details in the wash
15:32:13 <twoerner> mitr: https://fedoraproject.org/w/index.php?title=Per-Product_Configuration_Packaging_Draft is not accepted yet, right?
15:32:23 <mitr> twoerner: don't know
15:32:42 <mitr> adamw: yeah, we could have used requires: or a comps group; 1) we've been talking about having the "release" package define what the product "is", and in that sense I think requiring cockpit is reasonable, 2) ATM I'm not sure we want to be spending time patching things that already work rather than getting missing functionality done
15:32:51 <twoerner> mitr: I have sub packages.. but I was told that changes are (highly) possible
15:33:31 <mitr> https://fedorahosted.org/fpc/ticket/446 says it was approved
15:35:27 <mitr> Anything else to discuss today?  Any ideas of how to find people to help us with the roles?
15:35:30 <twoerner> good
15:35:54 <twoerner> I might need to have a look at the zone for server again to make sure that only the requested ports are open
15:36:10 <mitr> Unfortunately both our FreeIPA experts are unavailable this week, which puts our primariy deliverable role rather at risk :(
15:37:24 <mitr> #topic Open Floor
15:37:39 <mitr> Anything else to discuss today?  If not, I'll close the meeting in 3 minutes
15:39:33 * nirik has nothing off hand.
15:40:03 <dgilmore> adamw: pungi strips out non available comps groups.
15:40:19 * adamw has nothing else
15:40:34 <dgilmore> adamw: so each products install tree will only have in it the comps groups for that product
15:41:55 <mitr> Allright; Thanks everyone!
15:41:57 <mitr> #endmeeting