15:00:04 <sgallagh> #startmeeting Server SIG Weekly Meeting (2015-10-13)
15:00:04 <zodbot> Meeting started Tue Oct 13 15:00:04 2015 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:04 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:00:04 <sgallagh> #meetingname ServerSIG
15:00:04 <sgallagh> #chair sgallagh mizmo nirik stefw adamw simo tuanta danofsatx
15:00:04 <sgallagh> #topic roll call
15:00:04 <zodbot> The meeting name has been set to 'serversig'
15:00:04 <zodbot> Current chairs: adamw danofsatx mizmo nirik sgallagh simo stefw tuanta
15:00:11 <stefw> .hello stefw
15:00:12 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com>
15:00:13 <nirik> .hello kevin
15:00:14 <zodbot> nirik: kevin 'Kevin Fenzi' <kevin@scrye.com>
15:00:17 <nirik> morning
15:00:23 <sgallagh> .hello sgallagh
15:00:24 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
15:00:43 <mizmo> .hello duffy
15:00:44 <zodbot> mizmo: duffy 'Máirín Duffy' <fedora@linuxgrrl.com>
15:01:24 <sgallagh> danofsatx sent his regrets
15:02:33 <sgallagh> #topic Agenda
15:02:51 <sgallagh> Sorry I forgot to send an agenda email earlier. I was on PTO yesterday and my morning got away from me catching up.
15:03:02 <nirik> no worries
15:03:06 <sgallagh> I have three items for the agenda this week
15:03:21 <sgallagh> #info Agenda Item: Empty WG Seat
15:03:21 <sgallagh> #info Agenda Item: Fedora 23 Final Tasks
15:03:21 <sgallagh> #info Agenda Item: Fedora 24 Planning
15:03:46 <sgallagh> Does anyone else have a topic they'd like discussed today?
15:04:42 <adamw> .hello adamwill
15:04:43 <zodbot> adamw: adamwill 'Adam Williamson' <awilliam@redhat.com>
15:04:50 <adamw> sorry, gettin' coffee
15:04:57 <sgallagh> A noble pursuit
15:05:35 <sgallagh> OK, if anything comes up, we have Open Floor
15:05:43 <sgallagh> #topic Empty WG Seat
15:06:06 <sgallagh> So, a while back, mitr withdrew from the WG, citing lack of availability.
15:06:31 <sgallagh> We (I) completely flaked on addressing this at the time.
15:06:52 <sgallagh> So we should figure out how best to find someone to claim the open seat
15:07:06 <adamw> forced participation lottery!
15:07:08 * nirik missed that. ;(
15:07:08 <adamw> the Fedora Draft
15:07:22 <sgallagh> Ideally, I'd like for us to discuss where we think we lack expertise and seek someone to fill that gap.
15:08:20 <sgallagh> (That was essentially our original charter; each of the members of the WG represented a part of the wider Fedora Project)
15:08:28 <sgallagh> Sorry, not exactly charter.
15:08:36 <sgallagh> That was our original layout and we've mostly kept to it.
15:08:45 <nirik> so, what areas was mitr representing?
15:09:15 <sgallagh> nirik: Primarily security focus
15:09:33 <nirik> ok, cool.
15:09:35 * nirik ponders
15:09:52 * mizmo looks at old meeting minutes to see who outside of the voting members has participated and sees linux-modder, jsmith, dgilmore, nirik ... fwiw
15:10:04 <mizmo> that's for the past 2 months
15:10:21 <sgallagh> We have several people who generalize on security, so I'm not sure that's specifically unaddressed with the current makeup
15:10:22 <adamw> there's been a bit of a revival in security stuff lately, i think
15:10:41 <adamw> sgallagh: i generalize on security all the time! "sure, looks secure to me, ship it"
15:10:55 <dgilmore> adamw: :P
15:10:58 <adamw> all code guaranteed *generally* secure
15:11:01 <sgallagh> adamw: Thanks, I needed that. Also my coworkers are looking at me funny now
15:11:12 <adamw> heh
15:11:34 <bconoboy> is there a server specific aspect to security?
15:11:57 <sgallagh> bconoboy: Well, among other things we have certain differing defaults from the other Editions
15:12:02 <adamw> bconoboy: well, i guess it's mainly when we're making decisions about what to include and what to set by default
15:12:07 <sgallagh> Such as the default firewall configuration and enabled services
15:12:23 <adamw> it seems like the security@ list is fairly quiet but when someone posts, people respond
15:12:29 <adamw> so we could ask there if anyone's interested...
15:12:53 <sgallagh> Well, before we go too far down that path, is that a specific role we want filled, or are we perhaps weaker somewhere else?
15:14:17 <sgallagh> (That wasn't a leading question; I'm looking for input)
15:14:37 <nirik> if we are looking at containing some roles, perhaps someone with a container background?
15:14:58 <adamw> ooh, can we start luring them in and offing them one by one? it might take a while, though.
15:15:07 <sgallagh> I was about to suggest whether we want someone with more config-management expertise as well.
15:15:36 <nirik> config-management?
15:15:45 <sgallagh> But it occurs to me that nirik probably covers that and I should start asking more pointed questions in his direction :)
15:15:52 <nirik> :)
15:16:30 <mizmo> i dont know what our current balance is but i think a balance between domain specific expertise (actual server users working in prod envs) and emerging tech expertise (eg containers, atomic, etc) would be ideal
15:16:33 <sgallagh> Yeah, perhaps finding someone to focus on how we interact with a hybrid traditional/cloud world would be wise
15:16:37 <mizmo> note i fit into neither bucket lol
15:17:00 <sgallagh> mizmo: You're here because you make sure we think about our users, not just our tech. You are *invaluable* in that regard.
15:17:21 <simo> .hello simo
15:17:23 <zodbot> simo: simo 'Simo Sorce' <ssorce@redhat.com>
15:17:30 <mizmo> sgallagh, thus why i think actual server admins are super valuable too
15:17:33 <sgallagh> simo: Hello
15:17:48 <sgallagh> mizmo: Right, that's why we have danofsatx around (when he can make it)
15:17:56 <sgallagh> And nirik, of course
15:18:27 <simo> sorry I am in a conf call as well and did not realize it was this late
15:18:51 <sgallagh> But I'm certainly open to an argument for finding someone in another type of business to get involved.
15:18:57 <sgallagh> Maybe someone from FSI?
15:19:07 <sgallagh> /me wonders if SEJeff would be interested...
15:19:44 <sgallagh> Or Jon Stanley...
15:20:12 <nirik> or majorhayden?
15:20:21 <mizmo> jon stanley or majorhayden would be good, i dont know sejeff
15:20:24 <bconoboy> draft major!
15:21:11 <sgallagh> mizmo: He hasn't been around much lately, but he worked with me on SSSD for a while as a user/tester and used to maintain a bunch of the GNOME infra
15:21:38 <sgallagh> If majorhayden would be interested, he'd certainly be a great resource.
15:22:01 <sgallagh> Jon is probably a long-shot, since he's now a VP
15:23:39 <adamw> make him the VP of Server
15:23:49 <adamw> it comes with a zillion shares in rolekit
15:24:17 <sgallagh> /me snickers
15:25:03 <sgallagh> Any objections if I reach out to both of them and see if they are interested?
15:25:09 <sgallagh> Or alternate suggestions?
15:25:13 <adamw> wfm
15:26:32 <sgallagh> #action sgallagh to reach out to Major Hayden and Jon Stanley about vacant Server WG seat.
15:26:47 <nirik> sounds good
15:27:06 <sgallagh> #topic Fedora 23 Final Tasks
15:27:20 <sgallagh> OK, so as of midnight UTC, we are in Final Freeze.
15:28:11 * nirik nods
15:28:15 <sgallagh> mizmo, tuanta: What are the remaining tasks for release? Announcements, websites, talking points, etc,?
15:29:36 <adamw> most of the validation tests haven't been run since beta, so we need to get through those again
15:29:47 <adamw> a Final TC8 should show up today (per dgilmore)
15:29:54 <sgallagh> adamw: I haven't recorded them, but I've run a bunch of the Server tests on TC1
15:30:01 <adamw> ah, cool, thanks
15:30:14 <sgallagh> Aside from that 389ds mess, things look generally okay
15:30:45 <sgallagh> I filed an FE for rolekit because we missed Freeze for pushing the final upstream release to stable.
15:30:48 <adamw> the 389-ds thing should be resolved today
15:31:05 <sgallagh> (Stupid me taking a PTO day...)
15:31:07 <adamw> none of the current blockers looks systemd-related
15:31:26 <adamw> sgallagh: it's not really on the matrix - we should fix that - but have you tested upgrade of a working freeipa config to 23?
15:31:39 <adamw> er, s/systemd/server/
15:32:14 <adamw> we've had issues with upgrades before, it'd be good to check
15:32:26 <sgallagh> adamw: Good point. I'll put that on my list for TC8
15:32:29 <adamw> thanks
15:32:36 <adamw> i will also...
15:32:42 <adamw> we DEFINITELY need to get this stuff automated for 24.
15:32:48 <sgallagh> I think I did around Beta also, but I'm not certain
15:33:04 <nirik> automate all the things.
15:34:02 <sgallagh> #info Fedora 23 is in Final Freeze
15:34:34 <sgallagh> #info There was a compose issue related to a bodhi bug causing 389ds to break dependencies. It will be fixed in TC8.
15:35:29 <sgallagh> #action sgallagh to test upgrades of FreeIPA from F22 to F23.
15:35:55 <sgallagh> mizmo: Anything from the websites/design side we should be aware of?
15:37:59 <sgallagh> OK, I guess she got called away.
15:38:21 <sgallagh> Anyone else have anything we need to consider for F23 Final?
15:39:19 <sgallagh> #topic Fedora 24 Planning
15:39:28 <sgallagh> The king is dead. Long live the king!
15:39:55 <adamw> well, yeah, my plan for f24 is to automate the goddamn tests. :P
15:40:02 <adamw> that may be with openQA or it may be with beaker(!)
15:40:08 <sgallagh> So now that we're pretty much ready to go on F23, what are the big items we should focus on for the next cycle?
15:40:24 <sgallagh> #info adamw is working on automating the release validation tests for F24
15:40:57 <sgallagh> #info rolekit will be focusing on support for creating out-of-tree roles
15:41:16 <sgallagh> (Coordinating with DevAssistant to make this easy)
15:42:10 <nirik> I guess we are dropping i386 images...
15:42:47 <sgallagh> #info Reminder: i386 install images are going away in Fedora Server 24.
15:43:49 * mizmo sorry had a cubing
15:44:04 <mizmo> for the website we need a quote
15:44:08 * nirik will ponder on it. Not sure how much time I have, but there's lots of things we _could_ do. ;)
15:44:22 <mizmo> i emailed john unland 3 times but no reply :/
15:45:03 <sgallagh> Darn
15:45:10 <sgallagh> ok, yeah we need a new quote
15:45:51 <mizmo> we *could* just drop it too - the other editions only have one quote each, we have 2
15:46:52 <sgallagh> I'd prefer finding another quote. Let's call that Plan B
15:47:08 <mizmo> kk
15:47:42 <sgallagh> I'll see if I can rustle something up
15:47:58 <mizmo> sgallagh++
15:48:47 <sgallagh> As a general focus in F24, I think we should try to coordinate better with the other editions.
15:49:05 <sgallagh> Figure out where we play alongside Cloud and how we can make it easier for Workstation to manage us.
15:49:24 <roshi> that would be great :)
15:49:26 <mizmo> yeh thats a grea tidea
15:50:26 <sgallagh> mizmo: I'm glad you think so, because I was about to ask you to look into some user studies on the Workstation-Server interaction.
15:50:33 <sgallagh> Help us figure out what "easier" means. :)
15:51:57 <mizmo> sgallagh, well the primary way to manage server from workstation would be via cockpit no?
15:52:08 <sgallagh> #info General theme for Fedora 24: Closer integration with other editions
15:52:11 <mizmo> sgallagh, at least one-on-one. i dont know what the orchestration story is (satellite upstream?)
15:52:51 <mizmo> sgallagh, so the workstation involvement i think would be minimal except to ensure that workstation would ship / make it easy to install any bits you'd need for those tools to be used smoothly in workstation's default browser
15:52:53 <sgallagh> mizmo: Yeah, Cockpit is our primary GUI. Some thoughts: how do we make it more discoverable?
15:53:06 <sgallagh> We added the links to the getty prompt in F23; is that enough? Can we do better?
15:53:26 <stefw> Workstation has a link to Cockpit when it's installed
15:53:26 <mizmo> is there some kind of avahi like discovery thing you can do for cockpits?
15:53:38 <mizmo> stefw, thats for the local system tho right? not for other systems?
15:53:44 <sgallagh> stefw: But only for the local machine.
15:53:51 <stefw> yes and no
15:53:57 <stefw> you can run cockpit locally and then add your servers
15:54:12 <sgallagh> Right, but you still aren't "discovering" servers
15:54:14 <mizmo> a long time ago i did gtk mockups for rhn satellite to kind of poll the network and find satellite registered systems
15:54:15 <sgallagh> You have to know where they are
15:54:18 <stefw> that's pretty common if you don't want to expose port 9090 everywhere, or deal with provisioning valid TLS certs everywhere
15:54:30 <stefw> sgallagh, yup
15:54:36 <mizmo> something like virt-manager, but for not necessarily virt servers
15:54:55 <simo> stefw: is it easy in local cockpit to add a remote cockpit ?
15:54:55 <mizmo> is auto discovery just a no go for security reasons?
15:55:03 <stefw> simo, yup
15:55:12 <sgallagh> I would like to have you guys talk about this more outside the meeting. Something like using FreeIPA if it's in play to look up hosts, perhaps.
15:55:13 <stefw> and it's getting easier in F24 timeframe
15:55:23 <simo> stefw: if it were just a matter of "hey add the hostname here" then all we may want to is to have trhe local cockpit bookmark available in Firefox
15:55:35 <sgallagh> mizmo: I wouldn't think so; you'd still need credentials.
15:55:38 <simo> then all you need is to click there and in cockpit just add the hosts you want to manage
15:55:45 <stefw> right
15:55:46 <mizmo> fwiw, this is big, and my chariot turns into a pumpkin in ~5 weeks
15:56:08 <mizmo> until feb or march-ish
15:56:13 <sgallagh> Right.
15:56:25 <simo> sgallagh: yes hainvg cockpit consult freeipa to find a list of hosts to pick from may be a neat idea
15:56:27 <simo> stefw: ^
15:56:37 <stefw> yeah, not a bad ideo
15:57:17 <mizmo> one way is to think about it in terms of how you'd like an ideal demo to go, right?
15:57:19 <stefw> esp once we get cockpit + IPA working for real
15:57:21 <simo> using the managed-by field it would be a simple queryt and you may even just get (by default) only the hosts you manage (or your primary group manages)
15:57:27 <sgallagh> So we got into the weeds a bit there, but this is a pretty good example of what I meant about working with the other editions
15:57:46 <simo> sgallagh: yeah sorry for deviating :)
15:58:01 <mizmo> well even beyond managing server
15:58:11 <sgallagh> Not a problem. It's good material
15:58:54 <mizmo> what about getting the server roles supported well in workstation / cloud?
15:58:58 <mizmo> or is that too out of scope
15:58:59 <sgallagh> Another example would be polishing up the PostgreSQL fat client
15:59:10 <sgallagh> mizmo: What do you mean by "supported well"?
15:59:21 <roshi> as in cloud using rolekit?
15:59:40 <sgallagh> (Fun fact, we don't advertise it but rolekit deployments work fine from Workstation; in fact I test it that way much of the time)
15:59:52 <sgallagh> s/from/on/
15:59:53 <mizmo> sgallagh, well for example, for a free ipa role, can a workstation client auto discover the free ipa we deployed an offer the user to subscribe to it or something
16:00:02 <roshi> cloud images tend to be set up with cloud-init or ansible - so not sure rolekit would solve much there - but that's just a guess
16:00:11 <sgallagh> mizmo: Ahh, from the consumer perspective.
16:00:17 <sgallagh> Yeah, that would be interesting to explore.
16:00:32 <sgallagh> In that specific example, if DNS is set up correctly, the answer is yes.
16:00:43 <sgallagh> (That is a *big* "if" ;-) )
16:01:13 <simo> mizmo: the q. is, when do you ask ?
16:01:15 <sgallagh> Seems like we have a lot of ideas for Server-Workstation interaction. Server-Cloud needs more thought
16:01:24 <simo> you certainly do not want to ask all the time :)
16:01:34 <sgallagh> simo: I think the implication was as part of Initial-Setup.
16:01:49 <sgallagh> Which we can already do manually, so maybe having auto-detect better integrated there would be good
16:02:23 <sgallagh> FYI, we are over time. I'm available to continue if we want to.
16:04:11 <sgallagh> #info Some ideas for integration: Cockpit getting server lists from FreeIPA, better support for pgAdmin in Workstation, Better autodetection of FreeIPA domains in Initial Setup.
16:04:41 <sgallagh> #info Server-Cloud interaction needs some more thought
16:05:04 <roshi> our meeting is tomorrow if we want to put it on the Cloud agenda
16:05:09 <roshi> fwiw
16:05:15 * roshi can help facilitate that
16:05:33 <sgallagh> roshi: What time is the Cloud meeting tomorrow?
16:06:08 <roshi> 1900 UTC I think
16:06:13 <roshi> lemme double check though
16:06:20 <sgallagh> Directly opposite FESCo?
16:06:50 <sgallagh> I won't be able to make that; could I get a volunteer from the WG to attend the Cloud meeting tomorrow?
16:07:09 <roshi> nvm, 1700 UTC
16:07:24 <roshi> at least, that's what the calendar says
16:07:38 * roshi is bad at remembering times and relies on the calendar :p
16:07:40 <sgallagh> OK, I might be able to make that, but I'd also be thrilled if someone else wants to volunteer :)
16:08:56 <roshi> I'll put something on the meeting agenda
16:09:00 <sgallagh> Thank you
16:09:45 <sgallagh> #topic Open Floor
16:09:54 <sgallagh> Anything for Open Floor, or shall we call it a day?
16:11:33 <sgallagh> Alright, thanks for coming folks!
16:11:35 <sgallagh> #endmeeting