14:00:01 #startmeeting Infrastructure (2018-05-31) 14:00:01 Meeting started Thu May 31 14:00:01 2018 UTC. 14:00:01 This meeting is logged and archived in a public location. 14:00:01 The chair is smooge. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:01 Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:01 The meeting name has been set to 'infrastructure_(2018-05-31)' 14:00:01 #meetingname infrastructure 14:00:01 #topic aloha 14:00:01 #chair smooge relrod nirik pingou puiterwijk tflink 14:00:01 The meeting name has been set to 'infrastructure' 14:00:01 Current chairs: nirik pingou puiterwijk relrod smooge tflink 14:00:05 Good morning all 14:00:09 Hello! 14:00:10 .hello2 14:00:12 bowlofeggs: bowlofeggs 'Randy Barlow' 14:00:12 o/ 14:00:13 .hello2 14:00:13 morning 14:00:15 abompard: abompard 'Aurelien Bompard' 14:00:16 .hello2 14:00:17 .hello psabata 14:00:17 Hello, good morning! 14:00:17 creaked: creaked 'Will Chellman' 14:00:20 contyk: psabata 'Petr Šabata' 14:00:27 hello everyone 14:00:37 Hi 14:00:37 .hello2 14:00:38 vgolwala: vgolwala 'Vismay Golwala' 14:01:05 .hello2 linuxmodder 14:01:06 linuxmodder: linuxmodder 'Corey W Sheldon' 14:01:14 hi 14:01:28 .hello2 14:01:29 LuckyDudeThakur: Sorry, but you don't exist 14:01:42 #topic New folks introductions 14:01:43 #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves 14:02:50 Hello guys, I am new here and I want to introduce myself. My name is Jakub Kadlcik (fas: frostyx) and I am a Red Hat employee working on Copr. I want to become Fedora Infra Apprentice in order to be fully capable of maintaining Copr machines. 14:02:51 this is the first time for me, so -- it came up during the modularity wg meeting last week that someone from that group should attend these 14:02:53 so here I am 14:02:56 morning 14:03:08 welcome contyk! 14:03:17 welcome FrostyX! 14:03:23 oh, hey nirik 14:03:28 I will watch over FrostyX and will learn him about playbooks and so on 14:03:29 welcome both. :) 14:03:37 hello all 14:03:42 Thank you 14:03:47 it's exciting! 14:03:56 Hello everyone, I am Vismay Golwala. I am a Red Hat Intern currently working with the Fedora Infra team. 14:04:05 welcome vgolwala! 14:04:15 how are you bowlofeggs? 14:04:38 abompard: well, i've got an americano in one hand and IRC in the other so not bad 14:04:44 welcome vgolwala. Yoou are going to be working on bodhi this summer? 14:04:47 .hello 14:04:47 wadadli: (hello ) -- Alias for "hellomynameis $1". 14:05:06 nirik: Yes I am 14:05:40 #topic announcements and information 14:05:40 #info relrod PTO 9 Jun - 19 Jun 14:05:40 #info smooge PTO 8 Jun, 15 Jun -> 18 Jun 14:05:40 #info bodhi-3.8.0 deployed 14:06:05 Any other announcements. I am not sure about the bodhi being correct 14:06:19 nfm 14:06:28 #info staging openshift reinstalled with 3.9 14:06:28 smooge: it is correct 14:06:40 sorry, i forgot to update the gobby myself, but it's right :) 14:06:42 (today will be prod... wheee) 14:06:49 nirik ⟿ oh! 14:07:33 good luck nirik 14:07:37 nirik: it'll be fine surely 14:07:44 * smooge goes on PTO 14:07:49 nirik: oh, did I inform you I'll be out from 20:00 UTC? 14:07:50 thanks. I think with what we fixed in stg we should be fine. 14:08:13 🙂 14:08:20 * linuxmodder is hoping to get much more active again 14:08:44 ok next up 14:08:48 #topic Oncall 14:08:48 #info Smooge is on call from 2018-05-29->2018-06-04 14:08:48 #info Nirik is on call from 2018-06-05->2018-06-11 14:08:48 #info Smooge is on call from 2018-06-11->2018-06-15 14:08:48 #info (!Smooge|!Relrod) is on call from 2018-06-15->2018-06-18 14:09:42 I decided to put a schedule up for the next couple of weeks so we have an idea of who can do things when 14:09:58 smooge: cool. thanks! 14:10:06 smooge: good plan with all the pto coming up 14:10:36 the last day is up in the air and needs to be filled out. we can fill out the rest of the month next week 14:12:42 in general being on call is looking to be something for people in sysadmin main because it takes running playbooks, acking nagios, and such. I still owe everyone a sop on it 14:12:46 #topic Tickets discussion 14:12:46 #info https://pagure.io/fedora-infrastructure/issues?status=Open&priority=2 14:13:14 ah man.. I didn't take the items off the list from last meeting 14:13:32 I thought i was so ahead of the game with gobby too :) 14:13:33 oh right. any chance to move those forward ? 14:13:57 i wonder if a non-main person could still be helpful as an oncall 14:14:00 I will mark some more for meeting next week... I didn't get to it this week 14:14:12 because they could still know whether something is important enough to interrupt 14:14:14 and can triage 14:14:35 bowlofeggs: I think so if they knew enough to route things / could handle easy things. 14:15:00 i could be like the person you get when you call your isp 14:15:11 .... 14:15:11 LOL. 14:15:16 "did you try turning it off an on again?" "ok, try clicking the start menu..." 14:15:19 bowlofeggs: some ISPs you actually get a technical person as soon as you call? :) 14:15:23 hahaha 14:15:24 not mine 14:15:44 sorry for derailing the topic with my senseless humor 14:15:47 But yeah. "Oh, you're not running Windows? Well, then we don't support you" 14:15:53 bowlofeggs:nah, it's fine 14:16:09 "press ℵ if you want to talk to a real person" 14:16:14 #info fedora infra only supports windows users 14:16:30 #undo 14:16:30 Removing item from minutes: INFO by bowlofeggs at 14:16:14 : fedora infra only supports windows users 14:16:34 ok 14:16:39 * puiterwijk does not want that in searchable logs.... :) 14:16:45 (not out of context at least) 14:16:59 hah 14:17:10 yeah.. someone might make us stick to that 14:17:34 long ago they actually asked me "what operating system are you running?" 14:17:46 "gentoo" 14:17:52 "I've never heard of Windows Gentoo" 14:18:10 it was a good day 14:18:11 ha 14:18:19 back to the meeting. I don't have any progress on the 2 tickets I took. I will remove them from the meeting queue though 14:18:20 heh.. no ticketts? 14:18:34 anyhow, we can try oncall with someone else like bowlofeggs as his and our time permits? 14:18:54 i'm up for it, perhaps in july though 14:18:56 perhaps just try a day or something. 14:19:01 and see how it goes 14:19:07 june is a crazy month for me 14:19:32 sure. 14:19:34 #topic Migrating from fedmsg to AMQP - jcline and abompard 14:19:47 On the migration: do it, make it so. Do it yesterday 14:19:57 * nirik is fine with the plan. 14:20:16 So a week ago, we posted to the mailing list: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/thread/HLOYNCI4X6ELF76HP54UBMMNL4FPDBQW/ - there's not been much feedback so I just wanted to bring it up here in case people wanted a live discussion 14:20:22 We might try set a deadline/make sure we get everything done in some reasonable timeframe tho. 14:20:37 * nirik doesn't like being in a indeterminate state. 14:20:47 hey can we let jcline get his part out first 14:21:11 jcline, abompard you have the floor 14:21:19 That's pretty much all I had. I would like developers to read over https://fedora-messaging.readthedocs.io/en/latest/ and let me know if they like or don't like the APIs 14:21:45 Now's the easiest time to change these things, so early feedback is good. I'm going to take silence as complete satisfaction :) 14:21:54 haha 14:22:00 oh, when the plan says 'deploy a broker' could we deploy 2 or 3? or does that not work/would add too much complexity? 14:22:09 It should be super easy to set up and play with locally, and if it's not it should be so let me know 14:22:18 i think rabbit can cluster, right? 14:22:28 (for HA?) 14:22:29 nirik, you could (and I'd recommend) deploying a cluster of 3 or 5 14:22:35 yeah it depends if we cluster over LAN or WAN 14:22:41 Clusters need to be on a LAN 14:22:44 great. I thought so, but wanted to make sure. 14:22:53 rabbit is greta 14:23:05 You can federate between datacenters with shovel or similar plugin which uses an AMQP client to send the messages 14:23:06 3 probibly would be ok 14:23:40 i have a slightly related tangent on this to discuss when we're ready 14:23:41 I set up a cluster of 3 at home and it was easy-peasy 14:23:48 gg ez 14:24:04 I just want to avoid SPOF and also be able to reboot things for updates or whatever 14:24:11 So an action item if everyone is pleased with this would be to set up the cluster in stage, then we can deploy the bridges and iron out problems 14:24:16 erlang apps can live upgrade which is insane 14:24:29 what is the CPU/memory/disk space we want for the systems 14:24:58 jcline's testing was all on raspberry pis so i think we just need 3 of those on wifi 14:25:06 For our current message throughput, anything at all basically 14:25:19 yeah we really send very few messages 14:25:47 yeah, they likely could be pretty small. 14:25:53 With a lot of queues more cores help, and memory is always good. 14:26:23 jcline: will we have a lot of queues? Probably not, right, like one per machine? 14:26:27 But yeah, I queued up ~600k small messages on a 3 cluster including a pi3 and it was okay 14:26:34 I think jcline's test cluster vastly outperformed what we need... And it was on a RPi... 14:26:38 Yeah, that 14:26:50 ok sounds good. We can use the arm boxes 14:26:54 Stats on my tests are at https://fedmsg-migration-tools.readthedocs.io/en/latest/migration/performance.html 14:27:27 abompard, I don't think we'll have many queues, and especially at the beginning we'll have 1 or 2 for the bridges 14:28:05 next up would be the questions nirik had about a deadline 14:28:08 I'd expect each app to have at least one queue, but not many more than that 14:28:17 agreed 14:28:53 Hmm. Well, the tools are ~alpha quality, but they are tiny so writing tests and whatnot shouldn't take long 14:29:11 It'd be great if we could have the broker running in prod by flock, even if nothing is using it yet 14:29:42 * nirik nods 14:29:42 And I'd say we should aim to migrate everything off fedmsg by the end of the year? It should be pretty trivial to migrate each app, it's just there's a lot of them to track down 14:30:09 and we need to decide on the security/auth/authz policy 14:30:20 ok so the staging instances need to be ready by mid-June. staging to prod by mid-july. showoff in beginning of august. turn off in November 14:30:26 We'd keep the external zeromq socket running so anything outside our infra won't break, so we just need to worry about our apps 14:30:37 smooge, haha, perfect 14:30:56 abompard, yes, we do 14:31:01 * jcline looks at puiterwijk 14:31:02 let's move the infra meeting from irc to AMQP 14:31:05 who is the consumer of the message queue? 14:31:13 other apps or people? 14:31:25 wadadli, other apps 14:31:27 apps are people. 14:31:29 sorry 14:31:33 Haha 14:31:48 jcline ⟿ ok and do they do things based on the messages they receive? 14:31:56 jcline: yeah. I'll meet up with you or abompard sometime soon to talk about that 14:31:56 hopefully 14:32:06 wadadli, correct 14:32:14 ok so this is like network IPC 14:32:19 gotcha 14:32:23 exactly 14:32:45 puiterwijk, cool, should I schedule a meeting of some variety? video call or text? 14:33:15 jcline: let's try a video call sometime so I get an idea 14:33:47 puiterwijk, okay, I'll see about putting something on the calendar next week. Sound good, abompard? 14:33:54 Yep, sound good to me 14:34:01 perfect 14:34:07 ok anything more on this? 14:34:07 (that'll give me time to set up rabbit 3.7 and play with the topic auth) 14:34:17 That's all I've got 14:34:25 yep 14:34:27 i have a tangent 14:34:36 that is acute 14:34:37 (I mean: that's all I've got too) 14:34:57 bowlofeggs, you have the floor 14:35:25 tangent: i'd like to be able to use this same rabbit deployment for bodhi's task workers 14:35:31 bowlofeggs: +1 14:35:43 It'd be good for FMN to also use it 14:35:45 mostly i'm thinking "hey, there is a nice rabbit server, let's use it for more than just fedmsgs" 14:35:49 indeed 14:35:50 bowlofeggs: I would like to use the same cluster for every rabbit use we do. BUT first the authn/authz stuff 14:36:01 as long as there are no security concerns, sure. 14:36:09 right now bodhi uses fedmsg to send tasks to backend02, and i'd like to use celery or something similar instead, wtih rabbit 14:36:09 rabbit has virtual hosts, so we should set up a virtual host for the general pub-sub stuff, one for bodhi, one for fmn, etc 14:36:35 jcline: right. But aren't clusters inside a virtual host? 14:36:39 cool, that's my only thought :) 14:36:46 i.e. are virthosts within clusters or clusters within virthosts? 14:36:50 i'd long wanted to do this, but i didn't want ot stand up a rabbit just for bodhi 14:37:11 puiterwijk, I think it's many virtual hosts within a cluster, and a cluster is made up of 1 or more rabbits, but I'll need to re-read the docs 14:37:15 bowlofeggs: agreed. Right now we have a basic rabbitmq role that makes it simple, but if we get a centralized broker, that'd be great 14:37:26 jcline: ah, cool. 14:37:41 Well, if we can figure the authz stuff out, I'd like to put all the rabbit stuff on the same cluster 14:37:55 Sounds good to me 14:38:08 Less work for everyone. 14:38:11 yeah 14:38:19 less work++ 14:38:20 RMQAAS 14:38:42 nirik: ......https://wiki.openstack.org/wiki/Cue 14:38:47 Don't ask. It's openstack 14:39:00 awww... they didn't call it 'Watership Down' ? 14:39:19 that's all from me... for now! 14:39:59 #topic Apprentice Open office minutes 14:39:59 #info A time where apprentices may ask for help or look at problems. 14:40:17 any questions on tickets or such? 14:40:59 I'd like to note our easyfix ones: 14:41:02 https://pagure.io/fedora-infrastructure/issues?status=Open&tags=easyfix 14:41:29 if anyone wants to hear more details about any of those, just ask 14:43:19 * wadadli takes a look 14:44:09 * FrostyX saves the page so he takes some issue from it in the future 14:45:01 we also have packaging work: 14:45:06 .tiny https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&email1=infra-sig&emailassigned_to1=1&emailcc1=1&emailtype1=substring&list_id=8012091&order=bug_id&product=Fedora&query_based_on=&query_format=advanced 14:45:06 nirik: http://tinyurl.com/y8pn93p6 14:46:03 The fun never ends. ;) 🤡 14:46:27 willing to help with packaging; jwould just need some guidance to get started 14:47:23 ok any questions on them? 14:48:03 #topic Open Floor 14:48:04 smooge: i'll reach out after the meeting if you will be around 14:48:39 creaked, I should be but slow to respond.. today is meeting day 14:49:08 can you guys weigh in on this? I have machine -> vm -> nested vm -> docker containers 14:49:20 wadadli, usecase ? 14:49:27 I tried adding port forwarding on vm to reach docker containers from machine 14:49:44 academic or you attempting to create a insane nesting / embedded environment 14:50:06 linuxmodder ⟿ just ran minishift on a vm and was left with this 14:50:19 minishift ? 14:50:20 would like to reach web console from machine 14:50:23 in theory I would expect you could get that to work, but why the nested vm? 14:50:38 and that^ 14:50:56 nirik ⟿ well I have a fedora-server vm that I do most of my testing on 14:50:58 docker with at most a selinux_context-{foo}_t 14:51:28 so I ran the minishift installer on it and it created a nested vm 14:51:37 ah... right. ok 14:52:10 but the weird thing is even though I added the forward ports in firewalld I cannot access the web console from the machine 14:52:18 you should be able to port forward I would think... make sure there's no firewalls on the vm 14:52:32 (in the way) 14:52:33 vm1 or nested vm 14:53:14 I tried firewall-cmd --permanent --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=192.168.42.50 14:53:37 perhaps there might be a firewall in the way on the boot2docker instance 14:53:37 well, the console is just on 443 I thought? 14:54:05 anyhow, can discuss this out of meeting? 14:54:09 oh well after running minishift it says the console is on 192.168.42.x:8443 14:54:50 ok. 14:54:54 ok time to call it quits here. 14:55:05 * nirik hasn't used minishiift much... perhaps #minishift could sort it? 14:55:07 thank you all again for coming 14:55:11 #endmeeting