#fedora-meeting-1 log

14:00:53 <smooge> #startmeeting Infrastructure (2018-07-05)
14:00:53 <zodbot> Meeting started Thu Jul  5 14:00:53 2018 UTC.
14:00:53 <zodbot> This meeting is logged and archived in a public location.
14:00:53 <zodbot> The chair is smooge. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:53 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:00:53 <zodbot> The meeting name has been set to 'infrastructure_(2018-07-05)'
14:00:53 <smooge> #meetingname infrastructure
14:00:53 <zodbot> The meeting name has been set to 'infrastructure'
14:00:53 <smooge> #topic aloha
14:00:53 <smooge> #chair nirik pingou puiterwijk relrod smooge tflink threebean
14:00:53 <zodbot> Current chairs: nirik pingou puiterwijk relrod smooge tflink threebean
14:01:00 <marc84> hi everyone
14:01:04 <relrod> morning
14:01:06 <nirik> morning
14:01:08 <smooge> hello
14:01:10 <cverna> o/ hello
14:01:26 <keitellf> hey
14:01:51 <aikidouke> top o the morning
14:02:29 <puiterwijk> Morning
14:05:01 <smooge> ok lets go to the next sections
14:05:03 <creaked> .hello2
14:05:04 <zodbot> creaked: creaked 'Will Chellman' <creaked@gmail.com>
14:05:13 <smooge> #topic New folks introductions
14:05:14 <smooge> #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves
14:05:26 <smooge> Hello any new people at the meeting today?
14:07:27 <smooge> #topic announcements and information
14:07:27 <smooge> #info bowlofeggs is on PTO
14:07:27 <smooge> #info abompard is on PTO
14:07:27 <smooge> #info pingou is on half-time PTO
14:07:27 <smooge> #info tflink is going on extended PTO
14:07:28 <smooge> #info major Ibiblio outage 2018-07-10
14:07:29 <smooge> #info FLOCK in Dresden is 2018-08-08
14:07:31 <smooge> #info visit to PHX2 will be happenening 2018-08-15->2018-08-18
14:07:33 <smooge> #info Currently deplying new version of OSBS in prod - cverna
14:07:40 <smooge> Any other announcements for this week?
14:08:14 * nirik doesn't think so.
14:09:38 <smooge> #topic Oncall
14:09:38 <smooge> #info Kevin is on call from 2018-07-06->2018-07-12
14:09:38 <smooge> #info Relrod is on call from 2018-07-13->2018-07-19
14:09:38 <smooge> #info Smooge is on call from 2018-07-20->2018-07-26
14:09:39 <smooge> #info Kevin? is on call from 2018-07-27->2018-08-01
14:09:40 <smooge> #info Smooge is on call from during FLOCK
14:09:43 <smooge> #info Summary of last week: (from Smooge)
14:10:04 * nirik nods
14:10:39 <smooge> The last week was pretty good. We had the outage and a couple of small fires but nothing big
14:11:16 <smooge> I did run into a problem on Tuesday where everyone was pinging Kevin and I didn't catch it to act interference until too late
14:11:30 <smooge> My apologies on that
14:11:43 <smooge> Anything else about on-call for this week?
14:12:13 <smooge> Ok the next parts of the agenda are repeats of last week..
14:12:19 <smooge> #topic Flock Talks People want to see
14:12:42 <smooge> I think the first pass at talk approval was done just now
14:12:46 <nirik> yeah, reminder that flock talks accept input...
14:12:53 <puiterwijk> smooge: second pass
14:13:07 <nirik> https://pagure.io/flock/issues/
14:13:19 <smooge> puiterwijk, so its a 2 pass compiler?
14:13:34 <puiterwijk> smooge: 3-pass. One was June 15, one July 2, and the next and last is July 15
14:13:51 <keitellf> That's a really long compile time.
14:13:59 <smooge> its all the Yacc in the middle
14:14:03 <puiterwijk> Yep, it is
14:14:28 <smooge> and that is my limit of C puns for the dya
14:14:42 <smooge> #topic pkgdb retirement - kevin
14:14:42 <smooge> #info many items found last meeting. any resolutions?
14:15:21 <suanand> (hi, sorry)
14:15:33 <smooge> this was to be discussed out of meeting last time.. I am not sure any of the people working on it are around today though
14:15:53 <nirik> smooge: I think we still need to make sure taskotron isn't using it, then we can take it down
14:16:04 <nirik> (and replace that other thing that uses it by a static file)
14:16:05 <smooge> is supybot still using it?
14:16:22 <puiterwijk> smooge: no, that uses Pagure I'm pretty sure
14:16:39 <nirik> gnome-software is the last user.
14:17:02 <nirik> it uses it to see what versions are active and what to offer as dist-upgrade
14:17:10 <smooge> ah ok
14:17:21 <smooge> all right then.. next item?
14:17:32 <cverna> I think pingou was coordinating with kparal about taskotron
14:17:49 <smooge> also is it ok for me to remove this from the agenda for next week?
14:17:53 <nirik> yep
14:17:54 <relrod_cld> I was going to look at that gnome-software endpoint, haven't gotten a chance to yet. If someone else wants to take it, feel free. Otherwise I'll keep it on my list and get to it soon-ish
14:18:27 <nirik> relrod_cld: well, the idea was to take pkgdb down and put a static json file at that url
14:19:09 <relrod_cld> nirik: Are we just going to manually update the file though? Or do we want to generate it from something?
14:19:33 <nirik> for now manual. As soon as whatever replaces pdc exists, move it there
14:19:47 * relrod_cld nods, ok.
14:19:50 <nirik> we don't want to move it to pdc to just move it again to pdc++
14:19:50 <zodbot> nirik: Karma for pdc changed to 1 (for the f28 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:19:55 <nirik> ha.
14:19:59 <nirik> oops
14:20:07 <cverna> pdc--
14:20:12 <cverna> :P
14:20:54 <smooge> poor pdc ... no karma
14:20:58 <smooge> ok next up then
14:21:08 <smooge> #topic bugzilla5 in September - aikidouke
14:21:09 <smooge> #info https://pagure.io/fedora-infrastructure/issue/7028
14:21:09 <clime> hi
14:21:27 <aikidouke> hmmm - I didn't delete that then?
14:21:41 <smooge> ah ok... will move on then.. and delete it from theagenda
14:21:45 <aikidouke> iirc @nirik was actively engaged
14:21:48 <aikidouke> my apologies
14:21:59 <smooge> #topic Tickets discussion
14:21:59 <smooge> #info https://pagure.io/fedora-infrastructure/report/Meetings%20ticket
14:22:00 <nirik> yeah, we are just waiting for info I think
14:22:43 <nirik> oh, I didn't update this either. :) oops
14:23:05 <nirik> We did get further on transtats.
14:23:11 <suanand> thank you so much nirik++ (for last tuesday), I think we (transtats team) should go ahead and do all code changes required to deploy transtats with postgresql 9.2 (on RHEL7)
14:23:11 <zodbot> suanand: Karma for kevin changed to 24 (for the f28 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:23:30 <nirik> suanand: that would be great if you could. I don't know how much work that would be. ;(
14:23:59 <suanand> nirik, that is bunch of work, but I think we should give it a try
14:24:42 <smooge> .ticket 5316
14:24:44 <zodbot> smooge: Issue #5316: New package review tickets page - RFE for filter - fedora-infrastructure - Pagure - https://pagure.io/fedora-infrastructure/issue/5316
14:25:19 <smooge> was this looking for an apprentice etc?
14:25:30 <nirik> yeah, this and the next one should be pretty easy I think...
14:27:05 <clime> .ticket 6875
14:27:06 <smooge> ok since there aren't a lot of people here.. I will move to the next agenda item unless there is a ticket you wanted to look at?
14:27:08 <zodbot> clime: Issue #6875: Modernize libravatar and deploy a test cloud instance - fedora-infrastructure - Pagure - https://pagure.io/fedora-infrastructure/issue/6875
14:27:25 <smooge> cool a ticket
14:27:43 <clime> I wanted just to mention this one...that I joined the development at git.linux-kernel.at/oliver/ivatar
14:27:58 <clime> and I will probably look this week into postgresql support.
14:27:59 <nirik> clime: sounds good. whats the state there? and next steps?
14:28:23 <clime> well, we have been tuning css.
14:28:47 <clime> theme support has been added
14:29:05 <clime> then I would like to see if it is possible to support postgresql db backend...
14:29:19 <creaked> smooge: I will take a look and comment on ticket 5316 should be easy enough
14:29:28 <smooge> thanks creaked
14:29:45 <clime> and also possibly tweak email sending. Mailgun is being used atm, maybe some other email sending backend could be supported
14:30:15 <clime> that's pretty much it for now
14:30:34 <nirik> cool. sounds promising... and it runs in openshift fine I understand?
14:31:00 <clime> yes, I've been able to run it locally in just a few minutes.
14:31:18 <clime> ...in local openshift - that was quite impressive for me at least
14:31:38 <nirik> yeah, with postgres support we could look at rolling out in ours.
14:31:48 <clime> ok, cool!
14:32:03 <puiterwijk> clime++
14:32:14 <clime> tx
14:32:24 <puiterwijk> Too few cookies to give :(
14:32:34 <cverna> clime++
14:32:34 <zodbot> cverna: Karma for clime changed to 2 (for the f28 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:32:35 <clime> it's okay
14:32:43 <cverna> I have got some :)
14:32:47 <clime> thanks :)
14:33:24 <relrod_cld> clime++
14:33:56 <clime> I need to keep my figure...
14:34:20 <nirik> ha
14:34:27 <smooge> ok next up?
14:34:33 <smooge> clime++
14:34:33 <zodbot> smooge: Karma for clime changed to 3 (for the f28 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:34:47 <smooge> #topic Apprentice Open office minutes
14:34:47 <smooge> #info A time where apprentices may ask for help or look at problems.
14:35:26 <smooge> any apprentice questions outside of the Open Office Hours?
14:35:34 <mklvr> Hey all, can I please get some feedback on my question on https://pagure.io/fedora-infrastructure/issue/6527
14:35:44 <mklvr> I needed some clarification on the request.
14:36:26 <nirik> puiterwijk filed that one, not sure what we want there.
14:36:41 <puiterwijk> Checking
14:36:55 <nirik> perhaps always use fqdn?
14:37:10 <puiterwijk> Sure, that'd work
14:38:47 <puiterwijk> Though ideally, short names would be allowed and expanded
14:39:00 <puiterwijk> So as to make it easy to entirely take out a proxy with a single line
14:39:43 <nirik> I think the script is a bit simple for what it does now...
14:39:54 <mklvr> So we'd want to 1. disable the right proxy with '-int' and '-ext' affixes and 2. Disable both if no affix is specified?
14:39:55 <nirik> because there's multiple views now
14:39:56 <puiterwijk> yep
14:40:31 <nirik> proxy01 could be external proxy01.fedoraproject.org, internal proxy01.phx2.fedoraproject.org from PHX2 internal,
14:41:15 <nirik> or QA
14:41:54 <nirik> mklvr: well, there's 3... 2 internal and 1 external...
14:42:12 <nirik> so perhaps proxy01-phx2 and proxy01-ext and proxy01-qa ?
14:42:36 <mklvr> nirik: I see. That makes sense.
14:43:13 <nirik> I mean most of the time when disabling we want to just disable them all.
14:43:23 <nirik> and there is also ipv4 vs ipv6...
14:44:12 <nirik> I wonder if it's over engineering... but...
14:44:48 <nirik> perhaps --region A proxy01
14:44:55 <nirik> ie, move it to arguments...
14:45:01 <puiterwijk> nirik: well, a simple idea would bve that instead of checking of an entry matches the proxy it's inserting literally, it should just do a match.startswith(blocked)
14:46:10 <nirik> sure, that would be a start...
14:46:17 <mklvr> nirik: I like the idea of the parameters where you can specify the region, but it not region is specified assume all of them ((e.g. match.startswith(blocked))
14:46:35 <nirik> yeah, like I said usually we want to just disable everything
14:46:58 <mklvr> I think that's enough information for we to work with. Thanks all.
14:47:06 <mklvr> s/we/me/
14:47:11 <smooge> ok to move to the next topic?
14:47:14 <nirik> thanks for working on it!
14:47:27 <smooge> thank you mklvr
14:47:30 <smooge> mklvr++
14:47:30 <zodbot> smooge: Karma for mklvr changed to 1 (for the f28 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
14:47:45 <smooge> #topic letsencrypt by your host relrod
14:48:05 <relrod_cld> We now have an mostly-automated letsencrypt setup which can be used for new sites and/or things that aren't covered by the wildcard cert for whatever reason.
14:48:11 <relrod_cld> This is what does the work: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/letsencrypt/tasks/main.yml
14:48:17 <relrod_cld> This is an example of using it: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/pagure/frontend/tasks/main.yml#n242
14:48:35 <relrod_cld> Basically the ACME verification gets proxied to a certgetter01 box. The letsencrypt role will call out to `certbot` on that box to either create a new cert or renew an existing one, then automatically copy over the certificate to the proxies (or whatever host the role gets included on).
14:49:34 <relrod_cld> The 1,000 mile high overview is that it should be easy (or at least easier) to use letsencrypt for various things when we need SSL and our other certs don't cover it for whatever reason.
14:49:46 <clime> does it automatically restart httpd after cert renewal?
14:50:16 <relrod_cld> it should, because of ansible handlers, yeah
14:50:35 <clime> great!
14:50:48 <puiterwijk> Note that because this uses certgetter, it's only usable by things that are using our proxies, so are in the main infra.
14:51:04 <clime> oh ok, goot to know
14:51:16 <clime> so for Copr we should keep the certbot role, I guess
14:51:25 <puiterwijk> Well, you can use it, but you need a bit of manual httpd config
14:51:30 <clime> there is another more simple role that I have used, ye
14:51:47 <puiterwijk> If you add an apache config to make it redirect ~/.well-known/acme-challenges/ to any endpoint that forwards to certgetter, it should work
14:51:48 <relrod_cld> yeah, it works fine with other things, you just need to add the proxypass lines for certgetter01
14:52:09 <nirik> does this work for openshift things ?
14:52:14 <puiterwijk> nirik: yes.
14:52:20 <nirik> cool!
14:52:44 <clime> ok we will then look if we can migrate to that role for Copr
14:52:44 <relrod_cld> yeah it should
14:52:46 <smooge> would having a certgetter-cloud in the cloud be useful for things like copr and such?
14:52:53 <nirik> we should be able to do https://pagure.io/fedora-infrastructure/issue/6955 now then... since we have release-monitoring.org up in stg... but I guess we need a more normal route for it.
14:52:58 <puiterwijk> smooge: no, it wouldn't add anything
14:53:19 <puiterwijk> smooge: the reason we can do a zezro-setup for all phx2 services is because on the proxy layer we have a proxypass for acme-challenges.
14:53:36 <smooge> ah got it
14:53:37 <puiterwijk> For anything not hitting the proxies, it will need to get a manual proxypass added
14:54:32 <smooge> thanks relrod and puiterwijk for th einfo
14:54:34 <puiterwijk> Which isn't hard, but a thing you need to remember
14:54:47 <relrod_cld> yeah, what puiterwijk said. :)
14:55:07 <smooge> okie dokie our next thing is
14:55:14 <smooge> #topci OPEN FLOOOD
14:55:25 <smooge> #topic Open Floor
14:55:35 <puiterwijk> Hah. I liked the open flood more :)
14:55:36 <nirik> flooood
14:56:38 <smooge> OPEN FOOD
14:56:47 <smooge> I like that best
14:56:58 <smooge> ok anything for hte floor
14:57:43 <nirik> it's a nice floor... all tiled and shiny.
14:57:49 * misc has a request for flock
14:58:01 <smooge> okie dokie
14:58:05 <misc> I would need someone from infra for https://pagure.io/flock/issue/79
14:58:30 <misc> (during flock)
14:59:13 <nirik> misc: I am a little worried about this... I hope it doesn't cause someone to break in and not tell us so we don't fix it... but we are an open infrastructure...
14:59:40 <nirik> but I would be happy to be there and help/fix
14:59:48 <misc> nirik: well, I wasn't planning on telling to people to do live test
14:59:58 <misc> more that people submit patch for issue
15:00:08 <misc> (if any)
15:00:15 <misc> or rather than issue, hardening
15:00:44 <puiterwijk> If possible, I'll be there
15:00:51 <smooge> I think this is something to bring up on the list please
15:01:23 <misc> infra list ?
15:01:43 <misc> (oups, also, I have another meeting that just start now, and I have folks to kick out of a meeting room)
15:02:14 <smooge> infra-list
15:02:24 <smooge> and this meeting is over time here
15:02:35 <smooge> so I am going to thank you all for coming
15:02:41 <smooge> #endmeeting