14:00:53 #startmeeting Infrastructure (2018-07-05) 14:00:53 Meeting started Thu Jul 5 14:00:53 2018 UTC. 14:00:53 This meeting is logged and archived in a public location. 14:00:53 The chair is smooge. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:53 Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:00:53 The meeting name has been set to 'infrastructure_(2018-07-05)' 14:00:53 #meetingname infrastructure 14:00:53 The meeting name has been set to 'infrastructure' 14:00:53 #topic aloha 14:00:53 #chair nirik pingou puiterwijk relrod smooge tflink threebean 14:00:53 Current chairs: nirik pingou puiterwijk relrod smooge tflink threebean 14:01:00 hi everyone 14:01:04 morning 14:01:06 morning 14:01:08 hello 14:01:10 o/ hello 14:01:26 hey 14:01:51 top o the morning 14:02:29 Morning 14:05:01 ok lets go to the next sections 14:05:03 .hello2 14:05:04 creaked: creaked 'Will Chellman' 14:05:13 #topic New folks introductions 14:05:14 #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves 14:05:26 Hello any new people at the meeting today? 14:07:27 #topic announcements and information 14:07:27 #info bowlofeggs is on PTO 14:07:27 #info abompard is on PTO 14:07:27 #info pingou is on half-time PTO 14:07:27 #info tflink is going on extended PTO 14:07:28 #info major Ibiblio outage 2018-07-10 14:07:29 #info FLOCK in Dresden is 2018-08-08 14:07:31 #info visit to PHX2 will be happenening 2018-08-15->2018-08-18 14:07:33 #info Currently deplying new version of OSBS in prod - cverna 14:07:40 Any other announcements for this week? 14:08:14 * nirik doesn't think so. 14:09:38 #topic Oncall 14:09:38 #info Kevin is on call from 2018-07-06->2018-07-12 14:09:38 #info Relrod is on call from 2018-07-13->2018-07-19 14:09:38 #info Smooge is on call from 2018-07-20->2018-07-26 14:09:39 #info Kevin? is on call from 2018-07-27->2018-08-01 14:09:40 #info Smooge is on call from during FLOCK 14:09:43 #info Summary of last week: (from Smooge) 14:10:04 * nirik nods 14:10:39 The last week was pretty good. We had the outage and a couple of small fires but nothing big 14:11:16 I did run into a problem on Tuesday where everyone was pinging Kevin and I didn't catch it to act interference until too late 14:11:30 My apologies on that 14:11:43 Anything else about on-call for this week? 14:12:13 Ok the next parts of the agenda are repeats of last week.. 14:12:19 #topic Flock Talks People want to see 14:12:42 I think the first pass at talk approval was done just now 14:12:46 yeah, reminder that flock talks accept input... 14:12:53 smooge: second pass 14:13:07 https://pagure.io/flock/issues/ 14:13:19 puiterwijk, so its a 2 pass compiler? 14:13:34 smooge: 3-pass. One was June 15, one July 2, and the next and last is July 15 14:13:51 That's a really long compile time. 14:13:59 its all the Yacc in the middle 14:14:03 Yep, it is 14:14:28 and that is my limit of C puns for the dya 14:14:42 #topic pkgdb retirement - kevin 14:14:42 #info many items found last meeting. any resolutions? 14:15:21 (hi, sorry) 14:15:33 this was to be discussed out of meeting last time.. I am not sure any of the people working on it are around today though 14:15:53 smooge: I think we still need to make sure taskotron isn't using it, then we can take it down 14:16:04 (and replace that other thing that uses it by a static file) 14:16:05 is supybot still using it? 14:16:22 smooge: no, that uses Pagure I'm pretty sure 14:16:39 gnome-software is the last user. 14:17:02 it uses it to see what versions are active and what to offer as dist-upgrade 14:17:10 ah ok 14:17:21 all right then.. next item? 14:17:32 I think pingou was coordinating with kparal about taskotron 14:17:49 also is it ok for me to remove this from the agenda for next week? 14:17:53 yep 14:17:54 I was going to look at that gnome-software endpoint, haven't gotten a chance to yet. If someone else wants to take it, feel free. Otherwise I'll keep it on my list and get to it soon-ish 14:18:27 relrod_cld: well, the idea was to take pkgdb down and put a static json file at that url 14:19:09 nirik: Are we just going to manually update the file though? Or do we want to generate it from something? 14:19:33 for now manual. As soon as whatever replaces pdc exists, move it there 14:19:47 * relrod_cld nods, ok. 14:19:50 we don't want to move it to pdc to just move it again to pdc++ 14:19:50 nirik: Karma for pdc changed to 1 (for the f28 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:19:55 ha. 14:19:59 oops 14:20:07 pdc-- 14:20:12 :P 14:20:54 poor pdc ... no karma 14:20:58 ok next up then 14:21:08 #topic bugzilla5 in September - aikidouke 14:21:09 #info https://pagure.io/fedora-infrastructure/issue/7028 14:21:09 hi 14:21:27 hmmm - I didn't delete that then? 14:21:41 ah ok... will move on then.. and delete it from theagenda 14:21:45 iirc @nirik was actively engaged 14:21:48 my apologies 14:21:59 #topic Tickets discussion 14:21:59 #info https://pagure.io/fedora-infrastructure/report/Meetings%20ticket 14:22:00 yeah, we are just waiting for info I think 14:22:43 oh, I didn't update this either. :) oops 14:23:05 We did get further on transtats. 14:23:11 thank you so much nirik++ (for last tuesday), I think we (transtats team) should go ahead and do all code changes required to deploy transtats with postgresql 9.2 (on RHEL7) 14:23:11 suanand: Karma for kevin changed to 24 (for the f28 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:23:30 suanand: that would be great if you could. I don't know how much work that would be. ;( 14:23:59 nirik, that is bunch of work, but I think we should give it a try 14:24:42 .ticket 5316 14:24:44 smooge: Issue #5316: New package review tickets page - RFE for filter - fedora-infrastructure - Pagure - https://pagure.io/fedora-infrastructure/issue/5316 14:25:19 was this looking for an apprentice etc? 14:25:30 yeah, this and the next one should be pretty easy I think... 14:27:05 .ticket 6875 14:27:06 ok since there aren't a lot of people here.. I will move to the next agenda item unless there is a ticket you wanted to look at? 14:27:08 clime: Issue #6875: Modernize libravatar and deploy a test cloud instance - fedora-infrastructure - Pagure - https://pagure.io/fedora-infrastructure/issue/6875 14:27:25 cool a ticket 14:27:43 I wanted just to mention this one...that I joined the development at git.linux-kernel.at/oliver/ivatar 14:27:58 and I will probably look this week into postgresql support. 14:27:59 clime: sounds good. whats the state there? and next steps? 14:28:23 well, we have been tuning css. 14:28:47 theme support has been added 14:29:05 then I would like to see if it is possible to support postgresql db backend... 14:29:19 smooge: I will take a look and comment on ticket 5316 should be easy enough 14:29:28 thanks creaked 14:29:45 and also possibly tweak email sending. Mailgun is being used atm, maybe some other email sending backend could be supported 14:30:15 that's pretty much it for now 14:30:34 cool. sounds promising... and it runs in openshift fine I understand? 14:31:00 yes, I've been able to run it locally in just a few minutes. 14:31:18 ...in local openshift - that was quite impressive for me at least 14:31:38 yeah, with postgres support we could look at rolling out in ours. 14:31:48 ok, cool! 14:32:03 clime++ 14:32:14 tx 14:32:24 Too few cookies to give :( 14:32:34 clime++ 14:32:34 cverna: Karma for clime changed to 2 (for the f28 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:32:35 it's okay 14:32:43 I have got some :) 14:32:47 thanks :) 14:33:24 clime++ 14:33:56 I need to keep my figure... 14:34:20 ha 14:34:27 ok next up? 14:34:33 clime++ 14:34:33 smooge: Karma for clime changed to 3 (for the f28 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:34:47 #topic Apprentice Open office minutes 14:34:47 #info A time where apprentices may ask for help or look at problems. 14:35:26 any apprentice questions outside of the Open Office Hours? 14:35:34 Hey all, can I please get some feedback on my question on https://pagure.io/fedora-infrastructure/issue/6527 14:35:44 I needed some clarification on the request. 14:36:26 puiterwijk filed that one, not sure what we want there. 14:36:41 Checking 14:36:55 perhaps always use fqdn? 14:37:10 Sure, that'd work 14:38:47 Though ideally, short names would be allowed and expanded 14:39:00 So as to make it easy to entirely take out a proxy with a single line 14:39:43 I think the script is a bit simple for what it does now... 14:39:54 So we'd want to 1. disable the right proxy with '-int' and '-ext' affixes and 2. Disable both if no affix is specified? 14:39:55 because there's multiple views now 14:39:56 yep 14:40:31 proxy01 could be external proxy01.fedoraproject.org, internal proxy01.phx2.fedoraproject.org from PHX2 internal, 14:41:15 or QA 14:41:54 mklvr: well, there's 3... 2 internal and 1 external... 14:42:12 so perhaps proxy01-phx2 and proxy01-ext and proxy01-qa ? 14:42:36 nirik: I see. That makes sense. 14:43:13 I mean most of the time when disabling we want to just disable them all. 14:43:23 and there is also ipv4 vs ipv6... 14:44:12 I wonder if it's over engineering... but... 14:44:48 perhaps --region A proxy01 14:44:55 ie, move it to arguments... 14:45:01 nirik: well, a simple idea would bve that instead of checking of an entry matches the proxy it's inserting literally, it should just do a match.startswith(blocked) 14:46:10 sure, that would be a start... 14:46:17 nirik: I like the idea of the parameters where you can specify the region, but it not region is specified assume all of them ((e.g. match.startswith(blocked)) 14:46:35 yeah, like I said usually we want to just disable everything 14:46:58 I think that's enough information for we to work with. Thanks all. 14:47:06 s/we/me/ 14:47:11 ok to move to the next topic? 14:47:14 thanks for working on it! 14:47:27 thank you mklvr 14:47:30 mklvr++ 14:47:30 smooge: Karma for mklvr changed to 1 (for the f28 release cycle): https://badges.fedoraproject.org/tags/cookie/any 14:47:45 #topic letsencrypt by your host relrod 14:48:05 We now have an mostly-automated letsencrypt setup which can be used for new sites and/or things that aren't covered by the wildcard cert for whatever reason. 14:48:11 This is what does the work: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/letsencrypt/tasks/main.yml 14:48:17 This is an example of using it: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/pagure/frontend/tasks/main.yml#n242 14:48:35 Basically the ACME verification gets proxied to a certgetter01 box. The letsencrypt role will call out to `certbot` on that box to either create a new cert or renew an existing one, then automatically copy over the certificate to the proxies (or whatever host the role gets included on). 14:49:34 The 1,000 mile high overview is that it should be easy (or at least easier) to use letsencrypt for various things when we need SSL and our other certs don't cover it for whatever reason. 14:49:46 does it automatically restart httpd after cert renewal? 14:50:16 it should, because of ansible handlers, yeah 14:50:35 great! 14:50:48 Note that because this uses certgetter, it's only usable by things that are using our proxies, so are in the main infra. 14:51:04 oh ok, goot to know 14:51:16 so for Copr we should keep the certbot role, I guess 14:51:25 Well, you can use it, but you need a bit of manual httpd config 14:51:30 there is another more simple role that I have used, ye 14:51:47 If you add an apache config to make it redirect ~/.well-known/acme-challenges/ to any endpoint that forwards to certgetter, it should work 14:51:48 yeah, it works fine with other things, you just need to add the proxypass lines for certgetter01 14:52:09 does this work for openshift things ? 14:52:14 nirik: yes. 14:52:20 cool! 14:52:44 ok we will then look if we can migrate to that role for Copr 14:52:44 yeah it should 14:52:46 would having a certgetter-cloud in the cloud be useful for things like copr and such? 14:52:53 we should be able to do https://pagure.io/fedora-infrastructure/issue/6955 now then... since we have release-monitoring.org up in stg... but I guess we need a more normal route for it. 14:52:58 smooge: no, it wouldn't add anything 14:53:19 smooge: the reason we can do a zezro-setup for all phx2 services is because on the proxy layer we have a proxypass for acme-challenges. 14:53:36 ah got it 14:53:37 For anything not hitting the proxies, it will need to get a manual proxypass added 14:54:32 thanks relrod and puiterwijk for th einfo 14:54:34 Which isn't hard, but a thing you need to remember 14:54:47 yeah, what puiterwijk said. :) 14:55:07 okie dokie our next thing is 14:55:14 #topci OPEN FLOOOD 14:55:25 #topic Open Floor 14:55:35 Hah. I liked the open flood more :) 14:55:36 flooood 14:56:38 OPEN FOOD 14:56:47 I like that best 14:56:58 ok anything for hte floor 14:57:43 it's a nice floor... all tiled and shiny. 14:57:49 * misc has a request for flock 14:58:01 okie dokie 14:58:05 I would need someone from infra for https://pagure.io/flock/issue/79 14:58:30 (during flock) 14:59:13 misc: I am a little worried about this... I hope it doesn't cause someone to break in and not tell us so we don't fix it... but we are an open infrastructure... 14:59:40 but I would be happy to be there and help/fix 14:59:48 nirik: well, I wasn't planning on telling to people to do live test 14:59:58 more that people submit patch for issue 15:00:08 (if any) 15:00:15 or rather than issue, hardening 15:00:44 If possible, I'll be there 15:00:51 I think this is something to bring up on the list please 15:01:23 infra list ? 15:01:43 (oups, also, I have another meeting that just start now, and I have folks to kick out of a meeting room) 15:02:14 infra-list 15:02:24 and this meeting is over time here 15:02:35 so I am going to thank you all for coming 15:02:41 #endmeeting