#fedora-meeting-3 log

18:00:03 <nirik> #startmeeting Fedora Infrastructure Ops Daily Standup Meeting
18:00:03 <zodbot> Meeting started Wed Apr 14 18:00:03 2021 UTC.
18:00:03 <zodbot> This meeting is logged and archived in a public location.
18:00:03 <zodbot> The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:00:03 <zodbot> The meeting name has been set to 'fedora_infrastructure_ops_daily_standup_meeting'
18:00:03 <nirik> #chair mboddu nirik smooge pingou mobrien nb
18:00:03 <zodbot> Current chairs: mboddu mobrien nb nirik pingou smooge
18:00:03 <nirik> #meetingname fedora_infrastructure_ops_daily_standup_meeting
18:00:03 <nirik> #info meeting is 30 minutes MAX. At the end of 30, its stops
18:00:03 <nirik> #info agenda is at https://board.net/p/fedora-infra-daily
18:00:03 <zodbot> The meeting name has been set to 'fedora_infrastructure_ops_daily_standup_meeting'
18:00:04 <nirik> #info reminder: speak up if you want to work on a ticket!
18:00:05 <nirik> #topic Tickets needing review
18:00:07 <nirik> #info https://pagure.io/fedora-infrastructure/issues?status=Open&priority=1
18:00:35 <mboddu> I am here, but needs 2 min
18:01:21 <dtometzki> .hi
18:01:22 <zodbot> dtometzki: dtometzki 'Damian Tometzki' <linux@tometzki.de>
18:01:46 <smooge> here
18:02:17 <nirik> morning all. lets wait for mboddu to get back
18:02:41 <smooge> yay I have 2 factor again
18:05:24 <mboddu> Okay, I am here
18:05:27 <nirik> .ticket 9868
18:05:28 <zodbot> nirik: Issue #9868: Create second IPA instance in staging to more closely mirror prod - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/9868
18:05:39 <nirik> just needs waiting on asignee and assigned to mobrien
18:05:52 <nirik> there's a private one, but I can deal with that one.
18:06:00 <mboddu> Done
18:06:01 <nirik> .ticket 9871
18:06:03 <zodbot> nirik: Issue #9871: remove group svnendoculator - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/9871
18:06:12 <nirik> low/low/ops and waiting on us having a policy
18:06:27 <nirik> I did enable audit logging on ipa01.
18:06:47 <nirik> so now we can at least see when people are added/removed/the group is deleted.
18:08:32 <mboddu> +1
18:10:19 <nirik> I guess I am leaning toward being able to delete groups, as long as we can make sure and save the audit logs for a long long time
18:10:19 <nirik> .ticket 9872
18:10:19 <zodbot> nirik: Issue #9872: FAS OIDC keys for forum.mojefedora.cz - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/9872
18:10:19 <nirik> hum.
18:10:29 <nirik> lag big time. ;(
18:10:37 <nirik> low/low/ops?
18:10:59 <nirik> .ticket 9873
18:11:00 <zodbot> nirik: Issue #9873: Can not log into lists.fedorapreoject.org - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/9873
18:11:01 <mboddu> Done
18:11:06 <nirik> med / med / ops?
18:11:21 <mboddu> ^ is closed as invalid
18:11:30 <nirik> ah yes, they were using email.
18:11:38 <nirik> we need to close that out sometime.
18:11:50 <nirik> thats all the new ones on the infra side... releng?
18:12:09 <mboddu> No new releng one's
18:12:16 <nb> hi
18:12:16 <nirik> great!
18:12:23 <copperi_> ih
18:12:33 <nirik> #topic work plans
18:12:33 <nirik> #info everyone should note what things they are hoping to work on over the next day/week
18:12:46 <nirik> so, whats everyone planning on working on the rest of this week?
18:13:06 <nirik> I'm waiting still for my hardlink to finish on archive volume, then will be swapping it in place.
18:13:27 <mboddu> F34 release work and CentOS Stream work for me
18:13:49 * nb is not working on anything particular
18:14:00 <smooge> woops I had to step away for a few minutes and mised it
18:14:03 <nb> I was looking at figuring otu a way for users to entroll a HOTP on their yubikey themself
18:14:12 <nirik> nb: There's always day to day stuff.
18:14:14 <nb> but it looks like hte keys that IPA generates are longer than what yubikey wants
18:14:33 <nb> nirik yeah, i'll try to help with whatever comes up
18:14:36 <nirik> nb: yeah, sad. Perhaps it will be easier to implement now in noggin.
18:14:47 <nirik> we should update the ticket with our findings.
18:15:03 <nirik> https://github.com/fedora-infra/noggin/issues/202
18:15:07 <mobrien> I will do that staging ipa server tomorrow and also add some tuning in ipa for testing. Also a pr for the otp script tomorrow
18:15:45 <mobrien> Have to try catch smooge again before the end of the week too.
18:15:47 <smooge> I was able to enroll my hotp from a gist document but I also screwed it up twice in doing so..[and was glad I did not log out from the console when I did it]
18:15:52 <nirik> which otp script?
18:16:05 <nb> smooge did you enroll as admin? or as your user?
18:16:09 <nb> or actually, your user is admin I think
18:16:17 <smooge> I had to do it via the admin interface
18:16:36 <smooge> so not useful for general users
18:16:42 <mobrien> nirik the one to check which sysadmins don't have an otp emrolled
18:16:57 <smooge> the one I was trying to get something in the system before it was run
18:17:05 <nirik> Actually that brings up something from audit logs: people doing admin things: please try and do them as your own user if you are an admin... this will help audit logs have who actually did something.
18:17:29 <nb> Good point
18:17:35 <mobrien> Ah yes, I am guilty of the that
18:17:44 <nirik> me too to be clear. ;)
18:18:48 <nirik> #topic Discussion items
18:18:59 <nirik> any tickets, prs or anything to discuss?
18:20:09 <nirik> smooge: whats the state of the new openshift servers? can you hand off to me, or someone on those? would be nice to have them ready to pxe
18:20:24 <nirik> and anything else you want to handoff on?
18:21:17 <nirik> I guess perhaps longer than the scope of this meeting. ;)
18:23:03 * nirik might be lagged out again
18:23:13 <nirik> I guess if nothing else can close out in a min
18:24:20 * nb has nothing else
18:24:35 <nb> nirik are there any cases where people would need to be in sysadmin when they aren't in sysadmin-*?
18:24:51 <nb> I've removed a few people that are no longer in sysadmin-* from sysamin
18:25:06 <nb> after I removed them from sysadmin-whatever
18:25:09 <nirik> no, but we may just revisit this setup now...
18:25:12 <nirik> used to be:
18:25:31 <smooge> nirik, so the hardware is in place. none of the network ports are active and 1 of the mgmt ports does not work
18:25:32 <nirik> sysadmin got you commit to ansible + alerts/emails on git commits, etc
18:25:57 <nirik> sysadmin-* got you ssh access to actually be able to have the ansible repo and commit to it and access to machines, etc.
18:25:59 <smooge> sorry didn't mean to talk over you
18:26:09 <nirik> It may be 'sysadmin' is something we can drop now.
18:26:23 <nirik> smooge: no, no problem at all. so it's a 'when matt is there next' thing?
18:26:55 <smooge> it might be. the wiring was all done at 11 pm before he drove home sick
18:27:07 <nirik> :(
18:27:36 <nirik> idea: open a 'next handson at iad2' ticket and keep it updated with list of items we want someone to do next time they are on site?
18:27:38 <smooge> so I don't know if all the ports were done and I definitely do not know which level. I will write up what I know after this meeting in a markdown doc
18:27:54 <smooge> or I can put it in that ticket
18:28:17 <nirik> I think ticket is good because we triage/poke/look at them more.
18:28:33 <nirik> and I assume no word on the s390x networking ticket.
18:29:59 <nirik> ok then, lets all get back to whatever we were working on. ;)
18:30:03 <nirik> #endmeeting