16:00:06 #startmeeting Infrastructure (2021-05-13) 16:00:06 Meeting started Thu May 13 16:00:06 2021 UTC. 16:00:06 This meeting is logged and archived in a public location. 16:00:06 The chair is samyak-jn. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:06 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:06 The meeting name has been set to 'infrastructure_(2021-05-13)' 16:00:13 morning everyone 16:00:19 #meetingname infrastructure 16:00:19 The meeting name has been set to 'infrastructure' 16:00:30 #chair nirik smooge siddharthvipul mobrien zlopez pingou bodanel dtometzki jnsamyak 16:00:30 Current chairs: bodanel dtometzki jnsamyak mobrien nirik pingou samyak-jn siddharthvipul smooge zlopez 16:00:37 #info Agenda is at: https://board.net/p/fedora-infra 16:00:48 #info About our team: https://docs.fedoraproject.org/en-US/cpe/ 16:00:58 #topic aloha 16:01:18 Welcome all to today's meeting! 16:01:25 .hello jnsamyak 16:01:26 samyak-jn: jnsamyak 'Samyak Jain' 16:02:06 .hello bodanel 16:02:06 bodanel: bodanel 'Bogdan Benea' 16:02:58 .hello humaton 16:02:59 jednorozec: humaton 'Tomáš Hrčka' 16:03:03 .hello t0xic0der 16:03:04 t0xic0der: t0xic0der 'Akashdeep Dhar' 16:03:08 .hello siddharthvipul1 16:03:08 siddharthvipul: siddharthvipul1 'Vipul Siddharth' 16:03:09 .hello2 16:03:11 mizdebsk: mizdebsk 'Mikolaj Izdebski' 16:03:20 .hello jbwillia 16:03:21 geez, I have been missing this meeting a lot 16:03:24 Southern_Gentlem: jbwillia 'Ben Williams' 16:03:27 .hello2 16:03:28 computerkid: computerkid 'Grayson Penland' 16:03:44 Hi everyone 16:03:54 o/ 16:03:59 .hi 16:04:00 \o/ 16:04:00 dtometzki: dtometzki 'Damian Tometzki' 16:04:08 \o 16:04:11 good crowd today 16:04:17 nirik: yess :D 16:04:32 hello together 16:05:13 Hello all once again! Okay, so moving on... 16:05:26 #topic New folks introductions 16:05:34 #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves 16:05:42 #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted 16:05:57 Hi welcome those who are joining us for the first time! 16:06:14 Please introduce yourself to the tea, :) 16:06:26 s/tea,/team 16:06:46 ah that's alright.. I often introduce myself to the coffee.. it doesn't like me anymore 16:07:06 :-) 16:07:13 More like you do not like the coffee ;-) 16:07:16 hahaha :) 16:07:16 Talking about I had coffee hear ;) 16:07:23 t0xic0der: noooo, I LOVE IT 16:07:31 s/hear/here lol 16:07:32 It gives me anxiety though :"( 16:08:01 * nirik should go get more coffee here. 16:08:01 you like it, but your body doesnt 16:08:12 Southern_Gentlem: yeah, that's how I would put it 16:09:06 No new faces around? We will go forward to our next topic in one minute. 16:10:06 Okay, so moving forward! 16:10:12 #topic Next chair 16:10:19 #info magic eight ball says: 16:10:23 #info chair 2021-05-20 - nirik 16:10:28 whatever date it is, I volunteer :D 16:10:31 #info chair 2021-05-27 - dtometzki 16:10:35 #info chair 2021-06-03 -??? 16:10:42 samyak-jn: me me 16:10:45 siddharthvipul: running off the cliff? :) 16:11:03 siddharthvipul: hahaha, we are packed for this month, you start june for us then! ;) 16:11:08 nirik: oh I am compensating for missing this meeting for 2 times now :P 16:11:13 samyak-jn: works 16:11:19 #info chair 2021-06-03 - siddharthvipul 16:11:28 well, welcome back. :) 16:11:33 wow, it's May already 16:11:40 yeah 16:11:47 yea 16:11:49 nirik: ^-^ I had been trying to sleep on time.. so was missing a few meetings 16:12:12 So we can move forward to our next topic since we are pretty covered ;) 16:12:17 +1 16:12:18 Is it ok for all? 16:12:33 sure 16:12:34 Sure 16:12:46 +1 16:12:54 #topic announcements and information 16:13:02 #info CPE Infra&Releng EU-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1030 Europe/paris in #centos-meeting 16:13:08 #info CPE Infra&Releng NA-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1800 UTC in #fedora-meeting-3 16:13:14 #info work is being done on getting COPR proper powerPC systems 16:13:20 #info CPE is hiring! https://communityblog.fedoraproject.org/community-platform-engineering-is-hiring/ 16:13:26 #info nest with Fedora CFP is open! https://communityblog.fedoraproject.org/announcing-dates-cfp-for-nest-with-fedora/ (Aug 5th-8th) 16:13:32 #info mobrien is away 2021-05-10 to 2021-06-20 16:13:53 Please add if you have any new announcements to make! :D 16:13:57 #info CentOS Dojo happening, and we have a badge for that, register at: https://hopin.com/events/centos-dojo-online-may-2021 16:14:03 I have another one 16:14:56 fetching link, just a sec 16:15:13 .hi 16:15:14 mobrien: mobrien 'Mark O'Brien' 16:15:20 Sorry I'm late 16:15:23 mobrien[m]: hiya! 16:15:29 hey! You're supposed to be parenting. ;) 16:15:41 #info Fedora Council video meeting today on fedora server revitalization https://fedoraproject.org/wiki/Council/Video_Meetings#Fedora_Council_Video_Meetings 16:15:50 oh oh, another one.. let me fetch another link 16:16:20 nirik they are never too young to learn about Fedora 16:16:49 #info Fedora will be present in Linux App Summit and join us for office hour @1300 UTC saturday 16:17:02 p.s. we have a badge for this ;) 16:17:05 good point! 16:17:28 siddharthvipul: Drop a Hoppin link, will you please? 16:17:33 ;-) 16:17:49 Nice, i guess we had to register for it right, needs to be done from my side! 16:18:01 t0xic0der: haha +1 16:18:30 t0xic0der: LAS is not on hopin 16:18:41 for CentOS dojo, you can see the hopin link in announcement :D 16:18:53 let me fetch register link though 16:19:02 Yep, that would be helpful. Thanks. 16:19:19 #link https://linuxappsummit.org/register/ 16:19:19 t0xic0der, https://app.hopin.com/events/centos-dojo-online-may-2021 16:20:10 jednorozec: Thanks. I am attending CentOS Dojo but it was LAS´s link that I was looking for. :) 16:20:18 oh sorry :D 16:20:42 I can't think of anything else to announce :) 16:20:50 Thanks for the announcements. 16:20:50 Any additional announcements or information, if someone like to? 16:21:07 if not we move forward in 1 min.. 16:21:47 * siddharthvipul will be back in a minute 16:22:08 #topic Oncall 16:22:16 #info https://fedoraproject.org/wiki/Infrastructure/Oncall 16:22:25 #info dtometzki is on call for 2021-05-06 to 2021-05-13 16:22:32 #info darknao is on call for 2021-05-13 to 2021-05-20 16:22:39 #info bodanel is on call for 2021-05-20 to 2021-05-27 16:22:48 #info ??? is on call for 2021-05-27 to 2021-06-03 16:22:50 there was only one request about a full mail queue 16:23:07 dtometzki, always on time! Thanks. 16:23:49 Any other or additional information from other peoples? 16:24:10 samyak-jn: you can add me for oncall duty 16:24:25 Here you go! 16:24:34 #info siddharthvipul is on call for 2021-05-27 to 2021-06-03 16:25:07 I think we can move forward since we are packed for on calls as well ;) 16:25:23 yep 16:25:26 #topic Monitoring discussion [nirik] 16:25:31 #info https://nagios.fedoraproject.org/nagios 16:25:37 #info Go over existing out items and fix 16:25:47 nirik, stage is yours :P 16:25:49 so, again not much new here. 16:26:06 there's a few things we could try and clean up, but haven't yet... 16:26:35 no real new alerts tho, so I guess just move on for now 16:26:39 Ok thanks, so we can move forward then? If that's okay? 16:26:42 Sure! 16:26:49 #topic Learning topic 16:27:00 I am excited for upcoming monitoring changes 16:27:02 #info ansible how it works and how to contribute [nirik] on 2021-05-13 16:27:03 (tools) 16:27:24 oh nice topic 16:27:31 Here you go again, I'm excited for today! nirik 16:27:59 cool. 16:28:16 So, we have been using ansible for many years (since it's very earliest days) 16:28:49 We have a git repo with all our public ansible playbooks/roles/files/etc 16:29:00 thats at https://pagure.io/fedora-infra/ansible 16:29:26 We also have a private git repo that has passwords and sensitive info in it. Thats only on batcave01 (our ansible control host) 16:30:09 the public repo syncs from pagure.io to batcave01 where it's merged with the private repo and thats where playbooks run 16:30:28 can we use the public ansible repos or we need more permissions ? 16:30:39 We have a small wrapper called 'rbac-playbook' that lets us delegate permissions to groups to run playbooks. 16:31:19 The public ansible repo is committable by anyone in the list for that repo on pagure.io... but it's mostly the 'sysadmin' account group. 16:31:30 anyone can submit Pull requests to the public repo. 16:32:05 only folks in a sysadmin-* group can login to batcave01, and only specific groups can run specific playbooks. 16:32:21 for example, sysadmin-badges can run badges related playbooks there 16:32:59 In addition to running playbooks manually, we have a daily job that runs over all playbooks, but with --check and --diff... so it doesnt make changes, it just reports if changes would be made. 16:33:27 and also often I run the 'main' playbook, which you can see in the repo on the top level... it just includes all the other playbooks. 16:34:10 batcave01 (our control host) can reach all our other hosts to configure them via ansible... 16:34:36 https://pagure.io/fedora-infra/ansible/blob/main/f/main.yml this one correct? 16:34:44 Looking at the ansible repo, we have a README that tries to explain the layout... 16:34:53 samyak-jn: yep. exactly. 16:35:12 nice.., please go on. 16:35:21 So the main areas to look at are: 16:36:08 inventory/ this is the list of all our hosts. It's split out into several files... but you can see if a host exists and what groups it's in there. groups are [groupname] and hosts are under each group. Hosts can be in multiple groups. 16:36:40 do we have a staging area where people can develop and test ? 16:36:42 inventory/host_vars and inventory/group_vars: These are variable assosciated with groups and hosts... 16:37:20 dtometzki: great question. we do have a staging env, but it uses the same ansible repo and such as production. This is to allow them to be very close to the same all the time. 16:37:43 for just general poking around, it's easy to spin up a container or vm locally and play with ansible. 16:38:25 group vars are less specific than host vars and host vars override if something is defined in both places... 16:38:34 yeah that is now my way 16:38:53 The other two really commonly used/looked at directories are: 16:39:09 playbooks - the actual playbooks you run... these include roles and tasks. 16:39:41 roles - this is where most of the heavy lifting happens. These contain the config files/templates and tasks to setup things. 16:40:41 In addition, ansible now has 'collections' which are a higher than roles level, generic way to distribute things. We have a few of those installed, in particular linux-system-roles and ansible-collections-community-general 16:41:39 so, if we have time (which I think we do), lets look at a playbook? 16:41:47 Can you bit elaborate the `collections` part? 16:41:54 playbooks/groups/batcave.yml is the playbook that sets up batcave01 (the control host itself. ;) 16:41:59 I'm inn! yes please 16:43:02 samyak-jn: sure! collections are just a way to distribute ansible code so that others can easily reuse it. For example, the ansible-collections-community-general has a ton of things in it, but to pick one: 16:43:25 /usr/share/ansible/collections/ansible_collections/community/general/plugins/modules/pam_limits.py 16:43:39 this is a ansible module that lets you adjust/manage the pam_limits files. 16:44:01 oh, and I left out something super handy! 16:44:11 Oh gotcha, i understood it now 16:44:29 ansible includes docs for things pretty well... 'ansible-doc pam_limits' will give you detailed docs on how to use that module 16:44:52 I use ansible-doc all the time. 16:45:10 anyhow, back to the batcave01 playbook. 16:45:23 If you look at the top the first thing we do is import _another_ playbook. ;) 16:45:52 that playbook ( virt-create) gets passed a variable called 'myhosts' set to 'batcave' 16:46:24 that playbook then runs and looks to make sure the virtual host exists. If it doesn't it uses host and group variables to create it with virt-install. 16:46:48 after that (which gets skipped anytime the host actually already exists) 16:47:13 you can see we have a play that sets up some variable files and then starts calling roles. 16:47:43 down below we have 'pre_tasks' and 'tasks' and 'handlers' 16:48:03 tasks are usually something quick / easy that it wasn't worth making a role out of 16:48:25 in this case there's one to setup yum repos and one to setup the motd (message of the day that you see when you login) 16:48:54 handlers are things that trigger on changes. You can have a handler that restarts something if it's config file changes, etc. 16:49:13 you can see in roles, that we can also pass roles variables 16:49:43 ansible uses jinja2 for templating, so variables are of the form "{{ variablename }}" 16:50:15 so any questions on that? 16:50:18 do you have a good link to jinja2 ? 16:50:22 Templating is, hands down, what makes the playbooks convenient! 16:51:02 tutorial or examples ? 16:51:37 https://ttl255.com/jinja2-tutorial-part-1-introduction-and-variable-substitution/ is a pretty reasonable tutorial 16:51:48 So just to be clear once, is something is being changed then handler gets into account and performs the desired role for example here: restart_services will run? 16:51:58 s/is/if 16:52:16 The official documentation is good too, https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html but lesser examples here. :/ 16:52:33 samyak-jn: yeah, so if you look at the handlers file there they are defined with a name then a command to run on change... 16:52:46 yes 16:54:45 so, in addition to playbooks and using ansible to configure things, we also use ansible as a ad-hock controller... that does require you to be in the sysadmin-main group to have that access, but it's handy to run commands over groups of hosts easily. 16:55:45 you may want to play around with that on your home networks/machines/containers. ;) 16:56:17 ok, so I think thats a pretty high level overview. :) Happy to answer further questions on the list/out of meeting/etc. 16:56:28 Yesss, so one ore questions, are there new comers task right now that I can look after the meeting to contribute to? 16:56:58 I just learned using ansible in couple of last week only so still learning :) 16:57:12 samyak-jn: yeah, I think there's a few marked easyfix in the infra tickets list... 16:57:22 you can submit PR's for them 16:57:54 nirik, I'll take a look and ping on the group for help ;) Thanks for today's topic it was very much awesome! 16:58:04 One thing to mention is that we have some low precedent vars set in places like group_vars/all.yml and there is one for staging too. If there is ever a variable that is not as you expect they may be the culprit 16:58:42 samyak-j: you can help me with my ticket 16:58:42 I mention it because it confused me last week :) 16:59:05 there are over 200 servers to migrate to rhel-system-roles 16:59:08 plenty of work 16:59:30 bodanel: Oh will ping you after the meeting, thanks for this, it will help me brush up! 17:00:05 If there are no further questions can we move on to next topic? 17:00:11 nirik++ 17:00:16 we are over time :) 17:00:21 Thanks for the session. 17:00:34 siddharthvipul: yea :3 17:00:37 I think we can obviously continue in -admin :) 17:00:41 thanks nirik 17:00:48 nirik++ 17:00:48 dtometzki: Karma for kevin changed to 8 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:00:54 nirik++ 17:00:54 t0xic0der: Karma for kevin changed to 9 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:00:55 nirik++ ftw 17:00:57 siddharthvipul: Karma for kevin changed to 10 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:03 no problem. :) 17:01:25 nirik++ 17:01:25 bodanel: Karma for kevin changed to 11 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:01:26 * nirik has to run to another meeting, thanks everyon 17:01:31 nirik: \o 17:01:40 bye everyone 17:01:54 #endmeeting