18:00:02 <nirik> #startmeeting Infrastructure (2016-04-28) 18:00:02 <zodbot> Meeting started Thu Apr 28 18:00:02 2016 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 18:00:02 <zodbot> The meeting name has been set to 'infrastructure_(2016-04-28)' 18:00:02 <nirik> #meetingname infrastructure 18:00:02 <nirik> #topic aloha 18:00:02 <nirik> #chair smooge relrod nirik abadger1999 lmacken dgilmore threebean pingou puiterwijk pbrobinson 18:00:02 <zodbot> The meeting name has been set to 'infrastructure' 18:00:02 <zodbot> Current chairs: abadger1999 dgilmore lmacken nirik pbrobinson pingou puiterwijk relrod smooge threebean 18:00:03 <nirik> #topic New folks introductions / Apprentice feedback 18:00:45 <puiterwijk> Hi 18:00:53 <aikidouke> hello 18:00:53 <winterchillz> Hello everyone 18:02:01 <nirik> Any new folks like to give a short introduction? 18:02:08 <nirik> Or any apprentices with questions or comments? 18:02:13 <jflory7> .hello jflory7 18:02:24 <zodbot> jflory7: jflory7 'Justin W. Flory' <me@justinwflory.com> 18:02:57 * jflory7 will do a quick intro 18:03:01 <smooge> hola. 18:03:06 <nirik> welcome jflory7. 18:03:08 <skamath> .hello skamath 18:03:08 * doteast is on time ... almost :) 18:03:09 <zodbot> skamath: skamath 'Sachin S Kamath ' <sskamath96@gmail.com> 18:03:17 <skamath> Hey, I am new here :) 18:03:26 <sayan> hello 18:03:46 <skamath> .fasinfo skamath 18:03:46 <zodbot> skamath: User: skamath, Name: Sachin S Kamath , email: sskamath96@gmail.com, Creation: 2014-11-12, IRC Nick: skamath, Timezone: Asia/Kolkata, Locale: en, GPG key ID: EFD95439, Status: active 18:03:49 <zodbot> skamath: Approved Groups: commops antispam-acked cla_fpca cla_done 18:03:50 <skamath> ^ 18:03:50 <tflink> .hello tflink 18:03:52 <zodbot> tflink: tflink 'Tim Flink' <tflink@redhat.com> 18:04:13 <jflory7> Hi all, my name is Justin and I'm looking at getting more involved with Infrastructure. I am a Google Summer of Code student for this summer as well, and I am planning on helping migrate the Community Blog + Fedora Magazine to Ansible and hopefully have them share the same core installation. I'm also hoping to get more involved with some more Ansible things, possibly helping port to the 2.0 API. 18:04:24 <nirik> hey skamath. Welcome. Care to give a short one line introduction of yourself to the group? 18:04:26 <jflory7> I have more details about my proposal on the wiki. 18:04:28 * jflory7 digs for link 18:04:35 <dgilmore> hi all 18:05:16 <jflory7> Full details here: https://fedoraproject.org/wiki/GSOC_2016/Student_Application_jflory7 18:05:53 <nirik> cool. 18:06:04 * linuxmodder semi here 18:06:11 <skamath> Hello all, I am Sachin and I am looking to get involved with fedora-infra. I am going my GSoc with Fedora CommOps this year, and my goals are yet to be defined. It'd mostly be with Python. I have experience in writing automation scrips in python and use Python for all my daily "hacks". Apart from that, I also love bug triaging and love security :) 18:06:20 <nirik> jflory7: one thing you might look at is moving to the fedora wordpress packages instead of install from source... they have worked well for me, and might be easier to manage... 18:06:44 <linuxmodder> .hello linuxmodder 18:06:45 <zodbot> linuxmodder: linuxmodder 'Corey W Sheldon' <sheldon.corey@openmailbox.org> 18:06:45 <nirik> skamath: welcome. :) 18:06:56 <jflory7> nirik: Ooh. That's really good to know, will keep that in mind! 18:07:00 * skamath waves to nirik 18:07:31 <nirik> skamath / jflory7: Can look at adding you to our apprentice group after the meeting if you like... see me in #fedora-admin. 18:07:39 * jflory7 nods 18:07:41 <nirik> any other new folks or apprentices with questions? 18:07:47 <puiterwijk> For full info: I am Justin's mentor for GSoC 18:07:57 <jflory7> Oops, yeah, forgot to mention :) 18:07:58 <skamath> Roger. 18:07:59 <jflory7> puiterwijk++ 18:08:21 <skamath> decause is my mentor for CommOps :) 18:08:43 <nirik> ok, lets go on to status/info items: 18:08:47 <nirik> #topic announcements and information 18:08:47 <nirik> #info codecs.fedoraproject.org all setup, just needs SOP and repo files updates - kevin/dennis 18:08:47 <nirik> #info updated blacklist of lists to not send fedmsg for - kevin 18:08:47 <nirik> #info blockerbugs01.stg proxy setup fixed up - kevin 18:08:48 <nirik> #info helped clean up some hosts netmasks after networking changes - kevin 18:08:49 <nirik> #info netapp storage outage/update wed night - kevin 18:08:50 <nirik> #info F24Beta has slipped a week, so another week of freeze - kevin 18:08:58 <nirik> anything anyone would like to add or discuss more from that list? 18:09:08 * nirik notes he's the only one that added things. ;( 18:09:45 <skamath> nirik++ 18:09:45 <zodbot> skamath: Karma for kevin changed to 43 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 18:10:28 <puiterwijk> #info new Basset in staging that has auto-learning enabled - patrick 18:10:31 <linuxmodder> any fellow seeders of the respins a new rsync module exists now 18:10:56 <linuxmodder> and new ones going up to /pub/alt as we meet 18:11:06 <puiterwijk> #info New powerPC boxes for FICloud hav ebeen setup and are being assumed into the cloud very soon - patrick 18:11:20 <nb> .hello nb 18:11:21 <zodbot> nb: nb 'Nick Bebout' <nb@nb.zone> 18:11:22 <puiterwijk> nirik: sorry for that, I couldn't get my gobby to work before the meeting.. it broke somewhere last week :( 18:11:26 * pingou late 18:11:32 <nirik> puiterwijk: no problem 18:11:58 <linuxmodder> puiterwijk, not the only one had issues with gobby myself yesterday 18:12:06 <puiterwijk> #info helped networking with the router change - patrick 18:12:29 <nirik> oh and after storage updates last night: 18:12:37 <nirik> #info nfsv4 now works from our netapps 18:13:19 <nirik> ok, jflory7 had a discussion item: 18:13:22 <nirik> #topic Password storage and distribution (Rattic?) - jflory7 18:13:26 <jflory7> Yeah! 18:13:27 <nirik> take it away jflory7 18:13:35 <pingou> nirik: will the netapp storage outage impact beta release? 18:13:46 <jflory7> So yesterday in the Marketing meeting, we've been trying to come up with solutions for password storage and distribution for social media accounts 18:13:52 <nirik> pingou: no, since it's already over. ;) 18:13:57 <jflory7> It could apply to more things, but we're currently looking at social media accounts 18:13:59 <nb> jflory7, use password-store 18:14:05 <pingou> oh, sorry misread, thanks nirik :) 18:14:06 <nb> it uses gpg, so you could add people's gpg keys 18:14:12 <nb> and then push the repo somewhere? 18:14:12 <jflory7> bkp and decause are looking into posssible solutions as well 18:14:25 <pingou> nb++ 18:14:31 * pingou also uses pass 18:14:34 <skamath> or, just pass :) 18:14:38 <sayan> nb++ 18:14:38 <zodbot> sayan: Karma for nb changed to 26 (for the f23 release cycle): https://badges.fedoraproject.org/tags/cookie/any 18:14:46 <nb> skamath, well, password-store is the name for pass isn't it? 18:14:47 * skamath uses pass too 18:14:50 * nb likes pass 18:14:55 <nirik> well, there are some things to consider here... 18:15:01 <jflory7> Oh, I hadn't considered pass. I hadn't thought of applying for shared passwords among large numbers of people 18:15:07 <skamath> Ah, yes :D 18:15:18 <nirik> pass can encrypt to multiple keys. 18:15:33 <nirik> but if you have a repo, all the old commits will be to all the keys at the time... 18:15:49 <jflory7> Although I imagine some of the people who would be needing the passwords may not be completely familiar with GPG common practices. It could be learned or taught, but it could be a possible barrier to entry 18:15:51 <nb> nirik, true, so you couldn't really revoke someone's access 18:15:57 <jflory7> Something was mentioned yesterday, Rattic? 18:16:07 <nb> although if you add a key it will re-encrypt to add that key 18:16:12 <jflory7> I haven't ever used it or heard of it, but it's what OSAS at Red Hat is looking at setting up in the near future 18:16:18 <nirik> nb: yeah, well, you could remove their key so new stuff doesn't have it, but old still would 18:16:33 <nirik> I glanced at it, it seems pretty heavy. It's a Django app 18:16:33 <nb> nirik, true 18:16:55 <jflory7> That could be a potential issue for a long-term application of using pass 18:17:06 <nb> jflory7, well, you could remove their key, then change the passwords 18:17:10 <pingou> we would need a way to have two pass db 18:17:14 <nirik> well, just don't use a repo or don't provide access to one 18:17:16 <pingou> one private, one for fedora 18:17:25 <linuxmodder> wouldn't the same commit sign denial work here that github and gitlab use? 18:17:55 <nb> pingou, does pass have to have its data stored in .password-store? 18:18:07 * nb wonders if that can be specified on command line or something 18:18:15 <linuxmodder> nirik, can't you add a gpg hash or fpr to a hosts.deny too for the repo 18:18:15 <pingou> nb: it's the default location, should be easy to change/adjust 18:18:28 <nirik> linuxmodder: no, but you can remove the keys it encrypts with 18:18:47 * pingou notes that pass is a single shell script 18:18:55 <nb> pingou, true 18:18:58 <linuxmodder> admittedly I'm likely only one in mtg taht doesn't / hasnt used pass 18:19:02 <nb> so we could change it to fedpass 18:19:03 <nirik> so yeah, as nb said, to remove someone you would have to remove their key from the file and then change all the passwords (which is good practice anyhow) 18:19:04 <nb> or something 18:19:36 <nb> if there is no way to specify the .password-store location 18:19:45 <linuxmodder> we are talking all users or just admins for the revoking ? 18:19:46 <pingou> .fedora-store :] 18:19:46 <zodbot> pingou: Error: Spurious "]". You may want to quote your arguments with double quotes in order to prevent extra brackets from being evaluated as nested commands. 18:19:46 <nirik> which if you changed them all, the old entiries wouldn't matter, so I guess you could use a git repo 18:20:18 <puiterwijk> zodbot: nobody asked you anything 18:20:21 <linuxmodder> lol @ pingou 18:20:25 <nirik> so, how about this: jflory7: could you write up a requirements email and send it to the list? 18:20:27 <MarkDude> :D 18:20:34 <jflory7> nirik: That works for me. 18:20:35 <nirik> how many people are we talking, how many accounts, etc? 18:20:52 <pingou> how many passwords 18:20:56 <nirik> and we can try and come up with something. Pass might be easy, but it might not meet all your requirements... dunno 18:21:16 <pingou> (do we want to setup something for 2 passwords, or are we talking about 15?) 18:21:18 <jflory7> As of now, I think the target is under 10 social media accounts, but I need to get a confirmation on that number. For people with privileges, it would probably be the same people who have access now, which I *believe* is somewhere between 7-15 people 18:21:30 <linuxmodder> jflory7, only got thru about half of yesterday's log care to spin me up post mtg here 18:21:49 <nirik> jflory7: would all these folks be ok using command line tools? 18:21:52 <jflory7> I can get more information and details on the specifics from those involved with this soon. 18:22:11 <nirik> fair enough 18:22:20 <linuxmodder> nirik, would think most should be 18:22:35 <jflory7> nirik: Well, the people I actively see using the account are savvy enough to use pass, but I don't know about long-term. I think later on, it might be extended to people who are more Marketing types than tech-savvy types. 18:22:47 <MarkDude> jflory7: +1 18:22:51 <nirik> pass actually has some gui apps over it too 18:23:00 <linuxmodder> jflory7, blog post / mag post then later on for that 18:23:06 <jflory7> Part of the concern for me would also be some of the people who would be needing the passwords may not be completely familiar with GPG common practices. It could be learned or taught, but it could be a possible barrier to entry. 18:23:26 <linuxmodder> jflory7, point them to the mag series on gpg 18:23:43 <nirik> yeah. 18:23:47 <linuxmodder> its not just for end users and is / would be sufficient for that I'd imagine 18:24:04 <jflory7> I think it could be enough to someone familiar with the basics to use it 18:24:28 <decause> .hello decause 18:24:29 <linuxmodder> if not use that series as a primer in total and have a onboarding phase 2 for the social spefic stuff 18:24:33 <jflory7> A GUI app for pass would be a good reference too, I'll see what I can find for that as well. 18:24:33 <zodbot> decause: decause 'Remy DeCausemaker' <decause@redhat.com> 18:24:40 <linuxmodder> decause, late today :) 18:24:42 <linuxmodder> welcome 18:24:47 * nirik saw a QT one the other day, can't recall the name tho 18:25:02 <MarkDude> Some of the best social media folks are deemed "People Persons" part of that description is not needing CLI. A GUI option down the road would make it doable, IMO. Best practices is fair to require (in relation to GPG) eof 18:26:05 <linuxmodder> honestly I think a benchmark (onboarding style ) of knowing basic cli and gpg should be for all social admins 18:27:02 <linuxmodder> gui or cli we need them to know how /what to do if we get a 2am spam issue or the like 18:27:07 <nirik> anyhow, we can look at requirements on list and propose some solutions. 18:27:12 <jflory7> nirik: +1 18:27:17 <nirik> anything else on this for now? 18:27:34 <linuxmodder> nfm 18:27:51 <jflory7> #action jflory7 Follow up with Marketing / social media people on specifics for needs for password storage and distribution, get requirements to Infrastructure list 18:28:09 <nirik> #topic Apprentice Office hours / open questions 18:28:29 <nirik> last meeting we tried out a little section for apprentices to discuss tickets or questions or whatever. 18:28:37 <nirik> Anyone have anything today? 18:29:08 <jflory7> Wiki pages are serving as good references for me getting involved so far. :) Will ask any questions in #fedora-admin later on if needed. 18:29:16 <winterchillz> Not from me. I saw your comment requesting Ansible playbooks for the SMTP SSL so I got into going through the Ansible docs to get an idea of how it works 18:29:33 <winterchillz> Since I haven't used it personally so far and I want to know what I'm doing before getting into it 18:29:38 <nirik> jflory7: I saw you cleaned up the getting started page. Thanks much. ;) 18:29:48 <jflory7> nirik: No problem :) 18:29:58 <nirik> winterchillz: sounds good. do ask in #fedora-admin or #fedora-noc if you have questions. 18:30:05 <winterchillz> Will do, thank you 18:30:10 <nirik> ah ha: https://qtpass.org/ was the thing I was thinking of eariler. 18:30:19 <jflory7> #link https://qtpass.org/ 18:30:25 * jflory7 saves for later 18:30:52 <nirik> it just passed review I think so it should be in fedora or will be soon 18:31:05 <skamath> nirik: Does it add any functioanlity to the CLI version? 18:31:12 <skamath> Other than the GUI, of course 18:31:57 <nirik> not sure actually. 18:32:04 <nirik> I just saw it, haven't run iit. 18:32:36 <nirik> any other questions on tickets or work items or anything? 18:32:55 <nirik> #topic Open Floor 18:33:08 <nirik> anything for open floor? or shall we get 30min back for our day? 18:33:22 <winterchillz> We have our own day? 18:33:22 * jflory7 doesn't have anything 18:33:29 <jflory7> Looking forward to getting involved with Infra! 18:33:49 * skamath is getting started with the wiki. 18:33:52 <nirik> winterchillz: well, 30more minutes of it to do something instead of being in this meeting for 30min more. ;) 18:34:04 <nirik> anyhow, if nothing else will close out in a minute. 18:34:22 <jflory7> nirik++ Thanks for chairing! 18:34:22 <winterchillz> Just joking :) Nothing from me either. Thanks for chairing the meeting and thanks everyone for jumping in. Also welcome to the new apprentices! 18:34:50 <nirik> sounds good. Everyone continue over in #fedora-admin, #fedora-apps and #fedora-noc. ;) Thanks for coming. 18:34:52 <nirik> #endmeeting