#fedora-meeting log

17:00:13 <pboyHB> #startmeeting fedora-server
17:00:13 <zodbot> Meeting started Wed May  5 17:00:13 2021 UTC.
17:00:13 <zodbot> This meeting is logged and archived in a public location.
17:00:13 <zodbot> The chair is pboyHB. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:13 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:13 <zodbot> The meeting name has been set to 'fedora-server'
17:00:24 <pboyHB> #topic Welcome / roll call
17:00:33 <pboyHB> hi everyone!
17:00:42 <pboyHB> As usual we should give a few minutes for folks to show up
17:00:50 <pboyHB> #info please say either .hello2  or .hello <fasname>
17:00:59 <pboyHB> I’ll post the agenda in a few minutes.
17:02:22 <michel_slm> .hello salimma
17:02:23 <zodbot> michel_slm: salimma 'Michel Alexandre Salim' <michel@michel-slm.name>
17:02:30 <michel_slm> Setting up my desktop client, brb
17:02:33 <dcavalca> .hi
17:02:34 <zodbot> dcavalca: dcavalca 'Davide Cavalca' <dcavalca@fb.com>
17:03:04 <pboyHB> #topic Agenda
17:03:14 <pboyHB> #link https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/EAUPYMONTWRFIZSR4HPPI2TE5FZXGWDT/
17:03:21 <pboyHB> 1. Welcome
17:03:28 <pboyHB> 2. Agenda
17:03:34 <pboyHB> 3. Planning for next Fedora release(s)
17:03:41 <pboyHB> 4. Fedora release criteria and process
17:03:50 <pboyHB> 5. Marketing Improvement / Ambassadors Material
17:03:58 <pboyHB> 6. Open Floor
17:04:15 <pboyHB> #topic 3. Planning for next Fedora release(s)
17:04:24 <pboyHB> Already very concrete: Announcement to drop the "Allow SSH root login with password" option from the installer GUI Do we want this for Server Edition?
17:04:32 <pboyHB> #link https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/UOSWJJ2LGHPVYR7RTGYYUR66XQNH3PTN/
17:04:40 <pboyHB> Many servers operate in a protected environment. And it's much easier with a password when you need to quickly access another server directly from one, for example.
17:04:48 <pboyHB> And no server administrator will enable this option without a valid reason, I guess.
17:04:57 <pboyHB> According to Martin Kolman, if the Fedora Server group so decides, that option may be retained in the Server Edition iso image.
17:05:06 <pboyHB> Any ideas? The foor is open.
17:05:24 <pboyHB> foor > floor i
17:08:05 <michel_slm> hmm. so in properly productionized environments, normally there's either a KVM attached or some sort of out-of-band login console
17:08:49 <michel_slm> and... if you kickstart your installation you can still set up any sort of accounts you want, right?
17:09:20 <michel_slm> (that being said, I have no preference either way, just I don't know the exact use case that needs it)
17:09:25 <pboyHB> Lucky you. In our university we are out of luck, or better out of funding KVMs
17:10:04 <michel_slm> ah, sounds like you do have a valid use case then
17:10:46 <michel_slm> back when I worked for a university in Germany, the Linux servers run on VMware ESX, so.. there's also a remote console. but I guess if you run bare metal and without kickstart, this can be a pain
17:10:57 <pboyHB> Ad use case: We log in to one Server using a private vlan, and I have to ftp to another server (via private lan, but sftp).
17:11:06 <michel_slm> (pro tip: lorax has mkksiso, which let you bake a kickstart into an existing ISO easily. super handy)
17:11:32 <michel_slm> is setting up a user account with sudo access per sysadmin an option?
17:11:35 <pboyHB> We are on bare metal, ywes
17:11:58 <michel_slm> that way you also have better logging on who did what (sure, a malicious intruder can cover their tracks)
17:12:16 <pboyHB> A sudo it an option, of course. but much more typing, and a chance for typos
17:13:51 <michel_slm> there's also passwordless sudo :)
17:14:02 <michel_slm> or set it to a higher timeout
17:14:06 <pboyHB> Proper loggin is a security feature. But we are only three admins for the whole bunch of servers
17:15:00 <michel_slm> I'd say the default should be, let's keep the option for now? esp since the GUI team is amenable to it
17:15:21 <pboyHB> OK, didn't consider passwortless sudo so far :-)
17:15:45 <michel_slm> I wonder if there's a way to canvass the user population's opinion on this. maybe we can announce an annual survey or something (not for now, of course)
17:15:55 <pboyHB> michel_slm: +1
17:16:12 <pboyHB> Any opinions?
17:16:22 <pboyHB> Any objections
17:16:32 <pboyHB> Any objections???
17:17:29 <michel_slm> calling once... calling twice...
17:17:42 <michel_slm> sold to pboyHB for $0.02
17:17:55 <michel_slm> wanted to put a euro sign but my keyboard layout betrayed me
17:18:07 <pboyHB> #agreed Option Allow SSH root login with password should be retained
17:18:29 <pboyHB> Yes, the trouble with the keyboard. I'm fighting all the day :-)
17:18:46 <pboyHB> Next part:
17:18:54 <pboyHB> We have commited to a number of goals in the new PRD. What of these should be tackled?
17:19:02 <pboyHB> #link https://hackmd.io/@x3mboy/HyB92cVl_
17:19:09 <pboyHB> We have:
17:19:16 <pboyHB> 1. Improved support for off-premise Kickstart and pxe installation
17:19:22 <pboyHB> 2. Facilitated and improved support for using Base Cloud Images
17:19:29 <pboyHB> 3. Providing easy installation and pre-configuration for key services with Ansible
17:19:35 <pboyHB> 4. Easy integration into multi-node environments with tools like Ansible
17:19:43 <pboyHB> 5. Buildup of a renewed documentation on Fedora Server specific topics
17:19:51 <pboyHB> We have already a small group engaged in 5. (documentation) Additional contributors are welcome.
17:20:01 <pboyHB> Which of the items do we want to start with?  And who?
17:21:51 <michel_slm> what does #1 entail?
17:22:02 <michel_slm> the off-premise kickstart part especially
17:22:22 <michel_slm> for #3 and #4 ... not me, sadly, my Ansible skill is rusty after almost 5 years of having to use Chef :p
17:22:50 <pboyHB> It was a proposal by nirik. I guess an installation iso which boots into a complete install or VNC?
17:23:19 <michel_slm> IIRC VNC is already set up by default
17:23:28 <pboyHB> michel_Slm: Same for me, unfortunately
17:23:39 <michel_slm> but if the goal is to have an ISO that automates the installation, then yeah that's what mkksiso does
17:24:05 * nirik looks up. Sorry I have been too busy to be at last few meetings. ;(
17:24:13 <michel_slm> so.. I can try taking a further look there. any details? (can't promise anything soon but I'll be on leave in July for 3 months, and I'm sure I'll be bored enough to do some open source work)
17:24:48 <pboyHB> nirik: in any case, glad you are here!
17:26:10 <nirik> 3 and 4 are pretty open things. ;)
17:26:55 <michel_slm> nirik: how about #1?
17:27:01 <pboyHB> nirik: indeed. We need to make it more concrete
17:28:21 <pboyHB> I would be interested in #1.: easy Kickstart And easy tftp server setup. Did somethin like that with IBM a decade ago.
17:28:57 <pboyHB> rather 2 decades
17:29:07 <nirik> michel_slm: I am not sure what that was... you say I proposed it?
17:29:50 <pboyHB> nirik: according to my notes you proposed it back in December.
17:30:25 * michel_slm does not even remember what I said last month let alone 6 months ago ;)
17:30:42 <pboyHB> nirik: And you proposed a revision of our defaults, e.g. partitioning.
17:30:44 <nirik> yeah, I am drawing a blank, but I beleive you. ;)
17:31:08 <pboyHB> michel_slm: +1. :-) make many thins easier.
17:32:21 <michel_slm> pboyHB: can you link to those notes?
17:32:36 <michel_slm> I wonder if the partitioning changes are no longer relevant now that we use btrfs by default
17:32:45 <michel_slm> but yeah the old 50GB for / was a pain
17:32:55 <pboyHB> Server does not use btrfs
17:33:43 <pboyHB> regarding my notes: I will look for a source link and post it later on mailing list.
17:33:52 <nirik> server defaults to XFS and LVM
17:34:13 <pboyHB> And I'm glad it does!
17:34:33 <nirik> and instead of sticking extra space in /home, it leaves it as unallocated lvm space.
17:34:41 <nirik> so you can easly create lv's for whatever
17:35:09 <pboyHB> Yes, and you can separate your various  data.
17:36:05 <pboyHB> An if something goes wront with the filesystem in one LV, others are still OK
17:38:01 <michel_slm> <nirik "server defaults to XFS and LVM"> oh yeah
17:38:08 <pboyHB> I think we need to continue to think about our program and put it on the agenda again in 2 weeks.
17:38:20 <michel_slm> right, XFS can't shrink so gobbling all space is a terrible default
17:38:52 <nirik> I suppose we could look at moving to btrfs too, but... it would be a big change...
17:39:12 <pboyHB> I'm not fond of it.
17:39:32 <pboyHB> If I need btrfs, I use it in a LV
17:39:51 <michel_slm> resource control should work on XFS (it doesn't have ext4's priority inversion bug) so... I'm not going to comment one way or another
17:40:18 <michel_slm> but yeah, for server given database use cases, I would rather not propose changing the defaults until we're sure
17:40:22 <nirik> well, xfs/lvm2 keeps us pretty aligned with rhel also... but we shouldn't be afraid to diverge if there's good reasons.
17:40:29 <dcavalca> right now I think the default is fine
17:40:46 <michel_slm> right, having some alignment with rhel/centos is also a bonus
17:40:49 <dcavalca> once btrfs gets better support for raid5/6 and maybe encryption, then I think it's worth a rediscussion
17:41:17 <michel_slm> encryption is coming, do we know for sure if raid5/6 is being worked on dcavalca ?
17:41:45 <dcavalca> michel_slm: yeah, it's being worked on (not by fb)
17:43:26 <michel_slm> ah. one of the storage companies? or one of the other Linux distros
17:44:02 <dcavalca> I don't actually remember tbh; I'll ask Josef
17:45:22 <pboyHB> Back to Agenda. Any objection to switrch to next topic and resumption of this one i 2 weeks ?
17:45:36 <michel_slm> no objection
17:45:41 <pboyHB> #topic 4. Fedora release criteria and process
17:47:56 <pboyHB> Probably we should ask Stephen Gallagher to open a ticket about that so e have a better overview?
17:48:04 <pboyHB> Anyway, I am technically not so familiar with the subject
17:48:31 <Eighth_Doctor> dcavalca: it's being worked on by WDC
17:49:18 <dcavalca> ah right, thanks Eighth_Doctor
17:50:06 <Eighth_Doctor> nirik, pboyHB: there are a few things on the list before attempting to switch Server to Btrfs by default
17:50:26 <nirik> ha. I got really confused there... was trying to parse WDC as something/someone working on release critera process.
17:50:30 <Eighth_Doctor> I think that a good stepping stone would be to produce an alternative cloud image using btrfs
17:50:38 <Eighth_Doctor> nirik: WDC == Western Digital Corporation
17:50:52 <nirik> yeah, I figured it out... just boggled for a min. ;)
17:50:57 <nirik> a btrfs cloud could be nice.
17:51:12 <Eighth_Doctor> there's a cloud-sig ticket for it, I think?
17:51:15 <Eighth_Doctor> so we could start there
17:51:33 <Eighth_Doctor> https://pagure.io/cloud-sig/issue/308
17:52:49 <pboyHB> Eighth_Doctor: I've the impression, cloud sig is reluctant to make any modifications at the moment.
17:53:00 <Eighth_Doctor> I don't recall if we have Btrfs being tested in server on OpenQA
17:53:26 <Eighth_Doctor> but the existing universal openqa tests should cover that functionality
17:53:42 <Eighth_Doctor> pboyHB: that's mostly due to lack of meetings while dustymabe was on leave
17:54:15 <Eighth_Doctor> we haven't done any planning yet, but there was interest from myself, dcavalca, and jdoss
17:54:39 <pboyHB> Eighth_Doctor: OK. Good to know
17:55:10 <pboyHB> I see, we are running out of time.
17:55:31 <pboyHB> I'll switch toOpen Floor if no one objects
17:55:45 <Eighth_Doctor> 👍️
17:55:49 <pboyHB> #topic 6. Open Floor
17:56:13 <pboyHB> I'm most interesting in: Who is next chair?
17:56:25 <pboyHB> I did it several times in a row.
17:56:36 <pboyHB> Would like to have a rest.  :-)
17:57:37 <pboyHB> Michel. could you take over? You have some experience.
17:58:43 <michel_slm> when is the next meeting, next week or the week after?
17:58:54 <pboyHB> Next week.
17:59:09 <pboyHB> I'll have to finish the PRD discussion, amoung others
17:59:23 <pboyHB> I'll -> we'll
17:59:25 <michel_slm> I'm oncall next week and it'll be the day after my wife got her second covid vaccine shot so I might not be around :p
17:59:38 <michel_slm> I can backup someone else though
17:59:42 <Eighth_Doctor> wait, I thought we were biweekly?
17:59:48 <Eighth_Doctor> are we weekly?
17:59:55 <michel_slm> we were biweekly, I think it got switched a few weeks ago
18:00:02 <pboyHB> No, we switched to weekly some weeks ago
18:00:05 <dcavalca> yeah I have this as weekly
18:00:11 <Eighth_Doctor> ugh, that explains how I didn't know about it
18:00:14 <Eighth_Doctor> my calendar needs to be fixed :D
18:00:15 <dcavalca> I have a conflict next week though
18:00:46 <pboyHB> OK, I take it next week as well and hope for the week after
18:01:04 <pboyHB> Many thanks to everybody!
18:01:27 <pboyHB> I'll close now if nobody has something else ??
18:01:39 <pboyHB> 3
18:01:43 <pboyHB> 2
18:01:50 <pboyHB> 1
18:01:58 <pboyHB> #endmeeting