17:00:13 <pboyHB> #startmeeting fedora-server 17:00:13 <zodbot> Meeting started Wed May 5 17:00:13 2021 UTC. 17:00:13 <zodbot> This meeting is logged and archived in a public location. 17:00:13 <zodbot> The chair is pboyHB. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:13 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 17:00:13 <zodbot> The meeting name has been set to 'fedora-server' 17:00:24 <pboyHB> #topic Welcome / roll call 17:00:33 <pboyHB> hi everyone! 17:00:42 <pboyHB> As usual we should give a few minutes for folks to show up 17:00:50 <pboyHB> #info please say either .hello2 or .hello <fasname> 17:00:59 <pboyHB> I’ll post the agenda in a few minutes. 17:02:22 <michel_slm> .hello salimma 17:02:23 <zodbot> michel_slm: salimma 'Michel Alexandre Salim' <michel@michel-slm.name> 17:02:30 <michel_slm> Setting up my desktop client, brb 17:02:33 <dcavalca> .hi 17:02:34 <zodbot> dcavalca: dcavalca 'Davide Cavalca' <dcavalca@fb.com> 17:03:04 <pboyHB> #topic Agenda 17:03:14 <pboyHB> #link https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/EAUPYMONTWRFIZSR4HPPI2TE5FZXGWDT/ 17:03:21 <pboyHB> 1. Welcome 17:03:28 <pboyHB> 2. Agenda 17:03:34 <pboyHB> 3. Planning for next Fedora release(s) 17:03:41 <pboyHB> 4. Fedora release criteria and process 17:03:50 <pboyHB> 5. Marketing Improvement / Ambassadors Material 17:03:58 <pboyHB> 6. Open Floor 17:04:15 <pboyHB> #topic 3. Planning for next Fedora release(s) 17:04:24 <pboyHB> Already very concrete: Announcement to drop the "Allow SSH root login with password" option from the installer GUI Do we want this for Server Edition? 17:04:32 <pboyHB> #link https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/UOSWJJ2LGHPVYR7RTGYYUR66XQNH3PTN/ 17:04:40 <pboyHB> Many servers operate in a protected environment. And it's much easier with a password when you need to quickly access another server directly from one, for example. 17:04:48 <pboyHB> And no server administrator will enable this option without a valid reason, I guess. 17:04:57 <pboyHB> According to Martin Kolman, if the Fedora Server group so decides, that option may be retained in the Server Edition iso image. 17:05:06 <pboyHB> Any ideas? The foor is open. 17:05:24 <pboyHB> foor > floor i 17:08:05 <michel_slm> hmm. so in properly productionized environments, normally there's either a KVM attached or some sort of out-of-band login console 17:08:49 <michel_slm> and... if you kickstart your installation you can still set up any sort of accounts you want, right? 17:09:20 <michel_slm> (that being said, I have no preference either way, just I don't know the exact use case that needs it) 17:09:25 <pboyHB> Lucky you. In our university we are out of luck, or better out of funding KVMs 17:10:04 <michel_slm> ah, sounds like you do have a valid use case then 17:10:46 <michel_slm> back when I worked for a university in Germany, the Linux servers run on VMware ESX, so.. there's also a remote console. but I guess if you run bare metal and without kickstart, this can be a pain 17:10:57 <pboyHB> Ad use case: We log in to one Server using a private vlan, and I have to ftp to another server (via private lan, but sftp). 17:11:06 <michel_slm> (pro tip: lorax has mkksiso, which let you bake a kickstart into an existing ISO easily. super handy) 17:11:32 <michel_slm> is setting up a user account with sudo access per sysadmin an option? 17:11:35 <pboyHB> We are on bare metal, ywes 17:11:58 <michel_slm> that way you also have better logging on who did what (sure, a malicious intruder can cover their tracks) 17:12:16 <pboyHB> A sudo it an option, of course. but much more typing, and a chance for typos 17:13:51 <michel_slm> there's also passwordless sudo :) 17:14:02 <michel_slm> or set it to a higher timeout 17:14:06 <pboyHB> Proper loggin is a security feature. But we are only three admins for the whole bunch of servers 17:15:00 <michel_slm> I'd say the default should be, let's keep the option for now? esp since the GUI team is amenable to it 17:15:21 <pboyHB> OK, didn't consider passwortless sudo so far :-) 17:15:45 <michel_slm> I wonder if there's a way to canvass the user population's opinion on this. maybe we can announce an annual survey or something (not for now, of course) 17:15:55 <pboyHB> michel_slm: +1 17:16:12 <pboyHB> Any opinions? 17:16:22 <pboyHB> Any objections 17:16:32 <pboyHB> Any objections??? 17:17:29 <michel_slm> calling once... calling twice... 17:17:42 <michel_slm> sold to pboyHB for $0.02 17:17:55 <michel_slm> wanted to put a euro sign but my keyboard layout betrayed me 17:18:07 <pboyHB> #agreed Option Allow SSH root login with password should be retained 17:18:29 <pboyHB> Yes, the trouble with the keyboard. I'm fighting all the day :-) 17:18:46 <pboyHB> Next part: 17:18:54 <pboyHB> We have commited to a number of goals in the new PRD. What of these should be tackled? 17:19:02 <pboyHB> #link https://hackmd.io/@x3mboy/HyB92cVl_ 17:19:09 <pboyHB> We have: 17:19:16 <pboyHB> 1. Improved support for off-premise Kickstart and pxe installation 17:19:22 <pboyHB> 2. Facilitated and improved support for using Base Cloud Images 17:19:29 <pboyHB> 3. Providing easy installation and pre-configuration for key services with Ansible 17:19:35 <pboyHB> 4. Easy integration into multi-node environments with tools like Ansible 17:19:43 <pboyHB> 5. Buildup of a renewed documentation on Fedora Server specific topics 17:19:51 <pboyHB> We have already a small group engaged in 5. (documentation) Additional contributors are welcome. 17:20:01 <pboyHB> Which of the items do we want to start with? And who? 17:21:51 <michel_slm> what does #1 entail? 17:22:02 <michel_slm> the off-premise kickstart part especially 17:22:22 <michel_slm> for #3 and #4 ... not me, sadly, my Ansible skill is rusty after almost 5 years of having to use Chef :p 17:22:50 <pboyHB> It was a proposal by nirik. I guess an installation iso which boots into a complete install or VNC? 17:23:19 <michel_slm> IIRC VNC is already set up by default 17:23:28 <pboyHB> michel_Slm: Same for me, unfortunately 17:23:39 <michel_slm> but if the goal is to have an ISO that automates the installation, then yeah that's what mkksiso does 17:24:05 * nirik looks up. Sorry I have been too busy to be at last few meetings. ;( 17:24:13 <michel_slm> so.. I can try taking a further look there. any details? (can't promise anything soon but I'll be on leave in July for 3 months, and I'm sure I'll be bored enough to do some open source work) 17:24:48 <pboyHB> nirik: in any case, glad you are here! 17:26:10 <nirik> 3 and 4 are pretty open things. ;) 17:26:55 <michel_slm> nirik: how about #1? 17:27:01 <pboyHB> nirik: indeed. We need to make it more concrete 17:28:21 <pboyHB> I would be interested in #1.: easy Kickstart And easy tftp server setup. Did somethin like that with IBM a decade ago. 17:28:57 <pboyHB> rather 2 decades 17:29:07 <nirik> michel_slm: I am not sure what that was... you say I proposed it? 17:29:50 <pboyHB> nirik: according to my notes you proposed it back in December. 17:30:25 * michel_slm does not even remember what I said last month let alone 6 months ago ;) 17:30:42 <pboyHB> nirik: And you proposed a revision of our defaults, e.g. partitioning. 17:30:44 <nirik> yeah, I am drawing a blank, but I beleive you. ;) 17:31:08 <pboyHB> michel_slm: +1. :-) make many thins easier. 17:32:21 <michel_slm> pboyHB: can you link to those notes? 17:32:36 <michel_slm> I wonder if the partitioning changes are no longer relevant now that we use btrfs by default 17:32:45 <michel_slm> but yeah the old 50GB for / was a pain 17:32:55 <pboyHB> Server does not use btrfs 17:33:43 <pboyHB> regarding my notes: I will look for a source link and post it later on mailing list. 17:33:52 <nirik> server defaults to XFS and LVM 17:34:13 <pboyHB> And I'm glad it does! 17:34:33 <nirik> and instead of sticking extra space in /home, it leaves it as unallocated lvm space. 17:34:41 <nirik> so you can easly create lv's for whatever 17:35:09 <pboyHB> Yes, and you can separate your various data. 17:36:05 <pboyHB> An if something goes wront with the filesystem in one LV, others are still OK 17:38:01 <michel_slm> <nirik "server defaults to XFS and LVM"> oh yeah 17:38:08 <pboyHB> I think we need to continue to think about our program and put it on the agenda again in 2 weeks. 17:38:20 <michel_slm> right, XFS can't shrink so gobbling all space is a terrible default 17:38:52 <nirik> I suppose we could look at moving to btrfs too, but... it would be a big change... 17:39:12 <pboyHB> I'm not fond of it. 17:39:32 <pboyHB> If I need btrfs, I use it in a LV 17:39:51 <michel_slm> resource control should work on XFS (it doesn't have ext4's priority inversion bug) so... I'm not going to comment one way or another 17:40:18 <michel_slm> but yeah, for server given database use cases, I would rather not propose changing the defaults until we're sure 17:40:22 <nirik> well, xfs/lvm2 keeps us pretty aligned with rhel also... but we shouldn't be afraid to diverge if there's good reasons. 17:40:29 <dcavalca> right now I think the default is fine 17:40:46 <michel_slm> right, having some alignment with rhel/centos is also a bonus 17:40:49 <dcavalca> once btrfs gets better support for raid5/6 and maybe encryption, then I think it's worth a rediscussion 17:41:17 <michel_slm> encryption is coming, do we know for sure if raid5/6 is being worked on dcavalca ? 17:41:45 <dcavalca> michel_slm: yeah, it's being worked on (not by fb) 17:43:26 <michel_slm> ah. one of the storage companies? or one of the other Linux distros 17:44:02 <dcavalca> I don't actually remember tbh; I'll ask Josef 17:45:22 <pboyHB> Back to Agenda. Any objection to switrch to next topic and resumption of this one i 2 weeks ? 17:45:36 <michel_slm> no objection 17:45:41 <pboyHB> #topic 4. Fedora release criteria and process 17:47:56 <pboyHB> Probably we should ask Stephen Gallagher to open a ticket about that so e have a better overview? 17:48:04 <pboyHB> Anyway, I am technically not so familiar with the subject 17:48:31 <Eighth_Doctor> dcavalca: it's being worked on by WDC 17:49:18 <dcavalca> ah right, thanks Eighth_Doctor 17:50:06 <Eighth_Doctor> nirik, pboyHB: there are a few things on the list before attempting to switch Server to Btrfs by default 17:50:26 <nirik> ha. I got really confused there... was trying to parse WDC as something/someone working on release critera process. 17:50:30 <Eighth_Doctor> I think that a good stepping stone would be to produce an alternative cloud image using btrfs 17:50:38 <Eighth_Doctor> nirik: WDC == Western Digital Corporation 17:50:52 <nirik> yeah, I figured it out... just boggled for a min. ;) 17:50:57 <nirik> a btrfs cloud could be nice. 17:51:12 <Eighth_Doctor> there's a cloud-sig ticket for it, I think? 17:51:15 <Eighth_Doctor> so we could start there 17:51:33 <Eighth_Doctor> https://pagure.io/cloud-sig/issue/308 17:52:49 <pboyHB> Eighth_Doctor: I've the impression, cloud sig is reluctant to make any modifications at the moment. 17:53:00 <Eighth_Doctor> I don't recall if we have Btrfs being tested in server on OpenQA 17:53:26 <Eighth_Doctor> but the existing universal openqa tests should cover that functionality 17:53:42 <Eighth_Doctor> pboyHB: that's mostly due to lack of meetings while dustymabe was on leave 17:54:15 <Eighth_Doctor> we haven't done any planning yet, but there was interest from myself, dcavalca, and jdoss 17:54:39 <pboyHB> Eighth_Doctor: OK. Good to know 17:55:10 <pboyHB> I see, we are running out of time. 17:55:31 <pboyHB> I'll switch toOpen Floor if no one objects 17:55:45 <Eighth_Doctor> 👍️ 17:55:49 <pboyHB> #topic 6. Open Floor 17:56:13 <pboyHB> I'm most interesting in: Who is next chair? 17:56:25 <pboyHB> I did it several times in a row. 17:56:36 <pboyHB> Would like to have a rest. :-) 17:57:37 <pboyHB> Michel. could you take over? You have some experience. 17:58:43 <michel_slm> when is the next meeting, next week or the week after? 17:58:54 <pboyHB> Next week. 17:59:09 <pboyHB> I'll have to finish the PRD discussion, amoung others 17:59:23 <pboyHB> I'll -> we'll 17:59:25 <michel_slm> I'm oncall next week and it'll be the day after my wife got her second covid vaccine shot so I might not be around :p 17:59:38 <michel_slm> I can backup someone else though 17:59:42 <Eighth_Doctor> wait, I thought we were biweekly? 17:59:48 <Eighth_Doctor> are we weekly? 17:59:55 <michel_slm> we were biweekly, I think it got switched a few weeks ago 18:00:02 <pboyHB> No, we switched to weekly some weeks ago 18:00:05 <dcavalca> yeah I have this as weekly 18:00:11 <Eighth_Doctor> ugh, that explains how I didn't know about it 18:00:14 <Eighth_Doctor> my calendar needs to be fixed :D 18:00:15 <dcavalca> I have a conflict next week though 18:00:46 <pboyHB> OK, I take it next week as well and hope for the week after 18:01:04 <pboyHB> Many thanks to everybody! 18:01:27 <pboyHB> I'll close now if nobody has something else ?? 18:01:39 <pboyHB> 3 18:01:43 <pboyHB> 2 18:01:50 <pboyHB> 1 18:01:58 <pboyHB> #endmeeting