18:00:08 #startmeeting Community Openshift retrospective/q&a/planning 18:00:08 Meeting started Fri Aug 23 18:00:08 2019 UTC. 18:00:08 This meeting is logged and archived in a public location. 18:00:08 The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:08 Useful Commands: #action #agreed #halp #info #idea #link #topic. 18:00:08 The meeting name has been set to 'community_openshift_retrospective/q&a/planning' 18:00:24 hey, anyone around wanting to talk communishift? 18:01:25 * relrod waves 18:02:05 hey relrod. 18:03:24 * nirik will wait a few more for others to arrive 18:03:48 nirik: ok, so I'll start: What is the best resource for learning how to admin openshift better? The RH training? 18:05:20 Great question. ;) I am not really sure... but yeah, I think there's training classes (which I also should go to). The docs are pretty good, but of course can't cover everything. 18:07:02 #topic retrospective 18:07:13 so, looking back at setup and launch... 18:07:27 I wish we could have kubevirt/CNV working, but hopefully that will be soon. 18:07:37 and the fas operator would be nice to have. 18:07:57 and the entire thing took far longer than it should have. 18:08:43 It was also not as open on the setup as I would like, but there's not much other folks could do until it was up and running anyhow. 18:10:24 any other retro thoughts? 18:11:38 alright.. moving on then... 18:11:42 #topic Current setup 18:11:54 just for the record, the current setup is: 18:12:34 2 vm's running on vhosts that run proxy servers. They answer the api and other hostnames and just use haproxy to foward everything into the cluster. 18:13:19 the cluster has 11 nodes... 3 masters and 8 compute 18:13:50 storage is nfs from a 45drives storinator 18:14:31 552 cores and 1.72TB mem... so lots of resources. ;) 18:15:36 currently running 4.1.11 18:15:45 #topic Q&A 18:15:58 any questions I can try and answer? ;) 18:17:00 How active is CPE/infra is in handling "person/group deployed thing to communishift, then became inactive, and thing is currently unmaintained/falling apart" 18:17:06 s/is in/in/ 18:17:22 I know that was discussed, but not sure what the final result was 18:17:22 yeah, we need to determine a process for that still. 18:17:34 I'd like to avoid us pinging people all the time. 18:18:07 Hmm,i came 10 minutes late. Did i lost something important? 18:18:22 One suggestion was to set a alertmanager trigger that just goes off and notifies people every X time and if they don't ack it consider the app unmaintained 18:18:44 nirik: Also, what is the procedure for deploying things? Is there still an RFR process? Or can anyone CLA+1 decide they want to deploy something and as long as it's FOSS we grant access? 18:19:21 knstn: backlog: https://meetbot-raw.fedoraproject.org/fedora-meeting/2019-08-23/community_openshift_retrospectiveq&aplanning.2019-08-23-18.00.log.txt 18:19:39 thanks 18:20:00 relrod: right now people have to be added or they cannot provision anything. So, they have to ask to be added. After that deployment is 100% up to them. 18:20:18 so we add anyone who wants to be? 18:20:24 I'd like to see about opening it up later to packager and qa and some other groups and just let them have access by being in those groups 18:21:08 yeah, as long as it's not obviously someone bad. 18:21:49 Does openshift have decent auditing built in? Can we see who has done what? 18:21:56 Sorry if I'm asking a bunch of dumb questions 18:21:59 yeah, it should... 18:22:06 no no, these are all good. ;) 18:22:47 there are currently 33 users 18:24:19 there's logging via a ELK stack... we should see exactly what all it logs. 18:25:31 as far as user stuff. I know it logs output from pods, etc. 18:27:18 #action nirik to look into audit logs 18:28:01 #info need to deternine heartbeat policy for apps/users to remove unmaintained stuff 18:28:06 How much of a tangible benefit to Fedora do projects on it need to provide? What is to stop someone using it for personal hosting or something, are we okay with that? (I guess this applied to the old cloud too, but...) 18:28:14 #action nirik to make a SOP for adding users, etc. 18:28:52 well, I don't think we watch people like a hawk, but if we notice/see people using resources for something else we reserve the right to remove them/their app. 18:29:05 ie, if someone setup bitcoin mining or spamming, or whatever 18:31:53 well I'm thinking if someone decides they're going to run their personal wordpress or something on it 18:32:24 where do we draw the line 18:32:24 ah, yeah, thats more hazy... I guess we tell them to not when we see it. 18:33:41 yeah, not sure. What if someone is running their wordpress and it's full of fedora related information? or if they want to use it as a development instance for a wordpress like communityblog/magazine... 18:34:16 I suppose things in the gray area we can try and come to consensis of the admins on? 18:35:15 * relrod nods 18:35:58 there's a lot of resources, so I think we can mostly be kind to people... 18:36:24 but its really for development/proofofconcept/help fedora related things. 18:39:28 any other questions or comments? 18:39:40 #topic Upcoming plans 18:39:58 I plan to get CNV / kubevirt working... this will allow us to run vm's in containers. 18:40:09 and we can move things off the old cloud so we can turn it off. 18:41:00 🎉 18:41:56 other than that I hope we can just maintain things and not spend too much time on it... 18:43:06 #topic Open Floor 18:43:14 any other items/questions? 18:43:30 Could we add a "penalty" policy for those who are going to abuse it? Like account deactivation for 1 month. 18:43:39 What's the plan with category 3 apps around data? Dumping it to a db pod? 18:46:12 knstn: well, depends on how they are abusing things. I'd say removal of privs or removal of account... I don't think we want to try and do more gradual stuff. 18:46:32 * cverna waves 18:46:40 jlanda: yeah, if a app moves there from infra we can dump the data out and you can put it in a db pods. 18:47:16 I considered providing a external db host, but I really don't want us to be doing stuff with this all the time, and that would mean we would 18:47:35 fair 18:47:36 after kubvirt is working I suppose you could run db's in vm's there 18:48:09 but the openshift db stuff is pretty cool too... making sure you always have at least one db pod running 18:51:05 ok, anything else? if not will rap up and let everyone get back to what they were doing... 18:53:09 ok. Thanks for coming everyone! 18:53:13 #endmeeting