17:00:53 #startmeeting fedora-server 17:00:53 Meeting started Wed Aug 17 17:00:53 2022 UTC. 17:00:53 This meeting is logged and archived in a public location. 17:00:53 The chair is pboy. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 17:00:53 Useful Commands: #action #agreed #halp #info #idea #link #topic. 17:00:53 The meeting name has been set to 'fedora-server' 17:01:05 #topic Welcome / roll call 17:01:14 Welcome to our Server WG IRC meeting today! 17:01:16 * cyberpear listens in 17:01:16 .hi 17:01:26 Let's see who is present today. 17:01:35 .hello2 17:01:39 i was forget that 17:01:41 .hello 17:01:45 :P 17:01:45 Please, everybody who is lurking, say either .hello2 or .hello 17:01:59 its broken 17:02:22 .hello cooltshirtguy 17:02:24 Zodbot sometimes acts a bit bitchy. 17:02:34 i see that 17:08:11 .hello2 17:08:16 Hmm, it's not exactly crowded here. :-) 17:09:18 We need at least 3 formal members for a meeting, so we meet the quorum. 17:09:32 I think, we should start now. 17:10:16 cyberpear: I'm afraid there's not that much to listen today. :-) 17:10:22 But welcome! 17:10:36 I’ll post the agenda 17:10:44 #topic Agenda 17:10:52 #link https://pagure.io/fedora-server/report/Meeting 17:11:00 #info Follow up actions 17:11:08 #info Final decision about an updated Fedora Server Technical Specification 17:11:17 #info Using Ansible to install and configure Wildfly 17:11:24 #info Initial discussion about revisiting Fedora Server release criteria 17:11:33 #info Open Floor 17:11:42 Any additional topic / issue / comment ? 17:12:52 #topic Follow up actions 17:13:03 #info DONE pboy will create a next version of the techn. spec. containing our agreements on July 20. 17:13:10 #link https://docs.fedoraproject.org/en-US/server-working-group/docs/server-technical-specification/ 17:13:22 No further outstanding action items at the moment as far as I know. 17:15:08 Just as an info: There are probs with our Server VM addition. The pull request to add the kickstart file has not been carried out, yet. 17:16:00 I hope, we get it done before final change dead line. 17:16:23 Anything else? 17:17:08 OK, next topic. 17:17:16 #topic Final decision about an updated Fedora Server Technical Specification 17:17:25 #link https://pagure.io/fedora-server/issue/58 17:17:49 #info Latest version https://docs.fedoraproject.org/en-US/server-working-group/docs/server-technical-specification/ 17:17:59 #link https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/UANJIACVFI5E7LCOMLXKWJFMK4GTL6IS/ 17:18:15 How should we proceed? 17:18:54 Maybe, we step throught the latest comments? 17:19:22 And maybe, we should start a voting and not just agree here? 17:19:36 I don't recall if the issues raised at our last meeting were resolved or not. If they were, let's go ahead and publish it. 17:20:33 jwhimpel: They are resolved, except for 2 alternatives to the file system 17:21:15 I'm looking 17:21:40 where's the part about the file systems ? 17:22:31 the one about lvm with xfs 17:22:38 The other items are something I missed to add and ideas by Adam Williamson we were already aware of, but decided to leave it as is for the time being. 17:23:04 cooltshirtguy yes, section 1.2 17:23:47 gotcha 17:27:06 I don't feel qualified to know the best default partitioning/filesystem options to be used as defaults in "Fedora Server". 17:28:18 We don't say what is the best. I just describe what we decided to take a default, and the reason for that. 17:28:20 I favor alt1 17:28:33 if i had to choose :) 17:28:56 And I think, we really should decribe that. 17:29:27 I always separate /home no matter what. server, desktop, etc. 17:29:59 cooltshirtguy Yes, that's a long standing unix best practise 17:31:16 Question: can we agree about alt. 1? And should we do a voting? 17:31:32 I just look, what we did with the current version ..... 17:32:19 Editing suggestion: Unindent the last two sentences of Alternative 1. Or bring them up to the solid bullet level. 17:33:01 agree with jwhimpel on that 17:33:05 jwhimpel: Yes, they are indented to make the alternatives better visible. 17:33:23 Just an editorial temporary measure. 17:34:09 So, we agree about alt 1 17:34:49 #agreed The technical spec will be alternative 1 in section 1.2 17:35:02 Editing suggestion: Change "Common options are" to "The installer must also support the following common options" 17:35:07 what do you think about voting? 17:35:28 i'm good with alt1 17:35:32 jwhimpel: agreed to that 17:35:52 I support alt #1 with suggested editing changes. 17:35:55 It's way the better english, I'm sure 17:36:50 With the last version there is no explicit mention about voting, as it is with the PRD. 17:37:19 So I think, we can do without voting, as well. 17:39:26 This document is not immutable and thus change be changed later if ideas for improvements surface later. Let's move on for now. 17:40:09 s/change be/can be/ 17:40:46 jwhimpel agreed! Therefore: 17:40:56 #proposal: WG agrees about the techn.spec. in the current version, with alt. 1 fpr section 1.2 and editorial adaptations as discussed. 17:41:41 discussed. -> discussed today 17:42:03 3 17:42:14 2 17:42:24 1 17:42:40 agreed: WG agrees about the techn.spec. in the current version, with alt. 1 for section 1.2 and editorial adaptations as discussed today. 17:43:08 Puh, done. 17:43:26 That was a difficult and time consuming process. 17:44:04 Let's switch to the real work and server improvment: 17:44:13 #topic Using Ansible to install and configure Wildfly 17:44:23 #link https://pagure.io/fedora-server/issue/60 17:44:32 #link https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/YV7XFPYLMVFYLJWISCNPXFBNS6YZKDRK/ 17:44:50 Mailing List: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/LY4IQ3RHLFPRFS5X44D2KFWMLJVT4RVS/ 17:45:24 This is one of the central building blocks of our Server Roles.! 17:45:44 I am very excited. 17:45:56 5 Mins to read? 17:46:05 I have installed wildfly on my local server. I am trying to require ssl (tls) on the communications between the proxy server (apache) and wildfly. 17:46:23 are you using ansible to install ? 17:46:32 I tried following the procedure at: https://developer.jboss.org/people/fjuma/blog/2018/08/31/obtaining-certificates-from-lets-encrypt-using-the-wildfly-cli#jive_content_id_Obtaining_a_certificate_from_Lets_Encrypt 17:46:45 coolshirtguy: yes. 17:46:55 I remember issues with the certificate? 17:47:34 When I follow Farah Juna's blog procedure to install and configure the certificates, I get an error in the final command to jboss-cli.sh shown in her blog. 17:47:46 do you have a link the playbook? 17:48:01 I have also tried the procedure found at https://github.com/antoniopaolacci/Let-s-Encrypt-Certificate-and-JBoss-WildFly 17:48:37 coolshirtguy: Not at the moment, but I can find time tomorrow to put up a link and send it to the ML. 17:49:25 The gihub procedure requires inserting xml into standalone.xml. But it doesn't say where to make the insertion. 17:50:03 This is a copy of my standalone.xml https://www.dropbox.com/s/zrj1kd1ws2aeoeq/standalone.xml?dl=0 17:50:49 If someone would spin up wildfly and follow the instructions in Farah Juma's blog, that would tell me if the issue is my my server or in the instructions. 17:50:59 The xml looks fine at teh first view. 17:51:29 According to the error message, it is an issue with the letsencrypt server, I think. 17:51:36 Or if someone could tell me where to insert the xml into standalone.xml as described in the github example, that would be greatly appreciated. 17:52:21 I think so to. I would like to find the src repository to jboss-cli to see what options are being passed to certbot, but I don't know where to look. 17:52:40 jwhimpel I can ask our wildfly expert. 17:53:07 wildfly is provided as a compressed file and not an rpm, so the contents of the source are not immediately obvious. 17:53:59 And you are running Wildfly in collapsed mode? 17:54:07 lol find the section.. 17:54:38 I'm not sure what you mean by "collapsed mode". 17:55:01 I'm running it as a standalone single instance. 17:55:31 https://docs.wildfly.org/14/Admin_Guide.html section 6 17:55:31 I mean, as a war file, not converted / unpacked into a directory structure 17:56:05 I've check the audit files, the wildfly logs, the system journal, the let's encrypt logs and see nothing that would be of help diagnosing the issue. 17:56:06 seems like you put in the section for security-realms 17:56:41 its my 5 min guess looking at docs 17:57:58 https://docs.tibco.com/pub/mdm/9.1.0/doc/html/GUID-AA55613A-FD0C-4C64-A012-EA485ECC6FB8.html 17:58:04 tibco-- 17:58:23 coolshirtguy: I'm running as individual directories and files. That's how it's delivered. Apps can run as war files. 17:58:39 ok 18:00:17 I'll look at the tibco stuff later today (I have 5 meetings already booked for this afternoon). :-( 18:00:47 yuck, sorry to hear that 18:01:03 jwhimpel: I would like to follow your installation steps and try it out. Hopefully it gaves me an idea. 18:01:19 that's where I'm at. 18:01:23 It that possible? Do you have something to support that? 18:01:28 need to duplicate the setup 18:01:45 that's why I asked about the Ansible playbook 18:02:19 I will try to take the "local references" (userids and stuff) out of my playbook and post it into gitlab. Give me a few days. 18:02:40 jwhimpel: GREAT 18:02:40 no problem 18:03:18 Our area has experienced severe flooding issues and I am leading part of the effort to help people recover. The next few weeks are going to be very busy for me. Please be a bit patient. 18:03:32 So, we will try to reproduce the setup and the error message. 18:04:09 Got to run to my next meeting. Thanks for listening. 18:04:20 jwhimpel: We are. We have neglected this work for so long, unfortunately!!. So, some days are not an issue. 18:04:39 Bye jwhimpel. 18:04:54 And we are already out of time. So I switch to: 18:05:03 #topic Open Floor 18:05:22 Anything to discuss / comment /ask here? 18:05:35 nope 18:05:57 OK, so let's close 18:06:05 #endmeeting