2025-01-15 18:00:09 <@pboy:fedora.im> !startmeeting fedora-server 
2025-01-15 18:00:09 <@meetbot:fedora.im> Meeting started at 2025-01-15 18:00:09 UTC
2025-01-15 18:00:10 <@meetbot:fedora.im> The Meeting name is 'fedora-server '
2025-01-15 18:00:14 <@pboy:fedora.im> !topic Welcome / roll call
2025-01-15 18:00:23 <@pboy:fedora.im> I'll post the agenda in 2-3 minutes.
2025-01-15 18:00:23 <@pboy:fedora.im> As usual, let's wait a moment  for everybody to show up.
2025-01-15 18:00:40 <@jwhimpel:fedora.im> 1hi
2025-01-15 18:00:45 <@jwhimpel:fedora.im> !hi
2025-01-15 18:00:46 <@zodbot:fedora.im> John Himpel (jwhimpel)
2025-01-15 18:04:53 <@pboy:fedora.im> Hi John!
2025-01-15 18:05:49 <@jwhimpel:fedora.im> Peter,  It's nice to be back among the "healthy" again,, after 6 weeks of fighting bronchitis.
2025-01-15 18:07:10 <@pboy:fedora.im> Oh, that sounds bad. Bronchitis, maybe not very dangerous, but still very unpleasant and a hindrance in daily activities. 
2025-01-15 18:08:07 <@pboy:fedora.im> nirik: Welcome! And busy as always  :-) 
2025-01-15 18:08:37 <@nirik:matrix.scrye.com> yeah, story of my life sadly... but it beats being bored I guess. ;)
2025-01-15 18:09:19 <@pboy:fedora.im> Yeah Boredom is not an issue,. happoily
2025-01-15 18:09:22 <@jwhimpel:fedora.im> nirik: Just remember the old adage: "The reward for good work is more work"!
2025-01-15 18:09:40 <@pboy:fedora.im> Let's start.
2025-01-15 18:09:47 <@nirik:matrix.scrye.com> yep. indeed
2025-01-15 18:09:55 <@pboy:fedora.im> !topic Agenda
2025-01-15 18:10:03 <@pboy:fedora.im> !info  Follow-up actions & announcements
2025-01-15 18:10:11 <@pboy:fedora.im> !info  Server user poll
2025-01-15 18:10:24 <@pboy:fedora.im> !info  Ansible assisted installation and configuration of NFS service
2025-01-15 18:10:33 <@pboy:fedora.im> !info  Ansible assisted installation and configuration of WEB service
2025-01-15 18:10:43 <@pboy:fedora.im> !info  Open Floor
2025-01-15 18:11:02 <@pboy:fedora.im> Anything to add?
2025-01-15 18:11:21 <@pboy:fedora.im> OK. none I guess
2025-01-15 18:11:24 <@pboy:fedora.im> !topic 1. Follow-up actions & announcements
2025-01-15 18:11:43 <@pboy:fedora.im> There are no new actions so far.
2025-01-15 18:11:52 <@pboy:fedora.im> Any announcement today? 
2025-01-15 18:12:25 <@pboy:fedora.im> None, as I see
2025-01-15 18:12:36 <@pboy:fedora.im> !topic 2. Server user poll
2025-01-15 18:12:48 <@pboy:fedora.im> no new open actions.
2025-01-15 18:13:09 <@pboy:fedora.im> Sorry, c&p error
2025-01-15 18:13:12 <@pboy:fedora.im> !link https://pagure.io/fedora-server/issue/145 
2025-01-15 18:13:42 <@pboy:fedora.im> Do we have any new information about the current status?
2025-01-15 18:13:48 <@nirik:matrix.scrye.com> how long does it run until?
2025-01-15 18:14:03 <@pboy:fedora.im> WE are planning until Mid February.
2025-01-15 18:14:38 <@pboy:fedora.im> But somnehow I'm unable to get any information about how it works.
2025-01-15 18:15:10 <@pboy:fedora.im> JWF (he/him): Do you have new information for us?
2025-01-15 18:16:55 <@nirik:matrix.scrye.com> yeah, no idea there. I would expect there might be a way to see 'live' results (to see how many responded, etc)
2025-01-15 18:18:05 <@pboy:fedora.im> Yeah, I guesss JWF (he/him) is swamped so short before Fosdem. Is there anyone else who can help us out?
2025-01-15 18:19:31 <@pboy:fedora.im> I guess, we have no idea at the moment. So let's switch.
2025-01-15 18:19:45 <@pboy:fedora.im> !topic  3. Ansible assisted installation and configuration of NFS service
2025-01-15 18:19:55 <@pboy:fedora.im> !link https://pagure.io/fedora-server/issue/138
2025-01-15 18:21:19 <@jwhimpel:fedora.im> Since I l earned the UID/GID/User name have to be kept in sync, I suggest I put that information into the README with suggestions  on how an admin might keep all that in sync.  Otherwise, If I can finish my personal todo list, I should be able to commit the ansible role by our next meeting.
2025-01-15 18:22:07 <@pboy:fedora.im> Well, I love manual additions to automated processes  :-) 
2025-01-15 18:22:48 <@pboy:fedora.im> I think, such measures are the traditional way of handling it. 
2025-01-15 18:24:34 <@jwhimpel:fedora.im> I have learned that freeIPA runs on x86 and arm on two gig memory sbc's (for small installations).  But lurking on the freeIPA email list, it seems there is a lot of folks having issues keeping it updated and running.  It's a very complex set of processes and practices.  Do we want to explore using freeIPA to keep everything in sync and controlling access to resources?
2025-01-15 18:27:22 <@pboy:fedora.im> I think, IPA is a real challenge. But it would be a real progress if we can tame it into Fedora Server somehow. I think, we should do the NFS without IPA and user authentication in a first step So we get things running. And we should ask our IPA expert for assistance. 
2025-01-15 18:28:36 <@jwhimpel:fedora.im> Sounds like a plan to me
2025-01-15 18:29:27 <@pboy:fedora.im> abbra (Alexander Bokovoy) is specialized amoung others in IPA
2025-01-15 18:29:53 <@pboy:fedora.im> But I don't find him here a Matrix.
2025-01-15 18:30:46 <@jwhimpel:fedora.im> When I post stuff on the M/L, he often responds off-list via email.
2025-01-15 18:31:13 <@pboy:fedora.im> Yeah, he is one of our more active members.
2025-01-15 18:32:42 <@pboy:fedora.im> Nevertheless, we have yet another issue with NFS so far. I got a security warning / complain from our European IT Securioty Agency. We have the portmapper port open to the world, which opens various securiy issues. 
2025-01-15 18:33:55 <@pboy:fedora.im> They propose to open the port just for addresses who are permitted to use the servers, So we would have to manage the fireall as well.
2025-01-15 18:34:12 <@pboy:fedora.im> They propose to open the port just for addresses who are permitted to use the service, So we would have to manage the fireall as well.
2025-01-15 18:34:22 <@pboy:fedora.im> They propose to open the port just for addresses who are permitted to use the service, So we would have to manage the firewall as well.
2025-01-15 18:36:11 <@jwhimpel:fedora.im> I guess I could add that task in the ansible role.  Let me investigate.
2025-01-15 18:36:13 <@pboy:fedora.im> On the other hand, if I remember correctly NFS v 4 doesn't need the portmapper service any more.  Any idea here? 
2025-01-15 18:37:16 <@jwhimpel:fedora.im> But portmap should still be running on the NFS client and server.
2025-01-15 18:37:16 <@jwhimpel:fedora.im> Although portmap is no longer needed on the network, it is still required locally on the NFSv4 client and server.
2025-01-15 18:37:16 <@jwhimpel:fedora.im> 
2025-01-15 18:37:16 <@jwhimpel:fedora.im> This means your firewall does not have to open portmap port 111 for NFSv4 to work.
2025-01-15 18:37:28 <@jwhimpel:fedora.im> Above quote  from ibm.com
2025-01-15 18:39:02 <@jwhimpel:fedora.im> I can certainly add tasks to ensure port 111 is closed and  portmapper is running
2025-01-15 18:39:09 <@pboy:fedora.im> OK, so maybe we don't need to open it. They are nagging me about this since end of December. Maybe, we can close the port in the time, you are not working on it? 
2025-01-15 18:39:43 <@jwhimpel:fedora.im> Go ahead and close the port.  If you don't, my ansible testing later this week will.
2025-01-15 18:40:54 <@pboy:fedora.im> OK. I'll close the port for now. I just don't want to get in your way.
2025-01-15 18:41:14 <@pboy:fedora.im> I I don't want to make it more difficult for you.
2025-01-15 18:42:30 <@jwhimpel:fedora.im> If the port is closed, ansible will detect that and not try to close it again.  If I run into issues, I have sudo privileges, so I can re-open the port (after notifying you)
2025-01-15 18:43:08 <@pboy:fedora.im> OK, thanks! Let's do it this way.
2025-01-15 18:43:22 <@pboy:fedora.im> I think, we can switch to the next topic? 
2025-01-15 18:43:32 <@jwhimpel:fedora.im> Lets  move on.
2025-01-15 18:43:42 <@pboy:fedora.im> !topic  4. Ansible assisted installation and configuration of WEB service 
2025-01-15 18:43:53 <@pboy:fedora.im> !link https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org/thread/RMKV2JSIBEAAFKK66TY5FR3W7PV54ALL/ 
2025-01-15 18:45:04 <@pboy:fedora.im> That's my proposal for the web service and how an Ansible playbook should work. Question is, do we agree about the process? It's a bit differen from the way httpd maintainers do it.
2025-01-15 18:47:07 <@jwhimpel:fedora.im> I have an ansible role that brings up nginx.  BUt it is currently broken as I am trying to add reverse proxy and ssl.  I think Emmanuel knows of a site with lots of predefined ansible roles for sysadmins.  I can search the archives, find the site and see if they have a readily usable ansible role to install/configure nginx.
2025-01-15 18:50:05 <@pboy:fedora.im> Well., as Fedora Server Edtion we should handle httpd in any case. It is the official default in Fedora. And, of course, we should additionally include nginx. It is quite wide spread (although I read various concerns about it's Russian roots in the current time). 
2025-01-15 18:51:08 <@jwhimpel:fedora.im> I can do the same research on httpd as well.  I'll post my findings to the M/L
2025-01-15 18:51:08 <@pboy:fedora.im> And I think we should use a much of pre-exsting roles. But most of those roles try to handle generic cases. But we need a special handling of Fedora Servers way to work. 
2025-01-15 18:51:54 <@jwhimpel:fedora.im> I'll read your docs (referenced above) and see how that may vary from the generic.
2025-01-15 18:52:25 <@pboy:fedora.im> OK, thanks. We should continue on mailing list.
2025-01-15 18:52:40 <@pboy:fedora.im> Anything to add for now?
2025-01-15 18:53:19 <@pboy:fedora.im> I see none. So we should go on.
2025-01-15 18:53:30 <@pboy:fedora.im> !topic 5. Open Floor
2025-01-15 18:54:04 <@pboy:fedora.im> Anything to discuss here? The floor is open
2025-01-15 18:56:33 <@jwhimpel:fedora.im> I read that the latest released kernel has basic support RPi 5.  There are apparently still video and wifi issues.  But they stated most everything we need to use for remotely managed servers seems to work.  I know Ubuntu has gotten it to work (but their rules for distro content is more liberal than Fedora's).  Also I seem to recall Fedora uses a different bootloader than the other distributions.
2025-01-15 18:58:18 <@jwhimpel:fedora.im> I tried to get onto the arm meeting this week, but was a little late.  They had shutdown the meeting due to a lack of a quorum before I could get onboard.  I will try to ask the status at their meeting next Tuesday.  I'm assuming Fedora Server does NOT require graphics or wifi.  Do you agree?
2025-01-15 18:59:41 <@pboy:fedora.im> Yes, we don't need the specific graphics support, nor wifi. But we should have a basic terminal support. 
2025-01-15 19:00:17 <@jwhimpel:fedora.im> I believe it has both serial console and ethernet
2025-01-15 19:00:21 <@pboy:fedora.im> As a last way you have to add a serial terminal. Or
2025-01-15 19:01:52 <@pboy:fedora.im> I have a Radxa Rock Pi 5b which uses a rk 3588 (or something alike) which is still waiting for full support of graphics. But server already works well with the latest kernel.
2025-01-15 19:02:58 <@pboy:fedora.im> Are you still looking for a SBC model to buy as suiccessor for your RasPi 3? (which is so slow for these days)
2025-01-15 19:05:58 <@jwhimpel:fedora.im> I have purchases 2 RPi5 (4g).  There is an image out on the web that used  mostly Fedora content that I am running.  I can update the system via DNF and everything keeps on working.  It just adds some of the bits that Ubuntu uses and the bootloader problem.  It just runs.
2025-01-15 19:06:29 <@pboy:fedora.im> Oh, that's good!
2025-01-15 19:08:57 <@pboy:fedora.im> Steve Cossette [Farchord]: The OrangePi is a fine SBC for a Fedora Server, too. Maybe, you can check a bit, how Server works? In our docs there are some hints and criteria.
2025-01-15 19:09:20 <@jwhimpel:fedora.im> I need to run.  Talk to you later on the M/L
2025-01-15 19:09:45 <@farchord:fedora.im> Oh I know. My goal is to use it for OpenQA. But for that I need main kernel support :)
2025-01-15 19:10:24 <@pboy:fedora.im> John Himpel: Good run! Bye  bye
2025-01-15 19:12:50 <@pboy:fedora.im> Steve Cossette [Farchord]: I'm preparing  a paper / proposal for a Fedora Server homelab  spin on SBC as a replacement for a commercial NAS as Synology and co. Perhaps you can add your thoughts when I have a more complete draft.
2025-01-15 19:13:28 <@renegadext:matrix.org> As someone who does Linux in business settings I’d be very interested in this.
2025-01-15 19:13:49 <@farchord:fedora.im> Sure! The main annoyance about using SBCs on Linux is the setup process. `arm-image-installer` helps but it's.... lacking XD
2025-01-15 19:14:30 <@farchord:fedora.im> I got a (semi-)working X1 Elite laptop running Fedora btw. Wasn't easy XD
2025-01-15 19:15:14 <@pboy:fedora.im> ctlinux: You are welcome. I'll announce more on our mailing list and here on Matrix. And I think, we will discuss about it on several of out meetings.
2025-01-15 19:16:44 <@pboy:fedora.im> Steve Cossette [Farchord]: yes, installation is a pain in the .... With rockchip bases SBC im trying to use the OGD port to directly flash the SPI and / or the eMMC.
2025-01-15 19:16:55 <@pboy:fedora.im> But is is not easy, too.
2025-01-15 19:17:13 <@farchord:fedora.im> or the nvme (OPI 5+) XD
2025-01-15 19:18:11 <@pboy:fedora.im> Unfortunately, so far as I know the nvme is not available that way.
2025-01-15 19:18:15 <@pboy:fedora.im> I see that we have overrun our time.
2025-01-15 19:18:58 <@pboy:fedora.im> I see that we have overrun our time.
2025-01-15 19:19:12 <@pboy:fedora.im> Before we get scolded... 
2025-01-15 19:19:34 <@pboy:fedora.im> We should continue next week or on mailing list or on Matrix or on .....
2025-01-15 19:20:01 <@pboy:fedora.im> Thanks everybody for participating!
2025-01-15 19:20:20 <@pboy:fedora.im> Hope to see you next week or anytime later again.
2025-01-15 19:20:56 <@renegadext:matrix.org> Peter Boy:  I’d be interested in continuing the conversation about this.  I work for a Synology partner and we have concerns over some of their newer business practices.  
2025-01-15 19:21:58 <@renegadext:matrix.org> We have discussed a DIY solution, or another commercial solution internally.  I’d love to be able to add this to offerings for our customers showing off Fedora loud and proud.  Maybe even use Cockpit to manage the solution.  
2025-01-15 19:25:02 <@pboy:fedora.im> Yes, we would use Cockpit. And my current idea is to provide a kind of appliance with most popular apps already installed and preconfigured. And additional apps as container, but not only as docker/podman but with mkose systemd-container. It is more aligned with maintainable systems and avoids a lot of overhead by the docker/podman concept.
2025-01-15 19:25:50 <@pboy:fedora.im> And  I'm using Synology for years, but I'm increasingly dissatisfied.
2025-01-15 19:26:19 <@pboy:fedora.im> But let's continue on the other channels. We have to leave here  :-)
2025-01-15 19:27:09 <@pboy:fedora.im> So, I'll close for now.
2025-01-15 19:27:19 <@pboy:fedora.im> !endmeeting