19:00:01 <nirik> #startmeeting Infrastructure (2012-12-06)
19:00:01 <zodbot> Meeting started Thu Dec  6 19:00:01 2012 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:00:01 <nirik> #meetingname infrastructure
19:00:01 <nirik> #topic welcome y'all
19:00:01 <nirik> #chair smooge skvidal CodeBlock ricky nirik abadger1999 lmacken dgilmore mdomsch threebean
19:00:01 <zodbot> The meeting name has been set to 'infrastructure'
19:00:01 <zodbot> Current chairs: CodeBlock abadger1999 dgilmore lmacken mdomsch nirik ricky skvidal smooge threebean
19:00:08 * skvidal is here
19:00:14 * threebean is here
19:00:18 * jsmith lurks
19:00:20 * athmane is around
19:00:27 <relrod> here
19:01:02 * abadger1999 here
19:01:35 <nirik> ok, we have a few folks, lets go ahead and get started...
19:01:45 <nirik> #topic New folks introductions and Apprentice tasks.
19:02:02 <nirik> Any new people around that would like to introduce themselves? or questions from apprentices?
19:02:04 <smooge> here
19:02:44 <threebean> I should have invited some of the GNOME OPW applicants to the meeting..  I'll make sure to do so next week.
19:03:11 <nirik> ok, as always if you are new, feel free to chime in at any point with questions or comments here or in #fedora-admin/fedora-noc/fedora-apps. ;)
19:03:26 <nirik> threebean: cool. good idea. When does that officially start? or has it already?
19:03:26 <ausmarton> Ausmarton Fernandes here, not quite sure about the format of introduction
19:03:55 <threebean> nirik: we'll announce which candidates are accepted next tuesday, and then the actual gig doesn't start until January I believe.
19:03:57 <nirik> ausmarton: pretty free form. ;) welcome. Are you more interested in the sysadmin side of things? Or the application maintaining/development side?
19:04:48 <nirik> threebean: sounds good.
19:05:41 <nirik> ausmarton: in any case see us after the meeting in #fedora-admin and we can direct you further from there. ;)
19:05:42 * pingou (late)
19:06:06 <nirik> #topic Applications status / discussion
19:06:17 <nirik> any application news from the last few weeks or upcoming?
19:06:30 <pingou> fedocal is moving slowly but surely toward a first release
19:06:31 <nirik> note that we are going to be going back into freeze next tuesday it looks like.
19:06:35 * ianweller is here
19:06:49 <smooge> what is OPW?
19:06:57 <smooge> stupid slow typig
19:06:59 <lmacken> http://gnome.org/opw
19:07:17 <abadger1999> two factor auth -- probably want to talk about that more in sysadmin update.
19:07:24 <nirik> abadger1999: yeah.
19:07:36 <abadger1999> upcoming for that, though, is we'll need to make some changes to how fas handles yubikey
19:07:49 <nirik> we are going to be moving paste to production soon... hopefully before freeze.
19:08:00 <threebean> I switched over bugz.fedoraproject.org/packagename from pkgdb to point to the packages app last Friday.  We've gotten a few bug reports since then.. ;)
19:08:02 <nirik> if anyone has any issues with paste.stg, please let us know. ;)
19:08:24 <abadger1999> currently fas allows people to change their yubikeys whenever they want.  We'll need to change that so yubikeys can't be changed without admin intervention.
19:08:50 <nirik> abadger1999: yes. Is that something we can get in before the freeze? I guess we can always break for it.
19:08:51 <pingou> abadger1999: change and set ?
19:09:25 <abadger1999> pingou: the idea will be -- you can set a yubikey if there isn't one already.  You won't be able to change it once set, though.
19:09:42 <abadger1999> an admin can verify you and then remove the old key.
19:09:51 <abadger1999> then you can set a new one.
19:09:59 <pingou> ok
19:10:14 <nirik> threebean: do the bugz things seem solveable?
19:11:00 <threebean> nirik: yes :)
19:11:03 <abadger1999> I'll also need to figure out how to code something that allows disabling both a yubikey and a google auth key.  Currently we don't have a way to disable those and also disallow the user from setting a new one.
19:11:42 <abadger1999> nirik: I'm not sure that I'll get both of those changes in before freeze.
19:11:48 <nirik> abadger1999: whats the use case there? to prevent them from enrolling a new one? we can revoke/delete googleauth command line.
19:12:26 <abadger1999> nirik: yeah -- say that Someone shows up in IRC tomorrow and claims that toshio's phone and yubikey were stolen.
19:12:40 <abadger1999> nirik: the person can't be verified to be toshio to our satisfaction.
19:12:50 <abadger1999> nirik: So we don't want to let them enroll a new key
19:13:01 <nirik> right, but we wouldn't revoke either would we?
19:13:09 <abadger1999> nirik: But to be safe, we also want to disable the old keys until we know whether they are or are not toshio.
19:13:40 <nirik> possibly set the account admin locked? wouldn't that prevent it from being used until?
19:14:27 <abadger1999> nirik: that's true.  It's overkill (ie: they could otherwise continue to use things that just require a password) but it would work.
19:14:40 <nirik> yeah.
19:14:54 <nirik> anyhow, can ponder on it.
19:14:59 <nirik> any more application news?
19:15:10 <abadger1999> nirik: Oh, one further things -- we also want to tell people thatsingle-factor yubikey is going away.
19:15:24 <pingou> abadger1999: even for website?
19:15:29 <nirik> yeah. which is a shame, it's actually pretty handy.
19:15:36 <pingou> arf
19:15:56 <threebean> abadger1999: do we have a working pkgdb setup in stg?
19:16:10 <abadger1999> I may be able to add twofactor yubikey (and maybe googleauth as well) in its place but... it's not as useful since single-factor password is still allowed there.
19:16:19 <abadger1999> threebean: yep -- stg pkgdb should be working
19:16:22 <threebean> abadger1999: I'm intending to complete more parts of our pkgdb->packages ticket and it'd be nice to test some more during freeze.
19:16:26 <threebean> abadger1999: great :)
19:16:30 <abadger1999> threebean: excellent.
19:16:54 <nirik> abadger1999: right, unless we also restrict it to require 2factor if it's set, which seems like a penalty for being more secure. ;)
19:17:47 <nirik> anyhow, all for pondering.
19:17:48 <abadger1999> that's all I have for upcoming fas changes.
19:18:45 <nirik> cool.
19:18:52 <nirik> #topic Sysadmin status / discussion
19:19:07 <nirik> so, big news is that we got our 2 factor auth working for sudo. ;)
19:19:14 <nirik> hopefully it's working for everyone...
19:19:32 <threebean> It's really cool, folks.
19:20:07 <nirik> I did do a bit of poking and with rhel6.4's openssh we could match on things and require ssh key + factor if we wanted to. I don't know if we want to, but it's an option out there.
19:21:15 <nirik> oh, I dropped the last of the smolt stuff off a cliff. I have a last db dump if we want to put it somewhere.
19:21:27 <abadger1999> \o/
19:21:54 <Southern_Gentlem> a moment of silence for Smolt
19:22:00 <Southern_Gentlem> Cheers
19:22:01 <nirik> thanks to abadger1999 and puiterwijk for working on that.
19:22:02 <smooge> \0/\o/\0/
19:22:18 <abadger1999> How long are we planning on running the smolt blackhole server?  For a couple years?
19:22:28 <nirik> We have an outage tomorrow morning to move our nfs stuff to vfiler... hopefully that will go smoothly.
19:22:41 <nirik> abadger1999: yeah. I have a note to look at it in a year and see if it's still getting any hits.
19:23:27 <nirik> we have an ongoing ticket about poor trac performance at hosted01/02. If anyone has ideas on that, please feel free to chime in with them
19:23:44 * nirik tries to think of other sysadmin stuff. Lots of small things.
19:24:38 <nirik> anyhow, anything else on sysadmin stuff?
19:25:07 <nirik> #topic Private Cloud status update / discussion
19:25:14 <nirik> so, cloud rolls along. ;)
19:25:23 <nirik> we have a number of instances in the euca side now...
19:25:32 <nirik> the openstack side should be ready to hook up to ansible.
19:25:45 <nirik> we still have: https://fedoraproject.org/wiki/Infrastructure_private_cloud#Moving_to_.22production.22
19:26:26 <nirik> we will keep plugging away at things and hopefully hash out the last stuff at fudcon we need to consider 'production'
19:27:05 <nirik> any other cloudy thoughts?
19:27:20 <smooge> not from me
19:27:31 <nirik> skvidal has been working on getting copers all finished using the cloud backend. Should be pretty awesome.
19:27:46 <skvidal> copr
19:27:48 <skvidal> no 'e'
19:28:02 <skvidal> if I can make this json post to the frelling front end it would be even more awesome
19:28:09 <skvidal> but right now... I just yells at me :(
19:28:15 <nirik> :(
19:28:21 <nirik> anyhow, moving along...
19:28:24 <nirik> #topic Upcoming Tasks/Items
19:28:36 <nirik> info dump...
19:28:39 <nirik> #info 2012-12-07 8am outage for vfiler moving.
19:28:40 <nirik> #info 2012-12-10 drop inactive fi-apprentices
19:28:40 <nirik> #info 2012-12-11 to 2013-01-08 F18 Final Freeze
19:28:40 <nirik> #info 2012-12-20 colorado RH holiday lunch
19:28:40 <nirik> #info 2012-12-24 to 2013-01-01 Red Hat Shutdown for holidays.
19:28:41 <nirik> #info 2012-01-05 PHX2 outage.
19:28:42 <nirik> #info 2013-01-08 F18 release.
19:28:44 <nirik> #info 2013-01-18 to 2013-01-20 FUDCON Lawrence
19:28:46 <nirik> #info 2013-01-29 f19 feature submission deadline.
19:28:53 <nirik> anything else to schedule or note?
19:29:09 <nirik> how many folks are going to be listening to their pagers during shutdown week?
19:29:53 <skvidal> I should be near home
19:29:57 <smooge> I should be near home
19:30:07 * nirik is going to be around.
19:30:08 <smooge> psych
19:30:18 <skvidal> nirik: oh and 1998 called and would like its notification devices back
19:30:22 <nirik> note that nicely we are in freeze, so hopefully changes will be small
19:30:36 <smooge> devices?
19:30:40 <skvidal> pagers?
19:30:42 <skvidal> I mean seriously
19:30:45 <nirik> ah yeah. sorry. ;)
19:30:51 <smooge> hey. I love my pager
19:30:57 <skvidal> hah
19:31:16 <nirik> also, do be thinking about fudcon talks/sessions/etc.
19:31:48 <smooge> I am working one on password changes and what it bought us
19:31:53 <nirik> I was thinking we should def have a 'infra roadmap 2013' type session... as well as a 'cloud cloud cloud(tm)' one.
19:32:36 <nirik> anyhow, that takes us to...
19:32:40 <nirik> #topic Open Floor
19:32:49 <nirik> anything for Open floor?
19:33:45 <smooge> Star Trek trailer is out?
19:33:52 <nirik> is it? cool!
19:34:00 <skvidal> yeah
19:34:01 <smooge> Sherlock is the villian
19:34:07 <skvidal> except I don't understand why sherlock holmes in it
19:34:13 <skvidal> smooge: damn it!
19:34:16 <skvidal> beat me to it
19:34:27 <pingou> say what??
19:34:40 <smooge> skvidal, actually it has to do with when he fell off the building. He fell through time and space and ended up in Star Trek Universe.
19:34:41 <skvidal> Benedict Cumberbatch is the bad guy!
19:35:20 <sontek> Enders Game movie, 2013, who cares about Star Trek!
19:35:20 <ausmarton> hey guys, I need someone as a mentor/sponsor, how do I go about getting one?
19:35:20 <nirik> heh.
19:35:40 <nirik> ausmarton: see us over in #fedora-admin after the meeting. ;) We will get you pointed to the right direction.
19:35:59 <ausmarton> thanks.
19:36:08 * skvidal politely asks sontek to keep his crazy-book-with-weird-religio-political agenda out of discussion of star trek
19:36:22 <rbergeron> dude, the star trek trailer puzzles me
19:36:23 <nirik> heh.
19:36:36 <rbergeron> it has the same thumping soundtrack of fear and terror as prometheus trailer
19:36:47 <rbergeron> and i think even the dark knight trailer
19:36:48 <skvidal> rbergeron: maybe this is the crossover!
19:36:53 <nirik> and we all know how that turned out. ;)
19:36:55 <rbergeron> but this one has a buttery hot voice in the background
19:36:58 <smooge> rbergeron, it is actually the sequels to Inception
19:37:01 <rbergeron> oh, sorry, did i go there?
19:37:02 <nirik> anyhow, if nothing more, shall we call it a meeting?
19:37:14 <skvidal> nirik: but STAR TREK!
19:37:15 <smooge> yes please.
19:37:24 <smooge> I want to listen to the buttery voice again
19:37:40 <nirik> thanks for coming everyone. As always, #fedora-admin, #fedora-noc and #fedora-apps are open 24hours for your communication needs.
19:37:41 <smooge> Need to work on mimicing it for FudCon
19:37:46 <nirik> #endmeeting