16:00:04 <zlopez> #startmeeting Infrastructure (2021-07-01)
16:00:04 <zodbot> Meeting started Thu Jul 1 16:00:04 2021 UTC.
16:00:04 <zodbot> This meeting is logged and archived in a public location.
16:00:04 <zodbot> The chair is zlopez. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:04 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:04 <zodbot> The meeting name has been set to 'infrastructure_(2021-07-01)'
16:00:04 <zlopez> #meetingname infrastructure
16:00:04 <zlopez> #chair nirik siddharthvipul mobrien zlopez pingou bodanel dtometzki jnsamyak computerkid
16:00:04 <zlopez> #info Agenda is at: https://board.net/p/fedora-infra
16:00:04 <zlopez> #info About our team: https://docs.fedoraproject.org/en-US/cpe/
16:00:04 <zodbot> The meeting name has been set to 'infrastructure'
16:00:04 <zodbot> Current chairs: bodanel computerkid dtometzki jnsamyak mobrien nirik pingou siddharthvipul zlopez
16:00:05 <zlopez> #topic ahoy!
16:00:24 <zlopez> .hello zlopez
16:00:26 <zodbot> zlopez: zlopez 'Michal Konečný' <michal.konecny@psmail.xyz>
16:00:27 <darknao> .hi
16:00:29 <zodbot> darknao: darknao 'Francois Andrieu' <naolwen@gmail.com>
16:00:33 <t0xic0der> .hello t0xic0der
16:00:34 <zodbot> t0xic0der: t0xic0der 'Akashdeep Dhar' <akashdeep.dhar@gmail.com>
16:00:39 <sysoplab> hello
16:00:57 <ayustae> Hello
16:01:00 <zlopez> Welcome everyone to today class about magic and sorcery
16:01:18 <zlopez> I will be our guide through this session
16:01:31 <zlopez> And we will learn something new today
16:01:34 <lenkaseg> hello
16:01:47 <lenkaseg> * .hello lenkaseg
16:02:01 <zlopez> First let's check if we have any new apprentices in our class
16:02:10 <zlopez> #topic New folks introductions
16:02:11 <zlopez> #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves
16:02:11 <zlopez> #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted
16:02:48 <sysoplab> I sent out the email required after last weeks I think. Didn't get any replies but it showed up on the mailing list when I checked so hope I did that right.
16:03:03 <zlopez> lenkaseg: You are new in this class, do you want to tell something about yourself?
16:03:20 <zlopez> sysoplab: Welcome to the magic world of Fedora infrastructure
16:03:25 <nirik> morning
16:03:33 <zlopez> Where magic happens often :-)
16:04:02 <zlopez> And here is our High mage nirik :-)
16:04:02 <t0xic0der> zlopez is seems very happy today :D
16:04:03 <lenkaseg> Hello everybody! I'm new here and I just figured out that .hello seems not to work when edited :)
16:04:05 <jnsamyak> .hello jnsamyak
16:04:06 <zodbot> jnsamyak: jnsamyak 'Samyak Jain' <samyak.jn11@gmail.com>
16:04:51 <zlopez> lenkaseg: The matrix bridge is not always working correctly
16:05:14 <zlopez> t0xic0der: I'm a happy mage
16:05:18 <sysoplab> .hello
16:05:18 <zodbot> sysoplab: (�hello <an alias, 1 argument>�) -- Alias for "hellomynameis $1".
16:05:24 <sysoplab> .hello sysoplab
16:05:25 <zodbot> sysoplab: sysoplab 'Sean Zipperer' <sysop+fedora@sysoplab.com>
16:05:35 <lenkaseg> .hello lenkaseg
16:05:36 <zodbot> lenkaseg: lenkaseg 'Lenka Segura' <lenka@sepu.cz>
16:05:45 <nirik> morning everyone!
16:05:52 <zlopez> sysoplab: You can use .hi if your nick is same as IRC nick
16:07:02 <sysoplab> ok will do next time.
16:07:34 <zlopez> Any new apprentices want's to say something about themselves here?
16:08:09 <zlopez> Otherwise I will go to the next topic
16:08:25 <sysoplab> Don't think so?
16:08:34 <jrichardson> hi all, sorry im late
16:08:55 <zlopez> Ok, in this case let's look at the magic eight ball
16:08:56 <zlopez> #topic Next chair
16:08:57 <zlopez> #info magic eight ball says:
16:08:57 <zlopez> #info chair 2021-07-01 - Zlopez
16:08:57 <zlopez> #info chair 2021-07-08 - dtometzki
16:08:57 <zlopez> #info chair 2021-07-15 - siddharthvipul
16:08:58 <zlopez> #info chair 2021-07-15 - dtometzki
16:09:00 <zlopez> #info chair 2021-07-22 - ???
16:09:31 <zlopez> We are covered for next few weeks, does anybody wants to be a mage on 2021-07-22
16:09:54 <copperi[m]> .hello copperi
16:09:55 <zodbot> copperi[m]: copperi 'Jan Kuparinen' <copper_fin@hotmail.com>
16:10:31 <jrichardson> ill take it on the 22nd if no one else wants to
16:10:58 <t0xic0der> zlopez: Do we have two chairs for 15th?
16:11:15 <jnsamyak> Oh no
16:11:19 <zlopez> t0xic0der: You are right, I didn't noticed it :-D
16:11:29 <jrichardson> yes we do :D
16:11:32 <jnsamyak> the dtometzki is for 22
16:11:46 <jnsamyak> I might have copied paste in hurry last time :)
16:11:46 <zlopez> jnsamyak: Thanks, I will move it then
16:12:11 <jnsamyak> Add me after jrichardson :P
16:12:11 <t0xic0der> jrichardson for 29th then? :D
16:12:22 <zlopez> jrichardson: Do you want to be a mage on 29th?
16:12:26 <jrichardson> perfect
16:12:33 <jnsamyak> Good we have advance booking for this XD
16:12:38 <zlopez> #info chair 2021-07-29 - jrichardson
16:12:57 <zlopez> #info chair 2021-08-05 - jnsamyak
16:13:39 <zlopez> Let magic is with you on those meetings :-)
16:14:28 <zlopez> So let's do some fortune telling
16:14:29 <zlopez> #topic announcements and information
16:14:29 <zlopez> #info CPE Infra&Releng EU-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1030 Europe/paris in #centos-meeting
16:14:30 <zlopez> #info CPE Infra&Releng NA-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1800 UTC in #fedora-meeting-3
16:14:30 <zlopez> #info work is being done on getting COPR proper powerPC systems
16:14:31 <zlopez> #info The Red Hat Desktop team is hiring: https://blogs.gnome.org/uraeus/2021/05/20/new-opportunities-in-the-red-hat-desktop-team/
16:14:34 <zlopez> #info If your team wants support from the Fedora Program Management Team, file an isssue: https://pagure.io/fedora-pgm/pgm_team/issues?template=support_request
16:14:37 <zlopez> #info nest with Fedora CFP is open! https://communityblog.fedoraproject.org/announcing-dates-cfp-for-nest-with-fedora/ (Aug 5th-8th)
16:14:40 <zlopez> #info mass update/rebbot of Fedora Servers next week (2021-07-05 - 2021-07-09)
16:14:43 <zlopez> Anything I didn't read from my hand?
16:15:28 <nirik> #info monday is a US holiday
16:16:03 <zlopez> #info Monday + Tuesday is CZ holiday
16:16:28 <nirik> hey, how come you get an extra day! :)
16:17:21 <zlopez> Different holidays :-D
16:17:29 <zlopez> Related to czech history
16:17:50 <jnsamyak> XD
16:17:53 <zlopez> And we don't push them when they end up on weekend
16:18:58 <zlopez> Any other fortune you can read from coffee stain or hand?
16:20:09 <zlopez> In this case, let's look who is guarding the philosopher stone
16:20:19 <zlopez> #topic Oncall
16:20:20 <zlopez> #info https://fedoraproject.org/wiki/Infrastructure/Oncall
16:20:20 <zlopez> #info darknao is on call for 2021-06-17 to 2021-06-24
16:20:20 <zlopez> #info jnsamyak is on call for 2021-06-24 to 2021-07-01
16:20:20 <zlopez> #info computerkid is on call for 2021-07-01 to 2021-07-08
16:20:20 <zlopez> #info ??? is on call for 2021-07-08 to 2021-07-15
16:20:49 <zlopez> Any volunteer for 2021-07-01 to 2021-07-08
16:21:05 <zlopez> * 2021-07-08 to 2021-07-15
16:21:35 <darknao> i can take it
16:21:58 <zlopez> It's yours, take a good care of the philosopher stone
16:22:07 <jnsamyak> Thanks to darknao for handling it this week, I kept a tab we got one ping, and darknao handled it :D
16:22:07 <jnsamyak> I am still not able to do `.oncalltakeeu` :( I got `kneel before zod` msg but :/
16:22:13 <jnsamyak> darknao++
16:22:15 <zodbot> jnsamyak: Karma for darknao changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:22:17 <zlopez> #info darknao is on call for 2021-07-08 to 2021-07-15
16:22:35 <zlopez> #info Summary of last week: (from current oncall )
16:22:52 <zlopez> .oncall
16:22:52 <zodbot> darknao is oncall. My normal hours are 0700 UTC to 1600 UTC Monday through Friday. If I do not answer or it is outside those hours, please file a ticket (https://pagure.io/fedora-infrastructure/issues)
16:23:16 <nirik> jnsamyak: might be we need to add some capabilities to you for that.
16:23:20 <jnsamyak> > <@jnsamyak:matrix.org> Thanks to darknao for handling it this week, I kept a tab we got one ping, and darknao handled it :D
16:23:20 <jnsamyak> > I am still not able to do `.oncalltakeeu` :( I got `kneel before zod` msg but :/
16:23:20 <jnsamyak> here here, if darknao has anything to add go ahead please :3
16:23:36 <zlopez> What was the ping about?
16:24:10 <darknao> so yeah, as jnsamyak stated, only one ping this monday, about a koji build not working on rawhide, was handled via ticket
16:24:30 <zlopez> Ok
16:24:35 <jnsamyak> https://pagure.io/fedora-infrastructure/issue/10061 here
16:24:48 <zlopez> Let's look at the magic mirror then
16:24:49 <zlopez> #topic Monitoring discussion [nirik]
16:24:49 <zlopez> #info https://nagios.fedoraproject.org/nagios
16:24:49 <zlopez> #info Go over existing out items and fix
16:25:21 <nirik> so, not much change here... we are working on a bunch of hosts and slowly making progress.
16:25:50 <nirik> not really anything interesting this week, lets move on...
16:26:34 <zlopez> Thanks to high mage, let's look at the today topic for this class
16:26:42 <zlopez> #topic Learning topic
16:26:42 <zlopez> #info 2021-07-01 - nirik - info about robosignatory
16:27:00 <zlopez> nirik: The meeting is yours
16:27:03 <nirik> oh, shoot. I forgot I was doing that this week
16:27:13 <nirik> for some reason I thought it was next week. ;(
16:27:19 <jrichardson> wing it, we wont know the difference
16:27:24 <nirik> I can try and just go with it? or push it off a week?
16:27:30 <nirik> ok. ;)
16:28:03 <nirik> So, robosignatory is an application we have that listens for events on our message bus and then requests signing of things based on that.
16:28:15 <nirik> https://pagure.io/robosignatory/
16:28:27 <nirik> it handles several different kinds of messages...
16:28:56 <nirik> mostly it's handling koji tag messages. This is when some build finishes or is tagged into specific tags (based on it's config)
16:29:27 <nirik> if it sees that, it requests sigul (our signing server) to sign the build and then it (optionally) moves it to a new tag.
16:29:48 <nirik> It also can handle ostree commits...
16:30:02 <nirik> and I think text files, but we don't use that part of it too much.
16:30:30 <nirik> So, robosignatory is not our signing server, it's just the thing that iniatiates signing on things based on it's config.
16:30:59 <nirik> So it has the same access as releng people to request signing things. Because of this we run it on a hardware machine (not a vm)
16:31:20 <nirik> and also normally ssh is off on that machine, so to access it you have to use the management console and login as root on it's console.
16:31:37 <nirik> We do configure it with ansible... but the playbook is under playbooks/groups/manual/
16:31:51 <nirik> meaning it needs someone to go start sshd and manually run the playbook and then stop it.
16:32:47 <nirik> https://pagure.io/fedora-infra/ansible/blob/main/f/roles/robosignatory/templates/robosignatory.toml.j2
16:32:51 <nirik> is the main config file of it.
16:33:12 <nirik> you can see where it defines tags and if it should move builds and what key it asks sigul to sign with
16:33:58 <nirik> Additionally for security on that machine: the disk is encrypted and there's a yubikey attached to it that it's sigul access is bound to.
16:34:16 <nirik> also a passphrase has to be entered anytime the service is restarted and it stores that in the kernel keyring.
16:35:01 <nirik> I think those are the major points.
16:35:05 <nirik> Any questions?
16:35:23 <darknao> the signing process is using gpg right ?
16:36:20 <nirik> yes utimately. :) The app that actually does the signing work is 'sigul'
16:36:36 <darknao> and the gpg key is stored on the yubikey, or that's just for the disk encryption ?
16:37:30 <darknao> oh right, sigul and robosignatory are two separate apps
16:38:04 <nirik> The actually gpg key is on the sigul vault machine. However, even the vault doesn't have enough info to use any of the keys. You have to take the releng person (or robosignatory) passphrase, make sure all things it's bound to are present (like yubikeys or tpms) and then the vault uses it's 1/2 of the passphrase + that to use the keys.
16:38:28 <sysoplab> I don't have a yubikey but doesn't having one in a server (especially if it's left there) kind of make it useless? Didn't Digi notar (probably spelled wrong dutch ssl company) get screwed by doing exactly that?
16:39:16 <nirik> sysoplab: its a added protection. it's not doing anything itself other than ensuring no one removed it or tried to use the drives in another machine.
16:39:26 <nirik> basically ties the install to that hardware
16:39:42 <sysoplab> ok.
16:39:43 <nirik> we could also use TPM, but that hardware doesn't have one.
16:40:34 <nirik> ok, anything else on robosignatory?
16:40:48 <nirik> oh, one other things...
16:41:22 <nirik> there's plans (and I think a PR open) to get it to also sign repodata... once thats in place we may sign fedora repodata (although dnf still has problems)
16:42:53 <zlopez> Thanks to high mage nirik for his presentation
16:43:04 <jrichardson> nirik++
16:43:18 <nirik> no problems, I am happy to share/answer questions anytime.
16:43:28 <nirik> who wants to present on something next week? :)
16:43:38 <zlopez> Let's look what we have prepared for future talks
16:43:40 <sysoplab> thanks nirik.
16:43:40 <jnsamyak> nirik++
16:43:47 <zlopez> ## Upcoming learning topics
16:43:48 <zlopez> #info 2021-07-08 - ???
16:43:58 <darknao> thanks nirik
16:44:05 <zlopez> It looks like we don't have any
16:44:07 <t0xic0der> nirik++
16:44:11 <jnsamyak> thanks nirik always awesome to hear
16:44:56 <zlopez> Is there any interest in some specific topic, we can cover next week?
16:45:02 <sysoplab> nirik++
16:45:02 <zodbot> sysoplab: Karma for kevin changed to 41 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:45:11 <jrichardson> is zodbot sleeping
16:45:38 <nirik> you may have already given me a cookie. :)
16:45:40 <lenkaseg> nirik ++
16:45:41 <nirik> it's one per cycle.
16:45:46 <jrichardson> oh i mightve
16:45:47 <jnsamyak> jrichardson, these days zodbot is either angry or tired ;)
16:46:34 <zlopez> lenkaseg: You need to write it together, no space between
16:46:43 <nirik> zodbot: admin capability add jnsamyak alias.add
16:46:43 <zodbot> nirik: Kneel before zod!
16:46:50 <lenkaseg> nirik++
16:46:53 <nirik> jnsamyak: that should let you take oncall. :)
16:47:06 <jnsamyak> nirik: Thanks for doing this :D
16:47:21 <nirik> I always have to look it up. :)
16:47:30 <zlopez> We don't have learning topic for next week
16:47:34 <jrichardson> lenkaseg: think we both gave kevin a cookie last week
16:47:41 <zlopez> Anything specific people want to hear about
16:47:48 <jnsamyak> I'll take the next slot free for oncall now ;P
16:47:50 <copperi[m]> nirik++
16:48:10 <lenkaseg> jrichardson: ah, how often can we do it?
16:48:32 <jrichardson> we can give someone a cookie once per release cycle
16:48:41 <nirik> it's once per fedora release...
16:48:46 <jrichardson> lenkaseg++
16:48:46 <zodbot> jrichardson: Karma for lenkaseg changed to 2 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:48:50 <nirik> per person. ;)
16:48:55 <nirik> jrichardson++
16:48:55 <zodbot> nirik: Karma for jrichardson changed to 2 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:01 <nirik> lenkaseg++
16:49:01 <zodbot> nirik: Karma for lenkaseg changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:02 <nirik> :)
16:49:11 <nirik> cookie party
16:49:14 <jrichardson> feed me
16:49:25 <copperi[m]> eat
16:49:36 <t0xic0der> copperi++
16:49:36 <zodbot> t0xic0der: Karma for copperi changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:38 <lenkaseg> jrichardson++
16:49:39 <zodbot> lenkaseg: Karma for jrichardson changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:45 <t0xic0der> lenkaseg++
16:49:45 <zodbot> t0xic0der: Karma for lenkaseg changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:45 <zlopez> jrichardson++
16:49:48 <zodbot> zlopez: Karma for jrichardson changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:49:54 <jrichardson> thanks zlopez for being our lovely host this evening
16:50:00 <jrichardson> zlopez++
16:50:00 <zodbot> jrichardson: Karma for zlopez changed to 8 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:50:03 <jnsamyak> I would like some XD
16:50:04 <t0xic0der> jrichardson++
16:50:04 <zodbot> t0xic0der: Karma for jrichardson changed to 5 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:50:14 <zlopez> So it seems we don't have any learning topic for next week
16:50:17 <jrichardson> t0xic0der++
16:50:17 <zodbot> jrichardson: Karma for t0xic0der changed to 13 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:50:21 <jnsamyak> Yes Thank you zlopez it was lovely!
16:50:34 <lenkaseg> zlopez++
16:50:34 <zodbot> lenkaseg: Karma for zlopez changed to 9 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:50:35 <zlopez> Let's leave it like that and let the future decide itself
16:50:53 <jnsamyak> zlopez++
16:51:01 <darknao> crumbs everywhere now :p
16:51:03 <sysoplab> I don't know anything youall probably don't but I will say the last two learning segments were informative and nice.
16:51:05 <darknao> zlopez++
16:51:53 <zlopez> So last topic for today
16:51:54 <zlopez> #topic Open Floor
16:52:01 <zlopez> Let's dance
16:52:07 * zlopez dancing
16:52:24 <jrichardson> have to drop, see ye tomorrow
16:52:32 * sysoplab cheers the dancing along form the sidelines
16:52:32 <jnsamyak> oh yay :P I often tend to fall while dancing
16:52:37 <lenkaseg> �---^^---�
16:52:40 <jnsamyak> jrichardson: see ya! o/
16:52:52 <zlopez> Anything magical we want to go through on the open floor?
16:53:03 <t0xic0der> We are planning on our next step to revamp GetFedora here
16:53:09 <t0xic0der> #link https://discussion.fedoraproject.org/t/website-refresh-next-steps/30776
16:53:27 <t0xic0der> Feel free to drop your two cents (and make us rich, in the process or something)
16:54:33 <t0xic0der> That's it from my end - we can save some 6 minutes if there ain't anything else :)
16:54:38 <sysoplab> I actually like getfedora.org as it is if that means anything. It's simple, can get to what you want prett easily.
16:55:36 <t0xic0der> sysoplab: We'd be sure to keep the best things of GetFedora as-is and change it for the better
16:56:06 * t0xic0der casts a spell - changes incrementallis!!!
16:56:23 <sysoplab> My open floor question for this week that probably is answered somewhere already, as a new person here, what's the next step/first task I should be working on?
16:56:54 <zlopez> #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted
16:57:03 <sysoplab> yeah I read through that.
16:57:09 <zlopez> sysoplab: This is a first good stop
16:57:45 <zlopez> Otherwise you can look at the EasyFix tracker or just try to work anything on fedora-infrastructure tracker
16:57:48 <sysoplab> t0xic0der: Actually I have a suggestion to move spins button/square up by the workstation/server/iot ones.
16:58:21 <t0xic0der> sysoplab: Please let us know of your suggestions here https://discussion.fedoraproject.org/c/project/websites/66
16:58:41 <zlopez> sysoplab: You can join the daily meeting for Infra&Releng
16:58:51 <zlopez> And ask there
16:59:07 <t0xic0der> zlopez: Talking about Easyfix, we would start with refreshing that this week :D
16:59:18 <sysoplab> ok will do.
16:59:38 <zlopez> t0xic0der++
16:59:38 <zodbot> zlopez: Karma for t0xic0der changed to 14 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any
16:59:58 <zlopez> I will end the meeting now, because we are almost a full hour
17:00:10 <zlopez> #endmeeting