16:00:04 #startmeeting Infrastructure (2021-07-01) 16:00:04 Meeting started Thu Jul 1 16:00:04 2021 UTC. 16:00:04 This meeting is logged and archived in a public location. 16:00:04 The chair is zlopez. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:04 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:04 The meeting name has been set to 'infrastructure_(2021-07-01)' 16:00:04 #meetingname infrastructure 16:00:04 #chair nirik siddharthvipul mobrien zlopez pingou bodanel dtometzki jnsamyak computerkid 16:00:04 #info Agenda is at: https://board.net/p/fedora-infra 16:00:04 #info About our team: https://docs.fedoraproject.org/en-US/cpe/ 16:00:04 The meeting name has been set to 'infrastructure' 16:00:04 Current chairs: bodanel computerkid dtometzki jnsamyak mobrien nirik pingou siddharthvipul zlopez 16:00:05 #topic ahoy! 16:00:24 .hello zlopez 16:00:26 zlopez: zlopez 'Michal Konečný' 16:00:27 .hi 16:00:29 darknao: darknao 'Francois Andrieu' 16:00:33 .hello t0xic0der 16:00:34 t0xic0der: t0xic0der 'Akashdeep Dhar' 16:00:39 hello 16:00:57 Hello 16:01:00 Welcome everyone to today class about magic and sorcery 16:01:18 I will be our guide through this session 16:01:31 And we will learn something new today 16:01:34 hello 16:01:47 * .hello lenkaseg 16:02:01 First let's check if we have any new apprentices in our class 16:02:10 #topic New folks introductions 16:02:11 #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves 16:02:11 #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted 16:02:48 I sent out the email required after last weeks I think. Didn't get any replies but it showed up on the mailing list when I checked so hope I did that right. 16:03:03 lenkaseg: You are new in this class, do you want to tell something about yourself? 16:03:20 sysoplab: Welcome to the magic world of Fedora infrastructure 16:03:25 morning 16:03:33 Where magic happens often :-) 16:04:02 And here is our High mage nirik :-) 16:04:02 zlopez is seems very happy today :D 16:04:03 Hello everybody! I'm new here and I just figured out that .hello seems not to work when edited :) 16:04:05 .hello jnsamyak 16:04:06 jnsamyak: jnsamyak 'Samyak Jain' 16:04:51 lenkaseg: The matrix bridge is not always working correctly 16:05:14 t0xic0der: I'm a happy mage 16:05:18 .hello 16:05:18 sysoplab: (hello ) -- Alias for "hellomynameis $1". 16:05:24 .hello sysoplab 16:05:25 sysoplab: sysoplab 'Sean Zipperer' 16:05:35 .hello lenkaseg 16:05:36 lenkaseg: lenkaseg 'Lenka Segura' 16:05:45 morning everyone! 16:05:52 sysoplab: You can use .hi if your nick is same as IRC nick 16:07:02 ok will do next time. 16:07:34 Any new apprentices want's to say something about themselves here? 16:08:09 Otherwise I will go to the next topic 16:08:25 Don't think so? 16:08:34 hi all, sorry im late 16:08:55 Ok, in this case let's look at the magic eight ball 16:08:56 #topic Next chair 16:08:57 #info magic eight ball says: 16:08:57 #info chair 2021-07-01 - Zlopez 16:08:57 #info chair 2021-07-08 - dtometzki 16:08:57 #info chair 2021-07-15 - siddharthvipul 16:08:58 #info chair 2021-07-15 - dtometzki 16:09:00 #info chair 2021-07-22 - ??? 16:09:31 We are covered for next few weeks, does anybody wants to be a mage on 2021-07-22 16:09:54 .hello copperi 16:09:55 copperi[m]: copperi 'Jan Kuparinen' 16:10:31 ill take it on the 22nd if no one else wants to 16:10:58 zlopez: Do we have two chairs for 15th? 16:11:15 Oh no 16:11:19 t0xic0der: You are right, I didn't noticed it :-D 16:11:29 yes we do :D 16:11:32 the dtometzki is for 22 16:11:46 I might have copied paste in hurry last time :) 16:11:46 jnsamyak: Thanks, I will move it then 16:12:11 Add me after jrichardson :P 16:12:11 jrichardson for 29th then? :D 16:12:22 jrichardson: Do you want to be a mage on 29th? 16:12:26 perfect 16:12:33 Good we have advance booking for this XD 16:12:38 #info chair 2021-07-29 - jrichardson 16:12:57 #info chair 2021-08-05 - jnsamyak 16:13:39 Let magic is with you on those meetings :-) 16:14:28 So let's do some fortune telling 16:14:29 #topic announcements and information 16:14:29 #info CPE Infra&Releng EU-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1030 Europe/paris in #centos-meeting 16:14:30 #info CPE Infra&Releng NA-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1800 UTC in #fedora-meeting-3 16:14:30 #info work is being done on getting COPR proper powerPC systems 16:14:31 #info The Red Hat Desktop team is hiring: https://blogs.gnome.org/uraeus/2021/05/20/new-opportunities-in-the-red-hat-desktop-team/ 16:14:34 #info If your team wants support from the Fedora Program Management Team, file an isssue: https://pagure.io/fedora-pgm/pgm_team/issues?template=support_request 16:14:37 #info nest with Fedora CFP is open! https://communityblog.fedoraproject.org/announcing-dates-cfp-for-nest-with-fedora/ (Aug 5th-8th) 16:14:40 #info mass update/rebbot of Fedora Servers next week (2021-07-05 - 2021-07-09) 16:14:43 Anything I didn't read from my hand? 16:15:28 #info monday is a US holiday 16:16:03 #info Monday + Tuesday is CZ holiday 16:16:28 hey, how come you get an extra day! :) 16:17:21 Different holidays :-D 16:17:29 Related to czech history 16:17:50 XD 16:17:53 And we don't push them when they end up on weekend 16:18:58 Any other fortune you can read from coffee stain or hand? 16:20:09 In this case, let's look who is guarding the philosopher stone 16:20:19 #topic Oncall 16:20:20 #info https://fedoraproject.org/wiki/Infrastructure/Oncall 16:20:20 #info darknao is on call for 2021-06-17 to 2021-06-24 16:20:20 #info jnsamyak is on call for 2021-06-24 to 2021-07-01 16:20:20 #info computerkid is on call for 2021-07-01 to 2021-07-08 16:20:20 #info ??? is on call for 2021-07-08 to 2021-07-15 16:20:49 Any volunteer for 2021-07-01 to 2021-07-08 16:21:05 * 2021-07-08 to 2021-07-15 16:21:35 i can take it 16:21:58 It's yours, take a good care of the philosopher stone 16:22:07 Thanks to darknao for handling it this week, I kept a tab we got one ping, and darknao handled it :D 16:22:07 I am still not able to do `.oncalltakeeu` :( I got `kneel before zod` msg but :/ 16:22:13 darknao++ 16:22:15 jnsamyak: Karma for darknao changed to 7 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:22:17 #info darknao is on call for 2021-07-08 to 2021-07-15 16:22:35 #info Summary of last week: (from current oncall ) 16:22:52 .oncall 16:22:52 darknao is oncall. My normal hours are 0700 UTC to 1600 UTC Monday through Friday. If I do not answer or it is outside those hours, please file a ticket (https://pagure.io/fedora-infrastructure/issues) 16:23:16 jnsamyak: might be we need to add some capabilities to you for that. 16:23:20 > <@jnsamyak:matrix.org> Thanks to darknao for handling it this week, I kept a tab we got one ping, and darknao handled it :D 16:23:20 > I am still not able to do `.oncalltakeeu` :( I got `kneel before zod` msg but :/ 16:23:20 here here, if darknao has anything to add go ahead please :3 16:23:36 What was the ping about? 16:24:10 so yeah, as jnsamyak stated, only one ping this monday, about a koji build not working on rawhide, was handled via ticket 16:24:30 Ok 16:24:35 https://pagure.io/fedora-infrastructure/issue/10061 here 16:24:48 Let's look at the magic mirror then 16:24:49 #topic Monitoring discussion [nirik] 16:24:49 #info https://nagios.fedoraproject.org/nagios 16:24:49 #info Go over existing out items and fix 16:25:21 so, not much change here... we are working on a bunch of hosts and slowly making progress. 16:25:50 not really anything interesting this week, lets move on... 16:26:34 Thanks to high mage, let's look at the today topic for this class 16:26:42 #topic Learning topic 16:26:42 #info 2021-07-01 - nirik - info about robosignatory 16:27:00 nirik: The meeting is yours 16:27:03 oh, shoot. I forgot I was doing that this week 16:27:13 for some reason I thought it was next week. ;( 16:27:19 wing it, we wont know the difference 16:27:24 I can try and just go with it? or push it off a week? 16:27:30 ok. ;) 16:28:03 So, robosignatory is an application we have that listens for events on our message bus and then requests signing of things based on that. 16:28:15 https://pagure.io/robosignatory/ 16:28:27 it handles several different kinds of messages... 16:28:56 mostly it's handling koji tag messages. This is when some build finishes or is tagged into specific tags (based on it's config) 16:29:27 if it sees that, it requests sigul (our signing server) to sign the build and then it (optionally) moves it to a new tag. 16:29:48 It also can handle ostree commits... 16:30:02 and I think text files, but we don't use that part of it too much. 16:30:30 So, robosignatory is not our signing server, it's just the thing that iniatiates signing on things based on it's config. 16:30:59 So it has the same access as releng people to request signing things. Because of this we run it on a hardware machine (not a vm) 16:31:20 and also normally ssh is off on that machine, so to access it you have to use the management console and login as root on it's console. 16:31:37 We do configure it with ansible... but the playbook is under playbooks/groups/manual/ 16:31:51 meaning it needs someone to go start sshd and manually run the playbook and then stop it. 16:32:47 https://pagure.io/fedora-infra/ansible/blob/main/f/roles/robosignatory/templates/robosignatory.toml.j2 16:32:51 is the main config file of it. 16:33:12 you can see where it defines tags and if it should move builds and what key it asks sigul to sign with 16:33:58 Additionally for security on that machine: the disk is encrypted and there's a yubikey attached to it that it's sigul access is bound to. 16:34:16 also a passphrase has to be entered anytime the service is restarted and it stores that in the kernel keyring. 16:35:01 I think those are the major points. 16:35:05 Any questions? 16:35:23 the signing process is using gpg right ? 16:36:20 yes utimately. :) The app that actually does the signing work is 'sigul' 16:36:36 and the gpg key is stored on the yubikey, or that's just for the disk encryption ? 16:37:30 oh right, sigul and robosignatory are two separate apps 16:38:04 The actually gpg key is on the sigul vault machine. However, even the vault doesn't have enough info to use any of the keys. You have to take the releng person (or robosignatory) passphrase, make sure all things it's bound to are present (like yubikeys or tpms) and then the vault uses it's 1/2 of the passphrase + that to use the keys. 16:38:28 I don't have a yubikey but doesn't having one in a server (especially if it's left there) kind of make it useless? Didn't Digi notar (probably spelled wrong dutch ssl company) get screwed by doing exactly that? 16:39:16 sysoplab: its a added protection. it's not doing anything itself other than ensuring no one removed it or tried to use the drives in another machine. 16:39:26 basically ties the install to that hardware 16:39:42 ok. 16:39:43 we could also use TPM, but that hardware doesn't have one. 16:40:34 ok, anything else on robosignatory? 16:40:48 oh, one other things... 16:41:22 there's plans (and I think a PR open) to get it to also sign repodata... once thats in place we may sign fedora repodata (although dnf still has problems) 16:42:53 Thanks to high mage nirik for his presentation 16:43:04 nirik++ 16:43:18 no problems, I am happy to share/answer questions anytime. 16:43:28 who wants to present on something next week? :) 16:43:38 Let's look what we have prepared for future talks 16:43:40 thanks nirik. 16:43:40 nirik++ 16:43:47 ## Upcoming learning topics 16:43:48 #info 2021-07-08 - ??? 16:43:58 thanks nirik 16:44:05 It looks like we don't have any 16:44:07 nirik++ 16:44:11 thanks nirik always awesome to hear 16:44:56 Is there any interest in some specific topic, we can cover next week? 16:45:02 nirik++ 16:45:02 sysoplab: Karma for kevin changed to 41 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:45:11 is zodbot sleeping 16:45:38 you may have already given me a cookie. :) 16:45:40 nirik ++ 16:45:41 it's one per cycle. 16:45:46 oh i mightve 16:45:47 jrichardson, these days zodbot is either angry or tired ;) 16:46:34 lenkaseg: You need to write it together, no space between 16:46:43 zodbot: admin capability add jnsamyak alias.add 16:46:43 nirik: Kneel before zod! 16:46:50 nirik++ 16:46:53 jnsamyak: that should let you take oncall. :) 16:47:06 nirik: Thanks for doing this :D 16:47:21 I always have to look it up. :) 16:47:30 We don't have learning topic for next week 16:47:34 lenkaseg: think we both gave kevin a cookie last week 16:47:41 Anything specific people want to hear about 16:47:48 I'll take the next slot free for oncall now ;P 16:47:50 nirik++ 16:48:10 jrichardson: ah, how often can we do it? 16:48:32 we can give someone a cookie once per release cycle 16:48:41 it's once per fedora release... 16:48:46 lenkaseg++ 16:48:46 jrichardson: Karma for lenkaseg changed to 2 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:48:50 per person. ;) 16:48:55 jrichardson++ 16:48:55 nirik: Karma for jrichardson changed to 2 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:01 lenkaseg++ 16:49:01 nirik: Karma for lenkaseg changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:02 :) 16:49:11 cookie party 16:49:14 feed me 16:49:25 eat 16:49:36 copperi++ 16:49:36 t0xic0der: Karma for copperi changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:38 jrichardson++ 16:49:39 lenkaseg: Karma for jrichardson changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:45 lenkaseg++ 16:49:45 t0xic0der: Karma for lenkaseg changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:45 jrichardson++ 16:49:48 zlopez: Karma for jrichardson changed to 4 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:49:54 thanks zlopez for being our lovely host this evening 16:50:00 zlopez++ 16:50:00 jrichardson: Karma for zlopez changed to 8 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:50:03 I would like some XD 16:50:04 jrichardson++ 16:50:04 t0xic0der: Karma for jrichardson changed to 5 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:50:14 So it seems we don't have any learning topic for next week 16:50:17 t0xic0der++ 16:50:17 jrichardson: Karma for t0xic0der changed to 13 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:50:21 Yes Thank you zlopez it was lovely! 16:50:34 zlopez++ 16:50:34 lenkaseg: Karma for zlopez changed to 9 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:50:35 Let's leave it like that and let the future decide itself 16:50:53 zlopez++ 16:51:01 crumbs everywhere now :p 16:51:03 I don't know anything youall probably don't but I will say the last two learning segments were informative and nice. 16:51:05 zlopez++ 16:51:53 So last topic for today 16:51:54 #topic Open Floor 16:52:01 Let's dance 16:52:07 * zlopez dancing 16:52:24 have to drop, see ye tomorrow 16:52:32 * sysoplab cheers the dancing along form the sidelines 16:52:32 oh yay :P I often tend to fall while dancing 16:52:37 ---^^--- 16:52:40 jrichardson: see ya! o/ 16:52:52 Anything magical we want to go through on the open floor? 16:53:03 We are planning on our next step to revamp GetFedora here 16:53:09 #link https://discussion.fedoraproject.org/t/website-refresh-next-steps/30776 16:53:27 Feel free to drop your two cents (and make us rich, in the process or something) 16:54:33 That's it from my end - we can save some 6 minutes if there ain't anything else :) 16:54:38 I actually like getfedora.org as it is if that means anything. It's simple, can get to what you want prett easily. 16:55:36 sysoplab: We'd be sure to keep the best things of GetFedora as-is and change it for the better 16:56:06 * t0xic0der casts a spell - changes incrementallis!!! 16:56:23 My open floor question for this week that probably is answered somewhere already, as a new person here, what's the next step/first task I should be working on? 16:56:54 #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted 16:57:03 yeah I read through that. 16:57:09 sysoplab: This is a first good stop 16:57:45 Otherwise you can look at the EasyFix tracker or just try to work anything on fedora-infrastructure tracker 16:57:48 t0xic0der: Actually I have a suggestion to move spins button/square up by the workstation/server/iot ones. 16:58:21 sysoplab: Please let us know of your suggestions here https://discussion.fedoraproject.org/c/project/websites/66 16:58:41 sysoplab: You can join the daily meeting for Infra&Releng 16:58:51 And ask there 16:59:07 zlopez: Talking about Easyfix, we would start with refreshing that this week :D 16:59:18 ok will do. 16:59:38 t0xic0der++ 16:59:38 zlopez: Karma for t0xic0der changed to 14 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 16:59:58 I will end the meeting now, because we are almost a full hour 17:00:10 #endmeeting