16:01:07 <dtometzki> #startmeeting Infrastructure (2021-09-16)
16:01:07 <zodbot> Meeting started Thu Sep 16 16:01:07 2021 UTC.
16:01:07 <zodbot> This meeting is logged and archived in a public location.
16:01:07 <zodbot> The chair is dtometzki. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:07 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:01:07 <zodbot> The meeting name has been set to 'infrastructure_(2021-09-16)'
16:01:07 <dtometzki> #meetingname infrastructure
16:01:07 <zodbot> The meeting name has been set to 'infrastructure'
16:01:07 <dtometzki> #chair nirik siddharthvipul mobrien zlopez pingou bodanel dtometzki jnsamyak computerkid
16:01:07 <dtometzki> #info https://docs.fedoraproject.org/en-US/cpe/day_to_day_fedora/
16:01:07 <dtometzki> #topic greetings!
16:01:07 <zodbot> Current chairs: bodanel computerkid dtometzki jnsamyak mobrien nirik pingou siddharthvipul zlopez
16:01:33 <dtometzki> .hello
16:01:33 <zodbot> dtometzki: (hello <an alias, 1 argument>) -- Alias for "hellomynameis $1".
16:01:42 <dtometzki> .hello dtometzki
16:01:43 <zodbot> dtometzki: dtometzki 'Damian Tometzki' <linux@tometzki.de>
16:01:52 <dtometzki> hello together
16:01:53 <eddiejennings> .hi
16:01:54 <zodbot> eddiejennings: eddiejennings 'Eddie Jennings' <eddie@eddiejennings.net>
16:01:57 <t0xic0der> .hi
16:01:58 <zodbot> t0xic0der: t0xic0der 'Akashdeep Dhar' <akashdeep.dhar@gmail.com>
16:02:25 <khallnayak> .hi
16:02:26 <zodbot> khallnayak: khallnayak 'Mahij Momin' <mahijmomin@gmail.com>
16:02:29 <darknao> .hi
16:02:31 <zodbot> darknao: darknao 'Francois Andrieu' <darknao@drkn.ninja>
16:02:35 <dtometzki> anyone knows where the agenda teplate is located it was empty
16:02:40 <dtometzki> ?
16:03:20 <dtometzki> template
16:03:27 <eddiejennings> Let me see if I can find what I used last week.
16:04:24 <nirik> morning
16:04:30 <dtometzki> hi nirik
16:04:42 <eddiejennings> bah.  weechat log doesn't last as long as I thought :(
16:04:45 <nirik> https://board.net/p/fedora-infra
16:05:23 <eddiejennings> bookmarked! :D
16:05:24 <dtometzki> today afternoon CET it was empty
16:05:44 <dtometzki> i checked this link
16:05:50 <dtometzki> no issue
16:05:50 <nirik> weird. perhaps board was having some issue?
16:05:58 <t0xic0der> eddiejennings: Time for some https://thelounge.chat :) (did this message make it through?)
16:06:19 <dtometzki> #topic New folks introductions
16:06:19 <dtometzki> #info About our team: https://docs.fedoraproject.org/en-US/cpe/
16:06:19 <dtometzki> #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves16:04:54 #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted
16:06:53 <dtometzki> anyone new here please say hello ?
16:06:59 <eddiejennings> t0xic0der: That looks interesting :)
16:07:14 <t0xic0der> Another service to self-host, yes :P
16:08:34 <khallnayak> Hi nirik, I wanted to know about the Infrastructure apprentice and how I can apply to it
16:09:28 <dtometzki> khallnayak, can we move this question to open floor ?
16:09:29 <nirik> khallnayak: welcome, sorry I didn't answer your PM yet, I am still catching up on messages... but basically, introduce yourself here, send an intro email to the list and then ask in #fedora-admin to get added to the apprentice group. :)
16:09:34 <dtometzki> is ok for you ?
16:10:16 <khallnayak> Sorry for barging in with the question
16:10:49 <dtometzki> we will go forward to the next topic
16:11:07 <dtometzki> #topic Next chair
16:11:07 <dtometzki> #info magic eight ball says:
16:11:07 <dtometzki> #info chair 2021-09-16 - dtometzki
16:11:07 <dtometzki> #info chair 2021-09-23 - dtometzki
16:11:07 <dtometzki> #info chair 2021-09-30 - mobrien
16:11:49 <dtometzki> has anyone time for 2021-10-07 ?
16:12:15 <darknao> I can take it
16:12:32 <dtometzki> #info chair 2021-10-07 - darknao
16:12:40 <dtometzki> many thanks darknao
16:13:08 <dtometzki> #topic announcements and information
16:13:09 <dtometzki> #info CPE Infra&Releng EU-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1030 Europe/paris in #centos-meeting
16:13:09 <dtometzki> #info CPE Infra&Releng NA-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1800 UTC in #fedora-meeting-3
16:13:09 <dtometzki> #info If your team wants support from the Fedora Program Management Team, file an isssue: https://pagure.io/fedora-pgm/pgm_team/issues?template=support_request
16:13:10 <dtometzki> #info Fedora 35 Beta freeze is now in effect 2021-08-24 -> 2021-09-21
16:13:12 <dtometzki> #info Fedora 35 Beta is NO-GO, today GO/NO-GO meeting is cancelled
16:13:36 <dtometzki> any additional infos or announcements ?
16:14:05 <mobrien55> Looks as though the bridge to Matrix is not working for this channel at the moment. Or else not for me at least
16:14:23 <dtometzki> iam on irc
16:14:40 <eddiejennings> ^--
16:14:42 <nirik> odd. it looks ok to me...
16:14:54 <nirik[m]> I can see both sides. 😉
16:15:08 <mobrien55> All the messages are coming through now. Weird
16:15:18 <nirik> might be it was just slow?
16:15:45 <dtometzki> no more information then we will go fforward
16:15:53 <dtometzki> -f
16:15:55 <dtometzki> #topic Oncall
16:15:55 <dtometzki> #info https://fedoraproject.org/wiki/Infrastructure/Oncall
16:15:55 <dtometzki> #info https://docs.fedoraproject.org/en-US/cpe/day_to_day_fedora/
16:15:55 <dtometzki> #info mkonecny oncall for 2021-09-10 to 2021-09-16
16:15:55 <dtometzki> #info eddiejennings oncall for 2021-09-17 2021-09-23
16:15:56 <dtometzki> #info lenkaseg on call from 2021-09-24 to 2021-09-30
16:15:58 <dtometzki> ## .oncalltakeeu .oncalltakeus
16:16:06 <mobrien55> Looks like it was just me, sorry for the interruption
16:17:05 <eddiejennings> I promise not to break stuff during my week :D
16:17:11 <dtometzki> #info dtometzki on call from 2021-10-01 to 2021-10-07
16:17:30 <dtometzki> i think more we dont need here
16:18:11 * nirik nods
16:18:21 <dtometzki> #info Summary of last week: (from current oncall )
16:18:41 <dtometzki> mkonecny do have anything ?
16:18:59 <dtometzki> is it available ?
16:20:56 <dtometzki> ok lets go to the next topic
16:20:58 <eddiejennings> no news is good news, maybe?
16:21:04 <nirik> hopefully
16:21:05 <dtometzki> yeey
16:21:12 <dtometzki> #info Summary of last week: (from current oncall )
16:21:12 <dtometzki> #topic Monitoring discussion [nirik]
16:21:12 <dtometzki> #info https://nagios.fedoraproject.org/nagios
16:21:12 <dtometzki> #info Go over existing out items and fix
16:21:22 <dtometzki> nirik your task
16:21:47 <nirik> I think we are pretty much the same as last week, let me see...
16:22:10 <nirik> oh, there have been some new alerts this last week...
16:22:34 <nirik> the copr folks have been putting monitoring in place. :) Those should be mentioned to #fedora-buildsys where they hang out.
16:22:52 <nirik> and log01 is low on disk again. I'll compress some logs later today to fix that
16:23:13 <dtometzki> ok
16:23:18 <nirik> and the vmhost-x86-copr04 box is still down, mobrien55 is fixing it.
16:23:31 <nirik> but thats about it.
16:23:32 <nirik> we can move on
16:23:49 <dtometzki> so next ..
16:23:53 <dtometzki> #topic Fedora Infra backlog refinement
16:23:53 <dtometzki> #info Refine oldest tickets on https://pagure.io/fedora-infrastructure/issues
16:24:10 <dtometzki> I checked the last logs and we ended on
16:24:13 <nirik> cool. are we doing that this week? or I thought I was doing a learning thing?
16:24:32 <eddiejennings> We did old tickets last week (as I discovered).
16:24:32 <mobrien55> Ya, we did tickets last week I think
16:24:33 * nirik can easily be misremembering
16:24:43 <dtometzki> .ticket 7377
16:24:44 <zodbot> dtometzki: Issue #7377: SSH keys length can prevent user from login in Fedora infrastructure - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/7377
16:24:56 <dtometzki> that was the last one
16:25:30 <mkonecny> I'm here
16:25:54 <dtometzki> any input to that issue
16:25:59 <nirik> I think I was on the hook to talk about robosignatory... but we can do tickets if folks prefer. ;)  2021-09-16 - robosignatory [nirik]
16:26:15 <mkonecny> I saw two pings, one was outside my working hours and one was about SSL 3.0 bodhi update being stuck, but this was solved by mhroncok
16:26:34 <dtometzki> oh many thanks mkonecny
16:26:43 <mkonecny> Pretty quiet week
16:27:04 <dtometzki> should we discuss 2-3 issues and then start withe the learning topic ?
16:27:17 <dtometzki> ist that ok for all ?
16:27:36 <nirik> we could, but I don't know if it would leave enough time.
16:27:47 <eddiejennings> Yeah, as I learned last week time flies.
16:27:57 <dtometzki> ok the we will delay this topic to next week
16:28:06 <eddiejennings> I vote laerning topic to keep on the every-other-week pattern.
16:28:27 <dtometzki> #topic Upcoming learning topics
16:28:27 <dtometzki> #info 2021-09-16 - robosignatory [nirik]
16:28:27 <dtometzki> #info 2021-09-30 - infrastructure repository tour [mkonecny]
16:28:27 <dtometzki> #info 2021-10-14 - How to communicate with Fedora infrastructure team [mkonecny]
16:28:42 <dtometzki> next week we have time :-)
16:28:59 <dtometzki> nirik your time and many thanks for prepare
16:29:22 <nirik> I was thinking I could do one on matrix down the road, say oct 28th
16:29:34 <nirik> but to todays topic: robosignatory
16:29:34 <mkonecny> I think the talk will be better :-)
16:30:29 <nirik> robosignatory is a small application we run / maintain. It basically listens for fedora-messages on our message bus and acts on them by signing and optionally tagging builds in koji.
16:30:48 <nirik> https://pagure.io/robosignatory/ is the upstream project
16:31:17 <nirik> It does not actually do any signing itself, it just makes calls to another application (sigul) to do that.
16:31:39 <nirik> so, a build finishes in koji and is tagged into some tag, that emits a fedora-message.
16:32:12 <nirik> robosignatory sees that, checks it's config and if it's a tag it has in it's config it asks sigul to sign it and can also tell koji to move it to another tag.
16:32:40 <nirik> Since this is a sensitive service, it's deployed in our infra on a bare metal box (not a vm)
16:33:07 <nirik> it also normally does not run sshd or any services allowing incoming connections.
16:33:21 <nirik> access is via management console.
16:34:07 <nirik> When / if it's ever rebooted or the service restarted, it has to have it's passphrase re-entered. (it does not store this on disk anywhere)
16:34:46 <nirik> you can see it's config at:
16:34:50 <nirik> https://pagure.io/fedora-infra/ansible/blob/main/f/roles/robosignatory/templates/robosignatory.toml.j2
16:35:56 <nirik> basically the format is a from koji tag (the one koji tagged it into) and a to koji tag (which could be the same one if you don't want it to move anything) and keys to ask sigul to sign that tag with
16:36:31 <nirik> it can in addition to signing packages also sign ostree commits...
16:36:46 <nirik> via the same flow... listen for a message, sign, etc.
16:37:32 <nirik> I think thats basically what it is. It's pretty simple in the end. ;)
16:38:05 <nirik> any questions or comments? This does kind of bring up questions like what are koji tags and what is sigul. ;)
16:38:41 <darknao> sigul and robosignatory are both on the same host ?
16:38:47 <nirik> nope.
16:39:14 <nirik> sigul is on 3 hosts... sign-bridge01 (which is a vm) and sign-vault03/04
16:39:25 <eddiejennings> Not challenging it, but I'm curious what the thought process was for robosignatory taking a physical host rather than being a VM.
16:39:40 <nirik> the vaults are very like robosignatory in that they don't have any listening services, they only reach out to talk to the bridge
16:39:43 <petebuffon[m]> robosignatory makes sense, ya I guess I just have questions now about sigul, koji, and fedora messages
16:40:28 <nirik> eddiejennings: vm's are subject to attacks from other vm's on the same host, or definitely the hypervisor... we didn't want to mix this high security thing with any low security vm's
16:40:34 <dtometzki> I have to leave the meeting eddiejennings will do the last topic. Sorry i got an urgent call from a customer
16:41:43 <nirik> dtometzki: no worries. want someone to take over?
16:42:13 <eddiejennings> I can see that.  Only so much isolation you can do with a hypervisor.
16:42:32 <eddiejennings> nirik: He messaged me, I'll do the needful :)
16:43:24 <nirik> great.
16:43:32 <eddiejennings> When you mentioned access via management console, am I right in assuming that's the physical console (keyboard / monitor) connected to the physical host?
16:43:42 <nirik> I did a topic on sigul I think a while back, look in the board to find it.
16:44:08 <darknao> eddiejennings: more like a remote managment console, like an iLo or something i guess
16:44:17 <nirik> The box is a dell one, so it's a drac console thats built in. But has it's own ip/auth/etc
16:44:27 <eddiejennings> Ah, ok.
16:44:31 <eddiejennings> Good ole idrac :D
16:45:35 <nirik> as an aside I will say the drac9's are really nice because you can _finally_ just go to a page and say 'download and update all the stupid firmware updates to the latest version, thanks!' and it does it.
16:46:30 <nirik> anyhow, anything else on robosignatory?
16:47:00 <eddiejennings> Nothing from me.  Thanks nirik !
16:47:46 <petebuffon[m]> don't think so, I have some homework to do now on more fedora systems :)
16:48:21 <nirik> Shall we go to open floor?
16:48:29 <eddiejennings> Let's do it
16:48:34 <eddiejennings> #topic Open Floor
16:48:41 <eddiejennings> bah.
16:49:10 <eddiejennings> I thought that was the right syntax for Zod
16:49:10 <nirik> #chair eddiejennings
16:49:10 <zodbot> Current chairs: bodanel computerkid dtometzki eddiejennings jnsamyak mobrien nirik pingou siddharthvipul zlopez
16:49:15 <eddiejennings> ah, ok
16:49:24 <eddiejennings> #topic Open Floor
16:50:01 <nirik> I was going to see if khallnayak wanted to introduce themselves now, but I guess they are gone. ;(
16:50:27 <eddiejennings> I have one quick thing.  .ticket 10159
16:50:35 <eddiejennings> .ticket 10159
16:50:38 <zodbot> eddiejennings: Issue #10159: Need to re-ip Fedora systems at ibiblio - fedora-infrastructure - Pagure.io - https://pagure.io/fedora-infrastructure/issue/10159
16:51:10 <eddiejennings> I think the only info I need for this one before moving forward to see what needs to be changed / updated is confirmation of the gateway address for that new IPv6 network.
16:51:32 <nirik> Its on my list to look at... I have about 10000 things I haven't gotten to yet today. ;)
16:51:32 <eddiejennings> I think it would be :1, but didn't want to assume.
16:52:29 <eddiejennings> Excellent.  Sorry all of this ends up just piling onto your nirik :(
16:52:30 <nirik> I can update the ticket later today...
16:52:48 <nirik> it's fine. :) Just need to be patient.
16:53:18 * eddiejennings simmers down now.
16:53:23 <eddiejennings> for those that get the reference :D
16:53:44 <eddiejennings> old-school Saturday Night Live for those who don't :)
16:54:08 <eddiejennings> Other open floor discussion?
16:55:04 * nirik has to go, thanks everyone
16:55:33 <eddiejennings> Thanks to nirik and all.  Thus endeth. . .
16:55:38 <eddiejennings> #end-meeting
16:55:45 <eddiejennings> #endmeeting