16:00:29 <sgallagh> #startmeeting Server SIG Weekly Meeting (2015-12-15)
16:00:29 <zodbot> Meeting started Tue Dec 15 16:00:29 2015 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:29 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:29 <zodbot> The meeting name has been set to 'server_sig_weekly_meeting_(2015-12-15)'
16:00:29 <sgallagh> #meetingname ServerSIG
16:00:29 <zodbot> The meeting name has been set to 'serversig'
16:00:30 <sgallagh> #chair sgallagh mizmo nirik stefw adamw simo danofsatx mhayden jds2001
16:00:30 <sgallagh> #topic roll call
16:00:30 <zodbot> Current chairs: adamw danofsatx jds2001 mhayden mizmo nirik sgallagh simo stefw
16:00:37 <stefw> .hello stefw
16:00:38 <jds2001> .hello jstanley
16:00:38 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com>
16:00:40 <sgallagh> .hello sgallagh
16:00:41 <zodbot> jds2001: jstanley 'Jon Stanley' <jonstanley@gmail.com>
16:00:44 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
16:00:48 <nirik> morning
16:00:50 <jsmith> .hello jsmith
16:00:51 <zodbot> jsmith: jsmith 'Jared Smith' <jsmith.fedora@gmail.com>
16:03:38 <sgallagh> /me waits a couple more minutes
16:03:41 <mhayden> .hello mhayden
16:03:42 <zodbot> mhayden: mhayden 'Major Hayden' <major@mhtx.net>
16:06:11 <sgallagh> OK, let's get started
16:06:18 <sgallagh> #topic Agenda
16:06:23 <sgallagh> #info Agenda Topic: Let's Encrypt
16:06:30 <sgallagh> Any other agenda items this week?
16:07:10 * nirik has nothing
16:07:27 <sgallagh> OK
16:07:34 <sgallagh> #topic Let's Encrypt
16:08:32 <sgallagh> So, the question on the table is whether there is anything in specific that we want Fedora Server to do with regards to the Let's Encrypt initiative.
16:08:44 <sgallagh> The LE packages are now in Fedora proper.
16:08:53 <nirik> I think it's great and we should promote it as much as we can, but it can't be fully automated can it?
16:09:01 * stefw thought about this with regards to Cockpit ... but it cannot be automated in that case
16:09:03 <sgallagh> #link https://fedoramagazine.org/letsencrypt-now-available-fedora/
16:09:04 <nirik> (doesn't it need dns changes to prove you own the domain)
16:09:20 <stefw> nirik, it can also do file hosting
16:09:33 <stefw> put X file at a given http location
16:09:45 <nirik> ok.
16:10:27 <nirik> if we could figure some way to automate it via cockpit or something that would be awesome... otherwise, not sure what we can do. ;(
16:10:38 <sgallagh> Right, so nothing having to do with certificates can ever truly be fully automated
16:10:51 <sgallagh> (that's by design; otherwise they would be untrustable)
16:11:04 <stefw> correct
16:11:05 * nirik nods.
16:11:11 * jds2001 nods
16:11:11 <stefw> one of the barriers to lets encrypt
16:11:18 <stefw> is that the server is not accessible from the internet
16:11:27 <stefw> in many cases
16:11:33 <stefw> where fedora server is deployed
16:11:49 <stefw> but if we do have a solid use case for publicly accessible servers, then i guess we could look into automating this in cockpit
16:11:58 <simo> .hello simo
16:11:58 <zodbot> simo: simo 'Simo Sorce' <ssorce@redhat.com>
16:12:02 <nirik> yeah, it's probibly a rare case where the server you are just now deploying is your main domain server.
16:12:30 <stefw> indeed, and dns needs to be setup too
16:12:36 <stefw> where this will really shine is in cloud deployments
16:12:58 <stefw> where, at least in theory, one can have a dns domain working out of the box
16:13:01 <nirik> so, I think the most we could do now is point people to it in docs, etc...
16:13:38 <jds2001> like i said on the list, the doc is at least somewhat there
16:16:00 <sgallagh> OK, so is the general sense that there is no action to be taken here?
16:16:27 <stefw> at least not yet
16:16:27 <jds2001> +1
16:16:46 <sgallagh> There was an interesting question on the list regarding perhaps working towards getting automated renewals working at least.
16:16:54 <sgallagh> That might be something we could integrate with certmonger for
16:19:07 <sgallagh> simo: Does your team still own certmonger?
16:20:45 <simo> yes ?
16:21:21 <sgallagh> simo: What are your thoughts on getting certmonger to work with Let's Encrypt for renewals?
16:23:06 * mhayden likes this idea
16:24:06 * nirik suspects it needs some investigation.
16:24:09 <simo> sgallagh: it's something we want to do already :)
16:24:21 <simo> but we haven't investigated it fully yet
16:24:30 <simo> we were looking at the server case first
16:24:59 <sgallagh> simo: Can you expand on "server case"?
16:26:19 <simo> ipa implementing the letsencrypt protocol for its clients
16:26:33 <jsmith> Oooh, interesting...
16:26:41 <sgallagh> You have my attention
16:28:52 <sgallagh> simo: That was code for: "Tell us more"
16:29:19 <mhayden> :)
16:31:11 <simo> sgallagh: I am double booked
16:31:24 <simo> but I do not have a lot more to say, we are still planning/discussing
16:31:33 <sgallagh> simo: OK, could you keep server@ in the loop on those plans?
16:31:40 <sgallagh> I think that will be of particular interest.
16:32:57 <sgallagh> #info Let's Encrypt is not automatable, so we won't be attempting to ship anything by default
16:33:31 <sgallagh> #info Proposals include working with certmonger to support automatic LE certificate renewals and support for FreeIPA to provide the LE protocols to its clients.
16:33:39 <sgallagh> Anything else on this topic?
16:33:53 <jsmith> The protocol is called ACME, for what (little) it's worth...
16:34:20 <sgallagh> /me used to order tools from them, but they seemed to break down a lot
16:36:25 <sgallagh> #topic Open Floor
16:36:42 <sgallagh> After last week, I updated comps.xml and spin-kickstarts with the new, reduced package set.
16:36:47 * jsmith has nothing further to add
16:37:01 <sgallagh> The DVD size has shrunk from 2.1GB to 1.7GB, so that's a non-trivial gain
16:37:06 <mhayden> not bad
16:37:20 <mhayden> i did the math -- that's like 400MB
16:37:46 <sgallagh> mhayden++
16:37:54 <sgallagh> (I figure you deserve a cookie for that)
16:38:05 <mhayden> haha, it appears you have already provided a cookie
16:38:06 <stefw> sgallagh, do you have a link to the changes?
16:38:07 <sgallagh> But zodbot doesn't
16:38:25 <sgallagh> stefw: I think I emailed them to the list, and we discussed them at the last meeting
16:38:43 <sgallagh> stefw: Mainly it was dropping most of the non-default install content
16:38:50 <sgallagh> Like the HA stuff, Jboss, etc.
16:39:15 <sgallagh> It also dropped docker from the default install, as agreed last week
16:40:22 <jsmith> WORKSFORME
16:41:39 <sgallagh> OK, anything else for this week?
16:43:01 <nirik> oh, are we meeting next week and week after?
16:43:21 * jds2001 is off $DAYJOB, but that doesn't matter
16:43:31 <sgallagh> I will be around next week
16:43:32 <jds2001> but i suspect many others are similarly out.
16:43:41 <sgallagh> But not the one after
16:43:53 * nirik will not be around next week/week after (well, I will in case of alerts/doom, but will be on PTO)
16:45:31 <sgallagh> I'm not hearing any overwhelming support for holding the next two meetings.
16:45:57 <sgallagh> #info The next meeting will be on Jan. 5th, 2016
16:46:58 <sgallagh> Anything else this weeK?
16:48:29 <sgallagh> I'll interpret that as "no"
16:48:33 <sgallagh> Thanks for coming, folks.
16:48:36 <sgallagh> #endmeeting