meeting
LOGS
14:01:05 <mvollmer> #startmeeting meeting
14:01:05 <zodbot> Meeting started Mon Dec  7 14:01:05 2015 UTC.  The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:05 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:01:05 <zodbot> The meeting name has been set to 'meeting'
14:01:12 <andreasn> I hope the logs works today
14:01:26 <mvollmer> yeah
14:01:33 <mvollmer> .hello mvo
14:01:36 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com>
14:01:52 <andreasn> .hello andreasn
14:01:53 <zodbot> andreasn: andreasn 'Andreas Nilsson' <anilsson@redhat.com>
14:02:14 <mvollmer> #topic Agenda
14:02:19 <mvollmer> * Debian 8
14:02:48 <andreasn> * tuned support
14:03:02 <andreasn> * container scanning
14:03:05 <mvollmer> * realmd with non-freeipa
14:03:06 <stefw> .hello stefw
14:03:07 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com>
14:03:30 <stefw> * Ideas vs. Issues
14:04:33 <mvollmer> okay, let's go.
14:04:37 <mvollmer> #topic Debian 8
14:04:43 <mvollmer> I tink I have touched ground
14:04:48 <mvollmer> all tests are green
14:05:03 <mvollmer> only two bugs found in Debian, which is pretty good. :-)
14:05:14 <mvollmer> many tests are skipped
14:05:50 <mvollmer> https://mvo.fedorapeople.org/logs/test-fdcf2a96-debian-8/log.html
14:06:06 <mvollmer> storage, kubernetes, and realm tests are skipped
14:06:20 <mvollmer> and sosreport
14:06:21 <mvollmer> well
14:06:22 <stefw> are the skipped tests for things that are not packaged on debian?
14:06:31 <mvollmer> yes
14:06:33 <stefw> ie, those cockpit subpackages are not packaged there (yet)?
14:06:44 <mvollmer> nothing is skipped because of bugs
14:07:15 <mvollmer> i have to step back from this a bit
14:07:31 <mvollmer> and write down the follow up work
14:08:11 <mvollmer> we need to improve some UI scenarios, such as handling network interfaces that are not managed by NM
14:08:45 <mvollmer> but I think we can pretty soon start testing on Debian 8 and expect it to be green.
14:09:03 <andreasn> do you mean on a system with both NM and something else? or no NM at all?
14:09:16 <mvollmer> with both NM and something else
14:09:25 <andreasn> right
14:09:53 <mvollmer> on Fedora, NM can manage traditional old text-file configuration, but on Debian it can not.  I think.
14:10:04 <andreasn> ah, I see
14:10:17 <andreasn> is that deliberate from debians side? or just a bug?
14:10:18 <mvollmer> so on Fedora you can let it manage everything and it will be alright even for greybeards
14:10:26 <mvollmer> but on Debian you have to choose
14:10:53 <mvollmer> and by default Debian chooses to not let NM manage the devices that were present during installation
14:10:57 <mvollmer> (I think.)
14:11:00 <andreasn> ah, I see
14:11:11 <mvollmer> seems deliberate
14:11:43 * mvollmer notes that he starts to get a grey beard
14:11:54 <mvollmer> actually, silver
14:11:58 <andreasn> cool
14:12:32 <mvollmer> okay, so #3202 is no longer WIP
14:12:47 <mvollmer> I'll read over the review comments etc
14:13:01 <stefw> so should we disable our NM ui (with curtains for instance) when it's not relevant on Debian?
14:13:09 <mvollmer> maybe
14:13:15 <mvollmer> I mean, yes, when it is not relevant
14:13:19 <andreasn> sure
14:13:24 <mvollmer> I am not sure whether it is relevant
14:13:26 <mvollmer> probably not
14:13:40 <mvollmer> but the tests work OK
14:14:07 <mvollmer> in any case, we should handle unmanaged interfaces
14:14:14 <mvollmer> people have those also on Fedora
14:15:07 <mvollmer> if that turns out nice, we might leave NM enabled on Debian, and maybe help people get their interfaces managed
14:15:39 <mvollmer> but let's ask Debian also, of course
14:15:51 <mvollmer> another thing worth mentioning:
14:16:14 <mvollmer> user synch should probably be removed from the normal "add machine" flow
14:16:28 <mvollmer> stefw and I had a discussion about this
14:16:53 <mvollmer> and synching between Fedora and Debian is non-trivial because of the group differences
14:17:01 <stefw> yes, we now have the ability to use disparate users between machines
14:17:03 <mvollmer> and we don't need that synching to much anymore
14:17:06 <stefw> we don't need to push people towards syncing
14:17:32 <petervo> right now when adding a machine
14:17:53 <petervo> if we can't login first try we push them toward syncing
14:18:17 <stefw> it can still be available in other locationts
14:18:17 <stefw> but doesn't need to be part of the flow
14:18:34 <stefw> hmmm, i always get the syncing ui
14:18:46 <petervo> yes, it always shows
14:18:47 <mvollmer> me, too, I think
14:19:23 <petervo> but i was wondering if we want to leave it in the case of a failed initial login
14:19:29 <petervo> or remove it all together
14:19:43 <stefw> currently it shows up as the last step of add server
14:19:43 <stefw> oh ok
14:19:43 <stefw> so lets make it conditional, yes
14:20:04 <mvollmer> and call it "Create Users", maybe?
14:20:11 <petervo> ok, i'll open a ticket
14:20:15 <mvollmer> ok
14:20:43 <mvollmer> I'll open issues for the other things
14:21:22 <mvollmer> but let me see you nod: We want to test each PR on debian-8, just like we do with fedora-23, etc.
14:21:26 <mvollmer> right?
14:21:29 * mvollmer nods
14:22:21 <stefw> yup
14:22:22 <mvollmer> I have actually found myself working on other things using my Debian VM as a devbox, just because that was in the command history
14:22:33 <mvollmer> worked just fine
14:22:54 <mvollmer> okay
14:22:58 <mvollmer> next topic?
14:23:27 <andreasn> yup
14:23:39 <mvollmer> #topic tuned support
14:24:01 <stefw> Ryan Barry has contributed a plugin for tuned support
14:24:04 <stefw> which is really great
14:24:12 <stefw> tuned lets you set the CPU performance profile of a server
14:24:42 <andreasn> #info https://github.com/cockpit-project/cockpit/pull/3279
14:24:42 <stefw> so if you would like it to use more power, and be faster, etc..
14:24:43 <stefw> the plugin is not ready to be merged
14:24:45 <stefw> but it does work once it gets a little patch
14:24:50 <andreasn> #info https://trello.com/c/eRlWwPcu/12-tuned-support
14:25:00 <stefw> yes, this is one of the features on our roadmap
14:25:25 <stefw> so it's a very nice contribution
14:25:26 <stefw> so i guess i have several questions
14:25:26 <stefw> do we want to prioritize this and bump it up our roadmap
14:25:26 <stefw> because someone has contributed it
14:25:28 <stefw> and finish it up
14:25:34 <andreasn> I would say yes
14:25:43 <stefw> the alternative, would be to get the minimum functionality finished
14:25:46 <mvollmer> yes
14:26:05 <stefw> and merge it early, and then finish it up later as a real feature
14:26:05 <stefw> i would prefer the former
14:26:09 <stefw> but likely i wouldn't be the one to do the work for that option :)
14:26:15 <mvollmer> this needs some tests, right?
14:26:21 <stefw> and a better design
14:26:26 <mvollmer> right
14:26:41 <andreasn> I think a better design could be fairly straight forward for the minimum functionality
14:26:50 <mvollmer> i should work on my bug backlog
14:26:50 <stefw> we can see how much ryan wants to implement the design
14:27:00 <mvollmer> but I can help with the tests
14:27:02 <andreasn> like moving it to the server frontpage and change the wording a bit
14:27:53 <andreasn> so start with this minimum, and then create a full feature out of it at a later point+
14:27:55 <andreasn> ?
14:28:07 <andreasn> like "Tuned: part 2"
14:28:23 <stefw> well that was one of the alternatives
14:28:29 <stefw> if we can do it right, especially with design the first time around
14:28:31 <stefw> i think that would be best
14:29:07 <andreasn> I've done some research before this meeting, since I hadn't heard about tuned before
14:29:08 <mvollmer> I agree
14:29:35 <andreasn> but I haven't really figured out the capabilities of it
14:30:02 <andreasn> but I'll keep reading up on it
14:32:01 <mvollmer> okay, conclusion is to try to do this right, correct?
14:32:18 <stefw> yeah, i think so
14:32:19 <stefw> andreasn, will you create a feature page?
14:32:22 <andreasn> sure
14:33:45 <mvollmer> alright, next?
14:34:06 <andreasn> sure
14:34:07 <mvollmer> #topic container scanning
14:35:02 <andreasn> I've done some more work on this. Filled out the feature page https://github.com/cockpit-project/cockpit/wiki/Feature:-container-security-scanning
14:35:35 <andreasn> and worked on mockups, but those are not 100% done yet. Maybe 90% there now
14:36:17 <andreasn> is anyone interested in the implementation part of that once it's done?
14:36:47 <mvollmer> sure
14:36:54 <andreasn> cool
14:36:55 <petervo> andreasn, are you thinking the "pushes to production" is part of this UI?
14:37:42 <andreasn> petervo: no, that would be a separate thing I think
14:37:45 <mvollmer> is this on our roadmap?  I can't see it.
14:38:04 <andreasn> https://trello.com/c/sE5cjZ6C/217-container-image-scanning
14:38:12 <petervo> ok good
14:39:09 <mvollmer> andreasn, should it be also listed here https://trello.com/c/ieN2nnXd/176-feature-roadmap ?
14:39:25 <andreasn> mvollmer: it's on the atomic roadmap (I thinkl)
14:39:35 <andreasn> yup https://trello.com/c/fhLkR7PZ/162-atomic-features
14:39:50 <andreasn> oh, look. tuned is also there! :)
14:40:04 <mvollmer> ohh, right!
14:40:17 <mvollmer> so much to do...
14:41:04 <andreasn> we can rest when we're dead
14:41:10 <andreasn> :)
14:41:20 <mvollmer> \m/
14:41:24 <andreasn> next topic?
14:41:37 <mvollmer> #topic realmd with non-freeipa
14:41:44 <mvollmer> this came up with Debian
14:42:02 <mvollmer> Debian can't join FreeIPA because it doesn't have the client yet
14:42:12 <mvollmer> (I hope that is a correct statement.)
14:42:25 <mvollmer> (Maybe one can join FreeIPA in other ways, I don't know.)
14:42:29 <andreasn> what domain solution do they have?
14:42:50 <mvollmer> But I think that Cockpit can _only_ join FreeIPA domains
14:42:57 <stefw> that would be extremely hard
14:43:03 <mvollmer> and the error message on Debian is not helpful
14:43:06 <stefw> to join IPA without the client (it does a lot of things)
14:43:28 <mvollmer> maybe soon FreeIPA can be treated as AD?
14:43:36 <mvollmer> anyway, I don't know these things
14:44:01 <mvollmer> so, I think the right thing on Debian would be to disable the domain button, actually.
14:44:35 <andreasn> just hide that whole row?
14:44:41 <mvollmer> or we make sure that Cockpit can join non-FreeIPA domains.
14:45:06 <stefw> Debian should be able to join AD domains
14:45:32 <stefw> IPA domains won't show up as valid domains if realmd support for them is disabled
14:45:39 <mvollmer> Cockpit only every calls KerberosMembership.Join() on realmd
14:45:43 <stefw> this seems like a Debian bug
14:45:59 <stefw> well it calls Discover()
14:46:08 <stefw> how would it avoid thath?
14:46:19 <mvollmer> I mean, it never tries to join via a different interface
14:46:29 <stefw> if IPA support is properly disabled in Debian realmd
14:46:42 <mvollmer> is KerberosMembership.Join the right thing to join to AD?
14:46:47 <stefw> then cockpit will handle that case correctly (by not joining, or offering to join IPA domains)
14:46:50 <stefw> mvollmer, yes
14:46:55 <stefw> that's the whole point of realmd
14:47:00 <stefw> to abstract that sorta stuff away
14:47:01 <mvollmer> ok, I see
14:47:07 <stefw> AD is kerberos based
14:47:10 <andreasn> how does it work in GNOME on Debian?
14:47:41 <stefw> i imagine if you point realmd at an IPA domain using gnome-control-center you'll have the same behavior
14:48:58 <mvollmer> I open an issue for this.
14:49:13 <mvollmer> let's use the time for the remaining topics, I'd say
14:49:32 <mvollmer> #topic Ideas vs. Issues
14:49:42 <mvollmer> ohh, simo was here :-)
14:50:06 <stefw> we discussed a bit elsewhere about moving very broad RFE style issues into an Ideas page
14:50:40 <sgallagh_> Sorry, I forgot about this meeting. Can we go back to the realmd discussion?
14:51:16 <stefw> it would be best to keep the Issues to things that are reasonably going to have a conclusion
14:51:17 <stefw> either because they're a bug and pretty much have to be fixed
14:51:17 <stefw> or are assigned to someone who's going to fix it
14:51:17 <stefw> or are concrete missing functidonality in an already implemented feature
14:51:19 <sgallagh_> First of all, I *think* Debian does in fact have an ipa-client these days.
14:51:32 <mvollmer> sgallagh_, later, please
14:51:38 <sgallagh_> ok
14:51:41 <sgallagh_> Ping me.
14:51:42 <mvollmer> thanks
14:52:06 <stefw> broad ideas with no backing from someone who's going to contribute them should go onto the Ideas page
14:52:06 <stefw> they can serve as inspiration, and ideally would find a contributor at some point in which case a pull request, and further 'issues' would result
14:52:06 <stefw> does that make sense?
14:52:10 <andreasn> yeah, otherwise things are just going to get lost in the issue tracker
14:52:27 <stefw> hmmm, looks like we're experiencing net splits or something
14:52:32 <mvollmer> makes sense to me.
14:52:50 <andreasn> should I go ahead and create the page in the wiki?
14:53:15 <mvollmer> the networkmanager idea fits what we have discussed above about handling unmanaged interfaces
14:53:25 <mvollmer> andreasn, it exists
14:53:34 <petervo> https://github.com/cockpit-project/cockpit/wiki/Ideas
14:53:44 <andreasn> nice
14:53:45 <stefw> #info https://github.com/cockpit-project/cockpit/wiki/Ideas
14:53:45 <stefw> This is the page
14:53:45 <stefw> https://github.com/cockpit-project/cockpit/wiki/Ideas
14:53:45 <stefw> and i've added 5 things so far
14:53:45 <stefw> mvollmer, ok, could you remove the networkmanager item
14:53:46 <stefw> and assign the bug to yourself?
14:53:58 <mvollmer> yes
14:54:25 <petervo> we should probably link to it from the main wiki page and maybe add a line or two about it to the Roadmap page
14:54:40 <stefw> yes, and from the Hackfest page
14:54:46 <stefw> and Contributing page
14:57:27 <mvollmer> okay
14:57:44 <mvollmer> #topic  realmd with non-freeipa
14:57:50 <mvollmer> sgallagh_, ping
14:57:50 <zodbot> mvollmer: Ping with data, please: https://fedoraproject.org/wiki/No_naked_pings
14:57:56 <mvollmer> sgallagh_, ping with data
14:58:00 <sgallagh_> mvollmer: Heh
14:58:06 <mvollmer> :-)
14:58:23 <sgallagh_> OK, so I know that Timo Aaltonen has been maintaining the FreeIPA-on-Debian/Ubuntu effort for a long while now
14:58:50 <sgallagh_> I'm 95% sure that ipa-client works on Debian now and I seem to recall hearing that they actually have the server as well these days
14:59:00 <sgallagh_> Though possibly only on Debian-Testing
14:59:03 <mvollmer> freeipa-client is in unstable only, no?
14:59:27 <sgallagh_> Might be
14:59:36 <mvollmer> https://tracker.debian.org/pkg/freeipa
15:00:13 <mvollmer> it's still ahead of cockpit, of course.
15:00:17 <sgallagh_> That's teh server...
15:00:32 <mvollmer> so when cockpit goes to unstable (fingers crossed), we have to look at this again, true.
15:00:59 <sgallagh_> The client landed in Debian at least a year ago, probably two
15:01:20 <mvollmer> client and server are built from the same source package, no?
15:01:38 <mvollmer> sgallagh_, yes, it landed in unstable
15:02:05 <mvollmer> you are right, I should have said that more clearly.
15:02:17 <mvollmer> we are testing on debian 8 now, which doesn't have it.
15:02:25 <sgallagh_> OK
15:02:53 <sgallagh_> mvollmer: Might be worth testing on recent Ubuntu as well. I *know* ipa-client is available there.
15:02:56 <mvollmer> but cockpit will go to unstable of course, so have to figure out how we test that
15:03:30 <sgallagh_> Yeah, my experience with the Debian process in minimal.
15:03:36 <sgallagh_> s/in/is/
15:04:38 <sgallagh_> mvollmer: Presumably unstable packages in Debian can depend on one another?
15:04:50 <mvollmer> yes
15:04:51 <sgallagh_> I know apt has the "Recommends" concept; we could Recommends: ipa-client
15:05:11 <mvollmer> ohh look at this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787593
15:05:21 <mvollmer> we will run into this as well,I guess
15:05:32 <mvollmer> or maybe not
15:06:19 <mvollmer> anyway, thanks for reminding me that Debian 8 is not really the thing that Cockpit has to integrate with.
15:06:33 <mvollmer> i started to forget aboutt hat
15:06:49 <sgallagh_> /me nods
15:07:33 <mvollmer> ok, done?
15:07:38 <sgallagh> I have nothing else
15:07:45 <mvollmer> #topic Any other business
15:08:10 <mvollmer> nothing, good. :)
15:08:13 <mvollmer> #endmeeting