infrastructure
LOGS
20:00:19 <mmcgrath> #startmeeting infrastructure
20:00:19 <zodbot> Meeting started Thu Sep  9 20:00:19 2010 UTC.  The chair is mmcgrath. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:19 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:00:29 <mmcgrath> #meetingname infrastructure
20:00:29 <zodbot> The meeting name has been set to 'infrastructure'
20:00:33 <mmcgrath> #topic who's here?
20:00:35 * mmcgrath is
20:01:15 * CodeBlock 
20:02:07 <mmcgrath> we'll wait a bit longer
20:02:22 * nirik is lurking
20:02:53 <mmcgrath> Ok then
20:02:59 <mmcgrath> #topic Beta freeze
20:03:11 <mmcgrath> Reminder to everyone, the beta release is scheduled for 2010-09-28
20:03:17 <mmcgrath> that means we'll be change freezing NEXT WEEK!
20:03:22 <mmcgrath> on the 14th
20:03:51 <mmcgrath> anyone have any major changes going in before then?
20:03:52 <mmcgrath> lmacken: ?
20:03:53 <mmcgrath> abadger1999: ?
20:03:56 <mmcgrath> smooge: ?
20:03:57 * mdomsch 
20:04:00 <mmcgrath> mdomsch: ?
20:04:09 * jsmith has nothing
20:04:12 <mdomsch> I hotfixed the one bug I knew about
20:04:14 <abadger1999> mmcgrath: hey.
20:04:40 <mdomsch> there's a second I could also hotfix, if skvidal and geppetto really care
20:04:48 <skvidal> huh?
20:04:51 <skvidal> ah
20:04:54 <mdomsch> the metalink empty XML doc
20:04:58 <smooge> hrtr
20:05:00 <mmcgrath> mdomsch: well, if you do could you do it before the the 14th :)
20:05:00 <mdomsch> but nothing major
20:05:01 <smooge> here
20:05:03 <smooge> sorry
20:05:06 <skvidal> mdomsch: not major, no
20:05:18 <smooge> beta freeze next week. need to open a lot of tickets on things
20:05:29 <smooge> I am doing updates before then and will be rebooting boxes tonight
20:05:37 <smooge> skvidal, wont be here next week
20:05:50 <smooge> and I am not planning on any other changes
20:06:45 <mmcgrath> k, in that case we'll move on
20:06:50 <mmcgrath> #topic Zarafa calendaring
20:07:01 <mmcgrath> So, I've got zarafa deployed in production - https://admin.fedoraproject.org/zarafa/
20:07:09 <mmcgrath> I've only got a couple of more things to do to it before it's "ready"
20:07:12 <mmcgrath> I'd like some testers.
20:07:19 <skvidal> what's testing entail
20:07:22 <mmcgrath> anyone have calendaring needs they could test?
20:07:30 <nirik> cool. ;)
20:07:42 * nirik notes we could/should calendar the meetings in this channel.
20:07:47 <mmcgrath> skvidal: mostly using the web interface to make calendars, using ical and caldav with some external app (like sunbird)
20:08:13 <skvidal> ah okay
20:08:29 <mmcgrath> so are there any voulnteers there I could work with?
20:08:43 <mmcgrath> if not I'll email the list.
20:08:48 * nirik can try and play with it time permitting.
20:08:53 <skvidal> mmcgrath: so
20:08:57 <skvidal> I can think of some folks we know
20:09:00 <skvidal> who use calendars a lot
20:09:04 <Oxf13> I could probably test it
20:09:05 <skvidal> and maybe it might be worth asking
20:09:12 <Oxf13> with lightening an with my android
20:09:12 <skvidal> poelcat, jsmith, stickster
20:09:14 <nirik> might also be worth pinging poelcat to look at it.
20:09:14 <skvidal> folks like that?
20:09:17 <nirik> yeah.
20:09:20 <mmcgrath> skvidal: yeah I'll ping them after the meeting.
20:09:30 <mmcgrath> maybe poelcat and I could put a few public calendars together.
20:09:51 * jsmith would be happy to look at it
20:10:04 <mmcgrath> jsmith: k, I'll meet up with you after the meeting.
20:10:07 <jsmith> I've been known to torture calendaring systems :-)
20:10:10 <mmcgrath> I need to write some docs down.
20:10:27 <mmcgrath> Anyone have any other questions or comments on that?
20:10:57 <Southern_Gentlem> mmcgrath,  i will gladly try to load the FAMna events into it if you want
20:11:51 <mmcgrath> Southern_Gentlem: excellent, that'd be helpful.  I don't think you'll be able to actually login yet
20:11:55 <mmcgrath> but soon.
20:11:57 <mmcgrath> ok, moving on
20:11:59 <mmcgrath> #topic Updates
20:12:03 <mmcgrath> smooge: how goes the updates?
20:13:56 * mmcgrath assumes smooge is busy with the actual updates.
20:14:09 <mmcgrath> #topic FAS + FreeIPA
20:14:17 <mmcgrath> So I'm starting to evaluate this again.
20:14:27 <mmcgrath> a few things have changed since we last looked at it.
20:14:34 <mmcgrath> mostly A) their stack has come together quite a bit more
20:14:43 <mmcgrath> and B) we've started to have issues managing internal aspects of FAS.
20:14:48 <mmcgrath> particularly as far as scale goes.
20:14:56 <mmcgrath> abadger1999: is that a fair assessment?
20:15:21 <smooge> I am working on updates
20:15:23 <abadger1999> I'm not sure -- I'd certainly like to have less code that we maintain, though.
20:15:31 <smooge> sorry had to deal with 4 boxes needing persoanl attention
20:15:40 <smooge> everything else has worked with func-yum
20:15:43 <abadger1999> mmcgrath: What are we trying to scale nad does freeipa scale it better?
20:15:44 <mmcgrath> smooge: no worries, don't let us destract you, we do this every week :)
20:16:02 <mmcgrath> abadger1999: I'm working on testing that, I got all the groups imported (no memberships) working on users now.
20:16:07 <mmcgrath> Then memberships
20:16:16 <smooge> oh I want to be distracted by FAS+FreeIPA
20:16:30 <mmcgrath> So for those of you not familiar with FreeIPA, it'd give us kerberos, ldap and ssl management.
20:16:39 <mmcgrath> although the current version doesn't support _user_ certificates.
20:16:55 <mmcgrath> everyone seems to think that's in the future and wouldn't be hard for us to add via a patch.
20:17:04 <mmcgrath> But here's the problem...
20:17:17 <mmcgrath> I don't think we can force kerberose or ssl auth in very many places if anywhere.
20:17:51 <jsmith> :-/
20:18:02 <mmcgrath> there will be users that cannot use kerberos
20:18:17 <mmcgrath> some places, for example, may not allow outbound port 88 (which is used to request kerberos tickets)
20:18:21 <mmcgrath> but we can set it up as an option.
20:18:23 <dgilmore> mmcgrath: ssl we have a better chance of forcing
20:18:37 <mmcgrath> dgilmore: agreed, but only for developers.
20:18:44 <mmcgrath> we wouldn't get away with that on public sites like fedorahosted.
20:18:44 <dgilmore> mmcgrath: right
20:19:00 <mmcgrath> so in some respects, these options will complicate how we design the "total system"
20:19:05 <mmcgrath> but, the benefits are this
20:19:14 <mmcgrath> the internal systems basically all get handed over to some other team to manage.
20:19:21 <mmcgrath> I mean the development of them.
20:19:30 <mmcgrath> which would allow us to focus on other things
20:19:41 <mmcgrath> FAS as we know it would become a thin client / wizard sitting on top of freeIPA.
20:19:53 <mmcgrath> and IMHO one nice feature is we could expose ldap directly.
20:20:05 <mmcgrath> people could manage groups directly from ldap if they were so inclined.
20:20:16 <mmcgrath> and using ACI's they'd only be able to manage gruops they were an admin of.
20:20:30 <dgilmore> mmcgrath: yeah.  i think there are a lot of plusses for the extra complexity
20:20:30 <mmcgrath> the biggest workflow difference that I can think of is I'm thinking about getting rid of -sponsors.
20:20:45 <mmcgrath> but I'll be bringing that to the advisory board for further discussion.
20:20:54 <mmcgrath> basically we'd have group and group-admins
20:20:55 <mmcgrath> and that's it
20:21:40 <mmcgrath> but that's more of a policy discussion so once I know exactly how that'd work, I'll take it to FAB for discussion since I know it'll be a change for everyone.
20:22:16 <mmcgrath> ok, any questions or comments on that?
20:22:48 <mmcgrath> allrighty
20:22:52 <mmcgrath> in that case #topic open floor
20:22:57 <mmcgrath> anyone have anything they'd like to discuss?
20:24:21 <mmcgrath> ok, well I'll close in 30
20:24:33 <jsmith> I'll add my "Thanks for everything you do"
20:24:40 <mmcgrath> jsmith: ditto brotha.
20:24:46 <jsmith> We certainly couldn't do it without a rockin' Infrastructure team
20:25:00 <jsmith> And I know that infra doesn't always get the appreciation it deserves
20:25:08 <mmcgrath> thanks jsmith
20:25:08 <jsmith> So thanks :-)
20:25:13 <mmcgrath> ok, back to work everyone!
20:25:14 <CodeBlock> :)
20:25:15 <mmcgrath> #endmeeting