14:01:05 <mvollmer> #startmeeting meeting 14:01:05 <zodbot> Meeting started Mon Dec 7 14:01:05 2015 UTC. The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:05 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:01:05 <zodbot> The meeting name has been set to 'meeting' 14:01:12 <andreasn> I hope the logs works today 14:01:26 <mvollmer> yeah 14:01:33 <mvollmer> .hello mvo 14:01:36 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com> 14:01:52 <andreasn> .hello andreasn 14:01:53 <zodbot> andreasn: andreasn 'Andreas Nilsson' <anilsson@redhat.com> 14:02:14 <mvollmer> #topic Agenda 14:02:19 <mvollmer> * Debian 8 14:02:48 <andreasn> * tuned support 14:03:02 <andreasn> * container scanning 14:03:05 <mvollmer> * realmd with non-freeipa 14:03:06 <stefw> .hello stefw 14:03:07 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com> 14:03:30 <stefw> * Ideas vs. Issues 14:04:33 <mvollmer> okay, let's go. 14:04:37 <mvollmer> #topic Debian 8 14:04:43 <mvollmer> I tink I have touched ground 14:04:48 <mvollmer> all tests are green 14:05:03 <mvollmer> only two bugs found in Debian, which is pretty good. :-) 14:05:14 <mvollmer> many tests are skipped 14:05:50 <mvollmer> https://mvo.fedorapeople.org/logs/test-fdcf2a96-debian-8/log.html 14:06:06 <mvollmer> storage, kubernetes, and realm tests are skipped 14:06:20 <mvollmer> and sosreport 14:06:21 <mvollmer> well 14:06:22 <stefw> are the skipped tests for things that are not packaged on debian? 14:06:31 <mvollmer> yes 14:06:33 <stefw> ie, those cockpit subpackages are not packaged there (yet)? 14:06:44 <mvollmer> nothing is skipped because of bugs 14:07:15 <mvollmer> i have to step back from this a bit 14:07:31 <mvollmer> and write down the follow up work 14:08:11 <mvollmer> we need to improve some UI scenarios, such as handling network interfaces that are not managed by NM 14:08:45 <mvollmer> but I think we can pretty soon start testing on Debian 8 and expect it to be green. 14:09:03 <andreasn> do you mean on a system with both NM and something else? or no NM at all? 14:09:16 <mvollmer> with both NM and something else 14:09:25 <andreasn> right 14:09:53 <mvollmer> on Fedora, NM can manage traditional old text-file configuration, but on Debian it can not. I think. 14:10:04 <andreasn> ah, I see 14:10:17 <andreasn> is that deliberate from debians side? or just a bug? 14:10:18 <mvollmer> so on Fedora you can let it manage everything and it will be alright even for greybeards 14:10:26 <mvollmer> but on Debian you have to choose 14:10:53 <mvollmer> and by default Debian chooses to not let NM manage the devices that were present during installation 14:10:57 <mvollmer> (I think.) 14:11:00 <andreasn> ah, I see 14:11:11 <mvollmer> seems deliberate 14:11:43 * mvollmer notes that he starts to get a grey beard 14:11:54 <mvollmer> actually, silver 14:11:58 <andreasn> cool 14:12:32 <mvollmer> okay, so #3202 is no longer WIP 14:12:47 <mvollmer> I'll read over the review comments etc 14:13:01 <stefw> so should we disable our NM ui (with curtains for instance) when it's not relevant on Debian? 14:13:09 <mvollmer> maybe 14:13:15 <mvollmer> I mean, yes, when it is not relevant 14:13:19 <andreasn> sure 14:13:24 <mvollmer> I am not sure whether it is relevant 14:13:26 <mvollmer> probably not 14:13:40 <mvollmer> but the tests work OK 14:14:07 <mvollmer> in any case, we should handle unmanaged interfaces 14:14:14 <mvollmer> people have those also on Fedora 14:15:07 <mvollmer> if that turns out nice, we might leave NM enabled on Debian, and maybe help people get their interfaces managed 14:15:39 <mvollmer> but let's ask Debian also, of course 14:15:51 <mvollmer> another thing worth mentioning: 14:16:14 <mvollmer> user synch should probably be removed from the normal "add machine" flow 14:16:28 <mvollmer> stefw and I had a discussion about this 14:16:53 <mvollmer> and synching between Fedora and Debian is non-trivial because of the group differences 14:17:01 <stefw> yes, we now have the ability to use disparate users between machines 14:17:03 <mvollmer> and we don't need that synching to much anymore 14:17:06 <stefw> we don't need to push people towards syncing 14:17:32 <petervo> right now when adding a machine 14:17:53 <petervo> if we can't login first try we push them toward syncing 14:18:17 <stefw> it can still be available in other locationts 14:18:17 <stefw> but doesn't need to be part of the flow 14:18:34 <stefw> hmmm, i always get the syncing ui 14:18:46 <petervo> yes, it always shows 14:18:47 <mvollmer> me, too, I think 14:19:23 <petervo> but i was wondering if we want to leave it in the case of a failed initial login 14:19:29 <petervo> or remove it all together 14:19:43 <stefw> currently it shows up as the last step of add server 14:19:43 <stefw> oh ok 14:19:43 <stefw> so lets make it conditional, yes 14:20:04 <mvollmer> and call it "Create Users", maybe? 14:20:11 <petervo> ok, i'll open a ticket 14:20:15 <mvollmer> ok 14:20:43 <mvollmer> I'll open issues for the other things 14:21:22 <mvollmer> but let me see you nod: We want to test each PR on debian-8, just like we do with fedora-23, etc. 14:21:26 <mvollmer> right? 14:21:29 * mvollmer nods 14:22:21 <stefw> yup 14:22:22 <mvollmer> I have actually found myself working on other things using my Debian VM as a devbox, just because that was in the command history 14:22:33 <mvollmer> worked just fine 14:22:54 <mvollmer> okay 14:22:58 <mvollmer> next topic? 14:23:27 <andreasn> yup 14:23:39 <mvollmer> #topic tuned support 14:24:01 <stefw> Ryan Barry has contributed a plugin for tuned support 14:24:04 <stefw> which is really great 14:24:12 <stefw> tuned lets you set the CPU performance profile of a server 14:24:42 <andreasn> #info https://github.com/cockpit-project/cockpit/pull/3279 14:24:42 <stefw> so if you would like it to use more power, and be faster, etc.. 14:24:43 <stefw> the plugin is not ready to be merged 14:24:45 <stefw> but it does work once it gets a little patch 14:24:50 <andreasn> #info https://trello.com/c/eRlWwPcu/12-tuned-support 14:25:00 <stefw> yes, this is one of the features on our roadmap 14:25:25 <stefw> so it's a very nice contribution 14:25:26 <stefw> so i guess i have several questions 14:25:26 <stefw> do we want to prioritize this and bump it up our roadmap 14:25:26 <stefw> because someone has contributed it 14:25:28 <stefw> and finish it up 14:25:34 <andreasn> I would say yes 14:25:43 <stefw> the alternative, would be to get the minimum functionality finished 14:25:46 <mvollmer> yes 14:26:05 <stefw> and merge it early, and then finish it up later as a real feature 14:26:05 <stefw> i would prefer the former 14:26:09 <stefw> but likely i wouldn't be the one to do the work for that option :) 14:26:15 <mvollmer> this needs some tests, right? 14:26:21 <stefw> and a better design 14:26:26 <mvollmer> right 14:26:41 <andreasn> I think a better design could be fairly straight forward for the minimum functionality 14:26:50 <mvollmer> i should work on my bug backlog 14:26:50 <stefw> we can see how much ryan wants to implement the design 14:27:00 <mvollmer> but I can help with the tests 14:27:02 <andreasn> like moving it to the server frontpage and change the wording a bit 14:27:53 <andreasn> so start with this minimum, and then create a full feature out of it at a later point+ 14:27:55 <andreasn> ? 14:28:07 <andreasn> like "Tuned: part 2" 14:28:23 <stefw> well that was one of the alternatives 14:28:29 <stefw> if we can do it right, especially with design the first time around 14:28:31 <stefw> i think that would be best 14:29:07 <andreasn> I've done some research before this meeting, since I hadn't heard about tuned before 14:29:08 <mvollmer> I agree 14:29:35 <andreasn> but I haven't really figured out the capabilities of it 14:30:02 <andreasn> but I'll keep reading up on it 14:32:01 <mvollmer> okay, conclusion is to try to do this right, correct? 14:32:18 <stefw> yeah, i think so 14:32:19 <stefw> andreasn, will you create a feature page? 14:32:22 <andreasn> sure 14:33:45 <mvollmer> alright, next? 14:34:06 <andreasn> sure 14:34:07 <mvollmer> #topic container scanning 14:35:02 <andreasn> I've done some more work on this. Filled out the feature page https://github.com/cockpit-project/cockpit/wiki/Feature:-container-security-scanning 14:35:35 <andreasn> and worked on mockups, but those are not 100% done yet. Maybe 90% there now 14:36:17 <andreasn> is anyone interested in the implementation part of that once it's done? 14:36:47 <mvollmer> sure 14:36:54 <andreasn> cool 14:36:55 <petervo> andreasn, are you thinking the "pushes to production" is part of this UI? 14:37:42 <andreasn> petervo: no, that would be a separate thing I think 14:37:45 <mvollmer> is this on our roadmap? I can't see it. 14:38:04 <andreasn> https://trello.com/c/sE5cjZ6C/217-container-image-scanning 14:38:12 <petervo> ok good 14:39:09 <mvollmer> andreasn, should it be also listed here https://trello.com/c/ieN2nnXd/176-feature-roadmap ? 14:39:25 <andreasn> mvollmer: it's on the atomic roadmap (I thinkl) 14:39:35 <andreasn> yup https://trello.com/c/fhLkR7PZ/162-atomic-features 14:39:50 <andreasn> oh, look. tuned is also there! :) 14:40:04 <mvollmer> ohh, right! 14:40:17 <mvollmer> so much to do... 14:41:04 <andreasn> we can rest when we're dead 14:41:10 <andreasn> :) 14:41:20 <mvollmer> \m/ 14:41:24 <andreasn> next topic? 14:41:37 <mvollmer> #topic realmd with non-freeipa 14:41:44 <mvollmer> this came up with Debian 14:42:02 <mvollmer> Debian can't join FreeIPA because it doesn't have the client yet 14:42:12 <mvollmer> (I hope that is a correct statement.) 14:42:25 <mvollmer> (Maybe one can join FreeIPA in other ways, I don't know.) 14:42:29 <andreasn> what domain solution do they have? 14:42:50 <mvollmer> But I think that Cockpit can _only_ join FreeIPA domains 14:42:57 <stefw> that would be extremely hard 14:43:03 <mvollmer> and the error message on Debian is not helpful 14:43:06 <stefw> to join IPA without the client (it does a lot of things) 14:43:28 <mvollmer> maybe soon FreeIPA can be treated as AD? 14:43:36 <mvollmer> anyway, I don't know these things 14:44:01 <mvollmer> so, I think the right thing on Debian would be to disable the domain button, actually. 14:44:35 <andreasn> just hide that whole row? 14:44:41 <mvollmer> or we make sure that Cockpit can join non-FreeIPA domains. 14:45:06 <stefw> Debian should be able to join AD domains 14:45:32 <stefw> IPA domains won't show up as valid domains if realmd support for them is disabled 14:45:39 <mvollmer> Cockpit only every calls KerberosMembership.Join() on realmd 14:45:43 <stefw> this seems like a Debian bug 14:45:59 <stefw> well it calls Discover() 14:46:08 <stefw> how would it avoid thath? 14:46:19 <mvollmer> I mean, it never tries to join via a different interface 14:46:29 <stefw> if IPA support is properly disabled in Debian realmd 14:46:42 <mvollmer> is KerberosMembership.Join the right thing to join to AD? 14:46:47 <stefw> then cockpit will handle that case correctly (by not joining, or offering to join IPA domains) 14:46:50 <stefw> mvollmer, yes 14:46:55 <stefw> that's the whole point of realmd 14:47:00 <stefw> to abstract that sorta stuff away 14:47:01 <mvollmer> ok, I see 14:47:07 <stefw> AD is kerberos based 14:47:10 <andreasn> how does it work in GNOME on Debian? 14:47:41 <stefw> i imagine if you point realmd at an IPA domain using gnome-control-center you'll have the same behavior 14:48:58 <mvollmer> I open an issue for this. 14:49:13 <mvollmer> let's use the time for the remaining topics, I'd say 14:49:32 <mvollmer> #topic Ideas vs. Issues 14:49:42 <mvollmer> ohh, simo was here :-) 14:50:06 <stefw> we discussed a bit elsewhere about moving very broad RFE style issues into an Ideas page 14:50:40 <sgallagh_> Sorry, I forgot about this meeting. Can we go back to the realmd discussion? 14:51:16 <stefw> it would be best to keep the Issues to things that are reasonably going to have a conclusion 14:51:17 <stefw> either because they're a bug and pretty much have to be fixed 14:51:17 <stefw> or are assigned to someone who's going to fix it 14:51:17 <stefw> or are concrete missing functidonality in an already implemented feature 14:51:19 <sgallagh_> First of all, I *think* Debian does in fact have an ipa-client these days. 14:51:32 <mvollmer> sgallagh_, later, please 14:51:38 <sgallagh_> ok 14:51:41 <sgallagh_> Ping me. 14:51:42 <mvollmer> thanks 14:52:06 <stefw> broad ideas with no backing from someone who's going to contribute them should go onto the Ideas page 14:52:06 <stefw> they can serve as inspiration, and ideally would find a contributor at some point in which case a pull request, and further 'issues' would result 14:52:06 <stefw> does that make sense? 14:52:10 <andreasn> yeah, otherwise things are just going to get lost in the issue tracker 14:52:27 <stefw> hmmm, looks like we're experiencing net splits or something 14:52:32 <mvollmer> makes sense to me. 14:52:50 <andreasn> should I go ahead and create the page in the wiki? 14:53:15 <mvollmer> the networkmanager idea fits what we have discussed above about handling unmanaged interfaces 14:53:25 <mvollmer> andreasn, it exists 14:53:34 <petervo> https://github.com/cockpit-project/cockpit/wiki/Ideas 14:53:44 <andreasn> nice 14:53:45 <stefw> #info https://github.com/cockpit-project/cockpit/wiki/Ideas 14:53:45 <stefw> This is the page 14:53:45 <stefw> https://github.com/cockpit-project/cockpit/wiki/Ideas 14:53:45 <stefw> and i've added 5 things so far 14:53:45 <stefw> mvollmer, ok, could you remove the networkmanager item 14:53:46 <stefw> and assign the bug to yourself? 14:53:58 <mvollmer> yes 14:54:25 <petervo> we should probably link to it from the main wiki page and maybe add a line or two about it to the Roadmap page 14:54:40 <stefw> yes, and from the Hackfest page 14:54:46 <stefw> and Contributing page 14:57:27 <mvollmer> okay 14:57:44 <mvollmer> #topic realmd with non-freeipa 14:57:50 <mvollmer> sgallagh_, ping 14:57:50 <zodbot> mvollmer: Ping with data, please: https://fedoraproject.org/wiki/No_naked_pings 14:57:56 <mvollmer> sgallagh_, ping with data 14:58:00 <sgallagh_> mvollmer: Heh 14:58:06 <mvollmer> :-) 14:58:23 <sgallagh_> OK, so I know that Timo Aaltonen has been maintaining the FreeIPA-on-Debian/Ubuntu effort for a long while now 14:58:50 <sgallagh_> I'm 95% sure that ipa-client works on Debian now and I seem to recall hearing that they actually have the server as well these days 14:59:00 <sgallagh_> Though possibly only on Debian-Testing 14:59:03 <mvollmer> freeipa-client is in unstable only, no? 14:59:27 <sgallagh_> Might be 14:59:36 <mvollmer> https://tracker.debian.org/pkg/freeipa 15:00:13 <mvollmer> it's still ahead of cockpit, of course. 15:00:17 <sgallagh_> That's teh server... 15:00:32 <mvollmer> so when cockpit goes to unstable (fingers crossed), we have to look at this again, true. 15:00:59 <sgallagh_> The client landed in Debian at least a year ago, probably two 15:01:20 <mvollmer> client and server are built from the same source package, no? 15:01:38 <mvollmer> sgallagh_, yes, it landed in unstable 15:02:05 <mvollmer> you are right, I should have said that more clearly. 15:02:17 <mvollmer> we are testing on debian 8 now, which doesn't have it. 15:02:25 <sgallagh_> OK 15:02:53 <sgallagh_> mvollmer: Might be worth testing on recent Ubuntu as well. I *know* ipa-client is available there. 15:02:56 <mvollmer> but cockpit will go to unstable of course, so have to figure out how we test that 15:03:30 <sgallagh_> Yeah, my experience with the Debian process in minimal. 15:03:36 <sgallagh_> s/in/is/ 15:04:38 <sgallagh_> mvollmer: Presumably unstable packages in Debian can depend on one another? 15:04:50 <mvollmer> yes 15:04:51 <sgallagh_> I know apt has the "Recommends" concept; we could Recommends: ipa-client 15:05:11 <mvollmer> ohh look at this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787593 15:05:21 <mvollmer> we will run into this as well,I guess 15:05:32 <mvollmer> or maybe not 15:06:19 <mvollmer> anyway, thanks for reminding me that Debian 8 is not really the thing that Cockpit has to integrate with. 15:06:33 <mvollmer> i started to forget aboutt hat 15:06:49 <sgallagh_> /me nods 15:07:33 <mvollmer> ok, done? 15:07:38 <sgallagh> I have nothing else 15:07:45 <mvollmer> #topic Any other business 15:08:10 <mvollmer> nothing, good. :) 15:08:13 <mvollmer> #endmeeting