fedora-meeting-1
LOGS
16:03:13 <sgallagh> #startmeeting Server Working Group Weekly Meeting (2014-11-18)
16:03:13 <zodbot> Meeting started Tue Nov 18 16:03:13 2014 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:13 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:03:17 <sgallagh> #chair sgallagh mizmo nirik davidstrauss stefw adamw simo tuanta mitr
16:03:17 <zodbot> Current chairs: adamw davidstrauss mitr mizmo nirik sgallagh simo stefw tuanta
16:03:19 <sgallagh> #topic roll call
16:03:27 * stefw is sort of here
16:03:33 * nirik is here still
16:03:34 <mitr> Hello
16:03:36 * junland is here.
16:03:57 * danofsatx-work is split with kde meeting in 1
16:04:05 <danofsatx-work> er, in base - this is 1
16:04:24 <sgallagh> Side-note: it would be nice if zodbot would let us correct the meeting title without ending and starting again.
16:05:06 <nirik> patches welcome. ;)
16:05:12 <sgallagh> understood
16:05:34 <sgallagh> I count quorum, so let's get started
16:05:44 <sgallagh> #topic Agenda
16:06:02 <sgallagh> I have two items from the mailing list and two I thought of just before the meeting started:
16:06:11 <sgallagh> #info Agenda Item: Approval of the Final Criteria
16:06:17 <sgallagh> #info Agenda Item: Status check as we enter Final Freeze
16:06:26 <sgallagh> #info Agenda Item: Fedora 22 Planning - GUI
16:06:30 <sgallagh> #info Agenda Item: Fedora 22 Planning - Roles
16:06:41 <sgallagh> Anyone have other topics for this week?
16:06:56 * junland has nothing in terms of agenda.
16:08:20 <sgallagh> ok, then let's start
16:08:26 <sgallagh> #topic Approval of the Final Criteria
16:08:33 <nirik> They look ok to me... +1
16:08:49 <sgallagh> #link https://lists.fedoraproject.org/pipermail/server/2014-November/001551.html
16:09:00 <mitr> +1
16:09:10 <sgallagh> /me was hoping to get adamw's input as well, but he doesn't seem to be around
16:09:29 <nirik> he's on PTO thru tomorrow.
16:09:49 <sgallagh> simo: Given that you represent the team responsible for meeting most of these criteria, I'm especially interested in your vote.
16:09:56 <danofsatx-work> I think he's good with it. he wrote it, after all
16:10:08 <sgallagh> danofsatx-work: ?
16:10:23 <simo> sgallagh: re-reading
16:10:24 <danofsatx-work> adamw's view on the criteria....sorry
16:10:46 <sgallagh> danofsatx-work: I wrote the ones we're talking about right now
16:10:53 <danofsatx-work> oh wait, you wrote those. sorry
16:10:58 * danofsatx-work needs more coffee
16:11:17 <simo> sgallagh: I think you may want to add "the domain controller" must be able to server kerberos tickets ? (can be tested with kinit and kvno)
16:11:56 <simo> otherwise the only things that need to work are LDAP and DNS, and those are not sufficient for a domain join of freeipa-client (sssd) to work
16:12:05 <sgallagh> "* Enrolled clients must be capable of authenticating against a valid user account using SSSD."
16:12:16 <simo> that is vague
16:12:21 <sgallagh> Intentionally :)
16:12:27 <simo> you could use the ldap backend and do password based auth
16:12:44 <simo> Any reason we should not make sure krb5 works  in the criteria ?
16:12:57 <simo> (sorry for missing it early I thought it was there)
16:13:06 <sgallagh> Well, I'll strengthen that sentence to say that SSSD mus be usable with the 'ipa' backend
16:13:14 <simo> ok that will do
16:13:24 <sgallagh> I didn't want to put any specific requirements on exact Kerberos features as part of the criteria
16:13:51 <sgallagh> Our concern here should be for our ability to perform common operations
16:13:56 <simo> nothing exact in my wording, just the basic stuff
16:14:16 <sgallagh> "* Enrolled clients must be capable of authenticating against a valid user account using SSSD's 'ipa' provider."
16:14:34 <simo> right getting krb tickets is part of common operations, but the line you throw captures it now
16:14:39 <sgallagh> (which, interestingly, covers both Kerberos and LDAP, thanks to the migration mode)
16:14:55 <simo> * Users must be capable of performing password-less single-sign-on
16:14:55 <simo> between two enrolled clients using GSSAPI.
16:15:01 <simo> ah I somehow missed this one
16:15:09 <simo> which also checks getting tickets for other hosts
16:15:17 <simo> ok I think it all looks good then
16:15:20 <sgallagh> #info Adjusted text: "* Enrolled clients must be capable of authenticating against a valid user account using SSSD's 'ipa' provider."
16:16:11 <sgallagh> I'll interpret that as a +1 and give my own as well.
16:17:08 <sgallagh> stefw: mind chiming in? We're technically a vote short of approval.
16:17:35 * stefw catches up
16:18:32 <stefw> that wording looks good, and matches the intent of the criteria
16:18:39 <stefw> so +1 to the adjusted text
16:19:30 <sgallagh> #agreed Draft Criteria approved and will be submitted to QA for inclusion. (+5, 0, -0)
16:19:39 <sgallagh> #topic Status check as we enter Final Freeze
16:20:08 <simo> ok we have 4 critical FreeIPA bugs
16:20:09 <sgallagh> So as of about 16 hours ago, Fedora 21 is in Final Freeze.
16:20:22 <nirik> simo: :(
16:20:25 <simo> I have a patches for one of them posted upstream and being reviewed
16:20:59 <simo> nirik: sorry found out only Thursday and the bug was nasty, took me 3 days to find all ramifications and build a solution
16:21:02 <nirik> simo: are any of them blockers? or they should be freeze exceptions or?
16:21:21 <simo> good question
16:21:31 <simo> I think there was one considered blocker
16:21:58 * nirik doesn't see any freeipa ones on https://qa.fedoraproject.org/blockerbugs/milestone/21/final/buglist
16:22:00 <simo> the bug I fixed could be considered a blocker as I am changing (backwards incompatible) a control encoding as the original implementation was  ... wrong
16:22:01 <sgallagh> Just so we're clear, a blocker is any bug that violates one of the criteria we just voted on.
16:22:05 <nirik> if there are any, please propose them asap.
16:22:14 <sgallagh> If it doesn't do that, it's at *best* a Freeze Exception candidate.
16:22:18 <simo> but it has a minimal impact so it could conceivably be handled as a zero day
16:22:19 <nirik> better to know sooner where we stand.
16:22:40 <simo> sgallagh: we have the TLS issue still I think
16:22:49 <simo> so that may be seen as violating the criteria
16:23:26 <sgallagh> simo: One at a time; I'm not sure which one you're saying violated the criteria
16:23:57 <sgallagh> nirik: FYI, the openldap one on that list has FreeIPA impact
16:24:04 <sgallagh> Which is why I proposed it
16:24:25 <nirik> ok.
16:25:33 <simo> sgallagh: the openldap one
16:26:07 <sgallagh> simo: Right, that one I already proposed
16:27:36 <sgallagh> Let's not turn this into a blocker review meeting.
16:27:59 <nirik> We don't need to, just try and look them over and propose any that hit critera. ;)
16:28:05 <sgallagh> simo: Can you commit to owning this and making sure bugs get requested for Blocker/FE ASAP?
16:29:05 <simo> sgallagh: I am not familiar with Blocker procedure
16:29:09 <simo> any pointers ?
16:29:20 <sgallagh> simo: https://qa.fedoraproject.org/blockerbugs/propose_bug
16:29:23 <simo> ty
16:29:41 <sgallagh> There are notes there to help you find criteria to match against
16:30:33 <sgallagh> ok, other Server-relevant issues.
16:30:57 <sgallagh> I checked in with stefw and the Cockpit team; we're going to need to request a Freeze Exception to clean up some branding stuff.
16:31:13 <sgallagh> We're pretty much locked down as far as code-changes, so it shouldn't introduce any risk.
16:31:13 <stefw> indeed, i haven't been able to get ahold of andreasn
16:31:14 <danofsatx-work> good to know.
16:31:21 <stefw> if it's a blocker tomorrow, i'll just try and do it myself
16:32:04 <sgallagh> stefw: I'm not considering it a blocker; it doesn't affect any functionality and *can* be fixed with an update. It'll just not have the right appearance.
16:32:09 <stefw> ok
16:32:50 <sgallagh> Any objections?
16:33:06 <nirik> nope. let folks know and we can test. :)
16:33:11 <sgallagh> #info simo notes that there are several potential blocker issues in FreeIPA.
16:33:12 <junland> nope
16:33:26 <danofsatx-work> none from the peanut gallery
16:33:26 <sgallagh> #action simo to propose blockers and freeze exceptions for FreeIPA issues
16:33:53 <sgallagh> #info Cockpit needs a branding update. We will propose it as a Freeze Exception and not a blocker.
16:35:28 <sgallagh> Status on rolekit: ready to go
16:35:42 <sgallagh> Thanks to danofsatx-work, we got karma to put it into stable just in time for the Freeze
16:36:32 <danofsatx-work> yay me ;)
16:37:04 <sgallagh> We still have ongoing branding stuff happening in the installers
16:37:07 <danofsatx-work> I managed to get it done while sitting in one class listening to a lecture and prepping for a presentation in the next class. multitasking at my finest ;)
16:37:15 <nirik> heh
16:37:17 <sgallagh> But I *think* all we're waiting for now is spot to build a new fedora-logos package
16:37:32 <junland> haha
16:37:53 <sgallagh> #info rolekit is good to go for F21 Final
16:38:25 <sgallagh> #info Branding issues for all of the products are still being sorted, but should be in their final phases now.
16:38:52 <sgallagh> I *think* we're also in good shape with the websites folks.
16:39:20 <sgallagh> I worked with stickster to come up with some advertising copy for the features we're offering
16:39:28 <nirik> yeah, hope so
16:39:50 <sgallagh> #info Fedora Server brochure page looking good; remaining piece is in the Websites team's hands.
16:40:05 <danofsatx-work> do you have the link handy for the draft?
16:40:34 <nirik> I don't think it's deployed anywhere yet, but it's in the websites git...
16:40:51 <sgallagh> danofsatx-work: No, stickster was showing me screenshots and I expect they're expired now
16:40:56 <danofsatx-work> oh, ok
16:41:23 <sgallagh> OK, that's all the status I have for now. Anyone else have anything to add?
16:41:30 <nirik> https://git.fedorahosted.org/cgit/fedora-web.git/tree/getfedora.org/data/content/server/index.html?h=getfedora
16:41:41 <danofsatx-work> were we discussing future roles?
16:41:42 <nirik> somewhere around there and related files. ;)
16:42:21 <sgallagh> danofsatx-work: We have more topics
16:42:27 <danofsatx-work> oh, duh
16:42:32 * danofsatx-work goes to find more coffee
16:42:37 <sgallagh> I should have said "anyone else have anything to add to the status check"?
16:42:51 * nirik has nothing more for status
16:43:16 <sgallagh> #topic Fedora 22 Planning - GUI
16:43:38 <sgallagh> This topic is largely a placeholder, but the topic came up in discussion today.
16:43:39 <nirik> do we need to actually bless some specific GUI?
16:43:49 <danofsatx-work> not today
16:43:54 <sgallagh> Now that we're in Final Freeze, discussing future plans is a good idea
16:44:18 <nirik> well, I mean ever... ;) I suppose we would if we want to ship one on the dvd...
16:44:24 <sgallagh> nirik: I think we want to have a customized Server GUI installable, yes.
16:44:26 <junland> Yes, we need a plan.
16:44:32 <danofsatx-work> KDE team seems willing to give a "low resource" specific DE a shot for server.
16:44:43 <nirik> what would be be customized in this gui?
16:44:55 <junland> Do you think we could have the netbook workspace?
16:44:58 <sgallagh> Something that may not be a complete Workstation/GNOME/KDE default, but stripped down for server needs
16:45:00 <danofsatx-work> not have the window decorations and fancy graphics
16:45:19 <stefw> this is very confusing to me
16:45:21 <sgallagh> Reduced overhead and limited default apps, I think
16:45:23 <danofsatx-work> a window manager, based on X11 or Wayland, to serve GUI applications like installers and such
16:45:25 <stefw> i thought Cockpit is meant to be the server GUI
16:45:36 <sgallagh> stefw: It is, but there are a couple cases Cockpit can't solve
16:45:39 <stefw> people can obviously install whatever they want
16:45:41 <danofsatx-work> Cockpit can't install, say, Oracle Database.
16:45:46 <sgallagh> (Sorry, this was covered prior to your joining)
16:46:20 <sgallagh> stefw: As danofsatx-work notes: there are a lot of third-party applications (especially in Oracle's family) that require a local GUI to install and don't forward over SSH very well
16:46:25 <junland> But I'll be working a draft and post it in the list
16:46:27 <danofsatx-work> scratch that - DB is a text installer. Other Oracle apps, however, are GUI based.
16:46:43 <stefw> yeah, sure, and people can just 'yum groupinstall @gnome'
16:46:47 <stefw> right?
16:46:55 <nirik> or kde or xfce or lxde or ratpoison, etc.
16:46:58 <stefw> if they want to do legacy things, they can do wild stuff if they want
16:47:18 <sgallagh> I'm not sure I'd call that "legacy", but yes this is the current state
16:47:26 <mitr> stefw: Beyond that Oracle issue, I think it is reasonable to provide enough tools to diagnose and fix a cockpit failure.  GUI tools, that is, because other kinds don’t count ☺  I’m hoping that a file manager, text editor, log viewer, and a privilege escalation method to edit files in /etc would be all that is actually needed.  As for anything else, you’re right, there’s (yum install) for that
16:47:26 <stefw> i think that X11 on a server is legacy
16:47:39 <simo> stefw: I wouldn't want the whole of gnome just for installing stupid oracle
16:47:55 <simo> stefw: besides gnome works really bad on non-gl graphics cards
16:47:56 <stefw> if oracle has set things up to require gtk + X11 in order to install then so beit
16:47:59 <stefw> but we don't need to bless it
16:48:07 <mitr> stefw: I _absolutely_ want to focus on cockpit as _the_ GUI as opposed to anything GNOME-based, but really the CLI is far more legacy than X11.
16:48:14 <junland> stefw: So is there any alts for X11?
16:48:21 <sgallagh> stefw: It's not just Oracle (though they are the 800lb gorilla)
16:48:27 * nirik is happy to read proposals, but not sure this is a great use of our resources. ;)
16:48:28 <danofsatx-work> junland: Wayland ;)
16:48:42 <simo> stefw: would cockpit be able to export a VNC session with a stripped down DE (And I mean really stripped down to the bare bones)
16:48:45 <junland> danoofsatx-work:got it
16:49:02 <stefw> it would be interesting to use something like an html5 vnc in cockpit
16:49:05 <mitr> simo: what would that VNC session be used for?  Only the Oracle-like installations?
16:49:06 <stefw> but that's really just a tiny part of the issue
16:49:19 <simo> mitr: stuff that needs a UI, yes
16:49:22 <stefw> the real issue is that you have to have this entire massive stack on your server to install some legacy app that does not work on headless servers.
16:49:32 <stefw> you *can* totall ydo this
16:49:36 <stefw> with whatever DE you want
16:49:40 <simo> right
16:49:42 <stefw> but i don't think we should bless it in anyway
16:49:54 <simo> but providing a small footprint DE would be valuable I think
16:50:03 <stefw> don't we? what about XFCE?
16:50:12 <simo> what about it ?
16:50:16 <danofsatx-work> but junland's orignal proposal wasn't for remote management, it was for local management for small-business deployments (read: not data center)
16:50:21 <stefw> it's a small DE
16:50:36 <sgallagh> For the record, I'm not very keen on us elevating a new release-blocking desktop either.
16:50:38 <simo> if it fits the bill fine by me
16:50:39 <junland> We also have to look at Pedestal servers not just rack mounts
16:50:46 <nirik> perhaps we could gather more concrete use cases on the list? it might be that just documenting how to install things could meet these needs?
16:50:56 <stefw> cockpit can have tools added to it
16:51:24 <junland> nirik: I'll provide cases.
16:51:24 <nirik> ie, here's how to install $desktop to a fedora-server install:
16:51:29 <mitr> stefw: What is the recovery path to cockpit being “broken”?  (Someone incorrectly editing firewall/network config, or running out of disk space perhaps)
16:51:40 <sgallagh> mitr: SSH
16:51:43 <stefw> mitr the shell
16:51:43 <simo> FWIW I would love to have FF as the root runnign app that shows just cockpit, which can optionally run a DE in VNC in localhost ... just to have mindblown :)
16:51:48 <stefw> identical to the cases for X11 being broken
16:52:01 <mitr> sgallagh/stefw: CLI doesn’t count for the users we are building cockpit for
16:52:03 <sgallagh> simo: You scare me sometimes ;-)
16:52:07 <stefw> simo, yes that would be cool for servers with a monitor
16:52:27 <stefw> mitr, yeah any GUI can break down
16:52:30 <simo> stefw: more importantly gives the same interface to the user whether there is a monitor or not
16:52:31 <stefw> whether xorg or cockpit
16:52:40 <sgallagh> Though... I kind of wonder if we could bludgeon FirefoxOS in there...
16:52:40 <junland> Web De?
16:52:40 <junland> DE*
16:52:46 <mitr> I”m not saying that a local GUI needs to be _the_ solution, but it seems the easiest one I can think of (as opposed to a "magic” rescue ISo one can boot into to fix “everything”)
16:52:54 <nirik> sgallagh: no, I am pretty sure not. ;)
16:53:13 <junland> mitr: It also needs to be a option for IT admins...
16:53:48 <stefw> anyway, i think server admins can solve this today. I see it a legacy work around
16:53:53 <stefw> and they can solve it with one command
16:53:57 <mitr> junland: Most/all that IT admins need to do should eventually be possible to do trough cockpit.  It seems to me long-term we only need the Oracle and the disaster recovery cases
16:54:01 <nirik> mitr: how about a systemd target for rescue? but it's hard to know all the cases it would have to rescue you from. ;(
16:54:11 <mitr> nirik: Yeah, that’
16:54:16 <mitr> s the issue.
16:54:34 <mitr> Giving users tools to do arbitrary debugging seems far easier than writing a self-healing system (unfortunately?)
16:54:41 <nirik> and gui/de is going to be more complex than just a command line, so in the end there will be cases where that won't help you either.
16:54:51 <mitr> True
16:54:56 <junland> mitr: Got it. I just want everyone to be on a agreement / disagreement for me creating a proposal.
16:55:40 <mitr> junland: I think there will inevitably be discussion after this meeting and after you post a proposal.  That is fine and good :)
16:55:45 <sgallagh> Yes
16:55:47 <nirik> junland: always happy to see proposals, but thats not saying we will want to do that. ;)
16:56:05 <sgallagh> junland: Yeah, please put together a proposal and we'll see if it meshes with our strategy.
16:56:15 <sgallagh> This was mostly intended to bring the topic back to mind
16:56:38 <junland> Got, just gonna shut gun this one and put my thoughts together for a proposal.
16:56:54 <sgallagh> Sounds good. Thanks very much.
16:57:09 <sgallagh> We're almost out of time today, so let's defer the Roles discussion until next week.
16:57:25 <sgallagh> #topic Fedora 22 Planning - Roles
16:57:30 <sgallagh> #info Deferred until next week
16:57:36 <sgallagh> #topic Open Floor
16:57:46 <sgallagh> Anything for Open Floor?
16:57:58 * nirik has nothing.
16:58:01 * junland has nothing
16:58:08 * mitr has nothing
16:58:39 <sgallagh> OK, then let's call it a day.
16:58:45 <sgallagh> Thanks for participating, folks!
16:58:56 <danofsatx-work> thanks for hosting, sgallagh
16:59:04 <sgallagh> #endmeeting