infrastructure
MINUTES
19:00:01 <nirik> #startmeeting Infrastructure (2012-02-09)
19:00:01 <zodbot> Meeting started Thu Feb  9 19:00:01 2012 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:00:01 <nirik> #meetingname infrastructure
19:00:01 <zodbot> The meeting name has been set to 'infrastructure'
19:00:01 <nirik> #topic Robot Roll Call
19:00:01 <nirik> #chair smooge skvidal Codeblock ricky nirik abadger1999 lmacken dgilmore mdomsch
19:00:01 <zodbot> Current chairs: Codeblock abadger1999 dgilmore lmacken mdomsch nirik ricky skvidal smooge
19:00:09 * skvidal is here
19:00:17 <ianweller> crooooooooooooow
19:00:18 * pingou pingou
19:00:23 <CodeBlock> here
19:00:39 <danstar> here
19:00:39 <mdomsch> here
19:00:41 <Smilers_> here
19:00:45 * abadger1999 here
19:00:57 <nirik> lots of folks. ;) nice.
19:01:42 <nirik> ok, lets go ahead then...
19:01:44 <nirik> #topic New folks introductions and apprentice tasks/feedback
19:01:54 <nirik> Any new folks like to introduce themselves ?
19:02:02 <pingou> lots of new folks on the list recently
19:02:05 <nirik> or apprentices like to talk about issues / tickets/ concnerns?
19:02:11 <danstar> i can start with intro :)
19:02:13 <nirik> yeah, there sure seems to be.
19:02:21 <nirik> danstar: welcome. Go ahead
19:02:30 <danstar> well, hi all again :)
19:02:54 <danstar> i'm a long time linux user, going into sysadmining more recently
19:03:22 <danstar> learning to recertify as RHSCA and then RHCE, have lots of free time so i'd like to help if possible
19:03:25 <nirik> excellent.
19:03:39 <nirik> see me after the meeting over in #fedora-admin and we can get you setup.
19:03:47 <danstar> ok
19:04:14 <smooge> here
19:04:18 * lmacken 
19:04:19 <nirik> any other new folks like to introduce themselves?
19:05:16 <nirik> ok, lets move along then...
19:05:32 <nirik> #topic 2 factor auth status
19:05:59 <nirik> I talked with herlo some, I need to meet up and see exactly where we are. I'd like to get something in place before too long for our initial goal.
19:06:16 <nirik> I've been pointed to yet another pam module...
19:06:19 <nirik> pam_httpd
19:06:24 <nirik> sorry, pam_http
19:06:31 <skvidal> what does it do differently than the others?
19:06:37 <nirik> so, we have pam_otp, pam_http and pam_url
19:06:46 <skvidal> yay!
19:06:47 <nirik> I'm not sure, Ive not looked at it yet
19:07:07 <skvidal> umm
19:07:09 <skvidal> how OLD is it?
19:07:16 <skvidal> http://lists.canonical.org/pipermail/kragen-hacks/2002-February/000312.html
19:07:18 <nirik> Ideally we pick whichever one is smallest, does what we want and has someone working on it.
19:07:25 <nirik> it's ancient, but I have an updated one.
19:07:32 <nirik> I can fwd it to you if you want to look.
19:07:36 <skvidal> ah ha https://github.com/beatgammit/pam-http
19:08:06 <nirik> anyhow, hopefully in the next few weeks we can get something going.
19:08:20 <nirik> #topic Staging re-work status
19:08:31 <nirik> we kinda stalled out on this, but I think we know the way we want it to work now.
19:08:39 <skvidal> how many boxes left in staging, now?
19:08:43 <nirik> it's just a matter of setting up the application part in prod
19:08:54 * nirik looks at the last list from averi
19:09:56 <nirik> http://fpaste.org/RusC/
19:10:12 <nirik> we were on the app machines.
19:10:58 <nirik> anyhow, just need to keep plugging away at it.
19:11:11 <nirik> #topic Applications status / discussion
19:11:33 <nirik> lmacken / threebean / abadger1999 / pingou: any app status reports from this week?
19:11:54 <nirik> I really plan to start setting up a prod packaging setup soon. I keep getting sidetracked.
19:12:09 <nirik> comments on the url plan on the list would be welcome
19:12:17 <abadger1999> threebean has been working on the moksha API some.
19:12:42 <threebean> yeah, no changes to production anytime soon but I'm cleaning out some of the extra hangers-on in the moksha API
19:12:43 <lmacken> as for bodhi, I have been fixing a lot of bugs, and pushed out a new release last week. I'm prepping another release this week as well. Then [hopefully] I'll be full-steam towards bodhi v2.0.
19:13:02 <lmacken> yeah, threebean and I are also working on a major refactoring of moksha
19:13:12 <threebean> the plan ->  https://fedorahosted.org/moksha/wiki/2.0
19:13:43 <pingou> I tried to work on getting a new plugin for FAS, might interest lmacken for bodhi at some point (it reworks the flash() function)
19:13:52 <nirik> cool. Did you want to finish that before pushing tagger/packager to production? or doesn't matter?
19:14:07 <abadger1999> Yeah, so we get a flash function that can do warnings and errors.
19:14:18 <lmacken> nirik: nah, the moksha refactoring shouldn't hold anything else back
19:14:20 * wsterling here
19:14:24 <nirik> lmacken: ok, cool.
19:14:25 <lmacken> pingou: oh, interesting.
19:14:29 <nirik> welcome wsterling
19:14:43 <abadger1999> EasyFix item if someone wants -- take the captcha implementation in current FAS and split it into its own package.
19:15:02 <pingou> abadger1999: I was wondering if we should put the code somewhere for this ? fh ?
19:15:24 <abadger1999> It's based on an existing standalone package, so whoever takes it will be able to compare to that to see what they're missing.
19:15:25 <pingou> as in fork it completely, since we already hacked it quite a bit
19:15:33 <abadger1999> pingou: Yeah, I agree.
19:15:45 <pingou> abadger1999: I
19:15:52 <pingou> I'll request the fh project then
19:15:54 <nirik> lmacken: oh, you said something a while back and I might have misunderstood, but you said you could make community (old) work on rhel6 pretty easily? or should we just retire community(old) when we get packager/tagger into production?
19:17:07 <lmacken> nirik: yes, I could probably get it working on RHEL6 pretty quickly (probably just need to spin up a new moksha). As for retiring it, I think we could once packages goes to production...
19:17:17 <lmacken> my only concern is the Statistics section is still very useful (to me at least)
19:17:21 <nirik> #info we currently have just 9 rhel5 instances. 8 of them app servers and 1 a virthost that some app servers are on. ;)
19:17:42 <pingou> nice :)
19:17:56 <nirik> well, if we can get it running on 6, we can start replacing app servers... which would be nice. ;)
19:18:05 <lmacken> nirik: I'll take a look
19:18:10 <nirik> and then just leave it around for a bit.
19:18:14 <lmacken> yeah, sounds good.
19:18:39 <nirik> also, bodhi is still not showing right on app05/06 (our two rhel6 app boxes)
19:19:09 <nirik> any other app news?
19:19:31 <lmacken> nirik: wow, yeah... not sure what that is all about... [Thu Feb 09 19:10:18 2012] [error]   File "/usr/lib/python2.6/site-packages/kid/pars
19:19:35 <lmacken> er.py", line 180, in _track
19:19:37 <lmacken> [Thu Feb 09 19:10:18 2012] [error]     ev, item = p
19:19:40 <lmacken> [Thu Feb 09 19:10:18 2012] [error] ValueError: too many values to unpack
19:19:42 * lmacken will look into rhel6 fixes for both bodhi and fcomm
19:19:58 <nirik> yeah I think it might have been working at one time then perhaps an update messed it up? not sure.
19:20:10 <lmacken> ohh, it's kid+genshi fighting, I think
19:20:16 <lmacken> could be related to the new python-fedora update
19:20:34 <nirik> fun.
19:20:37 <abadger1999> we could also put old community on its own server until we're ready to retire.
19:20:46 * nirik is fine either way.
19:20:54 <abadger1999> lmacken: More likely, the new TurboGears (in RHEL6 vs RHEL5)
19:21:09 <lmacken> abadger1999: oh, that kid error I'm seeing is from smolt actually
19:21:11 <nirik> I just want to start replacing apps (and bapp01)
19:21:35 <lmacken> oh, the bodhi RHEL6 issue is a trivial fix.
19:21:41 <abadger1999> lmacken: ah.  Okay -- there were some smolt bugs that I've never gotten enough time to go back and look at.
19:21:42 <nirik> cool. ;)
19:22:09 <nirik> ok, shall I move along then?
19:22:34 <nirik> #topic Upcoming tasks
19:22:37 <nirik> #info 2012-02-10 - drop inactive fi-apprentices
19:22:37 <nirik> #info 2012-02-14 to 2012-02-28 - F17 Alpha Freeze
19:22:37 <nirik> #info 2012-02-28 - F17alpha release day
19:22:38 <nirik> #info 2012-03-01 - nag fi-apprentices.
19:22:38 <nirik> #info 2012-03-10 - drop inactive fi-apprentices
19:22:38 <nirik> #info 2012-03-20 to 2012-04-03 - F17 Beta Freeze
19:22:40 <nirik> #info 2012-04-01 - nag fi-apprentices.
19:22:42 <nirik> #info 2012-04-03 - F17Beta release day
19:22:44 <nirik> we have a freeze coming up.
19:23:01 <nirik> I'll probibly file alpha tickets soon...
19:23:14 * CodeBlock is waiting for the day when nirik pastes that and excess-floods off freenode. ;)
19:23:23 <nirik> anyone have any other upcoming tasks or items?
19:23:27 <pingou> CodeBlock: you wish :)
19:23:30 <nirik> CodeBlock: I'm sure it will happen. :)
19:23:46 <abadger1999> nirik: When would be a good day(s) to update python-fedora?
19:24:19 <nirik> most anytime, but probibly eariler in the week? monday/tuesday?
19:24:45 <abadger1999> nirik: Okay, I'll deploy a new python-fedora Monday of next week then.
19:24:54 <abadger1999> And have the whole day to fix/revert if it breaks stuff.
19:25:03 <nirik> ok. thats right before freeze, but should be ok hopefully.
19:25:49 <abadger1999> If you'd rather, I can put it off... Just have some pseudo-security fixes in there.
19:25:56 <nirik> naw, monday sounds fine.
19:26:02 <abadger1999> Sounds good.
19:26:10 <lmacken> nirik: ok, bodhi fixed on app5-6, but they can't ping db-bodhi now.
19:26:27 <nirik> lmacken: they probibly need hosts entries... those are the two non phx2 ones.
19:26:33 <lmacken> ah
19:26:40 <nirik> abadger1999: we can also roll up any other pending updates before the freeze.
19:27:07 <nirik> #topic Open Floor
19:27:13 <nirik> anyone have anything for open floor?
19:27:41 <skvidal> yah
19:27:49 <skvidal> I just chatted with rmonk about pam-http
19:27:59 <skvidal> seems reasonable enough
19:28:06 <skvidal> exactly the same framework we're describing
19:28:18 <nirik> ok.
19:28:20 <skvidal> it seems like the only thing holding us up at all is the cgi which checks the otp
19:28:25 <skvidal> or yubikey
19:28:26 <skvidal> or whatever
19:28:29 <nirik> yep.
19:28:33 <skvidal> where should that live?
19:28:43 <nirik> well, and picking which one we use... which I don't care about.
19:29:01 <nirik> puppet? or it's own project? or part of pam_otp ?
19:29:14 <nirik> or you mean where does it run in our setup?
19:29:28 <skvidal> our setup
19:29:32 <skvidal> which server should host the cgi
19:29:55 <nirik> fas* I think...
19:30:10 <nirik> then it can use localhost urls to hit ykserv or whatever other store it needs?
19:30:29 <skvidal> okay
19:31:02 <nirik> you want to work on the cgi?
19:31:24 <skvidal> I want to get euca set first - I'm trying to be done with the junk instance this week
19:31:35 <skvidal> but yah - I guess I will
19:31:44 <nirik> ok, that would be great. ;)
19:31:49 <nirik> thanks
19:31:59 <skvidal> don't thank me, yet
19:32:10 <nirik> anyone have anything else?
19:32:22 <skvidal> a couple
19:32:32 <skvidal> does anyone want a relatively light-weight scripting job to take on?
19:32:47 <CodeBlock> skvidal: such as? :)
19:33:03 <pingou> EasyFix :)
19:33:09 <skvidal> the cron job to check ssh keys
19:33:26 <skvidal> I checked in all the fas-ssh key checking up to my personal repo
19:33:30 <nirik> yeah, might file a ticket on it easyfix marked...
19:33:42 * nirik notes we could use more easyfix stuff.
19:33:45 <pingou> does it work btw ? EasyFix
19:33:57 <skvidal> and now it just needs a cron job to check against a specific date to make sure no one has uploaded an old key
19:34:39 <skvidal> CodeBlock: the other item that won't take a lot of time but some focus is making it so we can use the infrabot user to add info to puppet and for the nagios-generatin script that wsterling wrote
19:35:01 <nirik> pingou: https://fedorahosted.org/fedora-infrastructure/report/14 for the query, but if you mean do we get fixes... sometimes? ;)
19:35:31 <pingou> nirik: yeah it was more as in "do people/new comers look at easyfix?"
19:36:14 <nirik> I think we could do better describing them/adding info, but I think we assume people will ask if they don't understand the ticket.
19:37:30 <nirik> skvidal: so, file those as easyfix and we will see if we can find some takers? unless someone here wants them right now?
19:37:44 <skvidal> ok
19:38:31 <nirik> anything else? or shall we call it a meeting?
19:38:48 <CodeBlock> If nobody takes the easyfixes I can hack on them a bit. I'm planning on doing some infra-hosts scripts hacking anyway (as per skvidal saying they need work)
19:38:59 <skvidal> CodeBlock: cool
19:39:30 <nirik> excellent.
19:39:55 <nirik> ok, thanks for coming everyone. :) Lets continue over in #fedora-admin and/or #fedora-apps and/or #fedora-noc
19:39:58 <nirik> #endmeeting