19:00:03 <nirik> #startmeeting Infrastructure (2013-12-19)
19:00:03 <zodbot> Meeting started Thu Dec 19 19:00:03 2013 UTC.  The chair is nirik. Information about MeetBot at
19:00:03 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:00:04 <nirik> #meetingname infrastructure
19:00:04 <nirik> #topic welcome y'all
19:00:04 <nirik> #chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk
19:00:04 <zodbot> The meeting name has been set to 'infrastructure'
19:00:04 <zodbot> Current chairs: abadger1999 dgilmore lmacken mdomsch nirik pingou puiterwijk relrod smooge threebean
19:00:34 * ianweller is hereish
19:00:38 * tflink is lurking
19:00:44 * threebean is here
19:01:23 * relrod here
19:01:25 * abadger1999 is here
19:01:34 <nirik> morning everyone.
19:01:40 <nirik> #topic New folks introductions and Apprentice tasks
19:01:55 <nirik> any new folks like to introduce themselves? or apprentices with questions or comments?
19:02:11 <janeznemanic> me
19:02:25 <nirik> hey janeznemanic
19:02:32 <janeznemanic> guys do i ask to many questions
19:02:35 * lmacken here
19:02:49 <nirik> janeznemanic: not at all. ;) questions are good...
19:02:50 <threebean> janeznemanic: no
19:02:54 <threebean> :)
19:03:16 <janeznemanic> okey then
19:03:50 <nirik> we may not get to them as fast as you like, but we will get there. ;)
19:04:15 <janeznemanic> the important thing is that you get there
19:04:33 <tyll_> I would like to become an apprentice
19:05:02 <nirik> hey tyll_
19:05:15 <nirik> love to have you help out and look around... I can add you after the meeting.
19:06:04 * docent is late :)
19:06:17 <nirik> hey docent
19:06:50 <tyll_> thanks, not sure what to write to introduce myself - I wold like to get a fedmsg service running for rel-eng
19:07:15 * fchiulli is also late
19:07:23 <nirik> thats a good quantifyable goal. ;)
19:07:38 <nirik> morning fchiulli
19:07:42 <threebean> tyll_: cool :)  I'm glad to try and help wherever I can
19:08:27 <nirik> ok, shall we move on to applications?
19:08:46 <nirik> #topic Applications status / discussion
19:08:49 <tyll_> threebean: thank you, I assume  I will need it
19:08:56 <nirik> any application news this week or upcoming?
19:09:53 * nirik listens to the crickets. :)
19:09:57 <threebean> nothing much here.  ;)
19:09:59 <tyll_> Is cnucnuweb already an officially planned Fedora App? I was wondering whether it will be ok to use it for RPMFusion as well
19:10:23 <threebean> tyll_: well, pingou has been spearheading it and he's not here today.
19:10:36 <threebean> but I'm pretty sure resources have already been allocated for it.
19:10:37 <nirik> yeah. it is in the planning stages tho
19:10:46 * threebean nods
19:11:09 <nirik> tyll_: you were thinking of using the same fedora one for rpmfusion? or a seperate install somewhere?
19:11:23 <nirik> I guess if it could work to treat that as another distro...
19:11:38 <smooge> and I am here sorry
19:11:43 <nirik> morning smooge
19:12:15 <tyll_> yes, it would be a different distro I suppose - I was wondering whether there will be legal problems
19:12:28 <abadger1999> I'll get a new python-fedora out today for fedora/epel updates-testing
19:12:37 <abadger1999> nirik: Hmm.... might have to ask spot that.
19:12:48 <nirik> yeah, not sure, so yeah, we should ask spot
19:12:50 <abadger1999> nirik: because cnucnu does have links to the upstream source.
19:12:57 <abadger1999> which might be contributory infringement :-(
19:13:10 <nirik> yeah
19:13:17 <tyll_> it might be a problem for debian as well or other distros in general
19:13:31 <nirik> tyll_: yep. if they ship something we don't, etc.
19:13:54 <tyll_> nirik: usually they ship mp3 stuff
19:14:06 <nirik> so, should I send such an email? or would one of you like to and cc me? ;)
19:14:20 <nirik> or should we ask pingou to...
19:14:34 <nirik> since he likely knows more about what it contains, etc.
19:15:09 <nirik> how about I drop pingou a note about it and we can go from there.
19:15:18 <tyll_> this sounds good
19:16:27 <nirik> #action nirik to coordinate with pingou about cnucnuweb and legal concerns, will talk to fedora-legal
19:16:52 <nirik> abadger1999: what changes in that new python-fedora?
19:17:08 <abadger1999> Numerous bugfixes to the flask_fas_openid identity provider.
19:17:15 <abadger1999> Shold work with the flask i nfedora.
19:18:07 <abadger1999> Some improvements to how it's built
19:18:20 <abadger1999> Which should help people who are using it in a virtualenv
19:18:23 <nirik> does this mean dropping some hotfixes we are using now?
19:19:02 <abadger1999> yes, I'll have to check to make sure but I think it'll take care of all our python-fedora hotfixes.
19:19:39 <abadger1999> nirik: You may need a bit of help with some of  that... I'm not sure how to find all the ansible-based hotfixes.
19:19:40 <nirik> nice. do we want to try and land that tomorrow? or punt until after the holidays?
19:19:51 <abadger1999> nirik: I'd punt
19:19:56 <nirik> ok.
19:20:04 <abadger1999> I don't know of anything that's broken right now
19:20:23 <abadger1999> So I'd rather let it sit in fedora/epel update-testing repo than get called over vacation :-)
19:20:30 <nirik> fair enough.
19:20:45 <threebean> oh - I pushed out a new badges release earlier this week.  It adds a feature allowing us to authorize certain users to hand out certain badges.
19:20:49 <nirik> #info new python-fedora out later today for testing
19:21:09 <nirik> threebean: oh yeah? how does that work?
19:21:13 <threebean> it opens the door for a bunch of new badges that have been sitting in the queue.
19:21:38 <nirik> nice... like blessing of the fpl?
19:21:39 <threebean> I go to the admin panel and say "nirik" is authorized for the "Infrastructure Gold Star" badge
19:22:02 <threebean> then if you want to hand out gold stars to people who do good work, you go to the page for that badge and you'll see two new buttons.
19:22:20 <threebean> one to award the badge directly to a person, and another to create an invitation/qrcode for that badge.
19:22:29 <threebean> we'll use it for the "FPL's blessing" badge
19:22:33 <nirik> nice!
19:22:37 <threebean> but moreso for the upcoming docs writing badges
19:23:07 <nirik> #info badges server can now authorize specific users to hand out specific badges.
19:23:15 <nirik> sounds great. :)
19:23:35 * threebean makes a note to blog about it after the holidays
19:23:58 <nirik> sounds goodly.
19:24:25 <nirik> #topic Sysadmin status / discussion
19:24:33 <nirik> so, on the sysadmin front...
19:24:44 <nirik> #info upgraded to puppet 2.7 without too much pain
19:25:09 <nirik> I've been trying to quiet things that send email so they don't do so over the holidays.
19:25:23 <nirik> I'm also going to try and land the ansible cron thing soon.
19:25:45 <nirik> I'm planning a lot of ansible changes to fix old syntax.
19:25:54 <nirik> I might do some of that over the break, but will try and be quiet about it. ;)
19:26:06 <threebean> ha :)  cool
19:26:23 <threebean> I haven't yet found a way to get ansible to tell me where the deprecated warnings come from
19:26:24 <nirik> I was thinking we might also want to do a mass update (no rebooting, just update) today or tomorrow... so we are all rolled up on security...
19:26:42 <nirik> threebean: yeah, I was going to look for $'s mostly.
19:26:49 <abadger1999> Hmm... why no rebooting?
19:27:07 <nirik> there's --syntax-check also
19:27:09 * relrod votes today if we do it, so we have tomorrow to fix any issues that crop up from it...
19:27:18 <nirik> abadger1999: well, no time to schedule outages?
19:27:31 <abadger1999> nirik: <nod> just thinking -- if they reboot on their own over the break.
19:27:38 <nirik> I guess we could just do them with no notice... but I dislike that.
19:27:40 <abadger1999> then something might break at that time.
19:27:49 <nirik> the kernel update doesn't have anything important to us...
19:27:55 <nirik> I don't think
19:28:56 <nirik> abadger1999: true... but better break than be insecure... it's usually a lot easier to clean up from a boot breakage over a compromise. ;)
19:29:03 <abadger1999> <nod>
19:29:08 <abadger1999> roger that.
19:29:50 <nirik> relrod: yeah, today would be fine with me too... more time to fix.
19:29:51 <abadger1999> Maybe we can reboot the "app" servers and the proxies?
19:30:00 <abadger1999> since they all have redundancy.
19:30:08 <nirik> yeah, there's a number we can do...
19:30:11 <abadger1999> and they're a likely vector of entry
19:30:18 <nirik> just not db servers or the like
19:30:23 <abadger1999> yeah.
19:30:39 <nirik> so, sure, we can do all the non outage causing ones. ;)
19:31:10 <nirik> #info updates will be applied later today and non outage causing reboots done.
19:31:16 <smooge> fas of course :)
19:31:42 <nirik> oh, on the fas servers... I might like to try and switch them to virtio at least too.
19:31:51 <nirik> should make them a bit faster
19:32:28 <nirik> as a side note, they are some of our last 32bit machines... when we move to rhel7 we won't have that option... ;)
19:33:00 <abadger1999> k.  We'll just need to scale up the RAM on the hosts if we need to.
19:33:02 <lmacken> need more ram then :)
19:33:04 <lmacken> heh
19:33:10 <nirik> yep
19:33:41 <nirik> #topic Upcoming Tasks/Items
19:33:41 <nirik>
19:33:53 <nirik> anything upcoming folks would like to note or schedule?
19:34:04 <nirik> we are out of freeze now, but heading into holidays.
19:34:23 <nirik> Do we want to do some kind of holiday freeze? or just hope people are careful?
19:34:40 <smooge> nothing on my part. I will be away from keyboard from 21st -> 6th
19:34:45 <abadger1999> we've done a holiday freeze in the past.
19:34:55 * nirik looks back
19:36:14 <nirik> can't find it.
19:36:32 <abadger1999> I guess it depends on who's around and willing to work on fixing stuff though -- I think I shouldn't touch stuff because I can definitely break more than I can fix ;-)
19:36:35 <nirik> anyhow, I'm ok either way... some kind of relaxed freeze, or just ask everyone to be careful
19:36:56 <relrod> I think relaxed holiday freeze is reasonable. I will be around intermittently and be able to +1 things if people need.
19:36:58 <nirik> well, I am going to be around (not planning any trips or anything).
19:37:26 <nirik> however, I'm hoping to not get paged or be pulled into working on something when I am not wanting to. ;)
19:37:41 <abadger1999> nirik: <nod>  I wouldn't have a problem with you doing things or authorizing other people to work on a change.
19:38:12 <nirik> I think most of us are going to be taking it easy... so, just trying to be careful and chastising anyone who breaks things works for me. ;)
19:38:13 <threebean> yeah, let's just freeze.
19:38:19 <abadger1999> because I know if you break it you'll be up all of christmas eve working on a fix ;-)
19:38:20 <threebean> if we authorize nirik to authorize people
19:38:27 <nirik> heh.
19:38:29 <threebean> then people will ping him
19:38:32 <nirik> I really hope not to.
19:38:39 <abadger1999> threebean: good pooint.
19:38:54 <nirik> how about this: any changes, get a +1 on list
19:39:00 <nirik> from anyone
19:39:14 <nirik> that shows at least two people are around and it looks ok to them
19:39:29 <abadger1999> <nod>  and fixing things doesn't need approval.  Just things that are new.
19:39:35 <nirik> right.
19:39:43 <threebean> sounds good
19:39:47 <relrod> works for me
19:40:01 <nirik> I can send out a note to the list... unless someone else would like to? ;)
19:40:36 <nirik> I can. ;)
19:40:38 <threebean> :D
19:40:45 <nirik> #topic Open Floor
19:40:57 <nirik> anyone have anything for open floor?
19:41:00 <relrod> A question that came up in -apps a bit ago, does anyone know if it is intentional that our subdomains (apps, admin, etc) don't gzip their output? If it's not intentional or nobody knows, I would like to enable gzip at least for apps.fp.o in staging for now, and see if anything breaks. Nothing that doesn't send "Accept: gzip" should see any difference.
19:41:02 <nirik> questions, suggestions, comments?
19:41:21 <nirik> relrod: yes, there were several tickets around this...
19:41:34 <nirik> blindly gzipping resulted in double gzipping things. ;(
19:41:56 <nirik> I can find the tickets
19:42:52 <nirik> .ticket 3859
19:42:53 <zodbot> nirik: #3859 ( sends incorrect content-encoding header) – Fedora Infrastructure -
19:42:59 <nirik> .ticket 4005
19:43:00 <zodbot> nirik: #4005 ( content encoding misconfiguration) – Fedora Infrastructure -
19:43:13 <tyll_> I believe there are some possible attacks against TLS with compression enabled
19:43:45 <nirik> reminds me, we should figure out actions from that ticket asking us to change tls options. ;)
19:43:57 <tyll_>
19:44:29 * relrod notes that fp.o does gzip (including the wiki, and including with https)
19:44:35 <relrod> just not subdomains
19:45:04 <nirik> yeah, not sure the permutations off hand. Lets continue discussing in #fedora-admin?
19:45:17 <relrod> nirik: I'll read over those tickets and see what I can see ;)
19:45:29 <nirik> ok, sounds good.
19:45:44 <threebean> other news -> ansible galaxy just launched!msg/ansible-announce/W40GgVxbU6U/KfY4nmng6H8J
19:45:51 <nirik> yes indeed. ;)
19:45:58 * nirik needs to look at it more, haven't had time.
19:46:26 <nirik> also, there's a new fedmsg user in the world now right?
19:46:32 <threebean> oh, right!
19:46:44 <threebean>
19:46:59 <threebean> ^^ is a new fedmsg deployment
19:47:25 <threebean> the devs have been too busy getting ready for their debut (yesterday) to give me many details.
19:47:29 <nirik> thats pretty awesome. ;)
19:47:34 <threebean> i'll try to have a writeup for it in the new year :)
19:47:43 <nirik> yeah, would make a great story
19:48:10 <nirik> ok, if nothing else, will close out in a minute...
19:49:33 <nirik> oh, note no meeting next week or week after! :)
19:49:40 <smooge> NO MEETING!!!!!
19:49:44 <nirik> #info no meetings next two weeks.
19:49:59 <nirik> Thanks for coming everyone.
19:50:01 <nirik> #endmeeting