18:00:02 <nirik> #startmeeting Infrastructure (2016-04-28)
18:00:02 <zodbot> Meeting started Thu Apr 28 18:00:02 2016 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:00:02 <zodbot> The meeting name has been set to 'infrastructure_(2016-04-28)'
18:00:02 <nirik> #meetingname infrastructure
18:00:02 <nirik> #topic aloha
18:00:02 <nirik> #chair smooge relrod nirik abadger1999 lmacken dgilmore threebean pingou puiterwijk pbrobinson
18:00:02 <zodbot> The meeting name has been set to 'infrastructure'
18:00:02 <zodbot> Current chairs: abadger1999 dgilmore lmacken nirik pbrobinson pingou puiterwijk relrod smooge threebean
18:00:03 <nirik> #topic New folks introductions / Apprentice feedback
18:00:45 <puiterwijk> Hi
18:00:53 <aikidouke> hello
18:00:53 <winterchillz> Hello everyone
18:02:01 <nirik> Any new folks like to give a short introduction?
18:02:08 <nirik> Or any apprentices with questions or comments?
18:02:13 <jflory7> .hello jflory7
18:02:24 <zodbot> jflory7: jflory7 'Justin W. Flory' <me@justinwflory.com>
18:02:57 * jflory7 will do a quick intro
18:03:01 <smooge> hola.
18:03:06 <nirik> welcome jflory7.
18:03:08 <skamath> .hello skamath
18:03:08 * doteast is on time ... almost :)
18:03:09 <zodbot> skamath: skamath 'Sachin S Kamath ' <sskamath96@gmail.com>
18:03:17 <skamath> Hey, I am new here :)
18:03:26 <sayan> hello
18:03:46 <skamath> .fasinfo skamath
18:03:46 <zodbot> skamath: User: skamath, Name: Sachin S Kamath , email: sskamath96@gmail.com, Creation: 2014-11-12, IRC Nick: skamath, Timezone: Asia/Kolkata, Locale: en, GPG key ID: EFD95439, Status: active
18:03:49 <zodbot> skamath: Approved Groups: commops antispam-acked cla_fpca cla_done
18:03:50 <skamath> ^
18:03:50 <tflink> .hello tflink
18:03:52 <zodbot> tflink: tflink 'Tim Flink' <tflink@redhat.com>
18:04:13 <jflory7> Hi all, my name is Justin and I'm looking at getting more involved with Infrastructure. I am a Google Summer of Code student for this summer as well, and I am planning on helping migrate the Community Blog + Fedora Magazine to Ansible and hopefully have them share the same core installation. I'm also hoping to get more involved with some more Ansible things, possibly helping port to the 2.0 API.
18:04:24 <nirik> hey skamath. Welcome. Care to give a short one line introduction of yourself to the group?
18:04:26 <jflory7> I have more details about my proposal on the wiki.
18:04:28 * jflory7 digs for link
18:04:35 <dgilmore> hi all
18:05:16 <jflory7> Full details here: https://fedoraproject.org/wiki/GSOC_2016/Student_Application_jflory7
18:05:53 <nirik> cool.
18:06:04 * linuxmodder semi here
18:06:11 <skamath> Hello all, I am Sachin and I am looking to get involved with fedora-infra. I am going my GSoc with Fedora CommOps this year, and my goals are yet to be defined. It'd mostly be with Python. I have experience in writing automation scrips in python and use Python for all my daily "hacks". Apart from that, I also love bug triaging and love security :)
18:06:20 <nirik> jflory7: one thing you might look at is moving to the fedora wordpress packages instead of install from source... they have worked well for me, and might be easier to manage...
18:06:44 <linuxmodder> .hello linuxmodder
18:06:45 <zodbot> linuxmodder: linuxmodder 'Corey W Sheldon' <sheldon.corey@openmailbox.org>
18:06:45 <nirik> skamath: welcome. :)
18:06:56 <jflory7> nirik: Ooh. That's really good to know, will keep that in mind!
18:07:00 * skamath waves to nirik
18:07:31 <nirik> skamath / jflory7: Can look at adding you to our apprentice group after the meeting if you like... see me in #fedora-admin.
18:07:39 * jflory7 nods
18:07:41 <nirik> any other new folks or apprentices with questions?
18:07:47 <puiterwijk> For full info: I am Justin's mentor for GSoC
18:07:57 <jflory7> Oops, yeah, forgot to mention :)
18:07:58 <skamath> Roger.
18:07:59 <jflory7> puiterwijk++
18:08:21 <skamath> decause is my mentor for CommOps :)
18:08:43 <nirik> ok, lets go on to status/info items:
18:08:47 <nirik> #topic announcements and information
18:08:47 <nirik> #info codecs.fedoraproject.org all setup, just needs SOP and repo files updates - kevin/dennis
18:08:47 <nirik> #info updated blacklist of lists to not send fedmsg for - kevin
18:08:47 <nirik> #info blockerbugs01.stg proxy setup fixed up - kevin
18:08:48 <nirik> #info helped clean up some hosts netmasks after networking changes - kevin
18:08:49 <nirik> #info netapp storage outage/update wed night - kevin
18:08:50 <nirik> #info F24Beta has slipped a week, so another week of freeze - kevin
18:08:58 <nirik> anything anyone would like to add or discuss more from that list?
18:09:08 * nirik notes he's the only one that added things. ;(
18:09:45 <skamath> nirik++
18:09:45 <zodbot> skamath: Karma for kevin changed to 43 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
18:10:28 <puiterwijk> #info new Basset in staging that has auto-learning enabled - patrick
18:10:31 <linuxmodder> any fellow  seeders of the  respins  a  new  rsync  module  exists now
18:10:56 <linuxmodder> and new ones  going up to /pub/alt  as we meet
18:11:06 <puiterwijk> #info New powerPC boxes for FICloud hav ebeen setup and are being assumed into the cloud very soon - patrick
18:11:20 <nb> .hello nb
18:11:21 <zodbot> nb: nb 'Nick Bebout' <nb@nb.zone>
18:11:22 <puiterwijk> nirik: sorry for that, I couldn't get my gobby to work before the meeting.. it broke somewhere last week :(
18:11:26 * pingou late
18:11:32 <nirik> puiterwijk: no problem
18:11:58 <linuxmodder> puiterwijk,  not the only  one had issues with gobby myself  yesterday
18:12:06 <puiterwijk> #info helped networking with the router change - patrick
18:12:29 <nirik> oh and after storage updates last night:
18:12:37 <nirik> #info nfsv4 now works from our netapps
18:13:19 <nirik> ok, jflory7 had a discussion item:
18:13:22 <nirik> #topic Password storage and distribution (Rattic?) - jflory7
18:13:26 <jflory7> Yeah!
18:13:27 <nirik> take it away jflory7
18:13:35 <pingou> nirik: will the netapp storage outage impact beta release?
18:13:46 <jflory7> So yesterday in the Marketing meeting, we've been trying to come up with solutions for password storage and distribution for social media accounts
18:13:52 <nirik> pingou: no, since it's already over. ;)
18:13:57 <jflory7> It could apply to more things, but we're currently looking at social media accounts
18:13:59 <nb> jflory7, use password-store
18:14:05 <pingou> oh, sorry misread, thanks nirik :)
18:14:06 <nb> it uses gpg, so you could add people's gpg keys
18:14:12 <nb> and then push the repo somewhere?
18:14:12 <jflory7> bkp and decause are looking into posssible solutions as well
18:14:25 <pingou> nb++
18:14:31 * pingou also uses pass
18:14:34 <skamath> or, just pass :)
18:14:38 <sayan> nb++
18:14:38 <zodbot> sayan: Karma for nb changed to 26 (for the f23 release cycle):  https://badges.fedoraproject.org/tags/cookie/any
18:14:46 <nb> skamath, well, password-store is the name for pass isn't it?
18:14:47 * skamath uses pass too
18:14:50 * nb likes pass
18:14:55 <nirik> well, there are some things to consider here...
18:15:01 <jflory7> Oh, I hadn't considered pass. I hadn't thought of applying for shared passwords among large numbers of people
18:15:07 <skamath> Ah, yes :D
18:15:18 <nirik> pass can encrypt to multiple keys.
18:15:33 <nirik> but if you have a repo, all the old commits will be to all the keys at the time...
18:15:49 <jflory7> Although I imagine some of the people who would be needing the passwords may not be completely familiar with GPG common practices. It could be learned or taught, but it could be a possible barrier to entry
18:15:51 <nb> nirik, true, so you couldn't really revoke someone's access
18:15:57 <jflory7> Something was mentioned yesterday, Rattic?
18:16:07 <nb> although if you add a key it will re-encrypt to add that key
18:16:12 <jflory7> I haven't ever used it or heard of it, but it's what OSAS at Red Hat is looking at setting up in the near future
18:16:18 <nirik> nb: yeah, well, you could remove their key so new stuff doesn't have it, but old still would
18:16:33 <nirik> I glanced at it, it seems pretty heavy. It's a Django app
18:16:33 <nb> nirik, true
18:16:55 <jflory7> That could be a potential issue for a long-term application of using pass
18:17:06 <nb> jflory7, well, you could remove their key, then change the passwords
18:17:10 <pingou> we would need a way to have two pass db
18:17:14 <nirik> well, just don't use a repo or don't provide access to one
18:17:16 <pingou> one private, one for fedora
18:17:25 <linuxmodder> wouldn't the  same  commit  sign denial work here that  github and gitlab use?
18:17:55 <nb> pingou, does pass have to have its data stored in .password-store?
18:18:07 * nb wonders if that can be specified on command line or something
18:18:15 <linuxmodder> nirik,  can't you add a  gpg hash or  fpr to a  hosts.deny too for the  repo
18:18:15 <pingou> nb: it's the default location, should be easy to change/adjust
18:18:28 <nirik> linuxmodder: no, but you can remove the keys it encrypts with
18:18:47 * pingou notes that pass is a single shell script
18:18:55 <nb> pingou, true
18:18:58 <linuxmodder> admittedly I'm likely only  one in mtg taht doesn't / hasnt used pass
18:19:02 <nb> so we could change it to fedpass
18:19:03 <nirik> so yeah, as nb said, to remove someone you would have to remove their key from the file and then change all the passwords (which is good practice anyhow)
18:19:04 <nb> or something
18:19:36 <nb> if there is no way to specify the .password-store location
18:19:45 <linuxmodder> we are talking all users or  just admins for the revoking ?
18:19:46 <pingou> .fedora-store :]
18:19:46 <zodbot> pingou: Error: Spurious "]".  You may want to quote your arguments with double quotes in order to prevent extra brackets from being evaluated as nested commands.
18:19:46 <nirik> which if you changed them all, the old entiries wouldn't matter, so I guess you could use a git repo
18:20:18 <puiterwijk> zodbot: nobody asked you anything
18:20:21 <linuxmodder> lol @ pingou
18:20:25 <nirik> so, how about this: jflory7: could you write up a requirements email and send it to the list?
18:20:27 <MarkDude> :D
18:20:34 <jflory7> nirik: That works for me.
18:20:35 <nirik> how many people are we talking, how many accounts, etc?
18:20:52 <pingou> how many passwords
18:20:56 <nirik> and we can try and come up with something. Pass might be easy, but it might not meet all your requirements... dunno
18:21:16 <pingou> (do we want to setup something for 2 passwords, or are we talking about 15?)
18:21:18 <jflory7> As of now, I think the target is under 10 social media accounts, but I need to get a confirmation on that number. For people with privileges, it would probably be the same people who have access now, which I *believe* is somewhere between 7-15 people
18:21:30 <linuxmodder> jflory7,  only  got thru about half of yesterday's log  care to  spin me up post mtg here
18:21:49 <nirik> jflory7: would all these folks be ok using command line tools?
18:21:52 <jflory7> I can get more information and details on the specifics from those involved with this soon.
18:22:11 <nirik> fair enough
18:22:20 <linuxmodder> nirik, would think most  should be
18:22:35 <jflory7> nirik: Well, the people I actively see using the account are savvy enough to use pass, but I don't know about long-term. I think later on, it might be extended to people who are more Marketing types than tech-savvy types.
18:22:47 <MarkDude> jflory7: +1
18:22:51 <nirik> pass actually has some gui apps over it too
18:23:00 <linuxmodder> jflory7,   blog post  / mag  post then  later on for that
18:23:06 <jflory7> Part of the concern for me would also be some of the people who would be needing the passwords may not be completely familiar with GPG common practices. It could be learned or taught, but it could be a possible barrier to entry.
18:23:26 <linuxmodder> jflory7,  point them to the mag  series on gpg
18:23:43 <nirik> yeah.
18:23:47 <linuxmodder> its not just for  end users and  is / would be  sufficient for that  I'd imagine
18:24:04 <jflory7> I think it could be enough to someone familiar with the basics to use it
18:24:28 <decause> .hello decause
18:24:29 <linuxmodder> if not  use that series as a primer in total  and  have a  onboarding  phase 2  for the social   spefic stuff
18:24:33 <jflory7> A GUI app for pass would be a good reference too, I'll see what I can find for that as well.
18:24:33 <zodbot> decause: decause 'Remy DeCausemaker' <decause@redhat.com>
18:24:40 <linuxmodder> decause,  late today :)
18:24:42 <linuxmodder> welcome
18:24:47 * nirik saw a QT one the other day, can't recall the name tho
18:25:02 <MarkDude> Some of the best social media folks are deemed "People Persons" part of that description is not needing CLI. A GUI option down the road would make it doable, IMO. Best practices is fair to require (in relation to GPG) eof
18:26:05 <linuxmodder> honestly I think a   benchmark (onboarding style ) of  knowing  basic cli and gpg should be  for all social admins
18:27:02 <linuxmodder> gui or cli we need them to  know how /what to do if  we get a  2am spam issue or the like
18:27:07 <nirik> anyhow, we can look at requirements on list and propose some solutions.
18:27:12 <jflory7> nirik: +1
18:27:17 <nirik> anything else on this for now?
18:27:34 <linuxmodder> nfm
18:27:51 <jflory7> #action jflory7 Follow up with Marketing / social media people on specifics for needs for password storage and distribution, get requirements to Infrastructure list
18:28:09 <nirik> #topic Apprentice Office hours / open questions
18:28:29 <nirik> last meeting we tried out a little section for apprentices to discuss tickets or questions or whatever.
18:28:37 <nirik> Anyone have anything today?
18:29:08 <jflory7> Wiki pages are serving as good references for me getting involved so far. :) Will ask any questions in #fedora-admin later on if needed.
18:29:16 <winterchillz> Not from me. I saw your comment requesting Ansible playbooks for the SMTP SSL so I got into going through the Ansible docs to get an idea of how it works
18:29:33 <winterchillz> Since I haven't used it personally so far and I want to know what I'm doing before getting into it
18:29:38 <nirik> jflory7: I saw you cleaned up the getting started page. Thanks much. ;)
18:29:48 <jflory7> nirik: No problem :)
18:29:58 <nirik> winterchillz: sounds good. do ask in #fedora-admin or #fedora-noc if you have questions.
18:30:05 <winterchillz> Will do, thank you
18:30:10 <nirik> ah ha: https://qtpass.org/ was the thing I was thinking of eariler.
18:30:19 <jflory7> #link https://qtpass.org/
18:30:25 * jflory7 saves for later
18:30:52 <nirik> it just passed review I think so it should be in fedora or will be soon
18:31:05 <skamath> nirik: Does it add any functioanlity to the CLI version?
18:31:12 <skamath> Other than the GUI, of course
18:31:57 <nirik> not sure actually.
18:32:04 <nirik> I just saw it, haven't run iit.
18:32:36 <nirik> any other questions on tickets or work items or anything?
18:32:55 <nirik> #topic Open Floor
18:33:08 <nirik> anything for open floor? or shall we get 30min back for our day?
18:33:22 <winterchillz> We have our own day?
18:33:22 * jflory7 doesn't have anything
18:33:29 <jflory7> Looking forward to getting involved with Infra!
18:33:49 * skamath is getting started with the wiki.
18:33:52 <nirik> winterchillz: well, 30more minutes of it to do something instead of being in this meeting for 30min more. ;)
18:34:04 <nirik> anyhow, if nothing else will close out in a minute.
18:34:22 <jflory7> nirik++ Thanks for chairing!
18:34:22 <winterchillz> Just joking :) Nothing from me either. Thanks for chairing the meeting and thanks everyone for jumping in. Also welcome to the new apprentices!
18:34:50 <nirik> sounds good. Everyone continue over in #fedora-admin, #fedora-apps and #fedora-noc. ;) Thanks for coming.
18:34:52 <nirik> #endmeeting