18:00:01 <nirik> #startmeeting Infrastructure (2016-06-30)
18:00:01 <zodbot> Meeting started Thu Jun 30 18:00:01 2016 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:00:01 <zodbot> The meeting name has been set to 'infrastructure_(2016-06-30)'
18:00:01 <nirik> #meetingname infrastructure
18:00:01 <zodbot> The meeting name has been set to 'infrastructure'
18:00:01 <nirik> #topic aloha
18:00:01 <nirik> #chair smooge relrod nirik abadger1999 lmacken dgilmore threebean pingou puiterwijk pbrobinson
18:00:01 <zodbot> Current chairs: abadger1999 dgilmore lmacken nirik pbrobinson pingou puiterwijk relrod smooge threebean
18:00:01 <nirik> #topic New folks introductions / Apprentice feedback
18:00:14 <threebean> :)
18:00:29 <clime> hey.
18:00:37 <puiterwijk> hi
18:00:43 <lousab> hello guys :)
18:00:50 <nirik> any news folks around who would like to introduce themselves?
18:01:09 <jflory7> .hello jflory7
18:01:10 <zodbot> jflory7: jflory7 'Justin W. Flory' <me@justinwflory.com>
18:01:17 * aikidouke here
18:01:21 * pingou here
18:01:22 <athos> hello :)
18:02:07 <smooge> here
18:03:03 <nirik> ok, looks like no new folks... so on to status/info
18:03:16 <nirik> #topic announcements and information
18:03:16 <nirik> #info kevin/nirik out tomorrow (2016-07-01) - kevin
18:03:16 <nirik> #info lots of ansible playbook cleanups this week - kevin
18:03:16 <nirik> #info zodbot and ursabot are now using limnoria instead of supybot-gribble - kevin
18:03:17 <nirik> #info Next monday (july 4th) is a holiday in the US - kevin
18:03:18 <nirik> #info Next tuesday/wed (july 5th/6th) is a holiday other places - kevin
18:03:20 <nirik> #info fixed nova-compute et al for new ansible - patrick
18:03:22 <nirik> #info wrote start of oidc documentation - patrick
18:03:26 <nirik> anything in there anyone would like to discuss or add?
18:04:10 <smooge> #info still dealing with a ton of spam
18:04:20 <jflory7> :( They don't give up
18:04:29 <nirik> nope, they seem determined. ;(
18:04:40 <pingou> I finished the FMN re-arch and benchmarked it a little
18:04:41 <puiterwijk> But then, so are we
18:04:41 <smooge> avg 100 accounts per day and several hundred wiki pages per day
18:04:52 <jflory7> puiterwijk++
18:04:58 <pingou> http://blog.pingoured.fr/index.php?post/2016/06/24/New-FMN-architecture-and-tests
18:05:18 <nirik> yeah, great blog post pingou. ;) Looking forward to it landing.
18:06:36 <nirik> ok then, I had a few discussion items...
18:06:41 <nirik> #topic datagrepper privacy - ticket 5381 - kevin
18:06:52 <nirik> We have had a ticket about privacy on datagrepper...
18:07:00 <nirik> I am not sure I agree, but there's things we could change.
18:07:12 <nirik> Anyone have any thoughts on it? either here or you can add them to the ticket...
18:07:21 <nirik> .ticket 5381
18:07:22 <zodbot> nirik: #5381 (datagreepper is a giant privacy threat) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/5381
18:08:09 <pingou> I know that anitya is been bad on this
18:08:11 <nirik> I added my thoughts there. Might also be we should ask the council to weigh in
18:08:30 <pingou> and it's fixed upstream but I need to adjust fedmsg_meta and we need to push it out before we can release the new anitya
18:08:33 <nirik> bad in what way?
18:08:38 <pingou> publishing emails
18:09:01 <nirik> right, but we do note that emails may always be public. I think that should be stronger in the policy
18:09:33 <pingou> while I agree, I also prefer that we try to leak them as little as possible :)
18:09:41 <nirik> or we should be more specific about which services may do that
18:10:25 * nirik shrugs. I really don't think you can expect your email is going to be private contributing to open source.
18:10:27 <aikidouke> agree that hearing a council opinion would be good -
18:10:50 <aikidouke> i dont really feel the same was as the person who entered the ticket
18:11:05 <pingou> nirik: I hear you but if there is a way around publishing emails, I would consider publishing them a bug
18:11:06 <misc> I think another angle to the problem is also that you can't opt-out of datagrepper, and I can see how this would be unsettling to people. (but for the record, I am fully aware that's likely hard to fix)
18:11:11 <nirik> We could also perhaps adjust more for private marked users than we do
18:11:24 <aikidouke> but if someone doesn't feel safe/secure then that isnt a good feeling either
18:11:48 <nirik> misc: well, you can mark your account private (but of course that doesn't help emails), but it does other stuff
18:12:44 <nirik> we could possibly for private users hash their email/username, but it you simply compare against some other service you could still figure out who is who
18:12:45 <misc> IIRC, when I made my account private, I broke election application :)
18:12:56 <nirik> misc: excellent. ;)
18:13:06 <misc> (ok made account private and attempt to be elected)
18:13:18 <nirik> note that this is also the reason some of us have weird unicode in our real names. ;) Also caused breakage at one time.
18:13:23 <pingou> misc: I'd like to hear more about this, sounds like a bug in election
18:13:35 * pingou looks at puiterwijk :D
18:13:47 <misc> pingou: it was 1 or 2 years ago, but we can discuss after meeting for sure
18:13:57 <puiterwijk> pingou: yep :)
18:14:03 <pingou> misc: we should try to reproduce on a younger code base then :)
18:14:23 <nirik> Anyhow, don't want to take the entire meeting on this, just wanted to bring it up in case people had strong feelings or didn't see it...
18:15:55 <nirik> #topic pagure for hosted status - ticket 5144 - kevin
18:16:12 <nirik> so, there was a bit more feedback recently...
18:16:25 <nirik> pingou: did you see the feedback in the trac ticket about EOLing fedorahosted?
18:16:53 <nirik> .ticket 5144
18:16:54 <zodbot> nirik: #5144 (Deprecate/EOL Fedora Hosted) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/5144
18:17:09 <pingou> nirik: yeah, some of it
18:17:14 <nirik> The importer just needs attachment support?
18:17:38 <nirik> we still need to decide on a plan for freemedia
18:18:17 <nirik> I talked with freeipa/389/dogtag folks. They had some feedback and also said they might look at other services too to see what would be their best fit
18:18:48 <pingou> some of the use-case are a little bit arm-twisting for pagure :s (but I guess they were also for trac)
18:18:52 <nirik> I mailed the badges list, but got no reply
18:19:06 <nirik> for freemedia?
18:19:36 <pingou> for one
18:19:37 <nirik> as much as I hate any more new apps, it almost seems like a very small flask app could do this job better, but perhaps not
18:20:08 <puiterwijk> nirik: well, for freemedia a single-file flask app that just submits tickets to Pagure via API might be doable
18:20:12 <nirik> as soon as the importer has attachment support I want to move fedora-infrastructure. That should help us id any big issues.
18:20:16 <aikidouke> missed your email to badges nirik - what was the question?
18:20:53 <nirik> https://lists.fedoraproject.org/archives/list/badges@lists.fedoraproject.org/message/3QVDN25B6WQMHEKCVMKJMNIUAD3SMZVQ/
18:21:10 <nirik> basically we are trying to gather info from trac using fedorahosted projects about moving to pagure.
18:21:31 <aikidouke> kk...catching up ty
18:21:31 <nirik> badges heavily uses some trac workflow, but something new could be made on pagure
18:22:18 <puiterwijk> note that Ipsilon looked at migrating too, but the number of tags et al we'd get to keep track of the required info became just insane
18:23:00 <nirik> #info planning on migrating fedora-infrastructure once attachment import support is done.
18:23:02 <puiterwijk> (I wrote an importer from Trac to Pagure that kept ticket IDs the same and also kept attachments. I think both would be requirements for any project migrating)
18:23:11 <aikidouke> i'll ping threebean after and get his thoughts
18:23:35 <nirik> #info 77 projects have updated/created a trac ticket sometime this year (2016)
18:23:47 <pingou> puiterwijk: the "official" importer does keep the ticket id stable, but it kinda assumes you start from blank
18:24:01 <nirik> #info we have 661 trac projects on fedorahosted
18:24:11 <puiterwijk> pingou: sure. But that's one reason we couldn't use the official importer for Ipsilon
18:24:21 <pingou> I know :)
18:24:22 <aikidouke> thats some interesting math
18:24:37 <jflory7> nirik: Once the attachment support is available in the importer, you can tentatively count CommOps and Marketing in
18:24:43 <nirik> so, I predict there's going to end up being a lot of dead projects that just fall out
18:24:53 <nirik> jflory7: cool. Will let you know.
18:24:56 * jflory7 nods
18:24:59 <pingou> puiterwijk: I was replying to the 'it would be a requirement' -> it's been taken into account :)
18:25:12 <puiterwijk> ack
18:25:27 <nirik> perhaps the importer could provide an option there?
18:25:38 <puiterwijk> Also, note that Pagure currently does not yet have support for Basset. If spammers move with the fhosted projects...
18:26:00 <nirik> yep. Thats definitely something we want to get in.
18:26:02 <puiterwijk> (Pagure doesn't even have a command-line tool that could be used to remove comments or tickets)
18:26:31 <nirik> pingou: can we add a 'fhosted_migration' tag or something on the pagure project so we can tag things we need/want for migrating projects?
18:26:59 <pingou> nirik: sure thing
18:27:55 <nirik> yeah, we need to be able to remove. Sadly. Spammer scum. :(
18:28:23 <pingou> puiterwijk: Pagure doesn't even have a command-line tool -> well patch welcome :)
18:28:45 <puiterwijk> pingou: you have a ticket for the Basset support :)
18:28:50 <pingou> puiterwijk: but no PR :)
18:28:51 <nirik> there's lots and lots to implement, but we should list them all, and then prioritize.
18:29:04 <nirik> we can't do everything at once. ;)
18:29:10 <pingou> I've added an idea of 'super-user' to pagure who would have access to everything
18:29:23 <nirik> yeah, a site-admin would be handy
18:29:31 <pingou> the idea being to use these powers for the basset user
18:30:30 <nirik> puiterwijk: there's a 'pag' command line tool that threebean started. It could add that functionality, but I think the api would need to add it first.
18:30:55 <puiterwijk> nirik: right. But if the API has it, it's easy enough to add to Basset
18:31:08 <pingou> and the API doesn't atm :)
18:31:09 <nirik> it does not seem to. ;)
18:31:09 <puiterwijk> I meant a local CLI tool like trac-admin that just messes with the database directly
18:31:25 <nirik> in theory I suppose you could mess with the tickets git repo
18:31:37 <puiterwijk> I'm not sure that does deleting
18:31:44 <pingou> I was just wondering that
18:31:46 <puiterwijk> In my tests, it only allows you to create new entries
18:31:47 <pingou> I'm not sure either
18:31:58 <pingou> but it's a postgres db so either to deal w/ that sqlite
18:32:11 <pingou> easier*
18:32:22 <pingou> wow, how did easier become either? Oo
18:32:31 <nirik> :)
18:32:58 <puiterwijk> Well, it's a valid word
18:33:02 <nirik> pingou: did you want me to try and ping any more projects? or we have enough for now and just need to try and do work?
18:33:56 <pingou> nirik: if they could open ticket on pagure directly it woul be more helpful
18:34:13 <nirik> yeah, agreed. I have been asking people to, but not too many have been doing so
18:34:45 <nirik> ok, anything else on this today?
18:34:55 <puiterwijk> Note that not everyone sees the advantage for them, so they might think that since we want them to move, we can do the work. (not saying I'm thinking that, just that I can imagine other people thinking htat)
18:35:11 <puiterwijk> So perhaps we need to explain to them why they should care?
18:35:38 <nirik> well, I noted that we hope to sunset fedorahosted... so thats a bit of a motivator.
18:35:47 <aikidouke> is this migration to pagure part of the hubs strategy/plan/idea?
18:36:02 <nirik> not really hubs related...
18:36:24 <nirik> more that we don't want to maintain both fedorahosted.org and pagure.io that do many of the same things and have a lot of overlap
18:36:35 <aikidouke> right
18:36:49 * jflory7 will look into filing some more tickets soon
18:36:52 <nirik> for instance, fedorahosted is still on rhel6. We could package/build up all the stuff for 7, but thats a ton of work...
18:37:14 <aikidouke> just thought that they kind of both are an evolution of our web presence i guess
18:37:18 <pingou> pagure's ticket queue is back to 99 opened tickets
18:37:20 <pingou> :(
18:37:28 <nirik> under 100! score!
18:37:52 <pingou> yeah put it back under 100 earlier this week, but it's hard to keep up
18:38:29 <nirik> anyhow, lets keep powering along and hopefully we can get things set so projects that want to move can do so.
18:38:47 <nirik> and see where we are after the first wave. ;)
18:38:55 <pingou> sounds good
18:39:16 <nirik> I had one more (hopfully short) topic I forgot to add to gobby...
18:39:30 <nirik> #topic postgresql HA - kevin
18:39:46 <nirik> I've been looking around again at database high availabillity...
18:40:24 <nirik> and I am really tempted to try out BDR: http://bdr-project.org/
18:40:27 <puiterwijk> So, my opinion is that we're better off with more database servers in general. Perhaps one per app, just like the swich from appserver01 to elections01 (e.g.)
18:40:45 <nirik> that would mean a ton more instances to maintain.
18:41:13 <puiterwijk> true, but it would mean that if one application abuses the database server, not everything else falls with it
18:41:15 <nirik> but I''m not against splitting some things out
18:41:31 <pingou> large DB apps might make sense (datagrepper)
18:41:39 <nirik> but thats sort of not the topic I was bringing up. ;)
18:41:46 <pingou> for others (fedocal, elections, pkgdb...) I'm fine w/ having them grouped
18:42:04 <nirik> so, BDR has some downsides... it needs a forked version of postgres and an extension.
18:42:07 <rsc> As a PostgreSQL admin, may I ask if BDR handles decision of master/slave itself, or does it require an external cluster manager (like PostgreSQL itself does)?
18:42:11 <pingou> nirik: your link give me a 404 at https://2ndquadrant.com/fr/resources/bdr
18:42:17 <nirik> rsc: there is not master/slave
18:42:26 <nirik> it's multi master
18:42:39 <puiterwijk> pingou: https://2ndquadrant.com/en/resources/bdr/   link worked for me
18:42:42 <nirik> pingou: ha. Thats what you get for being in france. ;)
18:42:52 <rsc> nirik: with quorum (like MariaDB Galera)? Or do we have to worry about split-brains in 2 node setups (like with other solutions)?
18:42:52 <pingou> stupid website :)
18:43:01 <puiterwijk> Oh, the /fr/ part :)
18:43:18 <nirik> yeah, they recommend an 'observer' and at least 2 instances to decide things...
18:43:29 <nirik> and there's other limitations... like schema changes
18:43:40 <nirik> but it's multi master which is really nice.
18:43:59 <nirik> and for upgrades you don't have to do any weird dance, you can just reboot the one and it will come back
18:44:14 <nirik> (but of course you would need to haproxy an ip in front of them or something)
18:44:43 <nirik> http://bdr-project.org/docs/stable/ has most of the good info
18:44:59 <nirik> but not sure this is all ready for prod use...
18:45:10 <nirik> but they are very commited to upstreaming it all
18:45:38 <pingou> cloud first or stg ?
18:46:14 <nirik> I was going to play around with it on some cloud instances or here at home first.
18:46:21 <nirik> I have only read about it so far.
18:47:16 <nirik> http://bdr-project.org/docs/stable/ddl-replication-statements.html is the biggest question to me... do we change DDR much in our apps and would we hit that?
18:48:30 <nirik> Anyhow it's early days, but just wanted to bring it up.
18:50:05 <nirik> ok, anything else on this? If so, please let me know...
18:50:09 <nirik> #topic Open Floor
18:50:32 <nirik> Oh, I guess I skipped the apprentice open hours...
18:51:03 <nirik> Any apprentices have issues or questions? or need things to work on ? or ?
18:51:03 <clime> yes :)
18:51:17 <clime> I made the bzReviewReport script compatible with the current Bugzilla API so that it works again - .ticket 3748 .
18:51:20 <aikidouke> not a discussion topic - but for apprentices or the interested there are a couple of sessions on ansible that are interesting in the dev ops track from red hat summit
18:51:36 <clime> May I continue with setting it up as an automated job in ansible?
18:51:50 <clime> According to the ticket it should be setup on sundries01 similarly to fedora_owner_change role. I suppose that didn't change.
18:51:59 <clime> .ticket 3748
18:52:00 <zodbot> clime: #3748 (Automate review stats) – Fedora Infrastructure - https://fedorahosted.org/fedora-infrastructure/ticket/3748
18:52:16 <aikidouke> https://rh2016.smarteventscloud.com/connect/sessionDetail.ww?SESSION_ID=44906 for example
18:52:42 <nirik> clime: so, there's a anoying trac bug... it never sends email when you just attach things. ;( So, if you could add a comment next time I would see it sooner... sorry about that.
18:53:12 <nirik> aikidouke: cool. Thanks for the link
18:53:22 <clime> nirik: oh alright. I'll do it next time.
18:54:39 <clime> nirik: so I can ask this question in the ticket directly and get more info there.
18:55:20 <nirik> sure. Yes, it should be setup on sundries01 similar (almost exactly the same) as the fedora_owner_change script/role
18:55:59 <clime> ok cool, i'll have a look at it.
18:56:03 <pingou> Together with puiterwijk we've started porting hubs and fedocal to openid-connect and we managed today to make one connect to the other using the OIDC access-token
18:56:19 <nirik> cool. ;)
18:56:58 <nirik> ok, we are almost out of time... any further apprentice questions or queries? or anyone have any items for open floor?
18:57:15 * nirik notes he will be out tomorrow and next thursday/friday. puiterwijk is gonna run the meeting next week.
18:57:28 <nirik> oh, and monday is a holiday in the us
18:57:34 <pingou> enjoy your long week-end :)
18:57:39 <aikidouke> enjoy your day off if you can..
18:58:01 <jflory7> pingou++ puiterwijk++ Awesome :)
18:58:03 <aikidouke> note to us folks - be safe with the fireworks
18:58:06 <aikidouke> ;)
18:58:35 <nirik> my firework barking at dog has already notified me that people are starting with the fireworks. ;(
18:59:02 <nirik> Alright. Do continue in #fedora-admin, #fedora-apps and #fedora-noc. :)
18:59:07 <nirik> thanks for coming everyone!
18:59:09 <nirik> #endmeeting