Meeting Agenda Item: Introduction Mike Schlienz
by Mike Schlienz
Hello,
My name is Mike Schlienz and I am interested in joining the infrastructure
group. I have no particular interest other than learning and assisting
others.
I have nearly 30 years system administration and engineering experience; 15
Years experience with various linux distributions.
*Operating Systems:* Linux (SUSE, Red Hat, Ubuntu, Slackware), Sun
OS/Solaris, HP/UX, SunOS, Unisys MCP, VMS, OS/2, Windows Server
2003/2008/2012 R2, IAS, TOPS-10, TOPS-20.
*Virtualization:* VMware ESX, Virtual Box, KVM, Docker.
*Languages:* Perl, Bash, DCL, Pascal, and PHP.
*Other technologies:* AWS, BMC BladeLogic (Automation and Patching),
Centrify Server Suite, Unisys EOM (Enterprise Output Manager), Zabbix,
MySQL, IBM WebSphere, Softcar++, Unisys IPS, FTRapid, Cisco USC,
Solarwinds, Jenkins, IBM Endpoint Manager.
IRC Handle: triguy
7 years, 4 months
floating an idea: migrate fedora jenkins to centos ci
by Matthew Miller
We have a Jenkins server which is offered as a best-effort
non-production service.
CentOS has a much bigger and more-maintained system at ci.centos.org.
Some things which end up in Fedora, like OpenShift, are already tested
_on_ Fedora in that infrastructure.
Would it make sense to retire ours and move our stuff to theirs? That
could free up both maintenance and hardware resources, and seems like a
nice place where we can easily collaborate with ("take advantage of,
but in the good sense") our sibling distro project.
I talked to Jim Perrin and they have no problem with adding the fedmsg
integration. Are there other things we might need?
Does this gain us at least as much to offset the trouble to migrate
existing users?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
7 years, 4 months
Meeting Agenda Item: Introduction Harrison Brock
by Harrison Brock
Hello,
My name is Harrison Brock and I live in Coldiron, Kentucky (EST zone). I
have a M.S in Computer Science and have worked as a developer for a few
years but I'm looking to move into more of an SysAdmin or DevOps role.
At this time I would be able to help with 15 hours week. I would like to
help with anything that is needed.
*Languages:*
C++
Java
C#
Go
Python
Web (HTML5, JavaScript, CSS3)
*Databases**
*
MySQL
Oracle
MS SQL Server
Hadoop
*OS*
Linux (RedHat, CentOS, Fedora)
Windows (Window 8 - 10, Windows Sever 2003 - 2012)
Mac OSX
*Networking*
Cisco (Switches, routers)
Firewalls
*Other*
Basic workings of Puppet
Basic AWS
**
7 years, 4 months
December status update for Fedora Infrastructure Apprentices
by Kevin Fenzi
Ho Ho Ho. Happy holidays to everyone!
You are getting this email because you are in the 'fi-apprentice' group
in the fedora account system (or are reading this on the
infrastructure list).
Feel free to reply just directly to me, or cc the infrastructure list
for everyone to see and comment on.
https://fedoraproject.org/wiki/Infrastructure_Apprentice
At the first of every month(or so), I am going to be sending out an
email like this one. I would like feedback on how things are going for
you.
I'd like to ask for everyone to send me a quick reply with the
following data or anything related you can think of that might help us
make the apprentice program more useful.
0. Whats your fedora account system login?
1. Have you logged in and used your fi-apprentice membership to look at
our machines/setup in the last month? Do you plan to?
2. Has it helped you decide any area you wish to focus on or contribute
to more?
3. Have you looked at or been able to work on any of the fi-apprentice
'easyfix' tickets?
https://pagure.io/fedora-infrastructure/issues?status=Open&tags=easyfix
4. Do you still wish to be a member of the group? If not (for whatever
reason) could you provide any hints to help others down the road?
5. Is there any help or communication or ideas you have that would help
you do any of the above?
6. What do you find to be the hardest part of getting involved?
Finding things to work on? Getting attention from others to help you?
Finding tickets in your interest area?
7. Have you been able to make any weekly irc meetings? Do you find them
helpful or interesting?
8. Have you logged into our Gobby instance and read/seen/added to our
meeting agenda? https://fedoraproject.org/wiki/Gobby
9. If you were stranded in a snowed in cabin in the woods, and could
only have one book or movie or game, what would it be?
Any other general feedback is also quite welcome, including
improvements to this email, the wiki page, etc.
Note that we recently revamped the getting started and other pages.
Please do take a minute to re-read them and let me know if they are
more clear or need further adjustments.
Any folks I do not hear from in the next week will be removed from the
group. (Note that it's easy to be readded when you have time or
whatever and it's nothing at all personal, we just want to keep the
group up to date with active folks).
Thanks, and looking forward to your feedback!
kevin
7 years, 4 months
Plan for tomorrow's Fedora Infrastructure meeting - 2016-12-15
by Kevin Fenzi
The infrastructure team will be having it's weekly meeting tomorrow,
2016-12-15 at 18:00 UTC in #fedora-meeting on the freenode network.
We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
fedora-infrastructure-meeting-next is the document.
Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of today
is included in this email.
If you have something to discuss, add the topic to the discussion area
with your name. If you would like to teach other folks about some
application or setup in our infrastructure, please add that topic and
your name to the learn about section.
kevin
--
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and info and
discussion items and so forth, then use it in the irc meeting to transfer
information to the meetbot logs.
= Meeting start stuff =
#startmeeting Infrastructure (2016-12-15)
#meetingname infrastructure
#topic aloha
#chair smooge relrod nirik abadger1999 lmacken dgilmore threebean pingou puiterwijk pbrobinson
#topic New folks introductions
= Status / information / Trivia / Announcements =
(We put things here we want others on the team to know, but don't need to discuss)
(Please use #info <the thing> - your name)
#topic announcements and information
#info PHX2 visit completed - patrick / kevin
#info qa09 rebuilt - kevin
#info ipv6 added to osuosl systems - smooge/kevin
#info lots of discussion about cert pinning plans - kevin
#info releng flag day completed - everyone
= Things we should discuss =
We use this section to bring up discussion topics. Things we want to talk about
as a group and come up with some consensus or decision or just brainstorm a
problem or issue. If there are none of these we skip this section.
(Use #topic your discussion topic - your username)
#topic Recap of work done in PHX2
#topic flag day retrospective
#topic Holidays
#info Red Hat has shutdown days of 2016-12-23 -> 2017-01-02
#info Red Hat employees are on break and may only be online in short periods
#info Ebeneezer Smooge says Bah Humbug to you all and all a good night.
= Apprentice office hours =
#topic Apprentice Open office hours
Here we will discuss any apprentice questions, try and match up people looking
for things to do with things to do, progress, testing anything like that.
= Learn about some application or setup in infrastructure =
(This section, each week we get 1 person to talk about an application or setup
that we have. Just going over what it is, how to contribute, ideas for improvement,
etc. Whoever would like to do this, just add the info in this section. In the
event we don't find someone to teach about something, we skip this section
and just move on to open floor.)
#topic Learn about:
= Meeting end stuff =
#topic Open Floor
#endmeeting
7 years, 4 months
Cert penning, Certs and related
by Kevin Fenzi
Greetings.
We have a request (
https://pagure.io/fedora-infrastructure/issue/5372 ) to setup ssl cert
pinning for ostree deliverables. It's also been a long wishlist item
to have that for rpm deliverables too. Unfortunately there's a bunch of
moving parts here that we need to sort out before we can move this
forward.
First some background/info:
* kojipkgs.fedoraproject.org currently uses a valid digisign cert. It
needs this because browsers download from it directly, our builders
download from it directly, etc.
* pkgs/koji currently use certs signed by the Fedora Koji CA (which
expires in 2024). This is currently needed by koji to do builds and
the upload cgi for lookaside.
* We are hoping to deploy soon a pair of freeipa servers in production
that get information from fas and allow us to issue kerberos tickets.
koji can already authenticate via this method.
* There's an outstanding ticket about having a verified way to get
source: https://pagure.io/fedora-infrastructure/issue/2324
Questions we need to figure out:
* Are we going to retire/replace the koji CA? My thought was yes, but I
think Dennis wasn't on board with this. Can anyone who wants to save
it speak up? :)
* The upload cgi would need to auth with kerberos and sigul would need
to auth with kerberos for this to work.
* If we are not completely retiring the koji CA, are we replacing it?
* Is ostree going to stay distributed at kojipkgs ? Or is it going to
move somewhere else? we should figure out the final place for it
before we go setting up cert pinning.
* The simple way to do pinning is for the application(s) to include a
hard coded list of valid certs. I guess this would require changes in
librepo and somewhere in ostree?
* The complex way to do pinning would be to setup
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
For this we would need to get backup keys for our cert(s) that are
used for this and setup webservers to send the right headers. This
would also need (more complex) changes in librepo and/or somewhere in
ostree. This would also optionally get us reports of violations.
Thoughts? Comments?
kevin
7 years, 4 months
Future of Koschei staging
by Mikolaj Izdebski
Hello,
So far we've been using staging Koschei for two different things:
pre-production deployment testing and to aid development by testing new
upstream features and bugfixes (by deploying snapshots).
After recent introduction of replication to PostgreSQL databases, we can
no longer run some of database migrations without sysadmin-main
assistance. Moreover, staning-sync playbook is broken as it worked by
dropping and re-creating koschei database. (Note that Koschei *must* be
synced after Koji sync, or it will be broken.)
I can see two alternative solutions to this problem:
Option 1: Switch to "dev-stg-prod" model that some other apps are using.
By that I mean creating a separate development environment in cloud,
with separate database (and possibly, even separate Koji). Staging would
be used only for pre-production deployment testing. Dev instance could
be created on-demand, only when actually needed, and terminated afterwards.
Option 2: Use separate db for Koschei staging (possibly on one of
existing Koschei hosts) without replication enabled.
What should be the preferred course of action?
--
Mikolaj Izdebski
IRC: mizdebsk
7 years, 5 months