Looking for a GSoC mentor for a bodhi project
by Tomas Tomecek
Hello,
I am reaching out to this ML because I know that possible candidates
for the mentorship are here. Pardon my ignorance if there is a better
place to ask. Feel free to cross-post.
During DevConf.cz we had a container SIG meetup and we've come up with
a bunch of tasks [1] which would have been nice to do. One of them was
to improve the experience for container image updates in bodhi. We
concluded this could be a nice GSoC project, so I submitted it [2].
Sadly, I did not find a mentor for it back then (and there was also a
concern the work may not be needed in the end) so I withdrew. I am
already mentoring a different project and my knowledge of bodhi's
codebase is close to 0, this is why I'm calling out to you.
Yesterday, Shreyas contacted me (in CC) and said he would love to work
on this project.
So this a call to all of you guys: would anyone be interested in
mentoring Shreyas? Here is a link [3] to what it takes to be a GSoC
mentor. I'm also CCing Sumantro who leads the Fedora GSoC effort.
[1] https://public.etherpad-mozilla.org/p/fedoracontainerSIG
[2] https://pagure.io/mentored-projects/issue/48
[3] https://google.github.io/gsocguides/mentor/
Thank you,
Tomas
5 years, 1 month
Older Fedora AMIs to be deleted
by Sayan Chowdhury
Hi,
There has been a huge backlog of the nightly Fedora AMIs. So, today I
will be deleting kicking off the process to purge the older AMIs.
The process that I would be following to delete the AMIs is:
- The launch permission of the AMIs will be removed.
- I'll wait for 20 days. This is the time period when you can check if
any of the Fedora AMIs which is meant to be deleted affects you. If
yes, connect back to us via the mailing list or IRC and I'll have a
look at it.
- After 20 days, I will delete all the AMIs whose launch permission
was removed previously.
I hope to publish a list of AMIs that were purge after the completion
of the process.
For any questions find me on #fedora-cloud
--
Sayan Chowdhury <https://words.yudocaa.in/>
GPG Fingerprint : 0F16 E841 E517 225C 7D13 AB3C B023 9931 9CD0 5C8B
5 years, 1 month
Freeze Break Request: reinstall buildvm-ppc64le-01/02 to power9 hw
by Kevin Fenzi
I'd like to reinstall buildvm-ppc64le-01 and 02 on power9 hardware.
This should allow us to stop the crazy things we have had to do on the
current ones (running on power8) which includes:
* downgrading qemu
* downgrading libfdt
* downgrading the kernel and booting it and removing all other kernels
* disabling security updates because we don't want to mess up the above.
It should take only a few minutes and I will save the old vm's so we can
back out to them if we have to. (Although I need to re-downgrade qemu on
them because it was upgraded the other day when I upgraded libseccomp).
kevin
5 years, 1 month
Re: FBR: update prod tag name in WaiverDB
by Pierre-Yves Chibon
On Mon, Mar 25, 2019 at 06:34:27PM +0800, Yuxiang Zhu wrote:
> Hi, we are going to follow the same practice as Greenwave, where tag
> `prod` will be used for Red Hat internal deployments and `prod-fedora` for
> Fedora deployments.
> The image pointed by `prod` tag will be updated by automated process while
> `prod-fedora` will be still changed manually. It should be harmless.
I guess you need this now because you want to deploy something internally and
not in Fedora yet.
In this case +1 for me.
Pierre
5 years, 1 month
[FBR] Adjust #fedora-diversity fedmsg IRC bot topics
by Justin W. Flory
Hi, the attached patch makes a small change to ircbot.py to change the
#fedora-diversity IRC bot to only listen for new Pagure tickets, pull
requests, and comments. This helps reduce the noise in the IRC channel
and hopefully makes the bot more useful for the team.
Let me know if anyone has feedback on this patch.
--
Cheers,
Justin W. Flory
jflory7(a)gmail.com
5 years, 1 month
[FBR] proxies: adding rewritecond to reverseproxy for ws if
remotepath exists
by Tim Flink
I was hitting an issue where there were multiple reverseproxy instances
configured for a single host and some of the rewrite rules were changing
the request when they shouldn't be.
This patch adds a rewritecond to the websocket rewrite rule to make
sure that the REQUEST_URI starts with $remotepath before it's rewritten.
---
roles/httpd/reverseproxy/templates/reversepassproxy.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index
38950e4..1e4afe0 100644 ---
a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++
b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -47,6
+47,9 @@ SSLProxyEngine On RewriteEngine on
RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
RewriteCond %{HTTP:Connection} Upgrade [NC]
+{% if remotepath is defined %}
+RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
+{% endif %}
RewriteRule .*
"balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
<Proxy "balancer://{{balancer_name}}">
--
1.8.3.1
5 years, 1 month
FYI FBR: libseccomp upgraded on builders
by Kevin Fenzi
I am treating this one as an outage so I already applied it, but FYI:
* last night our fedora29 builders applied a qemu security update.
* after this update, images fail to build with:
"internal error: process exited while connectin
g to monitor: 2019-03-25T15:46:33.471016Z qemu-system-x86_64: -sandbox
on,obsolete=deny,elevateprivileges=deny,spawn=deny
,resourcecontrol=deny: failed to install seccomp syscall filter in the
kernel"
* The 'fix' is to update also libseccomp (which has been in stable
updates for 10 days, but we didn't apply it because it was not a
security update and we are in freeze).
Since this was preventing any compose, I went ahead and applied it to
all builders.
kevin
5 years, 1 month
What are we going to do about sigul?
by Neal Gompa
Hey all,
So, we've got a bit of a problem. The sigul package is not installable
in Fedora 29, and pygpgme is half-broken in Fedora 28 and was retired
during Fedora 29 development due to constant breakage.
This means that sigul is in danger of being retired in Fedora.
Unfortunately, sigul is the only supported signer system for Koji at
the moment.
What do we want to do here? It's well-known that sigul does not work
with GnuPG 2, though I vaguely recall that some work was done to try
to fix this.
Do we want to port sigul to python3-gpg, switching Sigul to Python 3
and the official gpgme bindings so that it works with GnuPG 2?
Or do we want to adapt the bridge to work with obs-signd (which is
already used by Copr)?
--
真実はいつも一つ!/ Always, there's only one truth!
5 years, 1 month
FBR: batcave allows / run bastion playbook for vpn
by Stephen John Smoogen
I added repospanner to vpn earlier but have not run playbook on bastions
[smooge@batcave01 ansible (master)]$ git diff
f7c0985d56228bae8332aa3360a086f033e641d8
diff --git a/roles/batcave/files/allows b/roles/batcave/files/allows
index 5439b2a..2a721d8 100644
--- a/roles/batcave/files/allows
+++ b/roles/batcave/files/allows
@@ -107,7 +107,13 @@ require ip 8.43.85.69
require ip 8.43.85.70
require ip 8.43.85.71
require ip 8.43.85.72
+require ip 8.43.85.73
require ip 8.43.85.74
+require ip 8.43.85.75
+require ip 8.43.85.76
+require ip 8.43.85.77
+require ip 8.43.85.78
+require ip 8.43.85.79
#
===
--
Stephen J Smoogen.
5 years, 1 month
Re: FBR: update prod tag name in WaiverDB
by Clement Verna
On Mon, 25 Mar 2019 at 10:49, Yuxiang Zhu <yuxzhu(a)redhat.com> wrote:
>
> Currently the prod-fedora tag points to the same image as prod tag.
>
> I just checked `quay.io/factory2/waiverdb:prod-fedora` (sha256:726a6c6465e066bc1056c17b71c16117150266490fed8fa2b096e7bb249eba8e) from quay.io's Web UI. It is built from https://pagure.io/waiverdb/tree/d4ea9bffd9da52efbef147b0e2d42cc726c1d7c6 so the change of messaging is not included.
Great Thanks :)
It would be +1 for me, but my vote does not count :)
>
> On Mon, Mar 25, 2019 at 5:39 PM Clement Verna <cverna(a)fedoraproject.org> wrote:
>>
>> On Mon, 25 Mar 2019 at 10:22, Giulia Naponiello <gnaponie(a)redhat.com> wrote:
>> >
>> > Hello,
>> > we would like to change the name of the tag in quay.io for WaiverDB. Could you make this change?
>>
>> Does that contains the change to use fedora-messaging instead of fedmsg ?
>>
>> >
>> > Here's the patch:
>> > diff --git a/roles/openshift-apps/waiverdb/templates/imagestream.yml b/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > index 3fe37a481..7758ea5c6 100644
>> > --- a/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > +++ b/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > @@ -20,5 +20,5 @@ spec:
>> > name: quay.io/factory2/waiverdb:latest
>> > {% else %}
>> > # This is 'prod' tag is maintained by hand.
>> > - name: quay.io/factory2/waiverdb:prod
>> > + name: quay.io/factory2/waiverdb:prod-fedora
>> > {% endif %}
>> >
>> >
>> > Thank you!
>> > Cheers
>> >
>> > Giulia
>> > _______________________________________________
>> > infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org
>> > To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org
>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedora...
>
>
>
> --
> Thanks,
> Yuxiang
5 years, 1 month