firewall rules on builders (iptables, firewalld, libvirt...)
by Matthew Miller
It's my understanding (Dennis please correct if I'm wrong) that the
problem with cloud image creation was due to libvirt iptables rules
being lost when iptables was restarted. This is a fundamental known
issue (see last paragraph of <http://libvirt.org/firewall.html>), and
one of the things firewalld was meant to solve.
Dennis says that there are lot of complicated rules on the builders
making switching to firewalld difficult. One possibility might be to
move those complicated rules from the builders to a network firewall,
and keep the host rules simple and functional. But that's probably a
big undertaking.
In the meantime, any time iptables is restarted or reloaded, libvirt
needs a SIGHUP. (I suppose this means: ansible playbooks and also added
to any manual procedures.)
[cc rel-eng, reply-to infrastructure]
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
8 years, 7 months
Bugzilla components of retired packages
by Michael Cronenworth
Can we get retired packages out of the active Bugzilla component list?
I just created a bug for a retired package and had to fix it...
Bugzilla allows components to be disabled rather than deleted in case the bugs need
to be searched for or a package comes out of retirement.
Unfortunately the only way I see to automate this process is the REST API in 5.0.
Thanks,
Michael
8 years, 7 months
Fedora 22 Beta Freeze now in effect
by Kevin Fenzi
Greetings.
we are now in the infrastructure freeze leading up to the Fedora 22
Beta release. This is a pre-release freeze.
This means that hosts that are marked as freezing should not have any
changes made to them except as part of a freeze break request
(see below)
We do this to make sure that our infrastructure is stable to allow for
building/composing/testing and distributing Fedora 22 Beta. This
freeze will end 1 day after Fedora 22 Beta is released.
(Currently scheduled for 2015-04-14)
Freeze breaks should be sent to this list, clearly describing the
planned change and include patches (if applicable). Freeze breaks
should not be applied until they have gotten at least 2 +1's from
members of sysadmin-main and/or releng groups.
You can see a list of hosts that do not freeze by checking out the
ansible repo and running the freezelist script:
git clone http://infrastructure.fedoraproject.org/infra/ansible.git
scripts/freezelist -i inventory
Thanks,
kevin
8 years, 7 months
crowdsourcing an interview on git
by Matthew Miller
Hi everyone! Linux Foundation is running a series on Git for its 10th
anniversary. They asked me a few questions, and I thought it might be
even better to get a community answer from the whole infrastructure
team. So, if you have anything interesting to say to any of these, say
it, and I'll wrap up the responses into a unified Fedora Whole. I need
to respond by Friday.
* Why does Fedora use Git?
* What makes Git such a great tool?
* How many developers do you have collaborating on git?
* How much do you personally use it? (estimates are great)
* What's Fedora's most active git repo right now and why?
* What is your favorite pro tip for using git?
* Any git success stories you can share?
* Anything else you'd like to say to mark the 10-year anniversary?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
8 years, 8 months
[release] anitya 0.3.0
by Pierre-Yves Chibon
Hi everyone,
I just released and pushed to prod (with some, logical but un-expected
consequences that lead me to build a -2 RPM) a new release of anitya: 0.3.0
Here is the changelog for both the 0.3.0-1 and 0.3.0-2 releases:
* Tue Mar 31 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.3.0-2
- Fix changelog of version 0.3.0-1
- Include and install the alembic files
* Tue Mar 31 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.3.0-1
- Converted Google project name to lower case in their URL (Aayush Kasurde)
- Fix the casing of GitHub (Aayush Kasurde)
- Allow projects to make insecure http calls
- Update the GNOME backend to rely on the cache.json if present
- Include in the fedmsg message if the new version found is odd or not
- Strip leading v from versions before we compare them (Ralph Bean)
- Update instructions in the README (Shagufta)
- Only place the name in the regex if it is asked for
- When searching show first the results of exact match search then the
results of a broader search
I have already started going through some of the projects that were failing to
update due to "invalid" SSL certificate and the boolean works great! :)
Thanks to everyone that contributed to this release!
Pierre
8 years, 8 months
Freeze break request: add rsyslog to global_pkgs_inst
by Miroslav Suchý
As part of
http://fedoraproject.org/wiki/Changes/NoDefaultSyslog
rsyslog is no more installed by default since F20+.
role/base refer to rsyslog on several places: enable that service, start
it... but never install it (only in Koji builder playbook install it,
but not as part of the role).
Which cause our playbooks to fail on F21 machines.
I would like to apply:
> diff --git a/vars/global.yml b/vars/global.yml
> index d0b4e6e..0aade1e 100644
> --- a/vars/global.yml
> +++ b/vars/global.yml
> @@ -31,7 +31,7 @@ global_pkgs_inst: ['bind-utils', 'mailx', 'nc', 'openssh-clients',
> 'patch', 'postfix', 'rsync', 'strace',
> 'tmpwatch', 'traceroute', 'vim-enhanced', 'xz', 'zsh',
> 'libselinux-python', 'ntpdate', 'bash-completion', 'telnet',
> - 'htop' ]
> + 'htop', 'rsyslog' ]
>
> # iscsi initiator for netapp iscsi volume
> netapp_iscsi_name: iqn.1992-08.com.netapp:sn.8a2c2d9073de11e4a645123478563412:vs.13
Mirek
8 years, 8 months
[release] fedocal 0.13
by Pierre-Yves Chibon
Hi everyone,
I just released and pushed to staging a new version of fedocal.
Here is the changelog:
* Tue Mar 31 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.13-1
- Update to 0.13
- Add the possibility to get an iCal feed for a single meeting
(Ratnadeep Debnath)
- Add the possibility to have client side reminder via the iCal feed
(Ratnadeep Debnath)
- Hide the timezone on full-day meetings instead of de-activating it
- Fix the domain name of the fedoraproject aliases
- Allow adding meeting by clicking on the calendar matrix
I'll wait a little if people want to test it then push it to prod as my own test
are all positive.
Thanks,
Pierre
8 years, 8 months
[release] pkgdb2 1.24.1
by Pierre-Yves Chibon
Good morning everyone,
I have just released and pushed to staging a new version of pkgdb.
Few changes, but I wanted to get them in before freeze (which mean I'll likely
push this release to prod a little later today).
Here is the changelog:
* Tue Mar 31 2015 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1.24.1
- Update to 1.24.1
- No automatic update of the branch where the user is Approved when editing ACL
tables
- Fix 'undefined' when clicking monitor toggle (Ricky Elrod)
- Adjust update_package_info for F22, F21 and F19
Pierre
8 years, 8 months
