November 2016 - infrastructure - Fedora Mailing-Lists

by Pierre-Yves Chibon

Good Morning Everyone, Our infrastructure is mostly a python store, meaning almost all our apps are written in python and most using wsgi. However in python we are using a number of framework: * flask for most * pyramid for some of the biggest (bodhi, FAS3) * Django (askbot, Hyperkitty) * TurboGears2 (fedora-packages) * aiohttp (python3, async app: mdapi) While this makes sometime things difficult, these are fairly standard framework and most of our developers are able to help on all. However, as I see us starting to look at JS for some of our apps (fedora-hubs, wartaa...), I wonder if we could start the discussion early about the different framework and eventually see if we can unify around one. This would also allow those of us not familiar with any JS framework to look at the recommended one instead of picking one up semi-randomly. So has anyone experience with one or more JS framework? Do you have one that would you recommend? Why? Thanks for your inputs, Pierre

1 year, 1 month

10
12
3 / 0

Post Freeze break request: resize pagure01's drive

by Patrick Uiterwijk

Hi, Since Pagure's virtual drive was almost full, and it already has blocked git pushes more than once, I decided to add 10GB to it so it won't cause any problems for now. Note that there's also no nagios monitoring seemingly for this. That seems important to fix. Can I get post-FBR +1s for: - http://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=a6a525a - Following https://infrastructure.fedoraproject.org/infra/docs/guestdisk.rst Thanks, Patrick

6 years, 11 months

4
6
0 / 0

Cert penning, Certs and related

by Kevin Fenzi

Greetings. We have a request ( https://pagure.io/fedora-infrastructure/issue/5372 ) to setup ssl cert pinning for ostree deliverables. It's also been a long wishlist item to have that for rpm deliverables too. Unfortunately there's a bunch of moving parts here that we need to sort out before we can move this forward. First some background/info: * kojipkgs.fedoraproject.org currently uses a valid digisign cert. It needs this because browsers download from it directly, our builders download from it directly, etc. * pkgs/koji currently use certs signed by the Fedora Koji CA (which expires in 2024). This is currently needed by koji to do builds and the upload cgi for lookaside. * We are hoping to deploy soon a pair of freeipa servers in production that get information from fas and allow us to issue kerberos tickets. koji can already authenticate via this method. * There's an outstanding ticket about having a verified way to get source: https://pagure.io/fedora-infrastructure/issue/2324 Questions we need to figure out: * Are we going to retire/replace the koji CA? My thought was yes, but I think Dennis wasn't on board with this. Can anyone who wants to save it speak up? :) * The upload cgi would need to auth with kerberos and sigul would need to auth with kerberos for this to work. * If we are not completely retiring the koji CA, are we replacing it? * Is ostree going to stay distributed at kojipkgs ? Or is it going to move somewhere else? we should figure out the final place for it before we go setting up cert pinning. * The simple way to do pinning is for the application(s) to include a hard coded list of valid certs. I guess this would require changes in librepo and somewhere in ostree? * The complex way to do pinning would be to setup https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning For this we would need to get backup keys for our cert(s) that are used for this and setup webservers to send the right headers. This would also need (more complex) changes in librepo and/or somewhere in ostree. This would also optionally get us reports of violations. Thoughts? Comments? kevin

6 years, 11 months

6
28
0 / 0

FAS3 meetup recap 2016-Oct-18

by Paul W. Frields

Attendees: Xavier Lamien, Patrick Uiterwijk, Pierre-Yves Chibon, Paul Frields Agenda: Determine what remains to be done on FAS3 to get a new instance for testing followed by production deployment * * * * Features needing forward-porting: -> Basset -> IPA Sync -> python-fedora * Token support required for Hubs support * How to integrate with Ipsilon? - From FAS3 side, need a way to request token from Ipsilon and get it back into FAS3 * Cross-app authentication -> hubs to FAS, fedocal, pkgdb, bodhi... * Flock dead-line was F25-beta freeze (which we're past) * At Flock, FAS2 issue --> dropped FAS3 data until we can get security audit of FAS3 * Also need update to db-migration script -- new license agreement function * Convert this away from mechanism we used in FAS2 * This gives us a way to know which agreement(s) users agreed to, and/or prompt them accordingly * AGREED: Convert current FPCA agreement into FAS3 * Build clean Ansible playbook for FAS3 with a true role, but perhaps do this as a github.com/fedora-infra/fas3-ansible (or other repo e.g. Pagure) * Is there a method for getting client certificates in FAS3? Yes. Go to settings page for this. The certificate is no longer tied to the whole app, but rather per-group. * So for Koji this would be tied to @packager group. * Further, you can also optionally require SSH key for a group PROPOSED: Merge FAS3.0 to development branch when we switch over, since we still have FAS2 elsewhere supybot-fedora also has a fas3 branch which should be ready Timezone handling... AGREED: keep things postgresql-only, storing TZ for the moment. We will add an issue to backlog to handle this down the road to make FAS3 more db-agnostic ACTIONS: * Security audit (already started, using latest git code) --> ETA unknown, will have it soon * Meet to discuss FAS internals --> ETA: 2016-Oct-20, 0800 UTC (10:00 Paris/Amsterdam) * Update db-migration script for CLA handling --> ETA: 2016-Oct-25 * Integration with Ipsilon --> ETA: 2016-Nov-01 * FAS3 in staging --> ETA: 2016-Nov-01 * Update python-fedora --> ETA: 2016-Nov-08? * and deprecate functions where needed * Port all the apps using it (but that's for later) * Make this a major version update * Target for production: 2016-Dec-01? * If we don't make this, slip to early January LATER (for separate followup, not FAS3 blocking) * Updating all flask based apps * kill off flask-fas-openid? <-- happy Patrick -- will break most of our flask app :( * Patrick: would like to make it just use flask-openid transparently without anyone noticing :-) * ouch, we will need to line up changes here then -> plan for later?1 * agreed, I moved this to its own task since it's not (IIUC) strictly required for FAS3 to be deployed -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com

7 years

2
1
1 / 0

Torrent trackers intermittent error issue

by Michael Simms

Hello, I keep getting intermittent torrent tracker errors (Tracker gave an error: "Tracker gave HTTP response code 0 (No Response)") in Transmission for some (not all) Fedora torrents. It is never the same ones if I start a new Transmission session. Typically the PC is powered down over night. The torrents are not stalling out when this error happens, they continue to seed. Eventually Transmission manages to get hold of the peer list and the error message goes. So it seems the torrent tracker host server itself is not responding in a timely manner and causing these errors. Additionally I would like to know if there are any backup trackers I can add to the configuration for the Fedora torrents? Also, since I have active seeding connections I believe it isn't down to a firewall issue or Transmission configuration problem. Any clues though? My TDF LibreOffice torrents do not exhibit the same behaviour.

7 years

2
2
0 / 0

[release] anitya-0.10.1

by Jeremy Cline

Hey everyone, Yesterday I released a new version of Anitya, 0.10.1. Many thanks to those who contributed to this release! Changes ======= 0.10.1 (Nov. 29, 2016) ---------------------- * Fix an issue where the version prefix was not being stripped (Issue #372) * Fix an issue where logs were not viewable to some users (Issue #367) * Update anitya's mail_logging to be compatible with old and new psutil (Issue #368) * Improve Anitya's error reporting via email (Issue #368) * Report the reason fetching a URL failed for the folder backend (Issue #338) * Add a timeout to HTTP requests Anitya makes to ensure it does not wait indefinitely (Issue #377) * Fix an issue where prefixes could be stripped further than intended (Issue #381) * Add page titles to the HTML templates (Issue #371) * Switch from processes to threads in the Anitya cron job to avoid sharing network sockets for HTTP requests across processes (Issue #335) -- Jeremy Cline XMPP: jeremy(a)jcline.org IRC: jcline

7 years

1
0
0 / 0

koschei-backend reinstall as Fedora 25

by Mikolaj Izdebski

Hello, I would like to reinstall koschei-backend as Fedora 25 (currently it's deployed on Fedora 24). This should hopefully fix Nagios warnings about high swap usage. Could someone help me with the following two tasks? 1. Create kickstart kvm-fedora-25-koschei as a copy of kvm-fedora-24, with updated repos and doubled size of swap partition? For security reasons I'm not attaching updated kickstart, but here's a "sed" patch instead: sed -e s/24/25/g -e s/2048/4096/ kvm-fedora-24 >kvm-fedora-25-koschei Alternatively, like Kevin suggested, a generic kvm-fedora-25 could be created with 4 GB of swap. 2. Terminate koschei-backend01.stg VM on virthost11 so that I can recreate it with Ansible? Thanks, -- Mikolaj Izdebski

7 years

2
2
0 / 0

Weekly Koji Infra Tag Report

by Nobody

This is a list of packages in the various infrastructure koji tags Please check and make sure there are not any that can be removed/dropped epel6-infra (no matching packages) epel7-infra Package Tag Extra Arches Owner ----------------------- ----------------------- ---------------- --------------- freeipa-ktutils epel7-infra puiterwijk glusterfs epel7-infra kevin python-robosignatory epel7-infra puiterwijk pdc-updater epel7-infra ralph blockerbugs epel7-infra tflink mirrormanager2 epel7-infra puiterwijk f23-infra (no matching packages) f24-infra Package Tag Extra Arches Owner ----------------------- ----------------------- ---------------- --------------- mediawiki-openid f24-infra kevin python-twill f24-infra codeblock python-flask-testing f24-infra codeblock modern-paste f24-infra codeblock mediawiki-FedoraBadges f24-infra kevin basset f24-infra puiterwijk mediawiki-skin-fedora f24-infra puiterwijk mediawiki-Lockdown f24-infra kevin mediawiki-RSS f24-infra kevin mirrormanager2 f24-infra puiterwijk f25-infra (no matching packages)

7 years

1
0
0 / 0

Weekly Koji Infra Tag Report

by Nobody

This is a list of packages in the various infrastructure koji tags Please check and make sure there are not any that can be removed/dropped epel6-infra (no matching packages) epel7-infra Package Tag Extra Arches Owner ----------------------- ----------------------- ---------------- --------------- freeipa-ktutils epel7-infra puiterwijk glusterfs epel7-infra kevin python-robosignatory epel7-infra puiterwijk pdc-updater epel7-infra ralph blockerbugs epel7-infra tflink mirrormanager2 epel7-infra puiterwijk f23-infra (no matching packages) f24-infra Package Tag Extra Arches Owner ----------------------- ----------------------- ---------------- --------------- mediawiki-openid f24-infra kevin python-twill f24-infra codeblock python-flask-testing f24-infra codeblock modern-paste f24-infra codeblock mediawiki-FedoraBadges f24-infra kevin basset f24-infra puiterwijk mediawiki-skin-fedora f24-infra puiterwijk mediawiki-Lockdown f24-infra kevin mediawiki-RSS f24-infra kevin mirrormanager2 f24-infra puiterwijk f25-infra (no matching packages)

7 years

1
0
0 / 0

Planned Outage: Cloud Environment - 2016-12-01 21:00 UTC

by Stephen John Smoogen

There will be an outage starting at 2016-12-01 21:00 UTC, which will last approximately 4 hours. To convert UTC to your local time, take a look at https://fedoraproject.org/wiki/UTCHowto or run: date -d '2016-12-01 21:00 UTC' Reason for outage: We have been in a freeze for the release of Fedora 25 and have multiple updates across the systems needed to occur. Part of these are to bring RHEL-7 systems to 7.3 and others are to bring some systems to Fedora 25. Affected Services: Cloud Environment - *.fedorainfracloud.org Unaffected Services: Bodhi - https://admin.fedoraproject.org/updates/ Buildsystem - http://koji.fedoraproject.org/ Package Database - https://admin.fedoraproject.org/pkgdb/ BFO - https://boot.fedoraproject.org/ GIT / Source Control DNS - ns1.fedoraproject.org, ns2.fedoraproject.org Docs - https://docs.fedoraproject.org/ Email system Fedora Account System - https://admin.fedoraproject.org/accounts/ Fedora Community - https://admin.fedoraproject.org/community/ Fedora Hosted - https://fedorahosted.org/ Fedora Insight - https://insight.fedoraproject.org/ Fedora People - https://fedorapeople.org/ Main Website - https://fedoraproject.org/ Mirror List - https://mirrors.fedoraproject.org/ Mirror Manager - https://admin.fedoraproject.org/mirrormanager/ QA Services Secondary Architectures Spins - https://spins.fedoraproject.org/ Start - https://start.fedoraproject.org/ Torrent - https://torrent.fedoraproject.org/ Translation Services - https://translate.fedoraproject.org/ Wiki - https://fedoraproject.org/wiki/ Staging - .stg.fedoraproject.org, .stg.phx2.fedoraproject.org Ticket Link: https://pagure.io/fedora-infrastructure/issue/5581 Contact Information: infrastructure @lists.fedoraproject.org Please join #fedora-admin in irc.freenode.net or add comments to the ticket for this outage above. -- Stephen J Smoogen.

7 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

infrastructure November 2016