Fedora Infrastructure IRC Meeting Log from 2007-07-05

Jeffrey C. Ollie jeff at ocjtech.us
Thu Jul 5 21:05:51 UTC 2007

[15:04] mmcgrath has set the subject to Fedora Infrastructure -- Who's here?
[15:04] * abadger1999 stops coding for a minute and prepares for a meeting
[15:04] * xDamox is ehre
[15:04] fchiulli: frank is here
[15:05] jcollie: hello...
[15:05] f13: I'm somewhat here
[15:05] mmcgrath: we'll be following http://fedoraproject.org/wiki/Infrastructure/Schedule as usual.
[15:06] mmcgrath has set the subject to Ticketing System -- All
[15:06] MrBawb has joined the group chat (i=abob at guppy.drown.org)
[15:06] mmcgrath: So https://hosted.fedoraproject.org/projects/fedora-infrastructure/ is up.
[15:06] mmcgrath: AFAIK, people have been testing with it.
[15:06] mmcgrath: I like it quite a bit.
[15:06] G: mmcgrath: looks good, but can we please put the header image on HTTPS?
[15:06] mmcgrath: G:  sure.
[15:06] mmcgrath: f13: should we put just the login on https?
[15:07] mmcgrath: we can leave it for now as is.
[15:07] * skvidal is here - just grumbly
[15:07] mmcgrath: Does anyone have any issues with me sending out a notification and migrating some items to it?
[15:08] G: well yeah, just not a mix, some browsers *cough*IE*cough* don't like it
[15:08] mmcgrath: <nod>
[15:08] mmcgrath: I'll take that as a no.
[15:08] paulobanon: im here
[15:08] mmcgrath: paulobanon: yo
[15:08] * warren here
[15:08] f13: mmcgrath: we should just do all I suppose.  Easier.
[15:08] f13: I hate to auth via https then suddenly drop to non https
[15:08] * mmcgrath does too
[15:09] GeroldKa has joined the group chat (n=GeroldKa at fedora/geroldka)
[15:09] mmcgrath: So after the announcement and migration of old tickets I'll be removing a bunch of queues and things from OTRS.
[15:09] mmcgrath: we still need to figure out what to do with logo at fedoraproject.org and webmaster at fedoraproject.org
[15:09] warren: ah, OTRS is shutting down?
[15:10] mmcgrath: I've thought about just having a filter that replies with something like "we've moved to a web based system, please go here"
[15:10] mmcgrath: but I'll leave that up to those teams.
[15:10] mmcgrath: warren: I'd like it to but we've committed to something at least for webmaster and logo.  I'll have to work out something with them.
[15:10] Rasther has joined the group chat (n=diego at fedora/Rasther)
[15:10] mmcgrath: We'll see, anyone have anything else on that topic before we move on?
[15:11] mmcgrath: alllrighty
[15:11] paulobanon: when _!
[15:11] paulobanon: ?
[15:11] paulobanon: 
[15:11] mmcgrath: paulobanon: hopefully by the end of the week.
[15:11] paulobanon: k
[15:11] mmcgrath has set the subject to Package Database -- abadger1999
[15:11] mmcgrath: abadger1999: whats the latest?
[15:12] abadger1999: I'm lagging behind but I think I've just fixed the last issue for bugzilla sync 
[15:12] abadger1999: I also made a few changes that enable logging into the packagedb from the commandline.
[15:13] mmcgrath: abadger1999: any chance for you to move your main testing to publictest1?
[15:13] abadger1999: So I can jump right into writing a script to insert information from new completed reviews and branch requests in to the db.
[15:13] abadger1999: I've been trying to complete the initial rollout so I didn't work on that but I can.
[15:13] abadger1999: Does it use supervisor?
[15:14] abadger1999: I'll need to make that port anyho.
[15:14] mmcgrath: abadger1999: it doesn't have any tg on there yet at all.
[15:14] abadger1999: mmcgrath: k.  I'll see about setting it up.
[15:14] mmcgrath: solid.
[15:14] mmcgrath: anything else?
[15:14] warren: one thing
[15:14] abadger1999: Anyways -- all that's left is koji sync + the new branch/package script.
[15:15] warren: Did we agree on where non-people accounts should be?
[15:15] warren: We'll need a koji account (with a cert) for automated sync from pkgdb to koji
[15:15] abadger1999: Ah.  So I have a few non-people users in the account system living at 9900+
[15:15] abadger1999: But none of those are supposed to login to anything.
[15:15] warren: although FAS accounts != koji
[15:16] warren: so I'm a little confuse
[15:16] warren: d
[15:16] abadger1999: The koji account is slightly different.
[15:16] * mmcgrath is too
[15:16] mmcgrath: these accounts are a requirement for the pkgdb?
[15:16] abadger1999: warren: Don't koji accounts sync from FAS?
[15:16] warren: abadger1999, I'll ask f13 to confirm
[15:16] abadger1999: mmcgrath: All owners in the pkgdb have to be in the FAS.
[15:17] f13: yes
[15:17] mbonnet: abadger1999: there's no syncing...users are created in koji on-demand, when someone with a FAS client cert logs in
[15:17] f13: koji just allows in proper SSL certs
[15:17] f13: and creates users on the fly IIRC
[15:17] abadger1999: Ah.  So you have to get a cert from the FAS.  Once you have that, koji gives you permission to connect.
[15:17] mmcgrath: yep
[15:18] abadger1999: But doesn't actually share any information (like human_name_ with each other.
[15:18] f13: correct
[15:18] f13: koji's userdb is very very simple.
[15:19] f13: username: permissions
[15:19] abadger1999: Does koji have a list of revoked certs?
[15:19] f13: I don't know.
[15:19] * abadger1999 think of roozbeh's stolen laptop.
[15:19] mbonnet: abadger1999: not yet...it could though
[15:19] f13: that's a good question for mbonnet
[15:19] f13: oh there he is (:
[15:19] mbonnet: would just need to be configured in mod_ssl
[15:20] * mmcgrath smells an SOP
[15:21] mmcgrath: should we talk about that later?
[15:22] mmcgrath: abadger1999: can we move on for now?
[15:22] abadger1999: Well... warren, what do you need for koji sync to proceed?
[15:22] mbonnet: however, nalin pointed out a problem with our certificate generation (they all use serial# 0) that might make certificate revocation a problem
[15:22] warren: abadger1999, just for me to finish it, it is relatively straightforward
[15:22] abadger1999: And a cert?
[15:23] warren: abadger1999, that's a separate problem that can be solved after, I'll develop using my account
[15:23] abadger1999: k.  Then yes, let's move on.
[15:24] mmcgrath has set the subject to Config Management -- mmcgrath
[15:24] mmcgrath: Nothing new here really.  skvidal is trying to figure out a good way to bring puppet to our external servers.
[15:24] * skvidal wants to hate puppet a lot
[15:24] skvidal: no,
[15:24] skvidal: actually that's not true
[15:24] skvidal: I hate the pix
[15:25] skvidal: it is not puppet's fault that our routing is weird
[15:25] f13: the pix.  oh god, the pix
[15:25] rordway|m: not the pix
[15:25] mmcgrath: same old story where fp.o doesn't exist internally and fedora.phx.redhat.com doesn't exist externally.
[15:25] jcollie: is there a reason that we can't replace the pix with a fedora box/iptables?
[15:25] mmcgrath: our routing is very normal 
[15:25] skvidal: jcollie: capacity
[15:25] f13: and eew.
[15:25] mmcgrath: jcollie: $, space, TIME, don't forget we'd need 2 (redundancy)
[15:25] f13: please no networking infrastructure running on FEdora.
[15:26] paulobanon: skvidal: which PIX and which IOS ?
[15:26] skvidal: paulobanon: no clue - we just get to ask for things to be changed on it
[15:26] mmcgrath: paulobanon: the problem is the pix can't route traffic out the same interface that it came in on.
[15:26] paulobanon: 515E with anyacelarator cards ?
[15:26] mmcgrath: tis a 'feature'
[15:26] * jcollie should package up rancid so that we can backup the pix configs
[15:26] paulobanon: you can create virtual interfaces
[15:27] skvidal: paulobanon: so you route to that one from your hosts and it routes you back into the other
[15:27] paulobanon: i used to do that in my old company, unless im not following what u guys are trying to do
[15:27] paulobanon: basically i had 1 physical interface with 3 virtual ones there
[15:27] mmcgrath: we've got external IP on one interface, internal ip on the internal interface.
[15:27] mmcgrath: we're trying to have the internal network contact the external IP and have it come back correctly.
[15:28] mmcgrath: and AFAIK, its disabled in the PIX as a feature
[15:28] * mmcgrath would love to be corrected in this matter
[15:28] MrBawb: paulobanon: it can't route back out the same virtual interface
[15:28] skvidal: MrBawb: wouldn't have to
[15:28] paulobanon: mmcgrath send me a diagram with what you need
[15:28] mmcgrath: the guys in #cisco would be able to say better
[15:28] mmcgrath: buhh
[15:29] mmcgrath: paulobanon: | int1 (PIX) ext1 |
[15:29] mmcgrath: we want a to be able to access
[15:29] paulobanon: u want both to talk directly is that it ?
[15:29] paulobanon: do a static
[15:29] mmcgrath: the pix is using nat.
[15:30] mmcgrath: won't work.
[15:30] mmcgrath: talk to the guys in #cisco
[15:30] MrBawb: I'm told in PIX 7.2 there's a way to enable traffic to route out the same virtual interface it comes in on
[15:30] MrBawb: as a config feature
[15:30] mmcgrath: now that you mention that I seem to remember that being enabled in a later version as well.
[15:30] mmcgrath: more research then.
[15:31] paulobanon: 
[15:31] * mmcgrath will move on so we can get done with the meeting.
[15:31] mmcgrath: paulobanon: do you know pix's?
[15:31] mmcgrath: if you could let us know exactly what to do I could pass that on to the network guys.
[15:31] mmcgrath has set the subject to VCS Choice -- jcollie
[15:31] mmcgrath: jcollie: any news on your git stuff?
[15:31] jcollie: i've updated by git page a bit
[15:31] paulobanon: well i used to get AD replications go over a PIX, and that had dynamic ports 
[15:32] jcollie: i've got the conversion script running on publictest1
[15:32] mmcgrath: how's publictest1 working for you?
[15:32] jcollie: although it needs a few more tweaks
[15:32] jcollie: now that git and emacs are installed it works great
[15:32] mmcgrath: good
[15:32] mmcgrath: jcollie: have you had a look at tailor?
[15:32] jcollie: although once i'm ready to convert the entire repo i'll need some more disk space
[15:33] jcollie: mmcgrath, yeah i've used tailor before but git has better tools natively
[15:33] mmcgrath: cool
[15:33] mmcgrath: jcollie: well let us know if you need anything.
[15:33] mmcgrath has set the subject to db1 -- mmcgrath
knurd is now known as knurd_afk
[15:33] mmcgrath: an outage is scheduled for this monday.  Hopefully we'll have no bumps.
[15:34] mmcgrath: I'd appreciate it if any of you that could be around, to be around.
[15:34] mmcgrath: never hurts to have people on hand for these types of things.
[15:34] mmcgrath has set the subject to Server Upgrades -- mmcgrath
[15:34] mmcgrath: I've put in a request for a memory upgrade for two boxes.  I'm still awaiting to hear exactly what will come of it.
[15:35] mmcgrath has set the subject to Xen Conversion -- mmcgrath
[15:35] mmcgrath: as I mentioned on the list I've created a "scanXen.sh" on bastion.
[15:35] mmcgrath: should let everyone know what hosts are running on what guests.
[15:35] paulobanon: nice scripts btw!
[15:35] mmcgrath: danks
[15:35] mmcgrath has set the subject to Bacula Transition -- mmcgrath
[15:35] mmcgrath: I've gotten the ok from ixs to comaintain this pacakge.
[15:36] mmcgrath: I'm waiting for one more post from him then hopefully we can get it accepted.
[15:36] mmcgrath: ixs: any word on that?
[15:36] * mmcgrath will assume ixs isn't around 
[15:37] mmcgrath has set the subject to Elvis move -- mmcgrath
[15:37] mmcgrath: so I'm working on moving some modules from elvis to cvs.
[15:37] mmcgrath: http://fedoraproject.org/wiki/Infrastructure/RFR/ElvisMove
[15:37] mmcgrath: its... coming along I suppose.
[15:37] paulobanon: full of confidence i see...
[15:37] mmcgrath: I've run into a few errors, rather than assume the correct next action I've contacted the devs.
[15:37] paulobanon: 
[15:37] mmcgrath: heh
[15:38] mmcgrath has set the subject to FAS2 -- mmcgrath
[15:38] mmcgrath: right now I've moved FAS2 to publictest1 but I can't get FDS to start, I need to contact the fds guys as to why that is.
[15:38] mmcgrath: As soon as the translation, db1 and hosted.fp.o thing settle down I'm hoping to hit it pretty hard.
[15:39] mmcgrath has set the subject to Project Hosting -- f13
[15:39] mmcgrath: f13: any news?
[15:39] paulobanon: is FAS2 in dev status or already in testing phase ?
[15:39] f13: mmcgrath: going to package up the plugins I use for Trac so they're proper
[15:39] mmcgrath: dev
[15:39] mmcgrath: f13: do you have a time frame on that?
[15:39] ixs: mmcgrath: I'm around. finishing up tomorrows presentation.
[15:39] f13: and caught wind of another plugin we should probably use, a change multiple plugin.
[15:39] f13: mmcgrath: I was hoping this afternoon, ran into some things.  I'm working from home tomorrow and should have more time to do it then.
[15:39] mmcgrath: f13: cool
[15:40] mmcgrath: ixs: do you know when you'll have the latest bacula posted?
[15:40] ixs: mmcgrath: I hope I'll manage saturday afternoon or sunday.
[15:40] mmcgrath: ixs: k.
[15:40] ixs: if not, I'll just hand over the current stuff to you and you can finish it while I'm having exams.
[15:40] mmcgrath: ixs: solid, thanks.
[15:40] mmcgrath: f13: anything else on project hosted?
[15:42] * mmcgrath moving on
[15:42] f13: I don't think so.  WOuld still like a logo and such
[15:42] mmcgrath: <nod>
[15:42] rwmjones_ has joined the group chat (n=rjones at
[15:42] mmcgrath has set the subject to fedorapeople.org -- skvidal
[15:42] mmcgrath: skvidal: yo
[15:42] mmcgrath: whats the word?
[15:42] skvidal: yes
[15:42] rwmjones_ has left ("Leaving" (n=rjones at
[15:42] skvidal: xen instance is up
[15:42] skvidal: registetred host names
[15:43] skvidal: I'm just fighting with puppet on external hosts to get it ocnfigured properly
[15:43] skvidal: does anyone remember what the plan was for controlling the wildcard dns?
[15:43] f13: plan?
[15:43] mmcgrath: 'controlling' ?
[15:43] skvidal: okay
[15:43] skvidal: good times
[15:43] paulobanon: heh
[15:44] f13: can't we do some fun $GENERATE stuff?
[15:44] mmcgrath: if alsdkfj.fedorapeople.org doesn't exist can't we just send it to the default location?
[15:44] f13: or failing that, hook up some tool to parse active users and spit out a fully formed zone file?
[15:44] skvidal: f13: that sounds like unfun
[15:44] skvidal: I'm inclined to - if we don't find a match dump them elsewhere
[15:44] f13: mmcgrath: I assume we don't want things like 'shihead.fedoraproject.org' actually loading a page.
[15:45] f13: er 'shithead'
[15:45] f13: or even worse words.
[15:45] mmcgrath: s/fedoraproject/fedorapeople/g
[15:45] f13: all the same
[15:45] skvidal: f13: jessekeating.atemyballs.com ?
[15:45] mmcgrath: I had assumed that an unfound address would bring up a page saying that "This user does not exist"
[15:46] f13: that would probably be acceptable.
[15:46] mmcgrath: something very un-interesting.
[15:46] mmcgrath: skvidal: what did you have in mind?
[15:46] skvidal: probably dumping them to a page with an index of all the users
[15:46] skvidal: so they could figure out where they went wrong
[15:47] mmcgrath: WORKSFORME
[15:47] skvidal: okie doke
[15:47] skvidal: once I get puppet/the firewalled boxes to behave
[15:47] skvidal: I'll move on from there
[15:47] skvidal: planet1.fedoraproject.org will be up by the end of the day
[15:47] skvidal: once it is happy I'll repoint planet to it
[15:48] mmcgrath: excellent.
[15:48] mmcgrath: skvidal: whats the word on your quota strategy?
[15:48] skvidal: mmcgrath: $magic
[15:48] mmcgrath: buhhhhh perl?
[15:48] mmcgrath: 
[15:49] skvidal: mmcgrath: it's all local disk - we can do per-user quotas soft/hard set equal so they fail immediately when they fill up
[15:49] skvidal: the only trick I have to figure out is new user addition
[15:49] skvidal: when make-shell-accounts automatically adds new folks
[15:49] skvidal: how do we add their quotas
[15:49] skvidal: optionally
[15:50] skvidal: we can just add quotas to all users after every make-shell-accounts run
[15:50] skvidal: for user in people
[15:50] skvidal:    setquota to protouser quota
[15:50] skvidal: etc
[15:50] skvidal: any objections?
[15:50] abadger1999: skvidal: That second one sounds easier.
[15:50] skvidal: easier than $magic?
[15:51] skvidal: you must not be a real wizard, then 
[15:51] mmcgrath: skvidal: I'm up for whatever.
[15:51] mmcgrath: we can always change it if its not working for some reason
[15:51] skvidal: mmcgrath: I've heard that about you
[15:51] * paulobanon wonders if everyone is waiting for the last Harry Potter book...
[15:51] skvidal: paulobanon: I am
[15:51] skvidal: oh and speaking of that
[15:51] paulobanon: me too 
[15:51] skvidal: july 21st
[15:51] paulobanon: haha
[15:51] skvidal: do not expect to hear from me
[15:51] paulobanon: 24h reading
[15:52] jcollie: been on preorder at amazon.com for months 
[15:52] jcollie: skvidal, what about jul 11th?
[15:52] mmcgrath: alright alright
[15:52] mmcgrath: lets hold off on the hp stuff for a bit
[15:52] mmcgrath: skvidal: anything else?
[15:52] paulobanon: skvidal: please prepare an skvidal_outage and mail it
[15:52] skvidal: mmcgrath: no - all good
[15:52] f13: I may be out that day as well
[15:53] f13: possibly longer depending on if I sustain injuries during fighting with my wife for the book
[15:53] * kanarip keeps silent
[15:53] * paulobanon apologises for taking the meeting out of trac
[15:53] mmcgrath: no worries
[15:53] mmcgrath has set the subject to Ibiblio Mirror -- My bad
[15:54] mmcgrath: Still nothing new on this.
[15:54] skvidal: mmcgrath: what's on the [s]hitlist for that?
[15:54] mmcgrath: skvidal: test the new mirror from phx
[15:54] mmcgrath: then find a group of mirrors to test with.
[15:54] skvidal: sorta an mdomsch sort of thing
[15:55] mmcgrath: well that first one we can do.
[15:55] Rasther has left ("..." (n=diego at fedora/Rasther))
[15:55] mmcgrath: I was going to work with mdomsch on the test group but he's on vacation 
[15:55] mmcgrath: so thats where its att
[15:55] mmcgrath has set the subject to Open Floor -- Anyone
[15:55] mmcgrath: So I'm thinking for the next meetings we'll try to actually use the ticketing system.
[15:55] paulobanon: mmcgrath can u create an are or in trac or in the wiki and upload our public scripts
[15:56] paulobanon: so that they wont get lost
[15:56] mmcgrath: paulobanon: OH thast right.
[15:56] mmcgrath has set the subject to HG vs GIT -- All
[15:56] mmcgrath: Ok, so both hg and git do what we need to do.
[15:56] mmcgrath: seems like our group tilted to git.
[15:56] mmcgrath: thoughts?
[15:57] paulobanon: guess not
[15:57] abadger1999: Let's do it.
[15:57] skvidal: mmcgrath: darcs!
[15:57] f13: rcs
[15:57] abadger1999: skvidal: Because we don't spend enough quality time answering questions from our VCS 
[15:57] f13: I still try to do 'co -l' when I check something out.
[15:58] skvidal: f13: see, this is why you're broken
[15:58] f13: yes, I cut my teeth on sun solaris and rcs and bind.  Aren't I lucky
[15:58] paulobanon: talking about VCS, when will we resume the discussions about the new packagers VCS ?
[15:58] mmcgrath: Well lets just take a vote
[15:58] mmcgrath: +git
[15:58] mmcgrath: or
[15:58] mmcgrath: +hg
[15:58] skvidal: +git
[15:58] mmcgrath has set the subject to Vote
[15:58] paulobanon: +git
[15:59] f13: +git
[15:59] blizzard: +cvs
[15:59] * blizzard runs
[15:59] * paulobanon waves to blizzard
[15:59] halfline: f13: +git?  I thought you were very +hg ?
[15:59] tibbs has left ("Konversation terminated!" (n=tibbs at fedora/tibbs))
[15:59] abadger1999: +git
[16:00] mmcgrath: ok, the gits have it
[16:00] * mmcgrath is actually wearing a shirt right now that says "I'm with this stupid git" and there's an arrow.
[16:00] mmcgrath: so I'll get working on that
[16:00] mmcgrath has set the subject to Open Floor -- ALL
[16:00] f13: halfline: well, that was until I wanted to do in-repo branching.
[16:00] mmcgrath: we've got a couple minutes left.
[16:00] mmcgrath: Anyone have anything to discuss?
[16:00] ke4qqq has joined the group chat (n=chatzill at
[16:00] f13: halfline: I still prefer hg's ui and simplicity, but in-repo branching is terrible there.
[16:01] paulobanon: we should start talking about the future VCS in the ML again...
[16:01] paulobanon: its never too early to take care of such an important thing
[16:02] abadger1999: f13: bzr 
[16:02] * abadger1999 's turn to run
[16:02] mmcgrath: paulobanon: thats true.  Jcollie has been doing a good job working with getting some git stuff going too.
[16:03] mmcgrath: Ok, its time, anyone have anything else?  if not I'll close the meeting in 15
[16:03] eva has joined the group chat (n=eva at
[16:04] mmcgrath has set the subject to MEETING END
