16:00:33 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure
-- Role Call
16:00:35 < mmcgrath> Who's here?
16:00:36 * ricky
16:00:36 -!- warren [EMAIL PROTECTED]/wombat/warren] has quit Remote closed the
connection
16:00:37 -!- jeremy [EMAIL PROTECTED]/redhat/x-0f82d1e06695232a] has quit
Remote closed the connection
16:00:39 < mmcgrath> quick before they drop
16:00:40 < ricky> Haha.
16:00:41 < mmcgrath> doah, too late.
16:00:48 < jima> oops
16:01:01 * jima here
16:01:18 * kyriakos_ (not that it really makes any difference :P)
16:01:23 < mmcgrath> skvidal: abadger1999 paulobanon f13 ivazquez ricky jima
lmacken dgilmore kyriakos_
ping?
16:01:24 < londo> heh
16:01:28 < mmcgrath> londo: ping :)
16:01:30 < paulobanon> here
16:01:35 < abadger1999> pong
16:01:38 < londo> here
16:01:40 < jima> pong
16:01:40 < ivazquez> Pong.
16:02:01 < jima> (not that sets off my nick detection...maybe i should work on
that)
16:02:17 < paulobanon> can we change the meeding for friday, to see if they
still disconnect :D
16:02:29 < mmcgrath> paulobanon: we could :)
16:02:39 < mmcgrath> Ok, I think we have enough to get started.
16:02:46 < ricky> Or move the time :)
16:02:57 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure
-- First tickets
16:02:59 < mmcgrath>
https://hosted.fedoraproject.org/projects/fedora-infrastructure/query?status=new&sta
tus=assigned&status=reopened&group=milestone&keywords=%7EMeeting&order=priority
16:03:49 < mmcgrath> Ok, one thing I wanted to talk to everyone about is some
of the architectural
changes I've been planning / making.
16:04:00 < mmcgrath> Long story short we're slowly decentralizaing our
infrastructure.
16:04:10 < mmcgrath> this is A) cool and B) not simple.
16:04:15 < mmcgrath> B's the part I'm worried about.
16:04:29 < mmcgrath> Basically we're adding a bunch of redundancy to our
environment but also adding
complexity and points of failure.
16:04:38 < jima> mmhmm
16:04:42 * daMaestro is here
16:04:45 < mmcgrath> I recently created another domain to help ease this
transition, right now its
public but in the future it probably won't be.
16:04:48 < mmcgrath> daMaestro: yo
16:05:15 < mmcgrath> Once complete, every machine will be able to get to every
other machine via
"hostname.vpn.fedoraproejct.org" once you're connected to
a machine. (firewall
permitting)
16:05:34 < jima> oh, neat.
16:05:42 < mmcgrath> Part of this is the vpn configuration and part of this is
naming our machines.
16:05:51 -!- rdieter_away is now known as rdieter
16:06:00 -!- jeremy [EMAIL PROTECTED]/redhat/x-824cfb21e0d420e3] has joined
#fedora-meeting
16:06:00 < mmcgrath> Long story short, once you're on the network, use
hostname.v.fp.o
(vpn.fedoraproject.org)
16:06:16 < mmcgrath> whereas all other external requests will come through just
fedoraproject.org
16:06:31 < mmcgrath> we'll no longer have the fedora.redhat.com domain
(including the test boxes) and
we'll be done with fedora.phx.redhat.com.
16:06:32 < paulobanon> when will this be fully functional ?
16:06:37 < jima> mmcgrath: GOOD!
16:06:47 < mmcgrath> paulobanon: *fully* functional, probably after F8 but long
long before F9
16:06:51 < ricky> Nice.
16:06:57 * jima is a little tired of guessing "fedoraproject.org? or
fedora.redhat.com?"
16:07:00 < mmcgrath> but we will have at least one remote proxy.
16:07:06 < mmcgrath> jima: I think others are as well.
16:07:22 * mmcgrath realizes its not second nature for most people.
16:07:29 * jima nods
16:07:46 < mmcgrath> I did test the proxy2 box, it was handling all of the fp.o
traffic yesterday on a
xen guest, with one processor and 1G ram.
16:07:48 < ricky> But does this mean that simply ssh puppet1, for example will
need to be ssh
puppet1.vpn.fedoraproject.org instead?
16:07:53 < mmcgrath> the physical box itself will allow for MUCh more than that.
16:08:03 < mmcgrath> ricky: its all in how we decide to search domains.
16:08:09 < ricky> Aha, OK.
16:08:16 < ivazquez> And configure ssh.
16:08:29 < ricky> Good point :)
16:09:00 < mmcgrath> I'm also slowly getting together a network map, this will
greatly complicate our
current network setup which is currently "Its in PHX or a
one off in duke"
16:09:05 < paulobanon> ~when do we need to start renaming everything _
16:09:06 < paulobanon> ?
16:09:12 < mmcgrath> hopefully the day to day functionality will be different.
16:09:22 < mmcgrath> paulobanon: not sure yet, we may not need to rename
anything.
16:09:32 < mmcgrath> just change to the new scheme when we rebuild.
16:09:54 < paulobanon> k k
16:09:59 < mmcgrath> The biggest hangup I have right now is bootstrapping a
build on a box that is off
of the network.
16:10:21 < mmcgrath> I'd like to build over vpn so that the ks isn't sent in
clear text and anaconda
doesn't seem to support https (I could be wrong on that)
16:10:24 < mmcgrath> jeremy: ping?
16:11:13 < mmcgrath> I've given some thought to having xen do a bridge on the
tap device, that way the
xen guests wouldn't need VPN at all, they'd use the xen
bridge and it'd go over the
vpn from there but there are some security worries I have
with that, as well as
SPOF worries.
16:11:13 < jeremy> mmcgrath: what's up?
16:11:20 < londo> mmcgrath: you can do a wget, %include from kickstart would
that be enough?
16:11:28 < mmcgrath> jeremy: does anaconda support https to get a ks?
16:11:34 < notting> no
16:11:39 < mmcgrath> notting: thanks
16:11:54 < jeremy> mmcgrath: well, it's more complicated than that
16:12:00 < mmcgrath> londo: the problem is getting the ks file in the first
place, we'll just have to
figure something else out.
16:12:05 < jima> mmcgrath: bridge + ebtables to redirect the traffic to the vpn?
16:12:10 < jima> (or such)
16:12:12 < jeremy> mmcgrath: you can have a minimal kickstart config that is
just enough to get to the
second stage. then you can have it include %ksappend
https://...
16:12:24 < mmcgrath> jima: yeah.
16:12:39 < mmcgrath> jeremy: I'm mostly worried about sending even a fake,
encrypted root password over
the net.
16:13:09 < mmcgrath> no worries, we'll figure something out.
16:13:13 < jeremy> mmcgrath: you don't include the root pass in the first
snippet
16:13:30 < jeremy> mmcgrath: you have lang, keymap, network, and url (or nfs or
whatever) + the
%ksappend line
16:13:31 < kyriakos_> mmcgrath: how feasible would it be to have local
buildboxes with http proxies for
the packages?
16:13:40 < mmcgrath> <nod> we could do that.
16:13:52 < mmcgrath> kyriakos_: for personal or global use?
16:13:56 < mmcgrath> s/global/public/
16:14:07 < kyriakos_> mmcgrath: global
16:14:30 < mmcgrath> kyriakos_: people actually do all the time for local
builds + squid and such
16:14:44 < mmcgrath> jeremy: ahh, I can give that a go.
16:15:05 < mmcgrath> Ok, anyone have any other questions on the vpn + new
domain topic?
16:15:06 -!- GeroldKa [EMAIL PROTECTED]/geroldka] has joined #fedora-meeting
16:15:09 < mmcgrath> if not we'll move on.
16:15:10 < nirik> just FYI, we have a pretty complete mirror at our site local
to proxy3, so if it pulls
packages from there it should be quite zippy.
16:15:22 < mmcgrath> nirik: actually thats good to know, thanks.
16:16:05 < mmcgrath> That was ticket
https://hosted.fedoraproject.org/projects/fedora-infrastructure/ticket/154 BTW
16:16:06 < nirik> (mirrormanager should already point fedora stuff using
mirrorlists to the right place,
but you would need IP for centos/debian/ubuntu/whatever other
things)
16:16:25 < mmcgrath> its still in the very early stages so I hope to keep
communcations open on ideas
and such when we get to actual implementation.
16:16:35 < mmcgrath> nirik: <nod>
16:16:48 < kyriakos_> is there a standard vpn package that you use?
16:16:53 < mmcgrath> Ok, next ticket is the VCS choice.
16:16:57 < mmcgrath> kyriakos_: we're using openvpn.
16:17:14 < mmcgrath> jcollie is absent again so we'll skip that. /me wonders
how he's doing its been a
while.
16:17:36 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure
-- Schedule
16:17:38 < mmcgrath> http://fedoraproject.org/wiki/Infrastructure/Schedule
16:17:54 < mmcgrath> Ok, Corporate Sponsorship has gone ok.
16:18:06 -!- warren [EMAIL PROTECTED]/redhat/x-8a9f6cb294f7e3f1] has joined
#fedora-meeting
16:18:14 < mmcgrath> right now we're still waiting for legal to get back to us
with the official ok for
tummy.com but its all setup and ready for the go ahead
16:18:19 * mmcgrath makes note to follow up about that.
16:18:46 < mmcgrath> Nothing terribly new this week, we have funding to
purchase a server for the colo
in Germany.
16:18:54 < jima> oh, cool.
16:18:56 < paulobanon> mmcgrath: nice!
16:18:56 < mmcgrath> Just waiting on the quote to come back and that should be
a pretty new/good thing.
16:19:08 * mmcgrath thanks paulobanon, it could be EXTREMELY useful in the
coming months.
16:19:22 < mmcgrath> I mean, a half rack in Europe is nothing to shake a stick
at.
16:19:30 < paulobanon> nothing to thank for :P
16:19:47 < paulobanon> i had the contacts, so i provided them thats it :)
16:20:05 < mmcgrath> I've sent a couple of more emails out but had nothing
concrete come back with a yes
or no.
16:20:13 < mmcgrath> ricky: ping
16:20:18 < ricky> mmcgrath: pong
16:20:20 -!- giarc [EMAIL PROTECTED] has joined #fedora-meeting
16:20:32 < mmcgrath> ricky: I've kind of ignored the status of that sponsorship
page, are we just
waiting on the new templating system?
16:20:35 < mmcgrath> how close is it?
16:20:39 < jima> a half rack? wow.
16:20:53 < mmcgrath> jima: no kidding.
16:21:13 < ricky> mmcgrath: Well, I'd say that it works now (as in can generate
the static pages that we
have now).
16:21:21 < mmcgrath> ..but ?
16:22:00 < ricky> It could possibly use some cleanup, though- I might not have
done things in the
smartest way.
16:22:08 < mmcgrath> k
16:22:14 < ivazquez> I can take a look after if you like.
16:22:44 < mmcgrath> ricky: is your stuff in the fedora CVS already?
16:22:46 < ricky> I'd like to possibly try to setup a generated site at /_/ or
something and hope that
we can use templates for F8.
16:22:47 < paulobanon> ricky/mmcgrath: is this something for pre-F8 or after ?
16:22:49 < mmcgrath> you're using genshi or kid or something else?
16:22:57 < paulobanon> ricky: already replied :)
16:23:07 < mmcgrath> paulobanon: pre-F8, I'm actually hoping for it in the next
week or so (the
sponsorship page that is)
16:23:15 < mmcgrath> and if its blocking on the templating system thats ok.
16:23:22 < ricky> mmcgrath: Genshi, and it's currently in
http://ricky.fedorapeople.org/fedora-web/.git/.
16:23:42 * mmcgrath forgot about that.
16:23:54 < mmcgrath> ricky: remind me after the meeting, I'll get the websites
team setup with control
over that.
16:24:00 < ricky> Sure thing.
16:24:48 < ivazquez> Hrm. I can't seem to clone it.
16:25:02 -!- notting [EMAIL PROTECTED]/notting] has quit "Ex-Chat"
16:25:18 < ricky> ivazquez: Oops, running that now.
16:25:31 < paulobanon> ricky: if this is something that will go forward, why
not get it into hosted ?
16:25:36 < ricky> ivazquez: Try now.
16:25:48 < paulobanon> as an actual project :)
16:25:52 < ivazquez> Much better.
16:25:59 < mmcgrath> paulobanon: welll, this one's actually going to be a place
just for the websites
team.
16:26:11 < mmcgrath> so it'll be going on git.fedoraproject.org, I've just been
bad about getting it on
there :(
16:26:21 < paulobanon> ahh ok ok
16:26:39 < mmcgrath> ricky: ivazquez: can you two give that a look over and get
it up early next week?
We can test in /_/
16:27:03 < ivazquez> I'm a bit busy here, but I'll do what I can.
16:27:11 < ricky> Thanks.
16:27:18 < mmcgrath> ivazquez: thanks, I'd greatly appreciate it.
16:27:22 * jima has to roll out before the meeting endtime
16:27:26 < mmcgrath> Ok we'll move on to architecture.
16:27:48 < mmcgrath> Is there anyone here that'd be willing to document some
stuff for me on SOP's or in
kivio/dia?
16:28:03 < mmcgrath> I'm working on some of this as well but we can always use
help :)
16:28:23 < paulobanon> mmcgrath: if u drop me what u want, i can give u a hand
16:28:37 < mmcgrath> paulobanon: excellent, I'll take you up on that.
16:28:40 -!- clarkbw [EMAIL PROTECTED]/redhat/x-a033520974148b46] has quit
"Ex-Chat"
16:28:54 < mmcgrath> not much has happened during this week on that but more is
on the way.
16:29:04 < mmcgrath> Next thing on the Schedule is SOP's, nothing new there.
16:29:08 < mmcgrath> So I'll open the floor
16:29:16 < paulobanon> proxies
16:29:17 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure
-- Open Floor
16:29:21 < paulobanon> caching that is
16:29:27 < mmcgrath> paulobanon: yes, discuss the caching on the proxies.
16:29:56 < paulobanon> so we had a nice "impersonating experience" of lmacken
in bodhi this week
16:30:00 -!- mdomsch [EMAIL PROTECTED] has joined #fedora-meeting
16:30:13 < paulobanon> mod_cache was playing some tricks on us
16:30:21 < jima> heh
16:30:25 < lmacken> :)
16:30:31 -!- stahnma [EMAIL PROTECTED] has joined #fedora-meeting
16:30:38 < mmcgrath> that was fun.
16:30:47 < paulobanon> a fully functional caching bodhi is setup in
pt1.f.rh.c/updates
16:31:07 < jima> i tried impersonating lmacken at a store, but they didn't
believe me.
16:31:17 < mmcgrath> For those that are interested - wget -SO/dev/null
http://fedoraproject.org/wiki/
16:31:28 < paulobanon> one thing we need to make sure we do, is standardize the
static content
16:31:31 < jima> lmacken: btw, if you hear something about a shoplifting trial,
it wasn't me.
16:31:34 < mmcgrath> thats a good way to get the headers (and thus information
about the content you're
looking at)
16:32:10 < paulobanon> so if we could take a look into our TG apps, and make
sure that everything is
using /static/ for images, CSS, etc
16:32:36 < mdomsch> paulobanon, mm does
16:32:37 < mmcgrath> <nod>
16:32:41 < lmacken> jima: haha
16:32:46 < paulobanon> right now, smolt/stats and docs.fp.o/ are being cached
16:32:53 < abadger1999> Cool. Will do
16:33:11 < paulobanon> hopefully early next week, bodhi will be the first app
to be cached also
16:33:21 -!- Aaronfc7 [EMAIL PROTECTED] has joined #fedora-meeting
16:33:22 < paulobanon> so testing is appreciated in PT1/updates
16:33:25 * mdomsch needs db2 cached
16:33:26 < lmacken> I will probably be updating bodhi tonight or tomorrow with
TG 1.0.3.2, so we can
utilize the secure cookies, and some other fixes
16:34:03 < paulobanon> if u guys have suggestions, please comment/talk/whatever
:)
16:34:16 < Aaronfc7> b43 module
16:34:19 < mmcgrath> <nod> cool.
16:34:21 * jima maintains no TG apps :)
16:34:30 < lmacken> paulobanon: i'll play around with it tonight, thanks for
setting it up
16:34:33 < paulobanon> if you guys want to test your app with mod_cache let me
know where the testing
app is, and ill setup some rewrites in PT1
16:34:37 < ivazquez> Aaronfc7: Wrong group.
16:34:38 < lmacken> jima: want to help ? :)
16:34:51 < mmcgrath> paulobanon: no doubt, thanks for getting that all setup
and tested in our
environment.
16:34:53 < jima> lmacken: wouldn't that typically require knowing...what,
python?
16:34:54 < Aaronfc7> still learning
16:35:09 < paulobanon> mmcgrath: no prob
16:35:18 < ivazquez> jima: So... in 2 hours then?
16:35:26 < mmcgrath> paulobanon: I'd love to get some of our WikiGraphics cached
16:35:26 < paulobanon> another thing, stickum :)
16:35:30 < mmcgrath> see:
http://fedoraproject.org/wiki/WikiGraphics?action=AttachFile&do=get&target=fedoralogo-224x80.jpg
16:35:33 < mmcgrath> for example
16:35:38 < jima> ivazquez: ...?
16:35:44 < paulobanon> mmcgrath: pt1/wiki ;)
16:35:52 < ivazquez> In about 2 hours you'll be able to help with TG.
16:35:53 < lmacken> jima: TG turns python into a different sort of beast.. it's
usually just best to
dive in head first
16:35:55 < jima> ivazquez: well, for starters, i have to roll out in about 5
minutes, so definitely not.
:P
16:36:25 < paulobanon> mmcgrath: forget the PT1/wiki, its not defined in
modcache.conf
16:36:31 < mmcgrath> paulobanon: I actually added some caching to the
production wiki (they're in puppet)
16:36:46 < paulobanon> mmcgrath: ill take a look tomorrow
16:37:07 < paulobanon> lmacken / ricky: daMaestro was interested in joining
your stickum interest group
16:37:13 < mmcgrath> paulobanon: cool, anything else? If not we'll move on
16:37:14 * jima doesn't know any python, and has things like a job and family
that make free time a bit
erratic. :|
16:37:41 < daMaestro> +1 with helping with stickum devel
16:37:47 < ricky> daMaestro: Ask abadger1999 about getting SVN access when you
see him.
16:37:51 < kyriakos_> what's stickum ?
16:37:52 < daMaestro> sure
16:37:54 < paulobanon> ricky: you wanna try pushing a testing version under
pastebin.fp.o ?
16:37:58 < paulobanon> :P
16:38:00 < ricky> (Google accounts required, of course)
16:38:03 < daMaestro> kyriakos_, pastebin: example: http://f3dora.org./
16:38:10 < daMaestro> damnit, http://f3dora.org/
16:38:26 < daMaestro> there is also a fedora project test one, i don't have the
url handy
16:38:33 < abadger1999> paulobanon, mdomsch:BTW, there's some ExpiresActive
lines in pt1's mirrors.conf
file that don't work.
16:38:36 < ricky> paulobanon: Hm, would we need it to be packaged first? I
think mmcgrath mentioned
that on the ticket.
16:38:55 < paulobanon> ricky: true true
16:38:56 < abadger1999> Not sure who's working on that but I commented them out
for now
16:39:04 < ricky> publictest5.fedora.redhat.com/stickum/, may not be latest
SVN- I will update it when I
have the chance.
16:39:11 < paulobanon> abadger1999: mirrors.conf its not me
16:39:20 < mdomsch> abadger1999, oh?
16:39:31 < mdomsch> probably me, but I don't recall doing it on pt1
16:39:33 < jima> okay, i'm off -- have a nice night everyone.
16:39:39 < paulobanon> abadger1999: im usually under modRewrite.conf and
modcache.conf
16:39:44 < ricky> jima: See you.
16:39:46 < mmcgrath> jima: later
16:39:48 < abadger1999> mdomsch:
/etc/httpd/conf.d/publictest1.fedora.redhat.com/mirrors.conf
16:39:50 < paulobanon> jima: later
16:39:53 * mmcgrath attempts to get the meeting back up
16:40:11 < mmcgrath> do we have anything else we need to discuss in the meeting
or should we head on
over to #fedora-admin and continue discussing some of this
there?
16:40:24 < abadger1999> mdomsch: I thought it was something puppet dragged in
but I didn't see it in the
configs on puppet1
16:40:48 < paulobanon> mmcgrath, ricky: is the pastebin something we still want
for pre f8 ?
16:41:19 < mdomsch> odd
16:41:23 < mmcgrath> paulobanon: It'd be nice but we have some other priorities.
16:41:43 < mdomsch> how are we on donated resources?
16:41:46 < paulobanon> mmcgrath: that was what i was thinking
16:41:48 < mdomsch> sorry if it was covered earlier
16:41:52 < mmcgrath> but if it will just take a couple of hours to get up and
running, I say have at it.
16:42:22 < mmcgrath> mdomsch: ahh, we talked about it a bit.
16:42:31 < mdomsch> ok, I'll read the logs later
16:42:44 < mmcgrath> so the tummy.com stuff is up and ready, we actually ran
fedoraproject.org and wiki
off of it yesterday for a couple of hours without incident.
16:42:49 < mmcgrath> mdomsch: cool
16:42:56 < lmacken> daMaestro: nice! f3dora.org++
16:42:56 < mmcgrath> ok, if no one has anything else we'll close the meeting in
30
16:43:34 < mmcgrath> 10
16:43:40 < paulobanon> 5
16:43:42 < paulobanon> :)
16:43:51 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure
-- Meeting End
16:43:52 < daMaestro> lmacken, yeah.. it's up just so i could learn the stickum
codebase and learn TG
16:43:56 < mmcgrath> Thanks for coming everyone.
16:44:01 < ricky> Thanks a lot.
16:44:04 < paulobanon> daMaestro: cool!!
16:44:09 < paulobanon> mmcgrath: thanks!
16:44:11 < abadger1999> Thanks!
pgp8FfAgx1nnS.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
