Infratructure Meeting Log for 2007/09/13

Ricky Zhou ricky at
Thu Sep 13 21:26:39 UTC 2007

16:00:44 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting - Role Call
16:00:45 < mmcgrath> Who's here?
16:00:46  * ricky waves to warren and jeremy :P
16:00:55  * skvidal is here
16:00:57  * lmacken 
16:00:57 -!- warren [i=warren at redhat/wombat/warren] has quit Remote closed the connection
16:00:57 -!- jeremy [i=katzj at nat/redhat/x-282f78b789f9fc9d] has quit Remote closed the connection
16:00:58 < mmcgrath> heheheh
16:01:00 < mmcgrath> there they go
16:01:00 < skvidal> hahahaha
16:01:00 < ricky> Hehe.
16:01:02 < skvidal> how on earth
16:01:05 < mmcgrath> like clock work
16:01:48 -!- jeremy [i=katzj at nat/redhat/x-0f82d1e06695232a] has joined #fedora-meeting
16:02:09 < mmcgrath> mbonnet_: mdomsch lmacken abadger1999 dgilmore jima ping
16:02:13 < mmcgrath> anyone I forgot ping
16:02:37 < abadger1999> heheh, I wonder what would happen if I started watching for "anyone"
16:02:46  * nirik sits in the spectator seats. 
16:02:47 -!- warren [i=warren at nat/redhat/x-f451cb84616c1460] has joined #fedora-meeting
16:03:07 < warren> connection died
16:03:20 < mmcgrath> Ok, lets get started
16:03:28 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets
16:03:39 < mmcgrath>
16:03:40 -!- giarc [i=hidden-u at] has joined #fedora-meeting
16:03:59 < mmcgrath> So first a new ticket # 152
16:04:06 -!- glezos [n=glezos at fedora/glezos] has joined #fedora-meeting
16:04:07 < mmcgrath> VPN setup.
16:04:18 < mmcgrath> Did everyone get my email to the list earlier this week?
16:04:32  * jima stumbles in
16:04:38  * glezos jumps in too
16:04:48 < mmcgrath> Did anyone get it?
16:04:49 < ricky> mmcgrath: Sorry, what was the subject again?
16:05:06 < jima> oh, about vpn stuff
16:05:07 < skvidal> architecture changes
16:05:23 < ricky> Oops, got it- missed that the first time somehow.
16:05:28 < warren> "external systems" meaning what?
16:05:32 < abadger1999> Yep.
16:05:37 < mmcgrath> I'm still deciding on some of the technical bits on it.  For example do we want 
                     bridged or routed, etc.
16:05:41 < mmcgrath> warren: anything not in PHX.
16:05:54 < mmcgrath> which at this point would include Duke and the servers.
16:06:12 < mmcgrath> s/servers/hosts/
16:06:16  * dgilmore is here
16:06:18 < warren> what is running on
16:06:38 < skvidal> nothing, yet
16:06:46 < mmcgrath> Right now xen9 and proxy3.  Its not official as its blocking on an ok from legal 
                     and the VPN (described in #152)
16:06:49 < ricky> proxy3 in the future?
16:06:52 < mmcgrath> ricky: yep
16:07:17 < mmcgrath> xen9 is actually up and using puppet and everything, proxy3 is up but not 
                     configured yet.
16:07:43 < mmcgrath> Anyone have any comments on the email?  Did it sound sane enough to try?
16:07:50 < ricky> So I assume that the way the Duke servers was setup required going through Redhat IS 
                  to get firewall stuff?
16:07:54 < mmcgrath> paulobanon: ping (forgot to ping you earlier)
16:08:07 < mmcgrath> well, there's a couple of problems we're solving by using vpn.
16:08:31 < mmcgrath> the biggies are access to the internal network, and encrypted communications (for 
                     example with bacula)
16:08:38  * nirik is a big fan of openvpn. Works great and is very flexable. 
16:08:47 < mmcgrath> nirik: I am too, I've had great success with it in the past.
16:08:59  * jima is a big openvpn fan, as well.
16:09:05 < ricky> I've toyed with OpenVPN a bit- I like it a lot.
16:09:18 < mmcgrath> So there's a few questions still floating around in my head.
16:09:36 < mmcgrath> 1) name space
16:09:46 < mmcgrath> 2) ip space (routed vs bridged)
16:09:48 < jima> iow, i think there might be a general consensus that openvpn was the right software to 
                 use ;)
16:09:50 < mmcgrath> 3) bootstrapping
16:10:08  * jima has only done routed
16:10:19 < mmcgrath> With name space as it is we have proxy[1-2] and 
16:10:40 -!- fab__ [n=bellet at] has quit Connection timed out
16:10:48  * jima winces a little
16:11:02 < mmcgrath> We (or I) have to figure out a proper domain for all of our stuff.  I think this 
                     line of thought will ultimately end in us running our own DNS and ridding ourselves 
16:11:13 < mmcgrath> 2) Is still up for debate.
16:11:21 < mmcgrath> and 3) I think will just be a technical implementation.
16:11:39 < mmcgrath> does anyone have any comments/ideas/concerns for what I'm going for here?
16:11:52 -!- fab__ [n=bellet at] has joined #fedora-meeting
16:12:24 < skvidal> any concerns this will play silly buggers with xen or kvm?
16:12:53 < mmcgrath> skvidal: AFAIK its gone fine.
16:12:54 < jima> what will? openvpn?
16:13:06 < mmcgrath> I've actually got proxy3 connected to bastion right now in a test via an SSH tunnel 
                     + openvpn.
16:13:10 < mmcgrath> seemed to play just fine.
16:13:16 < skvidal> mmcgrath: cool. thanks
16:13:31  * jima could spin up an openvpn link involving xen, if mmcgrath hadn't
16:13:40 < mmcgrath> :)
16:13:54 < mmcgrath> ok, so I'll keep everyone informed on that more when the blocks (RHIS mostly right 
                     now) are all figured out.
16:14:06 < mmcgrath> Next ticket is....
16:14:13 < mmcgrath> #14 which I'd imagine is still on hold
16:14:22 < mmcgrath> no jcollie, we'll skip.
16:14:33 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Schedule
16:14:35 < mmcgrath>
16:14:37 -!- frankc [i=824c6013 at gateway/web/cgi-irc/] has joined 
16:14:51 < mmcgrath> First item is Corporate sponsorship.
16:15:06 < ricky> :( at the websites team response.
16:15:14 < skvidal> mmcgrath: you agreed to have the starbucks logo tatoo'd on your forehead?
16:15:20 < ricky> Hehe.
16:15:25 < mmcgrath> I've been in a couple of meetings this week.  Some stuff looking good but nothing 
                     in stone yet.
16:15:30 < mmcgrath> skvidal: inner thy.
16:15:31 < glezos> ricky: sorry, I've been really busy lately :(
16:15:37 < mmcgrath> glezos: not your or ricky's fault.
16:15:40 < skvidal> mmcgrath: more people would see that, yah
16:15:41 < ricky> glezos: No problem.
16:15:46 < jima> mmcgrath: that sees much traffic, then?
16:15:47  * f13 peeks in.
16:15:48 < dgilmore> skvidal: we need to leave space there for a second logo also
16:15:50 < mmcgrath> I was actually thinking about sending a cattle call out for more 'web masters'
16:16:00 < mmcgrath> since it turns out both ricky and glezos actually know how to code :)
16:16:06 < skvidal> dgilmore: :)
16:16:18 < mmcgrath> It'd be nice to have one or two people who can focus ENTIRELY on the view and look 
                     of our pages.
16:16:26 < ricky> For the "record," I don't have anything started with the sponsorship page, as some 
                  people on the list thought.
16:16:27 -!- jwb is now known as jwb_gone
16:16:36 < jima> and who can do design worth >crap? wow!
16:16:40 < mmcgrath> ricky: thats my thought :)
16:16:43 < mmcgrath> err fault.
16:16:56 < ricky> Ah, no problem.
16:17:27  * mmcgrath sees if he can get mizmo's attention real quick for some consultation.
16:17:37 < ricky> I was expecting a slightly more excited response, though.  It's basically just a 
                  "design and plug into template" type of thing.
16:17:51 -!- mizmo [i=duffy at nat/redhat/x-686300b264b66012] has joined #fedora-meeting
16:17:52 < mizmo> yo
16:17:55 < mmcgrath> ricky: me too, I think we have a shy bunch there.
16:18:19 < mmcgrath> mizmo: Who do you think would be more interested in the design / presentation 
                     aspect of our websites.  The art-list or the marketing-list?
16:18:29 < glezos> mmcgrath: or puzzled on how to start/publish somthing..
16:18:32 < mmcgrath> I'm thinking about sending a notification that we're looking for some more people 
                     in the websites list.
16:18:36 < mmcgrath> glezos: yeah.
16:18:51 < mizmo> mmcgrath: i think art list
16:19:04 < ricky> I'm really hoping that website buildsystem thingy that I'm playing with will stir up 
                  some life on the list.
16:19:06 < mmcgrath> k, thanks.
16:19:15 < mmcgrath> ricky: <nod>
16:19:30 < glezos> ricky: cool
16:19:39 < mmcgrath> so How about this, I'll send an email to the art list to see if we can get a few 
                     people (3 or 4) to join the websites team to help work on just those aspects of the 
16:19:48 < mizmo> sounds good
16:19:52 < mmcgrath> that should help take the load off of ricky and glezos since they're actually 
                     working on some apps right now.
16:20:18 < mmcgrath> The thing thats tricky here is that I'd really like the websites team to be able to 
                     take and do requests similar to how the art team has their page now.
16:20:40 < mmcgrath> Anyone have any comments on that?  If not we'll move on to the next topic.
16:20:54 < dgilmore> mmcgrath: sounds good to me
16:20:58  * jima avoids design like it might be contagous
16:21:20 < glezos> mmcgrath: +1. Some more documentation on how to checkout code and build a local fpo 
                   website could help newcomers.
16:21:21 < jima> contagious, even
16:21:23 < mmcgrath> jima: I do too, I'm just terrible at it.
16:21:27 < jima> mmcgrath: ditto
16:21:36 < mmcgrath> glezos: indeed, is there even a site on the wiki for the websites team?
16:21:38 < ricky> +1 for the websites team taking requests, etc. like the art team.
16:21:44 < mmcgrath> I guess now's a good time to bring up governance a bit.
16:21:44 < ricky> mmcgrath: fp.o/wiki/Websites
16:21:47 < dgilmore> thast why we have people like mizmo to make things look pretty
16:21:53 < glezos> mmcgrath: there is, but it seems dead :/
16:21:57 < ricky> May be slightly outdated :(
16:22:03 < jima> more power to those who can do design :|
16:22:10 < mmcgrath> dgilmore: more than just that, people like mizmo makes them usable in many cases.
16:22:24 < glezos> I think the overlapping between art, infra, docs and websites has caused the latter 
                   to become a bit stalled
16:22:44 < mmcgrath> So here's a general question, should the websites team remain a separate entity or 
                     should it be considered a subset of the infrastructure group?
16:23:06 < ricky> glezos: Once we expand the static pages a bit, the websites team will have a much more 
                  defined/specific goal.
16:23:07 < mmcgrath> On the one hand I'd like it to be different, but it feels like the infrastructure 
                     team has a total overlap with it and that we keep 'kick starting' it over the last 
                     couple of  years.
16:23:08 < skvidal> does it matter?
16:23:14 < mmcgrath> skvidal: you've been aroudn longest, what do you think?
16:23:18 < ricky> (Which is my larger goal with what I'm doing now).
16:23:20 < mmcgrath> skvidal: I have no idea, just thinking out loud.
16:23:27 < skvidal> well, I mean - from a hierarchy standpoint what does it get us?
16:23:42 < skvidal> if the websites team stops doing things we kick start it and maybe it does something
16:23:43 < f13> that's a question of content vs service
16:23:44 < mmcgrath> I have no idea.
16:24:00 < skvidal> if the websites team is a subset and it stops doing things, we kick start it and 
                    maybe it does something
16:24:04 < skvidal> sounds like a toss up either way
16:24:05 < f13> infrastructure team owns the services, httpd, daemons whatever.  content folks own teh 
                content served by those services.
16:24:23 < skvidal> f13: that's a fair distinction and it speaks to maintaining the status quo
16:24:29 < mmcgrath> f13: I don't want that to change, Infrastructure + content scares the crap out of 
                     me :)
16:24:34  * ricky adds the l10n team into the websites-related teams medley.
16:25:09 < f13> mmcgrath: right, keep the content out of infrastructure.
16:25:28 < mmcgrath> So lets leave it as it is, even if it is an artificial separation right now.  That 
                     may not be the case in the future.
16:25:47 < mmcgrath> One of the problems is that the websites team has only just started seeing work to 
                     do over the last couple of months for the most part so its hard to gauge it.
16:25:51  * mmcgrath will contact the arts list.
16:25:56 < glezos> FWIW, we use templating a lot, so it shouldn't be hard for the designers to 
                   contribute *only* on design.
16:26:05 < mmcgrath> <nod>
16:26:14 < mmcgrath> anything else on this topic?  If not we'll move on.
16:26:35 < mmcgrath> k, next topic
16:26:48 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Architectural 
16:27:00 < mmcgrath> When the VPN roles out we'll actually be in an environment that is reasonably 
16:27:20 < mmcgrath> In theory we could have 4 or 5 external proxy/cache servers at the end of the year. 
                     Hopefully in different countries.
16:27:43 < mmcgrath> how they all communicate and what they all do will be, by far, the most complex 
                     environment this team has seen so we'll have to do a better job of documentation.
16:28:03 < mmcgrath> This has typically fallen on me for most stuff (I was very happy to see glezos add 
                     an SOP this week)
16:28:10 -!- rdieter_away is now known as rdieter
16:28:24 < mmcgrath> but we may have to spend a week or two, as a team, getting 
            setup better.
16:28:36 < mmcgrath> anyone have any ideas on how best to allow others in the team to do this?
16:29:23 < mmcgrath> jima: this would be a good thing from the noc point of view btw.
16:29:38 < mmcgrath> We'll talk about that as we start to implement it more.
16:29:39 < ricky> Split it up into categories/pieces that need documentation? 
16:29:42  * jima nods
16:29:52  * jima looks at that wiki page
16:30:04 < mmcgrath> ricky: yeah, I could put a section under there that has everything listed including 
                     what has not yet been documented.
16:30:24 < mmcgrath> I'll move on for now though
16:30:30 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- SOP
16:30:36 -!- clarkbw [n=clarkbw at] has quit Read error: 110 
          (Connection timed out)
16:30:39 < jima> AIEE! drawings!
16:31:16  * jima flees
16:31:16 < mmcgrath> New SOP from this week was provided by glezos, everyone take a look - 
16:31:23 < mmcgrath> glezos: good job with that.
16:31:38 < mmcgrath> Next topic
16:31:47 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- User Sponsorship
16:31:59 < mmcgrath> No new infrastructure users
16:32:06 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor
16:32:16 < mmcgrath> Ok, so we're at the half hour mark or so, anyone have anything they'd like to 
16:32:48 < skvidal> facter
16:32:48 < nirik> anyone have ideas on how to fix 
         it's been 
                  busted for a while. ;(
16:32:51 -!- tibbs [i=tibbs at fedora/tibbs] has quit "Konversation terminated!"
16:33:17 < mmcgrath> nirik: we can disable the plugin I suppose.  Thats an upstream thing though so I 
                     think many have been timid to take it on.
16:33:20 < mdomsch> nirik, it tracebacks...
16:33:20 < mmcgrath> <nod>
16:33:33 < mmcgrath> skvidal: talk about what you've done with facter
16:33:55 < f13> yeah, drop the plugin.
16:33:56 < skvidal> after a great deal of hating myself I've added a couple of facts to facter for puppet
16:33:57 < nirik> yeah, the ticket iself, not the problem it describes. ;) I mailed the submitter direct 
                  and I think it's complete. Perhaps there is some way for someone to mark it done in 
                  the db?
16:33:59 < ricky> mdomsch: It seems to be a bug with the git plugin.
16:34:08 < ricky> mdomsch: And when the git plugin is disabled, it complains about the SVN plugin- grrr.
16:34:13 < mdomsch> doh
16:34:20 < mdomsch> redirect git URLs -> gitweb
16:34:21 -!- couf [n=couf at fedora/couf] has quit "leaving"
16:34:31 < f13> ricky: huh?
16:34:44 < f13> ricky: perhaps the disabling was done wrong.
16:34:47 < skvidal> puppet uses the program facter to determine all sorts of things about the box - 
                    login to any infrastructure box and type 'facter' to see the results - I've added a 
                    file in cvs called fedora-local.rb
16:34:58 < f13> I've successfully disabled thigns in teh revisor trac so that they can deal with a 
                ticket, then re-enable it.
16:34:59 < mmcgrath> f13: one sec, we'll talk about that in a bit.
16:35:01 < skvidal> we can edit that file to update the facts puppet can use as $variables
16:35:35 < skvidal> so right now I added: $distrorelease which is the result of rpm -q --qf 
                    "%{version}\n" --what-provides redhat-release
16:35:45 < skvidal> and I've added mmcgrathisawanker
16:35:48 < skvidal> which is always true
16:35:50 < skvidal> :)
16:35:50 < mmcgrath> facter | grep mcgrath
16:35:53 < mmcgrath> is amusing.
16:36:02 < mmcgrath> heh
16:36:03  * dgilmore is scared
16:36:05 < skvidal> I did that to show how to set facts as simple strings
16:36:18 < mmcgrath> And it is pretty simple.  It will be nice to be able to use this.
16:36:30 < f13> skvidal: hrm, eventually that should probably change to "system-release" but not for a 
16:36:33 < mmcgrath> skvidal: thank's for doing the research and getting that working and for the whole 
                     rhel5.repo file thing :)
16:36:34 < skvidal> the point is if we need to make a decision about something based on some value on 
                    the system we can add facts, push the file then use those facts in the next run of 
16:36:49 < skvidal> f13: not any time soon for rhel and centos :)
16:36:58 < f13> yeah, RHEL6 timeframe.
16:37:00 < skvidal> oh yah and I closed the reposync ticket
16:37:13 < skvidal> which just means we're using an 'ahem' local cache
16:37:14 -!- walters [n=walters at] has quit Read error: 110 
          (Connection timed out)
16:37:21 < skvidal> of things for updating our rhel5 boxes
16:37:23 < mmcgrath> hurray for a local cache.
16:37:28  * jima doesn't even know if he has shells on any infrastructure servers
16:37:31 < mmcgrath> skvidal: thanks again.
16:37:40 < skvidal> so the annoying rhn errors will be gone
16:37:48 < skvidal> mmcgrath: sorry it took so long
16:37:51 < mmcgrath> jima: you do, I thought I even asked you to look into somethign once.  I just 
                     thought you were too busy / not interested.
16:37:57 < mmcgrath> skvidal: mostly my fault for not giving you a place to store it.
16:38:04 < mmcgrath> ok, we'll move on to the plugin error.
16:38:13 < mmcgrath> f13: actually I ran into that problem too, whats the right way to disable all 
16:38:17 < jima> mmcgrath: mostly i was like "...huh?"
16:38:54 < f13> just a tic
16:39:14  * jima logs into bastion. wow!
16:39:17 < mmcgrath> err all plugins for a specific repo
16:40:04 < f13> oh haha.
16:40:10 < skvidal> f13: ?
16:40:13 < f13> looks like you tried commenting with #, I think the config file comment is ;
16:40:24 < mmcgrath> yeah that sounds like me :)
16:40:37 < ricky> f13: I'm pretty sure that both are valid.
16:40:43 < mmcgrath> though I thought it just made it use the svn plugin instead.
16:40:48 < f13> is somebody editing it right now?
16:40:55 < mmcgrath> <nod> see - 
16:40:58  * mmcgrath is not.
16:41:01  * dgilmore goes to kick jima :)
16:41:03 < f13> there is a .swp file there.
16:41:19 < jima> dgilmore: ?
16:41:27  * f13 writes anyway
16:41:31 < dgilmore> jima: * jima logs into bastion. wow!
16:41:54 < ricky> f13: Oops, sorry- that's me.
16:42:06 < f13> Found a swap file by the name 
                "/srv/web/trac/projects/fedora-infrastructure/conf/.trac.ini.swp" owned by: apache   
                dated: Thu Sep 13 13:42:36 2007
16:42:15 < ricky> f13: I closed it- write away.
16:42:16 < f13> ricky: can you quit so I can write?
16:42:40 -!- rdieter [n=rdieter at] has quit Remote closed the connection
16:43:36 < f13> interesting.
16:43:41 < mdomsch> mmcgrath, reason for httpd being stopped on app4?
16:43:55 < f13> it didn't used to do this.  Wonder how 'svn' is not supported anymore.
16:44:20 < mmcgrath> mdomsch: nope, and actually puppet should be enabling it if its off, let me look at 
                     it real quick.
16:44:36 < ricky> trac.versioncontrol.* = disabled in [components] didn't even do it.  Grrr.
16:44:43 < mdomsch> tuesday 11:39am it stopped with a SIGTERM
16:45:11 < mmcgrath> I seem to remember shutting it down for a test but I'm wondering why puppet didn't 
                     turn it back on.
16:45:26 < mdomsch> puppet will, or supervisor (which doesn't)
16:45:48 < f13> ricky: yeah, this is bothersom.  svn should be a valid scm
16:45:51 < mmcgrath> puppet should turn on httpd.
16:46:04 < mmcgrath> f13: so you're seeing the same thing we are with that?  Something strange is going 
16:46:23 < ricky> My other question is..  why does the tickets component *care* about SCM?
16:46:50 < f13> ricky: some twisted path of Trac.  You can have wiki entries that are SCM checkin IDs 
                and it will tooltip the checkin comment
16:47:08 < f13> kind of neat, but means that anything wiki based (which tickets are) go through the scm 
                plugin code path.
16:47:14 < f13> but svn /should/ be there, it's stock in trac.
16:47:18 < ricky> Sounds cool, but adds more points of failure.
16:47:31 < abadger1999> ricky: IIRC, someone added a link into the repository in that ticket 
                        (changeset:1111 type thing)
16:47:40 < ricky> Ahh.
16:47:57 < ricky> We could remove it manually, but it'd be nice if this kind of thing worked too :)
16:48:03 < mmcgrath> lets discuss this in #fedora-admin after the meeting (Since the meeting is almost 
16:48:13 < ricky> Sure thing.
16:48:28 < mmcgrath> does anyone have anything else to discuss?  If not we'll close the meeting in 30
16:48:38  * lmacken is upgrading bodhi as we speak :)
16:48:45 < mmcgrath> 15
16:48:58 < mmcgrath> 5
16:49:03 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End
16:49:05 < jima> lmacken: yay!
16:49:06 < mmcgrath> thanks for coming everyone
16:49:08 < ricky> Thanks.
16:49:12 < mmcgrath> mizmo: thanks for stopping by.
16:49:22 < mizmo> yep :)
16:49:27 -!- mizmo [i=duffy at nat/redhat/x-686300b264b66012] has left #fedora-meeting ["w00tw00t"]
16:49:33 < glezos> mmcgrath: thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Fedora-infrastructure-list mailing list