Infratructure Meeting Log for 2007/09/20
ricky at fedoraproject.org
Thu Sep 20 20:47:39 UTC 2007
16:00:33 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Role Call
16:00:35 < mmcgrath> Who's here?
16:00:36 * ricky
16:00:36 -!- warren [i=warren at redhat/wombat/warren] has quit Remote closed the connection
16:00:37 -!- jeremy [i=katzj at nat/redhat/x-0f82d1e06695232a] has quit Remote closed the connection
16:00:39 < mmcgrath> quick before they drop
16:00:40 < ricky> Haha.
16:00:41 < mmcgrath> doah, too late.
16:00:48 < jima> oops
16:01:01 * jima here
16:01:18 * kyriakos_ (not that it really makes any difference :P)
16:01:23 < mmcgrath> skvidal: abadger1999 paulobanon f13 ivazquez ricky jima lmacken dgilmore kyriakos_
16:01:24 < londo> heh
16:01:28 < mmcgrath> londo: ping :)
16:01:30 < paulobanon> here
16:01:35 < abadger1999> pong
16:01:38 < londo> here
16:01:40 < jima> pong
16:01:40 < ivazquez> Pong.
16:02:01 < jima> (not that sets off my nick detection...maybe i should work on that)
16:02:17 < paulobanon> can we change the meeding for friday, to see if they still disconnect :D
16:02:29 < mmcgrath> paulobanon: we could :)
16:02:39 < mmcgrath> Ok, I think we have enough to get started.
16:02:46 < ricky> Or move the time :)
16:02:57 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- First tickets
16:02:59 < mmcgrath> https://hosted.fedoraproject.org/projects/fedora-infrastructure/query?status=new&sta
16:03:49 < mmcgrath> Ok, one thing I wanted to talk to everyone about is some of the architectural
changes I've been planning / making.
16:04:00 < mmcgrath> Long story short we're slowly decentralizaing our infrastructure.
16:04:10 < mmcgrath> this is A) cool and B) not simple.
16:04:15 < mmcgrath> B's the part I'm worried about.
16:04:29 < mmcgrath> Basically we're adding a bunch of redundancy to our environment but also adding
complexity and points of failure.
16:04:38 < jima> mmhmm
16:04:42 * daMaestro is here
16:04:45 < mmcgrath> I recently created another domain to help ease this transition, right now its
public but in the future it probably won't be.
16:04:48 < mmcgrath> daMaestro: yo
16:05:15 < mmcgrath> Once complete, every machine will be able to get to every other machine via
"hostname.vpn.fedoraproejct.org" once you're connected to a machine. (firewall
16:05:34 < jima> oh, neat.
16:05:42 < mmcgrath> Part of this is the vpn configuration and part of this is naming our machines.
16:05:51 -!- rdieter_away is now known as rdieter
16:06:00 -!- jeremy [i=katzj at nat/redhat/x-824cfb21e0d420e3] has joined #fedora-meeting
16:06:00 < mmcgrath> Long story short, once you're on the network, use hostname.v.fp.o
16:06:16 < mmcgrath> whereas all other external requests will come through just fedoraproject.org
16:06:31 < mmcgrath> we'll no longer have the fedora.redhat.com domain (including the test boxes) and
we'll be done with fedora.phx.redhat.com.
16:06:32 < paulobanon> when will this be fully functional ?
16:06:37 < jima> mmcgrath: GOOD!
16:06:47 < mmcgrath> paulobanon: *fully* functional, probably after F8 but long long before F9
16:06:51 < ricky> Nice.
16:06:57 * jima is a little tired of guessing "fedoraproject.org? or fedora.redhat.com?"
16:07:00 < mmcgrath> but we will have at least one remote proxy.
16:07:06 < mmcgrath> jima: I think others are as well.
16:07:22 * mmcgrath realizes its not second nature for most people.
16:07:29 * jima nods
16:07:46 < mmcgrath> I did test the proxy2 box, it was handling all of the fp.o traffic yesterday on a
xen guest, with one processor and 1G ram.
16:07:48 < ricky> But does this mean that simply ssh puppet1, for example will need to be ssh
16:07:53 < mmcgrath> the physical box itself will allow for MUCh more than that.
16:08:03 < mmcgrath> ricky: its all in how we decide to search domains.
16:08:09 < ricky> Aha, OK.
16:08:16 < ivazquez> And configure ssh.
16:08:29 < ricky> Good point :)
16:09:00 < mmcgrath> I'm also slowly getting together a network map, this will greatly complicate our
current network setup which is currently "Its in PHX or a one off in duke"
16:09:05 < paulobanon> ~when do we need to start renaming everything _
16:09:06 < paulobanon> ?
16:09:12 < mmcgrath> hopefully the day to day functionality will be different.
16:09:22 < mmcgrath> paulobanon: not sure yet, we may not need to rename anything.
16:09:32 < mmcgrath> just change to the new scheme when we rebuild.
16:09:54 < paulobanon> k k
16:09:59 < mmcgrath> The biggest hangup I have right now is bootstrapping a build on a box that is off
of the network.
16:10:21 < mmcgrath> I'd like to build over vpn so that the ks isn't sent in clear text and anaconda
doesn't seem to support https (I could be wrong on that)
16:10:24 < mmcgrath> jeremy: ping?
16:11:13 < mmcgrath> I've given some thought to having xen do a bridge on the tap device, that way the
xen guests wouldn't need VPN at all, they'd use the xen bridge and it'd go over the
vpn from there but there are some security worries I have with that, as well as
16:11:13 < jeremy> mmcgrath: what's up?
16:11:20 < londo> mmcgrath: you can do a wget, %include from kickstart would that be enough?
16:11:28 < mmcgrath> jeremy: does anaconda support https to get a ks?
16:11:34 < notting> no
16:11:39 < mmcgrath> notting: thanks
16:11:54 < jeremy> mmcgrath: well, it's more complicated than that
16:12:00 < mmcgrath> londo: the problem is getting the ks file in the first place, we'll just have to
figure something else out.
16:12:05 < jima> mmcgrath: bridge + ebtables to redirect the traffic to the vpn?
16:12:10 < jima> (or such)
16:12:12 < jeremy> mmcgrath: you can have a minimal kickstart config that is just enough to get to the
second stage. then you can have it include %ksappend https://...
16:12:24 < mmcgrath> jima: yeah.
16:12:39 < mmcgrath> jeremy: I'm mostly worried about sending even a fake, encrypted root password over
16:13:09 < mmcgrath> no worries, we'll figure something out.
16:13:13 < jeremy> mmcgrath: you don't include the root pass in the first snippet
16:13:30 < jeremy> mmcgrath: you have lang, keymap, network, and url (or nfs or whatever) + the
16:13:31 < kyriakos_> mmcgrath: how feasible would it be to have local buildboxes with http proxies for
16:13:40 < mmcgrath> <nod> we could do that.
16:13:52 < mmcgrath> kyriakos_: for personal or global use?
16:13:56 < mmcgrath> s/global/public/
16:14:07 < kyriakos_> mmcgrath: global
16:14:30 < mmcgrath> kyriakos_: people actually do all the time for local builds + squid and such
16:14:44 < mmcgrath> jeremy: ahh, I can give that a go.
16:15:05 < mmcgrath> Ok, anyone have any other questions on the vpn + new domain topic?
16:15:06 -!- GeroldKa [n=GeroldKa at fedora/geroldka] has joined #fedora-meeting
16:15:09 < mmcgrath> if not we'll move on.
16:15:10 < nirik> just FYI, we have a pretty complete mirror at our site local to proxy3, so if it pulls
packages from there it should be quite zippy.
16:15:22 < mmcgrath> nirik: actually thats good to know, thanks.
16:16:05 < mmcgrath> That was ticket
16:16:06 < nirik> (mirrormanager should already point fedora stuff using mirrorlists to the right place,
but you would need IP for centos/debian/ubuntu/whatever other things)
16:16:25 < mmcgrath> its still in the very early stages so I hope to keep communcations open on ideas
and such when we get to actual implementation.
16:16:35 < mmcgrath> nirik: <nod>
16:16:48 < kyriakos_> is there a standard vpn package that you use?
16:16:53 < mmcgrath> Ok, next ticket is the VCS choice.
16:16:57 < mmcgrath> kyriakos_: we're using openvpn.
16:17:14 < mmcgrath> jcollie is absent again so we'll skip that. /me wonders how he's doing its been a
16:17:36 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Schedule
16:17:38 < mmcgrath> http://fedoraproject.org/wiki/Infrastructure/Schedule
16:17:54 < mmcgrath> Ok, Corporate Sponsorship has gone ok.
16:18:06 -!- warren [i=warren at nat/redhat/x-8a9f6cb294f7e3f1] has joined #fedora-meeting
16:18:14 < mmcgrath> right now we're still waiting for legal to get back to us with the official ok for
tummy.com but its all setup and ready for the go ahead
16:18:19 * mmcgrath makes note to follow up about that.
16:18:46 < mmcgrath> Nothing terribly new this week, we have funding to purchase a server for the colo
16:18:54 < jima> oh, cool.
16:18:56 < paulobanon> mmcgrath: nice!
16:18:56 < mmcgrath> Just waiting on the quote to come back and that should be a pretty new/good thing.
16:19:08 * mmcgrath thanks paulobanon, it could be EXTREMELY useful in the coming months.
16:19:22 < mmcgrath> I mean, a half rack in Europe is nothing to shake a stick at.
16:19:30 < paulobanon> nothing to thank for :P
16:19:47 < paulobanon> i had the contacts, so i provided them thats it :)
16:20:05 < mmcgrath> I've sent a couple of more emails out but had nothing concrete come back with a yes
16:20:13 < mmcgrath> ricky: ping
16:20:18 < ricky> mmcgrath: pong
16:20:20 -!- giarc [i=hidden-u at gnat.asiscan.com] has joined #fedora-meeting
16:20:32 < mmcgrath> ricky: I've kind of ignored the status of that sponsorship page, are we just
waiting on the new templating system?
16:20:35 < mmcgrath> how close is it?
16:20:39 < jima> a half rack? wow.
16:20:53 < mmcgrath> jima: no kidding.
16:21:13 < ricky> mmcgrath: Well, I'd say that it works now (as in can generate the static pages that we
16:21:21 < mmcgrath> ..but ?
16:22:00 < ricky> It could possibly use some cleanup, though- I might not have done things in the
16:22:08 < mmcgrath> k
16:22:14 < ivazquez> I can take a look after if you like.
16:22:44 < mmcgrath> ricky: is your stuff in the fedora CVS already?
16:22:46 < ricky> I'd like to possibly try to setup a generated site at /_/ or something and hope that
we can use templates for F8.
16:22:47 < paulobanon> ricky/mmcgrath: is this something for pre-F8 or after ?
16:22:49 < mmcgrath> you're using genshi or kid or something else?
16:22:57 < paulobanon> ricky: already replied :)
16:23:07 < mmcgrath> paulobanon: pre-F8, I'm actually hoping for it in the next week or so (the
sponsorship page that is)
16:23:15 < mmcgrath> and if its blocking on the templating system thats ok.
16:23:22 < ricky> mmcgrath: Genshi, and it's currently in http://ricky.fedorapeople.org/fedora-web/.git/.
16:23:42 * mmcgrath forgot about that.
16:23:54 < mmcgrath> ricky: remind me after the meeting, I'll get the websites team setup with control
16:24:00 < ricky> Sure thing.
16:24:48 < ivazquez> Hrm. I can't seem to clone it.
16:25:02 -!- notting [i=notting at redhat/notting] has quit "Ex-Chat"
16:25:18 < ricky> ivazquez: Oops, running that now.
16:25:31 < paulobanon> ricky: if this is something that will go forward, why not get it into hosted ?
16:25:36 < ricky> ivazquez: Try now.
16:25:48 < paulobanon> as an actual project :)
16:25:52 < ivazquez> Much better.
16:25:59 < mmcgrath> paulobanon: welll, this one's actually going to be a place just for the websites
16:26:11 < mmcgrath> so it'll be going on git.fedoraproject.org, I've just been bad about getting it on
16:26:21 < paulobanon> ahh ok ok
16:26:39 < mmcgrath> ricky: ivazquez: can you two give that a look over and get it up early next week?
We can test in /_/
16:27:03 < ivazquez> I'm a bit busy here, but I'll do what I can.
16:27:11 < ricky> Thanks.
16:27:18 < mmcgrath> ivazquez: thanks, I'd greatly appreciate it.
16:27:22 * jima has to roll out before the meeting endtime
16:27:26 < mmcgrath> Ok we'll move on to architecture.
16:27:48 < mmcgrath> Is there anyone here that'd be willing to document some stuff for me on SOP's or in
16:28:03 < mmcgrath> I'm working on some of this as well but we can always use help :)
16:28:23 < paulobanon> mmcgrath: if u drop me what u want, i can give u a hand
16:28:37 < mmcgrath> paulobanon: excellent, I'll take you up on that.
16:28:40 -!- clarkbw [i=clarkbw at nat/redhat/x-a033520974148b46] has quit "Ex-Chat"
16:28:54 < mmcgrath> not much has happened during this week on that but more is on the way.
16:29:04 < mmcgrath> Next thing on the Schedule is SOP's, nothing new there.
16:29:08 < mmcgrath> So I'll open the floor
16:29:16 < paulobanon> proxies
16:29:17 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor
16:29:21 < paulobanon> caching that is
16:29:27 < mmcgrath> paulobanon: yes, discuss the caching on the proxies.
16:29:56 < paulobanon> so we had a nice "impersonating experience" of lmacken in bodhi this week
16:30:00 -!- mdomsch [n=mdomsch at cpe-70-124-62-55.austin.res.rr.com] has joined #fedora-meeting
16:30:13 < paulobanon> mod_cache was playing some tricks on us
16:30:21 < jima> heh
16:30:25 < lmacken> :)
16:30:31 -!- stahnma [n=stahnma at c-76-18-178-254.hsd1.tn.comcast.net] has joined #fedora-meeting
16:30:38 < mmcgrath> that was fun.
16:30:47 < paulobanon> a fully functional caching bodhi is setup in pt1.f.rh.c/updates
16:31:07 < jima> i tried impersonating lmacken at a store, but they didn't believe me.
16:31:17 < mmcgrath> For those that are interested - wget -SO/dev/null http://fedoraproject.org/wiki/
16:31:28 < paulobanon> one thing we need to make sure we do, is standardize the static content
16:31:31 < jima> lmacken: btw, if you hear something about a shoplifting trial, it wasn't me.
16:31:34 < mmcgrath> thats a good way to get the headers (and thus information about the content you're
16:32:10 < paulobanon> so if we could take a look into our TG apps, and make sure that everything is
using /static/ for images, CSS, etc
16:32:36 < mdomsch> paulobanon, mm does
16:32:37 < mmcgrath> <nod>
16:32:41 < lmacken> jima: haha
16:32:46 < paulobanon> right now, smolt/stats and docs.fp.o/ are being cached
16:32:53 < abadger1999> Cool. Will do
16:33:11 < paulobanon> hopefully early next week, bodhi will be the first app to be cached also
16:33:21 -!- Aaronfc7 [n=Aaron at 220.127.116.11] has joined #fedora-meeting
16:33:22 < paulobanon> so testing is appreciated in PT1/updates
16:33:25 * mdomsch needs db2 cached
16:33:26 < lmacken> I will probably be updating bodhi tonight or tomorrow with TG 18.104.22.168, so we can
utilize the secure cookies, and some other fixes
16:34:03 < paulobanon> if u guys have suggestions, please comment/talk/whatever :)
16:34:16 < Aaronfc7> b43 module
16:34:19 < mmcgrath> <nod> cool.
16:34:21 * jima maintains no TG apps :)
16:34:30 < lmacken> paulobanon: i'll play around with it tonight, thanks for setting it up
16:34:33 < paulobanon> if you guys want to test your app with mod_cache let me know where the testing
app is, and ill setup some rewrites in PT1
16:34:37 < ivazquez> Aaronfc7: Wrong group.
16:34:38 < lmacken> jima: want to help ? :)
16:34:51 < mmcgrath> paulobanon: no doubt, thanks for getting that all setup and tested in our
16:34:53 < jima> lmacken: wouldn't that typically require knowing...what, python?
16:34:54 < Aaronfc7> still learning
16:35:09 < paulobanon> mmcgrath: no prob
16:35:18 < ivazquez> jima: So... in 2 hours then?
16:35:26 < mmcgrath> paulobanon: I'd love to get some of our WikiGraphics cached
16:35:26 < paulobanon> another thing, stickum :)
16:35:30 < mmcgrath> see:
16:35:33 < mmcgrath> for example
16:35:38 < jima> ivazquez: ...?
16:35:44 < paulobanon> mmcgrath: pt1/wiki ;)
16:35:52 < ivazquez> In about 2 hours you'll be able to help with TG.
16:35:53 < lmacken> jima: TG turns python into a different sort of beast.. it's usually just best to
dive in head first
16:35:55 < jima> ivazquez: well, for starters, i have to roll out in about 5 minutes, so definitely not.
16:36:25 < paulobanon> mmcgrath: forget the PT1/wiki, its not defined in modcache.conf
16:36:31 < mmcgrath> paulobanon: I actually added some caching to the production wiki (they're in puppet)
16:36:46 < paulobanon> mmcgrath: ill take a look tomorrow
16:37:07 < paulobanon> lmacken / ricky: daMaestro was interested in joining your stickum interest group
16:37:13 < mmcgrath> paulobanon: cool, anything else? If not we'll move on
16:37:14 * jima doesn't know any python, and has things like a job and family that make free time a bit
16:37:41 < daMaestro> +1 with helping with stickum devel
16:37:47 < ricky> daMaestro: Ask abadger1999 about getting SVN access when you see him.
16:37:51 < kyriakos_> what's stickum ?
16:37:52 < daMaestro> sure
16:37:54 < paulobanon> ricky: you wanna try pushing a testing version under pastebin.fp.o ?
16:37:58 < paulobanon> :P
16:38:00 < ricky> (Google accounts required, of course)
16:38:03 < daMaestro> kyriakos_, pastebin: example: http://f3dora.org./
16:38:10 < daMaestro> damnit, http://f3dora.org/
16:38:26 < daMaestro> there is also a fedora project test one, i don't have the url handy
16:38:33 < abadger1999> paulobanon, mdomsch:BTW, there's some ExpiresActive lines in pt1's mirrors.conf
file that don't work.
16:38:36 < ricky> paulobanon: Hm, would we need it to be packaged first? I think mmcgrath mentioned
that on the ticket.
16:38:55 < paulobanon> ricky: true true
16:38:56 < abadger1999> Not sure who's working on that but I commented them out for now
16:39:04 < ricky> publictest5.fedora.redhat.com/stickum/, may not be latest SVN- I will update it when I
have the chance.
16:39:11 < paulobanon> abadger1999: mirrors.conf its not me
16:39:20 < mdomsch> abadger1999, oh?
16:39:31 < mdomsch> probably me, but I don't recall doing it on pt1
16:39:33 < jima> okay, i'm off -- have a nice night everyone.
16:39:39 < paulobanon> abadger1999: im usually under modRewrite.conf and modcache.conf
16:39:44 < ricky> jima: See you.
16:39:46 < mmcgrath> jima: later
16:39:48 < abadger1999> mdomsch: /etc/httpd/conf.d/publictest1.fedora.redhat.com/mirrors.conf
16:39:50 < paulobanon> jima: later
16:39:53 * mmcgrath attempts to get the meeting back up
16:40:11 < mmcgrath> do we have anything else we need to discuss in the meeting or should we head on
over to #fedora-admin and continue discussing some of this there?
16:40:24 < abadger1999> mdomsch: I thought it was something puppet dragged in but I didn't see it in the
configs on puppet1
16:40:48 < paulobanon> mmcgrath, ricky: is the pastebin something we still want for pre f8 ?
16:41:19 < mdomsch> odd
16:41:23 < mmcgrath> paulobanon: It'd be nice but we have some other priorities.
16:41:43 < mdomsch> how are we on donated resources?
16:41:46 < paulobanon> mmcgrath: that was what i was thinking
16:41:48 < mdomsch> sorry if it was covered earlier
16:41:52 < mmcgrath> but if it will just take a couple of hours to get up and running, I say have at it.
16:42:22 < mmcgrath> mdomsch: ahh, we talked about it a bit.
16:42:31 < mdomsch> ok, I'll read the logs later
16:42:44 < mmcgrath> so the tummy.com stuff is up and ready, we actually ran fedoraproject.org and wiki
off of it yesterday for a couple of hours without incident.
16:42:49 < mmcgrath> mdomsch: cool
16:42:56 < lmacken> daMaestro: nice! f3dora.org++
16:42:56 < mmcgrath> ok, if no one has anything else we'll close the meeting in 30
16:43:34 < mmcgrath> 10
16:43:40 < paulobanon> 5
16:43:42 < paulobanon> :)
16:43:51 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End
16:43:52 < daMaestro> lmacken, yeah.. it's up just so i could learn the stickum codebase and learn TG
16:43:56 < mmcgrath> Thanks for coming everyone.
16:44:01 < ricky> Thanks a lot.
16:44:04 < paulobanon> daMaestro: cool!!
16:44:09 < paulobanon> mmcgrath: thanks!
16:44:11 < abadger1999> Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Fedora-infrastructure-list