Infratructure Meeting Log for 2007/09/20

Ricky Zhou ricky at
Thu Sep 20 20:47:39 UTC 2007

16:00:33 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Role Call
16:00:35 < mmcgrath> Who's here?
16:00:36  * ricky 
16:00:36 -!- warren [i=warren at redhat/wombat/warren] has quit Remote closed the connection
16:00:37 -!- jeremy [i=katzj at nat/redhat/x-0f82d1e06695232a] has quit Remote closed the connection
16:00:39 < mmcgrath> quick before they drop
16:00:40 < ricky> Haha.
16:00:41 < mmcgrath> doah, too late.
16:00:48 < jima> oops
16:01:01  * jima here
16:01:18  * kyriakos_ (not that it really makes any difference :P)
16:01:23 < mmcgrath> skvidal: abadger1999 paulobanon f13 ivazquez ricky jima lmacken dgilmore kyriakos_ 
16:01:24 < londo> heh
16:01:28 < mmcgrath> londo: ping :)
16:01:30 < paulobanon> here
16:01:35 < abadger1999> pong
16:01:38 < londo> here
16:01:40 < jima> pong
16:01:40 < ivazquez> Pong.
16:02:01 < jima> (not that sets off my nick detection...maybe i should work on that)
16:02:17 < paulobanon> can we change the meeding for friday, to see if they still disconnect :D
16:02:29 < mmcgrath> paulobanon: we could :)
16:02:39 < mmcgrath> Ok, I think we have enough to get started.
16:02:46 < ricky> Or move the time :)
16:02:57 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- First tickets
16:02:59 < mmcgrath>
16:03:49 < mmcgrath> Ok, one thing I wanted to talk to everyone about is some of the architectural 
                     changes I've been planning / making.
16:04:00 < mmcgrath> Long story short we're slowly decentralizaing our infrastructure.
16:04:10 < mmcgrath> this is A) cool and B) not simple.
16:04:15 < mmcgrath> B's the part I'm worried about.
16:04:29 < mmcgrath> Basically we're adding a bunch of redundancy to our environment but also adding 
                     complexity and points of failure.
16:04:38 < jima> mmhmm
16:04:42  * daMaestro is here
16:04:45 < mmcgrath> I recently created another domain to help ease this transition, right now its 
                     public but in the future it probably won't be.
16:04:48 < mmcgrath> daMaestro: yo
16:05:15 < mmcgrath> Once complete, every machine will be able to get to every other machine via 
                     "" once you're connected to a machine.  (firewall 
16:05:34 < jima> oh, neat.
16:05:42 < mmcgrath> Part of this is the vpn configuration and part of this is naming our machines.
16:05:51 -!- rdieter_away is now known as rdieter
16:06:00 -!- jeremy [i=katzj at nat/redhat/x-824cfb21e0d420e3] has joined #fedora-meeting
16:06:00 < mmcgrath> Long story short, once you're on the network, use hostname.v.fp.o 
16:06:16 < mmcgrath> whereas all other external requests will come through just
16:06:31 < mmcgrath> we'll no longer have the domain (including the test boxes) and 
                     we'll be done with
16:06:32 < paulobanon> when will this be fully functional ?
16:06:37 < jima> mmcgrath: GOOD!
16:06:47 < mmcgrath> paulobanon: *fully* functional, probably after F8 but long long before F9
16:06:51 < ricky> Nice.
16:06:57  * jima is a little tired of guessing " or"
16:07:00 < mmcgrath> but we will have at least one remote proxy.
16:07:06 < mmcgrath> jima: I think others are as well.
16:07:22  * mmcgrath realizes its not second nature for most people.
16:07:29  * jima nods
16:07:46 < mmcgrath> I did test the proxy2 box, it was handling all of the fp.o traffic yesterday on a 
                     xen guest, with one processor and 1G ram.
16:07:48 < ricky> But does this mean that simply ssh puppet1, for example will need to be ssh 
16:07:53 < mmcgrath> the physical box itself will allow for MUCh more than that.
16:08:03 < mmcgrath> ricky: its all in how we decide to search domains.
16:08:09 < ricky> Aha, OK.
16:08:16 < ivazquez> And configure ssh.
16:08:29 < ricky> Good point :)
16:09:00 < mmcgrath> I'm also slowly getting together a network map, this will greatly complicate our 
                     current network setup which is currently "Its in PHX or a one off in duke"
16:09:05 < paulobanon> ~when do we need to start renaming everything _
16:09:06 < paulobanon> ?
16:09:12 < mmcgrath> hopefully the day to day functionality will be different.
16:09:22 < mmcgrath> paulobanon: not sure yet, we may not need to rename anything.
16:09:32 < mmcgrath> just change to the new scheme when we rebuild.
16:09:54 < paulobanon> k k
16:09:59 < mmcgrath> The biggest hangup I have right now is bootstrapping a build on a box that is off 
                     of the network.
16:10:21 < mmcgrath> I'd like to build over vpn so that the ks isn't sent in clear text and anaconda 
                     doesn't seem to support https (I could be wrong on that)
16:10:24 < mmcgrath> jeremy: ping?
16:11:13 < mmcgrath> I've given some thought to having xen do a bridge on the tap device, that way the 
                     xen guests wouldn't need VPN at all, they'd use the xen bridge and it'd go over the 
                     vpn from there but there are some security worries I have with that, as well as 
                     SPOF worries.
16:11:13 < jeremy> mmcgrath: what's up?
16:11:20 < londo> mmcgrath: you can do a wget, %include from kickstart would that be enough?
16:11:28 < mmcgrath> jeremy: does anaconda support https to get a ks?
16:11:34 < notting> no
16:11:39 < mmcgrath> notting: thanks
16:11:54 < jeremy> mmcgrath: well, it's more complicated than that
16:12:00 < mmcgrath> londo: the problem is getting the ks file in the first place, we'll just have to 
                     figure something else out.
16:12:05 < jima> mmcgrath: bridge + ebtables to redirect the traffic to the vpn?
16:12:10 < jima> (or such)
16:12:12 < jeremy> mmcgrath: you can have a minimal kickstart config that is just enough to get to the 
                   second stage.  then you can have it include %ksappend https://...
16:12:24 < mmcgrath> jima: yeah.
16:12:39 < mmcgrath> jeremy: I'm mostly worried about sending even a fake, encrypted root password over 
                     the net.
16:13:09 < mmcgrath> no worries, we'll figure something out.
16:13:13 < jeremy> mmcgrath: you don't include the root pass in the first snippet
16:13:30 < jeremy> mmcgrath: you have lang, keymap, network, and url (or nfs or whatever) + the 
                   %ksappend line
16:13:31 < kyriakos_> mmcgrath: how feasible would it be to have local buildboxes with http proxies for 
                      the packages?
16:13:40 < mmcgrath> <nod> we could do that.
16:13:52 < mmcgrath> kyriakos_: for personal or global use?
16:13:56 < mmcgrath> s/global/public/
16:14:07 < kyriakos_> mmcgrath: global
16:14:30 < mmcgrath> kyriakos_: people actually do all the time for local builds + squid and such
16:14:44 < mmcgrath> jeremy: ahh, I can give that a go.
16:15:05 < mmcgrath> Ok, anyone have any other questions on the vpn + new domain topic?
16:15:06 -!- GeroldKa [n=GeroldKa at fedora/geroldka] has joined #fedora-meeting
16:15:09 < mmcgrath> if not we'll move on.
16:15:10 < nirik> just FYI, we have a pretty complete mirror at our site local to proxy3, so if it pulls 
                  packages from there it should be quite zippy.
16:15:22 < mmcgrath> nirik: actually thats good to know, thanks.
16:16:05 < mmcgrath> That was ticket 
16:16:06 < nirik> (mirrormanager should already point fedora stuff using mirrorlists to the right place, 
                  but you would need IP for centos/debian/ubuntu/whatever other things)
16:16:25 < mmcgrath> its still in the very early stages so I hope to keep communcations open on ideas 
                     and such when we get to actual implementation.
16:16:35 < mmcgrath> nirik: <nod>
16:16:48 < kyriakos_> is there a standard vpn package that you use?
16:16:53 < mmcgrath> Ok, next ticket is the VCS choice.
16:16:57 < mmcgrath> kyriakos_: we're using openvpn.
16:17:14 < mmcgrath> jcollie is absent again so we'll skip that.  /me wonders how he's doing its been a 
16:17:36 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Schedule
16:17:38 < mmcgrath>
16:17:54 < mmcgrath> Ok, Corporate Sponsorship has gone ok.
16:18:06 -!- warren [i=warren at nat/redhat/x-8a9f6cb294f7e3f1] has joined #fedora-meeting
16:18:14 < mmcgrath> right now we're still waiting for legal to get back to us with the official ok for 
            but its all setup and ready for the go ahead
16:18:19  * mmcgrath makes note to follow up about that.
16:18:46 < mmcgrath> Nothing terribly new this week, we have funding to purchase a server for the colo 
                     in Germany.
16:18:54 < jima> oh, cool.
16:18:56 < paulobanon> mmcgrath: nice!
16:18:56 < mmcgrath> Just waiting on the quote to come back and that should be a pretty new/good thing.
16:19:08  * mmcgrath thanks paulobanon, it could be EXTREMELY useful in the coming months.
16:19:22 < mmcgrath> I mean, a half rack in Europe is nothing to shake a stick at.
16:19:30 < paulobanon> nothing to thank for :P
16:19:47 < paulobanon> i had the contacts, so i provided them thats it :)
16:20:05 < mmcgrath> I've sent a couple of more emails out but had nothing concrete come back with a yes 
                     or no.
16:20:13 < mmcgrath> ricky: ping
16:20:18 < ricky> mmcgrath: pong
16:20:20 -!- giarc [i=hidden-u at] has joined #fedora-meeting
16:20:32 < mmcgrath> ricky: I've kind of ignored the status of that sponsorship page, are we just 
                     waiting on the new templating system?
16:20:35 < mmcgrath> how close is it?
16:20:39 < jima> a half rack? wow.
16:20:53 < mmcgrath> jima: no kidding.
16:21:13 < ricky> mmcgrath: Well, I'd say that it works now (as in can generate the static pages that we 
                  have now).
16:21:21 < mmcgrath> ..but ?
16:22:00 < ricky> It could possibly use some cleanup, though- I might not have done things in the 
                  smartest way.
16:22:08 < mmcgrath> k
16:22:14 < ivazquez> I can take a look after if you like.
16:22:44 < mmcgrath> ricky: is your stuff in the fedora CVS already?
16:22:46 < ricky> I'd like to possibly try to setup a generated site at /_/ or something and hope that 
                  we can use templates for F8.
16:22:47 < paulobanon> ricky/mmcgrath: is this something for pre-F8 or after ?
16:22:49 < mmcgrath> you're using genshi or kid or something else?
16:22:57 < paulobanon> ricky: already replied :)
16:23:07 < mmcgrath> paulobanon: pre-F8, I'm actually hoping for it in the next week or so (the 
                     sponsorship page that is)
16:23:15 < mmcgrath> and if its blocking on the templating system thats ok.
16:23:22 < ricky> mmcgrath: Genshi, and it's currently in
16:23:42  * mmcgrath forgot about that.
16:23:54 < mmcgrath> ricky: remind me after the meeting, I'll get the websites team setup with control 
                     over that.
16:24:00 < ricky> Sure thing.
16:24:48 < ivazquez> Hrm. I can't seem to clone it.
16:25:02 -!- notting [i=notting at redhat/notting] has quit "Ex-Chat"
16:25:18 < ricky> ivazquez: Oops, running that now.
16:25:31 < paulobanon> ricky: if this is something that will go forward, why not get it into hosted ?
16:25:36 < ricky> ivazquez: Try now.
16:25:48 < paulobanon> as an actual project :)
16:25:52 < ivazquez> Much better.
16:25:59 < mmcgrath> paulobanon: welll, this one's actually going to be a place just for the websites 
16:26:11 < mmcgrath> so it'll be going on, I've just been bad about getting it on 
                     there :(
16:26:21 < paulobanon> ahh ok ok
16:26:39 < mmcgrath> ricky: ivazquez: can you two give that a look over and get it up early next week?  
                     We can test in /_/
16:27:03 < ivazquez> I'm a bit busy here, but I'll do what I can.
16:27:11 < ricky> Thanks.
16:27:18 < mmcgrath> ivazquez: thanks, I'd greatly appreciate it.
16:27:22  * jima has to roll out before the meeting endtime
16:27:26 < mmcgrath> Ok we'll move on to architecture.
16:27:48 < mmcgrath> Is there anyone here that'd be willing to document some stuff for me on SOP's or in 
16:28:03 < mmcgrath> I'm working on some of this as well but we can always use help :)
16:28:23 < paulobanon> mmcgrath: if u drop me what u want, i can give u a hand
16:28:37 < mmcgrath> paulobanon: excellent, I'll take you up on that.
16:28:40 -!- clarkbw [i=clarkbw at nat/redhat/x-a033520974148b46] has quit "Ex-Chat"
16:28:54 < mmcgrath> not much has happened during this week on that but more is on the way.
16:29:04 < mmcgrath> Next thing on the Schedule is SOP's, nothing new there.
16:29:08 < mmcgrath> So I'll open the floor
16:29:16 < paulobanon> proxies
16:29:17 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor
16:29:21 < paulobanon> caching that is
16:29:27 < mmcgrath> paulobanon: yes, discuss the caching on the proxies.
16:29:56 < paulobanon> so we had a nice "impersonating experience" of lmacken in bodhi this week
16:30:00 -!- mdomsch [n=mdomsch at] has joined #fedora-meeting
16:30:13 < paulobanon> mod_cache was playing some tricks on us
16:30:21 < jima> heh
16:30:25 < lmacken> :)
16:30:31 -!- stahnma [n=stahnma at] has joined #fedora-meeting
16:30:38 < mmcgrath> that was fun.
16:30:47 < paulobanon> a fully functional caching bodhi is setup in pt1.f.rh.c/updates
16:31:07 < jima> i tried impersonating lmacken at a store, but they didn't believe me.
16:31:17 < mmcgrath> For those that are interested - wget -SO/dev/null
16:31:28 < paulobanon> one thing we need to make sure we do, is standardize the static content
16:31:31 < jima> lmacken: btw, if you hear something about a shoplifting trial, it wasn't me.
16:31:34 < mmcgrath> thats a good way to get the headers (and thus information about the content you're 
                     looking at)
16:32:10 < paulobanon> so if we could take a look into our TG apps, and make sure that everything is 
                       using /static/ for images, CSS, etc
16:32:36 < mdomsch> paulobanon, mm does
16:32:37 < mmcgrath> <nod>
16:32:41 < lmacken> jima: haha
16:32:46 < paulobanon> right now, smolt/stats and docs.fp.o/ are being cached
16:32:53 < abadger1999> Cool.  Will do
16:33:11 < paulobanon> hopefully early next week, bodhi will be the first app to be cached also
16:33:21 -!- Aaronfc7 [n=Aaron at] has joined #fedora-meeting
16:33:22 < paulobanon> so testing is appreciated in PT1/updates
16:33:25  * mdomsch needs db2 cached
16:33:26 < lmacken> I will probably be updating bodhi tonight or tomorrow with TG, so we can 
                    utilize the secure cookies, and some other fixes
16:34:03 < paulobanon> if u guys have suggestions, please comment/talk/whatever :)
16:34:16 < Aaronfc7> b43 module
16:34:19 < mmcgrath> <nod> cool.
16:34:21  * jima maintains no TG apps :)
16:34:30 < lmacken> paulobanon: i'll play around with it tonight, thanks for setting it up
16:34:33 < paulobanon> if you guys want to test your app with mod_cache let me know where the testing 
                       app is, and ill setup some rewrites in PT1
16:34:37 < ivazquez> Aaronfc7: Wrong group.
16:34:38 < lmacken> jima: want to help ? :)
16:34:51 < mmcgrath> paulobanon: no doubt, thanks for getting that all setup and tested in our 
16:34:53 < jima> lmacken: wouldn't that typically require knowing...what, python?
16:34:54 < Aaronfc7> still learning
16:35:09 < paulobanon> mmcgrath: no prob
16:35:18 < ivazquez> jima: So... in 2 hours then?
16:35:26 < mmcgrath> paulobanon: I'd love to get some of our WikiGraphics cached
16:35:26 < paulobanon> another thing, stickum :)
16:35:30 < mmcgrath> see:
16:35:33 < mmcgrath> for example
16:35:38 < jima> ivazquez: ...?
16:35:44 < paulobanon> mmcgrath: pt1/wiki ;)
16:35:52 < ivazquez> In about 2 hours you'll be able to help with TG.
16:35:53 < lmacken> jima: TG turns python into a different sort of beast.. it's usually just best to 
                    dive in head first
16:35:55 < jima> ivazquez: well, for starters, i have to roll out in about 5 minutes, so definitely not. 
16:36:25 < paulobanon> mmcgrath: forget the PT1/wiki, its not defined in modcache.conf
16:36:31 < mmcgrath> paulobanon: I actually added some caching to the production wiki (they're in puppet)
16:36:46 < paulobanon> mmcgrath: ill take a look tomorrow
16:37:07 < paulobanon> lmacken / ricky: daMaestro was interested in joining your stickum interest group
16:37:13 < mmcgrath> paulobanon: cool, anything else?  If not we'll move on
16:37:14  * jima doesn't know any python, and has things like a job and family that make free time a bit 
          erratic. :|
16:37:41 < daMaestro> +1 with helping with stickum devel
16:37:47 < ricky> daMaestro: Ask abadger1999 about getting  SVN access when you see him.
16:37:51 < kyriakos_> what's stickum ?
16:37:52 < daMaestro> sure
16:37:54 < paulobanon> ricky: you wanna try pushing a testing version under pastebin.fp.o ?
16:37:58 < paulobanon> :P
16:38:00 < ricky> (Google accounts required, of course)
16:38:03 < daMaestro> kyriakos_, pastebin: example:
16:38:10 < daMaestro> damnit,
16:38:26 < daMaestro> there is also a fedora project test one, i don't have the url handy
16:38:33 < abadger1999> paulobanon, mdomsch:BTW, there's some ExpiresActive lines in pt1's mirrors.conf 
                        file that don't work.
16:38:36 < ricky> paulobanon: Hm, would we need it to be packaged first?  I think mmcgrath mentioned 
                  that on the ticket.
16:38:55 < paulobanon> ricky: true true
16:38:56 < abadger1999> Not sure who's working on that but I commented them out for now
16:39:04 < ricky>, may not be latest SVN- I will update it when I 
                  have the chance.
16:39:11 < paulobanon> abadger1999: mirrors.conf its not me
16:39:20 < mdomsch> abadger1999, oh?
16:39:31 < mdomsch> probably me, but I don't recall doing it on pt1
16:39:33 < jima> okay, i'm off -- have a nice night everyone.
16:39:39 < paulobanon> abadger1999: im usually under modRewrite.conf and modcache.conf
16:39:44 < ricky> jima: See you.
16:39:46 < mmcgrath> jima: later
16:39:48 < abadger1999> mdomsch: /etc/httpd/conf.d/
16:39:50 < paulobanon> jima: later
16:39:53  * mmcgrath attempts to get the meeting back up
16:40:11 < mmcgrath> do we have anything else we need to discuss in the meeting or should we head on 
                     over to #fedora-admin and continue discussing some of this there?
16:40:24 < abadger1999> mdomsch: I thought it was something puppet dragged in but I didn't see it in the 
                        configs on puppet1
16:40:48 < paulobanon> mmcgrath, ricky: is the pastebin something we still want for pre f8 ?
16:41:19 < mdomsch> odd
16:41:23 < mmcgrath> paulobanon: It'd be nice but we have some other priorities.
16:41:43 < mdomsch> how are we on donated resources?
16:41:46 < paulobanon> mmcgrath: that was what i was thinking
16:41:48 < mdomsch> sorry if it was covered earlier
16:41:52 < mmcgrath> but if it will just take a couple of hours to get up and running, I say have at it.
16:42:22 < mmcgrath> mdomsch: ahh, we talked about it a bit.
16:42:31 < mdomsch> ok, I'll read the logs later
16:42:44 < mmcgrath> so the stuff is up and ready, we actually ran and wiki 
                     off of it yesterday for a couple of hours without incident.
16:42:49 < mmcgrath> mdomsch: cool
16:42:56 < lmacken> daMaestro: nice!
16:42:56 < mmcgrath> ok, if no one has anything else we'll close the meeting in 30
16:43:34 < mmcgrath> 10
16:43:40 < paulobanon> 5
16:43:42 < paulobanon> :)
16:43:51 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End
16:43:52 < daMaestro> lmacken, yeah.. it's up just so i could learn the stickum codebase and learn TG
16:43:56 < mmcgrath> Thanks for coming everyone.
16:44:01 < ricky> Thanks a lot.
16:44:04 < paulobanon> daMaestro: cool!!
16:44:09 < paulobanon> mmcgrath: thanks!
16:44:11 < abadger1999> Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Fedora-infrastructure-list mailing list