From lmacken at redhat.com Mon Dec 1 15:43:39 2008 From: lmacken at redhat.com (Luke Macken) Date: Mon, 1 Dec 2008 10:43:39 -0500 Subject: Change request: SELinux tweaks. In-Reply-To: <1227700528.25778.3.camel@gibraltar.str.redhat.com> References: <20081121192254.GA3292@x300.bos.redhat.com> <20081121210129.GC3292@x300.bos.redhat.com> <4927242D.4050208@gmail.com> <20081121214925.GH3292@x300.bos.redhat.com> <1227700528.25778.3.camel@gibraltar.str.redhat.com> Message-ID: <20081201154339.GE3261@x300.redhat.com> On Wed, Nov 26, 2008 at 12:55:28PM +0100, Nils Philippsen wrote: > On Fri, 2008-11-21 at 16:49 -0500, Luke Macken wrote: > > On Fri, Nov 21, 2008 at 01:12:13PM -0800, Toshio Kuratomi wrote: > > > Luke Macken wrote: > > > > On Fri, Nov 21, 2008 at 02:17:53PM -0600, Mike McGrath wrote: > > > >> On Fri, 21 Nov 2008, Luke Macken wrote: > > > >> > > > >>> Attached are some patches that will fix many AVC's that are currently > > > >>> happening within our infrastructure. > > > >>> > > > >>> Patch 0010-Fix-our-semanage_fcontext-function-to-work-on-symlin.patch > > > >>> /should/ fix the problem introduced in > > > >>> 41acfbc83c80d12d915a0d6087e841aba2c7e78c that caused restorecon to flip > > > >>> out when trying to apply context to a symlink. > > > >>> > > > >>> The rest should all be fairly straight-forward fixes that involve > > > >>> flipping booleans, setting context, and creating custom policy modules. > > > >>> Apologies for the binary blobs in the diffs :) > > > >>> > > > >> What is the impact of actually implementing these changes? Also whats the > > > >> risk if stuff goes horribly wrong? > > > > > > > > These changes will greatly decrease the amount of SELinux AVCs > > > > generated, and in the case of bastion will also decrease the number of > > > > prelude alerts being sent to our prelude-manager. Since we're > > > > in permissive mode, all AVCs are essentially harmless, but we need to > > > > fix them to not only move forward with our SELinux deployment, but also > > > > for the IDS deployment as well (we currently have too many AVCs for our > > > > audit-driven prelude IDS to be useful). > > > > > > > > The only thing I can think of that could go "horribly wrong" is if patch > > > > 0010 does not fix the symlink issue, and it would trigger a 'restorecon > > > > -R /', which would only cause a little bit of disk churn. When these > > > > are applied, I will manually run puppet on our hosted machine to ensure > > > > that the symlink issue is properly fixed. > > > > > > > How does patch 0010 fix the problem? It looks like trying to use this > > > on /git will still result in restorecon -R / being run. > > > > Good catch. So, for symlinks such as /cvs, defining them like this > > should do the trick: > > > > --- a/manifests/servergroups/cvs.pp > > +++ b/manifests/servergroups/cvs.pp > > @@ -28,7 +28,7 @@ class cvs { > > bool => 'on' > > } > > > > - semanage_fcontext { '/cvs': > > + semanage_fcontext { '/cvs(/.*)?': > > type => 'httpd_sys_content_t' > > } > > Sorry to jump in uninformed, but will this actually catch files > beneath /cvs (if /cvs is a symlink)? IMO, the "real" path needs to be > specified here (e.g. /srv/cvs/... if /cvs pointed to /srv/cvs). > > Or do restorecon & co. actually follow symlinks (and thus would > potentially treat files differently depending on whether they were > reached by the canonical or a symlinked path)? The way we created the semanage_fcontext is that so that it will always run `restore -R` on the dirname of the path, with some sed "magic", so it should ideally follow everything below the symlink. define semanage_fcontext($type) { exec { "/usr/sbin/semanage fcontext -a -t $type '$name'; /sbin/restorecon -R `/usr/bin/dirname '$name/' | /bin/sed 's/(.*//'`": unless => "/usr/sbin/matchpathcon `/usr/bin/dirname '$name' | /bin/sed 's/(//'` | grep -qe $type", cwd => '/', } } Yes, it's a nasty hack, but it works for now until puppet can handle this stuff better (the latest version may actually be able to, I'm not quite sure) luke From mmcgrath at redhat.com Mon Dec 1 16:30:42 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 1 Dec 2008 10:30:42 -0600 (CST) Subject: Change request: SELinux tweaks. In-Reply-To: <20081201154339.GE3261@x300.redhat.com> References: <20081121192254.GA3292@x300.bos.redhat.com> <20081121210129.GC3292@x300.bos.redhat.com> <4927242D.4050208@gmail.com> <20081121214925.GH3292@x300.bos.redhat.com> <1227700528.25778.3.camel@gibraltar.str.redhat.com> <20081201154339.GE3261@x300.redhat.com> Message-ID: On Mon, 1 Dec 2008, Luke Macken wrote: > On Wed, Nov 26, 2008 at 12:55:28PM +0100, Nils Philippsen wrote: > > On Fri, 2008-11-21 at 16:49 -0500, Luke Macken wrote: > > > On Fri, Nov 21, 2008 at 01:12:13PM -0800, Toshio Kuratomi wrote: > > > > Luke Macken wrote: > > > > > On Fri, Nov 21, 2008 at 02:17:53PM -0600, Mike McGrath wrote: > > > > >> On Fri, 21 Nov 2008, Luke Macken wrote: > > > > >> > > > > >>> Attached are some patches that will fix many AVC's that are currently > > > > >>> happening within our infrastructure. > > > > >>> > > > > >>> Patch 0010-Fix-our-semanage_fcontext-function-to-work-on-symlin.patch > > > > >>> /should/ fix the problem introduced in > > > > >>> 41acfbc83c80d12d915a0d6087e841aba2c7e78c that caused restorecon to flip > > > > >>> out when trying to apply context to a symlink. > > > > >>> > > > > >>> The rest should all be fairly straight-forward fixes that involve > > > > >>> flipping booleans, setting context, and creating custom policy modules. > > > > >>> Apologies for the binary blobs in the diffs :) > > > > >>> > > > > >> What is the impact of actually implementing these changes? Also whats the > > > > >> risk if stuff goes horribly wrong? > > > > > > > > > > These changes will greatly decrease the amount of SELinux AVCs > > > > > generated, and in the case of bastion will also decrease the number of > > > > > prelude alerts being sent to our prelude-manager. Since we're > > > > > in permissive mode, all AVCs are essentially harmless, but we need to > > > > > fix them to not only move forward with our SELinux deployment, but also > > > > > for the IDS deployment as well (we currently have too many AVCs for our > > > > > audit-driven prelude IDS to be useful). > > > > > > > > > > The only thing I can think of that could go "horribly wrong" is if patch > > > > > 0010 does not fix the symlink issue, and it would trigger a 'restorecon > > > > > -R /', which would only cause a little bit of disk churn. When these > > > > > are applied, I will manually run puppet on our hosted machine to ensure > > > > > that the symlink issue is properly fixed. > > > > > > > > > How does patch 0010 fix the problem? It looks like trying to use this > > > > on /git will still result in restorecon -R / being run. > > > > > > Good catch. So, for symlinks such as /cvs, defining them like this > > > should do the trick: > > > > > > --- a/manifests/servergroups/cvs.pp > > > +++ b/manifests/servergroups/cvs.pp > > > @@ -28,7 +28,7 @@ class cvs { > > > bool => 'on' > > > } > > > > > > - semanage_fcontext { '/cvs': > > > + semanage_fcontext { '/cvs(/.*)?': > > > type => 'httpd_sys_content_t' > > > } > > > > Sorry to jump in uninformed, but will this actually catch files > > beneath /cvs (if /cvs is a symlink)? IMO, the "real" path needs to be > > specified here (e.g. /srv/cvs/... if /cvs pointed to /srv/cvs). > > > > Or do restorecon & co. actually follow symlinks (and thus would > > potentially treat files differently depending on whether they were > > reached by the canonical or a symlinked path)? > > The way we created the semanage_fcontext is that so that it will always > run `restore -R` on the dirname of the path, with some sed "magic", > so it should ideally follow everything below the symlink. > > define semanage_fcontext($type) { > exec { "/usr/sbin/semanage fcontext -a -t $type '$name'; /sbin/restorecon -R `/usr/bin/dirname '$name/' | /bin/sed 's/(.*//'`": > unless => "/usr/sbin/matchpathcon `/usr/bin/dirname '$name' | /bin/sed 's/(//'` | grep -qe $type", > cwd => '/', > } > } > > Yes, it's a nasty hack, but it works for now until puppet can handle this stuff > better (the latest version may actually be able to, I'm not quite sure) > Side note about the new puppet version, I was going to do that this week but I'll be in phoenix starting on Thursday until Monday (maybe later depending on how things go). I don't want to change puppet and have it do horrible things while I'm actually on site. Having said that... If someone else wants to do the upgrade (sysadmin-main) and take responsibility for making sure it went ok and that things are working have at it (let us know though). From what I understand old puppetmaster and new puppet don't totally work right so you'd have to upgrade the puppet master then upgrade puppet on each host. Its been my experience that this can be a manual process but we do have func in most places now so this should be helpful. If no one does it I'll get it mid-december at some point. -Mike From tmz at pobox.com Mon Dec 1 17:17:29 2008 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 1 Dec 2008 12:17:29 -0500 Subject: Change request: SELinux tweaks. In-Reply-To: References: <20081121192254.GA3292@x300.bos.redhat.com> <20081121210129.GC3292@x300.bos.redhat.com> <4927242D.4050208@gmail.com> <20081121214925.GH3292@x300.bos.redhat.com> <1227700528.25778.3.camel@gibraltar.str.redhat.com> <20081201154339.GE3261@x300.redhat.com> Message-ID: <20081201171729.GA20204@inocybe.teonanacatl.org> Mike McGrath wrote: > On Mon, 1 Dec 2008, Luke Macken wrote: >> Yes, it's a nasty hack, but it works for now until puppet can >> handle this stuff better (the latest version may actually be able >> to, I'm not quite sure) I don't know that puppet-0.24.6 handles that. It can set and restore labels to files and dirs, but I don't recall seeing that it does "semanage fcontext" tasks. I could easily be wrong though. > Side note about the new puppet version, I was going to do that this > week but I'll be in phoenix starting on Thursday until Monday (maybe > later depending on how things go). I don't want to change puppet > and have it do horrible things while I'm actually on site. One thing to watch out for is performance. The selinux stuff in 0.24.6 adds a fairly large hit, as it shells out to stat and matchpathcon for every file it touches (ouch!). This is rewritten to use the ruby selinux bindings in 0.24.7 (supposedly due in the next week or two). It also means that selinux support will only be available where the rub selinux bindings are -- essentially, that's recent Fedora and not RHEL at the moment. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I personally think we developed language because of our deep need to complain. -- Lily Tomlin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From darfoo at framebuffer.org Mon Dec 1 21:10:10 2008 From: darfoo at framebuffer.org (Mark True) Date: Mon, 1 Dec 2008 15:10:10 -0600 (CST) Subject: Introduction... Message-ID: <1228165810.v2.mailanyonewebmail-187758@fuse50> Hey Guys, I am interested in joining the Fedora sysadmins and infrastructure team and helping out. I have been using Linux for more than 10 years on my own and in various jobs. Over that time, I have used Slackware, Gentoo, Debian, Redhat, Ubuntu and of course Fedora. My exposure to all these different distributions has given me a wide variety of experiences with how various people implement a system. Most of the companies I have worked for have used RHEL on the corporate servers and Fedora or Ubuntu on the desktops. In my roll as either systems engineer, software developer or QA engineer I have always played ad-hoc sysadmin for people because of my knowledge. I have experience with bash, Perl, Python and C/C++, and many different kinds of system utilities. I would love to contribute my talents with tools and knowledge toward supporting the Fedora project. Hope to hear from you! --Mark T. From mmcgrath at redhat.com Mon Dec 1 21:30:00 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 1 Dec 2008 15:30:00 -0600 (CST) Subject: Introduction... In-Reply-To: <1228165810.v2.mailanyonewebmail-187758@fuse50> References: <1228165810.v2.mailanyonewebmail-187758@fuse50> Message-ID: On Mon, 1 Dec 2008, Mark True wrote: > Hey Guys, > > I am interested in joining the Fedora sysadmins and infrastructure team > and helping out. I have been using Linux for more than 10 years on my own > and in various jobs. Over that time, I have used Slackware, Gentoo, > Debian, Redhat, Ubuntu and of course Fedora. My exposure to all these > different distributions has given me a wide variety of experiences with > how various people implement a system. Most of the companies I have > worked for have used RHEL on the corporate servers and Fedora or Ubuntu on > the desktops. In my roll as either systems engineer, software developer > or QA engineer I have always played ad-hoc sysadmin for people because of > my knowledge. I have experience with bash, Perl, Python and C/C++, and > many different kinds of system utilities. I would love to contribute my > talents with tools and knowledge toward supporting the Fedora project. > Hello Mark, was there any particular FIG you are interested in? Also have you applied for the sysadmin group yet? What is your account name? -Mike From darfoo at framebuffer.org Mon Dec 1 22:46:04 2008 From: darfoo at framebuffer.org (Mark True) Date: Mon, 1 Dec 2008 16:46:04 -0600 (CST) Subject: Introduction... Message-ID: <1228171564.v2.mailanyonewebmail-187758@fuse49> My username is darfoo, and I applied to the sysadmin group. I guess I am pretty much interested in whatever FIG needs me, but primarily sysadmin-releng and sysadmin-noc --Mark T. ----- Original Message ----- From: "Mike McGrath" Sent: Mon, December 1, 2008 16:30 Subject:Re: Introduction... On Mon, 1 Dec 2008, Mark True wrote: > Hey Guys, > > I am interested in joining the Fedora sysadmins and infrastructure team > and helping out. I have been using Linux for more than 10 years on my own > and in various jobs. Over that time, I have used Slackware, Gentoo, > Debian, Redhat, Ubuntu and of course Fedora. My exposure to all these > different distributions has given me a wide variety of experiences with > how various people implement a system. Most of the companies I have > worked for have used RHEL on the corporate servers and Fedora or Ubuntu on > the desktops. In my roll as either systems engineer, software developer > or QA engineer I have always played ad-hoc sysadmin for people because of > my knowledge. I have experience with bash, Perl, Python and C/C++, and > many different kinds of system utilities. I would love to contribute my > talents with tools and knowledge toward supporting the Fedora project. > Hello Mark, was there any particular FIG you are interested in? Also have you applied for the sysadmin group yet? What is your account name? -Mike ----- End of original message ----- From mastahnke at gmail.com Tue Dec 2 03:14:55 2008 From: mastahnke at gmail.com (Michael Stahnke) Date: Mon, 1 Dec 2008 21:14:55 -0600 Subject: Fwd: Patch to fix EPEL dep scripts In-Reply-To: <7874d9dd0811031530r2b4c3622u3cd41c6fef8a3d3c@mail.gmail.com> References: <7874d9dd0810302124o15e8a782x491530c1e3d634c0@mail.gmail.com> <20081031113821.66adb18d.bugs.michael@gmx.net> <7874d9dd0810310633g767888a2sa9552737b07a820d@mail.gmail.com> <20081031200702.9e76f6a0.bugs.michael@gmx.net> <7874d9dd0811031530r2b4c3622u3cd41c6fef8a3d3c@mail.gmail.com> Message-ID: <7874d9dd0812011914g5dc07e1i3090b6aa16ddacd6@mail.gmail.com> I apologize if you got this twice. In looking at the archives, it appears this didn't go through. Once more with feeling :) Testing should be fairly simple. Just run it and disable emails. Also, you need a good yum.conf, and rc-report-epel.cfg. The checkEpel.sh script will look in the current directory, since that's how the git directory was setup. stahnma -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fixing-i386-vs-i686-issue.-Also-single-email-now-i.patch Type: text/x-patch Size: 2615 bytes Desc: not available URL: From a.badger at gmail.com Wed Dec 3 02:51:44 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 02 Dec 2008 18:51:44 -0800 Subject: Fixing CSRF exploits in Infrastructure In-Reply-To: <200811262326.16815.opensource@till.name> References: <492B0F36.8040405@gmail.com> <200811261653.21548.opensource@till.name> <492D8B9A.4030000@gmail.com> <200811262326.16815.opensource@till.name> Message-ID: <4935F440.5060201@gmail.com> Till Maas wrote: > On Wed November 26 2008, Toshio Kuratomi wrote: >> Till Maas wrote: > >>> How big the regression is if users have to log in for every external link >>> they click on, depends on how often this happens. I believe that links to >>> FAS are not exchanged very often, therefore it will not hurt very much. I >>> guess there is also not so often a need to use FAS with tabs. But maybe >>> there are people who have to use FAS more often. With Bodhi it is >>> contrary, because there it is normal to get mails with links if someone >>> added a comment to a package or for testers to exchange links to Bodhi >>> updates. Also links to Bodhi updates are used in Bugzilla comments. There >>> it would have a much bigger impact on the efficiency of testing new >>> package updates imho. >> Pretty much agreed on this analysis. My one note is that in my usage, >> at least, I already have to login most of the time when clicking on a >> link in bugzilla or email due to my session having expired already. > > But in the future you would have to do this for every link everytime, even if > you use many of them in a short timeframe. > Yes, I'm just wondering whether this is the normal usage because it isn't mine. As noted, I have to relogin nearly everytime I click on an external link because my session expires. (note: links inside of Fedora Apps and between Fedora Apps would carry the token so they wouldn't be subject to a relogin). >>> Regarding the time needed for auditing applications: There may still be a >>> lot of other vulnerabilites in these applications which cannot be fixed >>> automatically. Therefore they still need to be written carefully. But >>> maybe a compromise would be to require the token for all requests by >>> default and then whitelist the ones, that are not meant to change state, >>> e.g. requests like: >>> >>> https://admin.fedoraproject.org/updates/pstreams-devel-0.6.0-6.fc10 >> I thought of doing this but it still allows things to be insecure if >> what a method does gets changed and the whitelisting isn't updated. > > What it am apllication writer does not require authentication for some action > that should require authentication? With this reasoning you could also > require that every request has to be authenticated. This is different. It's very natural to think about user permissions when making a change. Just like Unix filesystem permissions, we're asking, does this user have permission to do this? Protecting against CSRF is different. It's asking whether the user really made the request or if it was only the user's browser making the request. That's not a natural thing to check for. > Also do the actions behind a certain request / URL really change that often? > I don't know the answer to how often but the actions do change sometimes. For instance, a URL can be used to display a comment form on an update. When you submit a comment you are brought back to the comment form with the new comment added. So there's two ways to write this: Either the action could submit to a new URL and the URL redirects back to the comment form URL once the request is processed or the action could submit to the same URL with the comment form's inputs as optional arguments. In Bodhi the first method is presently chosen. If it is recoded to the second method, marking for the purposes of CSRF protection would need to be updated. >> OTOH, if a whitelist of methods isn't updated when a form goes from >> merely showing information to changing data, you lose the CSRF protection. > > If you also do not add proper authentication if a method gets updated to show > confidential information, you lose the protection of the confidential > information. > This is addressed above. > Is it maybe possible to modify the functions behind the API that are used to > change state to require a valid token? Then the author of the webapplication > needs to activly work agains the CSRF protection instead of accidently > forgetting it. > This is something I thought for a bit on. However I'm not 100% satisfied with what can be done here. In the present pkgdb, session.flush() must be called anytime data is changed in the database. So we could override that method to add this protection. In FAS, adding a new certificate is not recorded in the database so overriding flush() is not enough to protect that. In bodhi we're still using SQLObject so we'd have to override the equivalent of flush() there as well. Additionally, there's autoflush methods that can be turned on in the database adapters. If a TG app uses autoflush, then we won't have a hook to override in this manner. >>> Another way would be to not change the session id if a user needs to >>> supply the username/password again only because the token was missing. It >>> would probably be enough to ask the user only to click a link that >>> contains the matching token in case the token is missing. >> Not changing the token can have security ramifications as it allows the >> browser to specify what the visit key will be once the user is >> authenticated. I can't think of any way for javascript to manipulate >> this ATM but there could be something that I'm not thinking of or >> browser security holes could introduce something in this area. > > How is it different to keep the same session id after sending a valid session > id and token to the server than to keep it after sending a valid session and > a username / password combination? > I'm thinking of vulnerabilities when we add SSL Certs here instead of username/password. Sending session + username/password tells us that the user is in charge of the request. Sending session + token tells us that the browser was able to read information from the response so the same-origin-policy should protect us. Sending session + SSL Cert does not tell us anything as the browser uses both cookies and SSL Certs when making a call to a different domain at the behest of a web page. Keeping the same session id in this case could be dangerous if there are flaws in the browser or the server code that allow the malicious web page to set the session cookie. >>> On the >>> downside it has a high impact on usability >> This is the one I don't know about. It will change my usage a bit since >> I'll need to start clicking on links to the other apps in present app >> pages to open new tabs. But when I usually open links from external >> sources I'm already used to having to re-login due to the session >> expiring. So we need feedback here, do you often click on multiple >> things in close proximity and wouldn't be able to change to clicking >> within the app? Are you able to > > If I send you a bunch of links that point to Bodhi updates and your job is to > add one comment to each update, then you have to provide your username and > password once for each link. Currently you would only login once for the > first link and open the others afterwards. But this isn't my job. It's a hypothetical. > I use as often as possible direct > links from mails or bookmarks, because clicking through the webapp to get to > a certain location takes a lot more time. > So would it be better to fix the web app's UI? >>> or makes the automatic CSRF >>> protection a lot more complicated. >> This one's untrue as seen in the revised proposal. > > The revised proposal is not yet as usable as the current situation. > True. But the current situation is less secure than the proposal. So we need to understand the relative value of each rather than aiming for something that is as usable as currently. >>> Also securing all requests may cost a lot >>> of performance, because more requests need to be made. >> This one is probably not correct either. If the token and the tg-visit >> match, there's no extra request. If the token and tg-visit do not >> match, there's one extra request from FAS to the database. There are no >> extra json calls. > > If one has to click through the webapp instead of clicking directly on a link, > there are also a lot more requests. This might be true. Although better UI could resolve that. > Also if one can have multiple valid > session ids, then more need to be stored on the server. > The server already stores these so there's not more information here. >> Or best of all, can we add some other check that allows us to preserve >> the present usability and still refuse state-changing events if they >> haven't been marked as such. > > Imho this is not possible, because to refuse state-changing events, you need > to be able to distinguish them from other events. If you have an algorithm > for this, you can use it to mark thes events. > Rather than impossible, I think that catching things at the session.flush() call is a step towards this. But there's a sacrifice in flexibility in doing things here that I'm not certain we can enforce. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From lists at sequestered.net Wed Dec 3 05:05:15 2008 From: lists at sequestered.net (Jay Chandler) Date: Tue, 2 Dec 2008 21:05:15 -0800 Subject: Obligatory First Post Message-ID: <8E83437B-C9EB-4062-B35F-77CEAAC96B47@sequestered.net> Greetings! My name is Corey "Jay' Chandler, and I'm a Linux admin. Besides a general knowledge of standard Linux admin tasks, I specialize in monitoring (Nagios and Cacti at the current gig, a handful of other packages (including Zabbix) over the years), httpd, and DNS-- but the area I really shine in is email, from MTA to anti-spam to list management. I've been active in the Unix/Linux world for roughly five years now, both as a user and as a systems admin. I just discovered the Fedora Infrastructure project today, and I must say, I'm enthused. I've always wanted to contribute to an open source project, but given that I can't code my way out of a paper bag at this point, that's been rather difficult. The dayjob keeps me busy in a primarily CentOS environment, so I'm no stranger to the RedHat way of systems design. Feel free to let me know where I can best be of use! -- Corey Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Forced to support NT servers; sysadmins quit From nigjones at redhat.com Wed Dec 3 05:15:38 2008 From: nigjones at redhat.com (Nigel Jones) Date: Wed, 03 Dec 2008 15:15:38 +1000 Subject: noc2 Rebuild - Outage Notification - 2008-12-03 07:00 UTC Message-ID: <1228281338.31938.20.camel@njones.bne.redhat.com> There will be an outage starting at 2008-12-03 07:00 UTC, which will last approximately 2 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2008-12-03 07:00 UTC' Affected Services: Nagios Monitoring on noc2 Unaffected Services: Buildsystem CVS / Source Control Database DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Translation Services Websites Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1025 Reason for Outage: Rebuild of our external monitoring box (noc2) at Telia (EU), mainly for geographic diversity and to free resources (RAM) at Tummy Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. From ianweller at gmail.com Wed Dec 3 06:10:26 2008 From: ianweller at gmail.com (Ian Weller) Date: Wed, 3 Dec 2008 00:10:26 -0600 Subject: RFR: fedora-event-splash Message-ID: <20081203061026.GA16684@gmail.com> https://fedorahosted.org/fedora-infrastructure/ticket/1026 The RFR is attached as a text file, too. Nigel has stated he'll sponsor this. -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- == Primary Contact Info == Name: Ian Weller Fedora Account Name: ianweller Group: Ambassadors Infrastructure Sponsor: Nigel Jones == Secondary Contact info == Name: Clint Savage Fedora Account Name: herlo Group: Ambassadors == Project Info == Project Name: fedora-event-splash Target Audience: Ambassadors using computers at events for the public to use Expiration/Delivery Date (required): Aug 2009 Description/Summary: fedora-event-splash is a splash page system for Fedora Ambassadors to entice the general public at Fedora events about using and joining Fedora. It will consist of a single page containing information about Fedora, how to get and join fedora, and a peek into the Fedora community, including (but not limited to) Fedora Planet blog posts, Flickr images, and Identi.ca (microblogging) messages. Ambassadors running an event will be allowed to use what "modules" they find of interest for that event, and can allow the modules to encompass the Fedora community as a whole, certain groups in FAS, or attendees of that event. * Project will be written in TurboGears * Integration with FAS and the ambassadors group will limit who can create events * Events must be approved by a sponsor or administrator in the FAS group (might change, depending on what FAmSCo wants) * Fancy autoupdating * Work with Yaakov Meir Nemoy's fas-plugin-show plugin Project plan (Detailed): * Borrow some TurboGears programmers from the rest of Fedora * Write the framework for "modules" that an event owner can use * Write necessary modules (i.e., planet, flickr, microblog, etc.) * Write integration between database, FAS, and views * Test, test, test, test, test * Potentially use FUDConF12 as a pilot (likely paralleled with RH Summit again, lots of booth visitors, etc.) Goals: * Allow people to learn more about Fedora and its community by opening a web browser at a Fedora booth at an event * Potentially receive more Fedora users and contributors by showing what the Fedora community is like * Have something to show on a projection screen other than a simple Fedora logo == Specific resources needed == * Fedora Hosted Trac instance and git repository * Public test server for testing the application * Something that will allow the application to run without issues for production * Runs TurboGears * Has some sort of database * The events.fedoraproject.org subdomain * fas-plugin-show installed in FAS -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From nigjones at redhat.com Wed Dec 3 09:10:48 2008 From: nigjones at redhat.com (Nigel Jones) Date: Wed, 03 Dec 2008 19:10:48 +1000 Subject: noc2 Rebuild - Outage Notification - 2008-12-03 07:00 UTC In-Reply-To: <1228281338.31938.20.camel@njones.bne.redhat.com> References: <1228281338.31938.20.camel@njones.bne.redhat.com> Message-ID: <1228295448.31938.21.camel@njones.bne.redhat.com> Completed at 09:03 UTC. - Nigel On Wed, 2008-12-03 at 15:15 +1000, Nigel Jones wrote: > There will be an outage starting at 2008-12-03 07:00 UTC, which will > last approximately 2 hours. > > To convert UTC to your local time, take a look at > http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: > > date -d '2008-12-03 07:00 UTC' > > Affected Services: > > Nagios Monitoring on noc2 > > Unaffected Services: > > Buildsystem > CVS / Source Control > Database > DNS > Fedora Hosted > Fedora People > Fedora Talk > Mail > Mirror System > Torrent > Translation Services > Websites > > Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1025 > > Reason for Outage: > > Rebuild of our external monitoring box (noc2) at Telia (EU), mainly for > geographic diversity and to free resources (RAM) at Tummy > > Contact Information: > > Please join #fedora-admin in irc.freenode.net or respond to this email > to track the status of this outage. > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mhsemcheski at gmail.com Wed Dec 3 19:05:56 2008 From: mhsemcheski at gmail.com (Michael Semcheski) Date: Wed, 3 Dec 2008 14:05:56 -0500 Subject: Just warming up... Message-ID: Hello, Just thought I'd introduce myself. I popped into #fedora-admin (nick: mhs), and then ended up deciding to join this list and try to help out a bit. I'm a C++ developer for a lab in a University, and I also am responsible for a couple of servers, and some Xen virtual private servers for my own web sites. And, I'm a member of the Western Pennsylvania Linux User's Group (http://www.wplug.org/wiki/User:Mhs)... So, with that said, I'm a big fan of Fedora, and I'm going to try to find a way to help out. I'm modelling a lot of the infrastructure I'm responsible for after the way Fedora has done things, because I'm impressed by it. It seems like there are some people who know what they're doing in charge, and I'd like to learn a bit more. Thanks, Mike From michael.flack at gmail.com Thu Dec 4 03:32:10 2008 From: michael.flack at gmail.com (Michael Flack) Date: Thu, 04 Dec 2008 14:32:10 +1100 Subject: introduction Message-ID: <49374F3A.6080308@gmail.com> hi everyone just a email to introduce myself i have been using linux for about the last 6 years at home and would like to to help out with system admin i have had some experience with bash scripting, apache, bind, DHCP and samba there is still a lot for me to learn and that is why i am here i hope you guys can find something for me to do Michael From michael.flack at gmail.com Thu Dec 4 03:34:45 2008 From: michael.flack at gmail.com (Michael Flack) Date: Thu, 04 Dec 2008 14:34:45 +1100 Subject: introduction Message-ID: <49374FD5.2030802@gmail.com> hi everyone just a email to introduce myself i have been using linux for about the last 6 years at home and would like to to help out with system admin i have had some experience with bash scripting, apache, bind, DHCP and samba there is still a lot for me to learn and that is why i am here i hope you guys can find something for me to do Michael From mmcgrath at redhat.com Thu Dec 4 04:12:41 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 3 Dec 2008 22:12:41 -0600 (CST) Subject: Just warming up... In-Reply-To: References: Message-ID: On Wed, 3 Dec 2008, Michael Semcheski wrote: > Hello, > > Just thought I'd introduce myself. I popped into #fedora-admin (nick: > mhs), and then ended up deciding to join this list and try to help out > a bit. > > I'm a C++ developer for a lab in a University, and I also am > responsible for a couple of servers, and some Xen virtual private > servers for my own web sites. And, I'm a member of the Western > Pennsylvania Linux User's Group > (http://www.wplug.org/wiki/User:Mhs)... > > So, with that said, I'm a big fan of Fedora, and I'm going to try to > find a way to help out. I'm modelling a lot of the infrastructure I'm > responsible for after the way Fedora has done things, because I'm > impressed by it. It seems like there are some people who know what > they're doing in charge, and I'd like to learn a bit more. > Welcome. We've already talked in #fedora-admin. Thats a good place to hang out. Also if you can attend our weekly meetings and participate on the list: http://fedoraproject.org/wiki/Infrastructure/Meetings -Mike From mmcgrath at redhat.com Thu Dec 4 04:14:38 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 3 Dec 2008 22:14:38 -0600 (CST) Subject: introduction In-Reply-To: <49374FD5.2030802@gmail.com> References: <49374FD5.2030802@gmail.com> Message-ID: On Thu, 4 Dec 2008, Michael Flack wrote: > hi everyone > just a email to introduce myself i have been using linux for about the > last 6 years at home and would like to to help out with system admin > i have had some experience with bash scripting, apache, bind, DHCP and > samba there is still a lot for me to learn and that is why i am here > i hope you guys can find something for me to do > An introduction so nice, you sent it twice :). Welcome! So one major thing we look for is people who find stuff for themselves to do! Some people just like to be assigned work but if you can find something in our ticketing system: https://fedorahosted.org/fedora-infrastructure/ Or in our repo that needs work (Stuff like lock files, etc) http://git.fedorahosted.org/git/fedora-infrastructure.git/ -Mike From mmcgrath at redhat.com Fri Dec 5 14:26:24 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 5 Dec 2008 08:26:24 -0600 (CST) Subject: OBS Message-ID: In case you guys are curious I just got a note that the OpenSuse Build Service now supports Fedora 10. I thought I'd pass it along. -Mike From laxathom at fedoraproject.org Fri Dec 5 15:37:12 2008 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Fri, 5 Dec 2008 16:37:12 +0100 Subject: OBS In-Reply-To: References: Message-ID: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> On Fri, Dec 5, 2008 at 3:26 PM, Mike McGrath wrote: > In case you guys are curious I just got a note that the OpenSuse Build > Service now supports Fedora 10. I thought I'd pass it along. > Any link || feedbacks ? -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From james at fedoraproject.org Fri Dec 5 16:00:21 2008 From: james at fedoraproject.org (James Antill) Date: Fri, 05 Dec 2008 11:00:21 -0500 Subject: OBS In-Reply-To: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> References: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> Message-ID: <1228492821.26618.178.camel@code.and.org> On Fri, 2008-12-05 at 16:37 +0100, Xavier Lamien wrote: > On Fri, Dec 5, 2008 at 3:26 PM, Mike McGrath wrote: > > In case you guys are curious I just got a note that the OpenSuse Build > > Service now supports Fedora 10. I thought I'd pass it along. > > Any link || feedbacks ? http://liquidat.wordpress.com/2007/07/06/using-the-opensuse-build-service-for-fedora-packages/ http://en.opensuse.org/Build_Service/cross_distribution_package_how_to ...which implies it's been able to do Fedora builds for a while. However: http://en.opensuse.org/Build_Service/cross_distribution_package_how_to#Handling_dependencies ...doesn't give me warm happy feelings, heavily implying that you can't just take your Fedora spec file and have it work. I'd also assume that it's using yum and not zypp behind the scenes, but that's not 100% spelled out. -- James Antill Fedora From mmcgrath at redhat.com Fri Dec 5 17:37:30 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 5 Dec 2008 11:37:30 -0600 (CST) Subject: OBS In-Reply-To: <1228492821.26618.178.camel@code.and.org> References: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> <1228492821.26618.178.camel@code.and.org> Message-ID: On Fri, 5 Dec 2008, James Antill wrote: > On Fri, 2008-12-05 at 16:37 +0100, Xavier Lamien wrote: > > On Fri, Dec 5, 2008 at 3:26 PM, Mike McGrath wrote: > > > In case you guys are curious I just got a note that the OpenSuse Build > > > Service now supports Fedora 10. I thought I'd pass it along. > > > > Any link || feedbacks ? > > http://liquidat.wordpress.com/2007/07/06/using-the-opensuse-build-service-for-fedora-packages/ > http://en.opensuse.org/Build_Service/cross_distribution_package_how_to > > ...which implies it's been able to do Fedora builds for a while. > However: > Correct, just not Fedora 10. > http://en.opensuse.org/Build_Service/cross_distribution_package_how_to#Handling_dependencies > > ...doesn't give me warm happy feelings, heavily implying that you can't > just take your Fedora spec file and have it work. I'd also assume that > it's using yum and not zypp behind the scenes, but that's not 100% > spelled out. > We're actually working on some things with them for stuff like this. Common macros for example. -Mike From ricky at fedoraproject.org Sat Dec 6 18:27:28 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 6 Dec 2008 13:27:28 -0500 Subject: Outage Notification - wiki, smolt, transifex Message-ID: <20081206182715.GA24410@sphe.res.cmu.edu> Outage Notification - 2008-12-06 18:22 UTC There has been an unplanned outage starting at 2008-12-06 17:30 UTC. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d 'YYYY-MM-DD HH:MM UTC' Affected Services: Websites Fedora Project Wiki Smolt Transifex Unaffected Services: Buildsystem CVS / Source Control Database DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Translation Services Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1034 Reason for Outage: xen12 the host for our MySQL server is having hardware problems. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Dec 8 16:21:52 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 8 Dec 2008 10:21:52 -0600 (CST) Subject: upgrading puppet Message-ID: I'm going to do our puppet upgrade today, it may start to fail on some boxes while I'm in the process. -Mike From mmcgrath at redhat.com Mon Dec 8 17:10:42 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 8 Dec 2008 11:10:42 -0600 (CST) Subject: upgrading puppet In-Reply-To: References: Message-ID: On Mon, 8 Dec 2008, Mike McGrath wrote: > I'm going to do our puppet upgrade today, it may start to fail on some > boxes while I'm in the process. > Side note - Changelog (below) includes some fixes for selinux. This is great! But it causes runs to take a very long time. From 60s to 160s. So we have some decisions to make. We can continue to upgrade to 24.6. Or we can wait for 24.7 to come out (this issue is already fixed in head). I see pros and cons in both directions and I don't mind waiting longer for a while for puppet runs but I thought I'd ask the rest of you. What do you think? -Mike ========= Change Log ========== 0.24.6 Adding support to the user type for: profiles, auths, project, key/value pairs (extension to Solaris RBAC support added in 0.24.6) Fixed #1662 - Configuration Reference still references 'section' Fixed #1460 - enhance redhat puppetmaster init.d script to easy start puppetmaster as a mongrel cluster Fixed #1663 - Regression relating to facter fact naming from 0.24.5 Fixed #1655 - Provider::Confine::Variable tests are broken Fixed #1646 - service puppet status does not work as non-root on redhat system Fixed #1649 - Updated OSX package cleanup From a.badger at gmail.com Mon Dec 8 17:28:53 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 08 Dec 2008 09:28:53 -0800 Subject: upgrading puppet In-Reply-To: References: Message-ID: <493D5955.9030706@gmail.com> Mike McGrath wrote: > On Mon, 8 Dec 2008, Mike McGrath wrote: > >> I'm going to do our puppet upgrade today, it may start to fail on some >> boxes while I'm in the process. >> > > Side note - Changelog (below) includes some fixes for selinux. This is > great! But it causes runs to take a very long time. From 60s to 160s. > So we have some decisions to make. We can continue to upgrade to 24.6. > Or we can wait for 24.7 to come out (this issue is already fixed in head). > > I see pros and cons in both directions and I don't mind waiting longer for > a while for puppet runs but I thought I'd ask the rest of you. What do > you think? > I don't mind waiting on puppet runs. Unless 24.7 is right around the corner, updating is fine by me. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Mon Dec 8 21:26:09 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 8 Dec 2008 15:26:09 -0600 (CST) Subject: Trimming up our ks script Message-ID: I'm working to trim up our kickstart scripts to make them include far fewer packages. This is bound to cause problems during our transition. Our current puppet configuration probably assumes packages are installed that will no longer be there. We'll have to explicitly define these needs. Initial tests show significant savings though. On the xen servers its over 200 packages fewer. Just keep an eye on things as we rebuild some infrastructure and migrate to our new xen servers. -Mike From skvidal at fedoraproject.org Mon Dec 8 21:27:01 2008 From: skvidal at fedoraproject.org (Seth Vidal) Date: Mon, 8 Dec 2008 16:27:01 -0500 (EST) Subject: Trimming up our ks script In-Reply-To: References: Message-ID: On Mon, 8 Dec 2008, Mike McGrath wrote: > I'm working to trim up our kickstart scripts to make them include far > fewer packages. This is bound to cause problems during our transition. > Our current puppet configuration probably assumes packages are installed > that will no longer be there. We'll have to explicitly define these needs. > Initial tests show significant savings though. On the xen servers its > over 200 packages fewer. > > Just keep an eye on things as we rebuild some infrastructure and migrate > to our new xen servers. > just to be clear, how many of these got removed in %post now? -sv From tmz at pobox.com Mon Dec 8 21:40:16 2008 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 8 Dec 2008 16:40:16 -0500 Subject: upgrading puppet In-Reply-To: <493D5955.9030706@gmail.com> References: <493D5955.9030706@gmail.com> Message-ID: <20081208214016.GD13722@inocybe.teonanacatl.org> Toshio Kuratomi wrote: > Mike McGrath wrote: >> On Mon, 8 Dec 2008, Mike McGrath wrote: >> >>> I'm going to do our puppet upgrade today, it may start to fail on >>> some boxes while I'm in the process. >>> >> >> Side note - Changelog (below) includes some fixes for selinux. >> This is great! But it causes runs to take a very long time. From >> 60s to 160s. So we have some decisions to make. We can continue >> to upgrade to 24.6. Or we can wait for 24.7 to come out (this >> issue is already fixed in head). Fixed means that puppet uses libselinux-ruby bindings. It also means that only Fedora >= 9 will have selinux support. I don't know what the odds are of getting libselinux-ruby built for RHEL. The versions are considerably different. I haven't even looked to see if the ruby bindings were part of upstream libselinux-1.33.4, which is what RHEL-5 currently has (versus 2.0.73 on F-10). (FWIW, it is a lot faster. Who'd have thunk that forking a shell once or twice for every file puppet touches would be so slow? ;) > I don't mind waiting on puppet runs. Unless 24.7 is right around the > corner, updating is fine by me. Puppet-0.24.7rc1 was pushed out a week or so ago. I'd expect the full release within another week or so. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of misery. -- Churchill -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From sundaram at fedoraproject.org Tue Dec 9 21:02:58 2008 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Wed, 10 Dec 2008 02:32:58 +0530 Subject: OBS In-Reply-To: References: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> <1228492821.26618.178.camel@code.and.org> Message-ID: <493EDD02.3080408@fedoraproject.org> Mike McGrath wrote: > We're actually working on some things with them for stuff like this. > Common macros for example. Any references to public discussions? It would be nice to include other RPM distributions like Mandriva and PLD in these efforts. Rahul From mmcgrath at redhat.com Tue Dec 9 21:46:04 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 9 Dec 2008 15:46:04 -0600 (CST) Subject: OBS In-Reply-To: <493EDD02.3080408@fedoraproject.org> References: <62bc09df0812050737sba23922mcbe3904d13e50e6e@mail.gmail.com> <1228492821.26618.178.camel@code.and.org> <493EDD02.3080408@fedoraproject.org> Message-ID: On Wed, 10 Dec 2008, Rahul Sundaram wrote: > Mike McGrath wrote: > > > We're actually working on some things with them for stuff like this. > > Common macros for example. > > Any references to public discussions? It would be nice to include other RPM > distributions like Mandriva and PLD in these efforts. > Just in irc chatrooms. I was in the opensuse buildsystem channel the other day chatting about macros. -Mike From mmcgrath at redhat.com Wed Dec 10 20:56:27 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 10 Dec 2008 14:56:27 -0600 (CST) Subject: ssh_host_keys Message-ID: We are now distributing an ssh_known_hosts file to all of our servers. This means that you can blow away your ~/.ssh/known_hosts file. When servers get rebuilt either replace it with the old ssh key, or update the puppet/modules/ssh/files/ssh_known_hosts file with the new key. I've not actually used global ssh_known_hosts before, I wouldn't be surprised if it causes issues in some of our scripts that might have a conflicting ~/.ssh/known_hosts. Lets keep our eyes open. -Mike From mmcgrath at redhat.com Wed Dec 10 21:15:12 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 10 Dec 2008 15:15:12 -0600 (CST) Subject: ssh_host_keys In-Reply-To: References: Message-ID: On Wed, 10 Dec 2008, Mike McGrath wrote: > We are now distributing an ssh_known_hosts file to all of our servers. > This means that you can blow away your ~/.ssh/known_hosts file. When > servers get rebuilt either replace it with the old ssh key, or update the > puppet/modules/ssh/files/ssh_known_hosts file with the new key. > > I've not actually used global ssh_known_hosts before, I wouldn't be > surprised if it causes issues in some of our scripts that might have a > conflicting ~/.ssh/known_hosts. Lets keep our eyes open. > http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts SOP created. -Mike From opensource at till.name Wed Dec 10 22:04:25 2008 From: opensource at till.name (Till Maas) Date: Wed, 10 Dec 2008 23:04:25 +0100 Subject: ssh_host_keys Message-ID: <200812102304.31103.opensource@till.name> On Wed December 10 2008, Mike McGrath wrote: > On Wed, 10 Dec 2008, Mike McGrath wrote: > > I've not actually used global ssh_known_hosts before, I wouldn't be > > surprised if it causes issues in some of our scripts that might have a > > conflicting ~/.ssh/known_hosts. Lets keep our eyes open. If there is a conflict, then the public key of the host the script connects to will probably not match. Therefore there is a problem anyways. > http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts I suggest to use echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub) on the regarding machine instead of ssh-keyscan -t rsa app1,10.8.34.59 on a remote machine. Otherwise there may be still a small window of opportunity for a mitm attack. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: From tjdavisbz at gmail.com Wed Dec 10 22:37:58 2008 From: tjdavisbz at gmail.com (TJ Davis) Date: Wed, 10 Dec 2008 16:37:58 -0600 Subject: OpenVPN Message-ID: <64677a960812101437w19fec07dlfd99e6587dadd541@mail.gmail.com> Hello all. I had introduced myself a few weeks ago and mentioned that I have some OpenVPN experience. Today I was reading over some of the SOPs and noticed this TODO on the OpenVPN SOP: ---- Deploy an additional VPN server outside of PHX. OpenVPN does support failover automatically so if configured properly, when the primary VPN server goes down all hosts should connect to the next host in the list ---- I would like to offer to work on this. I would need a mentor to help me get acclimated to the environment but I am confident that I could get it up and running effectively and I have some spare time that I would love to put towards this. Regards. -- TJ Davis The sun can still shine behind a closed mind. -All Together Separate -------------- next part -------------- An HTML attachment was scrubbed... URL: From cra at WPI.EDU Wed Dec 10 23:05:25 2008 From: cra at WPI.EDU (Chuck Anderson) Date: Wed, 10 Dec 2008 18:05:25 -0500 Subject: ssh_host_keys In-Reply-To: <200812102304.31103.opensource@till.name> References: <200812102304.31103.opensource@till.name> Message-ID: <20081210230525.GA24538@angus.ind.WPI.EDU> On Wed, Dec 10, 2008 at 11:04:25PM +0100, Till Maas wrote: > On Wed December 10 2008, Mike McGrath wrote: > > http://fedoraproject.org/wiki/Infrastructure/SOP/ssh_known_hosts > > I suggest to use > > echo app1,10.8.34.59 $(cat /etc/ssh/ssh_host_rsa_key.pub) You may also want to include the FQDN and any other aliases for each machine. Otherwise if you try to ssh to a host using an FQDN or alias/CNAME, ssh will add a new entry to ~/.ssh/known_hosts with the new name, even if an entry for that IP address already exists in the global /etc/ssh/ssh_known_hosts. From mmcgrath at redhat.com Wed Dec 10 23:30:44 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 10 Dec 2008 17:30:44 -0600 (CST) Subject: OpenVPN In-Reply-To: <64677a960812101437w19fec07dlfd99e6587dadd541@mail.gmail.com> References: <64677a960812101437w19fec07dlfd99e6587dadd541@mail.gmail.com> Message-ID: On Wed, 10 Dec 2008, TJ Davis wrote: > Hello all.? I had introduced myself a few weeks ago and mentioned that I have some OpenVPN experience.? Today I was > reading over some of the SOPs and noticed this TODO on the OpenVPN SOP: > > ---- > Deploy an additional VPN server outside of PHX. OpenVPN does support failover automatically so if configured properly, > when the primary VPN server goes down all hosts should connect to the next host in the list > ---- > > I would like to offer to work on this.? I would need a mentor to help me get acclimated to the environment but I am > confident that I could get it up and running effectively and I have some spare time that I would love to put towards > this. > > Regards. > > -- > TJ Davis Sounds good TJ, Ricky was working on this a bit but he's also pretty busy. Stop by #fedora-admin sometime tomorrow and ping me, we'll put a plan together. -Mike From roland at redhat.com Thu Dec 11 00:16:44 2008 From: roland at redhat.com (Roland McGrath) Date: Wed, 10 Dec 2008 16:16:44 -0800 (PST) Subject: fedorahosted mtn Message-ID: <20081211001644.A3D13FC339@magilla.sf.frob.com> elfutils is switching to git, and AFAIK no other fedorahosted projects use mtn. I don't intend to work on the hosting support for mtn any more. (I've stopped maintaining any mtn-related Fedora/EPEL packages too.) Thomas Moschny maintains the mtn-related Fedora packages. He's also the author of the trac plugin. Thomas is the only person I can think of who might be interested in maintaining mtn hosting support for fedorahosted. Unless Thomas wants to take it over, I suggest we drop the mtn support (such as it is). Please note that I would like the existing mtn.fedorahosted.org alias and the run-mtn ssh support to stay around for a while, until all the elfutils developers have finalized the migration. So don't hurry to chop it all off. Thanks, Roland From mmcgrath at redhat.com Thu Dec 11 00:47:35 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 10 Dec 2008 18:47:35 -0600 (CST) Subject: fedorahosted mtn In-Reply-To: <20081211001644.A3D13FC339@magilla.sf.frob.com> References: <20081211001644.A3D13FC339@magilla.sf.frob.com> Message-ID: On Wed, 10 Dec 2008, Roland McGrath wrote: > elfutils is switching to git, and AFAIK no other fedorahosted projects use mtn. > > I don't intend to work on the hosting support for mtn any more. > (I've stopped maintaining any mtn-related Fedora/EPEL packages too.) > > Thomas Moschny maintains the mtn-related Fedora packages. > He's also the author of the trac plugin. > Thomas is the only person I can think of who might be interested in > maintaining mtn hosting support for fedorahosted. > > Unless Thomas wants to take it over, I suggest we drop the mtn support > (such as it is). > > Please note that I would like the existing mtn.fedorahosted.org alias and > the run-mtn ssh support to stay around for a while, until all the elfutils > developers have finalized the migration. So don't hurry to chop it all off. > thats probably a good idea, its not been asked for by anyone. We've committed to keeping it up for you so as long as you're using it, we'll maintain it on that box. Having said that, as soon as you're done let us know so we can remove it and save on maintenance costs. -Mike From fovp666 at hotmail.com Thu Dec 11 03:42:58 2008 From: fovp666 at hotmail.com (mohammed Who loves Hello) Date: Thu, 11 Dec 2008 06:42:58 +0300 Subject: =?iso-8859-6?b?5eDg4ODg4ODg6OLg4ODg4ODg4Nkgx+Tg4ODgyuDg4ODg4ODo?= =?iso-8859-6?b?yODg4ODg4ODgySDk5Mjq2Q==?= In-Reply-To: <20081211001644.A3D13FC339@magilla.sf.frob.com> References: <20081211001644.A3D13FC339@magilla.sf.frob.com> Message-ID: ???????????????????? ????????????????????????? ?????http://www.ksa001.com/vb??????? ??? ????? ??? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonstanley at gmail.com Thu Dec 11 05:31:45 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Thu, 11 Dec 2008 00:31:45 -0500 Subject: changed owner of git repos Message-ID: Just FYI, I changed the owners of the git repos on hosted1 to be the first administrator found in their FAS group, since there was a ticket complaining that everything was owned by 'root'. Now you can see real owners at http://git.fedorahosted.org for the most part. If you disagree with the assignment of who the owner is, please either change the directory owner directly on hosted1 if you have access, or let me or someone else in sysadmin-hosted know and we'll take care of it. Thanks! -Jon From rickyz at cmu.edu Thu Dec 11 07:12:27 2008 From: rickyz at cmu.edu (Ricky Zhou) Date: Thu, 11 Dec 2008 02:12:27 -0500 Subject: OpenVPN In-Reply-To: References: <64677a960812101437w19fec07dlfd99e6587dadd541@mail.gmail.com> Message-ID: <20081211071227.GE10970@sphe.res.cmu.edu> On 2008-12-10 05:30:44 PM, Mike McGrath wrote: > Sounds good TJ, Ricky was working on this a bit but he's also pretty busy. > Stop by #fedora-admin sometime tomorrow and ping me, we'll put a plan > together. Cool, I'd definitely love to discuss some methods for how we'd setup a failover for our current single VPN machine. By the way, building vpn2 was blocking on an IP from ibiblio - did we get that? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From nicu_fedora at nicubunu.ro Thu Dec 11 08:05:13 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Thu, 11 Dec 2008 10:05:13 +0200 Subject: Custom planets / Fedora Art Message-ID: <4940C9B9.4040806@nicubunu.ro> One of the reasons for the change of planet infrastructure (.planet user files) was to enable the ability to create customized aggregators (language based or interest based). As I am not aware about any such customization deployed yet, here is my question: what should I formally do for the creation of a "Planet Fedora Art"[*] aggregation? I envision it as an aggregation of not only blogs of the member of the Art team (some don't have their blogs on the main Planet yet) but also other feeds, like from flickr/picasaweb/gallery or YouTube/BlipTv. [*] we may want to call it Design&Creative, but this is not relevant at this point. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From mmcgrath at redhat.com Thu Dec 11 16:46:40 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 11 Dec 2008 10:46:40 -0600 (CST) Subject: OpenVPN In-Reply-To: <20081211071227.GE10970@sphe.res.cmu.edu> References: <64677a960812101437w19fec07dlfd99e6587dadd541@mail.gmail.com> <20081211071227.GE10970@sphe.res.cmu.edu> Message-ID: On Thu, 11 Dec 2008, Ricky Zhou wrote: > On 2008-12-10 05:30:44 PM, Mike McGrath wrote: > > Sounds good TJ, Ricky was working on this a bit but he's also pretty busy. > > Stop by #fedora-admin sometime tomorrow and ping me, we'll put a plan > > together. > Cool, I'd definitely love to discuss some methods for how we'd setup a > failover for our current single VPN machine. > > By the way, building vpn2 was blocking on an IP from ibiblio - did we > get that? > Yep: vpn2.fedoraproject.org 152.46.7.226 -Mike From mmcgrath at redhat.com Thu Dec 11 18:54:21 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 11 Dec 2008 12:54:21 -0600 (CST) Subject: Custom planets / Fedora Art In-Reply-To: <4940C9B9.4040806@nicubunu.ro> References: <4940C9B9.4040806@nicubunu.ro> Message-ID: On Thu, 11 Dec 2008, Nicu Buculei wrote: > One of the reasons for the change of planet infrastructure (.planet user > files) was to enable the ability to create customized aggregators (language > based or interest based). > It was? I wasn't aware of that, I thought it was just so we could have a planet.fedoraproject.org be self service so users could add / remove their info without having to wait on us to do it. > As I am not aware about any such customization deployed yet, here is my > question: what should I formally do for the creation of a "Planet Fedora > Art"[*] aggregation? I envision it as an aggregation of not only blogs of the > member of the Art team (some don't have their blogs on the main Planet yet) > but also other feeds, like from flickr/picasaweb/gallery or YouTube/BlipTv. > Submit a ticket at https://fedorahosted.org/fedora-infrastructure/ I'm actually not intimately familiar with our planet software to know if what you want to do is possible or not. anyone else know? -Mike From dennis at ausil.us Thu Dec 11 19:07:47 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 11 Dec 2008 13:07:47 -0600 Subject: Custom planets / Fedora Art In-Reply-To: <4940C9B9.4040806@nicubunu.ro> References: <4940C9B9.4040806@nicubunu.ro> Message-ID: <200812111307.47749.dennis@ausil.us> On Thursday 11 December 2008 02:05:13 am Nicu Buculei wrote: > One of the reasons for the change of planet infrastructure (.planet user > files) was to enable the ability to create customized aggregators > (language based or interest based). AFAIK it was done only to make planet self service and to take the slow and tedious manual handling of out of the equation. > As I am not aware about any such customization deployed yet, here is my > question: what should I formally do for the creation of a "Planet Fedora > Art"[*] aggregation? I envision it as an aggregation of not only blogs > of the member of the Art team (some don't have their blogs on the main > Planet yet) but also other feeds, like from flickr/picasaweb/gallery or > YouTube/BlipTv. not sure if that could be done or how to do that. Dennis From ricky at fedoraproject.org Thu Dec 11 20:57:36 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 11 Dec 2008 15:57:36 -0500 Subject: Meeting Log - 2008-12-11 Message-ID: <20081211205658.GC23560@sphe.res.cmu.edu> 20:01 -!- mmcgrath changed the topic of #fedora-meeting to: Fedora Infrastructure -- Who's here? 20:01 -!- tjdavisbz [n=tjdavisb at 200.32.255.114] has joined #fedora-meeting 20:02 -!- notting [n=notting at redhat/notting] has joined #fedora-meeting 20:02 -!- Sonar_Guy [n=Baconz at fedora/sonarguy] has quit "Xchat destroyed by Operating System" 20:02 < mmcgrath> So who's here? 20:02 * nirik is sitting in the cheap seats in the back. 20:02 < f13> I'm kind of here, but about to be called away to luch with the family any moment now 20:03 < mmcgrath> abadger1999 dgilmore f13 G G_work ivazquez jcollie jds2001 lmacken paulobanon quaid ricky ping! 20:03 < mmcgrath> f13: 20:03 < ivazquez> Pong. 20:03 * mmcgrath thinks G isn't awake yet :) 20:03 < abadger1999> pong 20:04 < abadger1999> f13: Aww... we're your family too ;-) 20:04 < mmcgrath> Ok, well lets get started. 20:05 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 20:05 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority 20:05 < zodbot> mmcgrath: http://tinyurl.com/47e37y 20:05 < mmcgrath> .ticket 740 20:05 < zodbot> mmcgrath: #740 (Loaning out system time to OLPC participants) - Fedora Infrastructure - Trac - https://fedorahosted.org/fedora-infrastructure/ticket/740 20:05 < mmcgrath> dgilmore: any news here? 20:06 -!- warren [n=warren at redhat/wombat/warren] has joined #fedora-meeting 20:07 * mmcgrath will assume not. 20:07 < mmcgrath> And thats our only ticket listed with meeting keyword so I'll move on 20:07 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- nfs1 20:07 < mmcgrath> One thing I'm going to spend some time doing over the next couple of weeks is getting more information about the trending on nfs1. 20:07 < mmcgrath> The amount of IO it gets just doesn't make sense to me. 20:08 < mmcgrath> and so, investigation :) 20:08 < mmcgrath> anyone have any questions / comments about nfs1? 20:08 -!- smooge [n=smooge at nausicaa.unm.edu] has joined #fedora-meeting 20:08 < f13> just that we'll continue to abuse it in the next few weeks 20:08 < mmcgrath> :) 20:08 < mmcgrath> WORKSFORME. 20:08 < mmcgrath> ok 20:08 -!- mmcgrath changed the topic of #fedora-meeting to: infrastructure -- New capacity 20:09 < mmcgrath> after this last trip to PHX we are in much better shape then we were this time last year. 20:09 -!- tjdavisbz [n=tjdavisb at 200.32.255.114] has quit Read error: 60 (Operation timed out) 20:09 < mmcgrath> we actually have room to grow, a switch that works. All in all just in better shape. 20:09 < dgilmore> mmcgrath: none sorry 20:09 < mmcgrath> I'm going to spend some time with ricky and nigel to get everything non-buildsystem/releng related off of xen1 and xen2 and dedicate those servers to those purposes. 20:10 < f13> yay 20:10 < mmcgrath> we'll see how things go from there. 20:10 < mmcgrath> next 20:10 < dgilmore> mmcgrath: any word on load balancing koji? 20:10 < f13> wow. 20:10 < mmcgrath> dgilmore: I've not heard a peep on that ticket. 20:10 < f13> er 20:10 * mmcgrath sends a ping now. 20:11 * dgilmore wants to rebuild koji1 32 bit 20:11 < mmcgrath> k, ping sent 20:11 < mmcgrath> ok. next item 20:11 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- DR. 20:12 * dgilmore also wonders what we can do to try balance things inside of phx 20:12 < mmcgrath> Some of you have probably seen my commit messages over the last couple of days. 20:12 < mmcgrath> dgilmore: not sure, though AFAIK, not much until we move the buildsystem into their own network. 20:12 -!- jeff_hann [n=arares at 89.40.98.185] has joined #fedora-meeting 20:13 < mmcgrath> So I'm almost done getting our off site backups in place. ITs all on a LUKS encrypted partition so I'll pass that pw around to the sysadmin-backup group. 20:13 < mmcgrath> We're grabbing a copy of our cvs, lookaside, database data, and stuff on puppet. 20:13 -!- stickster_afk is now known as stickster 20:13 < dgilmore> mmcgrath: so when a meteor hits PHX whats our plan of action? 20:14 -!- tjdavisbz [n=tjdavisb at 200.32.255.114] has joined #fedora-meeting 20:14 < mmcgrath> not much exiting but it will be nice to know it exists. 20:14 < mmcgrath> dgilmore: we'll have an SOP of course :) 20:14 < mmcgrath> hopefully one that we can print up in case the wiki goes away :) 20:14 < dgilmore> mmcgrath: paper copies available offsite 20:14 < dgilmore> :) 20:15 < mmcgrath> I'm going to talk to stickster at FUDCon about a Fedora Continuity Plan. Just ot make sure I'm not missing anything and to make sure what I think is a priority for Fedora is the same thing he thinks is a priority for Fedora. 20:15 < dgilmore> :) 20:15 < mmcgrath> but it will be very intertwined with this DR site. 20:15 * stickster nods emphatically 20:16 < mmcgrath> Anyone have anything on that? 20:16 < mmcgrath> k 20:16 * dgilmore thinks stickster will say everything (esp buildsys) is viataly important 20:16 < jsmith> mmcgrath: Ugh... continuity planning.... yuck... 20:16 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- zodbot 20:16 < mmcgrath> jsmith: yuck indeed, but I am happy that we're at the point where we can even consider such things :) 20:17 < mmcgrath> Ok. zodbot! 20:17 < mmcgrath> is official 20:17 < mmcgrath> ./ping 20:17 < mmcgrath> err 20:17 < mmcgrath> .ping 20:17 < zodbot> pong 20:17 < mmcgrath> .whoami 20:17 < zodbot> mmcgrath: mmcgrath 20:17 < mmcgrath> he's in PHX and officially supported. 20:17 < mmcgrath> on noc1. I talked to ianweller about some improvements just a couple days back. 20:17 < mmcgrath> I've got the SOP up on how to start zodbot. 20:17 < mmcgrath> all pretty simple. 20:17 < dgilmore> .do you log meetings? 20:17 -!- Sparks_too [n=sparks at fedora/Sparks] has quit "Leaving" 20:17 * nirik was just looking at the log plugin 20:17 < mmcgrath> every channel zodbot is in is being logged. 20:18 < mmcgrath> though its not all exposed yet 20:18 < dgilmore> mmcgrath: :) meeting logs, roll call would be cool 20:18 < dgilmore> something like .startmeeting 20:18 < dgilmore> .topic1 20:18 < dgilmore> .topic2 20:18 < dgilmore> etc 20:18 < mmcgrath> I think thats been mentioned before but I don't know if any actual work has been done 20:18 < dgilmore> .endmeeting 20:19 < dgilmore> .vote 20:19 < nirik> http://www.ausimage.us/Code/Supybot-ChannelSummer 20:19 < dgilmore> lotsa cool things someone could work on :) 20:19 < mmcgrath> yeah. I'm sure that will be around sometime soon. 20:19 < dgilmore> dont be shy now people 20:20 < mmcgrath> nirik: hah! "I hope to provide the plugin as soon as I am clear on the license." 20:20 < smooge> oooooh that would be nice. 20:20 < nirik> yeah, many of these have unclear licenses or none. 20:20 < mmcgrath> that's got doom all over it. but if it won't work, I'm sure we can have someone (maybe abadger1999 ) spit something out in an afternoon :) 20:20 < nirik> I assume we will want to package anything we use? 20:20 < mmcgrath> nirik: yeah 20:20 -!- cebbert [n=cebbert at fedora/cebbert] has joined #fedora-meeting 20:20 < smooge> what is the problem with the license? 20:20 < dgilmore> this is something that someone new could work on as code development doesnt need access to anything 20:20 < mmcgrath> nirik: FWIW though, we have a supybot-fedora app though, it can just be added with that. 20:20 * ricky is around 20:20 < mmcgrath> smooge: I don't think the developer knows what license it is :) 20:21 < smooge> ah.. 20:21 < nirik> yeah, true I guess. 20:21 < smooge> ganja license 20:21 * mmcgrath would laugh at him but has probably been in his shoes a couple of times in the past :) 20:21 < nirik> looking like plugins are not hard to write, I might try adding a flood protect one. 20:21 < abadger1999> mmcgrath: Signing me up for more work again? ;-) 20:21 < mmcgrath> abadger1999: you were being quiet, I assumed that was you voluteering :) 20:21 < mmcgrath> anywho, the zodbot stuff is all fairly low priority but would be nice. 20:22 < mmcgrath> and it is kind of fun to code for. 20:22 < mmcgrath> I enjoyed coding the koji stuff 20:22 < mmcgrath> .buildload 20:22 < zodbot> mmcgrath: Load: 3.7 Total: 94.0 Use: 3.9% (Very Light Load) 20:22 < mmcgrath> Anywho, anyone have anything else on that? 20:22 < dgilmore> .builders 20:22 < zodbot> dgilmore: Enabled: 16 Ready: 16 Disabled: 7 20:22 < mmcgrath> k 20:22 * ricky has requested that zodbot be given ability to join more channels :-0 20:22 * nirik notes we are looking at using it or something like it in #fedora at some point. 20:23 < ricky> **:-) 20:23 < mmcgrath> ricky: is there a limit on how many channels zodbot can join? 20:23 -!- brothers [n=brothers at swan5.cs.unc.edu] has joined #fedora-meeting 20:23 < mmcgrath> .list 20:23 < zodbot> mmcgrath: Admin, Channel, ChannelLogger, ChannelStats, Config, Fedora, Internet, Koji, Later, Misc, Owner, Plugin, RSS, Seen, ShrinkUrl, String, Time, URL, Unix, User, and Web 20:23 < ricky> They wanted the request to come from Fedora's group contact (spot) so after that, we can make a huge list of channels for zodbot to hoin 20:23 < ricky> **join 20:23 < mmcgrath> .list channel 20:23 < zodbot> mmcgrath: alert, ban add, ban list, ban remove, capability add, capability list, capability remove, capability set, capability setdefault, capability unset, cycle, dehalfop, deop, devoice, disable, enable, halfop, ignore add, ignore list, ignore remove, invite, kban, key, kick, limit, lobotomy add, lobotomy list, lobotomy remove, mode, moderate, nicks, op, unban, unmoderate, and voice 20:23 < smooge> ooooh lobotomy 20:24 < nirik> yep. Very usefull too. 20:24 < ricky> Yeah, there's a channel limit, but you can request an exemption 20:24 * ricky is on slow wireless, sorry 20:24 < mmcgrath> ricky: ahh, I didn't realize. and I'm sure there's some zodbot is in that he doesn't need to be 20:24 * mmcgrath wonders if I can get a list of what channels he's in 20:24 < mmcgrath> .list channelstats 20:24 < zodbot> mmcgrath: channelstats and stats 20:24 < mmcgrath> .stats 20:24 < zodbot> mmcgrath: I have 3 registered users with 3 registered hostmasks; 1 owner and 0 admins. 20:24 < mmcgrath> .channelstats.stats 20:24 -!- sonargal [n=Test at fedora/SonarGal] has quit Connection timed out 20:24 < nirik> mmcgrath: yes, 'channels' but you have to msg and be an admin 20:24 < ricky> I think we should be able to put zodbot in all Fedora-related ones, if only for logging purposes 20:24 < mmcgrath> .channels 20:24 < zodbot> mmcgrath: Error: That operation cannot be done in a channel. 20:24 < mmcgrath> ah 20:25 * nirik notes that if it's always logging we need to notify people of that fact... and/or delete logs we don't want to publish 20:25 < mmcgrath> nirik: see, you're getting better at this then I am already :) 20:25 < ricky> Yup. 20:26 < mmcgrath> there we go 20:26 < mmcgrath> ricky: I just removed it from 4 channels 20:26 < nirik> :) Just wanted to see if it could work for #fedora. ;) 20:26 * ricky isn't particularly for publishing any partial logs for public channels, I'd rather it be an all or nothing, based on whether the users/ops of a channel support it 20:26 < mmcgrath> ricky: yeah, i agree. 20:27 < mmcgrath> huh 20:27 < mmcgrath> I think I just spammed everyone. 20:27 < mmcgrath> anywho. 20:27 < mmcgrath> anyone have anything else they'd like to discuss on zodbot? 20:27 < nirik> yeah, logging should be a per channel thing I guess... 20:27 < abadger1999> We could automunge email addresses in the log. 20:27 -!- cebbert [n=cebbert at fedora/cebbert] has quit Nick collision from services. 20:28 -!- cebbert [n=cebbert at fedora/cebbert] has joined #fedora-meeting 20:28 < nirik> note the last bit here: http://freenode.net/channel_guidelines.shtml 20:28 < nirik> "If you're thinking of "anonymizing" your logs (removing information that identifies the specific users), be aware that it's difficult to do it well?replies and general context often provide identifying information which is hard to filter." 20:29 < mmcgrath> nirik: yeah 20:29 < ricky> I usually try to be careful with giving full emails out in IRC - I usually say stuff like stuff at domain dot com or something - don't know if many people have this habit as well 20:30 < mmcgrath> 20:30 -!- kekko [n=kekko at 85-18-14-22.fastres.net] has quit Read error: 54 (Connection reset by peer) 20:30 < mmcgrath> that'll be a tricky to figure out 20:31 -!- jeff_hann [n=arares at 89.40.98.185] has quit "Leaving" 20:31 < mmcgrath> ok, well anyone have anything else on that? If not I'll open the floor. 20:31 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 20:31 < dgilmore> nothing more 20:32 < mmcgrath> Ok, well if no one has anything else we'll close the meeting in 30 20:32 < ricky> This is our first meeting since the release 20:32 < ricky> Is there anything to discus with regards to how that went? 20:32 < ricky> **discuss 20:32 < dgilmore> i think the release went really really well 20:32 < ricky> (It's probably a bit blurry now :-)) 20:33 < dgilmore> much smoother than previous ones 20:33 < dgilmore> though there is likely places for improvement 20:33 < mmcgrath> yeah, I'd say that release was down right boring. 20:33 < mmcgrath> which is fine by me. 20:33 < ricky> Has there been any more discussion on pushing to mirrors vs. having them pull manually at the right time? 20:33 < mmcgrath> one thing I would have liked to have measured but didn't in zabbix is hits / second at the peak. 20:33 < mmcgrath> we've got it for the wiki. 20:33 < dgilmore> f13: can yu think of things we could do to help get zero day updates out quicker 20:34 < f13> for what? 20:34 < mmcgrath> ricky: yeah. I suspect thats a long term thing. I'm not sure what mdomsch has in mind for that. 20:34 < dgilmore> much smoother than previous ones release day updates? 20:34 < dgilmore> grr 20:34 < dgilmore> f13: release day updates 20:34 < dgilmore> probably better waiting a day or two 20:34 < f13> we push those out days before 20:34 < f13> so that they're already on the mirrors at GA time 20:35 < f13> the big issue is getting mirrors to bitflip i ntime 20:35 < ricky> Yeah, that was a great idea 20:35 < dgilmore> f13: push mirroring would help there 20:35 < dgilmore> ? 20:35 < ricky> Are public mirrors currently required to run report_mirror? 20:35 < dgilmore> ricky: no 20:35 < ricky> (Or does just getting crawled work too?) 20:35 < mmcgrath> nope, its optional. 20:35 < ricky> Ah 20:35 < mmcgrath> both 20:35 < f13> dgilmore: pushing would help there yes 20:36 < mmcgrath> though someone could report with report_mirror and show up in the list, even though the bit is not flipped yet (I think) 20:36 < dgilmore> mmcgrath: they could 20:36 < ricky> And does anybody know offhand how long full crawls take nowadays? 20:36 < ricky> Was there any attempt to make sure that a crawl started after the bitflip time? 20:37 < mmcgrath> ricky: long while 20:37 < ricky> Ah, darn. 20:38 < mmcgrath> I think it'd make sense to break them up maybe, have each app server take a subset 20:38 < mmcgrath> not sure what mdomsch has in mind for that though. There's probably a couple different options 20:38 < mmcgrath> thats something we should probably wait for mdomsch to be around for. 20:38 < ricky> Yeah 20:38 < mmcgrath> anyone have anything else to discuss? If not we'll end the meeting in 30. 20:39 < dgilmore> squirrels 20:39 < dgilmore> in particular stopping the dogs from barking at them 20:39 < dgilmore> ;) 20:39 -!- cassmodiah [n=cass at fedora/cassmodiah] has quit Read error: 104 (Connection reset by peer) 20:39 < notting> shoot the squirrels? 20:39 < mmcgrath> heh 20:40 < mmcgrath> ok, with that 20:40 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End 20:40 < dgilmore> notting: i cant shoot them 20:40 < ricky> Heh 20:40 < notting> have the dogs 'accidentally' catch them? 20:40 -!- mmcgrath changed the topic of #fedora-meeting to: Channel is used by various Fedora groups and committees for their regular meetings | Note that meetings often get logged | For questions about using Fedora please ask in #fedora | See http://fedoraproject.org/wiki/Communicate/FedoraMeetingChannel for meeting schedule 20:41 < dgilmore> notting: i have little dogs. i think the squirrels are bigger than them 20:42 * nirik can loan you some dogs that also don't like squirrels and can catch them if they aren't too high up in the trees. ;) 20:43 < notting> dgilmore: somehow prevent the dogs from seeing the squirrels? 20:44 < brothers> start over, raise the dogs from pups alongside squirrels, so they learn to coexist 20:45 < dgilmore> notting: thats what ive been trying :) 20:48 -!- brothers [n=brothers at swan5.cs.unc.edu] has left #fedora-meeting [] 20:55 < warren> http://www.donweiser.com/videos.html White squirrel videos! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From supriyaworlikar at indiatimes.com Fri Dec 12 04:53:23 2008 From: supriyaworlikar at indiatimes.com (supriyaworlikar at indiatimes.com) Date: Fri, 12 Dec 2008 10:23:23 +0530 (IST) Subject: technical spec Message-ID: <2008503450.7931229057603231.JavaMail.root@mbr4.indiatimes.com> hi I am very much familiar with security in linux plus proxy and selinux is the field in which i am willing to explore thanks and regards Supriya -- "KLUB MJ Hunt, Search for India's First Movie Jockey" For more details log on to http://www.zeecinema.com From nicu_fedora at nicubunu.ro Fri Dec 12 10:51:46 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Fri, 12 Dec 2008 12:51:46 +0200 Subject: Custom planets / Fedora Art In-Reply-To: References: <4940C9B9.4040806@nicubunu.ro> Message-ID: <49424242.6070109@nicubunu.ro> Mike McGrath wrote: > On Thu, 11 Dec 2008, Nicu Buculei wrote: >> One of the reasons for the change of planet infrastructure (.planet user >> files) was to enable the ability to create customized aggregators (language >> based or interest based). >> > > It was? I wasn't aware of that, I thought it was just so we could have a > planet.fedoraproject.org be self service so users could add / remove their > info without having to wait on us to do it. https://www.redhat.com/archives/fedora-infrastructure-list/2008-May/msg00071.html -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From thomas.moschny at gmail.com Thu Dec 11 13:43:27 2008 From: thomas.moschny at gmail.com (Thomas Moschny) Date: Thu, 11 Dec 2008 14:43:27 +0100 Subject: fedorahosted mtn In-Reply-To: <20081211001644.A3D13FC339@magilla.sf.frob.com> References: <20081211001644.A3D13FC339@magilla.sf.frob.com> Message-ID: 2008/12/11 Roland McGrath : > Thomas Moschny maintains the mtn-related Fedora packages. > He's also the author of the trac plugin. > Thomas is the only person I can think of who might be interested in > maintaining mtn hosting support for fedorahosted. No, I am currently not interested in doing so. I wasn't involved with any f-h project anyway. Of course I will continue to maintain the mtn related packages in Fedora and EPEL. Regards, Thomas -- Thomas Moschny From duffy at fedoraproject.org Thu Dec 11 18:57:32 2008 From: duffy at fedoraproject.org (=?ISO-8859-1?Q?M=E1ir=ED=ADn_Duffy?=) Date: Thu, 11 Dec 2008 13:57:32 -0500 Subject: Custom planets / Fedora Art In-Reply-To: References: <4940C9B9.4040806@nicubunu.ro> Message-ID: <4941629C.2070709@fedoraproject.org> Mike McGrath wrote: > Submit a ticket at https://fedorahosted.org/fedora-infrastructure/ I'm > actually not intimately familiar with our planet software to know if what > you want to do is possible or not. > > anyone else know? I maintain a planet server elsewhere, it is very easy to have custom planets running on the same install of planet. You just spin off a new planet .ini file and matching template file. ~m From skvidal at fedoraproject.org Fri Dec 12 20:10:14 2008 From: skvidal at fedoraproject.org (Seth Vidal) Date: Fri, 12 Dec 2008 15:10:14 -0500 (EST) Subject: Custom planets / Fedora Art In-Reply-To: <4941629C.2070709@fedoraproject.org> References: <4940C9B9.4040806@nicubunu.ro> <4941629C.2070709@fedoraproject.org> Message-ID: On Thu, 11 Dec 2008, M?ir??n Duffy wrote: > Mike McGrath wrote: >> Submit a ticket at https://fedorahosted.org/fedora-infrastructure/ I'm >> actually not intimately familiar with our planet software to know if what >> you want to do is possible or not. >> >> anyone else know? > > I maintain a planet server elsewhere, it is very easy to have custom planets > running on the same install of planet. You just spin off a new planet .ini > file and matching template file. > the template system for the .planet files I wrote allows for a user to make a .planet.something file and put the same or other info in it. Then another planet cronjob needs to be put in place passing that 'something' extension to it so it will look at those files and not the .planet files. That's it. -sv From ricky at fedoraproject.org Sat Dec 13 06:18:43 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 13 Dec 2008 01:18:43 -0500 Subject: Outage Notification - wiki, smolt, transifex Message-ID: <20081213061523.GA6942@sphe.res.cmu.edu> Outage Notification - 2008-12-13 06:10 UTC There was an unplanned outage starting at 2008-12-13 05:48 UTC. To convert UTC to your local time, run: date -d 'YYYY-MM-DD HH:MM UTC' Affected Services: Translation Services (transifex) Websites (wiki, smolt) Database (mysql) Unaffected Services: Buildsystem CVS / Source Control DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1053 Reason for Outage: xen12, the machine with our MySQL server on it is having hardware problems. We are currently waiting for a tech to fix it on site. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Sat Dec 13 07:55:46 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 13 Dec 2008 01:55:46 -0600 (CST) Subject: db1 is dead Message-ID: Long story short db1's server has had hardware issues... again. And my ability to grant the tech access does not exist and the normal channels for doing this on the weekend don't exist (yet). I'm hoping to deal with all this on monday. So what have we done? I got db1 up long enough to get a dump of the data off of it. db3 is now running the mysql db (db3 was designed to be a backup for db1 and db2 just for stuff like this) So sleep easy (I sure hope I will) knowing its all on good hardware. We'll have the tech come out and replace the motherboard (again[1]) and hopefully this box will be stable again. We got a bunch with the shipment this box came with but only it has had problems, some of you might remember the memory issues it had upon first install. Side note: I'm not going to be here much of the rest of this weekend or I would have had the tech come out on Sat. But we'll be fine till monday (thankfully) -Mike [1] This tech came out while I was on site but the installation failed and we needed to put the old mother board back in. From Samant_Kumar at satyam.com Sat Dec 13 11:13:26 2008 From: Samant_Kumar at satyam.com (Samant_Kumar) Date: Sat, 13 Dec 2008 16:43:26 +0530 Subject: Hello All Message-ID: <315312ACD1DAB740A42C3208F8F74D1501BC4D11D6@hstmbx002.corp.satyam.ad> Dear All, I have decided to contribute to the fedora community as I have used Fedora. I am Interested in C programming, though I do not have formal experience in C programming, I do have some programming history in C. On a scale of 1-10 in C programming, I figure myself at 3 or 4, but I am willing to learn and deliver. I Have some, but very little System programming experience in which I had designed a very basic Shell on my own. I was trained in Satyam. I have a fedora box which I administer on my own. I hope that I will be able to contribute to this community with my zeal to learn and I hope this community will help me learn Thanks and Regards moksha ________________________________ DISCLAIMER: This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Sun Dec 14 17:24:59 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 14 Dec 2008 11:24:59 -0600 (CST) Subject: Note about mediawiki plugin Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Many of you got an email yesterday concerning your fas username and password. Basically we have a custom plugin for our mediawiki install (http://fedoraproject.org/wiki/). That plugin still had some debug logging enabled which was causing people who logged in to get their username and password logged to the apache error logs. That in itself isn't really a problem. It's not good practice but its not a breach or anything as long as no untrusted parties get ahold of those logs. Still I think people have an expectation that their passwords are always secure and not stored unencrypted somewhere (I know I feel that way) so we thought we'd let people know who's names we found in the logs so they can change their password if they wish. The logs were discovered after our outage a few days back. While looking for the cause of some 500 errors related to the db1->db3 switch, we discovered the offending username/password combos. After that Ricky paged me, we talked a bit about what to do. I went back to sleep to think on it some and in the morning agreed with ricky. We decided it best to just remove the log lines and send an email out to everyone to let them know. People in sysadmin-main and sysadmin-web have access to these logs (and they're the groups charged with running the site) so as you can see, there really was nothing to it. I'm actually happy to say that we use encrypted passwords everywhere now, before FAS2 came out that wasn't true. So if anyone has any questions about what happened, direct them to this email (it'll be in the public archives). For the ultra paranoid here's the specific commit diff: http://tinyurl.com/69s8fd Feel free to ask any questions on this list or to admin at fedoraproject.org. -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklFQWwACgkQqbFkPBIFSq1aWACeKFRafayalnarsNrhmfFs0C6o C6QAmgNeorUgcMKE4mWALDzlwcHE0xSH =AAS6 -----END PGP SIGNATURE----- From mkearey at redhat.com Mon Dec 15 00:40:10 2008 From: mkearey at redhat.com (Michael Kearey) Date: Sun, 14 Dec 2008 19:40:10 -0500 (EST) Subject: Introduction - Michael Kearey Message-ID: <134495845.92701229301610830.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> G'day all, Michael here, a long time Fedora and Red Hat user, a Red Hat employee for the last 4.5 years too. At the encouragement of our old mate Nigel ( 'G' ) I have created an account and am hoping to be able to contribute a little to the Infrastructure when I can. My experience: - Administrator and developer of home grown systems, all Red Hat or Fedora based - PostgreSQL - PHP and PEAR app development - Perl - IPtables - PAM custom module devel - Recently, Red Hat Support person with experience in: - MySQL - All the Red Hat Suite of products including - Cluster, GFS, Satellite (Spacewalk), Certificate Management System, Directory Server, etc Cheers From nigjones at redhat.com Mon Dec 15 01:13:38 2008 From: nigjones at redhat.com (Nigel Jones) Date: Mon, 15 Dec 2008 11:13:38 +1000 Subject: Introduction - Michael Kearey In-Reply-To: <134495845.92701229301610830.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> References: <134495845.92701229301610830.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> Message-ID: <1229303618.27796.9.camel@njones> On Sun, 2008-12-14 at 19:40 -0500, Michael Kearey wrote: > G'day all, > > Michael here, a long time Fedora and Red Hat user, a Red Hat employee for the last 4.5 years too. > > At the encouragement of our old mate Nigel ( 'G' ) I have created an account and am hoping to be able to contribute a little to the Infrastructure when I can. My experience: Hi Mike! I guess the next step is taking a poke at http://fedoraproject.org/wiki/Infrastructure/FIGs and seeing what interests you :) -Nigel > > - Administrator and developer of home grown systems, all Red Hat or Fedora based > - PostgreSQL > - PHP and PEAR app development > - Perl > - IPtables > - PAM custom module devel > > - Recently, Red Hat Support person with experience in: > - MySQL > - All the Red Hat Suite of products including - Cluster, GFS, Satellite (Spacewalk), Certificate Management System, Directory Server, etc > > > > Cheers > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From nicu_fedora at nicubunu.ro Mon Dec 15 07:11:28 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Mon, 15 Dec 2008 09:11:28 +0200 Subject: Custom planets / Fedora Art In-Reply-To: References: <4940C9B9.4040806@nicubunu.ro> <4941629C.2070709@fedoraproject.org> Message-ID: <49460320.8090600@nicubunu.ro> Seth Vidal wrote: > > On Thu, 11 Dec 2008, M?ir??n Duffy wrote: > >> I maintain a planet server elsewhere, it is very easy to have custom >> planets running on the same install of planet. You just spin off a new >> planet .ini file and matching template file. But the best feature of our Planet is that it is self-serviced, with the users adding/editing themselves. Otherwise I could run it on my own server and maybe push it to fedorapeople. > the template system for the .planet files I wrote allows for a user to > make a .planet.something file and put the same or other info in it. Then > another planet cronjob needs to be put in place passing that 'something' > extension to it so it will look at those files and not the .planet files. > > That's it. This is what I remember and why I asked, here is my ticket: https://fedorahosted.org/fedora-infrastructure/ticket/1052 I also see a ticket for a pt_BR planet open for some months already: https://fedorahosted.org/fedora-infrastructure/ticket/712 -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com From ivazqueznet at gmail.com Mon Dec 15 14:58:12 2008 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Mon, 15 Dec 2008 09:58:12 -0500 Subject: [Fwd: client-side cert should work for Firefox too] Message-ID: <1229353092.4301.48.camel@ignacio.lan> For your consideration. -------- Forwarded Message -------- > From: Edward J. Huff > To: webmaster at fedoraproject.org > Subject: client-side cert should work for Firefox too > Date: Sun, 14 Dec 2008 12:39:01 -0500 > > Since you generate client-side certificates, why don't you generate them > for use in place of passwords when logging into the website? > Then you wouldn't have to insist on changing passwords. -- Ignacio Vazquez-Abrams -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From ivazqueznet at gmail.com Mon Dec 15 15:08:00 2008 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Mon, 15 Dec 2008 10:08:00 -0500 Subject: [Fwd: Hello! Need help here.] Message-ID: <1229353680.4301.58.camel@ignacio.lan> For your consideration. -------- Forwarded Message -------- > From: Adam Watts > To: webmaster at fedoraproject.org > Subject: Hello! Need help here. > Date: Mon, 15 Dec 2008 14:07:30 +0000 > > Hi there Web Maser of the Fedora project. > > I have created a new account with you and i see on my > Todo queue: > * You have not submitted an SSH key, some Fedora resources > require an SSH key. Please submit yours by editing My Account > Download a client-side certificate > > Can you tell me what this is, and do i need to do it ? > > -- Ignacio Vazquez-Abrams -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From a.badger at gmail.com Mon Dec 15 16:40:42 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 15 Dec 2008 08:40:42 -0800 Subject: [Fwd: client-side cert should work for Firefox too] In-Reply-To: <1229353092.4301.48.camel@ignacio.lan> References: <1229353092.4301.48.camel@ignacio.lan> Message-ID: <4946888A.5030401@gmail.com> Ignacio Vazquez-Abrams wrote: > For your consideration. > > -------- Forwarded Message -------- >> From: Edward J. Huff >> To: webmaster at fedoraproject.org >> Subject: client-side cert should work for Firefox too >> Date: Sun, 14 Dec 2008 12:39:01 -0500 >> >> Since you generate client-side certificates, why don't you generate them >> for use in place of passwords when logging into the website? >> Then you wouldn't have to insist on changing passwords. > > Hello, We've been looking at using client-side certificates for logging into Fedora Web Services for a while. One of our apps, koji.fedoraproject.org, only does authentication via SSL client certificates. Unfortunately, we've discovered that there's some tricky problems with CSRF and SSL Authentication that we'll need to solve before we're ready to enable this as the preferred method of authenticating for everything. You can see the current CSRF portion of the SSL plan here: https://fedorahosted.org/fas/wiki/CSRF -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Mon Dec 15 23:06:01 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 15 Dec 2008 17:06:01 -0600 (CST) Subject: db1 is dead In-Reply-To: References: Message-ID: On Sat, 13 Dec 2008, Mike McGrath wrote: > Long story short db1's server has had hardware issues... again. And my > ability to grant the tech access does not exist and the normal channels > for doing this on the weekend don't exist (yet). I'm hoping to deal with > all this on monday. > The tech came in and was able to replace the mobo without issue. We're going to let it run over night and check in the morning. If everything is good I'll schedule some downtime and migrate db1 back to it. -Mike From ricky at fedoraproject.org Tue Dec 16 08:41:15 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 16 Dec 2008 03:41:15 -0500 Subject: Outage Notification: Koji, Wiki, Smolt, Transifex Message-ID: <20081216084115.GA7779@sphe.res.cmu.edu> Outage Notification - 2008-12-16 08:10 UTC There has been an unplanned outage beginning at 2008-12-16 08:10 UTC. There is currently no ETA for resolving these issues. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d 'YYYY-MM-DD HH:MM UTC' Affected Services: Buildsystem (Koji) Database (all postgresql and mysql databases on db3) Websites (Transifex, Smolt, Wiki) Translation Services Unaffected Services: CVS / Source Control DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1059 Reason for Outage: db3, our current Koji PostgreSQL server and MySQL server is having disk problems. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From bugs.michael at gmx.net Tue Dec 16 11:14:55 2008 From: bugs.michael at gmx.net (Michael Schwendt) Date: Tue, 16 Dec 2008 12:14:55 +0100 Subject: Leaving Message-ID: <20081216121455.190cfe4e.bugs.michael@gmx.net> With the arrival of this message, I've left the following groups in the Fedora Account System: extras_signers sysadmin Thanks to Warren Togami and Seth Vidal for the trust in me that lead to the initial group membership. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Dec 16 14:58:15 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 16 Dec 2008 08:58:15 -0600 (CST) Subject: Outage Notification: Koji, Wiki, Smolt, Transifex In-Reply-To: <20081216084115.GA7779@sphe.res.cmu.edu> References: <20081216084115.GA7779@sphe.res.cmu.edu> Message-ID: On Tue, 16 Dec 2008, Ricky Zhou wrote: > Outage Notification - 2008-12-16 08:10 UTC > > There has been an unplanned outage beginning at 2008-12-16 08:10 UTC. > There is currently no ETA for resolving these issues. > > Ticket Link: > > https://fedorahosted.org/fedora-infrastructure/ticket/1059 > Most of these services should now be back online (some have been for quite some time). See: https://fedorahosted.org/fedora-infrastructure/ticket/1059 For more information. Everything except the buildsystem should be fine from now on. The buildsystem is in a temporary state. I've been able to get it back online so at least builds can happen this morning. I'm waiting for a tech to get on site to replace some parts. After that time I'll schedule another outage to move it back. Sorry for the inconvenience this has caused. If you're interested in keeping tabs on this just add yourself to the cc of that ticket. Most verbose communication/update information will be there. Please direct any questions or comments to me or stop by #fedora-admin on irc.freenode.net. -Mike From mmcgrath at redhat.com Tue Dec 16 16:48:48 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 16 Dec 2008 10:48:48 -0600 (CST) Subject: OpenSuSE Buildsystem Message-ID: I've been talking with some of the SuSE guys and we agree there's some overlap or at least coordination between their buildsystem and ours. The first obvious low hanging fruit is common macros. For those who wonder "why would we help OpenSuSE?" the answer is common goals, and better user experiences. The problem is time and coordination. So on a whim I thought I'd send this email out. Do we have any contributors out there who are both members of Fedora and SuSE who would be willing to lead this charge, find similarities and places for coordination? -Mike From andreas at bawue.net Tue Dec 16 17:00:00 2008 From: andreas at bawue.net (Andreas Thienemann) Date: Tue, 16 Dec 2008 18:00:00 +0100 (CET) Subject: OpenSuSE Buildsystem In-Reply-To: References: Message-ID: On Tue, 16 Dec 2008, Mike McGrath wrote: > I've been talking with some of the SuSE guys and we agree there's some > overlap or at least coordination between their buildsystem and ours. The > first obvious low hanging fruit is common macros. For those who wonder > "why would we help OpenSuSE?" the answer is common goals, and better user > experiences. You sure about there being much overlap and thus a certain incentive to develop common macros? The last time I was paid to look at SuSE was around 2003 or so and back then there was not much common except the .spec suffix. BuildRequires weren't used at all (admittedly, Red Hat was rather frugal wrt BRs) and I haven't seen much use of %macros at all. AFAICS BuildRequirements were implemented by parsing #-commented lines and adding the named packages to the dependency list. Has this behaviour changed? On the other hand: Is the buildsystem the right place to work on common goals? I'd assume that specifically for macros, rpm.org is a better place. regards, andreas From mmcgrath at redhat.com Tue Dec 16 17:06:12 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 16 Dec 2008 11:06:12 -0600 (CST) Subject: OpenSuSE Buildsystem In-Reply-To: References: Message-ID: On Tue, 16 Dec 2008, Andreas Thienemann wrote: > On Tue, 16 Dec 2008, Mike McGrath wrote: > > > I've been talking with some of the SuSE guys and we agree there's some > > overlap or at least coordination between their buildsystem and ours. The > > first obvious low hanging fruit is common macros. For those who wonder > > "why would we help OpenSuSE?" the answer is common goals, and better user > > experiences. > > You sure about there being much overlap and thus a certain incentive to > develop common macros? > > The last time I was paid to look at SuSE was around 2003 or so and back > then there was not much common except the .spec suffix. > BuildRequires weren't used at all (admittedly, Red Hat was rather frugal > wrt BRs) and I haven't seen much use of %macros at all. > > AFAICS BuildRequirements were implemented by parsing #-commented lines and > adding the named packages to the dependency list. > > Has this behaviour changed? > Don't know, we'll need someone committed to look at issues like this. > On the other hand: Is the buildsystem the right place to work on common > goals? I'd assume that specifically for macros, rpm.org is a better place. > Possibly but we don't have any control over rpm.org, we do, however, have control over our buildsystems. -Mike From dennis at ausil.us Tue Dec 16 17:45:19 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 16 Dec 2008 11:45:19 -0600 Subject: OpenSuSE Buildsystem In-Reply-To: References: Message-ID: <200812161145.20718.dennis@ausil.us> On Tuesday 16 December 2008 10:48:48 am Mike McGrath wrote: > I've been talking with some of the SuSE guys and we agree there's some > overlap or at least coordination between their buildsystem and ours. The > first obvious low hanging fruit is common macros. For those who wonder > "why would we help OpenSuSE?" the answer is common goals, and better user > experiences. > > The problem is time and coordination. So on a whim I thought I'd send > this email out. Do we have any contributors out there who are both > members of Fedora and SuSE who would be willing to lead this charge, find > similarities and places for coordination? I think that common macros needs to be solved at rpm.org level. not a buildsystem level. koji has no say in any of the macros it uses what is defined inside the distro. the macros fedora uses are defined in rpm and redhat- rpm-config, the disttag macro is defined in fedora-release. I see great benefit to everyone by having that problem solved at the rpm.org level. it will make it much easier to pickup packages and fixes cross distro. that is not a bad thing. especially for ISV's and upstreams supporting all distros they only need to do the work once and build everywhere. Working directly with them to fix issues for there buildsystem however I feel causes some conflicts. namely it legitimises the use of there buildsystem for building fedora/RHEL packages. I know people use it and will continue to do so. but I would ask why? is there some service that fedora could provide and is not? is it because you can be lazy and sloppy in the packaging and it lets you? is it just being able to do it in a single place? We do need to get out of the business of running two buildsystems. we really do need to be able to build EPEL in koji. I have scheduled a koji hackfest for fudcon. so if your there and interested then come help. there is always #koji on freenode for discussion on koji, so if you cant make it in person you can be there virtually :) Dennis From stickster at gmail.com Tue Dec 16 18:12:17 2008 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 16 Dec 2008 13:12:17 -0500 Subject: OpenSuSE Buildsystem In-Reply-To: References: Message-ID: <20081216181217.GA24772@localhost.localdomain> On Tue, Dec 16, 2008 at 10:48:48AM -0600, Mike McGrath wrote: > I've been talking with some of the SuSE guys and we agree there's some > overlap or at least coordination between their buildsystem and ours. The > first obvious low hanging fruit is common macros. For those who wonder > "why would we help OpenSuSE?" the answer is common goals, and better user > experiences. > > The problem is time and coordination. So on a whim I thought I'd send > this email out. Do we have any contributors out there who are both > members of Fedora and SuSE who would be willing to lead this charge, find > similarities and places for coordination? The best places for Fedora and openSUSE to collaborate are in the upstream communities where we can have the best effect on the free software community. That means rpm.org, smolts.org, GNOME, freedesktop.org, KDE, and so on. There's fertile ground there for plenty of technical development, and I feel that's the place where Fedora should be putting resources. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From opensource at till.name Wed Dec 17 00:38:40 2008 From: opensource at till.name (Till Maas) Date: Wed, 17 Dec 2008 01:38:40 +0100 Subject: OpenSuSE Buildsystem In-Reply-To: References: Message-ID: <200812170138.52511.opensource@till.name> On Tue December 16 2008, Mike McGrath wrote: > The problem is time and coordination. So on a whim I thought I'd send > this email out. Do we have any contributors out there who are both > members of Fedora and SuSE who would be willing to lead this charge, find > similarities and places for coordination? There exists already a project to coordinate between even more distributions: http://distributions.freedesktop.org/wiki/ There was also already a first reachout to unify packaging guidelines: http://lists.freedesktop.org/archives/distributions/2008-March/000100.html But there is not much activity. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: From nigjones at redhat.com Wed Dec 17 01:27:08 2008 From: nigjones at redhat.com (Nigel Jones) Date: Wed, 17 Dec 2008 11:27:08 +1000 Subject: noc1 moved house Message-ID: <1229477228.27796.19.camel@njones> Hi All, Just FYI, noc1 moved from xen2 to xen5 today which frees up xen1 and xen2 to be dedicated for releng :) - Nigel From dennis at ausil.us Wed Dec 17 01:51:06 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 16 Dec 2008 19:51:06 -0600 Subject: noc1 moved house In-Reply-To: <1229477228.27796.19.camel@njones> References: <1229477228.27796.19.camel@njones> Message-ID: <200812161951.12412.dennis@ausil.us> On Tuesday 16 December 2008 07:27:08 pm Nigel Jones wrote: > Hi All, > > Just FYI, noc1 moved from xen2 to xen5 today which frees up xen1 and > xen2 to be dedicated for releng :) you mean releng/buildsys right? Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From nigjones at redhat.com Wed Dec 17 01:54:22 2008 From: nigjones at redhat.com (Nigel Jones) Date: Wed, 17 Dec 2008 11:54:22 +1000 Subject: noc1 moved house In-Reply-To: <200812161951.12412.dennis@ausil.us> References: <1229477228.27796.19.camel@njones> <200812161951.12412.dennis@ausil.us> Message-ID: <1229478862.27796.21.camel@njones> Err yes, I kinda class them interchangeable though... On Tue, 2008-12-16 at 19:51 -0600, Dennis Gilmore wrote: > On Tuesday 16 December 2008 07:27:08 pm Nigel Jones wrote: > > Hi All, > > > > Just FYI, noc1 moved from xen2 to xen5 today which frees up xen1 and > > xen2 to be dedicated for releng :) > you mean releng/buildsys right? > > Dennis > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mmcgrath at redhat.com Wed Dec 17 20:12:20 2008 From: mmcgrath at redhat.com (Michael McGrath) Date: Wed, 17 Dec 2008 15:12:20 -0500 (EST) Subject: Outage Notification - 2008-12-17 17:00 UTC In-Reply-To: <778814936.959011229544582527.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> Message-ID: <1579080948.959681229544740921.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> There will be an outage starting at 2008-12-17 17:00 UTC, which will last approximately 4 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2008-12-17 17:00 UTC' Affected Services: Buildsystem Database Unaffected Services: CVS / Source Control DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Translation Services Websites Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1064 Reason for Outage: Part of the outage earlier this week involved moving our primary koji database to a temporary location. Now that the machine has been repaired its time to move it back. In order to keep downtime to a minimum and not interrupt the latest compose I'm scheduling this outage for a 4 hour window though it should only actually be down for an hour. As soon as the compose finishes I'll start. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. From mmcgrath at redhat.com Wed Dec 17 20:25:14 2008 From: mmcgrath at redhat.com (Michael McGrath) Date: Wed, 17 Dec 2008 15:25:14 -0500 (EST) Subject: Outage Notification - 2008-12-17 20:00 EST In-Reply-To: <1579080948.959681229544740921.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> Message-ID: <1426750939.983851229545514296.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> Ugh, my fault. Time convert error. This outage is actually at: date -d '2008-12-17 21:00 EST' -Mike ----- Original Message ----- From: "Michael McGrath" To: fedora-infrastructure-list at redhat.com, fedora-devel-announce at redhat.com Sent: Wednesday, December 17, 2008 2:12:20 PM GMT -06:00 US/Canada Central Subject: Outage Notification - 2008-12-17 17:00 UTC There will be an outage starting at 2008-12-17 17:00 UTC, which will last approximately 4 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2008-12-17 17:00 UTC' Affected Services: Buildsystem Database Unaffected Services: CVS / Source Control DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Translation Services Websites Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1064 Reason for Outage: Part of the outage earlier this week involved moving our primary koji database to a temporary location. Now that the machine has been repaired its time to move it back. In order to keep downtime to a minimum and not interrupt the latest compose I'm scheduling this outage for a 4 hour window though it should only actually be down for an hour. As soon as the compose finishes I'll start. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From jeff at ocjtech.us Thu Dec 18 20:24:16 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 18 Dec 2008 14:24:16 -0600 Subject: Convenience Symlinks for Git Repos on Fedora People Message-ID: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> I would like to automate the creation of symlinks to people's public_git directories on Fedora People. The symlinks would take the form /git/$user -> /home/fedora/$user/public_git Having these symlinks would make urls to git repositories on fedorapeople.org much simpler and would look like: git://fedorapeople.org/git/$user/$repo.git instead of: git://fedorapeople.org/home/fedora/$user/public_git/$repo.git I can't think of any downsides... The symlinks wouldn't take up much disk space, they wouldn't allow access to anything new, and wouldn't take much processing power to keep updates. A test run ran in under a second. Of course, the cron job would run as a normal user for extra safety. The script that I wrote is attached to ticket 1058: https://fedorahosted.org/fedora-infrastructure/ticket/1058 -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From roland at redhat.com Thu Dec 18 20:51:24 2008 From: roland at redhat.com (Roland McGrath) Date: Thu, 18 Dec 2008 12:51:24 -0800 (PST) Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: Jeffrey Ollie's message of Thursday, 18 December 2008 14:24:16 -0600 <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> Message-ID: <20081218205124.11924FC381@magilla.sf.frob.com> > git://fedorapeople.org/git/$user/$repo.git > > instead of: > > git://fedorapeople.org/home/fedora/$user/public_git/$repo.git You can already use: git://fedorapeople.org/git/~$user/$repo.git From roland at redhat.com Thu Dec 18 20:53:37 2008 From: roland at redhat.com (Roland McGrath) Date: Thu, 18 Dec 2008 12:53:37 -0800 (PST) Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: Roland McGrath's message of Thursday, 18 December 2008 12:51:24 -0800 <20081218205124.11924FC381@magilla.sf.frob.com> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> <20081218205124.11924FC381@magilla.sf.frob.com> Message-ID: <20081218205337.C813BFC381@magilla.sf.frob.com> > > git://fedorapeople.org/git/$user/$repo.git > > > > instead of: > > > > git://fedorapeople.org/home/fedora/$user/public_git/$repo.git > > You can already use: > > git://fedorapeople.org/git/~$user/$repo.git Oops, that's: git://fedorapeople.org/~$user/$repo.git From jeff at ocjtech.us Thu Dec 18 20:54:49 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 18 Dec 2008 14:54:49 -0600 Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: <20081218205337.C813BFC381@magilla.sf.frob.com> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> <20081218205124.11924FC381@magilla.sf.frob.com> <20081218205337.C813BFC381@magilla.sf.frob.com> Message-ID: <935ead450812181254s4389b10ek35f502960da9694f@mail.gmail.com> On Thu, Dec 18, 2008 at 2:53 PM, Roland McGrath wrote: >> > git://fedorapeople.org/git/$user/$repo.git >> > >> > instead of: >> > >> > git://fedorapeople.org/home/fedora/$user/public_git/$repo.git >> >> You can already use: >> >> git://fedorapeople.org/git/~$user/$repo.git > > Oops, that's: > > git://fedorapeople.org/~$user/$repo.git Well, blow me down! I guess nevermind about my script! -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From mmcgrath at redhat.com Thu Dec 18 21:06:34 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 18 Dec 2008 15:06:34 -0600 (CST) Subject: We've got problems Message-ID: Hey everyone, so there's lots or projects going on right now and I'm going to spend some time to prioritize them and hopefully get help on them. The wiki: We need to upgrade the wiki, like yesterday. We're on an unsupported branch right now. Whats the hangup? HNP is our ACL plugin. Some might remember when we said "A wiki is not a CMS" well, now we're being screwed by it. It has been made clear to us that certain pages in the wiki must A) stay on the wiki and B) be editable by only a subset of people. HNP is not supported by newer versions of mediawiki. Ticket #1072 Koji: The koji database is borked right now. We're getting by but its a ticking timebomb. There was some data corruption with our backplane issues this last week. Damaged portions equal no more then 160K at this point (I'm still doing other measurements). This is less then .0002% of the data of that database. The problem is that when I try to do dumps of the data pgsql fails. This is a must fix. Ticket #1069 nfs1: NFS1's IO load is just not right. Something isn't behaving as it should and I'm just not sure whats going on there yet. We need to do a full examination and trend of it. This involves moving cvs1 to another location and involves moving releng2 to xen1 to help ease some load. Additionally we need to move kojipkgs1 to another location (probably xen1) and enable a proper caching for it. We also need to finally get a valid backup of nfs1. This still hasn't happened. Its difficult to test because of the high load on the disks, backups take 4+ days. lots of things can go wrong during that time. Tickets: #1061, #1074, #1075, #1076. backup2: DR backups is a project I've been trying to get in shape. its general there, needs some polish. The dr user is there. But an audit and verification of everything we need to back up needs to be done. Ticket: #1077 CSRF: CSRF is a pretty serious deal, toshio is working on it but I'm sure he can use some help. Ticket: #992 FAS: Ricky has been working on some FAS stuff but some outstanding systems must be implemented quickly particularly as it relates to stale users. We need to get the password expiration stuff in, and we need to document and define what each user state means and how it will relate to other applications. FAS: #83 If you don't have access to the systems of this stuff, we likely won't be able to sponsor and train you in time to get this stuff done. Sorry, but you can still look at the code issues mentioned above or test alternatives for the wiki. If you have access and are working on something else, if you are able please stop doing that thing and work on one of the above issues. Even after these issues are done I've got a good 6 months of stuff backed up before new things can be done. We've literally exploded in size. Over the last two years the services, nodes, etc that we support has grown over 10 times and our core team has only grown by a few members. We're doing better then most OSS communities out there, but we can do better. -Mike From mmcgrath at redhat.com Thu Dec 18 21:16:39 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 18 Dec 2008 15:16:39 -0600 (CST) Subject: We've got problems In-Reply-To: References: Message-ID: On Thu, 18 Dec 2008, Mike McGrath wrote: > nfs1: > > NFS1's IO load is just not right. Something isn't behaving as it should > and I'm just not sure whats going on there yet. We need to do a full > examination and trend of it. This involves moving cvs1 to another > location and involves moving releng2 to xen1 to help ease some load. > Additionally we need to move kojipkgs1 to another location (probably xen1) > and enable a proper caching for it. We also need to finally get a valid > backup of nfs1. This still hasn't happened. Its difficult to test > because of the high load on the disks, backups take 4+ days. lots of > things can go wrong during that time. > > > Tickets: #1061, #1074, #1075, #1076. > more background on this, I know releng and some others are working to do fewer reads and writes to the nfs share. Thats a valuable effort, but I'm not convinced there's not something else going on there. The read/write speeds I've seen just are slower then I'd expect. -Mike From ricky at fedoraproject.org Thu Dec 18 21:19:50 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 18 Dec 2008 16:19:50 -0500 Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: <935ead450812181254s4389b10ek35f502960da9694f@mail.gmail.com> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> <20081218205124.11924FC381@magilla.sf.frob.com> <20081218205337.C813BFC381@magilla.sf.frob.com> <935ead450812181254s4389b10ek35f502960da9694f@mail.gmail.com> Message-ID: <20081218211950.GB7966@sphe> On 2008-12-18 02:54:49 PM, Jeffrey Ollie wrote: > Well, blow me down! I guess nevermind about my script! I think your script could still be useful for cloning over SSH. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From jeff at ocjtech.us Thu Dec 18 21:22:47 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 18 Dec 2008 15:22:47 -0600 Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: <20081218211950.GB7966@sphe> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> <20081218205124.11924FC381@magilla.sf.frob.com> <20081218205337.C813BFC381@magilla.sf.frob.com> <935ead450812181254s4389b10ek35f502960da9694f@mail.gmail.com> <20081218211950.GB7966@sphe> Message-ID: <935ead450812181322p66e189edj56c87adf15811a27@mail.gmail.com> 2008/12/18 Ricky Zhou : > On 2008-12-18 02:54:49 PM, Jeffrey Ollie wrote: >> Well, blow me down! I guess nevermind about my script! > I think your script could still be useful for cloning over SSH. Hmm yes, the ~$user does not seem to work with ssh:// urls. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From jeff at ocjtech.us Thu Dec 18 21:31:18 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 18 Dec 2008 15:31:18 -0600 Subject: We've got problems In-Reply-To: References: Message-ID: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> On Thu, Dec 18, 2008 at 3:06 PM, Mike McGrath wrote: > > Whats the hangup? HNP is our ACL plugin. Some might remember when we > said "A wiki is not a CMS" well, now we're being screwed by it. It has > been made clear to us that certain pages in the wiki must A) stay on the > wiki and B) be editable by only a subset of people. HNP is not supported > by newer versions of mediawiki. Why do the pages have to stay on "THE" wiki. Why not set up a 2nd wiki instance for the sensitive pages and set up inter-wiki links so that linking isn't cumbersome. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From mmcgrath at redhat.com Thu Dec 18 21:34:53 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 18 Dec 2008 15:34:53 -0600 (CST) Subject: We've got problems In-Reply-To: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> References: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> Message-ID: On Thu, 18 Dec 2008, Jeffrey Ollie wrote: > On Thu, Dec 18, 2008 at 3:06 PM, Mike McGrath wrote: > > > > Whats the hangup? HNP is our ACL plugin. Some might remember when we > > said "A wiki is not a CMS" well, now we're being screwed by it. It has > > been made clear to us that certain pages in the wiki must A) stay on the > > wiki and B) be editable by only a subset of people. HNP is not supported > > by newer versions of mediawiki. > > Why do the pages have to stay on "THE" wiki. Why not set up a 2nd > wiki instance for the sensitive pages and set up inter-wiki links so > that linking isn't cumbersome. > That very well may work. G and quaid are working on something now. As far as inter-wiki links. I honestly know nothing about them. -Mike From kwade at redhat.com Thu Dec 18 21:42:25 2008 From: kwade at redhat.com (Karsten Wade) Date: Thu, 18 Dec 2008 13:42:25 -0800 Subject: We've got problems In-Reply-To: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> References: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> Message-ID: <20081218214225.GH30687@calliope.phig.org> On Thu, Dec 18, 2008 at 03:31:18PM -0600, Jeffrey Ollie wrote: > On Thu, Dec 18, 2008 at 3:06 PM, Mike McGrath wrote: > > > > Whats the hangup? HNP is our ACL plugin. Some might remember when we > > said "A wiki is not a CMS" well, now we're being screwed by it. It has > > been made clear to us that certain pages in the wiki must A) stay on the > > wiki and B) be editable by only a subset of people. HNP is not supported > > by newer versions of mediawiki. > > Why do the pages have to stay on "THE" wiki. Why not set up a 2nd > wiki instance for the sensitive pages and set up inter-wiki links so > that linking isn't cumbersome. Thanks, yes, that's one viable solution. It might be a nice, fast way to go. But it's really just a bandage (more below.) Another bandage Nigel and I just discussed is scripting a pull from non-ACL'd draft pages in the regular wiki (Legal, Packaging, etc.) and push to fedoraproject.org/Legal, docs.fp.o/packaging-guide. This is an uglier bandage with more custom coding, I reckon. Why not use a wiki like this as a long term solution? It comes to content management. There is a small subset of all the content we maintain that needs: * Version control and rollback * Automatic publish/unpublish by rules (dates, packages released, etc.) * Workflow to ensure quality before moving live (writer <=> editor => publish) * Nice tool to add users to fine-grained groups to have roles in managing their content without accidentally stepping on other people's content * Nice web-based wysiwyg editor Just the last one is a nicety, the rest are really a must for this special content. More here: https://fedoraproject.org/wiki/CMS_solution_for_Fedora_Project_websites - Karsten -- Karsten 'quaid' Wade, Community Gardener http://quaid.fedorapeople.org AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nigjones at redhat.com Thu Dec 18 21:43:32 2008 From: nigjones at redhat.com (Nigel Jones) Date: Fri, 19 Dec 2008 07:43:32 +1000 Subject: We've got problems In-Reply-To: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> References: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> Message-ID: <1229636612.7678.1.camel@njones.bne.redhat.com> On Thu, 2008-12-18 at 15:31 -0600, Jeffrey Ollie wrote: > On Thu, Dec 18, 2008 at 3:06 PM, Mike McGrath wrote: > > > > Whats the hangup? HNP is our ACL plugin. Some might remember when we > > said "A wiki is not a CMS" well, now we're being screwed by it. It has > > been made clear to us that certain pages in the wiki must A) stay on the > > wiki and B) be editable by only a subset of people. HNP is not supported > > by newer versions of mediawiki. > > Why do the pages have to stay on "THE" wiki. Why not set up a 2nd > wiki instance for the sensitive pages and set up inter-wiki links so > that linking isn't cumbersome. > Sorry, gotta do soft redirects, i.e. "This page is now on a different wiki, click here to go it..." It's a pain I know, but yeah, I'll follow up in a separate post. - Nigel From jeff at ocjtech.us Thu Dec 18 21:43:47 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 18 Dec 2008 15:43:47 -0600 Subject: We've got problems In-Reply-To: References: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> Message-ID: <935ead450812181343j1f098be0h8fa3b03e046daf9b@mail.gmail.com> On Thu, Dec 18, 2008 at 3:34 PM, Mike McGrath wrote: > On Thu, 18 Dec 2008, Jeffrey Ollie wrote: > >> On Thu, Dec 18, 2008 at 3:06 PM, Mike McGrath wrote: >> > >> > Whats the hangup? HNP is our ACL plugin. Some might remember when we >> > said "A wiki is not a CMS" well, now we're being screwed by it. It has >> > been made clear to us that certain pages in the wiki must A) stay on the >> > wiki and B) be editable by only a subset of people. HNP is not supported >> > by newer versions of mediawiki. >> >> Why do the pages have to stay on "THE" wiki. Why not set up a 2nd >> wiki instance for the sensitive pages and set up inter-wiki links so >> that linking isn't cumbersome. >> > > That very well may work. G and quaid are working on something now. As > far as inter-wiki links. I honestly know nothing about them. http://www.mediawiki.org/wiki/Help:Interwiki_linking#Interwiki_links http://www.mediawiki.org/wiki/Manual:Guide_to_setting_up_interwiki_linking That's about all I know either. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From kwade at redhat.com Thu Dec 18 21:56:01 2008 From: kwade at redhat.com (Karsten Wade) Date: Thu, 18 Dec 2008 13:56:01 -0800 Subject: EPEL and koji (was Re: OpenSuSE Buildsystem) In-Reply-To: <200812161145.20718.dennis@ausil.us> References: <200812161145.20718.dennis@ausil.us> Message-ID: <20081218215601.GI30687@calliope.phig.org> On Tue, Dec 16, 2008 at 11:45:19AM -0600, Dennis Gilmore wrote: > > We do need to get out of the business of running two buildsystems. we really > do need to be able to build EPEL in koji. I have scheduled a koji hackfest > for fudcon. so if your there and interested then come help. there is always > #koji on freenode for discussion on koji, so if you cant make it in person > you can be there virtually :) Is there somewhere I can get an overview of the challenge and process of moving EPEL to koji? If not, can we take some time and write up such a thing? - Karsten -- Karsten 'quaid' Wade, Community Gardener http://quaid.fedorapeople.org AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Dec 18 22:00:49 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 18 Dec 2008 16:00:49 -0600 (CST) Subject: EPEL and koji (was Re: OpenSuSE Buildsystem) In-Reply-To: <20081218215601.GI30687@calliope.phig.org> References: <200812161145.20718.dennis@ausil.us> <20081218215601.GI30687@calliope.phig.org> Message-ID: On Thu, 18 Dec 2008, Karsten Wade wrote: > On Tue, Dec 16, 2008 at 11:45:19AM -0600, Dennis Gilmore wrote: > > > > We do need to get out of the business of running two buildsystems. we really > > do need to be able to build EPEL in koji. I have scheduled a koji hackfest > > for fudcon. so if your there and interested then come help. there is always > > #koji on freenode for discussion on koji, so if you cant make it in person > > you can be there virtually :) > > Is there somewhere I can get an overview of the challenge and process > of moving EPEL to koji? If not, can we take some time and write up > such a thing? > https://fedorahosted.org/koji/ticket/49 -Mike From a.badger at gmail.com Thu Dec 18 22:31:03 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 18 Dec 2008 14:31:03 -0800 Subject: We've got problems In-Reply-To: References: Message-ID: <494ACF27.6080001@gmail.com> Mike McGrath wrote: > CSRF: > > CSRF is a pretty serious deal, toshio is working on it but I'm sure he can > use some help. > > Ticket: #992 > Till brought up concerns with a decrease in usability to do it the way I've outlined. This is certainly a valid problem. The question is whether it outweighs the benefit of mitigating the effects of programmer errors. Till didn't reply to my last message... though it might be that he just decided I was too stubborn to change rather than agreeing with me :-). If anyone sees a way to reconcile both "click from email" and "prevent spoofing by default" let me know otherwise I'm committing code soon. If anyone wants to help code, this is a problem that is easily broken into pieces. So one person can get involved with creating our custom version of tg.url() while someone else updates the identity provider and someone else updates the BaseClient implementations. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ianweller at gmail.com Thu Dec 18 22:47:56 2008 From: ianweller at gmail.com (Ian Weller) Date: Thu, 18 Dec 2008 16:47:56 -0600 Subject: We've got problems In-Reply-To: References: <935ead450812181331j41ee1309s38a314452acf47a7@mail.gmail.com> Message-ID: <20081218224756.GA9644@gmail.com> On Thu, Dec 18, 2008 at 03:34:53PM -0600, Mike McGrath wrote: > That very well may work. G and quaid are working on something now. As > far as inter-wiki links. I honestly know nothing about them. > Nigel set up some magic for interwiki links. -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Thu Dec 18 23:19:22 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 18 Dec 2008 15:19:22 -0800 Subject: FYI: I'm vacationing Message-ID: <494ADA7A.3040700@gmail.com> Just a heads up, I'm going to be taking all of the Christmas/New Years weeks off (ie: this weekend through Jan 4). I'll be near a computer for the early part of that so you can pester me for information if you see me then. I'll be away for the latter part, though, so I'll be mighty scarce from Christmas on. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From tmz at pobox.com Thu Dec 18 23:39:29 2008 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 18 Dec 2008 18:39:29 -0500 Subject: Convenience Symlinks for Git Repos on Fedora People In-Reply-To: <935ead450812181322p66e189edj56c87adf15811a27@mail.gmail.com> References: <935ead450812181224i6469dbd4ha8029f960a9070bb@mail.gmail.com> <20081218205124.11924FC381@magilla.sf.frob.com> <20081218205337.C813BFC381@magilla.sf.frob.com> <935ead450812181254s4389b10ek35f502960da9694f@mail.gmail.com> <20081218211950.GB7966@sphe> <935ead450812181322p66e189edj56c87adf15811a27@mail.gmail.com> Message-ID: <20081218233929.GR12325@inocybe.teonanacatl.org> Jeffrey Ollie wrote: > 2008/12/18 Ricky Zhou : >> On 2008-12-18 02:54:49 PM, Jeffrey Ollie wrote: >>> Well, blow me down! I guess nevermind about my script! >> I think your script could still be useful for cloning over SSH. > > Hmm yes, the ~$user does not seem to work with ssh:// urls. It does work, but you have to add the public_git part of the path. The following URLs are all valid?: git://fedorapeople.org/~tmz/git-package.git ssh://fedorapeople.org/~tmz/public_git/git-package.git http://tmz.fedorapeople.org/git/git-package.git If adding the symlinks removes the difference between the git:// and ssh:// URLs, that would a nice improvement. ? Per https://fedoraproject.org/wiki/Infrastructure/fedorapeople.org, the http:// URL requires a symlink from ~/public_html/git to ~/public_git. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Going to trial with a lawyer who considers your whole life-style a Crime in Progress is not a happy prospect. -- Hunter S. Thompson -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From herlo at fedoraproject.org Fri Dec 19 00:06:30 2008 From: herlo at fedoraproject.org (Clint Savage) Date: Thu, 18 Dec 2008 17:06:30 -0700 Subject: [Fedora Infrastructure] #1079: RFR: Fedora Icecast Streaming Server In-Reply-To: <061.2534d3b0e28b8d9ecf273aae50cff62e@fedorahosted.org> References: <061.2534d3b0e28b8d9ecf273aae50cff62e@fedorahosted.org> Message-ID: Okay, so here's my Request for Resources, figured I had better get it in so that it can *possibly* happen for FUDCon F11 Boston. Please let me know if you fellas have any questions. Cheers, Clint On Thu, Dec 18, 2008 at 3:17 PM, Fedora Infrastructure wrote: > #1079: RFR: Fedora Icecast Streaming Server > -----------------------------+---------------------------------------------- > Reporter: herlo | Owner: santosp,ricky,mmcgrath > Type: task | Status: new > Priority: major | Milestone: Fedora 10 > Component: Web Application | Version: Production > Severity: Normal | Keywords: > -----------------------------+---------------------------------------------- > Project Sponsor > > Name: Clint Savage > > Fedora Account Name: herlo > > Group: > > Infrastructure Sponsor: Needed > > Secondary Contact info > > Name: > > Fedora Account Name: > > Group: > > Project Info > > Project Name: Fedora Streaming Server > > Target Audience: Fedora Contributors interested in sharing audio/video in > real-time. > > Expiration/Delivery Date (required): January 8, 2009 > > Description/Summary: > > The sole purpose of this request is to implement and configure an icecast > streaming server for FUDCons and other Fedora events where the > presentations can be recorded (audio and/or video) and streamed to the > external audience at large. > > Project plan (Detailed): > > Deploy icecast and configure several mount points. > Allow audio source client to deploy audio streaming tool (darkice or > ices2) and configure it to connect to the icecast server. > Passwords are set up for each mount, or in general. > > Goals: > > The main goal is to make it easier for individuals who cannot make Fedora > Events (FUDCon and the like) to be able to participate at least by audio > or video streams. This of course, is a one way presentation, but gives a > good feel for what's going on in certain environments. > > We anticipate the server to provide audio/video from older presentations > or for streaming podcasts from Fedora contributors ongoing. > > Other Notes: > > I currently host and maintain an icecast server on http://stream.utos.org > and it rarely needs any maintenance. Although, I plan to work to set up > more agile authorization and a way to modify the config from the web by > people in the group. This will allow them to update the mounts (streams) > available and set stream passwords on the fly. > > -- > Ticket URL: > Fedora Infrastructure > Fedora Infrastructure Project for Bugs, feature requests and access to our source code. From j.chris.johnson at gmail.com Fri Dec 19 01:08:52 2008 From: j.chris.johnson at gmail.com (Chris Johnson) Date: Thu, 18 Dec 2008 19:08:52 -0600 Subject: Hello, My intro Message-ID: Hi all, I've been lurking on the mailing list for a while and I finally registered for my fedora account today (username: chrisj) I'm interested in helping out as time permits. I got on irc once (lurking again) and haven't really logged in since. I'll try to make a few meetings after the holidays I'm planning to get my personal test systems setup soon. I just moved and still getting things straight at home. Bought a 750GB drive last night and will be installing F10 over the weekend. I had been running the U... distro and it's time to get back to the fedora/RH rpm way of doing things :-) I've used RedHat since before Fedora existed (I think 6 was the first one). Started as a hobbyist, 2 years. Then got a job as an admin and have been doing Linux admin and Cisco networks for the last 5 years. My current employer is a Win shop so I just get to run the DNS, email, and network, but the network is 50 remote offices and 3 different data centers in the midwest. I don't mind the Windows too much and can find my way around them, it's also kinda fun to get the Linux and MS products to play nice together. I've worked with a lot of different linux and OSS software products including: postfix, openldap, apache, bind, samba, mailman, pam, built some custom rpm's, etc. I use RHEL mostly at work and some fedora and Cent for testing (some suse, deb, and slackware in the past). I used to do lots of security firewall apliances with various linux distros (I was a big fan of LRP when it would fit on a floppy), most of this is now done with Cisco in my world. I can shell script pretty well and I've written several perl scripts in the last few years (dabbled in php but not enough to know it well). I've always been interested in python but don't have much if any exp with it. I also don't have much experience with SQL/DB or source control. I was looking at the FIGs and would be interested in the base sysadmin and sysadmin-noc for now while I figure out where everything is and what it does. I'm also interested in more info on the sysadmin-tools and sysadmin-web FIG. So, next just apply for the FIGs, keep lurking, ask some questions, show up for IRC meetings? Thanks all, -- Chris Johnson ++++++++++ j.chris.johnson at gmail.com ++++++++++++++++++++ From ramccor at pluribus.org Fri Dec 19 02:58:59 2008 From: ramccor at pluribus.org (Ronald A. McCormick Jr.) Date: Thu, 18 Dec 2008 20:58:59 -0600 Subject: Introduction - Ronald McCormick Message-ID: <494B0DF3.5040704@pluribus.org> Hello all, I figured I would drop a line and introduce myself. I have been a linux user since the TAMU 0.12 distro days and a Redhat user since the Redhat 4 days. I am a Network and Systems Engineer who has worked looking to contribute where I can. I have experience administering and engineering distributed computing clusters in a real-time environment. I was responsible for creating a custom distribution for use in an embedded product for my company. I am pretty good at hacking bash and php which I use to automate most tasks. You can consider me a generalist looking to get more involved. In past lives, I have done system engineering for an MMO game. I have engineered cable modem networks, and worked on the architecture team of a large corporate distributed computing environment. I currently support an MMO game client on multiple platforms. (I did the port to two of the three supported platforms) I also do network engineering on a Tollway in my state. From senapati2001 at yahoo.com Fri Dec 19 17:35:12 2008 From: senapati2001 at yahoo.com (p sena) Date: Fri, 19 Dec 2008 09:35:12 -0800 (PST) Subject: hi, i newly joined fedora infrastructure group Message-ID: <198022.63488.qm@web45112.mail.sp1.yahoo.com> Hi, I am new to the fedora infrastructure group. I am going throug few of the links in the site to get a feel of the work. I have submitted my .ssh_rsa_key.pub from the site. I think I will get some intimation on this. Please someone can let me know further proceedings from here onwards. Cheers. Regards & Thanks Prabir Senapati mailto: senapati2001 at yahoo.com From a.badger at gmail.com Fri Dec 19 19:40:22 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 19 Dec 2008 11:40:22 -0800 Subject: We've got problems In-Reply-To: <494ACF27.6080001@gmail.com> References: <494ACF27.6080001@gmail.com> Message-ID: <494BF8A6.7090009@gmail.com> Toshio Kuratomi wrote: > Mike McGrath wrote: >> CSRF: >> >> CSRF is a pretty serious deal, toshio is working on it but I'm sure he can >> use some help. >> >> Ticket: #992 >> > Till brought up concerns with a decrease in usability to do it the way > I've outlined. This is certainly a valid problem. The question is > whether it outweighs the benefit of mitigating the effects of programmer > errors. Till didn't reply to my last message... though it might be > that he just decided I was too stubborn to change rather than agreeing > with me :-). If anyone sees a way to reconcile both "click from email" > and "prevent spoofing by default" let me know otherwise I'm committing > code soon. > I woke up with a possible solution. Till, Luke, Ricky, and others does this seem doable? = Background = A method in the TG Controller can be marked as needing a non-anonymous identity like this: @identity.require(identity.not_anonymous()) def foo(self): if 'admin' in identity.current.groups: # Do admin stuff else: # Do normal user stuff The presence of the @identity.require(identity.not_anonymous()) is what forces the method to redirect to the login page when a user is not logged in. If the @identity is not there and the code simply checks inside of the method, then it usually means the code will do different things if the user is anonymous or authenticated instead of depending on which group the user belongs to. = Addition for CSRF = The current proposal says that when identity is referenced, we'll check the CSRF token. If the token is not present or doesn't match, then we'll decide the user is anonymous. If the @identity.require() decorator is present, we will be checking at that level what the identity of the user is. I think it would be possible for us to check whether the user has a CSRF token at this point. If not, but the tg-visit session cookie that the user sent is valid, we can redirect to a page that says "This page helps prevent CSRF spoofing. Click to continue to the _requested_resource_." The link will go to the original method but will contain the CSRF token. So if the user is in control of the browser they can click on the link and be taken to the resource using their current login session. = Things this does not do = * We don't do an automatic redirect here because I think the browser will process that redirect whether or not javascript is allowed to read it. As long as the browser processes the redirect automatically despite what the same-origin policy says, we've lost the CSRF protection. (Someone can check whether the 30X status codes and tags all do this.) * If the method in question allows anonymous access then you will get the anonymous page rather than the CSRF redirection. - We might be able to ameliorate this by having the login screen understand the difference between not having a tg-visit cookie and not having a CSRF token. You'd still have to click to login to the page, (one click to login, the second to return from the CSRF protection) but the login screen could display the "Please click to continue" instead of forcing the user to retype their username and password and start a new session. - We might be able to ameliorate this even further if we return enough information to tell the page that the only reason we aren't logged in is because of CSRF protection. With that, the = Other Notes = * This would also solve the problem of how to do SSL Client Authentication. The SSL Cert alone would take you to the login screen. You'd then click on a link (with the CSRF token embedded) to take you to the screen you want. * Here's a drawback of putting the CSRF token on GET requests -- When copy and pasting links, the user's CSRF token would be in the pasted information. Having the CSRF token added by javascript when the user clicks on any link on the page would get around this but requires that Javascript is enabled in the browser. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From nigjones at redhat.com Sun Dec 21 03:27:19 2008 From: nigjones at redhat.com (Nigel Jones) Date: Sun, 21 Dec 2008 13:27:19 +1000 Subject: We've got problems In-Reply-To: References: Message-ID: <1229830039.7394.1.camel@njones.bne.redhat.com> On Thu, 2008-12-18 at 15:06 -0600, Mike McGrath wrote: > Hey everyone, so there's lots or projects going on right now and I'm going > to spend some time to prioritize them and hopefully get help on them. > > The wiki: > > We need to upgrade the wiki, like yesterday. We're on an unsupported > branch right now. > > Whats the hangup? HNP is our ACL plugin. Some might remember when we > said "A wiki is not a CMS" well, now we're being screwed by it. It has > been made clear to us that certain pages in the wiki must A) stay on the > wiki and B) be editable by only a subset of people. HNP is not supported > by newer versions of mediawiki. FYI, I've started a process to move these pages into Namespaces so we can use a more supported extension until we can then move these pages _again_ into a CMS. > > Ticket #1072 > > Koji: > > The koji database is borked right now. We're getting by but its a ticking > timebomb. There was some data corruption with our backplane issues this > last week. Damaged portions equal no more then 160K at this point (I'm > still doing other measurements). This is less then .0002% of the data of > that database. The problem is that when I try to do dumps of the data > pgsql fails. This is a must fix. > > Ticket #1069 > > nfs1: > > NFS1's IO load is just not right. Something isn't behaving as it should > and I'm just not sure whats going on there yet. We need to do a full > examination and trend of it. This involves moving cvs1 to another > location and involves moving releng2 to xen1 to help ease some load. > Additionally we need to move kojipkgs1 to another location (probably xen1) > and enable a proper caching for it. We also need to finally get a valid > backup of nfs1. This still hasn't happened. Its difficult to test > because of the high load on the disks, backups take 4+ days. lots of > things can go wrong during that time. > > > Tickets: #1061, #1074, #1075, #1076. > > backup2: > > DR backups is a project I've been trying to get in shape. its general > there, needs some polish. The dr user is there. But an audit and > verification of everything we need to back up needs to be done. > > Ticket: #1077 > > CSRF: > > CSRF is a pretty serious deal, toshio is working on it but I'm sure he can > use some help. > > Ticket: #992 > > FAS: > > Ricky has been working on some FAS stuff but some outstanding systems must > be implemented quickly particularly as it relates to stale users. We need > to get the password expiration stuff in, and we need to document and > define what each user state means and how it will relate to other > applications. > > FAS: #83 > > > If you don't have access to the systems of this stuff, we likely won't be > able to sponsor and train you in time to get this stuff done. Sorry, but > you can still look at the code issues mentioned above or test alternatives > for the wiki. > > If you have access and are working on something else, if you are able > please stop doing that thing and work on one of the above issues. Even > after these issues are done I've got a good 6 months of stuff backed up > before new things can be done. We've literally exploded in size. Over > the last two years the services, nodes, etc that we support has grown over > 10 times and our core team has only grown by a few members. We're doing > better then most OSS communities out there, but we can do better. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From jkeating at redhat.com Mon Dec 22 03:38:37 2008 From: jkeating at redhat.com (Jesse Keating) Date: Sun, 21 Dec 2008 19:38:37 -0800 Subject: Noisy cron Message-ID: <1229917117.3861.85.camel@localhost.localdomain> Could somebody start looking into the noisy cron jobs? We seem to have quite a few that are failing or spitting unnecessary text out into email. Could be a fun project for somebody looking to get familiar with Infrastructure, since the jobs seem to span all parts of our realm. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From Scott_Collier at Dell.com Mon Dec 22 17:00:43 2008 From: Scott_Collier at Dell.com (Scott_Collier at Dell.com) Date: Mon, 22 Dec 2008 11:00:43 -0600 Subject: Noisy cron References: <1229917117.3861.85.camel@localhost.localdomain> Message-ID: <2CF37B2A81883A44953060200A4507D75F0C2D@ausx3mps335.aus.amer.dell.com> Jesse, I'd like to help out here. I've been trying to get familiar with the Infrastructure for a while now. Is there a ticket open for this that has more details? I have yet to even shell into a box, so I'll be pinging you and others for assistance if that's ok. This will truly be a starting point for me regarding Fedora Infrastructure... -Scott -----Original Message----- From: fedora-infrastructure-list-bounces at redhat.com on behalf of Jesse Keating Sent: Sun 12/21/2008 9:38 PM To: Fedora Infrastructure Subject: Noisy cron Could somebody start looking into the noisy cron jobs? We seem to have quite a few that are failing or spitting unnecessary text out into email. Could be a fun project for somebody looking to get familiar with Infrastructure, since the jobs seem to span all parts of our realm. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating From jkeating at redhat.com Mon Dec 22 17:14:26 2008 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 22 Dec 2008 09:14:26 -0800 Subject: Noisy cron In-Reply-To: <2CF37B2A81883A44953060200A4507D75F0C2D@ausx3mps335.aus.amer.dell.com> References: <1229917117.3861.85.camel@localhost.localdomain> <2CF37B2A81883A44953060200A4507D75F0C2D@ausx3mps335.aus.amer.dell.com> Message-ID: <1229966066.3861.95.camel@localhost.localdomain> On Mon, 2008-12-22 at 11:00 -0600, Scott_Collier at Dell.com wrote: > > I'd like to help out here. I've been trying to get familiar with the > Infrastructure for a while now. Is there a ticket open for this that > has more details? I have yet to even shell into a box, so I'll be > pinging you and others for assistance if that's ok. > > This will truly be a starting point for me regarding Fedora > Infrastructure... There is no ticket yet, pop into #fedora-admin and we'll chat about it. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jonstanley at gmail.com Tue Dec 23 02:26:05 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Mon, 22 Dec 2008 21:26:05 -0500 Subject: FAS 'User List' not working in HEAD Message-ID: When you click on 'User List' in the left hand side of FAS, you get an UnboundLocalError that 'user' is referenced before defined. This is the result of some code in list() in user.py that was modified to allow the return of selected fields. However, if the query does not specify what fields are wanted, the 'user' variable is not defined. I tried to define it at the end if it didn't exist with person[0], but that didn't seem to work for some reason. The patch below is a little hackish, but functional. index a00d5fa..819b25b 100644 --- a/fas/user.py +++ b/fas/user.py @@ -446,9 +446,15 @@ https://admin.fedoraproject.org/accounts/user/verifyemail/%s search=search) if person[1] == 'approved': - approved.append(user) + try: + approved.append(user) + except UnboundLocalError: + approved.append(person[0]) else: - unapproved.append(user) + try: + unapproved.append(user) + except UnboundLocalError: + unapproved.append(person[0]) if not (approved or unapproved): turbogears.flash(_("No users found matching '%s'") % search) From k.georgiou at imperial.ac.uk Tue Dec 23 17:21:50 2008 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Tue, 23 Dec 2008 17:21:50 +0000 Subject: We've got problems In-Reply-To: References: Message-ID: <20081223172150.GA30666@imperial.ac.uk> On Thu, Dec 18, 2008 at 03:06:34PM -0600, Mike McGrath wrote: > nfs1: > > NFS1's IO load is just not right. Something isn't behaving as it should > and I'm just not sure whats going on there yet. We need to do a full > examination and trend of it. This involves moving cvs1 to another > location and involves moving releng2 to xen1 to help ease some load. > Additionally we need to move kojipkgs1 to another location (probably xen1) > and enable a proper caching for it. We also need to finally get a valid > backup of nfs1. This still hasn't happened. Its difficult to test > because of the high load on the disks, backups take 4+ days. lots of > things can go wrong during that time. Something like disktop.stp from http://sourceware.org/systemtap/wiki/ScriptsTools might be usefull in finding out what is causing the load. Also have a look at https://bugzilla.redhat.com/show_bug.cgi?id=448130 if you are using the default CFQ IO scheduler and NFS1 is used for nfs traffic as the name suggests (it isn't just nfs pefrormance that is affected by slice_idle though). Kostas From senapati2001 at yahoo.com Wed Dec 24 05:58:00 2008 From: senapati2001 at yahoo.com (p sena) Date: Tue, 23 Dec 2008 21:58:00 -0800 (PST) Subject: fedora infra rsa key submitted Message-ID: <281552.35340.qm@web45115.mail.sp1.yahoo.com> Hi, I am new joined the fedora infrastructure group. I am going through few of the links in the site to get a feel of the work and people. I have submitted my .ssh_rsa_key.pub from the site itself on the day I registered myself. Please someone can let me know further proceedings from here onwards, any intimations/pointers & references on this. Cheers. From mmcgrath at redhat.com Wed Dec 24 14:16:43 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 24 Dec 2008 08:16:43 -0600 (CST) Subject: Outage Notification - 2008-12-24 14:00 UTC Message-ID: There will be an outage starting at 2008-12-24 14:00 UTC UTC, which will last approximately ? hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2008-12-24 14:00 UTC' Affected Services: Buildsystem DNS Fedora Talk Collaboration services (Gobby) Unaffected Services: CVS / Source Control Database Fedora Hosted Fedora People Mail Mirror System Torrent Translation Services Websites Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1090 Reason for Outage: serverbeach1-3 went out this morning. This happened a month ago from electrical issues but there's no word on if this is the same thing or related to that in any way. Nigel has submitted a ticket to them to get it looked at, generally they are very quick about fixing this, I'd be surprised if this took more then an hour. Having said that, we have no information so the whole building might have fallen into a sink hole or something. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. From mmcgrath at redhat.com Wed Dec 24 14:32:00 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 24 Dec 2008 08:32:00 -0600 (CST) Subject: Hello, My intro In-Reply-To: References: Message-ID: On Thu, 18 Dec 2008, Chris Johnson wrote: > Hi all, > > I've been lurking on the mailing list for a while and I finally > registered for my fedora account today (username: chrisj) > I'm interested in helping out as time permits. I got on irc once > (lurking again) and haven't really logged in since. I'll try to make a > few meetings after the holidays > I'm planning to get my personal test systems setup soon. I just moved > and still getting things straight at home. Bought a 750GB drive last > night and will be installing F10 over the weekend. I had been running > the U... distro and it's time to get back to the fedora/RH rpm way of > doing things :-) > > I've used RedHat since before Fedora existed (I think 6 was the first > one). Started as a hobbyist, 2 years. Then got a job as an admin and > have been doing Linux admin and Cisco networks for the last 5 years. > My current employer is a Win shop so I just get to run the DNS, > email, and network, but the network is 50 remote offices and 3 > different data centers in the midwest. I don't mind the Windows too > much and can find my way around them, it's also kinda fun to get the > Linux and MS products to play nice together. I've worked with a lot of > different linux and OSS software products including: postfix, > openldap, apache, bind, samba, mailman, pam, built some custom rpm's, > etc. I use RHEL mostly at work and some fedora and Cent for testing > (some suse, deb, and slackware in the past). I used to do lots of > security firewall apliances with various linux distros (I was a big > fan of LRP when it would fit on a floppy), most of this is now done > with Cisco in my world. I can shell script pretty well and I've > written several perl scripts in the last few years (dabbled in php but > not enough to know it well). I've always been interested in python but > don't have much if any exp with it. I also don't have much experience > with SQL/DB or source control. > > I was looking at the FIGs and would be interested in the base sysadmin > and sysadmin-noc for now while I figure out where everything is and > what it does. I'm also interested in more info on the sysadmin-tools > and sysadmin-web FIG. > So, next just apply for the FIGs, keep lurking, ask some questions, > show up for IRC meetings? > Exactly, sorry this took so long to get back to you, busy week. Also it would be good to stop by #fedora-admin on irc.freenode.net so we can make sure you get into the sysadmin group properly. -Mike From mmcgrath at redhat.com Wed Dec 24 14:33:54 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 24 Dec 2008 08:33:54 -0600 (CST) Subject: Introduction - Ronald McCormick In-Reply-To: <494B0DF3.5040704@pluribus.org> References: <494B0DF3.5040704@pluribus.org> Message-ID: On Thu, 18 Dec 2008, Ronald A. McCormick Jr. wrote: > Hello all, I figured I would drop a line and introduce myself. I have been a > linux user since the TAMU 0.12 distro days and a Redhat user since the Redhat > 4 days. I am a Network and Systems Engineer who has worked looking to > contribute where I can. > > I have experience administering and engineering distributed computing clusters > in a real-time environment. I was responsible for creating a custom > distribution for use in an embedded product for my company. > > I am pretty good at hacking bash and php which I use to automate most tasks. > You can consider me a generalist looking to get more involved. > > In past lives, I have done system engineering for an MMO game. I have > engineered cable modem networks, and worked on the architecture team of a > large corporate distributed computing environment. > > I currently support an MMO game client on multiple platforms. (I did the port > to two of the three supported platforms) I also do network engineering on a > Tollway in my state. > Welcome Ronald, Are you looking to get more involved in just anything Fedora or specifically the Infrastructure team? -Mike From mmcgrath at redhat.com Wed Dec 24 14:35:07 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 24 Dec 2008 08:35:07 -0600 (CST) Subject: hi, i newly joined fedora infrastructure group In-Reply-To: <198022.63488.qm@web45112.mail.sp1.yahoo.com> References: <198022.63488.qm@web45112.mail.sp1.yahoo.com> Message-ID: On Fri, 19 Dec 2008, p sena wrote: > Hi, > > I am new to the fedora infrastructure group. I am going throug few of the links in the site to get a feel of the work. I have submitted my .ssh_rsa_key.pub from the site. I think I will get some intimation on this. Please someone can let me know further proceedings from here onwards. > Make sure you can come to the meetings (unless you're not in an available time zone) Then its good just to hang out on this list or stop by #fedora-admin on irc.freenode.net. Start looking through FIGs for what you want to do, or though the ticketing system. -Mike From sundaram at fedoraproject.org Wed Dec 24 17:07:46 2008 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Wed, 24 Dec 2008 22:37:46 +0530 Subject: hi, i newly joined fedora infrastructure group In-Reply-To: <198022.63488.qm@web45112.mail.sp1.yahoo.com> References: <198022.63488.qm@web45112.mail.sp1.yahoo.com> Message-ID: <49526C62.1070104@fedoraproject.org> p sena wrote: > Hi, > > I am new to the fedora infrastructure group. I am going throug few of the links in the site to get a feel of the work. I have submitted my .ssh_rsa_key.pub from the site. I think I will get some intimation on this. Please someone can let me know further proceedings from here onwards. > > Cheers. > > Regards & Thanks Prabir Senapati mailto: senapati2001 at yahoo.com Welcome and keep watching the discussions in this list. The infrastructure folks are quite busy now but there are often calls for help. Let us know what your interests and skill sets are, so that we can match up something. Rahul From ramccor at pluribus.org Wed Dec 24 23:48:33 2008 From: ramccor at pluribus.org (Ronald A. McCormick) Date: Wed, 24 Dec 2008 17:48:33 -0600 Subject: Introduction - Ronald McCormick In-Reply-To: References: <494B0DF3.5040704@pluribus.org> Message-ID: <4952CA51.2020205@pluribus.org> My passion is generally infrastructure work. However, I am willing to assist where needed. Mike McGrath wrote: > On Thu, 18 Dec 2008, Ronald A. McCormick Jr. wrote: > > >> Hello all, I figured I would drop a line and introduce myself. I have been a >> linux user since the TAMU 0.12 distro days and a Redhat user since the Redhat >> 4 days. I am a Network and Systems Engineer who has worked looking to >> contribute where I can. >> >> I have experience administering and engineering distributed computing clusters >> in a real-time environment. I was responsible for creating a custom >> distribution for use in an embedded product for my company. >> >> I am pretty good at hacking bash and php which I use to automate most tasks. >> You can consider me a generalist looking to get more involved. >> >> In past lives, I have done system engineering for an MMO game. I have >> engineered cable modem networks, and worked on the architecture team of a >> large corporate distributed computing environment. >> >> I currently support an MMO game client on multiple platforms. (I did the port >> to two of the three supported platforms) I also do network engineering on a >> Tollway in my state. >> >> > > Welcome Ronald, Are you looking to get more involved in just anything > Fedora or specifically the Infrastructure team? > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From Gregor18 at web.de Thu Dec 25 05:42:18 2008 From: Gregor18 at web.de (=?iso-8859-15?Q?Gregor_Gr=FCner?=) Date: Thu, 25 Dec 2008 06:42:18 +0100 Subject: Gregor Gruener is introduce oneself Message-ID: <850725400@web.de> Hello *, my name is Gregor Gruener and i am twenty-five years old. I work one year with linux now and when the fedora-infrastructure-Team have interest i like to give my help. I am working in the company Telefonica Germany in our housing section, 2nd-Level support for our costumer. We are using lot of RedHat Enterprise Server 5. I have big interests to learn more to administrate RHEP 5 Server and to use my "small" knowledge to help the fedora team. I think in standard-Administration i am very ok and i am Certified RedHat Technician for RHEP 5. For more questions i am in the irc fedora-admin channel user: ggruener Sorry, but my English grammar is not the best. best regards Gregor Gruener _______________________________________________________________________ Sensationsangebot verl?ngert: WEB.DE FreeDSL - Telefonanschluss + DSL f?r nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a From adrian at lisas.de Thu Dec 25 07:56:45 2008 From: adrian at lisas.de (Adrian Reber) Date: Thu, 25 Dec 2008 08:56:45 +0100 Subject: rsync errors on fedora-secondary Message-ID: <20081225075645.GA10545@lisas.de> I get following rsync errors on syncing fedora-secondary on the last few runs: rsync: send_files failed to open "/development/sparc/os/images/.initrd.img.pupy3y" (in fedora-secondary): Permission denied (13) rsync: send_files failed to open "/releases/9/Everything/source/SRPMS/.supertuxkart-0.4-1.fc9.src.rpm.omf19j" (in fedora-secondary): Permission denied (13) rsync: send_files failed to open "/releases/test/9-Beta/Fedora/source/SRPMS/.geronimo-specs-1.0-1.M2.2jpp.12.src.rpm.quHnuo" (in fedora-secondary): Permission denied (13) Maybe someone can delete those files. Thanks! Adrian From dennis at ausil.us Thu Dec 25 15:25:14 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 25 Dec 2008 09:25:14 -0600 Subject: rsync errors on fedora-secondary In-Reply-To: <20081225075645.GA10545@lisas.de> References: <20081225075645.GA10545@lisas.de> Message-ID: <200812250925.15624.dennis@ausil.us> On Thursday 25 December 2008 01:56:45 am Adrian Reber wrote: > I get following rsync errors on syncing fedora-secondary on the last few > runs: > > rsync: send_files failed to open > "/development/sparc/os/images/.initrd.img.pupy3y" (in fedora-secondary): > Permission denied (13) rsync: send_files failed to open > "/releases/9/Everything/source/SRPMS/.supertuxkart-0.4-1.fc9.src.rpm.omf19j >" (in fedora-secondary): Permission denied (13) rsync: send_files failed to > open > "/releases/test/9-Beta/Fedora/source/SRPMS/.geronimo-specs-1.0-1.M2.2jpp.12 >.src.rpm.quHnuo" (in fedora-secondary): Permission denied (13) > > Maybe someone can delete those files. Thanks! > > Adrian Fixed, thanks for the heads up Dennis From kanarip at kanarip.com Fri Dec 26 12:19:38 2008 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Fri, 26 Dec 2008 13:19:38 +0100 Subject: Puppet Talk on FUDCon Message-ID: <4954CBDA.6020005@kanarip.com> Hi, I'm planning a Puppet (Config. Mgmt.) BarCamp session on FUDCon in Boston, but right now I'm thinking we may as well attach a HackFest session or two to see if we can implement some of the stuff that puppet does but the Fedora Infrastructure doesn't use (yet), or otherwise improve the puppet infrastructure we use. It should be a fairly interesting set of sessions since the Fedora Infrastructure team has been working with puppet for quite a while now, as have I but in many different organizations. This has driven me to come up with puppetmanaged.org[1], a collection of puppet modules primarily focused on Red Hat- and Fedora- based systems, and a way to share those modules amongst a larger audience. I guess we'll be talking about using those modules as well, or improving them so that they meet the requirements of Fedora Infrastructure, or applying them to Fedora's puppet infra, maybe. Additionally, the modules on puppetmanaged.org are based around a 3-way staging model, that allows you to distinguish between development, testing and production environments, as well as set a "standard" for overriding and/or extending the modules with customized manifests, and storing configurations in a database (exported resources for those of you familiar with them). With that functionality, the puppetmaster on puppetmanaged.org now manages nodes in different organizations -with, of course, very different profiles, needs and expectations-, allows "satellite" puppetmasters to be deployed in an organization (satellite puppetmasters themselves are managed by master.puppetmanaged.org but manage *.organization.tld nodes). My experience with puppet has also allowed me to organize workshops for customers, create a good reader[2] in the process, and (co-)maintaining the entire puppet/ruby stack in Fedora and EPEL. Needless to say, development paths of Fedora Infra's puppet and puppetmanaged.org have never aligned and as such -at FUDCon- I think we've got the opportunity to review each other setup and see what it is we can use/learn. If you have any questions, remarks or ideas to talk about during FUDCon -whether you can make it or not-, I'd like to hear about them. I'll hopefully see those of you attending FUDCon! Kind regards, Jeroen van Meeuwen -kanarip [1] http://git.puppetmanaged.org/ [2] http://www.kanarip.com/courses/puppet/puppet.pdf From ianweller at gmail.com Sat Dec 27 04:44:20 2008 From: ianweller at gmail.com (Ian Weller) Date: Fri, 26 Dec 2008 22:44:20 -0600 Subject: vacationing Message-ID: <20081227044420.GA19563@gmail.com> I'll be without Internet until Tuesday the 30th. Here's to MW 1.13.3 not exploding :) -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From adrian at lisas.de Sat Dec 27 13:32:03 2008 From: adrian at lisas.de (Adrian Reber) Date: Sat, 27 Dec 2008 14:32:03 +0100 Subject: everything spin trouble In-Reply-To: <49556C52.8080400@thelinuxstore.org.uk> References: <49556C52.8080400@thelinuxstore.org.uk> Message-ID: <20081227133203.GA5872@lisas.de> On Fri, Dec 26, 2008 at 11:44:18PM +0000, The Linux Store UK? wrote: > Hello I have been trying to get the everything jigdo dvd spins, but have > an issue completing the dload it keeps giving me the following error > > ERROR 404: NOT FOUND > > This is the same error for all 9 dvd's and shows 2 files remaining > > I have attached an image of the actual error from a screen capture > > Please any assistance would be greatly appreciated I can confirm that it also does not work for me. I am copying fedora-infrastructure in hope somebody understands the problem. The file (RPM-GPG-KEY-fedora-test-ia64) cannot be downloaded using wget or curl. $ curl -v http://download.fedoraproject.org/pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 * About to connect() to download.fedoraproject.org port 80 (#0) * Trying 80.239.156.215... connected * Connected to download.fedoraproject.org (80.239.156.215) port 80 (#0) > GET /pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 HTTP/1.1 > User-Agent: curl/7.18.2 (i386-redhat-linux-gnu) libcurl/7.18.2 > NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18 > Host: download.fedoraproject.org > Accept: */* > < HTTP/1.1 404 NOT FOUND < Date: Sat, 27 Dec 2008 13:23:25 GMT < Server: Apache/2.2.3 (Red Hat) < cache-control: no-cache < AppTime: D=17402 < AppServer: app3.fedora.phx.redhat.com < Content-Length: 0 < Content-Type: text/html; charset=utf-8 < ProxyTime: D=463258 < ProxyServer: proxy5.fedoraproject.org < * Connection #0 to host download.fedoraproject.org left intact * Closing connection #0 If I just use http://download.fedoraproject.org/pub/fedora/linux/releases/10/Fedora/i386/os/ I am redirected to a mirror and there I can download the file. Other GPG keys seem to work. Adrian -------------- next part -------------- A non-text attachment was scrubbed... Name: error.jpg Type: image/jpeg Size: 154612 bytes Desc: not available URL: From Matt_Domsch at Dell.com Sat Dec 27 16:33:49 2008 From: Matt_Domsch at Dell.com (Matt Domsch) Date: Sat, 27 Dec 2008 16:33:49 +0000 Subject: everything spin trouble In-Reply-To: <20081227133203.GA5872@lisas.de> References: <49556C52.8080400@thelinuxstore.org.uk><20081227133203.GA5872@lisas.de> Message-ID: <16360615-1230395629-cardhu_decombobulator_blackberry.rim.net-60963091-@bxe005.bisx.prod.on.blackberry> If a mirror excludes ia64 in their rsync, and uses report_mirror to claim that dir is correct and up to date, MM may still redirect there incorrectly as it only tracks at the whole dir level. It would be better if the ia64 sha1sum file weren't in the i386 dir... -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -----Original Message----- From: Adrian Reber Date: Sat, 27 Dec 2008 14:32:03 To: The Linux Store UK? Cc: ; Subject: Re: everything spin trouble On Fri, Dec 26, 2008 at 11:44:18PM +0000, The Linux Store UK? wrote: > Hello I have been trying to get the everything jigdo dvd spins, but have > an issue completing the dload it keeps giving me the following error > > ERROR 404: NOT FOUND > > This is the same error for all 9 dvd's and shows 2 files remaining > > I have attached an image of the actual error from a screen capture > > Please any assistance would be greatly appreciated I can confirm that it also does not work for me. I am copying fedora-infrastructure in hope somebody understands the problem. The file (RPM-GPG-KEY-fedora-test-ia64) cannot be downloaded using wget or curl. $ curl -v http://download.fedoraproject.org/pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 * About to connect() to download.fedoraproject.org port 80 (#0) * Trying 80.239.156.215... connected * Connected to download.fedoraproject.org (80.239.156.215) port 80 (#0) > GET /pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 HTTP/1.1 > User-Agent: curl/7.18.2 (i386-redhat-linux-gnu) libcurl/7.18.2 > NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18 > Host: download.fedoraproject.org > Accept: */* > < HTTP/1.1 404 NOT FOUND < Date: Sat, 27 Dec 2008 13:23:25 GMT < Server: Apache/2.2.3 (Red Hat) < cache-control: no-cache < AppTime: D=17402 < AppServer: app3.fedora.phx.redhat.com < Content-Length: 0 < Content-Type: text/html; charset=utf-8 < ProxyTime: D=463258 < ProxyServer: proxy5.fedoraproject.org < * Connection #0 to host download.fedoraproject.org left intact * Closing connection #0 If I just use http://download.fedoraproject.org/pub/fedora/linux/releases/10/Fedora/i386/os/ I am redirected to a mirror and there I can download the file. Other GPG keys seem to work. Adrian From kanarip at kanarip.com Sat Dec 27 21:17:09 2008 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Sat, 27 Dec 2008 22:17:09 +0100 Subject: everything spin trouble In-Reply-To: <16360615-1230395629-cardhu_decombobulator_blackberry.rim.net-60963091-@bxe005.bisx.prod.on.blackberry> References: <49556C52.8080400@thelinuxstore.org.uk><20081227133203.GA5872@lisas.de> <16360615-1230395629-cardhu_decombobulator_blackberry.rim.net-60963091-@bxe005.bisx.prod.on.blackberry> Message-ID: <49569B55.8000009@kanarip.com> Matt Domsch wrote: > If a mirror excludes ia64 in their rsync, and uses report_mirror to claim that dir is correct and up to date, MM may still redirect there incorrectly as it only tracks at the whole dir level. It would be better if the ia64 sha1sum file weren't in the i386 dir... I have this file on my local mirror[1], which is configured in MirrorManager for my local netblock. The download.fp.o page jigdo hits however comes up with a 404[2], while it should redirect me to my mirror at the very least (and possibly come up with a 404 from that mirror). Does this help? Kind regards, Jeroen van Meeuwen -kanarip [1] http://www.kanarip.com/fedora/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 [2][jmeeuwen at mick ~]$ curl -v http://download.fedoraproject.org/pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 * About to connect() to download.fedoraproject.org port 80 (#0) * Trying 209.132.176.120... connected * Connected to download.fedoraproject.org (209.132.176.120) port 80 (#0) > GET /pub/fedora/linux/releases/10/Fedora/i386/os/RPM-GPG-KEY-fedora-test-ia64 HTTP/1.1 > User-Agent: curl/7.18.2 (x86_64-redhat-linux-gnu) libcurl/7.18.2 NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18 > Host: download.fedoraproject.org > Accept: */* > < HTTP/1.1 404 NOT FOUND < Date: Sat, 27 Dec 2008 21:14:45 GMT < Server: Apache/2.2.3 (Red Hat) < cache-control: no-cache < AppTime: D=13229 < AppServer: app3.fedora.phx.redhat.com < Content-Length: 0 < Content-Type: text/html; charset=utf-8 < ProxyTime: D=57306 < ProxyServer: proxy2.fedora.phx.redhat.com < * Connection #0 to host download.fedoraproject.org left intact From jkeating at redhat.com Sun Dec 28 00:44:34 2008 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 27 Dec 2008 16:44:34 -0800 Subject: everything spin trouble In-Reply-To: <16360615-1230395629-cardhu_decombobulator_blackberry.rim.net-60963091-@bxe005.bisx.prod.on.blackberry> References: <49556C52.8080400@thelinuxstore.org.uk> <20081227133203.GA5872@lisas.de> <16360615-1230395629-cardhu_decombobulator_blackberry.rim.net-60963091-@bxe005.bisx.prod.on.blackberry> Message-ID: <1230425074.17296.46.camel@localhost.localdomain> On Sat, 2008-12-27 at 16:33 +0000, Matt Domsch wrote: > If a mirror excludes ia64 in their rsync, and uses report_mirror to > claim that dir is correct and up to date, MM may still redirect there > incorrectly as it only tracks at the whole dir level. It would be > better if the ia64 sha1sum file weren't in the i386 dir... They're in every dir, they're hardlinks. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From thinklinux.ssh at gmail.com Mon Dec 29 04:59:06 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 29 Dec 2008 10:29:06 +0530 Subject: Trac creating new ticket from webform Message-ID: Can anyone please let me know What will be the best way to do this, I want this form http://susmit.fedorapeople.org/freemedia/FreeMedia-open.html to create a new ticket here when submitted https://fedorahosted.org/freemedia/newticket I was searching for some plugin but till now haven't found any. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From herlo1 at gmail.com Mon Dec 29 05:39:45 2008 From: herlo1 at gmail.com (Clint Savage) Date: Sun, 28 Dec 2008 22:39:45 -0700 Subject: Trac creating new ticket from webform In-Reply-To: References: Message-ID: On Sun, Dec 28, 2008 at 9:59 PM, susmit shannigrahi wrote: > Can anyone please let me know What will be the best way to do this, > > I want this form > http://susmit.fedorapeople.org/freemedia/FreeMedia-open.html > > to create a new ticket here when submitted > https://fedorahosted.org/freemedia/newticket > > I was searching for some plugin but till now haven't found any. > > > -- > Regards, > Susmit. Susmit, Is this trac instance is for actually tracking these requests or if it is for tracking the development of the software to track the requests? If it is the former, I'd like to suggest the following. The Fedora Ambassadors North America just implemented a trac instance to handle requests for resources (media, t-shirts, etc.). We have our trac instance at https://fedorahosted.org/famnarequests. When we created this, we had a similar set of requirements in mind. I believe what you are asking for is likely not available in trac since it's more or less a bug tracker. However, I have found that it still works well for what you want it to do. With famnarequests, we modified the type to include multiple types of request (Media, AmbassadorKit, tshirt and so on), and we used the component for the region of NA the requestor was located. So for your instance, I would suggest something like this: Ticket Types: i386 Live, i386 DVD, x86_64 Live, x86_64 DVD, etc. Version: Fedora 9, Fedora 10, etc. To be honest, the other three pieces of information you wish to gather can easily be placed in the description field. And I think most requestors can figure this out. Let me know what you think as I am liking the trac instance we set up. Cheers, Clint From thinklinux.ssh at gmail.com Mon Dec 29 05:56:16 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 29 Dec 2008 11:26:16 +0530 Subject: Trac creating new ticket from webform In-Reply-To: References: Message-ID: > > Is this trac instance is for actually tracking these requests or if it > is for tracking the development of the software to track the requests? No, this is the trac instance for automating the freemedia program which still needs a lot of manual editing. (Once the basic tasks are done, I shall call for feedback and suggestions from the ambassadors list. Till now, I have not announced this. :) > If it is the former, I'd like to suggest the following. > > The Fedora Ambassadors North America just implemented a trac instance > to handle requests for resources (media, t-shirts, etc.). We have our > trac instance at https://fedorahosted.org/famnarequests. When we > created this, we had a similar set of requirements in mind. My problem is, I/we can not ask a requester to fill a ticket for requesting a media. That will complicate things. A simple webform is much easier to handle for a first timer. So I am looking for keeping the existing request form almost same and changing the backend for a more automated approach. > I believe what you are asking for is likely not available in trac > since it's more or less a bug tracker. /me too thinks so...But Mike or Ricky may tell us something. :) > So for your instance, I would suggest something like this: > Ticket Types: i386 Live, i386 DVD, x86_64 Live, x86_64 DVD, etc. > Version: Fedora 9, Fedora 10, etc. Backend is not a problem, the frontend is. :) Ambassadors and contributors can very well handle the tickets but a first time visitor may not. > To be honest, the other three pieces of information you wish to gather > can easily be placed in the description field. And I think most > requestors can figure this out. If the way I am looking does not workout, I have to do this. So thank you for your suggession. :) -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From thinklinux.ssh at gmail.com Mon Dec 29 14:41:19 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 29 Dec 2008 20:11:19 +0530 Subject: Installed Trac plugins not showing up. Message-ID: Hi, I am talking about this one https://fedorahosted.org/freemedia/ I have installed the eggs of customfield plugin and webadmin plugin. But they are not showing up. May be I need to enable them trac.ini. I don't find it in puppet and neither can I see it through TracAdmin panel. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From mmcgrath at redhat.com Mon Dec 29 17:05:27 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 29 Dec 2008 11:05:27 -0600 (CST) Subject: Installed Trac plugins not showing up. In-Reply-To: References: Message-ID: On Mon, 29 Dec 2008, susmit shannigrahi wrote: > Hi, > > I am talking about this one https://fedorahosted.org/freemedia/ > > I have installed the eggs of customfield plugin and webadmin plugin. > When you say you have installed the eggs, you mean you've packaged it for epel and told puppet to install it? Everything that runs in hosted requires a package, even the plugins. -Mike From thinklinux.ssh at gmail.com Mon Dec 29 17:08:52 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 29 Dec 2008 22:38:52 +0530 Subject: Installed Trac plugins not showing up. In-Reply-To: References: Message-ID: > > When you say you have installed the eggs, you mean you've packaged it for > epel and told puppet to install it? Everything that runs in hosted > requires a package, even the plugins. nope... I tried using admin panel to upload them, there is a install field out there https://fedorahosted.org/freemedia/admin/general/plugin -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From mmcgrath at redhat.com Mon Dec 29 17:19:41 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 29 Dec 2008 11:19:41 -0600 (CST) Subject: Installed Trac plugins not showing up. In-Reply-To: References: Message-ID: On Mon, 29 Dec 2008, susmit shannigrahi wrote: > > > > When you say you have installed the eggs, you mean you've packaged it for > > epel and told puppet to install it? Everything that runs in hosted > > requires a package, even the plugins. > > nope... > I tried using admin panel to upload them, there is a install field out there > https://fedorahosted.org/freemedia/admin/general/plugin > Thats a nono. If you want to use a plugin you'll need to package it for Fedora/EPEL and install it (or have one of us install it) via yum. -Mike From jkeating at redhat.com Mon Dec 29 17:35:23 2008 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 29 Dec 2008 09:35:23 -0800 Subject: Installed Trac plugins not showing up. In-Reply-To: References: Message-ID: <1230572123.17296.48.camel@localhost.localdomain> On Mon, 2008-12-29 at 11:19 -0600, Mike McGrath wrote: > On Mon, 29 Dec 2008, susmit shannigrahi wrote: > > > > > > > When you say you have installed the eggs, you mean you've packaged it for > > > epel and told puppet to install it? Everything that runs in hosted > > > requires a package, even the plugins. > > > > nope... > > I tried using admin panel to upload them, there is a install field out there > > https://fedorahosted.org/freemedia/admin/general/plugin > > > > Thats a nono. If you want to use a plugin you'll need to package it for > Fedora/EPEL and install it (or have one of us install it) via yum. > > -Mike I need to look at how we can disable this "feature" of the webadmin plugin. The webadmin does give access to a lot of other useful functionality, but I don't like that users can upload eggs. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From thinklinux.ssh at gmail.com Mon Dec 29 17:45:51 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 29 Dec 2008 23:15:51 +0530 Subject: Installed Trac plugins not showing up. In-Reply-To: <1230572123.17296.48.camel@localhost.localdomain> References: <1230572123.17296.48.camel@localhost.localdomain> Message-ID: >> Thats a nono. If you want to use a plugin you'll need to package it for >> Fedora/EPEL and install it (or have one of us install it) via yum. FIne...next time I shall do that. 1. I hope that upload of eggs were not universal for all trac instances. Is it? 2. Can you please point out the location of the particular trac.ini file in puppet? I can not find it. 3. Does my membership allow me to edit that? Thanks a lot. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From mmcgrath at redhat.com Mon Dec 29 19:28:37 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 29 Dec 2008 13:28:37 -0600 (CST) Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> Message-ID: On Mon, 29 Dec 2008, susmit shannigrahi wrote: > >> Thats a nono. If you want to use a plugin you'll need to package it for > >> Fedora/EPEL and install it (or have one of us install it) via yum. > > FIne...next time I shall do that. > > 1. I hope that upload of eggs were not universal for all trac instances. Is it? not sure > 2. Can you please point out the location of the particular trac.ini > file in puppet? > I can not find it. [mmcgrath at puppet1 puppet]$ find -name trac.ini ./configs/web/applications/trac.ini > 3. Does my membership allow me to edit that? > Technically you can but you should get sponsorship in sysadmin-hosted so you can properly test and fix it. -Mike From ricky at fedoraproject.org Mon Dec 29 20:46:50 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 29 Dec 2008 15:46:50 -0500 Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> Message-ID: <20081229204650.GG6975@sphe.fedora.phx.redhat.com> On 2008-12-29 01:28:37 PM, Mike McGrath wrote: > > 2. Can you please point out the location of the particular trac.ini > > file in puppet? > > I can not find it. > > [mmcgrath at puppet1 puppet]$ find -name trac.ini > ./configs/web/applications/trac.ini If you're an admin for a trac project, I think the trac administration interface allows you to edit the trac.ini for that project as well. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From jonstanley at gmail.com Mon Dec 29 21:30:28 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Mon, 29 Dec 2008 16:30:28 -0500 Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> Message-ID: On Mon, Dec 29, 2008 at 12:45 PM, susmit shannigrahi wrote: > 1. I hope that upload of eggs were not universal for all trac instances. Is it? I don't think so, but I don't know. > 2. Can you please point out the location of the particular trac.ini > file in puppet? > I can not find it. On hosted1, the individual projects are not puppet managed. /srv/web/trac//conf/trac.ini > 3. Does my membership allow me to edit that? If you're not in sysadmin-hosted, you'll not be able to edit the trac.ini directly, since you need sudo on hosted1 to do that. See https://fedoraproject.org/wiki/Infrastructure/SOP/HostedPrivateTickets for an example of enabling a plugin. From ricky at fedoraproject.org Mon Dec 29 21:37:46 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 29 Dec 2008 16:37:46 -0500 Subject: Installed Trac plugins not showing up. In-Reply-To: <20081229204650.GG6975@sphe.fedora.phx.redhat.com> References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> Message-ID: <20081229213746.GD25189@sphe.fedora.phx.redhat.com> On 2008-12-29 03:46:50 PM, Ricky Zhou wrote: > If you're an admin for a trac project, I think the trac administration > interface allows you to edit the trac.ini for that project as well. Sorry, I was slightly mistaken - I don't think the interface allows you to arbitrarily edit trac.ini, but it does give you a form for changing parameters related to installed plugins (for example, there's a privatetickets section where you can modify settings for that plugin). Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Tue Dec 30 02:39:57 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Tue, 30 Dec 2008 08:09:57 +0530 Subject: Installed Trac plugins not showing up. In-Reply-To: <20081229213746.GD25189@sphe.fedora.phx.redhat.com> References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> <20081229213746.GD25189@sphe.fedora.phx.redhat.com> Message-ID: 2008/12/30 Ricky Zhou : > On 2008-12-29 03:46:50 PM, Ricky Zhou wrote: >> If you're an admin for a trac project, I think the trac administration >> interface allows you to edit the trac.ini for that project as well. > Sorry, I was slightly mistaken - I don't think the interface allows you > to arbitrarily edit trac.ini, but it does give you a form for changing > parameters related to installed plugins (for example, there's a > privatetickets section where you can modify settings for that plugin). But thats for all what is stock installed. If i try to install some new plugin, I can not modify them. But thanks a lot for all the info. I have applied for sysadmin-hosted. Please Sponsor me if possible. The sop pointed out[1] is for private ticket, but I guess SOP for other plugins will be likewise. Should I file a ticket for it? [1]https://fedoraproject.org/wiki/Infrastructure/SOP/HostedPrivateTickets -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From a.badger at gmail.com Tue Dec 30 06:54:46 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 29 Dec 2008 22:54:46 -0800 Subject: FAS 'User List' not working in HEAD In-Reply-To: References: Message-ID: <4959C5B6.8080901@gmail.com> Jon Stanley wrote: > When you click on 'User List' in the left hand side of FAS, you get an > UnboundLocalError that 'user' is referenced before defined. This is > the result of some code in list() in user.py that was modified to > allow the return of selected fields. However, if the query does not > specify what fields are wanted, the 'user' variable is not defined. > > I tried to define it at the end if it didn't exist with person[0], but > that didn't seem to work for some reason. The patch below is a little > hackish, but functional. > > index a00d5fa..819b25b 100644 > --- a/fas/user.py > +++ b/fas/user.py > @@ -446,9 +446,15 @@ > https://admin.fedoraproject.org/accounts/user/verifyemail/%s > search=search) > > if person[1] == 'approved': > - approved.append(user) > + try: > + approved.append(user) > + except UnboundLocalError: > + approved.append(person[0]) > else: > - unapproved.append(user) > + try: > + unapproved.append(user) > + except UnboundLocalError: > + unapproved.append(person[0]) > > if not (approved or unapproved): > turbogears.flash(_("No users found matching '%s'") % search) > Would this be better? --- a/fas/user.py +++ b/fas/user.py @@ -444,6 +444,8 @@ https://admin.fedoraproject.org/accounts/user/verifyemail/%s else: return dict(people=[], unapproved_people=[], search=search) + else: + user = person[0] if person[1] == 'approved': approved.append(user) (I'm on vacation, feel free to commit whichever you think is best.) -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From huzaifas at redhat.com Tue Dec 30 09:37:13 2008 From: huzaifas at redhat.com (Huzaifa Sidhpurwala) Date: Tue, 30 Dec 2008 15:07:13 +0530 Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> <20081229213746.GD25189@sphe.fedora.phx.redhat.com> Message-ID: <4959EBC9.9000207@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 susmit shannigrahi wrote: > 2008/12/30 Ricky Zhou : >> On 2008-12-29 03:46:50 PM, Ricky Zhou wrote: >>> If you're an admin for a trac project, I think the trac administration >>> interface allows you to edit the trac.ini for that project as well. >> Sorry, I was slightly mistaken - I don't think the interface allows you >> to arbitrarily edit trac.ini, but it does give you a form for changing >> parameters related to installed plugins (for example, there's a >> privatetickets section where you can modify settings for that plugin). > > But thats for all what is stock installed. > If i try to install some new plugin, I can not modify them. > > > But thanks a lot for all the info. > I have applied for sysadmin-hosted. Please Sponsor me if possible. > The sop pointed out[1] is for private ticket, but I guess SOP for > other plugins will be likewise. > Should I file a ticket for it? > In the mean time if you need a particular plugin for trac on fedorahosted, feel free to put in a ticket and someone, already in sysadmin-hosted may pick it up. > > > [1]https://fedoraproject.org/wiki/Infrastructure/SOP/HostedPrivateTickets - -- Regards, Huzaifa Sidhpurwala, RHCE, CCNA (IRC: huzaifas) GnuPG Fingerprint: 3A0F DAFB 9279 02ED 273B FFE9 CC70 DCF2 DA5B DAE5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklZ68kACgkQzHDc8tpb2uVFQwCeI6kKpYRGnLJaG5NPbOe2Ga9I rfgAn2dXN0man6vZWJvoMTeDV5nSFZTN =+hfy -----END PGP SIGNATURE----- From josemanimala at gmail.com Tue Dec 30 14:03:19 2008 From: josemanimala at gmail.com (josemanimala at gmail.com) Date: 30 Dec 2008 14:03:19 -0000 Subject: Invitation from josemanimala@gmail.com Message-ID: <20081230140319.8389.qmail@jaagore.com> An HTML attachment was scrubbed... URL: From jonstanley at gmail.com Wed Dec 31 04:24:22 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Tue, 30 Dec 2008 23:24:22 -0500 Subject: Installed Trac plugins not showing up. In-Reply-To: <4959EBC9.9000207@redhat.com> References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> <20081229213746.GD25189@sphe.fedora.phx.redhat.com> <4959EBC9.9000207@redhat.com> Message-ID: On Tue, Dec 30, 2008 at 4:37 AM, Huzaifa Sidhpurwala wrote: > In the mean time if you need a particular plugin for trac on > fedorahosted, feel free to put in a ticket and someone, already in > sysadmin-hosted may pick it up. I need the custom fields plugin for the FamNA request system anyways, so I'm packaging it now. Hopefully I'll be able to get it in the infra repo before the end of the night, and in Fedora and EPEL proper soon after. From sascha at spreitzer.name Wed Dec 31 08:38:16 2008 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Wed, 31 Dec 2008 09:38:16 +0100 Subject: new to fedora contribution and the infrastructure group Message-ID: Hello opensource contributers and infrastructure specialists, my name is Sascha Thomas Spreitzer, I life in the east of Munich in the heart of Bavaria, which is in the south of Germany. I have several years of Unix system administration experience, that is now in use at the BAADER Bank AG and was formerly at the german Sparkasse banks organization. My current job description refers to "UNIX system engineer and platform specialist". I am very familiar with planning, integration and maintenance of Unix systems in data centre and internet environments. I have done several courses and trainings and gained the RHCE certification as well as some IBM AIX certifications. As im using fedora day by day, I decided to help and contribute on it. I hope I can help this project. -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From jonstanley at gmail.com Wed Dec 31 15:24:52 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Wed, 31 Dec 2008 10:24:52 -0500 Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> <20081229213746.GD25189@sphe.fedora.phx.redhat.com> <4959EBC9.9000207@redhat.com> Message-ID: On Tue, Dec 30, 2008 at 11:24 PM, Jon Stanley wrote: > I need the custom fields plugin for the FamNA request system anyways, > so I'm packaging it now. Hopefully I'll be able to get it in the > infra repo before the end of the night, and in Fedora and EPEL proper > soon after. This plugin is packaged and available for use, I had a problem with it last night that turned out to be a simple typo in the trac.ini (I was apparently too tired to notice, since I stared at it for a bit and since the upstream site was down, I just gave up, but I immediately saw it this morning).... I've enabled it in the famnarequests and freemedia projects. Let me know if you have any problems. From mmcgrath at redhat.com Wed Dec 31 20:42:27 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 14:42:27 -0600 (CST) Subject: Disk IO issues Message-ID: Lets pool some knowledge together because at this point, I'm missing something. I've been doing all measurements with sar as bonnie, etc, causes builds to timeout. Problem: We're seeing slower then normal disk IO. At least I think we are. This is a PERC5/E and MD1000 array. When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get around 4-6MBytes/s When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get 30-40MBytes/s. Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. The above tests are pretty consistent. /dev/sde is a raid5 array, hardware raid. So my question here is, wtf? I've been working to do a backup which I would think would either cause network utilization to max out, or disk io to max out. I'm not seeing either. Sar says the disks are 100% utilized but I can cause major increases in actual disk reads and writes by just running additional commands. Also, if the disks were 100% utilized I'd expect we would see lots more iowait. We're not though, iowait on the box is only %0.06 today. So, long story short, we're seeing much better performance when just reading or writing lots of data (though dd is many times slower then cat). But with our real-world traffic, we're just seeing crappy crappy IO. Thoughts, theories or opinions? Some of the sysadmin noc guys have access to run diagnostic commands, if you want more info about a setting, let me know. I should also mention there's lots going on with this box, for example its hardware raid, lvm and I've got xen running on it (though the tests above were not in a xen guest). -Mike From mmcgrath at redhat.com Wed Dec 31 21:03:58 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 15:03:58 -0600 (CST) Subject: new to fedora contribution and the infrastructure group In-Reply-To: References: Message-ID: On Wed, 31 Dec 2008, Sascha Thomas Spreitzer wrote: > Hello opensource contributers and infrastructure specialists, > > my name is Sascha Thomas Spreitzer, I life in the east of Munich in > the heart of Bavaria, which is in the south of Germany. > I have several years of Unix system administration experience, that is > now in use at the BAADER Bank AG and was formerly at the german > Sparkasse banks organization. > My current job description refers to "UNIX system engineer and > platform specialist". I am very familiar with planning, integration > and maintenance of Unix systems in data centre and internet > environments. > > I have done several courses and trainings and gained the RHCE > certification as well as some IBM AIX certifications. > > As im using fedora day by day, I decided to help and contribute on it. > > I hope I can help this project. > Welcome Sascha, please do participate on this list and in the irc.freenode.net #fedora-admin channel. If you can make our meetings that's always a bonus as well: http://fedoraproject.org/wiki/Infrastructure/Meetings -Mike From laxathom at fedoraproject.org Wed Dec 31 21:49:56 2008 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Wed, 31 Dec 2008 22:49:56 +0100 Subject: Disk IO issues In-Reply-To: References: Message-ID: <62bc09df0812311349r2df5ff94x81362f5fab587185@mail.gmail.com> On Wed, Dec 31, 2008 at 9:42 PM, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s > > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. > > The above tests are pretty consistent. /dev/sde is a raid5 array, > hardware raid. > > So my question here is, wtf? I've been working to do a backup which I > would think would either cause network utilization to max out, or disk io > to max out. I'm not seeing either. Sar says the disks are 100% utilized > but I can cause major increases in actual disk reads and writes by just > running additional commands. Also, if the disks were 100% utilized I'd > expect we would see lots more iowait. We're not though, iowait on the box > is only %0.06 today. > > So, long story short, we're seeing much better performance when just > reading or writing lots of data (though dd is many times slower then cat). > But with our real-world traffic, we're just seeing crappy crappy IO. > > Thoughts, theories or opinions? Some of the sysadmin noc guys have access > to run diagnostic commands, if you want more info about a setting, let me > know. > > I should also mention there's lots going on with this box, for example its > hardware raid, lvm and I've got xen running on it (though the tests above > were not in a xen guest). > Could you perform an hdparm -tT on that disk ? Also, output an strace against your cat & dd commands. if my memory is good enough, cat use mmap() which is faster than read() (which is used by dd) -- Xavier.t Lamien -- From sascha at spreitzer.name Wed Dec 31 21:56:24 2008 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Wed, 31 Dec 2008 22:56:24 +0100 Subject: Disk IO issues In-Reply-To: References: Message-ID: Hello Mike, maybe the RAID mirror failed and is auto healing in background. Is there a way to determine the RAID state? Is the RAID controller showing any errors? Physical disks reporting seek errors? I assume a problem with either hardware buffers of disk or RAID controller or faulty disk or RAID hardware. regards, Sascha 2008/12/31 Mike McGrath : > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s > > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. > > The above tests are pretty consistent. /dev/sde is a raid5 array, > hardware raid. > > So my question here is, wtf? I've been working to do a backup which I > would think would either cause network utilization to max out, or disk io > to max out. I'm not seeing either. Sar says the disks are 100% utilized > but I can cause major increases in actual disk reads and writes by just > running additional commands. Also, if the disks were 100% utilized I'd > expect we would see lots more iowait. We're not though, iowait on the box > is only %0.06 today. > > So, long story short, we're seeing much better performance when just > reading or writing lots of data (though dd is many times slower then cat). > But with our real-world traffic, we're just seeing crappy crappy IO. > > Thoughts, theories or opinions? Some of the sysadmin noc guys have access > to run diagnostic commands, if you want more info about a setting, let me > know. > > I should also mention there's lots going on with this box, for example its > hardware raid, lvm and I've got xen running on it (though the tests above > were not in a xen guest). > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From ricky at fedoraproject.org Wed Dec 31 22:26:27 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 31 Dec 2008 17:26:27 -0500 Subject: Disk IO issues In-Reply-To: <62bc09df0812311349r2df5ff94x81362f5fab587185@mail.gmail.com> References: <62bc09df0812311349r2df5ff94x81362f5fab587185@mail.gmail.com> Message-ID: <20081231222627.GB13367@sphe.fedora.phx.redhat.com> On 2008-12-31 10:49:56 PM, Xavier Lamien wrote: > Could you perform an hdparm -tT on that disk ? /dev/sde: Timing cached reads: 2668 MB in 2.00 seconds = 1336.06 MB/sec Timing buffered disk reads: 1024 MB in 3.01 seconds = 340.69 MB/sec > Also, output an strace against your cat & dd commands. > > if my memory is good enough, cat use mmap() which is faster than > read() (which is used by dd) I just straced dd and cat, and it looks like cat is using a block size of 4096 bytes while dd is using 512 bytes. I *think* they were both just using read(). Perhaps dd if=/dev/sde of=/dev/null bs=4096 would be a better command to compare against. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From lists at sequestered.net Wed Dec 31 23:18:47 2008 From: lists at sequestered.net (Corey Chandler) Date: Wed, 31 Dec 2008 15:18:47 -0800 Subject: Disk IO issues In-Reply-To: References: Message-ID: <495BFDD7.3040006@sequestered.net> Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > 1. Are we sure the array hasn't lost a drive? 2. What's your scheduler set to? CFQ tends to not work in many applications where the deadline scheduler works better... -- Corey "Jay" Chandler From mmcgrath at redhat.com Wed Dec 31 23:27:18 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 17:27:18 -0600 (CST) Subject: Disk IO issues In-Reply-To: <20081231222627.GB13367@sphe.fedora.phx.redhat.com> References: <62bc09df0812311349r2df5ff94x81362f5fab587185@mail.gmail.com> <20081231222627.GB13367@sphe.fedora.phx.redhat.com> Message-ID: On Wed, 31 Dec 2008, Ricky Zhou wrote: > On 2008-12-31 10:49:56 PM, Xavier Lamien wrote: > > Could you perform an hdparm -tT on that disk ? > /dev/sde: > Timing cached reads: 2668 MB in 2.00 seconds = 1336.06 MB/sec > Timing buffered disk reads: 1024 MB in 3.01 seconds = 340.69 MB/sec > > > Also, output an strace against your cat & dd commands. > > > > if my memory is good enough, cat use mmap() which is faster than > > read() (which is used by dd) > I just straced dd and cat, and it looks like cat is using a block size > of 4096 bytes while dd is using 512 bytes. I *think* they were both > just using read(). Perhaps dd if=/dev/sde of=/dev/null bs=4096 would be > a better command to compare against. > Ok, that explains the difference between dd and cat. Now why is the rest of it so bad. -Mike From smooge at gmail.com Wed Dec 31 23:33:09 2008 From: smooge at gmail.com (Stephen John Smoogen) Date: Wed, 31 Dec 2008 16:33:09 -0700 Subject: Disk IO issues In-Reply-To: References: Message-ID: <80d7e4090812311533i1b1b5183k3894ec5748d7a482@mail.gmail.com> On Wed, Dec 31, 2008 at 1:42 PM, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s > > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. I thought the /dev/null numbers were not good indicators (I remember Stephen Tweedie or someone in the RH Kernel team lecturing that numbers while consistent would not show real world issues and could be much higher than what really happens.) The lesson was always send it to a real file that its going to open/close/deal with.. even if the file is in a ram disk. I do know that dd defaults to 512 block size which makes it different speeds for copies (whoops Ricky confirms this ). Also stuff that will fit inside of the PERC Cache and how the journal is going to be written/committed are going to make differences... The next difference is how a system sees inside of a disk and how the disk sees itself. The /dev/xxx are always going to be much higher because there is no filesystem interaction and the controller is going to be just pulling from hardware.. it might even optimize doing that (raw partition style) so that you get insane speeds but as soon as you put in a filesystem poof. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Wed Dec 31 23:35:42 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 17:35:42 -0600 (CST) Subject: Disk IO issues In-Reply-To: <495BFDD7.3040006@sequestered.net> References: <495BFDD7.3040006@sequestered.net> Message-ID: On Wed, 31 Dec 2008, Corey Chandler wrote: > Mike McGrath wrote: > > Lets pool some knowledge together because at this point, I'm missing > > something. > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > timeout. > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > are. This is a PERC5/E and MD1000 array. > > > > 1. Are we sure the array hasn't lost a drive? I can't physically look at the drive (they're a couple hundred miles away) but we've seen no reports of it (via the drac anyway). I'll have to get the raid software on there to be for sure. I'd think a degraded raid array would affect both direct block access and file level access. > 2. What's your scheduler set to? CFQ tends to not work in many applications > where the deadline scheduler works better... > I'd tried other schedulers earlier but they didn't seem to make much of a difference. Even still, I'll get dealine setup and take a look. At least we've got the dd and cat problem figured out. Now to figure out why there's such a discrepancy between file level reads and block level reads. Anyone else have an array of this type and size to run those tests on? I'd be curious to see what others are getting. -Mike From gregswift at gmail.com Wed Dec 31 23:42:42 2008 From: gregswift at gmail.com (Greg Swift) Date: Wed, 31 Dec 2008 17:42:42 -0600 Subject: Disk IO issues In-Reply-To: References: <495BFDD7.3040006@sequestered.net> Message-ID: <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> On Wed, Dec 31, 2008 at 17:35, Mike McGrath wrote: > On Wed, 31 Dec 2008, Corey Chandler wrote: > > > Mike McGrath wrote: > > > Lets pool some knowledge together because at this point, I'm missing > > > something. > > > > > > I've been doing all measurements with sar as bonnie, etc, causes builds > to > > > timeout. > > > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > > are. This is a PERC5/E and MD1000 array. > > > > > > > 1. Are we sure the array hasn't lost a drive? > > I can't physically look at the drive (they're a couple hundred miles away) > but we've seen no reports of it (via the drac anyway). I'll have to get > the raid software on there to be for sure. I'd think a degraded raid > array would affect both direct block access and file level access. > > > 2. What's your scheduler set to? CFQ tends to not work in many > applications > > where the deadline scheduler works better... > > > > I'd tried other schedulers earlier but they didn't seem to make much of a > difference. Even still, I'll get dealine setup and take a look. > > At least we've got the dd and cat problem figured out. Now to figure out > why there's such a discrepancy between file level reads and block level > reads. Anyone else have an array of this type and size to run those tests > on? I'd be curious to see what others are getting. > we are working on a rhel3 to 5 migration at my job. We have 2 primary filesystems. one is large database files and the other is lots of small documents. As we were testing backup software for rhel5 we noticed a 60% decrease in speed moving from rhel3 to rhel5 with the same file system, but only on the document filesystem, the db file system was perfectly snappy. After a lot of troubleshooting it was deemed to be related to the dir_index btree hash. The path was to long before there was a difference in the names of the files, making the index incredibly slow. Removing dir_index recovered a bit of the difference, but didn't resolve the issue. A quick rename of one of the base directories recovered almost the entire 60%. Thought I'd at least throw it out there, although I'm not sure that it is the exact issue, it doesn't hurt to have it floating in the background. -greg/xaeth -------------- next part -------------- An HTML attachment was scrubbed... URL: From josemanimala at gmail.com Wed Dec 31 18:14:38 2008 From: josemanimala at gmail.com (jose manimala) Date: Wed, 31 Dec 2008 23:44:38 +0530 Subject: Applologies Message-ID: <53a863600812311014n5392c58cwf10b287ebfecd09c@mail.gmail.com> Hello everyone, I am really sorry about that forward. The website imported my entire addressbook. It will not happen again. I deeply regret my mistake. Sorry again regards -- Jose M Manimala Ph: +919790824111 http://www.jmmblog.in.eu.org GPGkeyID: F5DD9656 -------------- next part -------------- An HTML attachment was scrubbed... URL: From josemanimala at gmail.com Wed Dec 31 18:17:49 2008 From: josemanimala at gmail.com (jose manimala) Date: Wed, 31 Dec 2008 23:47:49 +0530 Subject: Sorry Message-ID: <53a863600812311017k2d4d33e8xe38450474d350c8a@mail.gmail.com> Hi everyone, I am really sorry about the accidental forward. I apologize for my mistake sorry again. The website imported my entire address book and I didnt know that every email address I ever used was included in it. regards -- Jose M Manimala Ph: +919790824111 http://www.jmmblog.in.eu.org GPGkeyID: F5DD9656 -------------- next part -------------- An HTML attachment was scrubbed... URL: