From Matt_Domsch at dell.com Thu May 1 13:21:08 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Thu, 1 May 2008 08:21:08 -0500 Subject: MM fix for secondary arches Message-ID: <20080501132108.GA8424@auslistsprd01.us.dell.com> Sent yesterday, not sure why it didn't make it to the list. -Mat ----- Forwarded message from Matt Domsch ----- Date: Wed, 30 Apr 2008 12:35:43 -0500 From: Matt Domsch To: fedora-infrastucture-list at redhat.com Subject: MM fix for secondary arches Status: RO This runs on app4, but app4 can't reach the rsync port using the name secondary.fp.o (since the host moved), but can using secondary1.fedora.phx.redhat.com. I want to make the simple hostname change in the script. diff --git a/mirrors/update-master-directory-list b/mirrors/update-master-directory-list index 5fc4e9e..f0b66ed 100755 --- a/mirrors/update-master-directory-list +++ b/mirrors/update-master-directory-list @@ -240,4 +240,4 @@ def sync_directories_from_file(filename, cname): sync_directories_from_file('/tmp/fedora-epel.txt', 'Fedora EPEL') sync_directories_from_file('/tmp/fedora-web.txt', 'Fedora Web') sync_directories_from_file('/tmp/fedora-linux.txt', 'Fedora Linux') -sync_directories_using_rsync('rsync://secondary.fedoraproject.org/fedora-secondary/', 'Fedora Secondary Arches') +sync_directories_using_rsync('rsync://secondary1.fedora.phx.redhat.com/fedora-secondary/', 'Fedora Secondary Arches') -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux ----- End forwarded message ----- From mmcgrath at redhat.com Thu May 1 13:43:32 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 May 2008 08:43:32 -0500 (CDT) Subject: MM fix for secondary arches In-Reply-To: <20080501132108.GA8424@auslistsprd01.us.dell.com> References: <20080501132108.GA8424@auslistsprd01.us.dell.com> Message-ID: On Thu, 1 May 2008, Matt Domsch wrote: > Sent yesterday, not sure why it didn't make it to the list. > -Mat > > ----- Forwarded message from Matt Domsch ----- > > Date: Wed, 30 Apr 2008 12:35:43 -0500 > From: Matt Domsch > To: fedora-infrastucture-list at redhat.com > Subject: MM fix for secondary arches > Status: RO > > This runs on app4, but app4 can't reach the rsync port using the name > secondary.fp.o (since the host moved), but can using > secondary1.fedora.phx.redhat.com. > > I want to make the simple hostname change in the script. > +1 -Mike From a.badger at gmail.com Thu May 1 13:50:06 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 01 May 2008 06:50:06 -0700 Subject: MM fix for secondary arches In-Reply-To: <20080501132108.GA8424@auslistsprd01.us.dell.com> References: <20080501132108.GA8424@auslistsprd01.us.dell.com> Message-ID: <4819CA8E.4000508@gmail.com> Matt Domsch wrote: > Sent yesterday, not sure why it didn't make it to the list. > -Mat > > ----- Forwarded message from Matt Domsch ----- > > Date: Wed, 30 Apr 2008 12:35:43 -0500 > From: Matt Domsch > To: fedora-infrastucture-list at redhat.com > Subject: MM fix for secondary arches > Status: RO > > This runs on app4, but app4 can't reach the rsync port using the name > secondary.fp.o (since the host moved), but can using > secondary1.fedora.phx.redhat.com. > > I want to make the simple hostname change in the script. > > > diff --git a/mirrors/update-master-directory-list b/mirrors/update-master-directory-list > index 5fc4e9e..f0b66ed 100755 > --- a/mirrors/update-master-directory-list > +++ b/mirrors/update-master-directory-list > @@ -240,4 +240,4 @@ def sync_directories_from_file(filename, cname): > sync_directories_from_file('/tmp/fedora-epel.txt', 'Fedora EPEL') > sync_directories_from_file('/tmp/fedora-web.txt', 'Fedora Web') > sync_directories_from_file('/tmp/fedora-linux.txt', 'Fedora Linux') > -sync_directories_using_rsync('rsync://secondary.fedoraproject.org/fedora-secondary/', 'Fedora Secondary Arches') > +sync_directories_using_rsync('rsync://secondary1.fedora.phx.redhat.com/fedora-secondary/', 'Fedora Secondary Arches') > It's broken now and this will fix it? And it only affects secondary, not primary arches? If so, +1 -Toshio From ianweller at gmail.com Thu May 1 21:06:29 2008 From: ianweller at gmail.com (Ian Weller) Date: Thu, 1 May 2008 16:06:29 -0500 (CDT) Subject: change request: work on new wiki CSS and templates Message-ID: There are a few CSS and template things to change on the wiki to make it look a lot better and integrate with the main website more. I'm requesting ability to change CSS and templates throughout this change freeze. -- ian From mmcgrath at redhat.com Thu May 1 21:10:27 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 May 2008 16:10:27 -0500 (CDT) Subject: change request: work on new wiki CSS and templates In-Reply-To: References: Message-ID: On Thu, 1 May 2008, Ian Weller wrote: > There are a few CSS and template things to change on the wiki to make it look > a lot better and integrate with the main website more. I'm requesting ability > to change CSS and templates throughout this change freeze. > I think these are very low risk, and help ensure we can release the new wiki shortly after F9. +1 -Mike From ricky at fedoraproject.org Thu May 1 22:11:51 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 1 May 2008 18:11:51 -0400 Subject: Meeting Log - 2008-05-01 Message-ID: <20080501221151.GA7622@Max> 16:00 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting, who's here 16:01 -!- maploin [n=oin at 86.123.200.16] has joined #fedora-meeting 16:01 * jima , barely 16:01 * skvidal is 16:01 < mmcgrath> abadger1999: dgilmore f13 ianweller ivazquez lmacken marek mdomsch paulobanon skvidal: ping 16:02 < ivazquez> Pong. 16:02 < mmcgrath> ricky: ? 16:02 * abadger1999 here 16:02 * lmacken is around 16:03 < mmcgrath> aaalrighty. 16:03 < mmcgrath> lets get started. 16:03 < mmcgrath> this should be _real_ quick since we're in a change freeze. 16:03 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- F9 Release. 16:03 < mdomsch> yep 16:04 < ianweller> hi 16:04 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&milestone=Fedora+9 16:04 < zodbot> mmcgrath: http://tinyurl.com/25vzyu 16:04 < mmcgrath> So thats what we've got left to do for the F9 launch 16:04 < marek> hey all 16:04 < mmcgrath> skvidal: is it your opinion we should wait until after F9 to switch to torrent.fedoraproject.org? 16:04 * ianweller just got home :D 16:04 < mmcgrath> marek: howdy 16:05 < skvidal> mmcgrath: at this point, yes 16:05 * mmcgrath agrees. 16:05 < skvidal> mmcgrath: even if we get the new ips - we've got no way of knowing if that actually solves it until more tests :-/ 16:05 < mmcgrath> it might make it now, but I have no reason to believe that the current torrent box will flake out in the next two weeks :) 16:05 < mmcgrath> .ticket 231 16:05 < zodbot> mmcgrath: #231 (post master directory space usage for mirrors) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/231 16:05 < mmcgrath> mdomsch: were you happy with the outcome on that enough that I can close the ticket? 16:06 < mdomsch> mmcgrath, yes 16:06 < mdomsch> mmcgrath, does that get run occasionally? 16:06 < mdomsch> e.g. cronjob? 16:06 < mmcgrath> mdomsch: yeah its a cron job. 16:06 * mmcgrath verifies its actually running 16:06 < mdomsch> perfect 16:07 < mmcgrath> mdomsch: it is - 30 19 * * * 16:07 < mdomsch> great 16:07 < mmcgrath> .any yingbull 16:07 < zodbot> mmcgrath: yingbull was last seen in #fedora-meeting 4 hours, 11 minutes, and 21 seconds ago: *** yingbull has quit IRC ("ChatZilla 0.9.78.1 [Firefox 2.0.0.13/2008031114]") 16:07 < mmcgrath> f13: you around? 16:08 < mmcgrath> we'll go back to that. 16:08 < mmcgrath> .ticket 333 16:08 < zodbot> mmcgrath: #333 (Add spam headers to bastion (smtp)) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/333 16:08 < mmcgrath> .ticket 54 16:08 < zodbot> mmcgrath: #54 (Postfix Server) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/54 16:08 -!- bzbot is now known as buggbot 16:08 < mmcgrath> those configs are ready to be deployed but there were concerns on the list about deploying this close to the release. 16:08 -!- hughsie [n=hughsie at host86-158-145-201.range86-158.btcentralplus.com] has left #fedora-meeting ["Ex-Chat"] 16:08 < mmcgrath> So shortly after the release we'll deploy. 16:08 < mmcgrath> .272 can be closed 16:09 < mmcgrath> .any susmit 16:09 < zodbot> mmcgrath: susmit was last seen in #fedora-meeting 1 week, 5 days, 7 hours, 41 minutes, and 11 seconds ago: *** susmit has parted #fedora-meeting () 16:09 -!- smooge [n=smooge at canopus.unm.edu] has quit "-ENOCAFFEINE" 16:09 < mmcgrath> I'm not sure whats going on with 16:09 < mmcgrath> .389 16:09 < mmcgrath> we haven't had an issue in a while but it'd be nice to have that shortly after F9 16:09 < mmcgrath> .ticket 389 16:09 < zodbot> mmcgrath: #389 (Monitor primary mirror) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/389 16:09 -!- petreu [n=peter at fedora/Standby] has quit "( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de )" 16:10 < mmcgrath> So really there's nothing left to discuss on the F9 release. 16:10 < mmcgrath> One thing I'm looking at doing is finding the cheapest operation for our common pages via load tests here in my lab at home. 16:10 < mmcgrath> it turns out there's some fun stuff that goes on with mod_cache and mod_negotiation (which we use for translated websites) 16:10 < mmcgrath> there's a meeting at the end of the week to determine exactly what links we'll be giving out. 16:11 < mmcgrath> I had planned on setting the proxy servers to auto-cache just those pages in memory. 16:11 < mmcgrath> and their requisites (images, css, etc) 16:11 -!- sharkcz [n=dan at plz1-v-4-17.static.adsl.vol.cz] has joined #fedora-meeting 16:11 < mmcgrath> Anyone have any questions or concerns about the F9 release? 16:12 < mmcgrath> I'll take that as a no. 16:12 < mdomsch> mmcgrath, keeping the wiki online? 16:12 < ianweller> heh 16:12 < mdomsch> we won't have the new mediawiki up yet 16:13 < mmcgrath> mdomsch: yeah I'll be getting that list of pages during the meeting this week and creating static pages for the links we give out. 16:13 < mdomsch> even if it's r/o for release day 16:13 < mdomsch> ok 16:13 < mmcgrath> also, in theory, for this release we can add more readers. But I think creating static pages of our official links is probably the best strategy. 16:13 < ianweller> +1 16:13 < mdomsch> agreed 16:14 < mdomsch> does it make sense to add readers, and stop all writers for the day? 16:14 < mdomsch> or is that too hard? 16:14 < marek> I think we should leave few core writers to be able to edit the wiki, just in case of wrong info or typos 16:14 < mmcgrath> shouldn't be too hard. 16:15 < mmcgrath> marek: I'm actually more inclined to make them come to us first. In the past when the wiki has gotten "busy", writing makes it infinitly worse for some reason. 16:15 < mmcgrath> al though, in theory, we have the wiki setup in a way we never have before (and didn't have last time) 16:15 < mmcgrath> so ew can dedicate a writer and create a few readers. 16:15 -!- GeroldKa [n=GeroldKa at fedora/geroldka] has joined #fedora-meeting 16:16 < mmcgrath> I'll run a couple of tests and send a note to the list. 16:16 < mmcgrath> Ok, anyone else have any questions? 16:16 < mdomsch> mmcgrath, you mean we rewrite the edit URLs and point them at the same box? 16:16 < mdomsch> i'm good 16:16 < mmcgrath> mdomsch: well, right now all reads are going to app1, all writes are going to app2. We can make all reads go to app1,3,4 and leave all reads alone. 16:17 < mmcgrath> which isn't bad because app2 is a pretty busy box compared to the rest. 16:17 < mdomsch> nice 16:17 < mmcgrath> err "and leave all writes alone" 16:17 < mmcgrath> ok, we'll scoot along for now. 16:17 < ianweller> so we have separate read and write servers for moin? 16:17 < mmcgrath> ianweller: correct. 16:17 < ianweller> hmm. 16:17 < ianweller> ok! 16:17 < mmcgrath> ianweller: which is the most stable we've ever had it :) 16:17 < ianweller> tee hee 16:18 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Outage last week. 16:18 < mmcgrath> So we had two interesting outages this last week. 16:18 < mmcgrath> one of them, came and went on its own. DB2's load went way up, then came back down. 16:18 < mmcgrath> but the one before that, on a Friday or Sat. evening was very strange. 16:18 < mmcgrath> basically xen6 lost access to its storage subsystem. 16:18 < mmcgrath> I haven't had time to go through the logs yet but its not something we've seen before but is something we need to keep a closer eye on. 16:19 < mmcgrath> the good news is that because of the work susmit and I have been up to, our nagios false positives are way down. 16:19 -!- couf [n=bart at fedora/couf] has quit "leaving" 16:19 < mmcgrath> And the last thing on our agenda this week... 16:19 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Outage this Sat. 16:19 < mmcgrath> So PHX is going to be offline. 16:20 < skvidal> I'm sure nothing will break 16:20 < mmcgrath> They said they'll keep the outage to a minimum, but still, unlike nfs, we can't have our iscsi shares going up and down for 5 hours. 16:20 < mmcgrath> so I think we should just shut them all down. 16:20 < mmcgrath> So the basic plan is this. 16:20 < marek> I should be back at home and online to report the progress from network team 16:21 < mmcgrath> marek: thanks, that will be most helpful. 16:21 < mmcgrath> marek: do you know if they'll be switching out our switch? 16:21 < marek> I'm in Paris now and I hope I'll get back home till Friday 16:21 < mmcgrath> its EOL AFAIK. 16:21 < marek> mmcgrath: don't know, good question 16:21 < marek> mmcgrath: let me ask quick 16:22 < mmcgrath> marek: thanks. 16:22 < mmcgrath> So we'll be running all traffic through tummy.com for that outage. 16:22 < mmcgrath> we'll setup proxy3 to balance mirrormanager between app5 and app6. 16:23 < mmcgrath> since app2 is on local storage, it'll be going up and down as the network goes up and down, with no real harm. 16:23 < mmcgrath> so, with the exception of db2 (and therefore auth) the wiki at least and smolt will stay up when the network is available for them to do s. 16:23 < mmcgrath> unfortunately everything else will just be down. 16:24 < mdomsch> can tummy handle that? 16:24 < mdomsch> nirik was concerned that the secondary content rsync was eating their bandwidth 16:24 < mmcgrath> mdomsch: yeah, tummy handled all of our traffic during the F8 launch for a few hours. 16:24 -!- SmootherFrOgZ [n=Smoother at ASte-Genev-Bois-152-1-83-163.w86-218.abo.wanadoo.fr] has quit Remote closed the connection 16:24 < mdomsch> ok, as long as they're ok with it 16:25 < nirik> yeah, that transfer was coming in on the much slower of our links for some reason... 16:25 < nirik> and it was for a long time. ;) 16:25 < mmcgrath> I don't think they'll even notice. I'll try to get an actual estimate of bw and talk to them ahead of time and see if we need to throttle or something. 16:25 < mmcgrath> nirik: right now though, can you see how much traffic is going through proxy3? It'll double. 16:25 * nirik goes to look 16:25 < mmcgrath> .dns fedoraproject.org 16:25 < zodbot> mmcgrath: 66.35.62.162 16:26 < nirik> Current Traffic: 117.3KiB/sec in/165.1KiB/sec out 16:26 < nirik> no biggie at all 16:26 < mmcgrath> so if we shutdown PHX and sent all traffic through you, that number would double. 16:26 < mmcgrath> yeah, thats what I thought. Good to verify it though. 16:26 < mmcgrath> Ok, Also during that outage, I'm going to reboot xen1 and give it the new 5.2 kernel. 16:27 < mmcgrath> we never did that during the last outage because the branching took much longer then we thought. 16:27 < mmcgrath> Anyone else have any concerns for this weekend? 16:27 < nirik> I don't think that would be any problem... 16:27 < marek> mmcgrath: ah, mgalgoci is out for training, I'll try to find more details tomorrow and let you know 16:28 < mdomsch> marek, see if malgoci got his internet2 netblock for download1 pls 16:29 < mdomsch> that'd be nice to have, but not critical 16:29 < skvidal> hey 16:29 < marek> mdomsch: afaik there's download-i2.fedora.redhat.com for that no? 16:29 < skvidal> mmcgrath just dropped off the net 16:29 < skvidal> he called me 16:29 < mdomsch> marek, don't know 16:29 < skvidal> anything else on the meeting? 16:30 < marek> mdomsch: from what I remember from mails, download1.fedora -> download3.fedora so people can download normalny 16:30 < marek> and download-i2.fedora.redhat.com is the inet2 16:30 < marek> skvidal: not for me 16:30 < mdomsch> marek, you've been out of the loop for a bit... 16:30 < mmcgrath> oh! I'm back. 16:30 < skvidal> marek: and ibiblio is getting things through th i2 connection 16:30 < skvidal> oh look 16:30 < skvidal> we have an mmcgrath again 16:30 < mmcgrath> marek: thanks. 16:30 < mdomsch> marek, I'll fill you in after the meeting 16:30 < marek> mdomsch: that's passible, passing my days in paris now :/ 16:31 < marek> k 16:31 < mmcgrath> Lets open the floor and close the meeting :) 16:31 < mdomsch> mmcgrath, good to prove our strategy for losing a data center 16:31 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 16:32 < mdomsch> just before a release 16:32 < mmcgrath> Does anyone have anything else to discuss? 16:32 < mmcgrath> mdomsch: no doubt :) I hope for the next release we'll have the alternate vpn server up so the changes are automatic. 16:32 < abadger1999> skvidal: Are you holding off on the package-owners at fp.o aliases until after release? 16:32 < skvidal> abadger1999: yah - I'll tie it to postfix 16:33 < skvidal> abadger1999: b/c it'll be less effort (sorry, lazy) 16:34 < mmcgrath> skvidal: its also "the smart thing" to do :) 16:34 < skvidal> laziness frequently is 16:34 < skvidal> :) 16:34 < abadger1999> :-) 16:34 < mmcgrath> hah 16:34 < mmcgrath> Alrighty, anyone have anything else to discuss? 16:34 < mmcgrath> If not I'll close the meeting in 30 16:34 -!- rdieter is now known as rdieter_away 16:34 < mmcgrath> 10 16:35 < mmcgrath> 5 16:35 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting end! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From a.badger at gmail.com Fri May 2 01:24:32 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 01 May 2008 18:24:32 -0700 Subject: Change Request: fix a fas2 vs fas1 regression Message-ID: <481A6D50.3030907@gmail.com> I've just committed this change to the fas git repo that fixes a change in the dump format from fas1 to fas2. In fas1, the role_type was accurate when dumped from the account system. In fas2, role_type was always "user" even if the person was a sponsor or administrator. I'd like to have this applied to the production FAS so that the Package Status Scripts can be run again. Changes: * Correct information which has been inaccurate since migration to FAS2. * No longer check if the user is in the group their trying to dump as they can retrieve the information by retrieving the list of all users anyway. * Speed up dumping when a groupname is specified (probably significantly on app5) by making a single database query per call instead of one db query per user in the group. Risk: * FAS is a major service. Many third-party apps consume this particular page as it's an easy way for them to get username=>email mappings. * This adds a field to the data as retrieved via json. It adds a field for role_type of the user to each record. Mitigation: * The format of the page isn't changing, just the accuracy of one of the fields. * The patch is very small and limited to this single method and one line in its template. * Tested when group name is unspecified, group name is specified, and whether retrieving json or plain text. Benefits: * Allows Package Status Scripts to run once again * Speedier -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: fas2-dump-role_type.patch Type: text/x-patch Size: 2476 bytes Desc: not available URL: From mmcgrath at redhat.com Fri May 2 02:54:45 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 May 2008 21:54:45 -0500 (CDT) Subject: Change Request: fix a fas2 vs fas1 regression In-Reply-To: <481A6D50.3030907@gmail.com> References: <481A6D50.3030907@gmail.com> Message-ID: On Thu, 1 May 2008, Toshio Kuratomi wrote: > I've just committed this change to the fas git repo that fixes a change in the > dump format from fas1 to fas2. In fas1, the role_type was accurate when > dumped from the account system. In fas2, role_type was always "user" even if > the person was a sponsor or administrator. > > I'd like to have this applied to the production FAS so that the Package Status > Scripts can be run again. > > Changes: > * Correct information which has been inaccurate since migration to FAS2. > * No longer check if the user is in the group their trying to dump as they > can retrieve the information by retrieving the list of all users anyway. > * Speed up dumping when a groupname is specified (probably significantly on > app5) by making a single database query per call instead of one db query per > user in the group. > > Risk: > * FAS is a major service. Many third-party apps consume this particular > page as it's an easy way for them to get username=>email mappings. > * This adds a field to the data as retrieved via json. It adds a field for > role_type of the user to each record. > > Mitigation: > * The format of the page isn't changing, just the accuracy of one of the > fields. > * The patch is very small and limited to this single method and one line in > its template. > * Tested when group name is unspecified, group name is specified, and > whether retrieving json or plain text. > > Benefits: > * Allows Package Status Scripts to run once again > * Speedier > +1. I'm familiar with this bug and completely forgot about it. Sorry bout that. -Mike From ricky at fedoraproject.org Fri May 2 03:05:04 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 1 May 2008 23:05:04 -0400 Subject: Change Request: fix a fas2 vs fas1 regression In-Reply-To: <481A6D50.3030907@gmail.com> References: <481A6D50.3030907@gmail.com> Message-ID: <20080502030504.GC21257@Max> On 2008-05-01 06:24:32 PM, Toshio Kuratomi wrote: > I've just committed this change to the fas git repo that fixes a change in > the dump format from fas1 to fas2. In fas1, the role_type was accurate > when dumped from the account system. In fas2, role_type was always "user" > even if the person was a sponsor or administrator. > > I'd like to have this applied to the production FAS so that the Package > Status Scripts can be run again. +1 for the role_type fix (If the last field, the number of people sponsored, isn't vital to those scripts, then we can fix that last omissions after the freeze.) Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From a.badger at gmail.com Fri May 2 07:24:58 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 02 May 2008 00:24:58 -0700 Subject: Change Request: fix a fas2 vs fas1 regression In-Reply-To: <20080502030504.GC21257@Max> References: <481A6D50.3030907@gmail.com> <20080502030504.GC21257@Max> Message-ID: <481AC1CA.3050801@gmail.com> Ricky Zhou wrote: > On 2008-05-01 06:24:32 PM, Toshio Kuratomi wrote: >> I've just committed this change to the fas git repo that fixes a change in >> the dump format from fas1 to fas2. In fas1, the role_type was accurate >> when dumped from the account system. In fas2, role_type was always "user" >> even if the person was a sponsor or administrator. >> >> I'd like to have this applied to the production FAS so that the Package >> Status Scripts can be run again. > +1 for the role_type fix > (If the last field, the number of people sponsored, isn't vital to those > scripts, then we can fix that last omissions after the freeze.) > Shoot. I didn't know that field was broken as well. Am I correct that that's the number of people that the given person has sponsored? If so, here's a new version of the patch that fixes that as well (committed to fas's git). It makes two db queries inside of the method body[1]_ per request. I'm pretty sure that it could be made into a single query per request but I don't think that's a necessary change at the moment. This has been tested on pt3 for plain text and json calls, with a groupname and without a groupname specified. It imports a few methods from sqlalchemy but otherwise it only touches the dump method and its template just like the last patch. .. _[1]: There are additional queries that we don't have much control over for authentication and such. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: fas2-dump-role-sponsor.patch Type: text/x-patch Size: 3608 bytes Desc: not available URL: From mmcgrath at redhat.com Fri May 2 16:29:15 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 May 2008 11:29:15 -0500 (CDT) Subject: Change Request (alias) Message-ID: The westford move came at a pretty terrible time for Jesse, he'd like his mail forwarded to a different address. Very low risk, just an aliases file change. Can I get a +1? -Mike From wakko666 at gmail.com Fri May 2 16:41:30 2008 From: wakko666 at gmail.com (Brett Lentz) Date: Fri, 02 May 2008 09:41:30 -0700 Subject: Change Request (alias) In-Reply-To: References: Message-ID: <1209746490.30637.22.camel@blentz> On Fri, 2008-05-02 at 11:29 -0500, Mike McGrath wrote: > The westford move came at a pretty terrible time for Jesse, he'd like his > mail forwarded to a different address. Very low risk, just an aliases > file change. > > Can I get a +1? > > -Mike > +1 This sounds like a fairly trivial change. ---Brett. You are deeply attached to your friends and acquaintances. From skvidal at fedoraproject.org Fri May 2 16:43:54 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Fri, 02 May 2008 12:43:54 -0400 Subject: Change Request (alias) In-Reply-To: References: Message-ID: <1209746634.2858.0.camel@cutter> On Fri, 2008-05-02 at 11:29 -0500, Mike McGrath wrote: > The westford move came at a pretty terrible time for Jesse, he'd like his > mail forwarded to a different address. Very low risk, just an aliases > file change. > > Can I get a +1? +1 -sv From a.badger at gmail.com Fri May 2 22:32:12 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 02 May 2008 15:32:12 -0700 Subject: PackageDB API Failings Message-ID: <481B966C.2090103@gmail.com> Hey guys, To go along with my recent post about designing Fedora Web Services API's to be good at what they do, I've just written down all the places that I think the PackageDB API fails. There's also some notes on how to fix the failings when we design an API to replace it:: https://fedorahosted.org/packagedb/wiki/NewAPI Some of you may find it instructive of how to avoid the same pitfalls in your own TG Apps while others might have a vested interest in reading it and telling me if any of my thoughts on the redesign are lacking in insight (after all, myfedora, bodhi, and others will be consuming information from the packagedb). Please take a look, I'll probably take a look at refactoring the current API to be more friendly to the redesign in a branch before starting to make concrete statements of what the methods in the new API will be (They will follow the guidelines established on the NewAPI page.) If you're the kind of person that likes to start from the abstract instead of the concrete, feel free to start writing some idea for useful functions for the new API. Also, if there's any UI Designers around, now would be a great time to tell me how the present PackageDB sucks and what the new interface should look like. Then I can be sure to design API that can work with that efficiently :-) Word on my personal timeline for working on this: Definitely a Post-FudCon-Boston thing. Maybe something that doesn't get worked on as late as the FudCon after that depending on how many other things pop up and whether I get a UI Designer who's excited about making changes. /me goes to ask art-list if there's any UI designers that want to help me out. -Toshio From jkeating at j2solutions.net Thu May 1 22:34:45 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Thu, 01 May 2008 18:34:45 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent Message-ID: <1209681285.29415.29.camel@localhost.localdomain> A team of folks took videos of various talks at Linux Fest Northwest. They want to offer direct downloads as an alternative to the flash based streams available at ustream.tv. I have tentatively offered (with stated caveat that Infrastructure had to approve) hosting space on the/a torrent server for these videos. I don't yet have an estimate on the total size, but there are 12~ videos, all somewhere around an hour in length. It may be a while yet before they're all re-encoded into our preferred format (.ogg) but I wanted to get the ball rolling here. Is this something Fedora (Infrastructure) would be willing to provide? -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Sat May 3 01:53:06 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 May 2008 20:53:06 -0500 (CDT) Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <1209681285.29415.29.camel@localhost.localdomain> References: <1209681285.29415.29.camel@localhost.localdomain> Message-ID: On Thu, 1 May 2008, Jesse Keating wrote: > A team of folks took videos of various talks at Linux Fest Northwest. > They want to offer direct downloads as an alternative to the flash based > streams available at ustream.tv. I have tentatively offered (with > stated caveat that Infrastructure had to approve) hosting space on the/a > torrent server for these videos. > > I don't yet have an estimate on the total size, but there are 12~ > videos, all somewhere around an hour in length. It may be a while yet > before they're all re-encoded into our preferred format (.ogg) but I > wanted to get the ball rolling here. > > Is this something Fedora (Infrastructure) would be willing to provide? So the question is does Fedora offer hosting space for linux conventions and things not directly related to Fedora? I'd be curious to hear what others say. -Mike From a.badger at gmail.com Sat May 3 04:48:12 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 02 May 2008 21:48:12 -0700 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: References: <1209681285.29415.29.camel@localhost.localdomain> Message-ID: <481BEE8C.1050508@gmail.com> Mike McGrath wrote: > On Thu, 1 May 2008, Jesse Keating wrote: > >> A team of folks took videos of various talks at Linux Fest Northwest. >> They want to offer direct downloads as an alternative to the flash based >> streams available at ustream.tv. I have tentatively offered (with >> stated caveat that Infrastructure had to approve) hosting space on the/a >> torrent server for these videos. >> >> I don't yet have an estimate on the total size, but there are 12~ >> videos, all somewhere around an hour in length. It may be a while yet >> before they're all re-encoded into our preferred format (.ogg) but I >> wanted to get the ball rolling here. >> >> Is this something Fedora (Infrastructure) would be willing to provide? > > So the question is does Fedora offer hosting space for linux conventions > and things not directly related to Fedora? I'd be curious to hear what > others say. > I'm not opposed to hosting this but perhaps phrasing the question that way is taking it out of our hands. We can say "We have/don't have space/bandwidth/manpower to do this" but whether it's something we should be doing seems to be a goals question that belongs to the Board to decide. PS: fedorahosted can contain things which aren't directly related to Fedora. Hosting videos of linux-fest talks on the torrent server would be a different type of resource but not necessarily a different category politically. -Toshio From dev at nigelj.com Sat May 3 05:07:51 2008 From: dev at nigelj.com (Nigel Jones) Date: Sat, 3 May 2008 17:07:51 +1200 (NZST) Subject: Hosting Linux Fest Northwest Videos on torrent Message-ID: <49803.202.154.146.215.1209791271.squirrel@webmail.nigelj.com> On Sat, May 3, 2008 4:48 pm, Toshio Kuratomi wrote: > Mike McGrath wrote: >> On Thu, 1 May 2008, Jesse Keating wrote: >> >>> A team of folks took videos of various talks at Linux Fest Northwest. >>> They want to offer direct downloads as an alternative to the flash >>> based >>> streams available at ustream.tv. I have tentatively offered (with >>> stated caveat that Infrastructure had to approve) hosting space on >>> the/a >>> torrent server for these videos. >>> >>> I don't yet have an estimate on the total size, but there are 12~ >>> videos, all somewhere around an hour in length. It may be a while yet >>> before they're all re-encoded into our preferred format (.ogg) but I >>> wanted to get the ball rolling here. >>> >>> Is this something Fedora (Infrastructure) would be willing to provide? >> >> So the question is does Fedora offer hosting space for linux conventions >> and things not directly related to Fedora? I'd be curious to hear what >> others say. >> > I'm not opposed to hosting this but perhaps phrasing the question that > way is taking it out of our hands. We can say "We have/don't have > space/bandwidth/manpower to do this" but whether it's something we > should be doing seems to be a goals question that belongs to the Board > to decide. > > PS: fedorahosted can contain things which aren't directly related to > Fedora. Hosting videos of linux-fest talks on the torrent server would > be a different type of resource but not necessarily a different category > politically. My question is: Does this have any tangible benefit to Fedora (are there any talks that promote Fedora etc)? If so, then it's well worth consideration, if not, well it's not worthless but it'd make me think twice. My 2 cents, Nigel > > -Toshio > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From wakko666 at gmail.com Sat May 3 06:26:30 2008 From: wakko666 at gmail.com (brett lentz) Date: Fri, 2 May 2008 23:26:30 -0700 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <49803.202.154.146.215.1209791271.squirrel@webmail.nigelj.com> References: <49803.202.154.146.215.1209791271.squirrel@webmail.nigelj.com> Message-ID: On Fri, May 2, 2008 at 10:07 PM, Nigel Jones wrote: > > On Sat, May 3, 2008 4:48 pm, Toshio Kuratomi wrote: > > Mike McGrath wrote: > >> On Thu, 1 May 2008, Jesse Keating wrote: > >> > >>> A team of folks took videos of various talks at Linux Fest Northwest. > >>> They want to offer direct downloads as an alternative to the flash > >>> based > >>> streams available at ustream.tv. I have tentatively offered (with > >>> stated caveat that Infrastructure had to approve) hosting space on > >>> the/a > >>> torrent server for these videos. > >>> > >>> I don't yet have an estimate on the total size, but there are 12~ > >>> videos, all somewhere around an hour in length. It may be a while yet > >>> before they're all re-encoded into our preferred format (.ogg) but I > >>> wanted to get the ball rolling here. > >>> > >>> Is this something Fedora (Infrastructure) would be willing to provide? > >> > >> So the question is does Fedora offer hosting space for linux conventions > >> and things not directly related to Fedora? I'd be curious to hear what > >> others say. > >> > > I'm not opposed to hosting this but perhaps phrasing the question that > > way is taking it out of our hands. We can say "We have/don't have > > space/bandwidth/manpower to do this" but whether it's something we > > should be doing seems to be a goals question that belongs to the Board > > to decide. > > > > PS: fedorahosted can contain things which aren't directly related to > > Fedora. Hosting videos of linux-fest talks on the torrent server would > > be a different type of resource but not necessarily a different category > > politically. > My question is: Does this have any tangible benefit to Fedora (are there > any talks that promote Fedora etc)? If so, then it's well worth > consideration, if not, well it's not worthless but it'd make me think > twice. > > My 2 cents, > > Nigel > > > > > > -Toshio > > I can help answer this one. I was at Linuxfest NW, and saw one of Jesse's talks. His talk covering the new tools that are being used to create the Fedora distribution was a great overview of nearly all of the fantastic new tools that Fedora has put into use over the last 3-4 releases. I think hosting these Fedora-centric talks are of direct benefit, because it helps add to the available documentation of what these tools are all about. Some of the OLPC talks that happened at Linuxfest NW were also of significant value. The other highlights were probably Drupal, and to a lesser extent Python and some of the Linux migration talks geared towards the more non-technical crowd. I have no idea what portion of these were recorded. I would hope that Jesse would provide a more specific list of what videos are available. I think that there are specific videos that will have an obvious direct benefit to Fedora, and I think that many others could have an indirect benefit. I guess the question I would ask is, is this within the scope of what Fedora is all about? Secondary to that is, do we have the resources to provide this as yet another of the many features that Fedora offers? My personal opinion is that collecting documentation of all types is critical to the adoption of Linux in general. Not everyone can easily read through written documentation. Videos are a crucial resource for those that are looking for something beyond just the more detailed, technical manuals that we tend to provide. I think that hosting these videos, if we have the capacity, is valuable. This idea gets a +1 from me. --- Brett. From Matt_Domsch at dell.com Sat May 3 01:48:11 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 2 May 2008 20:48:11 -0500 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <1209681285.29415.29.camel@localhost.localdomain> References: <1209681285.29415.29.camel@localhost.localdomain> Message-ID: <20080503014811.GB29284@auslistsprd01.us.dell.com> On Thu, May 01, 2008 at 06:34:45PM -0400, Jesse Keating wrote: > A team of folks took videos of various talks at Linux Fest Northwest. > They want to offer direct downloads as an alternative to the flash based > streams available at ustream.tv. I have tentatively offered (with > stated caveat that Infrastructure had to approve) hosting space on the/a > torrent server for these videos. Would these be torrented, or http direct download? I thought the deal with the new torrent server was that we got disk space and bandwidth to host torrents, not direct downloads. > I don't yet have an estimate on the total size, but there are 12~ > videos, all somewhere around an hour in length. It may be a while yet > before they're all re-encoded into our preferred format (.ogg) but I > wanted to get the ball rolling here. > > Is this something Fedora (Infrastructure) would be willing to provide? Hosting videos has come up a few times. We host videos from FUDCon because it's our event, but have not the infrastructure to host significant amounts of video - it gets expensive (disk and bandwith both) in a hurry, and so far we haven't found a sponsor willing to underwrite this. archive.org may be a good place to try hosting these. Thanks, Matt -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From Christian.Iseli at unil.ch Sat May 3 07:37:33 2008 From: Christian.Iseli at unil.ch (Christian Iseli) Date: Sat, 3 May 2008 09:37:33 +0200 Subject: Change Request: fix a fas2 vs fas1 regression In-Reply-To: <481AC1CA.3050801@gmail.com> References: <481A6D50.3030907@gmail.com> <20080502030504.GC21257@Max> <481AC1CA.3050801@gmail.com> Message-ID: <20080503093733.02858250@ludwig-alpha.unil.ch> Dear Toshio and Ricky, Thanks for fixing the group dumps. It works fine now. Cheers, Christian From Matt_Domsch at dell.com Sat May 3 13:14:59 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 3 May 2008 08:14:59 -0500 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: References: <1209681285.29415.29.camel@localhost.localdomain> Message-ID: <20080503131459.GA23690@auslistsprd01.us.dell.com> On Fri, May 02, 2008 at 08:53:06PM -0500, Mike McGrath wrote: > On Thu, 1 May 2008, Jesse Keating wrote: > > > A team of folks took videos of various talks at Linux Fest Northwest. > > They want to offer direct downloads as an alternative to the flash based > > streams available at ustream.tv. I have tentatively offered (with > > stated caveat that Infrastructure had to approve) hosting space on the/a > > torrent server for these videos. > > > > I don't yet have an estimate on the total size, but there are 12~ > > videos, all somewhere around an hour in length. It may be a while yet > > before they're all re-encoded into our preferred format (.ogg) but I > > wanted to get the ball rolling here. > > > > Is this something Fedora (Infrastructure) would be willing to provide? > > So the question is does Fedora offer hosting space for linux conventions > and things not directly related to Fedora? I'd be curious to hear what > others say. In general, I would love it if we could. I don't believe we have the resources in place today to be able to do so effectively. In my mind, we need: 1) additional people in the infrastructure team to help with the admin side of this. 1a) there's a need for existing infrastructure team members to serve as sponsors/mentors. I'm sorry I haven't had the time to do more of this lately. 2) an assessment of the real compute/storage/bandwidth needs for this idea. We're notoriously bad at estimating the amount of storage a given idea will actually need in production. 3) significant donations (cash, equipment, hosting, ...) to realize these needs. Mike and the team have been effective in securing donations from a number of companies lately [1], with more in the works. Kudos! And if we were talking about hosting a gig of files for direct download by a few hundred people, we could probably manage within the scope of these sponsorships. But if we want to be as aggressive as some of the early fedoratv.com plans were, we'll need some pretty serious additional sponsorships. [1] http://fedoraproject.org/sponsors -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From buck_1970 at hotmail.com Sat May 3 13:29:26 2008 From: buck_1970 at hotmail.com (Reggie Buckner) Date: Sat, 3 May 2008 09:29:26 -0400 Subject: Fedora-infrastructure I want to help In-Reply-To: <20080503062646.0CC12619AE0@hormel.redhat.com> References: <20080503062646.0CC12619AE0@hormel.redhat.com> Message-ID: My name is Reggie Buckner. I want to be a Unix Engineer. I am currently a college student working on a Bachelor Degree. I do know Unix as a power user/ admin fairly well. I used Solaris, BSD, MAC OS X, Suse, Fedora (4, 6, 7). I want to work more on infrastructure things especially anything involving server admin or networking. I know routing and switching as well. Please let me know how I can contribute. I would like a mentor too if I could get it. I live in San Antonio, TX _________________________________________________________________ Get Free (PRODUCT) RED? Emoticons, Winks and Display Pics. http://joinred.spaces.live.com?ocid=TXT_HMTG_prodredemoticons_052008 From jkeating at j2solutions.net Fri May 2 14:09:57 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 02 May 2008 10:09:57 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <20080503131459.GA23690@auslistsprd01.us.dell.com> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> Message-ID: <1209737397.29415.33.camel@localhost.localdomain> On Sat, 2008-05-03 at 08:14 -0500, Matt Domsch wrote: > Mike and the team have been effective in securing donations from a > number of companies lately [1], with more in the works. Kudos! And > if we were talking about hosting a gig of files for direct download by > a few hundred people, we could probably manage within the scope of > these sponsorships. But if we want to be as aggressive as some of the > early fedoratv.com plans were, we'll need some pretty serious > additional > sponsorships. For the current need I think we're way way scaled down from fedoratv days. All I currently want to do is take the videos once converted, upload them to the/a torrent server and offer them up as torrents for a period of time. And while this might be a precidence setter, it is something of a one-off, not the start of a campaign to host all the Linux Fest videos we can get our hands on. I gave two Fedora specific talks at this event, one of which showcasing the tools and services that Fedora has created so it's not entirely non-Fedora in scope. If we to, I would be fine with just hosting the two Fedora specific talk videos. -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at j2solutions.net Fri May 2 14:10:56 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 02 May 2008 10:10:56 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <20080503014811.GB29284@auslistsprd01.us.dell.com> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503014811.GB29284@auslistsprd01.us.dell.com> Message-ID: <1209737456.29415.35.camel@localhost.localdomain> On Fri, 2008-05-02 at 20:48 -0500, Matt Domsch wrote: > Would these be torrented, or http direct download? Torrent. I did not make any mention of direct downloads as I understand that can be significantly more expensive for Fedora to manage. -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at j2solutions.net Fri May 2 14:11:32 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 02 May 2008 10:11:32 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <49803.202.154.146.215.1209791271.squirrel@webmail.nigelj.com> References: <49803.202.154.146.215.1209791271.squirrel@webmail.nigelj.com> Message-ID: <1209737492.29415.37.camel@localhost.localdomain> On Sat, 2008-05-03 at 17:07 +1200, Nigel Jones wrote: > My question is: Does this have any tangible benefit to Fedora (are there > any talks that promote Fedora etc)? If so, then it's well worth > consideration, if not, well it's not worthless but it'd make me think > twice. > I gave two Fedora specific talks at the event, so two of those videos will be Fedora specific. -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From linux at elfshadow.net Sat May 3 14:33:34 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sat, 3 May 2008 10:33:34 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <1209737397.29415.33.camel@localhost.localdomain> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> <1209737397.29415.33.camel@localhost.localdomain> Message-ID: <10e0a9b00805030733m475fc101ob126421e21514640@mail.gmail.com> 2008/5/2 Jesse Keating : > For the current need I think we're way way scaled down from fedoratv > days. All I currently want to do is take the videos once converted, > upload them to the/a torrent server and offer them up as torrents for a > period of time. And while this might be a precidence setter, it is > something of a one-off, not the start of a campaign to host all the > Linux Fest videos we can get our hands on. We need to be prepared for future requests though and how to handle them. We may not be campaigning, but I am sure other groups will notice we did this for the Linux Fest Northwest and then possibly go on to ask for help with a video torrent service as well. It is probably best we work out what we say yes and what we say no to before we get too far into it. And it may be as simple as saying this *is* a one time thing until we work out those other details. In the ideal world, I do think it would be great if we could do things like this - for Fedora related videos from a conference or other talks. Brett brings up several good points on that type of service. > I gave two Fedora specific > talks at this event, one of which showcasing the tools and services that > Fedora has created so it's not entirely non-Fedora in scope. If we to, > I would be fine with just hosting the two Fedora specific talk videos. It would be great for these videos to be available. It helps people who could not be at the event hear about these tools and services and also provides material for Ambassadors and such to reference at local events they do attend - keeps us from having to fly Jesse everywhere. :) My suggestion would be (if current resources allow for it - people and hardware) that we start with hosting Fedora specific videos. Use this as a pilot program. It is easier to justify as the content is directly related to Fedora and acts as a natural filter for requests. We can use this hosting experiment as a way to better "guesstimate" what would need to be in place (disk space wise, etc) before offering space for other conference videos. Once we have a better idea of space, bandwidth, etc. we can determine how to scale or if we should scale to the larger offering. ~Jeffrey From mmcgrath at redhat.com Sat May 3 14:36:59 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 3 May 2008 09:36:59 -0500 (CDT) Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <20080503131459.GA23690@auslistsprd01.us.dell.com> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> Message-ID: On Sat, 3 May 2008, Matt Domsch wrote: > On Fri, May 02, 2008 at 08:53:06PM -0500, Mike McGrath wrote: > > On Thu, 1 May 2008, Jesse Keating wrote: > > > > > A team of folks took videos of various talks at Linux Fest Northwest. > > > They want to offer direct downloads as an alternative to the flash based > > > streams available at ustream.tv. I have tentatively offered (with > > > stated caveat that Infrastructure had to approve) hosting space on the/a > > > torrent server for these videos. > > > > > > I don't yet have an estimate on the total size, but there are 12~ > > > videos, all somewhere around an hour in length. It may be a while yet > > > before they're all re-encoded into our preferred format (.ogg) but I > > > wanted to get the ball rolling here. > > > > > > Is this something Fedora (Infrastructure) would be willing to provide? > > > > So the question is does Fedora offer hosting space for linux conventions > > and things not directly related to Fedora? I'd be curious to hear what > > others say. > > In general, I would love it if we could. I don't believe we have the > resources in place today to be able to do so effectively. > > In my mind, we need: > 1) additional people in the infrastructure team to help with the admin > side of this. > > 1a) there's a need for existing infrastructure team members to serve > as sponsors/mentors. I'm sorry I haven't had the time to do more > of this lately. > > 2) an assessment of the real compute/storage/bandwidth needs for this > idea. We're notoriously bad at estimating the amount of storage a > given idea will actually need in production. > > 3) significant donations (cash, equipment, hosting, ...) to realize > these needs. > I'm hoping to get a big 3) that will help with 2) in the not too distant future. What I had envisioned (if we can get it) is a 3 tier distribution system. 1) the primary content on our primary mirror. This will typically be DIRECTLY related to Fedora the OS or EPEL. 2) Secondary content. This would be a place for us to re-distribute the hosted tarballs, spins, videos, etc. This is all that value-added stuff that will behave just as our primary mirror (with a series of other mirrors grabbing content) 3) archives. Far less expensive then the first 2 but does have a lot of storage requirements. As of this morning we actually have 1 and 3[1] taken care of. I'm hopeful 2 will be more visible in the next couple of months though, since it is a donation, I don't want to start making changes and things in case it falls through. I didn't really have a mirrormanager plan for 2 yet though.. mdomsch, any ideas? -Mike From mmcgrath at redhat.com Sat May 3 14:39:30 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 3 May 2008 09:39:30 -0500 (CDT) Subject: Fedora-infrastructure I want to help In-Reply-To: References: <20080503062646.0CC12619AE0@hormel.redhat.com> Message-ID: On Sat, 3 May 2008, Reggie Buckner wrote: > > My name is Reggie Buckner. I want to be a Unix Engineer. I am currently a college student working on a Bachelor Degree. > I do know Unix as a power user/ admin fairly well. I used Solaris, BSD, MAC OS X, Suse, Fedora (4, 6, 7). I want to work more on infrastructure things especially anything involving server admin or networking. I know routing and switching as well. Please let me know how I can contribute. I would like a mentor too if I could get it. I live in San Antonio, TX Hello Reggie. We have weekly meetings that would be good for you to attend: http://fedoraproject.org/wiki/Meetings (will be back shortly or after the outage) also check out https://fedorahosted.org/fedora-infrastructure/ to view some outstanding tickets. Perhaps you'd be interested in helping on one of those. -Mike From Matt_Domsch at dell.com Sat May 3 15:57:42 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 3 May 2008 10:57:42 -0500 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> Message-ID: <20080503155741.GB23690@auslistsprd01.us.dell.com> On Sat, May 03, 2008 at 09:36:59AM -0500, Mike McGrath wrote: > On Sat, 3 May 2008, Matt Domsch wrote: > > > > In my mind, we need: > > 1) additional people in the infrastructure team to help with the admin > > side of this. > > > > 1a) there's a need for existing infrastructure team members to serve > > as sponsors/mentors. I'm sorry I haven't had the time to do more > > of this lately. > > > > 2) an assessment of the real compute/storage/bandwidth needs for this > > idea. We're notoriously bad at estimating the amount of storage a > > given idea will actually need in production. > > > > 3) significant donations (cash, equipment, hosting, ...) to realize > > these needs. > > > > I'm hoping to get a big 3) that will help with 2) in the not too distant > future. What I had envisioned (if we can get it) is a 3 tier distribution > system. > > 1) the primary content on our primary mirror. This will typically be > DIRECTLY related to Fedora the OS or EPEL. > > 2) Secondary content. This would be a place for us to re-distribute the > hosted tarballs, spins, videos, etc. This is all that value-added stuff > that will behave just as our primary mirror (with a series of other > mirrors grabbing content) > > 3) archives. Far less expensive then the first 2 but does have a lot of > storage requirements. > > As of this morning we actually have 1 and 3[1] taken care of. I'm hopeful > 2 will be more visible in the next couple of months though, since it is a > donation, I don't want to start making changes and things in case it falls > through. > > I didn't really have a mirrormanager plan for 2 yet though.. mdomsch, any > ideas? secondary.fp.o is up and config'd in mirrormanager now. So download.fedoraproject.org/pub/fedora-secondary/releases/ directs as you would expect. We can do likewise for other such content, no problem. Just have separate rsync modules, and an intentional separate path (e.g. /pub/something) for each, and MM will be fine. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From jkeating at j2solutions.net Fri May 2 16:35:25 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Fri, 02 May 2008 12:35:25 -0400 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <10e0a9b00805030733m475fc101ob126421e21514640@mail.gmail.com> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> <1209737397.29415.33.camel@localhost.localdomain> <10e0a9b00805030733m475fc101ob126421e21514640@mail.gmail.com> Message-ID: <1209746125.29415.42.camel@localhost.localdomain> On Sat, 2008-05-03 at 10:33 -0400, Jeffrey Tadlock wrote: > > My suggestion would be (if current resources allow for it - people and > hardware) that we start with hosting Fedora specific videos. Use this > as a pilot program. It is easier to justify as the content is > directly related to Fedora and acts as a natural filter for requests. > We can use this hosting experiment as a way to better "guesstimate" > what would need to be in place (disk space wise, etc) before offering > space for other conference videos. Once we have a better idea of > space, bandwidth, etc. we can determine how to scale or if we should > scale to the larger offering. Fair, but maybe expanded a bit? If a Fedora Ambassador went to an event and in the name of Fedora gave at least one (captured) talk, all captured talks of said event would be acceptable to host on Fedora infrastructure, should the resources of the day handle it, for a set time. > -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From Matt_Domsch at dell.com Sat May 3 16:57:37 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 3 May 2008 11:57:37 -0500 Subject: Hosting Linux Fest Northwest Videos on torrent In-Reply-To: <1209746125.29415.42.camel@localhost.localdomain> References: <1209681285.29415.29.camel@localhost.localdomain> <20080503131459.GA23690@auslistsprd01.us.dell.com> <1209737397.29415.33.camel@localhost.localdomain> <10e0a9b00805030733m475fc101ob126421e21514640@mail.gmail.com> <1209746125.29415.42.camel@localhost.localdomain> Message-ID: <20080503165737.GC23690@auslistsprd01.us.dell.com> On Fri, May 02, 2008 at 12:35:25PM -0400, Jesse Keating wrote: > On Sat, 2008-05-03 at 10:33 -0400, Jeffrey Tadlock wrote: > > > > My suggestion would be (if current resources allow for it - people and > > hardware) that we start with hosting Fedora specific videos. Use this > > as a pilot program. It is easier to justify as the content is > > directly related to Fedora and acts as a natural filter for requests. > > We can use this hosting experiment as a way to better "guesstimate" > > what would need to be in place (disk space wise, etc) before offering > > space for other conference videos. Once we have a better idea of > > space, bandwidth, etc. we can determine how to scale or if we should > > scale to the larger offering. +1. This seems entirely reasonable, and in keeping with what we've done in the past. Torrent-only, as Jesse noted, is sufficient for this purpose at this time. > Fair, but maybe expanded a bit? If a Fedora Ambassador went to an event > and in the name of Fedora gave at least one (captured) talk, all > captured talks of said event would be acceptable to host on Fedora > infrastructure, should the resources of the day handle it, for a set > time. This isn't bad, but until we have a space estimate of available space (remembering we're about to load F9 there too) I wouldn't want to commit those resources to non-Fedora-specific content yet. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mmcgrath at redhat.com Sat May 3 18:03:39 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 3 May 2008 13:03:39 -0500 (CDT) Subject: Outage reminder (this weekend) In-Reply-To: References: Message-ID: Outage over! Everything went exactly as planned. Critical services like fedoraproject.org and mirrors.fedoraproject.org experienced no downtime. admin.fedoraproject.org/ type services had maintenance up. Tummy handled what traffic it was getting wonderfully. The system works :) -Mike On Wed, 30 Apr 2008, Mike McGrath wrote: > > https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00023.html > > The heaviest hit will be that db2 is going to have to be down this whole > time which controls many of our apps. Especially accounts. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From xecycle at gmail.com Sun May 4 12:03:24 2008 From: xecycle at gmail.com (XeCycle) Date: Sun, 04 May 2008 20:03:24 +0800 Subject: How can I participate in Fedora Project? Message-ID: <481DA60C.4080207@gmail.com> I'm just a senior high school student studying in China, and now I want to participate in the Fedora Project. As I said in the subject, I didn't know how to start. I had experiences with C/C++/Pascal console programming. Is this enough? Also I want to learn to develop with GNOME. How to start? Thanks for helping me. From ricky at fedoraproject.org Sun May 4 16:46:56 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sun, 4 May 2008 12:46:56 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) Message-ID: <20080504164656.GA11941@Max> It'd be really useful to have awstats track download.fp.o and torrent.fp.o. Normally, I wouldn't mention this until after the change freeze, but it's really low risk, and we could use this to get a lot of valuable statistics during the mass downloading following the release. I don't think download.fp.o is in the config yet, and torrent.fp.o is at http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be working (no stats). Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jkeating at redhat.com Sat May 3 17:14:00 2008 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 03 May 2008 13:14:00 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080504164656.GA11941@Max> References: <20080504164656.GA11941@Max> Message-ID: <1209834840.29415.76.camel@localhost.localdomain> On Sun, 2008-05-04 at 12:46 -0400, Ricky Zhou wrote: > It'd be really useful to have awstats track download.fp.o and > torrent.fp.o. Normally, I wouldn't mention this until after the change > freeze, but it's really low risk, and we could use this to get a lot of > valuable statistics during the mass downloading following the release. > I don't think download.fp.o is in the config yet, and torrent.fp.o is at > http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be > working (no stats). > > Thanks, > Ricky > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list Unless something has changed with awstats, as long as you have the old log files around you can always process previous times to get past info. So perhaps all we need to change is to make sure we have the log files and don't remove them. Then later we can process them with awstats. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From dennis at ausil.us Sun May 4 17:56:19 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Sun, 4 May 2008 12:56:19 -0500 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <1209834840.29415.76.camel@localhost.localdomain> References: <20080504164656.GA11941@Max> <1209834840.29415.76.camel@localhost.localdomain> Message-ID: <200805041256.28844.dennis@ausil.us> On Saturday 03 May 2008, Jesse Keating wrote: > On Sun, 2008-05-04 at 12:46 -0400, Ricky Zhou wrote: > > It'd be really useful to have awstats track download.fp.o and > > torrent.fp.o. Normally, I wouldn't mention this until after the change > > freeze, but it's really low risk, and we could use this to get a lot of > > valuable statistics during the mass downloading following the release. > > I don't think download.fp.o is in the config yet, and torrent.fp.o is at > > http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be > > working (no stats). > > > > Thanks, > > Ricky > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > Unless something has changed with awstats, as long as you have the old > log files around you can always process previous times to get past info. > So perhaps all we need to change is to make sure we have the log files > and don't remove them. Then later we can process them with awstats. I agree with Jesse here. lets process the logs post release. Just need to ensure we still have them. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Sun May 4 18:01:40 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 4 May 2008 13:01:40 -0500 (CDT) Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <200805041256.28844.dennis@ausil.us> References: <20080504164656.GA11941@Max> <1209834840.29415.76.camel@localhost.localdomain> <200805041256.28844.dennis@ausil.us> Message-ID: On Sun, 4 May 2008, Dennis Gilmore wrote: > On Saturday 03 May 2008, Jesse Keating wrote: > > On Sun, 2008-05-04 at 12:46 -0400, Ricky Zhou wrote: > > > It'd be really useful to have awstats track download.fp.o and > > > torrent.fp.o. Normally, I wouldn't mention this until after the change > > > freeze, but it's really low risk, and we could use this to get a lot of > > > valuable statistics during the mass downloading following the release. > > > I don't think download.fp.o is in the config yet, and torrent.fp.o is at > > > http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be > > > working (no stats). > > > > > > Thanks, > > > Ricky > > > _______________________________________________ > > > Fedora-infrastructure-list mailing list > > > Fedora-infrastructure-list at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > Unless something has changed with awstats, as long as you have the old > > log files around you can always process previous times to get past info. > > So perhaps all we need to change is to make sure we have the log files > > and don't remove them. Then later we can process them with awstats. > > I agree with Jesse here. lets process the logs post release. Just need to > ensure we still have them. > Also I haven't deleted any web logs since I started so thats back to February of 07. Some logs as far back as 06. -Mike From ricky at fedoraproject.org Sun May 4 18:22:55 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sun, 4 May 2008 14:22:55 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <1209834840.29415.76.camel@localhost.localdomain> References: <20080504164656.GA11941@Max> <1209834840.29415.76.camel@localhost.localdomain> Message-ID: <20080504182255.GB11941@Max> On 2008-05-03 01:14:00 PM, Jesse Keating wrote: > Unless something has changed with awstats, as long as you have the old > log files around you can always process previous times to get past info. > So perhaps all we need to change is to make sure we have the log files > and don't remove them. Then later we can process them with awstats. Ah, good point, that works fine as well. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From Matt_Domsch at dell.com Sun May 4 21:13:01 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 4 May 2008 16:13:01 -0500 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080504164656.GA11941@Max> References: <20080504164656.GA11941@Max> Message-ID: <20080504211301.GB10275@auslistsprd01.us.dell.com> On Sun, May 04, 2008 at 12:46:56PM -0400, Ricky Zhou wrote: > It'd be really useful to have awstats track download.fp.o and > torrent.fp.o. Normally, I wouldn't mention this until after the change > freeze, but it's really low risk, and we could use this to get a lot of > valuable statistics during the mass downloading following the release. > I don't think download.fp.o is in the config yet, and torrent.fp.o is at > http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be > working (no stats). > > Thanks, > Ricky I set up awstats a few weeks ago to handle mirrors.fp.o, and as the same proxies handle download.fp.o (and they really are the same content in the end), I made the awstats config just parse both then too (pre-change-freeze). http://fedoraproject.org/awstats/mirrors/awstats.mirrors.fedoraproject.org.html includes both mirrors.fp.o and download.fp.o. Thanks, Matt -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From ricky at fedoraproject.org Sun May 4 21:20:30 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sun, 4 May 2008 17:20:30 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080504211301.GB10275@auslistsprd01.us.dell.com> References: <20080504164656.GA11941@Max> <20080504211301.GB10275@auslistsprd01.us.dell.com> Message-ID: <20080504212030.GC11941@Max> On 2008-05-04 04:13:01 PM, Matt Domsch wrote: > I set up awstats a few weeks ago to handle mirrors.fp.o, and as the > same proxies handle download.fp.o (and they really are the same > content in the end), I made the awstats config just parse both then > too (pre-change-freeze). > > http://fedoraproject.org/awstats/mirrors/awstats.mirrors.fedoraproject.org.html > includes both mirrors.fp.o and download.fp.o. Oh, cool - that's perfect, then - thanks. We'll just want to fix the torrent one some time after the freeze, then. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mmcgrath at redhat.com Mon May 5 00:44:26 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 4 May 2008 19:44:26 -0500 (CDT) Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080504212030.GC11941@Max> References: <20080504164656.GA11941@Max> <20080504211301.GB10275@auslistsprd01.us.dell.com> <20080504212030.GC11941@Max> Message-ID: On Sun, 4 May 2008, Ricky Zhou wrote: > On 2008-05-04 04:13:01 PM, Matt Domsch wrote: > > I set up awstats a few weeks ago to handle mirrors.fp.o, and as the > > same proxies handle download.fp.o (and they really are the same > > content in the end), I made the awstats config just parse both then > > too (pre-change-freeze). > > > > http://fedoraproject.org/awstats/mirrors/awstats.mirrors.fedoraproject.org.html > > includes both mirrors.fp.o and download.fp.o. > Oh, cool - that's perfect, then - thanks. We'll just want to fix the > torrent one some time after the freeze, then. > Side note about all this... I like awstats and all but I was wondering what other _OSS_ solutions people are using where they are? Just seems like awstats has... kind of been the same for years... -Mike From kanarip at kanarip.com Mon May 5 00:54:04 2008 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Mon, 05 May 2008 02:54:04 +0200 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: References: <20080504164656.GA11941@Max> <20080504211301.GB10275@auslistsprd01.us.dell.com> <20080504212030.GC11941@Max> Message-ID: <481E5AAC.4040904@kanarip.com> Mike McGrath wrote: > On Sun, 4 May 2008, Ricky Zhou wrote: > >> On 2008-05-04 04:13:01 PM, Matt Domsch wrote: >>> I set up awstats a few weeks ago to handle mirrors.fp.o, and as the >>> same proxies handle download.fp.o (and they really are the same >>> content in the end), I made the awstats config just parse both then >>> too (pre-change-freeze). >>> >>> http://fedoraproject.org/awstats/mirrors/awstats.mirrors.fedoraproject.org.html >>> includes both mirrors.fp.o and download.fp.o. >> Oh, cool - that's perfect, then - thanks. We'll just want to fix the >> torrent one some time after the freeze, then. >> > > Side note about all this... I like awstats and all but I was wondering > what other _OSS_ solutions people are using where they are? Just seems > like awstats has... kind of been the same for years... > I've been using webalizer for as long as I can remember... Impressive huh? ;-) Kind regards, Jeroen van Meeuwen -kanarip From linux at elfshadow.net Mon May 5 00:59:44 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sun, 4 May 2008 20:59:44 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: References: <20080504164656.GA11941@Max> <20080504211301.GB10275@auslistsprd01.us.dell.com> <20080504212030.GC11941@Max> Message-ID: <10e0a9b00805041759v73b8441bm290f3a2f9dd0d4a3@mail.gmail.com> On Sun, May 4, 2008 at 8:44 PM, Mike McGrath wrote: > Side note about all this... I like awstats and all but I was wondering > what other _OSS_ solutions people are using where they are? Just seems > like awstats has... kind of been the same for years... I am another webalizer user, though I actually like the looks of awstats better - just haven't taken the time to switch analyzers. ~Jeffrey From skvidal at fedoraproject.org Mon May 5 04:27:40 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 05 May 2008 00:27:40 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080504164656.GA11941@Max> References: <20080504164656.GA11941@Max> Message-ID: <1209961660.8460.2.camel@cutter> On Sun, 2008-05-04 at 12:46 -0400, Ricky Zhou wrote: > It'd be really useful to have awstats track download.fp.o and > torrent.fp.o. Normally, I wouldn't mention this until after the change > freeze, but it's really low risk, and we could use this to get a lot of > valuable statistics during the mass downloading following the release. > I don't think download.fp.o is in the config yet, and torrent.fp.o is at > http://fedoraproject.org/awstats/torrent/, but it doesn't seem to be > working (no stats). > How will torrent.fp.o httpd stats help us? I mean aren't the important torrent stats in the torrent itself? -sv From skvidal at fedoraproject.org Mon May 5 05:11:01 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 05 May 2008 01:11:01 -0400 Subject: archive.fp.o Message-ID: <1209964261.12284.1.camel@cutter> Hey folks, The machine at bu is all setup, kickstarted, puppetized and the data from archives.fp.o has been xferred to it. I'd like to get a +1 to the following changes: 1. cname archives.fp.o -> archive.fp.o 2. delete all the archives.fp.o stuff in puppet 3. figure out where to get the rest of the data from for fc2,3,4,5,6, etc and put it over there. the risk is extremely low here b/c, well, this is not a critical server. thanks, -sv -- I only speak for me. From dennis at ausil.us Mon May 5 05:17:39 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 5 May 2008 00:17:39 -0500 Subject: archive.fp.o In-Reply-To: <1209964261.12284.1.camel@cutter> References: <1209964261.12284.1.camel@cutter> Message-ID: <200805050017.46577.dennis@ausil.us> On Monday 05 May 2008, seth vidal wrote: > Hey folks, > The machine at bu is all setup, kickstarted, puppetized and the data > from archives.fp.o has been xferred to it. I'd like to get a +1 to the > following changes: > > 1. cname archives.fp.o -> archive.fp.o > 2. delete all the archives.fp.o stuff in puppet > 3. figure out where to get the rest of the data from for fc2,3,4,5,6, > etc and put it over there. > > the risk is extremely low here b/c, well, this is not a critical server. > > thanks, > -sv +1 from me Jesse has copies of everything. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From ricky at fedoraproject.org Mon May 5 05:23:13 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 5 May 2008 01:23:13 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <1209961660.8460.2.camel@cutter> References: <20080504164656.GA11941@Max> <1209961660.8460.2.camel@cutter> Message-ID: <20080505052313.GG11941@Max> On 2008-05-05 12:27:40 AM, seth vidal wrote: > How will torrent.fp.o httpd stats help us? > > I mean aren't the important torrent stats in the torrent itself? Oh wow, yet another good point. It looks like everything I was interested in is at http://torrent.fedoraproject.org:6969/. Eeeexcellent! Thanks again, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jkeating at redhat.com Sun May 4 11:26:19 2008 From: jkeating at redhat.com (Jesse Keating) Date: Sun, 04 May 2008 07:26:19 -0400 Subject: archive.fp.o In-Reply-To: <1209964261.12284.1.camel@cutter> References: <1209964261.12284.1.camel@cutter> Message-ID: <1209900379.29415.86.camel@localhost.localdomain> On Mon, 2008-05-05 at 01:11 -0400, seth vidal wrote: > 1. cname archives.fp.o -> archive.fp.o > 2. delete all the archives.fp.o stuff in puppet > 3. figure out where to get the rest of the data from for fc2,3,4,5,6, > etc and put it over there. +1. I can upload the missing testing content when ready, but I would prefer to wait until F9 has been synced or stop syncing the old stuff when it's time for F9 to go out so that we're not competing for bandwidth. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Mon May 5 15:43:12 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 5 May 2008 10:43:12 -0500 (CDT) Subject: Change request (revert jkeatings alias) Message-ID: Another low risk change. I'd like to take jkeatings alias and move it back to what it should be. +1? -Mike From katzj at redhat.com Mon May 5 15:48:38 2008 From: katzj at redhat.com (Jeremy Katz) Date: Mon, 05 May 2008 11:48:38 -0400 Subject: Change request (revert jkeatings alias) In-Reply-To: References: Message-ID: <1210002518.12711.2.camel@aglarond.local> On Mon, 2008-05-05 at 10:43 -0500, Mike McGrath wrote: > Another low risk change. I'd like to take jkeatings alias and move it > back to what it should be. +1 Jeremy From skvidal at fedoraproject.org Mon May 5 15:58:06 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 05 May 2008 11:58:06 -0400 Subject: archive.fp.o In-Reply-To: <1209964261.12284.1.camel@cutter> References: <1209964261.12284.1.camel@cutter> Message-ID: <1210003086.12284.9.camel@cutter> On Mon, 2008-05-05 at 01:11 -0400, seth vidal wrote: > Hey folks, > The machine at bu is all setup, kickstarted, puppetized and the data > from archives.fp.o has been xferred to it. I'd like to get a +1 to the > following changes: > > 1. cname archives.fp.o -> archive.fp.o done > 2. delete all the archives.fp.o stuff in puppet done > 3. figure out where to get the rest of the data from for fc2,3,4,5,6, > etc and put it over there. > Waiting on where the bits are. -sv From jan.johansson.mr at gmail.com Mon May 5 16:16:25 2008 From: jan.johansson.mr at gmail.com (Jan Johansson) Date: Mon, 5 May 2008 18:16:25 +0200 Subject: Bad failure of installation with ATI Graphic card Radeon HD 3870 Message-ID: Hi, I've not been active in Fedora development, but hope to be able to contribute in near future. However, Fedora have always been my favorite distro, so I follow the current development with great interest. I've installed ubuntu and fedora 9 RC to compare how they handled the ATI Radeon HD 3870 (that I've installed on my machine), with the following issues: 1. As ubuntu completes it's installation, and prepares to shutdown, the initial Radeon driver (I guess it is the open source) displays green vertical lines on the monitor and the machine freezes. I can however restart the machine (reset) and enter the desktop. The freezes continues each time I want to shutdown. When I install the propriety driver, the machine works fine (no more green vertical lines). 2. As Fedora 9 RC has almost completed the installation, the monitor again displays green vertical lines (as in the ubuntu case), but the installation can not recover from the state, so the installation fails! Another issue with ubuntu is the "white screen of death", that is, when you kick in compiz-fusion with some desktop effects and then restart x-server, the user is greeted with a white screen and can actually not do a thing (besides either restore x or reinstall the distro). The compiz-fusion comes in as default in ubuntu. Now, some seems to think it is an issue with nvidia, but actually, some searches on google reveals that "white screen" is present with different types of gfx cards (I had it on my machine with ATI), so I think it is a compiz-fusion related issue. Since I could not continue from the installation with current fedora, I could not try the issue. Best Regards, Jan Johansson (Sweden) -------------- next part -------------- An HTML attachment was scrubbed... URL: From a.badger at gmail.com Mon May 5 16:45:17 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 05 May 2008 09:45:17 -0700 Subject: Change Request: Add a bz email address Message-ID: <481F399D.8030601@gmail.com> Jeff Sheltren has an email address for bugzilla that's different from his fas account email. I'd like to add a patch to our python-fedora that adds the mapping from his account to the new email. This is very low impact as it's just adding an entry to a dict in accounts/fas2.py. In the future, this will be stored in the fas2 database but that will be something to get working after the change freeze. Can I get a +1? -Toshio From skvidal at fedoraproject.org Mon May 5 17:41:32 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 05 May 2008 13:41:32 -0400 Subject: Change Request: Add a bz email address In-Reply-To: <481F399D.8030601@gmail.com> References: <481F399D.8030601@gmail.com> Message-ID: <1210009292.12284.13.camel@cutter> On Mon, 2008-05-05 at 09:45 -0700, Toshio Kuratomi wrote: > Jeff Sheltren has an email address for bugzilla that's different from > his fas account email. I'd like to add a patch to our python-fedora > that adds the mapping from his account to the new email. > > This is very low impact as it's just adding an entry to a dict in > accounts/fas2.py. > > In the future, this will be stored in the fas2 database but that will be > something to get working after the change freeze. > > Can I get a +1? > > -Toshio +1 -sv From lmacken at redhat.com Mon May 5 20:33:10 2008 From: lmacken at redhat.com (Luke Macken) Date: Mon, 5 May 2008 16:33:10 -0400 Subject: Change request: start releng2 guest on xen2 Message-ID: <20080505203310.GE3718@x300.redhat.com> Hey guys, I'd like to start preparing for the releng1->releng2 move, and begin testing bodhi + mash + TG on RHEL5. This entails turning on the releng2 guest which lives on xen2. This guest has been down for a while now, and could possibly break something by coming back up. Anyone against this, or think it is a Bad Idea ? luke From mmcgrath at redhat.com Mon May 5 20:30:22 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 5 May 2008 15:30:22 -0500 (CDT) Subject: Change request: start releng2 guest on xen2 In-Reply-To: <20080505203310.GE3718@x300.redhat.com> References: <20080505203310.GE3718@x300.redhat.com> Message-ID: On Mon, 5 May 2008, Luke Macken wrote: > Hey guys, > > I'd like to start preparing for the releng1->releng2 move, and begin > testing bodhi + mash + TG on RHEL5. > > This entails turning on the releng2 guest which lives on xen2. This > guest has been down for a while now, and could possibly break something by > coming back up. > > Anyone against this, or think it is a Bad Idea ? > So these are the risks: 1) I don't know what state this box is in 2) I don't know what IP its listening on 2) is easy to check and fix without much issue. 1) I'm not sure about. Luke, did you or Jesse setup any cron jobs or anything on there that you know of? -Mike From skvidal at fedoraproject.org Mon May 5 20:37:53 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 05 May 2008 16:37:53 -0400 Subject: Change request: start releng2 guest on xen2 In-Reply-To: <20080505203310.GE3718@x300.redhat.com> References: <20080505203310.GE3718@x300.redhat.com> Message-ID: <1210019873.12284.21.camel@cutter> On Mon, 2008-05-05 at 16:33 -0400, Luke Macken wrote: > Hey guys, > > I'd like to start preparing for the releng1->releng2 move, and begin > testing bodhi + mash + TG on RHEL5. > > This entails turning on the releng2 guest which lives on xen2. This > guest has been down for a while now, and could possibly break something by > coming back up. > > Anyone against this, or think it is a Bad Idea ? > -1. Let's let this sit until F9 is done and out. We can break things a week after the release. -sv From lmacken at redhat.com Tue May 6 00:26:42 2008 From: lmacken at redhat.com (Luke Macken) Date: Mon, 5 May 2008 20:26:42 -0400 Subject: Change request: start releng2 guest on xen2 In-Reply-To: References: <20080505203310.GE3718@x300.redhat.com> Message-ID: <20080506002641.GA4272@x300> On Mon, May 05, 2008 at 03:30:22PM -0500, Mike McGrath wrote: > On Mon, 5 May 2008, Luke Macken wrote: > > > Hey guys, > > > > I'd like to start preparing for the releng1->releng2 move, and begin > > testing bodhi + mash + TG on RHEL5. > > > > This entails turning on the releng2 guest which lives on xen2. This > > guest has been down for a while now, and could possibly break something by > > coming back up. > > > > Anyone against this, or think it is a Bad Idea ? > > > > So these are the risks: > > 1) I don't know what state this box is in > 2) I don't know what IP its listening on > > > 2) is easy to check and fix without much issue. 1) I'm not sure about. > > Luke, did you or Jesse setup any cron jobs or anything on there that you > know of? Nope, I didn't setup anything on the box. I'm fine with holding off on this task until after the release. luke From jkeating at redhat.com Tue May 6 01:33:03 2008 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 05 May 2008 21:33:03 -0400 Subject: Change request: start releng2 guest on xen2 In-Reply-To: References: <20080505203310.GE3718@x300.redhat.com> Message-ID: <1210037583.29415.120.camel@localhost.localdomain> On Mon, 2008-05-05 at 15:30 -0500, Mike McGrath wrote: > > Luke, did you or Jesse setup any cron jobs or anything on there that > you > know of? I'm not aware of ever actually logging in to this instance. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue May 6 19:44:14 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 6 May 2008 14:44:14 -0500 (CDT) Subject: change request (CROND) Message-ID: This weekends outage we disabled crond on a bunch of the boxes. We forgot to re-enable them on a few. I'd like to enable them. Risk: Moderate I can't think of anything that'd break per-say.. Its just a couple of boxes though. None of them in Fedora's critical path except for our torrent server. anyone want to +1? -Mike From skvidal at fedoraproject.org Tue May 6 19:56:47 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 06 May 2008 15:56:47 -0400 Subject: change request (CROND) In-Reply-To: References: Message-ID: <1210103807.12284.46.camel@cutter> On Tue, 2008-05-06 at 14:44 -0500, Mike McGrath wrote: > This weekends outage we disabled crond on a bunch of the boxes. We forgot > to re-enable them on a few. I'd like to enable them. > > Risk: Moderate > > I can't think of anything that'd break per-say.. Its just a couple of > boxes though. None of them in Fedora's critical path except for our > torrent server. > > anyone want to +1? > +1 - and I'll take care of the duke ones if that's okay? -sv From dennis at ausil.us Tue May 6 19:57:59 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 6 May 2008 14:57:59 -0500 Subject: change request (CROND) In-Reply-To: References: Message-ID: <200805061458.05134.dennis@ausil.us> On Tuesday 06 May 2008, Mike McGrath wrote: > This weekends outage we disabled crond on a bunch of the boxes. We forgot > to re-enable them on a few. I'd like to enable them. > > Risk: Moderate > > I can't think of anything that'd break per-say.. Its just a couple of > boxes though. None of them in Fedora's critical path except for our > torrent server. > > anyone want to +1? > +1 cron is pretty important Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Tue May 6 20:26:20 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 6 May 2008 15:26:20 -0500 (CDT) Subject: change request (CROND) In-Reply-To: <1210103807.12284.46.camel@cutter> References: <1210103807.12284.46.camel@cutter> Message-ID: On Tue, 6 May 2008, seth vidal wrote: > On Tue, 2008-05-06 at 14:44 -0500, Mike McGrath wrote: > > This weekends outage we disabled crond on a bunch of the boxes. We forgot > > to re-enable them on a few. I'd like to enable them. > > > > Risk: Moderate > > > > I can't think of anything that'd break per-say.. Its just a couple of > > boxes though. None of them in Fedora's critical path except for our > > torrent server. > > > > anyone want to +1? > > > > +1 - and I'll take care of the duke ones if that's okay? > Have at it. -Mike From skvidal at fedoraproject.org Tue May 6 20:37:48 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 06 May 2008 16:37:48 -0400 Subject: change request (CROND) In-Reply-To: References: <1210103807.12284.46.camel@cutter> Message-ID: <1210106268.12284.48.camel@cutter> On Tue, 2008-05-06 at 15:26 -0500, Mike McGrath wrote: > On Tue, 6 May 2008, seth vidal wrote: > > > On Tue, 2008-05-06 at 14:44 -0500, Mike McGrath wrote: > > > This weekends outage we disabled crond on a bunch of the boxes. We forgot > > > to re-enable them on a few. I'd like to enable them. > > > > > > Risk: Moderate > > > > > > I can't think of anything that'd break per-say.. Its just a couple of > > > boxes though. None of them in Fedora's critical path except for our > > > torrent server. > > > > > > anyone want to +1? > > > > > > > +1 - and I'll take care of the duke ones if that's okay? > > > > Have at it. > done. -sv From stickster at gmail.com Thu May 8 02:47:39 2008 From: stickster at gmail.com (Paul W. Frields) Date: Thu, 08 May 2008 02:47:39 +0000 Subject: Using consistent URLs Message-ID: <1210214859.7392.218.camel@localhost.localdomain> One of the issues that we talked about at today's "release readiness" meeting -- made up of reps from many subprojects in Fedora -- the issue of using consistent URLs came up. If we can settle on URLs that can cross releases, and use them consistently for any public communication, it's easier for us to (1) provide a good user experience through superior Web server administration, (2) track on metrics of user visits, and (3) create unified marketing materials. In our press releases, stories for digg, Slashdot, and anywhere else people might see them, let's make sure we are using these URLs: To get Fedora: --> http://get.fedoraproject.org/ To join Fedora: --> http://join.fedoraproject.org/ To read Release Notes: --> http://docs.fedoraproject.org/release-notes --> http://docs.fedoraproject.org/ (can be shortened if needed) -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Thu May 8 15:46:42 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 08 May 2008 11:46:42 -0400 Subject: user-added planet script Message-ID: <1210261602.28648.21.camel@cutter> Hey folks, I'm working on a script to collect blog/name/hackergotchi entries from users homedirs on fedorapeople.org and assemble them into a config file for planet to use. All the bits about grabbing the files are clearly simple. My only question is this: - Should I just have the user put one (or more) planet config stanzas in a file in their homedir or have them list just the blog feed url, the hackergotchi url and their name and try to parse that out? I'm inclined to the former. So a user could just have a .planet file that has: [http://skvidal.wordpress.com/feed/] name = Seth Vidal face = http://skvidal.fedorapeople.org/skvidal.png which I could read in using configparser, throw out errors about any duplicates and also balk if someone tries to over [Planet] or something like that. so, I wanted some feedback on what people thought would be the better choice. thanks, -sv -- I only speak for me. From notting at redhat.com Thu May 8 15:50:31 2008 From: notting at redhat.com (Bill Nottingham) Date: Thu, 8 May 2008 11:50:31 -0400 Subject: user-added planet script In-Reply-To: <1210261602.28648.21.camel@cutter> References: <1210261602.28648.21.camel@cutter> Message-ID: <20080508155031.GA31167@nostromo.devel.redhat.com> seth vidal (skvidal at fedoraproject.org) said: > Hey folks, > I'm working on a script to collect blog/name/hackergotchi entries > from users homedirs on fedorapeople.org and assemble them into a config > file for planet to use. All the bits about grabbing the files are > clearly simple. My only question is this: > - Should I just have the user put one (or more) planet config stanzas > in a file in their homedir or have them list just the blog feed url, the > hackergotchi url and their name and try to parse that out? > > I'm inclined to the former. So a user could just have a .planet file > that has: > > [http://skvidal.wordpress.com/feed/] > name = Seth Vidal > face = http://skvidal.fedorapeople.org/skvidal.png Would there be a good way to blacklist entries if we needed to in a rush? Or would we just edit the master config and disable the script? Bill From skvidal at fedoraproject.org Thu May 8 15:57:18 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 08 May 2008 11:57:18 -0400 Subject: user-added planet script In-Reply-To: <20080508155031.GA31167@nostromo.devel.redhat.com> References: <1210261602.28648.21.camel@cutter> <20080508155031.GA31167@nostromo.devel.redhat.com> Message-ID: <1210262238.28648.25.camel@cutter> On Thu, 2008-05-08 at 11:50 -0400, Bill Nottingham wrote: > seth vidal (skvidal at fedoraproject.org) said: > > Hey folks, > > I'm working on a script to collect blog/name/hackergotchi entries > > from users homedirs on fedorapeople.org and assemble them into a config > > file for planet to use. All the bits about grabbing the files are > > clearly simple. My only question is this: > > - Should I just have the user put one (or more) planet config stanzas > > in a file in their homedir or have them list just the blog feed url, the > > hackergotchi url and their name and try to parse that out? > > > > I'm inclined to the former. So a user could just have a .planet file > > that has: > > > > [http://skvidal.wordpress.com/feed/] > > name = Seth Vidal > > face = http://skvidal.fedorapeople.org/skvidal.png > > Would there be a good way to blacklist entries if we needed to in > a rush? Or would we just edit the master config and disable the > script? > I was thinking of just having a 'ignore users' config option for the script so it would just skip their dirs if there was a problem. -sv From linux at elfshadow.net Thu May 8 16:06:51 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Thu, 8 May 2008 12:06:51 -0400 Subject: user-added planet script In-Reply-To: <1210262238.28648.25.camel@cutter> References: <1210261602.28648.21.camel@cutter> <20080508155031.GA31167@nostromo.devel.redhat.com> <1210262238.28648.25.camel@cutter> Message-ID: <10e0a9b00805080906j7fdcb591y29df2d689cf86220@mail.gmail.com> On Thu, May 8, 2008 at 11:57 AM, seth vidal wrote: > > Should I just have the user put one (or more) planet config stanzas > > in a file in their homedir or have them list just the blog feed url, the > > hackergotchi url and their name and try to parse that out? > > > > I'm inclined to the former. So a user could just have a .planet file > > that has: > > > > [http://skvidal.wordpress.com/feed/] > > name = Seth Vidal > > face = http://skvidal.fedorapeople.org/skvidal.png I would lean towards using a .planet file with a config stanza similar to your example. Easy to read and easy to document on the wiki for the format. > I was thinking of just having a 'ignore users' config option for the > script so it would just skip their dirs if there was a problem. Having this as an option would be a good thing as well, should the need arise in the future. ~Jeffrey From nicu_fedora at nicubunu.ro Thu May 8 16:20:22 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Thu, 08 May 2008 19:20:22 +0300 Subject: user-added planet script In-Reply-To: <1210262238.28648.25.camel@cutter> References: <1210261602.28648.21.camel@cutter> <20080508155031.GA31167@nostromo.devel.redhat.com> <1210262238.28648.25.camel@cutter> Message-ID: <48232846.9010909@nicubunu.ro> seth vidal wrote: > On Thu, 2008-05-08 at 11:50 -0400, Bill Nottingham wrote: >> seth vidal (skvidal at fedoraproject.org) said: >>> Hey folks, >>> I'm working on a script to collect blog/name/hackergotchi entries >>> from users homedirs on fedorapeople.org and assemble them into a config >>> file for planet to use. All the bits about grabbing the files are >>> clearly simple. My only question is this: >>> - Should I just have the user put one (or more) planet config stanzas >>> in a file in their homedir or have them list just the blog feed url, the >>> hackergotchi url and their name and try to parse that out? >>> >>> I'm inclined to the former. So a user could just have a .planet file >>> that has: >>> >>> [http://skvidal.wordpress.com/feed/] >>> name = Seth Vidal >>> face = http://skvidal.fedorapeople.org/skvidal.png Add here probably a "language" for when/if we will have language based sub-planets. It is possible to have multiple values, like language = english, french for the case when someone blogs about half the time in one language and half in another? On the topic of multiple values (if possible), how about "group", so we have the possibility of running sub-planet for distinct groups based on their area of activity, like an aggregation of the "art" people, or "developers" or "ambassadors", etc. Like: group = art, ambassadors, marketing >> Would there be a good way to blacklist entries if we needed to in >> a rush? Or would we just edit the master config and disable the >> script? > > I was thinking of just having a 'ignore users' config option for the > script so it would just skip their dirs if there was a problem. I think this sounds fair. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com From skvidal at fedoraproject.org Thu May 8 16:44:55 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 08 May 2008 12:44:55 -0400 Subject: user-added planet script In-Reply-To: <48232846.9010909@nicubunu.ro> References: <1210261602.28648.21.camel@cutter> <20080508155031.GA31167@nostromo.devel.redhat.com> <1210262238.28648.25.camel@cutter> <48232846.9010909@nicubunu.ro> Message-ID: <1210265095.28648.29.camel@cutter> On Thu, 2008-05-08 at 19:20 +0300, Nicu Buculei wrote: > Add here probably a "language" for when/if we will have language based > sub-planets. It is possible to have multiple values, like > language = english, french > for the case when someone blogs about half the time in one language and > half in another? > actually I was thinking of just having different .planet files: .planet.fr == planet french .planet.art = planet art etc, etc. a simple type of group. -sv From mmcgrath at redhat.com Thu May 8 16:45:14 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 8 May 2008 11:45:14 -0500 (CDT) Subject: mod_wsgi vs cherrypy Message-ID: As many of you have seen we've started getting timeouts with fasClient against the accounts system. After some probing I decided to look at alternate deployment methods. Bottom line... python threading blows. So here's the scoop. Right now we use cherrypy + supervisor to deploy each turbogears app. Each app gets its own port. WSGI also relies on cherrypy but does things in a different way. mod_wsgi is an apache plugin, and instead of every app getting its own port, it gets its own apache namespace (like /accounts/) mod_wsgi can be setup to deploy more then one process at a time and send requests to both. Straight tg + cherrypy cannot do this unless you have two instance listening on different ports and have a load balancer in front sending to both ports. So I ran some tests. (attached and at - http://mmcgrath.fedorapeople.org/wsgivscherrypy1.png) After proper tuning for the machine mod_wsgi was not only a little faster (20 seconds faster in the extreme end) it was also considerably more reliable and scaled predictably. Straight cherrypy would reliably die on me at around 40 concurrent requests. Those requests would complete but sometimes timeout or take too long for the client to listen. I think this is helping attribute to whats going on in our environment. The test in question was /accounts/group/list (its not a quick/small request) There's other code changes on the way but I think mod_wsgi is a win for us in this instance. After the freeze I'd like to deploy it on the fas boxes and see how things go. We should then talk about our other deployments. I like supervisord but it may be better for us in the long run to use apache straight up. Also we get some other niceties like being able to more easily serve static content, and all the mod_[headers,rewrite] stuff as well that comes with apache. Thoughts, questions, comments? -Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: wsgivscherrypy1.png Type: image/png Size: 18632 bytes Desc: URL: From dennis at ausil.us Thu May 8 16:58:58 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 8 May 2008 11:58:58 -0500 Subject: xen5 change request Message-ID: <200805081159.07171.dennis@ausil.us> prior to the network maintenance outage, we had puppet disbaled on xen5 and iptables stopped. as an interim measure i would like to return to that state so that backups will run again. longer term, we need to adjust iptables. But for right now just wanting to do the minimum to have backups functioning again. nothing else runs on xen5 so its low impact. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From skvidal at fedoraproject.org Thu May 8 17:06:29 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 08 May 2008 13:06:29 -0400 Subject: xen5 change request In-Reply-To: <200805081159.07171.dennis@ausil.us> References: <200805081159.07171.dennis@ausil.us> Message-ID: <1210266389.28648.31.camel@cutter> On Thu, 2008-05-08 at 11:58 -0500, Dennis Gilmore wrote: > prior to the network maintenance outage, we had puppet disbaled on xen5 and > iptables stopped. as an interim measure i would like to return to that state > so that backups will run again. longer term, we need to adjust iptables. > > But for right now just wanting to do the minimum to have backups functioning > again. nothing else runs on xen5 so its low impact. > what else is running on xen5? -sv From dennis at ausil.us Thu May 8 17:33:02 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 8 May 2008 12:33:02 -0500 Subject: xen5 change request In-Reply-To: <1210266389.28648.31.camel@cutter> References: <200805081159.07171.dennis@ausil.us> <1210266389.28648.31.camel@cutter> Message-ID: <200805081233.04490.dennis@ausil.us> On Thursday 08 May 2008, seth vidal wrote: > On Thu, 2008-05-08 at 11:58 -0500, Dennis Gilmore wrote: > > prior to the network maintenance outage, we had puppet disbaled on xen5 > > and iptables stopped. as an interim measure i would like to return to > > that state so that backups will run again. longer term, we need to > > adjust iptables. > > > > But for right now just wanting to do the minimum to have backups > > functioning again. nothing else runs on xen5 so its low impact. > > what else is running on xen5? just bacula [root at xen5 ~]# xm list Name ID Mem(MiB) VCPUs State Time(s) Domain-0 0 3886 2 r----- 3431.6 [root at xen5 ~]# ps axf PID TTY STAT TIME COMMAND 1 ? Ss 0:03 init [3] 2 ? S 0:00 [migration/0] 3 ? SN 0:00 [ksoftirqd/0] 4 ? S 0:00 [watchdog/0] 5 ? S 0:00 [migration/1] 6 ? SN 0:00 [ksoftirqd/1] 7 ? S 0:00 [watchdog/1] 8 ? S< 0:00 [events/0] 9 ? S< 0:00 [events/1] 10 ? S< 0:00 [khelper] 11 ? S< 0:00 [kthread] 13 ? S< 0:00 \_ [xenwatch] 14 ? S< 0:00 \_ [xenbus] 17 ? S< 0:00 \_ [kblockd/0] 18 ? S< 0:00 \_ [kblockd/1] 19 ? S< 0:00 \_ [kacpid] 125 ? S< 0:00 \_ [cqueue/0] 126 ? S< 0:00 \_ [cqueue/1] 130 ? S< 0:00 \_ [khubd] 132 ? S< 0:00 \_ [kseriod] 194 ? S 0:00 \_ [pdflush] 195 ? S 0:00 \_ [pdflush] 196 ? S< 0:00 \_ [kswapd0] 197 ? S< 0:00 \_ [aio/0] 198 ? S< 0:00 \_ [aio/1] 336 ? S< 0:00 \_ [kpsmoused] 377 ? S< 0:00 \_ [scsi_eh_0] 378 ? S< 0:00 \_ [scsi_eh_1] 391 ? S< 0:00 \_ [ksnapd] 396 ? S< 0:00 \_ [md2_raid1] 399 ? S< 0:00 \_ [md1_raid1] 402 ? S< 0:00 \_ [md0_raid1] 407 ? S< 0:00 \_ [kjournald] 434 ? S< 0:00 \_ [kauditd] 869 ? S< 0:00 \_ [ata/0] 870 ? S< 0:00 \_ [ata/1] 871 ? S< 0:00 \_ [ata_aux] 884 ? S< 0:00 \_ [kedac] 946 ? S< 0:00 \_ [scsi_eh_2] 1420 ? S< 0:00 \_ [scsi_eh_3] 2140 ? S< 0:02 \_ [md3_raid5] 2152 ? S< 0:00 \_ [kmpathd/0] 2153 ? S< 0:00 \_ [kmpathd/1] 2177 ? S< 0:00 \_ [kjournald] 2179 ? S< 0:05 \_ [kjournald] 2335 ? S< 0:00 \_ [ib_mcast] 2339 ? S< 0:00 \_ [local_sa] 2343 ? S< 0:00 \_ [ib_addr_wq] 2347 ? S< 0:00 \_ [iw_cm_wq] 2352 ? S< 0:00 \_ [ib_cm/0] 2353 ? S< 0:00 \_ [ib_cm/1] 2357 ? S< 0:00 \_ [rdma_cm_wq] 2815 ? S< 0:00 \_ [scsi_eh_4] 2816 ? S< 0:00 \_ [scsi_wq_4] 3016 ? SN 0:36 \_ [kipmi0] 463 ? S References: <200805081159.07171.dennis@ausil.us> <1210266389.28648.31.camel@cutter> <200805081233.04490.dennis@ausil.us> Message-ID: <1210268899.28648.33.camel@cutter> On Thu, 2008-05-08 at 12:33 -0500, Dennis Gilmore wrote: > On Thursday 08 May 2008, seth vidal wrote: > > On Thu, 2008-05-08 at 11:58 -0500, Dennis Gilmore wrote: > > > prior to the network maintenance outage, we had puppet disbaled on xen5 > > > and iptables stopped. as an interim measure i would like to return to > > > that state so that backups will run again. longer term, we need to > > > adjust iptables. > > > > > > But for right now just wanting to do the minimum to have backups > > > functioning again. nothing else runs on xen5 so its low impact. > > > > what else is running on xen5? > just bacula Then I'd say +1. -sv From dennis at ausil.us Thu May 8 17:53:11 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 8 May 2008 12:53:11 -0500 Subject: xen5 change request In-Reply-To: <1210268899.28648.33.camel@cutter> References: <200805081159.07171.dennis@ausil.us> <200805081233.04490.dennis@ausil.us> <1210268899.28648.33.camel@cutter> Message-ID: <200805081253.19374.dennis@ausil.us> On Thursday 08 May 2008, seth vidal wrote: > On Thu, 2008-05-08 at 12:33 -0500, Dennis Gilmore wrote: > > On Thursday 08 May 2008, seth vidal wrote: > > > On Thu, 2008-05-08 at 11:58 -0500, Dennis Gilmore wrote: > > > > prior to the network maintenance outage, we had puppet disbaled on > > > > xen5 and iptables stopped. as an interim measure i would like to > > > > return to that state so that backups will run again. longer term, we > > > > need to adjust iptables. > > > > > > > > But for right now just wanting to do the minimum to have backups > > > > functioning again. nothing else runs on xen5 so its low impact. > > > > > > what else is running on xen5? > > > > just bacula > > Then I'd say +1. > -sv Done Thanks Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From ricky at fedoraproject.org Thu May 8 23:09:18 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 8 May 2008 19:09:18 -0400 Subject: Change Request: Setup Awstats for download.fp.o (and fix the torrent.fp.o one) In-Reply-To: <20080505052313.GG11941@Max> References: <20080504164656.GA11941@Max> <1209961660.8460.2.camel@cutter> <20080505052313.GG11941@Max> Message-ID: <20080508230918.GD26815@Max> On 2008-05-05 01:23:13 AM, Ricky Zhou wrote: > Oh wow, yet another good point. It looks like everything I was > interested in is at http://torrent.fedoraproject.org:6969/. Whoops, I take that back - it doesn't seem to give a downloads vs. time like awstats did. Still, I'll ask around sometime after the freeze. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ricky at fedoraproject.org Thu May 8 23:47:51 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 8 May 2008 19:47:51 -0400 Subject: Meeting Log - 2008-05-08 Message-ID: <20080508234751.GE26815@Max> 16:01 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 16:01 * lmacken 16:01 -!- TheorEPhysicist [n=jfghlynx at 213.37.199.3.dyn.user.ono.com] has joined #fedora-meeting 16:01 < skvidal> I still miss the days when warren and jeremy would fall off 16:01 < TheorEPhysicist> Hello, I have a question on Fedora, could someone help me? 16:01 * skvidal is here 16:01 < lmacken> skvidal: me too :) 16:01 * jeremy kicks skvidal 16:01 -!- mccann [n=jmccann at nat/redhat-us/x-5e0d390b6441be74] has joined #fedora-meeting 16:01 < skvidal> TheorEPhysicist: ask in #fedora 16:02 < TheorEPhysicist> skvidal?a theoretical physicist? 16:02 < warren> I can still fall off for you. 16:02 < skvidal> TheorEPhysicist: you have a fedora question for a theoretical physicist? 16:02 * skvidal looks at spoleeba 16:02 < mmcgrath> Alllrighty, lets get this party started. 16:03 < spoleeba> skvidal, im not a theorist 16:03 < TheorEPhysicist> no, so, I should move to annother channel? 16:03 < spoleeba> skvidal, in theory....im an experimentalist 16:03 < skvidal> TheorEPhysicist: yah 16:03 < skvidal> TheorEPhysicist: this channel is for meetings 16:03 < skvidal> not for general questions 16:03 < TheorEPhysicist> OK, thanks!!!! 16:03 < skvidal> TheorEPhysicist: try #fedora and/or ask for spoleeba - he's a physicist of sorts 16:04 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- F9 Release. 16:04 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&milestone=Fedora+9 16:04 < zodbot> mmcgrath: http://tinyurl.com/25vzyu 16:04 < mmcgrath> so.. 16:04 < mmcgrath> .ticket 421 16:04 < zodbot> mmcgrath: #421 (Fedora Mirror Space) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/421 16:04 < mmcgrath> skvidal: how's archive look? 16:04 < skvidal> running fine 16:04 -!- notting [n=notting at redhat/notting] has joined #fedora-meeting 16:04 < mmcgrath> how much is copied over there? 16:04 < skvidal> fc1 is on there 16:04 < skvidal> nothing else 16:04 < skvidal> b/c I can't get to the bits :) 16:05 < skvidal> f13 asked to wait until f9 is out b/c of bandwidth limits 16:05 < skvidal> only problem with archive right now is that it appears bu is blocking 873 at the router 16:05 < mmcgrath> huh? really? 16:05 < mmcgrath> ah 16:05 < skvidal> but it is up 16:05 < skvidal> it is archive.fp.o and archives.fp.o 16:05 < skvidal> it just needs more bits 16:05 < mmcgrath> we'll want to get rid of one of those and decide which one is canonical. 16:06 -!- TheorEPhysicist [n=jfghlynx at 213.37.199.3.dyn.user.ono.com] has left #fedora-meeting [] 16:06 < skvidal> we do? 16:06 < mmcgrath> yeah. 16:06 < skvidal> why not just leave both - they're just an alias 16:06 < mmcgrath> its confusing. 16:06 < skvidal> to whom? 16:06 < mmcgrath> and I've regreted stuff like that in the past. 16:06 < skvidal> okay 16:06 < mmcgrath> less is more :) 16:06 < skvidal> let me know which one you pick, I seriously have no preference 16:07 < mmcgrath> I'd say archive. since its not downloads.fedoraproject.org 16:07 < mmcgrath> So right now there's 161G free on /pub 16:07 < skvidal> umm 16:08 < skvidal> what? 16:08 < skvidal> on pub of archive? 16:08 < skvidal> or pub of d.fp.o? 16:08 < mmcgrath> pub of the actual primary mirror. 16:08 < skvidal> ah 16:08 < skvidal> sorry 16:08 < skvidal> okay 16:08 -!- Gaaruto [n=Gaaruto at atm91-2-82-241-141-128.fbx.proxad.net] has quit "++" 16:08 < skvidal> mmcgrath: should I wait until post-f9 to drop the other name or just do it now? 16:09 < mmcgrath> It can wait 16:09 < mmcgrath> afaik 16:09 < mmcgrath> .421 is fine for space. 16:09 < mmcgrath> f13: would you mind closing that ticket? 16:09 < mmcgrath> .ticket 421 16:09 < zodbot> mmcgrath: #421 (Fedora Mirror Space) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/421 16:09 < f13> oh yeah, I was going to get you a final bit count 16:09 < mmcgrath> if we need to we still have plenty of time to free up space on that box. 16:09 < f13> 114G /pub/fedora/linux/releases/9/ 16:10 < mmcgrath> 16:10 < mmcgrath> Ok, we'll move on to the next bit 16:10 < mmcgrath> .ticket 526 16:10 < zodbot> mmcgrath: #526 (Torrent Prep) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/526 16:11 < mmcgrath> f13: is this something you're going to do or just someone in rel-eng? (or should someone from infra do it?) 16:11 < f13> debuginfo /huge/ 16:11 < mmcgrath> its still group assigned. 16:11 < f13> mmcgrath: seth has done it in the past, as has skvidal 16:11 < skvidal> haha 16:11 < mmcgrath> skvidal: you up for that again this release? 16:11 < f13> leave it group assigned, I imagine we'll start uploading it tomorrow. 16:11 < f13> er whoops 16:11 < skvidal> the torrent? 16:11 < mmcgrath> k 16:11 < skvidal> sure 16:11 < f13> seth as has jeremy 16:11 < skvidal> f13: I liked the idea that I have done it as has me 16:11 < f13> I don't mind doing it, I should have clear decks tomorrow 16:11 < mmcgrath> I'm fine with either, I just wanted to make sure someone knows to do it if not I will. 16:12 < skvidal> umm 16:12 < f13> and could use an easy target. 16:12 < skvidal> when would that likely happen? 16:12 < skvidal> b/c I'm going to be visiting my mom this weekend 16:12 < skvidal> and I may or may not be close to a computer 16:12 < f13> skvidal: I was going to start around 10am EST 16:12 < f13> with the scps 16:12 < skvidal> which day? 16:12 < skvidal> tomorrow? 16:12 < skvidal> f13: oh can I ask another question? 16:12 < skvidal> f13: export bits? 16:13 < skvidal> do we need to set that up? 16:13 -!- couf [n=bart at fedora/couf] has quit "leaving" 16:13 -!- fugolini [n=francesc at 87.13.178.128] has left #fedora-meeting [] 16:13 < f13> skvidal: yes, tomorrow. 16:13 < skvidal> okie doke 16:13 < dgilmore> crap im here 16:13 < f13> RE Export bits, we can give them the projected final url for filing 16:13 < skvidal> okie doke 16:13 < f13> I'll need to do that tomorrow, is there a ticket for this? 16:13 < f13> (and is it assigned to me?) 16:14 < mmcgrath> f13: export bits? No, is that just the "send the URl to legal for export compliance" thing? 16:15 < f13> mmcgrath: yes. 16:15 < mmcgrath> f13: I'll create a ticket right after the meeting if you haven't already and make sure it gets added to the SOP. 16:15 -!- rdieter is now known as rdieter_away 16:16 < f13> thanks 16:16 < mmcgrath> f13: so do you want me to leave 16:16 < mmcgrath> .ticket 526 16:16 < zodbot> mmcgrath: #526 (Torrent Prep) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/526 16:16 < mmcgrath> assigned to rel-eng? 16:16 -!- tibbs [n=tibbs at fedora/tibbs] has quit "Konversation terminated!" 16:17 < f13> mmcgrath: please. 16:17 < mmcgrath> k 16:17 < mmcgrath> .ticket 528 16:17 < zodbot> mmcgrath: #528 (Release Day Links) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/528 16:17 < mmcgrath> We had a meeting about this yesterday, we'll make sure they're all on a wiki page somewhere and I'm going to spend some time on a script that actually creates static copies of this. 16:17 < mmcgrath> .ticket 389 16:17 < zodbot> mmcgrath: #389 (Monitor primary mirror) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/389 16:18 < mmcgrath> I don't think 389 is actually going to get done for F9, its not a blocker though so not a big deal. 16:18 < mmcgrath> .54 got moved until just after the change freeze for stability concerns. 16:18 < mmcgrath> .280 16:18 < mmcgrath> .ticket 280 16:18 < zodbot> mmcgrath: #280 (DHCP Server off of lockbox) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/280 16:18 < mmcgrath> is done, I'll close that now. 16:18 < mmcgrath> .ticket 333 16:18 < zodbot> mmcgrath: #333 (Add spam headers to bastion (smtp)) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/333 16:19 < mmcgrath> is blocking on 54 and is also a just after F9 launches thing. 16:19 < mmcgrath> .ticket 411 16:19 < zodbot> mmcgrath: #411 (New Website Fedora - 9) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/411 16:19 < mmcgrath> This is in good shape, we won't close it until its actually live though. 16:19 < mmcgrath> .ticket 416 16:19 < zodbot> mmcgrath: #416 (Infrastructure Change Freeze) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/416 16:19 < mmcgrath> This has been fine. 16:20 < mmcgrath> f13: I saw some murmurings in #fedora-devel this morning about cd's, what was the final outcome of that? 16:20 < notting> we are respinning cd images as we speak 16:21 < mmcgrath> notting: so long story short, thats not as big of a deal as it first seemed? 16:21 < f13> mmcgrath: x86_64 and ppc split CDs are respinning, and will be re-uploaded 16:21 -!- GeroldKa [n=GeroldKa at fedora/geroldka] has joined #fedora-meeting 16:21 < f13> mmcgrath: it's sitll a pretty big deal, and will cause a 0-day anaconda update to match what we hacked together here. 16:21 < mmcgrath> but as of right now we're still on schedule to release on the 13th? 16:22 < f13> yes 16:22 < mmcgrath> solid. 16:22 < mmcgrath> So thats really all I had related to the release. 16:22 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor (release stuff only please) 16:22 < mmcgrath> does anyone have anything else they'd like to discuss related to the release? 16:23 < mmcgrath> I'll take that as a no. 16:23 < mmcgrath> so next bit 16:23 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- mod_wsgi vs straight cherrypy 16:24 < mmcgrath> lmacken abadger1999 ricky: any thoughts on that? 16:24 * dgilmore is all for reliability 16:24 < abadger1999> I want mod_wsgi 16:24 < mmcgrath> I saw no tangible downside to doing this. 16:24 < lmacken> WSGI is the way to go, and mod_wsgi looks to have great benefits 16:24 < lmacken> it'll definitely put us in the right direction for adopting TG2 as well 16:24 < abadger1999> How do we restart pps under mod_wsgi? 16:24 < abadger1999> restart apache? 16:24 < abadger1999> s/pps/apps/ 16:25 < mmcgrath> interestingly I found that lots of other of our applications could use the WSGI interface as well so we could at least have common configuration components that way. 16:25 < mmcgrath> abadger1999: yeah, just restart apache. 16:25 < abadger1999> Very nice. 16:25 * mmcgrath wonders if a graceful would work. 16:25 -!- wolfy [n=lonewolf at fedora/wolfy] has left #fedora-meeting ["I fought the lawn, and the - lawn won!"] 16:25 < abadger1999> Okay... so the only drawback of that is that we'd have to restart all of the apps on a machine if we update one. 16:25 < mmcgrath> abadger1999: the other thing thats nice is we can control memory bloat through other means like limiting the number of requests a process will be allowed to run before restarting, etc. 16:26 < abadger1999> mmcgrath: :-) That makes very happy 16:26 < mmcgrath> abadger1999: yes, with the exception of a graceful which, if I understand how it _should_ work... is something like this. 16:26 < abadger1999> 16:26 < mmcgrath> any http processes that are currently in use will be told to restart when they are done. 16:26 < mmcgrath> any process not in use is told to restart and it does so. 16:26 < abadger1999> There was also a startup cost, though? 16:27 < mmcgrath> so there should be no actual downtime. The only thing is after httpd is restarted, the initial request to start the processes usually takes an additional 3-5 seconds because its actually starting turbogears. 16:27 < abadger1999> Ah. 3-5 seconds isn't bad. 16:27 < mmcgrath> the startup cost is pretty high but still not horrible. 16:27 < abadger1999> I'm all for this. 16:27 * lmacken too 16:28 < mmcgrath> especially since, in my tests, its only worth it to have the number of processes == the number of cpus you have so its not like a whole lot of them will be starting at once. 16:28 < mmcgrath> alrighty then, we'll deploy this right after F9 ships. 16:28 < mmcgrath> I'll stick what I have for fas.wsgi into the git repo with directions on how to get it going. 16:28 < mmcgrath> abadger1999: interested in helping me test it? 16:28 -!- petreu| [n=peter at p3EE3E652.dip.t-dialin.net] has quit Read error: 113 (No route to host) 16:28 < lmacken> what TG changes did you have to make to get it under mod_wsgi ? 16:28 < abadger1999> Sure. Can we deploy it on a publictest box? 16:29 < mmcgrath> lmacken: none, I just had to create a fas.wsgi file that had the proper paths in it. 16:29 < lmacken> awesome 16:29 < mmcgrath> I didn't even have to alter the fas.cfg which is handy when testing the difference between the two. 16:29 < mmcgrath> you can overwride any option in your prod.cfg 16:30 < mmcgrath> makes it easy to deploy cherrypy vs wsgi without any changes... you can even run them both at the same time on the same box. 16:30 < mmcgrath> abadger1999: 16:30 < mmcgrath> alrighty, if no one has anything else there I'll move on to the next bit. 16:31 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- My Trip to PHX. 16:31 < mmcgrath> so I'm going to be going to PHX at some point right after F9 ships. 16:31 < mmcgrath> I'll also be deployin gthe new wiki sometime right after PHX ships. 16:31 < dgilmore> :) 16:31 < dgilmore> so we will have how many new builders? 16:31 < mmcgrath> its two major projects that will happen in a short time so if you see me being un responsive or sending you guys stuff to do... thats why. 16:31 < mmcgrath> dgilmore: not sure, however many are in that blade center. 16:31 < abadger1999> 16:32 < mmcgrath> I've also got a bunch of new servers coming in, at least 5 that I can think of right now (thats 5 not including whats in the blade center) 16:32 < dgilmore> mmcgrath: excellent. i look forward to bringing them online 16:32 < notting> are we going to have a moin-is-dead release party? 16:32 < mmcgrath> notting: I sure hope so. 16:32 < dgilmore> notting: you get the pieces 16:32 < f13> more likea moin wake 16:32 < mmcgrath> I'm going to be replacing lockbox soon, as well as db1. 16:32 < dgilmore> :) 16:32 < mmcgrath> db3 is going to get brought up as a dedicated koji instance. 16:32 < mmcgrath> also we'll get 2 more application servers. 16:33 < mmcgrath> So... lots of stuff going on there. 16:33 < dgilmore> can we look at retiring hammer2, xenbuilder1 and ppc1 16:33 < mmcgrath> dgilmore: yeah, I was going to let those crazy old boxes die on their own but once the new blade centers are online we may decide to just get rid of them. 16:33 < mmcgrath> honestly as cheap as hammer2 is of a box, I can't believe its still going. 16:34 < dgilmore> mmcgrath: xenbuilder1 is the same hardware 16:34 < dgilmore> :) 16:34 < mmcgrath> yeah 16:34 < mmcgrath> they're both dirt old and somehow still kicking. 16:34 < mmcgrath> So does anyone have any concerns or comments or things they want me to do while I'm in PHX? 16:34 < dgilmore> ppc1 is only a few months younger 16:34 < mmcgrath> I'm not sure if it will be this trip or next but I'd like to move all of the buildsystem hardware into the same rack. 16:34 * dgilmore just wants the blades :) 16:35 < dgilmore> that would be nice 16:35 < dgilmore> though the bladecenter im assuming has a built in switch we will be using 16:35 < mmcgrath> Just so, if we decide to move it somewhere, we can easily say "yes, U4-19 of this rack is all the blade center gear, move it to the new $DATA_CENTER" 16:35 < mmcgrath> dgilmore: correct. 16:36 < mmcgrath> But after the new db3 is up and after we get xen2 dedicated to releng and build stuff we will have a complete separation of services of the build system from the rest of our services. 16:36 < dgilmore> mmcgrath: maybe look at it for the next trip 16:36 < mmcgrath> and thats a good thing. 16:36 < mmcgrath> alllrighty. 16:36 < dgilmore> move the ppc boxes and xenbuilder4 to the same place as the blade center 16:36 < mmcgrath> 16:36 < mmcgrath> So thats really all I had for this meeting 16:36 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 16:36 < mmcgrath> anyone have anything they'd like to discuss? 16:37 < mmcgrath> any noobs joining the team that want to say hi? 16:37 * dgilmore has been working on getting F-9 on the XO 16:37 < mmcgrath> dgilmore: how's that going? 16:37 < dgilmore> mmcgrath: slowly 16:37 < f13> I've got aline on some hardware donations from Pogo, that I'm getting more information on 16:37 < dgilmore> we got a nasty hack to mack upstart work 16:37 < wfp> I guess I'd be the noob joining the team, hi! 16:37 < dgilmore> im going to try make it better before making notting cry 16:38 < mmcgrath> wfp: hello! 16:38 < dgilmore> hi wfp 16:38 < mmcgrath> wfp: want to say a little about yourself and what you're interested in doing? 16:38 < notting> dgilmore: why would i cry? 16:38 < wfp> I sent an into to the mailing list. I've been doing SysAdmin and development for about 20 years now. 16:39 < wfp> (and why do I always mistype intro) Anyhow, not sure what/where to help. Just need to see what's needed. 16:39 < dgilmore> notting: it turns security off 16:40 < mmcgrath> wfp: well welcome. hang out in #fedora-admin and get to know everyone and whats going on. We're in a change freeze right now so not much actual admining is happening :) 16:40 < abadger1999> wfp: Welcome aboard! 16:40 < mmcgrath> Ok, well does anyone have anything else to discuss? If not we'll close the meeting in 30 16:40 < mmcgrath> 20 16:40 < mmcgrath> q0 16:40 < mmcgrath> 10 16:40 < mmcgrath> 5 16:40 * skvidal likes q0 16:41 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting DOOM! 16:41 < mmcgrath> I mean, meeting end. 16:41 < mmcgrath> Alrighty everyone. thanks for coming 16:41 < caillon> i'm gonna sing the doom song now! 16:41 < nirik> is that the new diet nyQuel with 0 calories? 16:41 < dgilmore> thanks mmcgrath -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mmcgrath at redhat.com Fri May 9 01:06:56 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 8 May 2008 20:06:56 -0500 (CDT) Subject: Cron /bin/sleep $(($RANDOM/90)); /usr/bin/fasClient -i (fwd) Message-ID: Ok, we know whats wrong we even know how to fix it. not worth the risk right now... mind if I > /dev/null this cron job in the meantime? +1? -Mike ---------- Forwarded message ---------- Date: Fri, 9 May 2008 00:33:08 GMT From: Cron Daemon To: root at ppc1.fedora.phx.redhat.com Subject: Cron /bin/sleep $(($RANDOM/90)); /usr/bin/fasClient -i HTTP Error 502: Proxy Error Traceback (most recent call last): File "/usr/bin/fasClient", line 561, in ? fas.make_group_db() File "/usr/bin/fasClient", line 396, in make_group_db self.groups_text() File "/usr/bin/fasClient", line 333, in groups_text self.people_list() File "/usr/bin/fasClient", line 388, in people_list self.people = self.send_request('user/list', auth=True, input=params)['people'] File "/usr/lib/python2.4/site-packages/fedora/tg/client.py", line 211, in send_request raise ServerError, str(e) fedora.tg.client.ServerError: HTTP Error 502: Proxy Error From skvidal at fedoraproject.org Fri May 9 01:31:20 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 08 May 2008 21:31:20 -0400 Subject: Cron /bin/sleep $(($RANDOM/90)); /usr/bin/fasClient -i (fwd) In-Reply-To: References: Message-ID: <1210296680.18341.3.camel@cutter> On Thu, 2008-05-08 at 20:06 -0500, Mike McGrath wrote: > Ok, we know whats wrong > > we even know how to fix it. > > not worth the risk right now... mind if I > /dev/null this cron job in the > meantime? > > +1? I think I'd rather keep it around, if only so we don't forget it and so we aren't missing some other error that will, undoubtedly, come up. -sv From nicu_fedora at nicubunu.ro Fri May 9 06:43:45 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Fri, 09 May 2008 09:43:45 +0300 Subject: user-added planet script In-Reply-To: <1210261602.28648.21.camel@cutter> References: <1210261602.28648.21.camel@cutter> Message-ID: <4823F2A1.8040603@nicubunu.ro> seth vidal wrote: > I'm inclined to the former. So a user could just have a .planet file > that has: > > [http://skvidal.wordpress.com/feed/] > name = Seth Vidal > face = http://skvidal.fedorapeople.org/skvidal.png > > > which I could read in using configparser, throw out errors about any > duplicates and also balk if someone tries to over [Planet] or something > like that. > > so, I wanted some feedback on what people thought would be the better > choice. I have some more questions about the policy: - is someone allowed to put more than one feed? Like his blog and a foto gallery or his personal blog and the news feed from a local Fedora community site. Of course one can aggregate his own multiple feeds into single one and use that aggregated feed (for example using Google Reader, and we can provide a short documentation about doing so). OTOH, technically one can put more entries in one .planet file and it should be parsed correctly; - I assume you plan a check of those .planet files against malicious use, so they have only the allowed entries (and not, for example, values that override the defaults, like the output directory, template locations or whatever); - not sure if this is worth pursuing, but I found gregdek's idea [1] interesting: use hackergotchis to create a set of stickers. Here is the issue of people wanting/not wanting their images to be used and the license of the submitted images. [1] - http://gregdek.livejournal.com/26387.html -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com From skvidal at fedoraproject.org Fri May 9 12:07:17 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Fri, 09 May 2008 08:07:17 -0400 Subject: user-added planet script In-Reply-To: <4823F2A1.8040603@nicubunu.ro> References: <1210261602.28648.21.camel@cutter> <4823F2A1.8040603@nicubunu.ro> Message-ID: <1210334837.18341.8.camel@cutter> On Fri, 2008-05-09 at 09:43 +0300, Nicu Buculei wrote: > I have some more questions about the policy: what policy? There's no policy. > - is someone allowed to put more than one feed? Like his blog and a foto > gallery or his personal blog and the news feed from a local Fedora > community site. Of course one can aggregate his own multiple feeds into > single one and use that aggregated feed (for example using Google > Reader, and we can provide a short documentation about doing so). OTOH, > technically one can put more entries in one .planet file and it should > be parsed correctly; People are already allowed to have more than one feed entry. Most folks don't, but there's nothing stopping it. And the code I have already handles multiple entries per .planet file. > - I assume you plan a check of those .planet files against malicious > use, so they have only the allowed entries (and not, for example, values > that override the defaults, like the output directory, template > locations or whatever); yes. > > - not sure if this is worth pursuing, but I found gregdek's idea [1] > interesting: use hackergotchis to create a set of stickers. Here is the > issue of people wanting/not wanting their images to be used and the > license of the submitted images. I think we're getting a bit afield of where we started. here's the (completely untested) code I have so far: http://skvidal.fedorapeople.org/misc/planetconfigbuilder.py -sv From ivazqueznet at gmail.com Fri May 9 18:50:27 2008 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Fri, 09 May 2008 14:50:27 -0400 Subject: mod_wsgi vs cherrypy In-Reply-To: References: Message-ID: <1210359027.26278.5.camel@ignacio.lan> On Thu, 2008-05-08 at 11:45 -0500, Mike McGrath wrote: > Thoughts, questions, comments? I think it's time. -- Ignacio Vazquez-Abrams PLEASE don't CC me; I'm already subscribed -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Fri May 9 19:04:28 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Fri, 09 May 2008 15:04:28 -0400 Subject: user-added planet script In-Reply-To: <1210334837.18341.8.camel@cutter> References: <1210261602.28648.21.camel@cutter> <4823F2A1.8040603@nicubunu.ro> <1210334837.18341.8.camel@cutter> Message-ID: <1210359869.18341.11.camel@cutter> On Fri, 2008-05-09 at 08:07 -0400, seth vidal wrote: > here's the (completely untested) code I have so far: > http://skvidal.fedorapeople.org/misc/planetconfigbuilder.py okay, it's tested and works fine, now. I just need to add a few config things and it should be ready for use. -sv From a.badger at gmail.com Fri May 9 20:33:06 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 09 May 2008 13:33:06 -0700 Subject: [Fwd: Cron /var/lib/pgsql/vacstat.py check] Message-ID: <4824B502.8070602@gmail.com> I'd like to take care of this as soon after change freeze as possible. It's the same as last time: Disable the pieces of the cron scripts which vacuum koji's dbs in puppet cvs commit; make install; make push HOSTS=db2 ssh db2 screen time sudo -u postgres vacuumdb -vd koji [wait a few hours for this to finish during which koji is somewhat more sluggish but there's no actual outage.] reenable the pieces of the cron scripts which vacuum koji, commit, install, push. Done. Anyone object to my doing it during the day on Wednesday, May 14th? -Toshio -------- Original Message -------- Subject: Cron /var/lib/pgsql/vacstat.py check Date: Fri, 9 May 2008 13:20:07 GMT From: root at db2.fedora.phx.redhat.com (Cron Daemon) To: postgres at db2.fedora.phx.redhat.com Traceback (most recent call last): File "/var/lib/pgsql/vacstat.py", line 650, in ? Commands[command](opts) File "/var/lib/pgsql/vacstat.py", line 150, in test_all test_transactions(opts) File "/var/lib/pgsql/vacstat.py", line 147, in test_transactions raise XIDOverflowWarning, '\n'.join(overflows) __main__.XIDOverflowWarning: Used over half the transaction ids for koji. Please schedule a vacuum of that entire database soon: sudo -u postgres vacuumdb -zvd koji From mmcgrath at redhat.com Sat May 10 15:00:36 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 10 May 2008 10:00:36 -0500 (CDT) Subject: [Fwd: Cron /var/lib/pgsql/vacstat.py check] In-Reply-To: <4824B502.8070602@gmail.com> References: <4824B502.8070602@gmail.com> Message-ID: On Fri, 9 May 2008, Toshio Kuratomi wrote: > I'd like to take care of this as soon after change freeze as possible. It's > the same as last time: > > Disable the pieces of the cron scripts which vacuum koji's dbs in puppet > cvs commit; make install; make push HOSTS=db2 > ssh db2 > screen > time sudo -u postgres vacuumdb -vd koji > [wait a few hours for this to finish during which koji is somewhat more > sluggish but there's no actual outage.] > reenable the pieces of the cron scripts which vacuum koji, commit, install, > push. > Done. > > Anyone object to my doing it during the day on Wednesday, May 14th? > Nope, have at it. -Mike From Matt_Domsch at dell.com Sun May 11 13:28:29 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 11 May 2008 08:28:29 -0500 Subject: db2 slowness Message-ID: <20080511132829.GA624@auslistsprd01.us.dell.com> Anyone else seeing db2 be pretty slow? Like >20 minutes for the MM publiclist pages to generate (per page!) and the inability to log into the MM admin web interface it's taking so long... This has caused the publiclist and mirrorlists to not be regenerated in about 24 hours. db2 load average is ~9 right now, which doesn't seem nuts... -Matt -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From Matt_Domsch at dell.com Sun May 11 13:40:41 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 11 May 2008 08:40:41 -0500 Subject: db2 slowness In-Reply-To: <20080511132829.GA624@auslistsprd01.us.dell.com> References: <20080511132829.GA624@auslistsprd01.us.dell.com> Message-ID: <20080511134041.GB624@auslistsprd01.us.dell.com> On Sun, May 11, 2008 at 08:28:29AM -0500, Matt Domsch wrote: > Anyone else seeing db2 be pretty slow? Like >20 minutes for the MM > publiclist pages to generate (per page!) and the inability to log into > the MM admin web interface it's taking so long... This has caused the > publiclist and mirrorlists to not be regenerated in about 24 hours. > > db2 load average is ~9 right now, which doesn't seem nuts... It's local to app4. I restarted MM there and things seem to be back to normal. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From Matt_Domsch at dell.com Sun May 11 14:19:23 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 11 May 2008 09:19:23 -0500 Subject: db2 slowness In-Reply-To: <20080511134041.GB624@auslistsprd01.us.dell.com> References: <20080511132829.GA624@auslistsprd01.us.dell.com> <20080511134041.GB624@auslistsprd01.us.dell.com> Message-ID: <20080511141923.GC624@auslistsprd01.us.dell.com> On Sun, May 11, 2008 at 08:40:41AM -0500, Matt Domsch wrote: > On Sun, May 11, 2008 at 08:28:29AM -0500, Matt Domsch wrote: > > Anyone else seeing db2 be pretty slow? Like >20 minutes for the MM > > publiclist pages to generate (per page!) and the inability to log into > > the MM admin web interface it's taking so long... This has caused the > > publiclist and mirrorlists to not be regenerated in about 24 hours. > > > > db2 load average is ~9 right now, which doesn't seem nuts... > > It's local to app4. I restarted MM there and things seem to be back to > normal. Or not really; at 20 minutes into the publiclist pages generation, it's gotten through 2 of the pages... https://fedorahosted.org/fedora-infrastructure/ticket/539 filed. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From a.badger at gmail.com Sun May 11 16:56:49 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Sun, 11 May 2008 09:56:49 -0700 Subject: db2 slowness In-Reply-To: <20080511141923.GC624@auslistsprd01.us.dell.com> References: <20080511132829.GA624@auslistsprd01.us.dell.com> <20080511134041.GB624@auslistsprd01.us.dell.com> <20080511141923.GC624@auslistsprd01.us.dell.com> Message-ID: <48272551.6010305@gmail.com> Matt Domsch wrote: > On Sun, May 11, 2008 at 08:40:41AM -0500, Matt Domsch wrote: >> On Sun, May 11, 2008 at 08:28:29AM -0500, Matt Domsch wrote: >>> Anyone else seeing db2 be pretty slow? Like >20 minutes for the MM >>> publiclist pages to generate (per page!) and the inability to log into >>> the MM admin web interface it's taking so long... This has caused the >>> publiclist and mirrorlists to not be regenerated in about 24 hours. >>> >>> db2 load average is ~9 right now, which doesn't seem nuts... >> It's local to app4. I restarted MM there and things seem to be back to >> normal. > > Or not really; at 20 minutes into the publiclist pages generation, > it's gotten through 2 of the pages... > > https://fedorahosted.org/fedora-infrastructure/ticket/539 > filed. > The db tables look really dirty: mirrormanager=# select * from pgstattuple('host_category_dir'); -[ RECORD 1 ]------+---------- table_len | 733134848 tuple_count | 200905 tuple_len | 17617190 tuple_percent | 2.4 dead_tuple_count | 7408720 dead_tuple_len | 649852556 dead_tuple_percent | 88.64 free_space | 2734892 free_percent | 0.37 The hourly cron job that's vacuuming these tables has to go through three that are very large. And it's still chugging away at this one after most of an hour. I think that the db needs a vacuum full to trim off the 600MB of dead tuples. I'm shutting down the mirrormanager admin interface and doing that to deal with this. Holler if something besides the admin interface breaks because of this. -Toshio From jkeating at redhat.com Mon May 12 14:21:47 2008 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 12 May 2008 10:21:47 -0400 Subject: Change request: add dist-f10-build as a static repo Message-ID: <1210602107.19805.46.camel@localhost.localdomain> When we created the dist-f10 build targets I forgot to create a corresponding static-repo for it. This diff will create one, and allow people who are working on F10 actually be able to populate buildroots from the f10 content and match koji. RCS file: /cvs/puppet/configs/build/update-static-repos.py,v retrieving revision 1.4 diff -u -r1.4 update-static-repos.py --- build/update-static-repos.py 14 Mar 2008 03:17:42 -0000 1.4 +++ build/update-static-repos.py 12 May 2008 14:20:38 -0000 @@ -4,7 +4,7 @@ import sys import koji -TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', 'dist-f9-build', 'dist-rawhide', 'olpc2-trial3', 'olpc2-update1', 'olpc2-ship2') +TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', 'dist-f9-build', 'dist-f10-build', 'dist-rawhide', 'olpc2-trial3', 'olpc2-update1', 'olpc2-ship2') STATICPATH = '/mnt/koji/static-repos' SUFFIX = '-current' -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Mon May 12 14:15:49 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 12 May 2008 09:15:49 -0500 (CDT) Subject: Change request: add dist-f10-build as a static repo In-Reply-To: <1210602107.19805.46.camel@localhost.localdomain> References: <1210602107.19805.46.camel@localhost.localdomain> Message-ID: On Mon, 12 May 2008, Jesse Keating wrote: > When we created the dist-f10 build targets I forgot to create a > corresponding static-repo for it. This diff will create one, and allow > people who are working on F10 actually be able to populate buildroots > from the f10 content and match koji. > > RCS file: /cvs/puppet/configs/build/update-static-repos.py,v > retrieving revision 1.4 > diff -u -r1.4 update-static-repos.py > --- build/update-static-repos.py 14 Mar 2008 03:17:42 -0000 1.4 > +++ build/update-static-repos.py 12 May 2008 14:20:38 -0000 > @@ -4,7 +4,7 @@ > import sys > import koji > > -TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', > 'dist-f9-build', 'dist-rawhide', 'olpc2-trial3', 'olpc2-update1', > 'olpc2-ship2') > +TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', > 'dist-f9-build', 'dist-f10-build', 'dist-rawhide', 'olpc2-trial3', > 'olpc2-update1', 'olpc2-ship2') > STATICPATH = '/mnt/koji/static-repos' > SUFFIX = '-current' > +1 -Mike From dennis at ausil.us Mon May 12 14:30:30 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 12 May 2008 09:30:30 -0500 Subject: Change request: add dist-f10-build as a static repo In-Reply-To: <1210602107.19805.46.camel@localhost.localdomain> References: <1210602107.19805.46.camel@localhost.localdomain> Message-ID: <200805120930.31708.dennis@ausil.us> On Monday 12 May 2008, Jesse Keating wrote: > When we created the dist-f10 build targets I forgot to create a > corresponding static-repo for it. This diff will create one, and allow > people who are working on F10 actually be able to populate buildroots > from the f10 content and match koji. > > RCS file: /cvs/puppet/configs/build/update-static-repos.py,v > retrieving revision 1.4 > diff -u -r1.4 update-static-repos.py > --- build/update-static-repos.py 14 Mar 2008 03:17:42 -0000 1.4 > +++ build/update-static-repos.py 12 May 2008 14:20:38 -0000 > @@ -4,7 +4,7 @@ > import sys > import koji > > -TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', > 'dist-f9-build', 'dist-rawhide', 'olpc2-trial3', 'olpc2-update1', > 'olpc2-ship2') > +TAGS = ('dist-olpc2-build', 'dist-fc7-build', 'dist-f8-build', > 'dist-f9-build', 'dist-f10-build', 'dist-rawhide', 'olpc2-trial3', > 'olpc2-update1', 'olpc2-ship2') > STATICPATH = '/mnt/koji/static-repos' > SUFFIX = '-current' I forgot to add one for dist-olpc3-build when i set it up. can we add it also ? we can drop olpc2-trial3 Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From jkeating at j2solutions.net Mon May 12 14:50:42 2008 From: jkeating at j2solutions.net (Jesse Keating) Date: Mon, 12 May 2008 10:50:42 -0400 Subject: Change request: add dist-f10-build as a static repo In-Reply-To: <200805120930.31708.dennis@ausil.us> References: <1210602107.19805.46.camel@localhost.localdomain> <200805120930.31708.dennis@ausil.us> Message-ID: <1210603842.19805.56.camel@localhost.localdomain> On Mon, 2008-05-12 at 09:30 -0500, Dennis Gilmore wrote: > > I forgot to add one for dist-olpc3-build when i set it up. can we add > it > also ? > we can drop olpc2-trial3 +1 go ahead. I already did my change but you can still get yours in before the cron job hits in 10~ minutes. > -- Jesse Keating RHCE (jkeating.livejournal.com) Fedora Project (fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Mon May 12 15:16:43 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 12 May 2008 10:16:43 -0500 (CDT) Subject: F9 prep Message-ID: So the release is.. well tomorrow. I've got a list of static urls to create. I'm working on getting them up and ready on the proxy servers. This is part of ticket: https://fedorahosted.org/fedora-infrastructure/ticket/528 -Mike From thinklinux.ssh at gmail.com Mon May 12 16:38:09 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 12 May 2008 22:08:09 +0530 Subject: Something strange about mirrormanager!!! Message-ID: When I try this http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/9/Everything/x86_94&country=in (Please note the x86_94 not x86_64) It returns # path = pub/fedora/linux/releases/9/Everything/x86_94 country = IN ftp://mirror.wbut.ac.in/pub/fedora/linux/releases/9/Everything/x86_94 Of course I don't have any such directory :) -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From Matt_Domsch at dell.com Mon May 12 17:00:53 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Mon, 12 May 2008 12:00:53 -0500 Subject: Something strange about mirrormanager!!! In-Reply-To: References: Message-ID: <20080512170053.GE15019@auslistsprd01.us.dell.com> On Mon, May 12, 2008 at 10:08:09PM +0530, susmit shannigrahi wrote: > When I try this > > http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/9/Everything/x86_94&country=in > (Please note the x86_94 not x86_64) > > It returns > > # path = pub/fedora/linux/releases/9/Everything/x86_94 country = IN > ftp://mirror.wbut.ac.in/pub/fedora/linux/releases/9/Everything/x86_94 > > Of course I don't have any such directory :) MM believes your 9/Everything/ directory is up-to-date, including all file contents referred to in there, but the database only tracks your content by directory, not by files in those directories. A user would get directed to this (incorrect) URL from MM, and your server would be expected to return the "file not found" message. MM knows that there is no such directory 9/Everything/x86_94, so it expects you're asking for a file, and lets your side handle the "file not found". -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mastahnke at gmail.com Mon May 12 23:14:21 2008 From: mastahnke at gmail.com (Michael Stahnke) Date: Mon, 12 May 2008 18:14:21 -0500 Subject: db2 slowness In-Reply-To: <48272551.6010305@gmail.com> References: <20080511132829.GA624@auslistsprd01.us.dell.com> <20080511134041.GB624@auslistsprd01.us.dell.com> <20080511141923.GC624@auslistsprd01.us.dell.com> <48272551.6010305@gmail.com> Message-ID: <7874d9dd0805121614u1d57028drf83eb5b75a5c2e95@mail.gmail.com> Would this affect pkgbd also? It's being nice and slow for me today. stahnma From mmcgrath at redhat.com Mon May 12 23:59:48 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 12 May 2008 18:59:48 -0500 (CDT) Subject: db2 slowness In-Reply-To: <7874d9dd0805121614u1d57028drf83eb5b75a5c2e95@mail.gmail.com> References: <20080511132829.GA624@auslistsprd01.us.dell.com> <20080511134041.GB624@auslistsprd01.us.dell.com> <20080511141923.GC624@auslistsprd01.us.dell.com> <48272551.6010305@gmail.com> <7874d9dd0805121614u1d57028drf83eb5b75a5c2e95@mail.gmail.com> Message-ID: On Mon, 12 May 2008, Michael Stahnke wrote: > Would this affect pkgbd also? It's being nice and slow for me today. > It would but its been corrected today and db load is nice and normal. -Mike From kwade at redhat.com Tue May 13 07:17:20 2008 From: kwade at redhat.com (Karsten 'quaid' Wade) Date: Tue, 13 May 2008 00:17:20 -0700 Subject: user-added planet script In-Reply-To: <1210265095.28648.29.camel@cutter> References: <1210261602.28648.21.camel@cutter> <20080508155031.GA31167@nostromo.devel.redhat.com> <1210262238.28648.25.camel@cutter> <48232846.9010909@nicubunu.ro> <1210265095.28648.29.camel@cutter> Message-ID: <1210663040.15603.399.camel@calliope.phig.org> On Thu, 2008-05-08 at 12:44 -0400, seth vidal wrote: > On Thu, 2008-05-08 at 19:20 +0300, Nicu Buculei wrote: > > > Add here probably a "language" for when/if we will have language based > > sub-planets. It is possible to have multiple values, like > > language = english, french > > for the case when someone blogs about half the time in one language and > > half in another? > > > > actually I was thinking of just having different .planet files: > > .planet.fr == planet french > .planet.art = planet art > > etc, etc. > > a simple type of group. +1 ... I like the whole thing, this is a nice level of self-service. - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dev at nigelj.com Tue May 13 11:55:52 2008 From: dev at nigelj.com (Nigel Jones) Date: Tue, 13 May 2008 23:55:52 +1200 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) Message-ID: <482981C8.20905@nigelj.com> Hey guys, I seem to have deleted the nagios notification that I want to mention in particular, but as I noted in SOP/Nagios the %ages noted in the e-mails are what is left, so inode=99% doesn't mean that 99% of the inodes are used, it means 99% are still free. Anyway, what this means, is that when nagios has been complaining about cvs-int recently, in particular the fact that /git has reached WARNING. After a bit of hunting around, I found /repo/pkgs using 168GiB of the 192GiB available, which is understandable, Fedora has got huge. Problem here, is that there are a LOT of old tarballs in that folder, which leaves me wondering if we should do a spring clean ~1 mo after release. Lets take banshee for example, a package which I adopted.... $ ls -l /repo/pkgs/banshee/ total 88 drwxrwsr-x 3 apache repoextras 4096 May 3 2006 banshee-0.10.10.tar.gz drwxrwsr-x 3 apache repoextras 4096 Aug 7 2006 banshee-0.10.11.tar.gz drwxrwsr-x 3 apache repoextras 4096 Aug 24 2006 banshee-0.10.12.tar.gz drwxrwsr-x 3 apache repoextras 4096 Mar 4 2006 banshee-0.10.6.tar.gz drwxrwsr-x 3 apache repoextras 4096 Mar 7 2006 banshee-0.10.7.tar.gz drwxrwsr-x 3 apache repoextras 4096 Mar 14 2006 banshee-0.10.8.tar.gz drwxrwsr-x 3 apache repoextras 4096 Apr 16 2006 banshee-0.10.9.tar.gz drwxrwsr-x 3 apache repoextras 4096 Feb 2 2007 banshee-0.11.5.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Mar 7 2007 banshee-0.12.0.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Apr 5 2007 banshee-0.12.1.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Aug 7 2007 banshee-0.13.0.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Aug 31 2007 banshee-0.13.1.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Jan 14 15:58 banshee-0.13.2.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 Apr 13 01:51 banshee-1-0.98.3.tar.bz2 drwxrwsr-x 3 apache repoextras 4096 May 10 03:41 banshee-1-0.99.1.tar.bz2 $ du -sh /repo/pkgs/banshee/ 26M /repo/pkgs/banshee/ (Approximately 2M/package) At the most there should only be 4 tar balls there (R-2, R-1, R, Rawhide), R-2 only valid for one month after R has released. Another couple of examples: $ du -sh /repo/pkgs/kernel/ 2.6G /repo/pkgs/kernel/ (900ish tarballs dating back to 2004) $ du -sh /repo/pkgs/kdeedu 1.4G /repo/pkgs/kdeedu (48 tarballs from KDE-3.0) With plans such and Hans' plans of creating a 500M vegastrike data SRPM and the size growth and update schedules of some packages we are going to have these nightmares more and more frequently. Two solutions I can think of: Create a script, go thru ALL non dead.package's grab the tarball name from sources.list and basically create a bit of a database of what we are using, scan through /repo/pkgs and either: * Move old tarballs to some archiving system (another use for archive.fp.o?) * Delete old tarballs Or throw more diskspace at cvs-int Even if were to only remove 15% of the tarballs there (this is a very cautious estimate of the number of stale tarballs) we could potentially reach 72% diskspace available on that mount (down from 82%) - note this is very simplistic math, in essence, we could be no better off if we only removed the small stale tarballs :). Diskspace isn't cheap, so I like delete old tarballs, I also like this option because it's not like they disappear completely, they should be in the src.rpm's already on archive.fp.o and if we accidentally delete 1 or 2 that are still needed, well grab it from src.rpm... This leads on to my second item... xenbuilder2 has run out of diskspace in /, it's down to 32M, thankfully koji has disabled it so it's safe for now, but wouldn't it be nice to throw say a 50GB partition dedicated solely for /var/lib/mock & /mnt/build? Yes, yes, I know money, but once again, builds are getting bigger so 'it'd be nice'. Just thought I'd throw these two thoughts into the open, let the discussion begin! From katzj at redhat.com Tue May 13 12:27:14 2008 From: katzj at redhat.com (Jeremy Katz) Date: Tue, 13 May 2008 08:27:14 -0400 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <482981C8.20905@nigelj.com> References: <482981C8.20905@nigelj.com> Message-ID: <1210681634.12036.22.camel@aglarond.local> On Tue, 2008-05-13 at 23:55 +1200, Nigel Jones wrote: > Anyway, what this means, is that when nagios has been complaining about > cvs-int recently, in particular the fact that /git has reached WARNING. > After a bit of hunting around, I found /repo/pkgs using 168GiB of the > 192GiB available, which is understandable, Fedora has got huge. > > Problem here, is that there are a LOT of old tarballs in that folder, > which leaves me wondering if we should do a spring clean ~1 mo after > release. We can't do this. We need to keep the tarballs for packages which were released (in any form, be it rawhide, an update, or the actual release -- and probably even updates-testing) for 3 years to comply with the terms of the GPL. Not to mention that removing them would break any ability to go back and try to bisect or find the source of a problem in an automated fashion. And yes, I've actually had to go back to ancient history to do so in the past with some packages :-/ Jeremy From dev at nigelj.com Tue May 13 12:39:03 2008 From: dev at nigelj.com (Nigel Jones) Date: Wed, 14 May 2008 00:39:03 +1200 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <1210681634.12036.22.camel@aglarond.local> References: <482981C8.20905@nigelj.com> <1210681634.12036.22.camel@aglarond.local> Message-ID: <48298BE7.8070604@nigelj.com> Jeremy Katz wrote: > On Tue, 2008-05-13 at 23:55 +1200, Nigel Jones wrote: > >> Anyway, what this means, is that when nagios has been complaining about >> cvs-int recently, in particular the fact that /git has reached WARNING. >> After a bit of hunting around, I found /repo/pkgs using 168GiB of the >> 192GiB available, which is understandable, Fedora has got huge. >> >> Problem here, is that there are a LOT of old tarballs in that folder, >> which leaves me wondering if we should do a spring clean ~1 mo after >> release. >> > > We can't do this. We need to keep the tarballs for packages which were > released (in any form, be it rawhide, an update, or the actual release > -- and probably even updates-testing) for 3 years to comply with the > terms of the GPL. > > Not to mention that removing them would break any ability to go back and > try to bisect or find the source of a problem in an automated fashion. > And yes, I've actually had to go back to ancient history to do so in the > past with some packages :-/ > We were just discussing this on #fedora-admin, the other alternative would be (as I mentioned) move them to some sort of publically available archive storage setup, with the Makefile pointing towards that instead of where we normally point. Anyway, I'm just trying to kick the ball about, I'm sure there is a miracle solution but imo at the very least it'd be somewhat nice to unladen cvs-int of some of the burden. - Nigel From katzj at redhat.com Tue May 13 12:54:29 2008 From: katzj at redhat.com (Jeremy Katz) Date: Tue, 13 May 2008 08:54:29 -0400 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <48298BE7.8070604@nigelj.com> References: <482981C8.20905@nigelj.com> <1210681634.12036.22.camel@aglarond.local> <48298BE7.8070604@nigelj.com> Message-ID: <1210683269.12036.29.camel@aglarond.local> On Wed, 2008-05-14 at 00:39 +1200, Nigel Jones wrote: > Jeremy Katz wrote: > > On Tue, 2008-05-13 at 23:55 +1200, Nigel Jones wrote: > >> Anyway, what this means, is that when nagios has been complaining about > >> cvs-int recently, in particular the fact that /git has reached WARNING. > >> After a bit of hunting around, I found /repo/pkgs using 168GiB of the > >> 192GiB available, which is understandable, Fedora has got huge. > >> > >> Problem here, is that there are a LOT of old tarballs in that folder, > >> which leaves me wondering if we should do a spring clean ~1 mo after > >> release. > >> > > > > We can't do this. We need to keep the tarballs for packages which were > > released (in any form, be it rawhide, an update, or the actual release > > -- and probably even updates-testing) for 3 years to comply with the > > terms of the GPL. > > > > Not to mention that removing them would break any ability to go back and > > try to bisect or find the source of a problem in an automated fashion. > > And yes, I've actually had to go back to ancient history to do so in the > > past with some packages :-/ > > > We were just discussing this on #fedora-admin, the other alternative > would be (as I mentioned) move them to some sort of publically available > archive storage setup, with the Makefile pointing towards that instead > of where we normally point. If we're going to do that, we might as well use that for the tarball repo always and not have it special cased for old vs not. At which point, the "easy" answer is just to nfs mount that storage as /repo/pkgs :) In fact, maybe that is the easy answer -- maybe we should just allocate some of the space off of nfs1. We're at below 200G of usage for /repo/pkgs -- if we allocated half a terabyte, it wouldn't be that big of a hit to what's available to koji and it would give us quite a bit of room to grow for /repo/pkgs. Jeremy From dev at nigelj.com Tue May 13 13:25:11 2008 From: dev at nigelj.com (Nigel Jones) Date: Wed, 14 May 2008 01:25:11 +1200 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <1210683269.12036.29.camel@aglarond.local> References: <482981C8.20905@nigelj.com> <1210681634.12036.22.camel@aglarond.local> <48298BE7.8070604@nigelj.com> <1210683269.12036.29.camel@aglarond.local> Message-ID: <482996B7.9030803@nigelj.com> Jeremy Katz wrote: > On Wed, 2008-05-14 at 00:39 +1200, Nigel Jones wrote: > >> Jeremy Katz wrote: >> >>> On Tue, 2008-05-13 at 23:55 +1200, Nigel Jones wrote: >>> >>>> Anyway, what this means, is that when nagios has been complaining about >>>> cvs-int recently, in particular the fact that /git has reached WARNING. >>>> After a bit of hunting around, I found /repo/pkgs using 168GiB of the >>>> 192GiB available, which is understandable, Fedora has got huge. >>>> >>>> Problem here, is that there are a LOT of old tarballs in that folder, >>>> which leaves me wondering if we should do a spring clean ~1 mo after >>>> release. >>>> >>>> >>> We can't do this. We need to keep the tarballs for packages which were >>> released (in any form, be it rawhide, an update, or the actual release >>> -- and probably even updates-testing) for 3 years to comply with the >>> terms of the GPL. >>> >>> Not to mention that removing them would break any ability to go back and >>> try to bisect or find the source of a problem in an automated fashion. >>> And yes, I've actually had to go back to ancient history to do so in the >>> past with some packages :-/ >>> >>> >> We were just discussing this on #fedora-admin, the other alternative >> would be (as I mentioned) move them to some sort of publically available >> archive storage setup, with the Makefile pointing towards that instead >> of where we normally point. >> > > If we're going to do that, we might as well use that for the tarball > repo always and not have it special cased for old vs not. At which > point, the "easy" answer is just to nfs mount that storage > as /repo/pkgs :) > > In fact, maybe that is the easy answer -- maybe we should just allocate > some of the space off of nfs1. We're at below 200G of usage > for /repo/pkgs -- if we allocated half a terabyte, it wouldn't be that > big of a hit to what's available to koji and it would give us quite a > bit of room to grow for /repo/pkgs. > You know, that's quite sane and I really like that idea. :) - Nigel From dennis at ausil.us Tue May 13 13:58:28 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 13 May 2008 08:58:28 -0500 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <482981C8.20905@nigelj.com> References: <482981C8.20905@nigelj.com> Message-ID: <200805130858.35262.dennis@ausil.us> On Tuesday 13 May 2008, Nigel Jones wrote: > Hey guys, > > I seem to have deleted the nagios notification that I want to mention in > particular, but as I noted in SOP/Nagios the %ages noted in the e-mails > are what is left, so inode=99% doesn't mean that 99% of the inodes are > used, it means 99% are still free. > > Anyway, what this means, is that when nagios has been complaining about > cvs-int recently, in particular the fact that /git has reached WARNING. > After a bit of hunting around, I found /repo/pkgs using 168GiB of the > 192GiB available, which is understandable, Fedora has got huge. > > Problem here, is that there are a LOT of old tarballs in that folder, > which leaves me wondering if we should do a spring clean ~1 mo after > release. We already have plans to move the lookaside cache to the netapp. at least that was the last plan i was aware of. > Diskspace isn't cheap, so I like delete old tarballs, I also like this > option because it's not like they disappear completely, they should be > in the src.rpm's already on archive.fp.o and if we accidentally delete 1 > or 2 that are still needed, well grab it from src.rpm... > > This leads on to my second item... > > xenbuilder2 has run out of diskspace in /, it's down to 32M, thankfully > koji has disabled it so it's safe for now, but wouldn't it be nice to > throw say a 50GB partition dedicated solely for /var/lib/mock & > /mnt/build? Yes, yes, I know money, but once again, builds are getting > bigger so 'it'd be nice'. xenbuilder1 and hammer2 are the oldest boxes we have in the buildsystem. closely followed by ppc1 xenbuilder2 is also quite an old box now. im cleaning up /var/lib/mock on xenbuilder2 now. failed builds dont get cleaned up automatically. we probably should reap them more often. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From notting at redhat.com Tue May 13 13:03:37 2008 From: notting at redhat.com (Bill Nottingham) Date: Tue, 13 May 2008 09:03:37 -0400 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <482981C8.20905@nigelj.com> References: <482981C8.20905@nigelj.com> Message-ID: <20080513130337.GA32650@nostromo.devel.redhat.com> Nigel Jones (dev at nigelj.com) said: > Problem here, is that there are a LOT of old tarballs in that folder, which > leaves me wondering if we should do a spring clean ~1 mo after release. Until we get something like correspondingsource up and running, we don't have a good mechanism for weeding out only the tarballs that correspond to builds that were not/are not shipped. Bill From mikeb at redhat.com Tue May 13 14:27:03 2008 From: mikeb at redhat.com (Mike Bonnet) Date: Tue, 13 May 2008 10:27:03 -0400 Subject: Disk Space Issues - cvs-int/build hosts - (includes general note on Nagios Disk notifications) In-Reply-To: <200805130858.35262.dennis@ausil.us> References: <482981C8.20905@nigelj.com> <200805130858.35262.dennis@ausil.us> Message-ID: <1210688823.6926.5.camel@burren.bos.redhat.com> On Tue, 2008-05-13 at 08:58 -0500, Dennis Gilmore wrote: > On Tuesday 13 May 2008, Nigel Jones wrote: > > Hey guys, > > > > I seem to have deleted the nagios notification that I want to mention in > > particular, but as I noted in SOP/Nagios the %ages noted in the e-mails > > are what is left, so inode=99% doesn't mean that 99% of the inodes are > > used, it means 99% are still free. > > > > Anyway, what this means, is that when nagios has been complaining about > > cvs-int recently, in particular the fact that /git has reached WARNING. > > After a bit of hunting around, I found /repo/pkgs using 168GiB of the > > 192GiB available, which is understandable, Fedora has got huge. > > > > Problem here, is that there are a LOT of old tarballs in that folder, > > which leaves me wondering if we should do a spring clean ~1 mo after > > release. > > > We already have plans to move the lookaside cache to the netapp. at least > that was the last plan i was aware of. > > > Diskspace isn't cheap, so I like delete old tarballs, I also like this > > option because it's not like they disappear completely, they should be > > in the src.rpm's already on archive.fp.o and if we accidentally delete 1 > > or 2 that are still needed, well grab it from src.rpm... > > > > This leads on to my second item... > > > > xenbuilder2 has run out of diskspace in /, it's down to 32M, thankfully > > koji has disabled it so it's safe for now, but wouldn't it be nice to > > throw say a 50GB partition dedicated solely for /var/lib/mock & > > /mnt/build? Yes, yes, I know money, but once again, builds are getting > > bigger so 'it'd be nice'. > > xenbuilder1 and hammer2 are the oldest boxes we have in the buildsystem. > closely followed by ppc1 xenbuilder2 is also quite an old box now. im > cleaning up /var/lib/mock on xenbuilder2 now. failed builds dont get cleaned > up automatically. we probably should reap them more often. Buildroots for failed Koji builds do get cleaned up after 4 hours (to give someone time to diagnose the problem if desired). However, xenbuilder2 is also running plague, which never cleans up buildroots as far as I know. From a.badger at gmail.com Wed May 14 01:15:56 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 13 May 2008 18:15:56 -0700 Subject: Change Request/Notification: FAS server problems Message-ID: <482A3D4C.5010509@gmail.com> I just noticed that fas was having issues and found that fas was using over a GB of memory on fas2.fedora.phx.redhat.com. No problem, I restarted fas and expected everything to be fine. 14 minutes later, memory was over a GB again. Another restart took care of the problem but I looked at the logs to see what's going on. Apparently FAS is busy enough now that it's running into the database connection limit we impose via SQLAlchemy and then requests are backing up, causing the memory explosion. Since FAS is far and away our busiest TG app I'm bumping the limits up so that we don't keep losing FAs service: sqlalchemy.connection_pool 5 => 10 sqlalchemy.max_overflow 21 => 25 The connection_pool is the number of db connections each fas server will hold open. Since it's busy, it makes sense to hold open more connections. connection_pool + max_overflow = the total number of connections that can be open when there's a lot of requests. I've made these changes and pushed them live since it's causing FAS to timeout and throw errors (which affects other services which auth through fas as well.) -Toshio From mmcgrath at redhat.com Wed May 14 13:21:01 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 14 May 2008 08:21:01 -0500 (CDT) Subject: nagios / nagios plugins maintainer? Message-ID: Anyone on this list interested in helping me co-maintain nagios and nagios plugins? -Mike From koikonom at gmail.com Wed May 14 13:41:00 2008 From: koikonom at gmail.com (Kyriakos Oikonomakos) Date: Wed, 14 May 2008 16:41:00 +0300 Subject: nagios / nagios plugins maintainer? In-Reply-To: References: Message-ID: <163ee4b40805140641u2b7734d1lb9e3a2e808e7a873@mail.gmail.com> What's involved with that? On Wed, May 14, 2008 at 4:21 PM, Mike McGrath wrote: > Anyone on this list interested in helping me co-maintain nagios and nagios > plugins? > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From mmcgrath at redhat.com Wed May 14 13:49:40 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 14 May 2008 08:49:40 -0500 (CDT) Subject: puppet upgrades Message-ID: The change freeze is done, I'm going to do the puppet upgrade today. it may be unreliable until I get done. -Mike From mmcgrath at redhat.com Wed May 14 13:53:32 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 14 May 2008 08:53:32 -0500 (CDT) Subject: nagios / nagios plugins maintainer? In-Reply-To: <163ee4b40805140641u2b7734d1lb9e3a2e808e7a873@mail.gmail.com> References: <163ee4b40805140641u2b7734d1lb9e3a2e808e7a873@mail.gmail.com> Message-ID: On Wed, 14 May 2008, Kyriakos Oikonomakos wrote: > What's involved with that? > If you're not already a package maintainer its probably not for you. nagios-plugins in particular is a pretty big spec file but if you do already maintain a package it means helping out with maintaining it. I've actually already had one volunteer ping me in #fedora-admin. -Mike From a.badger at gmail.com Wed May 14 16:06:24 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 14 May 2008 09:06:24 -0700 Subject: [Fwd: Tosca widgets, only half the battle] Message-ID: <482B0E00.5030705@gmail.com> Forwarding to fedora-infrastructure-list soit canget more exposure and discussion. -------- Original Message -------- Subject: Tosca widgets, only half the battle Date: Sun, 11 May 2008 12:27:36 -0400 From: John (J5) Palmieri To: Toshio Kuratomi CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com After hacking away at MyFedora and producing a lot of ugly code in the process I finally sat down the last two weeks to organize everything into a framework make it much more extensible and have patterns for people to easily create content. Most of the technologies are solidifying into my head and I have been working on hashing out an API design behind the user interaction design I had started with. The issue I am running into now is the fact that Turbo Gears and related technology come from a monolithic design and adhere too stringently to the Model/View/Controller design pattern. This is really an issue when your models, views and controllers can come from different applications or even different servers. MyFedora is of course a mashup of different tools and does not fit the, I'm grabbing data from a single database and displaying it via a self contained template, mold. What I need is a complete plugin system where a person can write their own self contained controllers, templates and static files which then drop in and are loaded on the fly, while integrating with the global project. Before I go further let me describe my design. Vocabulary: Resource - This is the starting point for MyFedora plugins. A resource is any abstract grouping such as "packages", "people" and "projects" which contain tools for viewing and manipulating data within the resource's context. Tools - A tool is a web app for viewing or manipulating data. For example Builds would be a tool for the package resource. Data Id - The data id is a pointer to a specific dataset the tools work on. For example the package resource considers each fedora package name to be a data_id. The way things work are Resources are placed in the resources/ directory and contain the logic for routing requests to a specific tool. They also contain the master template which is a cause of path problems with the current TG setup (include paths are relative to the including template) Tools are placed in the tools/ directory and are controllers just like any other TG controller. The exception is there is a standard for including the master template and the tool pulls templates and static files from its own directory. Tools can register with more than one resource and must modify its behavior based on the resource calling it. For instance the Build tool would be able to register with the package and people resource and depending which resource is being used it would display either a specific person's builds or the build history of a package. Based on the resource being used the master template is pulled in by the tool's templates. Data id's are simply what the resource passes to the tool and the tool needs to be able to accept when dealing with a particular resource. For instance the Packages resource would send a package name as a data id and the Peoples resource would send a person's FAS username. The issue here is I need the tools to be self contained but still integrate correctly with the global assests such as master templates and graphics. Tosca widgets seemed to be the answer until I looked further and found out they are just a higher level display layer than a self contained controller/template system. It seems to be confusing because it breaks the connection between the controller, data and the display when I want that all to be encapsulated. Basically I don't want the master page dolling out the data because the master page is just a container to display the tool and links to other tools. The tools should know where to get their data from. One solution is to use ToscaWidgets as a replacement for templates (or more apt another layer between the controller and the template). That makes things more complicated and throws away a lot of the concepts of TG controllers. I guess I am probably just hung up on how I first learned TG and we can just document around those issues. But another thing to think about is stuff like WSGI. What do you guys think? Given my design and goals such as the ability to display tools on the portal page, what is our plan of attack? How do we concoct a plugin system to make it easy for others to create integrated content while really just concentrating on their bits and not the wider integration infrastructure? Are there systems/libraries out there that already do this? Tosca is only part of the solution because it only deals with encapsulating display and is mostly geared to generic widgets like lists and not complete pages. I would like to have a framework that is simple, focused and easy to use. -- John (J5) Palmieri From mmcgrath at redhat.com Wed May 14 16:03:38 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 14 May 2008 11:03:38 -0500 (CDT) Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <482B0E00.5030705@gmail.com> References: <482B0E00.5030705@gmail.com> Message-ID: > Forwarding to fedora-infrastructure-list soit canget more exposure and > discussion. > > -------- Original Message -------- > Subject: Tosca widgets, only half the battle > Date: Sun, 11 May 2008 12:27:36 -0400 > From: John (J5) Palmieri > To: Toshio Kuratomi > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > After hacking away at MyFedora and producing a lot of ugly code in the > process I finally sat down the last two weeks to organize everything > into a framework make it much more extensible and have patterns for > people to easily create content. Most of the technologies are > solidifying into my head and I have been working on hashing out an API > design behind the user interaction design I had started with. The issue > I am running into now is the fact that Turbo Gears and related > technology come from a monolithic design and adhere too stringently to > the Model/View/Controller design pattern. This is really an issue when > your models, views and controllers can come from different applications > or even different servers. MyFedora is of course a mashup of different > tools and does not fit the, I'm grabbing data from a single database and > displaying it via a self contained template, mold. What I need is a > complete plugin system where a person can write their own self contained > controllers, templates and static files which then drop in and are > loaded on the fly, while integrating with the global project. > Do we want the myfedora app to be coded in such a way that it works with lots of technologies? or do we want to define a standard that the technologies can implement to make it work with myfedora? -Mike From lmacken at redhat.com Wed May 14 16:39:57 2008 From: lmacken at redhat.com (Luke Macken) Date: Wed, 14 May 2008 12:39:57 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <482B0E00.5030705@gmail.com> References: <482B0E00.5030705@gmail.com> Message-ID: <20080514163957.GA11441@x300> On Wed, May 14, 2008 at 09:06:24AM -0700, Toshio Kuratomi wrote: > Forwarding to fedora-infrastructure-list soit canget more exposure and > discussion. > > -------- Original Message -------- > Subject: Tosca widgets, only half the battle > Date: Sun, 11 May 2008 12:27:36 -0400 > From: John (J5) Palmieri > To: Toshio Kuratomi > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > After hacking away at MyFedora and producing a lot of ugly code in the > process I finally sat down the last two weeks to organize everything > into a framework make it much more extensible and have patterns for > people to easily create content. Most of the technologies are > solidifying into my head and I have been working on hashing out an API > design behind the user interaction design I had started with. The issue > I am running into now is the fact that Turbo Gears and related > technology come from a monolithic design and adhere too stringently to > the Model/View/Controller design pattern. This is really an issue when > your models, views and controllers can come from different applications > or even different servers. MyFedora is of course a mashup of different > tools and does not fit the, I'm grabbing data from a single database and > displaying it via a self contained template, mold. What I need is a > complete plugin system where a person can write their own self contained > controllers, templates and static files which then drop in and are > loaded on the fly, while integrating with the global project. > > Before I go further let me describe my design. > > Vocabulary: > > Resource - This is the starting point for MyFedora plugins. A resource > is any abstract grouping such as "packages", "people" and "projects" > which contain tools for viewing and manipulating data within the > resource's context. > > Tools - A tool is a web app for viewing or manipulating data. For > example Builds would be a tool for the package resource. > > Data Id - The data id is a pointer to a specific dataset the tools work > on. For example the package resource considers each fedora package name > to be a data_id. > > The way things work are Resources are placed in the resources/ directory > and contain the logic for routing requests to a specific tool. They > also contain the master template which is a cause of path problems with > the current TG setup (include paths are relative to the including > template) > > Tools are placed in the tools/ directory and are controllers just like > any other TG controller. The exception is there is a standard for > including the master template and the tool pulls templates and static > files from its own directory. Tools can register with more than one > resource and must modify its behavior based on the resource calling it. > For instance the Build tool would be able to register with the package > and people resource and depending which resource is being used it would > display either a specific person's builds or the build history of a > package. Based on the resource being used the master template is pulled > in by the tool's templates. > > Data id's are simply what the resource passes to the tool and the tool > needs to be able to accept when dealing with a particular resource. For > instance the Packages resource would send a package name as a data id > and the Peoples resource would send a person's FAS username. > > The issue here is I need the tools to be self contained but still > integrate correctly with the global assests such as master templates and > graphics. Tosca widgets seemed to be the answer until I looked further > and found out they are just a higher level display layer than a self > contained controller/template system. It seems to be confusing because > it breaks the connection between the controller, data and the display > when I want that all to be encapsulated. Basically I don't want the > master page dolling out the data because the master page is just a > container to display the tool and links to other tools. The tools > should know where to get their data from. > > One solution is to use ToscaWidgets as a replacement for templates (or > more apt another layer between the controller and the template). That > makes things more complicated and throws away a lot of the concepts of > TG controllers. I guess I am probably just hung up on how I first > learned TG and we can just document around those issues. But another > thing to think about is stuff like WSGI. > > What do you guys think? Given my design and goals such as the ability to > display tools on the portal page, what is our plan of attack? How do we > concoct a plugin system to make it easy for others to create integrated > content while really just concentrating on their bits and not the wider > integration infrastructure? Are there systems/libraries out there that > already do this? Tosca is only part of the solution because it only > deals with encapsulating display and is mostly geared to generic widgets > like lists and not complete pages. I would like to have a framework > that is simple, focused and easy to use. You mention that you're running into issues with TurboGears v1.0's "monolithic design", which makes various assumptions about how your application is going to be implemented. I agree that this may not be ideal for the MyFedora environment, which is why I think basing this on TurboGears v2.0 is the way to go. Being built on top of Pylons, which does not make these strict assumptions, it will allow us to have much more control over how our application stack is structured. Since TG2/Pylons leverages the WSGI standard (which we are starting to adopt in our infrastructure deployment already), it will allow us to change any part of our own stack at any time, without taking apart the whole framework. If we treat resources as WSGI applications/middleware, it will make it trivial to plug these into our framework, package them, and develop them in isolation. ToscaWidgets is extremely useful, but not at this low of a level in our framework design. I think that TW will be great for the high-level re-usable widgets that can potentially use various MyFedora resources/tools, but for core MyFedora resources, I think basing them on top of the WSGI standard will be the most flexible solution. luke From lmacken at redhat.com Wed May 14 16:41:43 2008 From: lmacken at redhat.com (Luke Macken) Date: Wed, 14 May 2008 12:41:43 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: References: <482B0E00.5030705@gmail.com> Message-ID: <20080514164143.GB11441@x300> On Wed, May 14, 2008 at 11:03:38AM -0500, Mike McGrath wrote: > > > Forwarding to fedora-infrastructure-list soit canget more exposure and > > discussion. > > > > -------- Original Message -------- > > Subject: Tosca widgets, only half the battle > > Date: Sun, 11 May 2008 12:27:36 -0400 > > From: John (J5) Palmieri > > To: Toshio Kuratomi > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > process I finally sat down the last two weeks to organize everything > > into a framework make it much more extensible and have patterns for > > people to easily create content. Most of the technologies are > > solidifying into my head and I have been working on hashing out an API > > design behind the user interaction design I had started with. The issue > > I am running into now is the fact that Turbo Gears and related > > technology come from a monolithic design and adhere too stringently to > > the Model/View/Controller design pattern. This is really an issue when > > your models, views and controllers can come from different applications > > or even different servers. MyFedora is of course a mashup of different > > tools and does not fit the, I'm grabbing data from a single database and > > displaying it via a self contained template, mold. What I need is a > > complete plugin system where a person can write their own self contained > > controllers, templates and static files which then drop in and are > > loaded on the fly, while integrating with the global project. > > > > Do we want the myfedora app to be coded in such a way that it works with > lots of technologies? or do we want to define a standard that the > technologies can implement to make it work with myfedora? I'd like to see us re-use and be compatible with as many existing technologies and standards as possible. I don't necessarily see any value in re-inventing our own. That is, unless we have a sound reason to? luke From a.badger at gmail.com Wed May 14 17:40:37 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 14 May 2008 10:40:37 -0700 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <482B0E00.5030705@gmail.com> References: <482B0E00.5030705@gmail.com> Message-ID: <482B2415.1050807@gmail.com> > > After hacking away at MyFedora and producing a lot of ugly code in the > process I finally sat down the last two weeks to organize everything > into a framework make it much more extensible and have patterns for > people to easily create content. Most of the technologies are > solidifying into my head and I have been working on hashing out an API > design behind the user interaction design I had started with. The issue > I am running into now is the fact that Turbo Gears and related > technology come from a monolithic design and adhere too stringently to > the Model/View/Controller design pattern. This is really an issue when > your models, views and controllers can come from different applications > or even different servers. MyFedora is of course a mashup of different > tools and does not fit the, I'm grabbing data from a single database and > displaying it via a self contained template, mold. What I need is a > complete plugin system where a person can write their own self contained > controllers, templates and static files which then drop in and are > loaded on the fly, while integrating with the global project. > FAS2 is at a similar stage. We want other people to be able to use FAS2. So we want to pull Fedora specific portions into a plugin architecture. We've started using setuptools entry-points since that's the plugin architecture that TurboGears already uses but that only solves how to load the modules, I think we got templates to work after a bit of hacking but I'd have to revisit the code. Getting the model to work is the big sticking point as the model means either: 1) A new db and a new set of db connections 2) Somehow merging the plugin's model with the main apps model. In myfedora, you might be able to use setuptools entry-points to better effect since you're operating largely without a model. If the plugins don't have to save state or can save very minimal state into a generic configs table you should be able to use entry-points to load up the code. > Before I go further let me describe my design. > > Vocabulary: > > Resource - This is the starting point for MyFedora plugins. A resource > is any abstract grouping such as "packages", "people" and "projects" > which contain tools for viewing and manipulating data within the > resource's context. > > Tools - A tool is a web app for viewing or manipulating data. For > example Builds would be a tool for the package resource. > > Data Id - The data id is a pointer to a specific dataset the tools work > on. For example the package resource considers each fedora package name > to be a data_id. > > The way things work are Resources are placed in the resources/ directory > and contain the logic for routing requests to a specific tool. They > also contain the master template which is a cause of path problems with > the current TG setup (include paths are relative to the including > template) > This is how we fixed that in fas:: > Tools are placed in the tools/ directory and are controllers just like > any other TG controller. The exception is there is a standard for > including the master template and the tool pulls templates and static > files from its own directory. Tools can register with more than one > resource and must modify its behavior based on the resource calling it. > For instance the Build tool would be able to register with the package > and people resource and depending which resource is being used it would > display either a specific person's builds or the build history of a > package. Based on the resource being used the master template is pulled > in by the tool's templates. > That's pretty nifty. > Data id's are simply what the resource passes to the tool and the tool > needs to be able to accept when dealing with a particular resource. For > instance the Packages resource would send a package name as a data id > and the Peoples resource would send a person's FAS username. > An aside: It sounds like we'd want to implement some sort of global cache at some point. If we always start from the data_ids there's a lot of data to be pulled in each request. And if tools are using similar pieces of information but displaying it differently (for instance, when using a tool in a different resource) we'd definitely see reuse of the data. > The issue here is I need the tools to be self contained but still > integrate correctly with the global assests such as master templates and > graphics. Tosca widgets seemed to be the answer until I looked further > and found out they are just a higher level display layer than a self > contained controller/template system. It seems to be confusing because > it breaks the connection between the controller, data and the display > when I want that all to be encapsulated. Basically I don't want the > master page dolling out the data because the master page is just a > container to display the tool and links to other tools. The tools > should know where to get their data from. > You need plugins, not widgets for what you want to do. > One solution is to use ToscaWidgets as a replacement for templates (or > more apt another layer between the controller and the template). That > makes things more complicated and throws away a lot of the concepts of > TG controllers. I guess I am probably just hung up on how I first > learned TG and we can just document around those issues. But another > thing to think about is stuff like WSGI. > I think we think similarly here that ToscaWidgets isn't the ideal solution for this problem. > What do you guys think? Given my design and goals such as the ability to > display tools on the portal page, what is our plan of attack? How do we > concoct a plugin system to make it easy for others to create integrated > content while really just concentrating on their bits and not the wider > integration infrastructure? Are there systems/libraries out there that > already do this? Tosca is only part of the solution because it only > deals with encapsulating display and is mostly geared to generic widgets > like lists and not complete pages. I would like to have a framework > that is simple, focused and easy to use. > I suppose part of the question is who do we want to be building these plugins for MyFedora? If it's the author of the app providing the data then it should be something that their app can also use. If it's MyFedora developers, then it should be easy for them to create a new controller and setup a plugin. We might want to write a small script that makes a sample plugin directory like tg-admin quickstart does for the main app. Take a look at how fas does things: fas/plugins/dummy_plugin. That should pretty much be a self-contained plugin using setuptools entrypoints to do its dirty work. -Toshio From jkeating at redhat.com Wed May 14 17:50:26 2008 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 14 May 2008 13:50:26 -0400 Subject: Rolling out kojipkgs url for koji repodata Message-ID: <1210787426.3170.140.camel@localhost.localdomain> In order to reduce the load on the koji hub, we've recently brought up a new http host that serves out the /mnt/koji/packages/ content. Currently when koji builders build repodata they hard code the baseurl of 'http://koji.fedoraproject.org/packages'. This means that every builder and every static-repo user will hit the hub to download packages. Instead we'd like them to hit the new host, kojipkgs. A simple change to kojid.conf files on the builders will make the new baseurl be 'http://kojipkgs.fedoraproject.org/packages'. Any repodata made after that change (and builder restart) will have the new url. The old url will continue to work for the old repodata, but the amount of systems hitting it should reduce over time. I'm ready to commit the change to puppet, and once we're sure a puppet run has gone through and updated the files I can start a rolling restart of the builders. The process would look like this: 1) koji disable-host 2) as each host finishes it's current task, log in and restart the kojid service. 3) koji enable-host The final step would be to watch for a newRepo task and verify that the generated repodata has the correct url, and that said repodata is usable by builders and by consumers of static-repos. If there is a failure the rollback plan would be much like above, only including a rollback to the previous URL listed in kojid configs. Is there any objection to me committing the puppet change, making it live and starting on the rolling process? There should be no overall outage to send mail about, service will remain uninterrupted. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Wed May 14 18:02:30 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 14 May 2008 13:02:30 -0500 (CDT) Subject: Rolling out kojipkgs url for koji repodata In-Reply-To: <1210787426.3170.140.camel@localhost.localdomain> References: <1210787426.3170.140.camel@localhost.localdomain> Message-ID: On Wed, 14 May 2008, Jesse Keating wrote: > In order to reduce the load on the koji hub, we've recently brought up a > new http host that serves out the /mnt/koji/packages/ content. > Currently when koji builders build repodata they hard code the baseurl > of 'http://koji.fedoraproject.org/packages'. This means that every > builder and every static-repo user will hit the hub to download > packages. Instead we'd like them to hit the new host, kojipkgs. A > simple change to kojid.conf files on the builders will make the new > baseurl be 'http://kojipkgs.fedoraproject.org/packages'. Any repodata > made after that change (and builder restart) will have the new url. The > old url will continue to work for the old repodata, but the amount of > systems hitting it should reduce over time. > I'm also hoping to implement some caching there as well to reduce load on /mnt/koji > I'm ready to commit the change to puppet, and once we're sure a puppet > run has gone through and updated the files I can start a rolling restart > of the builders. The process would look like this: > > 1) koji disable-host > 2) as each host finishes it's current task, log in and restart the kojid > service. > 3) koji enable-host > > The final step would be to watch for a newRepo task and verify that the > generated repodata has the correct url, and that said repodata is usable > by builders and by consumers of static-repos. If there is a failure the > rollback plan would be much like above, only including a rollback to the > previous URL listed in kojid configs. > > Is there any objection to me committing the puppet change, making it > live and starting on the rolling process? There should be no overall > outage to send mail about, service will remain uninterrupted. Works for me. If you need anything just ping :) -Mike From thinklinux.ssh at gmail.com Wed May 14 20:06:39 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 01:36:39 +0530 Subject: A problem with Indian mirrors and mirrormanager. Message-ID: Hi, As you well know, here at India we are having low bandwidth mirrors. To keep up the QoS, we need to restrict our number of connections. I myself operate on ftp and usually, the limit is set to 45 concurrent connections. Now as mirrormanager automatically redirects the clicks at the "get-fedora" link, the requests from India usually get routed to these two mirrors. As they are always operate at their limit, the user eventually gets a response "error 421: too many connected users". This usually happens over and over. So, what can we do to redirect the requests to the next server in the queue _if_ we are full? Any suggestion? -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From jkeating at redhat.com Wed May 14 20:15:47 2008 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 14 May 2008 16:15:47 -0400 Subject: Rolling out kojipkgs url for koji repodata In-Reply-To: References: <1210787426.3170.140.camel@localhost.localdomain> Message-ID: <1210796147.3170.153.camel@localhost.localdomain> On Wed, 2008-05-14 at 13:02 -0500, Mike McGrath wrote: > Works for me. If you need anything just ping :) The change has been made and made active on all the builders. New repodata has been created with the new baseurl and we're about to see our first build make use of that repodata. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From Matt_Domsch at dell.com Wed May 14 20:19:09 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Wed, 14 May 2008 15:19:09 -0500 Subject: A problem with Indian mirrors and mirrormanager. In-Reply-To: References: Message-ID: <20080514201909.GA22348@auslistsprd01.us.dell.com> On Thu, May 15, 2008 at 01:36:39AM +0530, susmit shannigrahi wrote: > Hi, > > As you well know, here at India we are having low bandwidth mirrors. > To keep up the QoS, we need to restrict our number of connections. > > I myself operate on ftp and usually, the limit is set to 45 concurrent > connections. > > Now as mirrormanager automatically redirects the clicks at the > "get-fedora" link, > the requests from India usually get routed to these two mirrors. > > As they are always operate at their limit, the user eventually gets a > response "error 421: too many connected users". > This usually happens over and over. > > So, what can we do to redirect the requests to the next server in the > queue _if_ we are full? Yum will do the right thing; the 421 error is considered fatal for that mirror, and on they go to the next mirror on the list. For India, it will return the mirrors on the continent, not just those in the country, most of the time (until you have more then 3 mirrors). As for links from get-fedora, those are handled with straight HTTP 301 redirects, to which you are responding with a 421, so yes, the user sees that 421. That's a shame. I don't know how to prevent this, aside from the redirector first doing a HTTP HEAD to the URL itself, catching the response, and if 200, sending the redirect to the user. That still doesn't guarantee that they get a good response though - you could give the redirector a 200, but the user a 421 on their request... -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From angel.fedora at gmail.com Thu May 15 03:48:00 2008 From: angel.fedora at gmail.com (Angel) Date: Thu, 15 May 2008 09:48:00 +0600 Subject: Fedora 9 Sulpher: First Impression Message-ID: Hi, Just released Fedora 9 Sulpher. I hope, you already downloaded and installed it. Surely, you loved it. Tell us, about your experience. How is Sulpher? what do you think about Sulpher? Thank you. -- Angel GPG key: 0xC4639705 http://fedoraproject.org/wiki/AshiqurRahman -------------- next part -------------- An HTML attachment was scrubbed... URL: From jan.johansson.mr at gmail.com Thu May 15 08:26:27 2008 From: jan.johansson.mr at gmail.com (Jan Johansson) Date: Thu, 15 May 2008 10:26:27 +0200 Subject: Fedora 9 Sulpher: First Impression In-Reply-To: References: Message-ID: Hello, Fedora is my favorite distribution, so I've followed it since version 5 and forward. I'm preferring KDE desktop, but GNOME is very good also. Issues I had so far with Sulpher is a) Not having full power to my Radeon HD 3870 and b) Some strange problems with my network card (embedded on my motherboard) when IPv6 is enabled. I've been comparing Ubuntu, Mandriva and Fedora on my machine, and the only distro that enables full throttle to Radeon is Ubuntu (by installing propriety driver from its repository). Besides that, I've only used Suplher some few hours now, so I am still poking around in the system to get a more detailed feel about the whole thing. Great Work!!!!!! Best Regards, Jan On 5/15/08, Angel wrote: > Hi, > Just released Fedora 9 Sulpher. I hope, you already downloaded and installed > it. Surely, you loved it. Tell us, about your experience. How is Sulpher? > what do you think about Sulpher? > Thank you. > > -- > Angel > GPG key: 0xC4639705 > http://fedoraproject.org/wiki/AshiqurRahman > From subhodip at fedoraproject.org Thu May 15 09:49:32 2008 From: subhodip at fedoraproject.org (subhodip biswas) Date: Thu, 15 May 2008 15:19:32 +0530 Subject: download problem Message-ID: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> hi ! while trying to download F9 what I face is quite frustrating ..in fact this can be faced by a lot of user in India . while wbut mirror is down (temporarily ) and other cannot handle all the load and bit torrent is quite slow . clicking on i386 direct download always gives error 412 : too many connected users . any way of avoiding this .. I am currently downloading from a mirror in USA and its quite slow. -- Regards Subhodip Biswas GPG key : FAEA34AB Server : pgp.mit.edu http://subhodipbiswas.wordpress.com http:/www.fedoraproject.org/wiki/SubhodipBiswas From dev at nigelj.com Thu May 15 10:04:51 2008 From: dev at nigelj.com (Nigel Jones) Date: Thu, 15 May 2008 22:04:51 +1200 Subject: download problem In-Reply-To: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> Message-ID: <482C0AC3.2070209@nigelj.com> subhodip biswas wrote: > hi ! > while trying to download F9 what I face is quite frustrating ..in fact > this can be faced by a lot of user in India . > while wbut mirror is down (temporarily ) and other cannot handle all > the load and bit torrent is quite slow . > clicking on i386 direct download always gives error 412 : too many > connected users . > any way of avoiding this .. I am currently downloading from a mirror > in USA and its quite slow. > > Hi, Going from what I know (someone might want to update me here): We currently only have 3 mirrors in India (http://mirrors.fedoraproject.org/), one is on a 45mbps link, while the other two are on 5mbps and 2mbps links. From what I see, there isn't really much we can do apart from waiting for more Indian mirrors to come aboard, ISPs/Universities are the best bet and is actually where quite a few of our mirrors are located. Another alternative is try an Asian or Europe mirror, China, Japan, Italy, France etc, many of these mirrors are on 100Mbps+ links and shouldn't be returning 421 errors. (I have no clue on the Indian internet topology but generally geographically closer locations have better links) Noting the 421 errors, it's fairly hard to prevent them, the script (as Matt mentioned on IRC) could be adapted to query the server if there are slots open but thats not always possible. - N.J. Amendment: I noticed the two slower mirrors only allow ftp, try http://ftp.iitm.ac.in/fedora/ which is the server on the 45Mbps link and responds to me in NZ. From Matt_Domsch at dell.com Thu May 15 12:59:32 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Thu, 15 May 2008 07:59:32 -0500 Subject: download problem In-Reply-To: <482C0AC3.2070209@nigelj.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> Message-ID: <20080515125932.GB7515@auslistsprd01.us.dell.com> On Thu, May 15, 2008 at 10:04:51PM +1200, Nigel Jones wrote: > subhodip biswas wrote: > >hi ! > >while trying to download F9 what I face is quite frustrating ..in fact > >this can be faced by a lot of user in India . > >while wbut mirror is down (temporarily ) and other cannot handle all > >the load and bit torrent is quite slow . > >clicking on i386 direct download always gives error 412 : too many > >connected users . > >any way of avoiding this .. I am currently downloading from a mirror > >in USA and its quite slow. > > > > > Hi, > > Going from what I know (someone might want to update me here): > We currently only have 3 mirrors in India > (http://mirrors.fedoraproject.org/), one is on a 45mbps link, while the > other two are on 5mbps and 2mbps links. One thing MM would benefit from would be a weighted sampler. Right now, it collects various lists of Hosts to return (same netblock, same country, same continent, global). It shuffles (python random.shufle()) each of the lists, then concatenates them, and sends that result to the end user. However, this does not take into account that one mirror has a 45Mbps link, and another a 2Mbps; they would each get chosen "randomly". What I need is a replacement for random.shuffle() that takes a list of tuples: (something, weight). And returns a list of somethings that was generated with a statistical sampling based on weight. Now, this is _probably_ a simple thing to do; my college number theory professor would mock me for having not "just done it" myself, but hey - I took that class _twice_ before passing it - I don't trust my skills in this area to get it right. Volunteers? > > From what I see, there isn't really much we can do apart from waiting > for more Indian mirrors to come aboard, ISPs/Universities are the best > bet and is actually where quite a few of our mirrors are located. > > Another alternative is try an Asian or Europe mirror, China, Japan, > Italy, France etc, many of these mirrors are on 100Mbps+ links and > shouldn't be returning 421 errors. (I have no clue on the Indian > internet topology but generally geographically closer locations have > better links) And please please, help find more mirrors in India. > > Noting the 421 errors, it's fairly hard to prevent them, the script (as > Matt mentioned on IRC) could be adapted to query the server if there are > slots open but thats not always possible. yea, I like _this_ less and less the more I think about it. > > - N.J. > > Amendment: I noticed the two slower mirrors only allow ftp, try > http://ftp.iitm.ac.in/fedora/ which is the server on the 45Mbps link and > responds to me in NZ. which just came online yesterday. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From stickster at gmail.com Thu May 15 13:40:38 2008 From: stickster at gmail.com (Paul W. Frields) Date: Thu, 15 May 2008 09:40:38 -0400 Subject: Fedora 9 Sulpher: First Impression In-Reply-To: <1210852294.6072.2.camel@149-159-132-185.dhcp-bl.indiana.edu> References: <1210852294.6072.2.camel@149-159-132-185.dhcp-bl.indiana.edu> Message-ID: <1210858838.20001.38.camel@victoria> On Thu, 2008-05-15 at 07:51 -0400, Yu Feng wrote: > Everything is fine except the low quality graphics for GDM. It looks > like an over-compressed jpeg file. ?I'd rather to use a black screen as > background instead, but there is even no way to change the background > (yet). Very happy that you guys are trying out the distribution. However, you should discuss these topics on fedora-list, and not the lists intended for discussion of infrastructure, marketing, and translation. Thanks! :-) -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From debarshi.ray at gmail.com Thu May 15 14:08:58 2008 From: debarshi.ray at gmail.com (Debarshi Ray) Date: Thu, 15 May 2008 19:38:58 +0530 Subject: download problem In-Reply-To: <20080515125932.GB7515@auslistsprd01.us.dell.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> Message-ID: <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> > One thing MM would benefit from would be a weighted sampler. > > [...] > > What I need is a replacement for random.shuffle() that takes a list of > tuples: (something, weight). And returns a list of somethings that > was generated with a statistical sampling based on weight. > > Now, this is _probably_ a simple thing to do; my college number theory > professor would mock me for having not "just done it" myself, but hey > - I took that class _twice_ before passing it - I don't trust my > skills in this area to get it right. Here is a crude approach: Say A, B and C are mirrors having bandwidth of x,y and z Mbps respectively. So lets have an array which has: A, A, A... (x times), B, B, B... (y times), C, C, C... (z times), and then generate a random number within [0, x+y+z] and use that as an index to fetch a mirror from the array. Happy hacking, Debarshi -- "From what we get, we can make a living; what we give, however, makes a life." -- Arthur Ashe From fantec at proxad.net Thu May 15 14:19:35 2008 From: fantec at proxad.net (Francois Petillon) Date: Thu, 15 May 2008 16:19:35 +0200 Subject: download problem In-Reply-To: <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> Message-ID: <482C4677.9050400@proxad.net> Debarshi Ray wrote: > Say A, B and C are mirrors having bandwidth of x,y and z Mbps > respectively. So lets have an array which has: A, A, A... (x times), > B, B, B... (y times), C, C, C... (z times), and then generate a random > number within [0, x+y+z] and use that as an index to fetch a mirror > from the array. No, your array should be something like : ([A,x];[B,y];[C,z]) and when you pick your random number within [0,x+y+z], you parse the array decreasing your random number until it is less than the current server bandwidth (unless your array is kept static, it would be more costy to generate it (its length will be the sum of server bandwidth) than to parse a server list). But as far as I am concerned, I would prefer giving back to the user a list of nearby servers links (which may be picked bandwidth-randomly) in which the user would choose a server by itself. Fran?ois From rhanna at informatiq.org Thu May 15 15:02:15 2008 From: rhanna at informatiq.org (Ramez Hanna) Date: Thu, 15 May 2008 18:02:15 +0300 Subject: Fedora 9 Sulpher: First Impression In-Reply-To: <1210858838.20001.38.camel@victoria> References: <1210852294.6072.2.camel@149-159-132-185.dhcp-bl.indiana.edu> <1210858838.20001.38.camel@victoria> Message-ID: <6a65d5240805150802qf15511as841404209ebaf53b@mail.gmail.com> been using it for a full working day now i am impressed with the new packagekit so far yet i don't see major changes that are apparent to the desktop user, but what more can they ask for ;) great work 2008/5/15 Paul W. Frields : > On Thu, 2008-05-15 at 07:51 -0400, Yu Feng wrote: > > Everything is fine except the low quality graphics for GDM. It looks > > like an over-compressed jpeg file. ?I'd rather to use a black screen as > > background instead, but there is even no way to change the background > > (yet). > > Very happy that you guys are trying out the distribution. However, you > should discuss these topics on fedora-list, and not the lists intended > for discussion of infrastructure, marketing, and translation. > Thanks! :-) > > -- > Paul W. Frields http://paul.frields.org/ > gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 > http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ > irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From johnp at redhat.com Thu May 15 15:20:14 2008 From: johnp at redhat.com (John (J5) Palmieri) Date: Thu, 15 May 2008 11:20:14 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <20080514164143.GB11441@x300> References: <482B0E00.5030705@gmail.com> <20080514164143.GB11441@x300> Message-ID: <1210864814.7058.2.camel@localhost.localdomain> On Wed, 2008-05-14 at 12:41 -0400, Luke Macken wrote: > On Wed, May 14, 2008 at 11:03:38AM -0500, Mike McGrath wrote: > > > > > Forwarding to fedora-infrastructure-list soit canget more exposure and > > > discussion. > > > > > > -------- Original Message -------- > > > Subject: Tosca widgets, only half the battle > > > Date: Sun, 11 May 2008 12:27:36 -0400 > > > From: John (J5) Palmieri > > > To: Toshio Kuratomi > > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > > process I finally sat down the last two weeks to organize everything > > > into a framework make it much more extensible and have patterns for > > > people to easily create content. Most of the technologies are > > > solidifying into my head and I have been working on hashing out an API > > > design behind the user interaction design I had started with. The issue > > > I am running into now is the fact that Turbo Gears and related > > > technology come from a monolithic design and adhere too stringently to > > > the Model/View/Controller design pattern. This is really an issue when > > > your models, views and controllers can come from different applications > > > or even different servers. MyFedora is of course a mashup of different > > > tools and does not fit the, I'm grabbing data from a single database and > > > displaying it via a self contained template, mold. What I need is a > > > complete plugin system where a person can write their own self contained > > > controllers, templates and static files which then drop in and are > > > loaded on the fly, while integrating with the global project. > > > > > > > Do we want the myfedora app to be coded in such a way that it works with > > lots of technologies? or do we want to define a standard that the > > technologies can implement to make it work with myfedora? > > I'd like to see us re-use and be compatible with as many existing > technologies and standards as possible. I don't necessarily see any > value in re-inventing our own. That is, unless we have a sound reason > to? > > luke Exactly, I would want a standard way of doing things at least in the MyFedora plugin context. This is why I didn't want to get away from templates and controllers (or something else that will be standard for a long time). Ideally someone who knows how to write a TG app should be able to write a plugin with a little glue code added and files shuffled around. -- John (J5) Palmieri From johnp at redhat.com Thu May 15 15:24:59 2008 From: johnp at redhat.com (John (J5) Palmieri) Date: Thu, 15 May 2008 11:24:59 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <20080514163957.GA11441@x300> References: <482B0E00.5030705@gmail.com> <20080514163957.GA11441@x300> Message-ID: <1210865099.7058.7.camel@localhost.localdomain> On Wed, 2008-05-14 at 12:39 -0400, Luke Macken wrote: > On Wed, May 14, 2008 at 09:06:24AM -0700, Toshio Kuratomi wrote: > > Forwarding to fedora-infrastructure-list soit canget more exposure and > > discussion. > > > > -------- Original Message -------- > > Subject: Tosca widgets, only half the battle > > Date: Sun, 11 May 2008 12:27:36 -0400 > > From: John (J5) Palmieri > > To: Toshio Kuratomi > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > process I finally sat down the last two weeks to organize everything > > into a framework make it much more extensible and have patterns for > > people to easily create content. Most of the technologies are > > solidifying into my head and I have been working on hashing out an API > > design behind the user interaction design I had started with. The issue > > I am running into now is the fact that Turbo Gears and related > > technology come from a monolithic design and adhere too stringently to > > the Model/View/Controller design pattern. This is really an issue when > > your models, views and controllers can come from different applications > > or even different servers. MyFedora is of course a mashup of different > > tools and does not fit the, I'm grabbing data from a single database and > > displaying it via a self contained template, mold. What I need is a > > complete plugin system where a person can write their own self contained > > controllers, templates and static files which then drop in and are > > loaded on the fly, while integrating with the global project. > > > > Before I go further let me describe my design. > > > > Vocabulary: > > > > Resource - This is the starting point for MyFedora plugins. A resource > > is any abstract grouping such as "packages", "people" and "projects" > > which contain tools for viewing and manipulating data within the > > resource's context. > > > > Tools - A tool is a web app for viewing or manipulating data. For > > example Builds would be a tool for the package resource. > > > > Data Id - The data id is a pointer to a specific dataset the tools work > > on. For example the package resource considers each fedora package name > > to be a data_id. > > > > The way things work are Resources are placed in the resources/ directory > > and contain the logic for routing requests to a specific tool. They > > also contain the master template which is a cause of path problems with > > the current TG setup (include paths are relative to the including > > template) > > > > Tools are placed in the tools/ directory and are controllers just like > > any other TG controller. The exception is there is a standard for > > including the master template and the tool pulls templates and static > > files from its own directory. Tools can register with more than one > > resource and must modify its behavior based on the resource calling it. > > For instance the Build tool would be able to register with the package > > and people resource and depending which resource is being used it would > > display either a specific person's builds or the build history of a > > package. Based on the resource being used the master template is pulled > > in by the tool's templates. > > > > Data id's are simply what the resource passes to the tool and the tool > > needs to be able to accept when dealing with a particular resource. For > > instance the Packages resource would send a package name as a data id > > and the Peoples resource would send a person's FAS username. > > > > The issue here is I need the tools to be self contained but still > > integrate correctly with the global assests such as master templates and > > graphics. Tosca widgets seemed to be the answer until I looked further > > and found out they are just a higher level display layer than a self > > contained controller/template system. It seems to be confusing because > > it breaks the connection between the controller, data and the display > > when I want that all to be encapsulated. Basically I don't want the > > master page dolling out the data because the master page is just a > > container to display the tool and links to other tools. The tools > > should know where to get their data from. > > > > One solution is to use ToscaWidgets as a replacement for templates (or > > more apt another layer between the controller and the template). That > > makes things more complicated and throws away a lot of the concepts of > > TG controllers. I guess I am probably just hung up on how I first > > learned TG and we can just document around those issues. But another > > thing to think about is stuff like WSGI. > > > > What do you guys think? Given my design and goals such as the ability to > > display tools on the portal page, what is our plan of attack? How do we > > concoct a plugin system to make it easy for others to create integrated > > content while really just concentrating on their bits and not the wider > > integration infrastructure? Are there systems/libraries out there that > > already do this? Tosca is only part of the solution because it only > > deals with encapsulating display and is mostly geared to generic widgets > > like lists and not complete pages. I would like to have a framework > > that is simple, focused and easy to use. > > You mention that you're running into issues with TurboGears v1.0's > "monolithic design", which makes various assumptions about how your > application is going to be implemented. I agree that this may not be > ideal for the MyFedora environment, which is why I think basing this on > TurboGears v2.0 is the way to go. Being built on top of Pylons, which > does not make these strict assumptions, it will allow us to have much > more control over how our application stack is structured. Since > TG2/Pylons leverages the WSGI standard (which we are starting to adopt > in our infrastructure deployment already), it will allow us to change > any part of our own stack at any time, without taking apart the whole > framework. If we treat resources as WSGI applications/middleware, it > will make it trivial to plug these into our framework, package them, and > develop them in isolation. > > ToscaWidgets is extremely useful, but not at this low of a level in our > framework design. I think that TW will be great for the high-level > re-usable widgets that can potentially use various MyFedora > resources/tools, but for core MyFedora resources, I think basing them on > top of the WSGI standard will be the most flexible solution. I was thinking that but I am still not sure what WSGI is. Right now it is just a magic term to me. Can you describe them in terms of controllers right now? How does relative paths work (for instance with template inheritance)? Is TG 2.0 stable enough for me to start rebasing on? -- John (J5) Palmieri From thinklinux.ssh at gmail.com Thu May 15 15:27:59 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 20:57:59 +0530 Subject: download problem In-Reply-To: <482C4677.9050400@proxad.net> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> Message-ID: Do we really need an array? Lets see.. * Lets say we have three mirrors X (45 Mb), Y (5Mb), Z (3Mb) * =>Total bandwidth = 53Mb * Now lets say, at any given instance there are 100 requests. * So proportionally, X should get (100/53)*45 = 85 requests. Y should get 9 requests and Z, 6 requests only. Now 1. Generate a random no r. 2. If r<85 route to X, else if 85 References: <482B0E00.5030705@gmail.com> <482B2415.1050807@gmail.com> Message-ID: <1210865865.7058.20.camel@localhost.localdomain> On Wed, 2008-05-14 at 10:40 -0700, Toshio Kuratomi wrote: > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > process I finally sat down the last two weeks to organize everything > > into a framework make it much more extensible and have patterns for > > people to easily create content. Most of the technologies are > > solidifying into my head and I have been working on hashing out an API > > design behind the user interaction design I had started with. The issue > > I am running into now is the fact that Turbo Gears and related > > technology come from a monolithic design and adhere too stringently to > > the Model/View/Controller design pattern. This is really an issue when > > your models, views and controllers can come from different applications > > or even different servers. MyFedora is of course a mashup of different > > tools and does not fit the, I'm grabbing data from a single database and > > displaying it via a self contained template, mold. What I need is a > > complete plugin system where a person can write their own self contained > > controllers, templates and static files which then drop in and are > > loaded on the fly, while integrating with the global project. > > > FAS2 is at a similar stage. We want other people to be able to use > FAS2. So we want to pull Fedora specific portions into a plugin > architecture. We've started using setuptools entry-points since that's > the plugin architecture that TurboGears already uses but that only > solves how to load the modules, I think we got templates to work after a > bit of hacking but I'd have to revisit the code. Getting the model to > work is the big sticking point as the model means either: > 1) A new db and a new set of db connections > 2) Somehow merging the plugin's model with the main apps model. > > In myfedora, you might be able to use setuptools entry-points to better > effect since you're operating largely without a model. If the plugins > don't have to save state or can save very minimal state into a generic > configs table you should be able to use entry-points to load up the code. I'll have a look at this. Most state would be cookies though I would like the plugins to also work on the main page as a widget but the config state there would be from the main page's controller which is a traditional TG app. > > Before I go further let me describe my design. > > > > Vocabulary: > > > > Resource - This is the starting point for MyFedora plugins. A resource > > is any abstract grouping such as "packages", "people" and "projects" > > which contain tools for viewing and manipulating data within the > > resource's context. > > > > Tools - A tool is a web app for viewing or manipulating data. For > > example Builds would be a tool for the package resource. > > > > Data Id - The data id is a pointer to a specific dataset the tools work > > on. For example the package resource considers each fedora package name > > to be a data_id. > > > > The way things work are Resources are placed in the resources/ directory > > and contain the logic for routing requests to a specific tool. They > > also contain the master template which is a cause of path problems with > > the current TG setup (include paths are relative to the including > > template) > > > This is how we fixed that in fas:: > > import genshi.template.plugin > master = > genshi.template.plugin.MarkupTemplateEnginePlugin().load_template('fas.templates.master') > ?> > I think I'll do this in the root controller and inject it in as a standard myfedora helper object where myfedora.templates.get_parent() would do the trick. I'm trying to hide as much as the boilerplate as possible. > > Tools are placed in the tools/ directory and are controllers just like > > any other TG controller. The exception is there is a standard for > > including the master template and the tool pulls templates and static > > files from its own directory. Tools can register with more than one > > resource and must modify its behavior based on the resource calling it. > > For instance the Build tool would be able to register with the package > > and people resource and depending which resource is being used it would > > display either a specific person's builds or the build history of a > > package. Based on the resource being used the master template is pulled > > in by the tool's templates. > > > That's pretty nifty. > > > Data id's are simply what the resource passes to the tool and the tool > > needs to be able to accept when dealing with a particular resource. For > > instance the Packages resource would send a package name as a data id > > and the Peoples resource would send a person's FAS username. > > > An aside: It sounds like we'd want to implement some sort of global > cache at some point. If we always start from the data_ids there's a lot > of data to be pulled in each request. And if tools are using similar > pieces of information but displaying it differently (for instance, when > using a tool in a different resource) we'd definitely see reuse of the data. Oh definitely but we need to be careful, as much of what the user cares about is quick changing live data. When we get into doing the comet framework perhaps we can figure out a way to mark live data with data that is unlikely to change, cache the static data locally and optimize the live data retrieval on the server we are getting it from. > > > What do you guys think? Given my design and goals such as the ability to > > display tools on the portal page, what is our plan of attack? How do we > > concoct a plugin system to make it easy for others to create integrated > > content while really just concentrating on their bits and not the wider > > integration infrastructure? Are there systems/libraries out there that > > already do this? Tosca is only part of the solution because it only > > deals with encapsulating display and is mostly geared to generic widgets > > like lists and not complete pages. I would like to have a framework > > that is simple, focused and easy to use. > > > > I suppose part of the question is who do we want to be building these > plugins for MyFedora? If it's the author of the app providing the data > then it should be something that their app can also use. If it's > MyFedora developers, then it should be easy for them to create a new > controller and setup a plugin. We might want to write a small script > that makes a sample plugin directory like tg-admin quickstart does for > the main app. Say Dimitri with Transflex. He can test it on his own machine and then ask us to include the plugin on our live site. Random widget development for display on the front page/desktop/other portal is another story and I suggest we look at OpenSocial for those pieces. > Take a look at how fas does things: fas/plugins/dummy_plugin. > That should pretty much be a self-contained plugin using setuptools > entrypoints to do its dirty work. Will do. -- John From johnp at redhat.com Thu May 15 15:41:01 2008 From: johnp at redhat.com (John (J5) Palmieri) Date: Thu, 15 May 2008 11:41:01 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <1210864814.7058.2.camel@localhost.localdomain> References: <482B0E00.5030705@gmail.com> <20080514164143.GB11441@x300> <1210864814.7058.2.camel@localhost.localdomain> Message-ID: <1210866061.7058.24.camel@localhost.localdomain> On Thu, 2008-05-15 at 11:20 -0400, John (J5) Palmieri wrote: > On Wed, 2008-05-14 at 12:41 -0400, Luke Macken wrote: > > On Wed, May 14, 2008 at 11:03:38AM -0500, Mike McGrath wrote: > > > > > > > Forwarding to fedora-infrastructure-list soit canget more exposure and > > > > discussion. > > > > > > > > -------- Original Message -------- > > > > Subject: Tosca widgets, only half the battle > > > > Date: Sun, 11 May 2008 12:27:36 -0400 > > > > From: John (J5) Palmieri > > > > To: Toshio Kuratomi > > > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > > > process I finally sat down the last two weeks to organize everything > > > > into a framework make it much more extensible and have patterns for > > > > people to easily create content. Most of the technologies are > > > > solidifying into my head and I have been working on hashing out an API > > > > design behind the user interaction design I had started with. The issue > > > > I am running into now is the fact that Turbo Gears and related > > > > technology come from a monolithic design and adhere too stringently to > > > > the Model/View/Controller design pattern. This is really an issue when > > > > your models, views and controllers can come from different applications > > > > or even different servers. MyFedora is of course a mashup of different > > > > tools and does not fit the, I'm grabbing data from a single database and > > > > displaying it via a self contained template, mold. What I need is a > > > > complete plugin system where a person can write their own self contained > > > > controllers, templates and static files which then drop in and are > > > > loaded on the fly, while integrating with the global project. > > > > > > > > > > Do we want the myfedora app to be coded in such a way that it works with > > > lots of technologies? or do we want to define a standard that the > > > technologies can implement to make it work with myfedora? > > > > I'd like to see us re-use and be compatible with as many existing > > technologies and standards as possible. I don't necessarily see any > > value in re-inventing our own. That is, unless we have a sound reason > > to? > > > > luke > > Exactly, I would want a standard way of doing things at least in the > MyFedora plugin context. This is why I didn't want to get away from > templates and controllers (or something else that will be standard for a > long time). Ideally someone who knows how to write a TG app should be > able to write a plugin with a little glue code added and files shuffled > around. I should also note the widget component for looking at quick data on the main page is a separate issue and I for one would like to be able to display data from any framework on any site there (such as EJB's or perl apps, yahoo and google widgets, etc.) through use of standards like OpenSocial and just plain iframes. -- John (J5) Palmieri From Matt_Domsch at dell.com Thu May 15 15:39:16 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Thu, 15 May 2008 10:39:16 -0500 Subject: download problem In-Reply-To: References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> Message-ID: <20080515153916.GA32697@auslistsprd01.us.dell.com> On Thu, May 15, 2008 at 08:57:59PM +0530, susmit shannigrahi wrote: > Do we really need an array? Lets see.. > > * Lets say we have three mirrors X (45 Mb), Y (5Mb), Z (3Mb) > > * =>Total bandwidth = 53Mb > > * Now lets say, at any given instance there are 100 requests. we don't know this number (100) in the app... Hence it needs to be a probability chosen out of the 53 (which we do know). -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From fantec at proxad.net Thu May 15 16:01:11 2008 From: fantec at proxad.net (Francois Petillon) Date: Thu, 15 May 2008 18:01:11 +0200 Subject: download problem In-Reply-To: References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> Message-ID: <482C5E47.1040709@proxad.net> susmit shannigrahi wrote: > Do we really need an array? Lets see.. > 2. If r<85 route to X, > else if 85 else route to Z. This is de facto an array... Your's is hardcoded (and you need a code generator and you need to generate the code it for all GeoIP possible result). Mine is build up using GeoIP results. Fran?ois From thinklinux.ssh at gmail.com Thu May 15 16:15:46 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 21:45:46 +0530 Subject: download problem In-Reply-To: <20080515153916.GA32697@auslistsprd01.us.dell.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <20080515153916.GA32697@auslistsprd01.us.dell.com> Message-ID: > > we don't know this number (100) in the app... > Hence it needs to be a probability chosen out of the 53 (which we do > know). No, Wait. I can show if this is true for 100, this will be true for _any_ number. * As we are generating a random number within 100, the probability of each number being picked up is 1/100. * So the probability of getting a number within 85 is always 85/100. * Lets assume there are n requests to distribute. * Whatever be the value of n, the random number's probability of being in range <85 is 85/100. * So out of n requests, n*85/100 requests will always be routed to X irrespective of the value n. * Lets say n=10..So X gets 10*85/100 = 8.5 requests. * Lets say n=27 so X gets 27*85/100 = 22.95 requests. * If n=1, then the probability that X will get that particular requests is 85%. Correct? -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From thinklinux.ssh at gmail.com Thu May 15 16:29:09 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 21:59:09 +0530 Subject: download problem In-Reply-To: <482C5E47.1040709@proxad.net> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <482C5E47.1040709@proxad.net> Message-ID: On Thu, May 15, 2008 at 9:31 PM, Francois Petillon wrote: > susmit shannigrahi wrote: >> >> Do we really need an array? Lets see.. > >> 2. If r<85 route to X, >> else if 85> else route to Z. > > This is de facto an array... Well, may be, but without any operation on stack, thereby reducing time complexity and also reducing the overhead of creating, maintaining or updating an array. Is not it? :) -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From kr at cybsft.com Thu May 15 17:22:34 2008 From: kr at cybsft.com (K.R. Foley) Date: Thu, 15 May 2008 12:22:34 -0500 Subject: download problem In-Reply-To: References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <20080515153916.GA32697@auslistsprd01.us.dell.com> Message-ID: <482C715A.3000905@cybsft.com> susmit shannigrahi wrote: >> we don't know this number (100) in the app... >> Hence it needs to be a probability chosen out of the 53 (which we do >> know). > > > No, Wait. > > I can show if this is true for 100, this will be true for _any_ number. > > * As we are generating a random number within 100, the probability of each > number being picked up is 1/100. > > * So the probability of getting a number within 85 is always 85/100. > > > * Lets assume there are n requests to distribute. > > * Whatever be the value of n, the random number's probability of being > in range <85 > is 85/100. > > * So out of n requests, n*85/100 requests will always be routed to X > irrespective of the value n. > > * Lets say n=10..So X gets 10*85/100 = 8.5 requests. > > * Lets say n=27 so X gets 27*85/100 = 22.95 requests. > > * If n=1, then the probability that X will get that particular requests is 85%. > > Correct? > Problem with this is that you never know n :) -- kr From thinklinux.ssh at gmail.com Thu May 15 17:30:59 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 23:00:59 +0530 Subject: download problem In-Reply-To: <482C715A.3000905@cybsft.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <20080515153916.GA32697@auslistsprd01.us.dell.com> <482C715A.3000905@cybsft.com> Message-ID: >> > Problem with this is that you never know n :) Hmm..let me think again.. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From thinklinux.ssh at gmail.com Thu May 15 17:44:31 2008 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 15 May 2008 23:14:31 +0530 Subject: download problem In-Reply-To: References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <20080515153916.GA32697@auslistsprd01.us.dell.com> <482C715A.3000905@cybsft.com> Message-ID: >> Problem with this is that you never know n :) Why do we need to know n? Whenever a request comes in, 85% chance is that it will go to X. This is individually true for all requests. So totally 85% req will go to X. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/SusmitShannigrahi ============================================= From jmyerscough1 at googlemail.com Thu May 15 18:13:58 2008 From: jmyerscough1 at googlemail.com (Jason Myerscough) Date: Thu, 15 May 2008 19:13:58 +0100 Subject: About Me Message-ID: Hi I am 23 years old looking to contribute to the Fedora Core project as a developer I have around 7 years experience as a developer. I am currently working with Java, Oracle, C++ and Qt developing software for the Solaris platform. I have experience with many programming languages but I dont have much experience with Python but it is something I would like to learn. I open to all types of development I look forward to hearing from you Regards Jason Myerscough -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev at nigelj.com Thu May 15 21:12:57 2008 From: dev at nigelj.com (Nigel Jones) Date: Fri, 16 May 2008 09:12:57 +1200 Subject: Meeting Log - 2008-05-15 Message-ID: <482CA759.5060005@nigelj.com> And the document you've all been waiting for... The meeting log for the Infrastructure Team held on 15th May 2008 at 2000UTC! Reg, Nigel 07:56 < sebastian^> first one :> 07:59 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 07:59 < smooge> I am 07:59 < abadger1999> smooge == God? 07:59 < sebastian^> me too 07:59 < abadger1999> ;-) 07:59 * G gives mmcgrath a cookie 07:59 * iWolf is here 08:00 * ricky 08:00 * smooge jumps out of the burning bush going "it burns it burns.. oh god it burns..." 08:00 * jcollie is here 08:00 * skvidal is 08:00 < jbrothers> first meeting for me 08:00 < ricky> jbrothers: Welcome! 08:01 < G> I've got logs if needed 08:01 < jbrothers> thanks, ricky 08:01 < ricky> G: Mind emailing them/updating the wiki page today? I haven't gotten email 100% setup yet 08:01 < G> k 08:01 * geoffs says hello 08:01 < ricky> Thanks 08:01 < mmcgrath> Just an FYI before we get started, fedorapeople got borked for a bit but it should be fine now. I'll send an outage notification out after the meeting to let everyone know what happened. 08:01 * nirik is sitting back in the bleachers. 08:01 * couf lurks 08:01 * dgilmore is here 08:02 < mmcgrath> So lets get to the tickets. 08:02 < mmcgrath> oh crap, can't get to the tickets. 08:02 < mmcgrath> .ticket 300 08:02 < zodbot> mmcgrath: #300 (Can't log into wiki) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/300 08:02 < mmcgrath> heh, well some people can. 08:02 < mmcgrath> will someone here that can get to https://fedorahosted.org/fedora-infrastructure/ go to the meeting link at the bottom and pm me what tickets are listed there? 08:03 < mmcgrath> we're having some routing issues at serverbeach. Not sure from what exactly yet 08:03 < G> mmcgrath: lets see 08:04 * mdomsch is only a little lage 08:04 < mdomsch> late 08:04 < mmcgrath> mdomsch: no worries, I'm hoping someone can get me the ticket list, we're having some routing issues to serverbeach. 08:04 < mmcgrath> is anyone able to access that page? 08:04 < mmcgrath> https://fedorahosted.org/fedora-infrastructure/ 08:05 < G> mmcgrath: 395 398 446 547 08:05 < skvidal> yes 08:05 < skvidal> I am 08:05 < mmcgrath> nm, I got them 08:05 < mmcgrath> thanks 08:05 < mmcgrath> so first one 08:05 < mmcgrath> .ticket 395 08:05 < zodbot> mmcgrath: #395 (Audio Streaming of Fedora Board Conference Calls) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/395 08:05 < mdomsch> it's timing out for me 08:06 < mmcgrath> jcollie: I'd assume there's no news there but I wanted to tell you I am planning on having asterisk deployed and working before FUDCon. 08:06 < mmcgrath> the non board call part of all of that 08:06 < mmcgrath> jcollie: anything new on that front? 08:06 < mmcgrath> will you have time coming up to work on it? 08:06 < jcollie> yeah, i was going to start some work on that, but keep it simple 08:06 < jcollie> no irc bots and such yet 08:06 * ivazquez apologizes for being late 08:06 < mmcgrath> ivazquez: no worries. 08:07 < mmcgrath> jcollie: is there a web interface for it or anything? 08:07 * mmcgrath assumes no, thought he' dask 08:07 < skvidal> mmcgrath: ticket submitted to sb 08:07 < jcollie> asterisk of flumotion? 08:07 < mmcgrath> flumotion 08:07 < mmcgrath> well either as it relates to conference calls I guess. 08:07 < jcollie> no web client but there is a python gui 08:07 < mmcgrath> skvidal: thanks 08:07 < mmcgrath> ah, k 08:08 < mmcgrath> jcollie: anything else on that front? if not we'll move on. 08:08 < jcollie> basically as a first step i want to get the board connected over SIP with audio feeds to the web 08:08 < mmcgrath> 08:08 < jcollie> public will pass Qs to board over irc channel 08:09 < jcollie> control of audio feed will need to be done by someone in sysadmin-whatever 08:09 < mmcgrath> skvidal: dgilmore: btw, where are the public board meetings advertised? I didn't even know about the last one. 08:09 < dgilmore> mmcgrath: fab 08:09 < skvidal> I'm pretty sure we also emailed -announce 08:09 * skvidal looks for stickster 08:09 * stickster here 08:10 < ricky> YES!!!!! 08:10 < ricky> MY FILES!!! AAHHHHHH!H!! 08:10 < ricky> (sorry, I had to do that) 08:10 < mmcgrath> ricky: :) 08:10 * ricky does a dance! 08:11 < dgilmore> stickster: we need to announce board meetings loader 08:11 < dgilmore> louder 08:12 < stickster> dgilmore: mmcgrath: The last one was posted to fedora-advisory-board, fedora-announce-list, and fedora-marketing-list. 08:12 < mmcgrath> stickster: how far in advanced? 08:12 < stickster> mmcgrath: One week 08:12 * mmcgrath wonders if it went to all 3 at once and got filed somewhere. 08:12 < mmcgrath> stickster: I suggest you use zodbot to announce the meetings 5 minutes before they start as well :) 08:12 < mmcgrath> I can give you or someone access to do that 08:13 < stickster> http://www.redhat.com/archives/fedora-announce-list/2008-April/msg00014.html 08:13 < mmcgrath> ok, anywho, we should move on to the next ticket :) 08:13 < mmcgrath> .ticket 398 08:13 < zodbot> mmcgrath: #398 (elfutils `monotone' (mtn) error) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/398 08:13 < mmcgrath> jcollie: abadger1999: either of you guys know anything thats going on with this? 08:13 < jcollie> i haven't heard anything 08:13 < mmcgrath> rmcgrath: we're talking about 08:13 < mmcgrath> .ticket 398 08:13 < zodbot> mmcgrath: #398 (elfutils `monotone' (mtn) error) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/398 08:14 < abadger1999> Nope. rmcgrath said usher wouldn't help us. 08:14 < mmcgrath> that whole anonymous monotone thing. 08:14 < abadger1999> But he was looking at hacking something together that would give fas members anonymous access. 08:14 < rmcgrath> yeah i left that sitting while busy with other work plus not wanting to worry about the change freeze 08:14 < abadger1999> and later trying to extend it. 08:14 < mmcgrath> well, if there's no news, there's no news. 08:14 < mmcgrath> rmcgrath: 08:15 < mmcgrath> alrighty then, next ticket! 08:15 < rmcgrath> i have a hack that is probably sufficient for fas users to get r/o access, just not tested 08:15 < mmcgrath> rmcgrath: solid, well the freeze is over now so we can get it in if you're ready. 08:15 < ricky> Wait, so does the trac source tab now show anything right now? 08:15 < rmcgrath> still needs testing, but i think i have what i need when i get the time 08:16 < mmcgrath> ricky: It does but you can't just check it out that way and get a working project. 08:16 < ricky> Ah, yeah - that's a problem. 08:16 < mmcgrath> anywho, we'll wait to see how the hack works :) 08:16 < mmcgrath> .ticket 446 08:16 < zodbot> mmcgrath: #446 (Possibility to add external links on spins page) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/446 08:16 < mmcgrath> dgilmore: any news on that? 08:16 -!- rmcgrath [n=roland at c-76-102-158-52.hsd1.ca.comcast.net] has left #fedora-meeting [] 08:17 < dgilmore> i started and keep forgeting to go back to it 08:17 -!- wolfy [n=lonewolf at fedora/wolfy] has joined #fedora-meeting 08:17 < mmcgrath> heh, so nothing new on that front then :) ? 08:18 < dgilmore> Im going to lock myself ina room and catch up on my todo's 08:18 < dgilmore> not today 08:18 < mmcgrath> k 08:18 < mmcgrath> and 08:18 < mmcgrath> .ticket 547 08:18 < zodbot> mmcgrath: #547 (Koji DB Server as postgres 8.3) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/547 08:18 < mmcgrath> ahhh this is a good one. 08:18 < mmcgrath> abadger1999: want to give a quick round up on why we want to do this? 08:19 < dgilmore> so ive been using 8.3 on the sparc buildsys for awhile now 08:19 < skvidal> hey hey 08:19 < skvidal> http://forums.serverbeach.com/showthread.php?t=7472 08:19 < abadger1999> we've been running into all sorts of annoyances with postgres 8.1 08:19 < ricky> Aha. 08:19 < abadger1999> About half of them have to do with vacuuming. 08:19 < mmcgrath> skvidal: whew, always nice to know its not "just us" :) 08:19 < abadger1999> -- having to vacuum the whole db frequently, not being able to use autovacuum. 08:19 < skvidal> no, but later in that thread they specifically blame you :) 08:20 < mmcgrath> skvidal: figures 08:20 < abadger1999> The other half are performance -- large queries taking days to complete and such. 08:20 < skvidal> nod 08:20 < abadger1999> 8.3 has several enhancements that mitigate the issues 08:20 < dgilmore> abadger1999: if we need some benchmarking i can do that 08:20 < dgilmore> though it wont be apples to apples 08:21 < mmcgrath> abadger1999: so here's my only concern.... What are we going to be doing as far as building and maintaining our own package 08:21 < mmcgrath> ? 08:21 < mmcgrath> I just suspect thats not a small job, we should ping the package maintainer and see what he thinks. 08:21 < mmcgrath> is there any chance of us getting 8.3 into RHEL5.2 or 5.3? 08:21 < dgilmore> mmcgrath: no change for getting 8.3 into RHEL5 08:22 < mmcgrath> dgilmore: why is that? not backwards compatable? 08:22 -!- nim-nim [n=nim-nim at fedora/nim-nim] has quit [Connection timed out] 08:22 < dgilmore> mmcgrath: its stuck at 8.1 for the life of RHEL5 08:22 * mmcgrath has no idea what that decision process is like. 08:22 < mdomsch> the whole dump/restore process on upgrade would be problematic for users 08:22 < abadger1999> yep. 08:22 < mmcgrath> k 08:22 < jcollie> hop in the fedora time machine and bring back a copy of RHEL6 from 1 year from now 08:22 < mmcgrath> so we're on our own... how much additional work are we talking about there? 08:22 < dgilmore> mmcgrath: ive been building 8.3 from F8 on a FC-6 sparc tree and using that 08:23 < mmcgrath> is anyone here volunteering to maintain that package in the infrastructure repo? 08:23 < dgilmore> i think that maintainence wont be too bad. until Fedora moves beyond 8.3 08:24 < mdomsch> I hear a volunteer 08:24 < G> if it comes to it, I'll do it, but I'd perfer not to (I don't even have RHEL5 available to me, sounds like a job for a redhatter :) 08:24 * jcollie whispers CentOS in G's ear 08:24 < skvidal> G: you can't access centos5? 08:25 < jcollie> centos rocks if you can't afford rhel 08:25 < mmcgrath> ok, lets forget about volunteering to build and maintain the package... 08:25 < mmcgrath> Is anyone here against moving to 8.3 for any reason? 08:25 < jcollie> +1 from me 08:25 < mmcgrath> It is my understanding (though I've not used 8.3) that there are a lot of benefits to it. 08:25 < abadger1999> so how long are we looking at staying with 8.3 on RHEL5? 08:25 < G> I can access CentOS but there is a matter of bandwidth I want to avoid :) 08:26 < mdomsch> abadger1999, until we want to upgrade the box to RHEL6 08:26 < jcollie> abadger1999: probably until rhel6 i suppose 08:26 < mmcgrath> abadger1999: I'd say until such a time comes that we can't use 8.3 or until it gets supported on another platform. 08:26 < mmcgrath> like RHEL6 08:26 < G> To me 8.3 on a new server just for Koji sounds good 08:26 < mdomsch> which I won't speculate as to it's release date in this channel... 08:26 < abadger1999> So will upgrading to RHEL6 for the db boxes be a priority? 08:26 < mmcgrath> abadger1999: we'll have to consider that when the time comes. 08:27 < abadger1999> k. 08:27 < mmcgrath> I mean, if our RHEL5 box just keeps on ticking with the postgres83 we've got on it, probably no hurry. 08:27 < mmcgrath> as long as there aren't security issues or something. 08:27 < abadger1999> I can build 8.3 for infrastructure. 08:27 < mmcgrath> abadger1999: k, I'll comaintain it with you then 08:27 < abadger1999> But i'm not going to be able to investigate the depths of the source code. 08:27 < abadger1999> sounds good. 08:27 < mmcgrath> skvidal: I just got a recovery notice. 08:27 < skvidal> me too 08:28 < mmcgrath> abadger1999: do we want to put a time frame on this or just wait until db3 is installed and ready? 08:28 < G> ah ha, I can access fh.org from home now, better than links :) 08:28 < abadger1999> Doing it with db3 makes sense. 08:29 < mmcgrath> k, so thats settled then. Anyone have anything else? if not we'll move on. 08:29 < abadger1999> it'll take a dump and reload to migrate the data from 8.1 to 8.3 08:29 < mmcgrath> 08:29 < mmcgrath> alrighty then. Thats the end of the tickets 08:29 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Lessons Learned 08:29 < mmcgrath> .tiny http://fedoraproject.org/wiki/Infrastructure/F9LessonsLearned 08:29 < zodbot> mmcgrath: http://tinyurl.com/3omv7h 08:30 < mmcgrath> mdomsch: want to take the floor on this or should I just go through it? 08:30 < mdomsch> go for it 08:30 < mmcgrath> allllrighty 08:30 < mdomsch> a lot of it is stuff I noticed for MM/mirrors 08:30 < mmcgrath> So as some of you probably heard we had a release on Tuesday. 08:30 < mdomsch> red hat IS didn't hear 08:30 < G> mmcgrath: we did? :P 08:30 < mmcgrath> and, to date, its been the smoothest release I've ever seen as far as the infrastructure side. 08:31 < mmcgrath> mdomsch: ? 08:31 < mdomsch> amen 08:31 < ricky> :-) 08:31 < mdomsch> no melted switches, datacenters offline 08:31 < mmcgrath> mdomsch: you just sayin they didn't get much traffic or did they tell you they didn't know aobut it? (I only ask because... I created a ticket :) 08:31 < mmcgrath> ahh, yes! 08:31 < mmcgrath> so down the list! 08:31 < mmcgrath> So the biggest thing we saw was the leak. 08:31 < smooge> congrats to mdomsch and the rest for making that sooo smooth 08:32 < mmcgrath> and it was really only a problem because it got fixed multiple times, and still started leaking but I think we have a handle on that so it won't happen next time. 08:32 < mmcgrath> it'd be good to review this list..... 08:32 < mmcgrath> mdomsch: hey, would you mind adding this page to the SOP/Release page as something to review? 08:32 < mmcgrath> the next thing was jigdo, I actually have no idea what happened there or even that there was a problem. 08:32 < mdomsch> personally, I'm OK with a few leaks - let the fanbois get their early taste of freedom 08:32 < mmcgrath> mdomsch: what happened there? 08:33 < mdomsch> mmcgrath, pyjigdo wasn't done in time; jesse had to manually tweak the created template files 08:33 < mdomsch> and those are tricky to manually tweak 08:33 < mdomsch> so they were wrong a couple times 08:33 < mmcgrath> 08:33 < mdomsch> on Thursday before relesae, after bits had been sent to the mirrors, rel-eng pushed the panic button 08:34 < mdomsch> and wound up respinning a bunch of ISOs 08:34 < mdomsch> but not quite all of them 08:34 < mmcgrath> updates/ is certainly something we could do easier next time. 08:34 < mmcgrath> We could even have updates available ahead of time... I suppose thats up to releng though. 08:34 < mdomsch> yeah, I see no reason for updates/ not to be ready even before the rest of the bits; after rawhide is frozen 08:34 < mdomsch> at least updates/testing/ 08:35 < mmcgrath> mdomsch: regarding mm db. Did those changes get in and ready? 08:35 < mdomsch> though we did have 200MB (per arch) of 0-day updates 08:35 < mmcgrath> 08:35 < G> I was kinda told that it would be ready, I was quite surprised to the see the release-3hours (I think) push 08:35 < mdomsch> mmcgrath, yes, mm changes are active now 08:35 < mmcgrath> solid 08:35 < mdomsch> abadger1999, re the mm hosts table 08:35 < mmcgrath> lmacken: f13: you two around? 08:36 < mdomsch> would it help if I split the timestamp recording for that out into its own table? 08:36 < mdomsch> that's really the field being updated often 08:36 < abadger1999> mdomsch: IIRC the table doesn't have much data? 08:37 < mdomsch> no, not much 08:37 < abadger1999> So it probably won't make a big difference. 08:37 < mdomsch> ok, good :-) 08:37 < abadger1999> host_category_dir made a huge difference since it was both big and frequent updates. 08:37 < mdomsch> moving on 08:37 < mmcgrath> :) 08:38 < mmcgrath> so luke's not around but I'm sure he's aware of the bodi push issues. 08:38 < mdomsch> we can come back to bodhi when they're here 08:38 < mmcgrath> yeah 08:38 < mmcgrath> mdomsch: do you want to talk about mirror pushing? 08:38 < mdomsch> this is both a good idea, and scary 08:38 < mmcgrath> its something debian does now IIRC 08:38 < mdomsch> yes 08:38 < mmcgrath> what do the mirrors think about it? 08:39 < mdomsch> short story is, we would need an account and limited ssh key on each mirror, and would ssh into each to start a sync job 08:39 < mdomsch> I haven't asked in a long time; would need to. 08:39 < mdomsch> a few would go for it 08:39 < skvidal> they may be more receptive now 08:39 < mdomsch> those that carry debian probably... 08:39 < mdomsch> can't hurt to ask 08:40 < mmcgrath> 08:40 * Jeff_S has no problems with something like that 08:40 < mmcgrath> mdomsch: alternatively (this might be a bad idea) we could have them run an hourly cron job or something that checks in to mirrormanager that says "yes, update now!" 08:40 < mmcgrath> that the mirrors themselves run. 08:40 * mdomsch hates polling 08:40 < mdomsch> but yes 08:40 < mmcgrath> heh 08:41 < mmcgrath> well, I guess all ew can do is ask. 08:41 < mdomsch> there's another catch; rel-eng knows when they've written the bits to the master mirror 08:41 < mmcgrath> mhmm 08:41 < mdomsch> oh, and yeah, we now know when the other netapps are in sync :-) 08:41 < mdomsch> so, no catch :-) 08:41 < mmcgrath> :) 08:41 < mmcgrath> mdomsch: just curious.... how many is "several mirrors" 08:42 < skvidal> you could probably get the tier1s to do it 08:42 < mdomsch> ? 08:42 < skvidal> the top mirrors - to allow us to tel lthem when to sync 08:42 < mmcgrath> mdomsch: in your list it says several mirrors didn't catch the bitflip for a while. how was it. 08:42 < mmcgrath> err how many was it 08:43 < mdomsch> oh, yeah; not sure exactly, I just saw reports of 403s for the first few hours 08:43 < mdomsch> I didn't ping them each myself :-( 08:43 < mdomsch> mm needs a leak detector 08:43 < mmcgrath> 08:43 < mmcgrath> well thats something for the future. 08:43 < mdomsch> which doubles as a 'not flipped yet' detector 08:43 < mmcgrath> mdomsch: anything else on that topic? 08:43 < mdomsch> nope 08:44 < mdomsch> redirects to failing mirrors... either 403 or 427... 08:44 < mmcgrath> mdomsch: so this HTTP 300 redirect... I'm not familiar with it. 08:44 < mdomsch> I have no good way to handle it 08:44 < mmcgrath> how's this work. 08:44 < G> (or 421 for FTP) 08:44 < mdomsch> mmcgrath, no one is... nearly no one uses it 08:44 < mdomsch> I haven't a clue 08:44 < mmcgrath> well then I say lets do it :) 08:45 < mdomsch> and I don't think it would work anyhow; they'd still get an error document from the remote server, which would erase any 300 + HTML page we send 08:45 < mmcgrath> 08:45 < mdomsch> unless we iframe'd it... 08:45 < mmcgrath> well we can look to see what our options there are. 08:45 < mmcgrath> or new page it or something 08:46 < mmcgrath> mdomsch: lets setup some proof of concepts on the test servers to see what the 300 actually does. 08:47 < mdomsch> the other thing that would help the 427s (overloaded), would be a python random.shuffle() that took weights 08:47 < mdomsch> mmcgrath, sure 08:47 < mdomsch> then I could weight responses based on the host's stated bandwidth 08:47 < mdomsch> but still somewhat random 08:47 < mmcgrath> mdomsch: so yeah, stats from mirrors I'd love to have. I wonder if we could setup an ftp site or something for them to just send logs our way? or did you have something else in mind. 08:48 < mdomsch> mmcgrath, that'd be fine. MM report_mirror could collect them too, but that's re-implementing file-copy 08:48 < mdomsch> which I've sworn never to do again 08:48 < mmcgrath> heheh, lesson learned ehh? 08:49 < mdomsch> they've got FAS accounts... 08:49 < mdomsch> but the mirror admins aren't in a FAS group 08:49 < mmcgrath> mdomsch: well, there's options there, I guess its just a matter of us picking one and seeing what the mirrors think. 08:49 < mmcgrath> mdomsch: mind opening up a ticket? 08:49 < mdomsch> ok 08:50 < mdomsch> last... 08:51 < mdomsch> announcement email went out a few minutes before fp.o front was updated 08:51 < mmcgrath> solid 08:51 < mdomsch> just need to get fp.o out first 08:52 < mmcgrath> 08:52 < mdomsch> anxious trigger fingers 08:52 < mmcgrath> no doubt :) 08:52 < mmcgrath> we did that same thing during the beta, hopefully lesson learned. 08:52 < mmcgrath> Anyone have anything else they learned during the lessons? 08:52 < mmcgrath> err during the release. 08:53 < mmcgrath> I'll say I learned one thing. the wiki is a virus infecting every machine we had it on. 08:53 < mmcgrath> 1) last release the wiki failed. Conclusion? Put it on more servers now that we can to help spread the load. 08:53 < mmcgrath> result? all other apps had problems because our wiki is so bad. 08:53 < mmcgrath> but once I turned it off on some boxes and changed the load ratio quite a bit... problem solved. 08:54 < ricky> :-) 08:54 < mmcgrath> anyone have anything else on the release? 08:54 < mmcgrath> mdomsch: really, thanks for putting that together both this release and last release. Much appreciated 08:54 < mdomsch> np 08:55 < G> yeah, good work! 08:55 < mmcgrath> Ok, if thats that then.. 08:55 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 08:55 < mmcgrath> Anyone have anything they'd like to discuss? 08:56 < G> Yeah, two quick things 08:56 * ricky noticed http://mail.gnome.org/archives/devel-announce-list/2008-May/msg00002.html 08:56 < mdomsch> ah, one more... 08:56 < mdomsch> TG caching... 08:56 -!- knurd is now known as knurd_afk 08:56 < f13> here, sorry, was at a company thing. 08:56 < mdomsch> after marking 9-Preview as not to be displayed 08:56 < mdomsch> restart start-mirrors on app4 08:56 < mdomsch> so it blows away its cache 08:57 < G> 1) kojipkgs seems to be working spot on (good job guys), koji appeared a bit more responsive for me when a few builds were happening, so thats a start. 08:57 * lmacken rolls in 08:58 < mmcgrath> G: yeah. So here's something I want to do for that box 08:58 < mmcgrath> I'd like to enable caching on that box but I want to get a baseline of how nfs1 is looking. 08:58 < mmcgrath> I recently added a disk monitor to that box (just sar with the -d option enabled) 08:59 < mmcgrath> once I have that, I'll enable the caching stuff and see if it actually makes an impact on how much that array is getting used. 08:59 < G> 2) I noticed that NTP was a bit behind the game, a few e-mails that were sent out when the 9-updates push happened, I've added a 'fact' to puppet, called physical which should be true on xen hosts and non virtualised hosts 08:59 -!- stickster is now known as stickster_afk 08:59 < G> .ticket 541 08:59 < zodbot> G: #541 (Re-enable NTP on Fedora Machines) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/541 09:00 < mmcgrath> G: I'm ready for that to go out whenever you are :) 09:00 < G> (for reference) I'll try and get that done sometime today 09:00 < mmcgrath> oh, hey we're actually out of time for th emeeting! 09:00 < mmcgrath> anyone have anything pressing? If not we'll close th emeeting in 30. 09:00 < mmcgrath> G: sorry bout that :) 09:00 < mmcgrath> 15 09:00 < G> mmcgrath: np, just finished anyway 09:00 < mmcgrath> 5 09:01 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting Closed!!! 09:01 < mmcgrath> Thanks for coming everyone 09:01 -!- mmcgrath changed the topic of #fedora-meeting to: Channel is used by various Fedora groups and committees for their regular meetings | Note that meetings often get logged | For questions about using Fedora please ask in #fedora | See http://fedoraproject.org/wiki/Communicate/FedoraMeetingChannel for meeting schedule 09:01 < G> oh except, don't forget to visit http://fedoraproject.org/wiki/Infrastructure/SOP/Nagios if you want to be able to send acknowledgements etc 09:02 < mmcgrath> G: ;-) From mmcgrath at redhat.com Thu May 15 21:16:13 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 15 May 2008 16:16:13 -0500 (CDT) Subject: About Me In-Reply-To: References: Message-ID: On Thu, 15 May 2008, Jason Myerscough wrote: > Hi > > I am 23 years old looking to contribute to the Fedora Core project as a > developer I have around 7 years experience as a developer. I am currently > working with Java, Oracle, C++ and Qt developing software for the Solaris > platform. > > I have experience with many programming languages but I dont have much > experience with Python but it is something I would like to learn. > > I open to all types of development > > I look forward to hearing from you > Welcome Jason, you're interested in working on the servers or on Fedora the operating system itself? -Mike From rordway at oregonstate.edu Thu May 15 21:23:58 2008 From: rordway at oregonstate.edu (Ryan Ordway) Date: Thu, 15 May 2008 14:23:58 -0700 Subject: nagios / nagios plugins maintainer? In-Reply-To: References: Message-ID: On May 14, 2008, at 6:21 AM, Mike McGrath wrote: > Anyone on this list interested in helping me co-maintain nagios and > nagios > plugins? I use nagios extensively, so I would be happy to help with it. -- Ryan Ordway E-mail: rordway at oregonstate.edu Unix Systems Administrator rordway at library.oregonstate.edu OSU Libraries, Corvallis, OR 97331 Office: Valley Library #4657 From dev at nigelj.com Thu May 15 22:59:59 2008 From: dev at nigelj.com (Nigel Jones) Date: Fri, 16 May 2008 10:59:59 +1200 Subject: NTP re-enabled Message-ID: <482CC06F.60705@nigelj.com> Okay everyone, I got NTP working on the physical machines and not on xen guests which use the physical clock after convincing puppet a lot! Also, sorry for the CVS spam, looks like I need to make a habit of using make check (sorry). If anyone notices the time to be a little off (especially on app servers/xen guests) please give me a yell. - Nigel From subhodip at fedoraproject.org Fri May 16 02:17:15 2008 From: subhodip at fedoraproject.org (subhodip biswas) Date: Fri, 16 May 2008 07:47:15 +0530 Subject: download problem In-Reply-To: References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> <3170f42f0805150708y617ee059x735a0f597c1a80ce@mail.gmail.com> <482C4677.9050400@proxad.net> <20080515153916.GA32697@auslistsprd01.us.dell.com> <482C715A.3000905@cybsft.com> Message-ID: <539333cb0805151917o1178eb11va030c82064ec2f14@mail.gmail.com> can it be done like tihis ! it already detects that I am in india and routes me to nearest mirror .why let the user choose among the three mirror so that if he gets a 421 he can switch to another one .(or may be suggested another one ) .I am talking of get fedora part only ..yum is working fine . just a thought . -- Regards Subhodip Biswas GPG key : FAEA34AB Server : pgp.mit.edu http://subhodipbiswas.wordpress.com http:/www.fedoraproject.org/wiki/SubhodipBiswas From itamar at ispbrasil.com.br Fri May 16 07:17:22 2008 From: itamar at ispbrasil.com.br (Itamar - IspBrasil) Date: Fri, 16 May 2008 04:17:22 -0300 Subject: making a private mirror for internal network. Message-ID: <482D3502.8010603@ispbrasil.com.br> anyone can help me to make a private mirror for local network ? -------------------- Itamar Reis Peixoto e-mail/msn: itamar at ispbrasil.com.br sip: itamar at ispbrasil.com.br skype: itamarjp icq: 81053601 +55 11 4063 5033 +55 34 3221 8599 From finnzi at finnzi.com Fri May 16 08:36:41 2008 From: finnzi at finnzi.com (Finnur =?iso-8859-1?Q?=D6rn_Gu=F0mundsson?=) Date: Fri, 16 May 2008 08:36:41 -0000 (UTC) Subject: making a private mirror for internal network. In-Reply-To: <482D3502.8010603@ispbrasil.com.br> References: <482D3502.8010603@ispbrasil.com.br> Message-ID: <46593.217.28.190.150.1210927001.squirrel@ssl.finnzi.com> > anyone can help me to make a private mirror for local network ? > > > -------------------- > > Itamar Reis Peixoto > > e-mail/msn: itamar at ispbrasil.com.br > sip: itamar at ispbrasil.com.br > skype: itamarjp > icq: 81053601 > +55 11 4063 5033 > +55 34 3221 8599 > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > Hi, You might want to check out this page: http://fedoraproject.org/wiki/Infrastructure/Mirroring Bgrds, Finnur From Matt_Domsch at dell.com Fri May 16 14:32:16 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 16 May 2008 09:32:16 -0500 Subject: Thank You Mirrors! Message-ID: <20080516143216.GB12304@humbolt.us.dell.com> Blogged this morning: http://direct2dell.com/one2one/archive/2008/05/16/fedora-9-released-thank-you-mirrors.aspx Just a quick shout out to all of the great Fedora public mirrors worldwide. Tuesday's release of Fedora 9 was the smoothest yet from a Fedora Infrastructure POV - no switch meltdowns, no datacenters knocked offline, and few gripes about slow downloads from the forums I've read. In the first two days, over 107,000 users downloaded CD or DVD images from our mirror system, more than double that of the 48,000 BitTorrent downloaders. Our mirrors served those bits at a combined 67 Gigabits/sec. Of those who downloaded Fedora 9, more than 44,000 have already installed in these two days, evidenced by their systems checking for updates. So we know it's being put to good use. Thanks to all our great volunteer mirror admins, and their sponsoring Universities and companies, for making this release a success. Your contribution to Fedora, and Free and Open Source Software, is appreciated by users around the globe. I also want to say Thanks to Adrian Reber, who has stepped up as a great Mirror Wrangler, accepting new mirrors and helping many get started. I appreciate the help! Thanks, Matt Fedora Mirror Wrangler -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From jmyerscough1 at googlemail.com Fri May 16 17:47:29 2008 From: jmyerscough1 at googlemail.com (Jason Myerscough) Date: Fri, 16 May 2008 18:47:29 +0100 Subject: Fedora-infrastructure-list Digest, Vol 24, Issue 27 In-Reply-To: <20080516160003.2830E619F34@hormel.redhat.com> References: <20080516160003.2830E619F34@hormel.redhat.com> Message-ID: >> Welcome Jason, you're interested in working on the servers or on Fedora >> the operating system itself? >> >> -Mike Hi Mike I am interesting in developing software for the operating system. Anything from fixing some bugs to more complex work. Regards Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Fri May 16 19:32:43 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 16 May 2008 14:32:43 -0500 (CDT) Subject: Fedora-infrastructure-list Digest, Vol 24, Issue 27 In-Reply-To: References: <20080516160003.2830E619F34@hormel.redhat.com> Message-ID: On Fri, 16 May 2008, Jason Myerscough wrote: > >> Welcome Jason, you're interested in working on the servers or on Fedora > >> the operating system itself? > >> > >> -Mike > > Hi Mike I am interesting in developing software for the operating system. > Anything from fixing some bugs to more complex work. > Excellent. We really need help in QA and bug tracking, etc. Take a look at those various teams as well as. http://fedoraproject.org/wiki/BugZappers for example -Mike From email.ahmedkamal at googlemail.com Fri May 16 21:53:22 2008 From: email.ahmedkamal at googlemail.com (Ahmed Kamal) Date: Sat, 17 May 2008 00:53:22 +0300 Subject: Fedora 9 Sulpher: First Impression In-Reply-To: <6a65d5240805150802qf15511as841404209ebaf53b@mail.gmail.com> References: <1210852294.6072.2.camel@149-159-132-185.dhcp-bl.indiana.edu> <1210858838.20001.38.camel@victoria> <6a65d5240805150802qf15511as841404209ebaf53b@mail.gmail.com> Message-ID: <3da3b5b40805161453n2bc70d14keab752fce5ef120c@mail.gmail.com> Great work guys, F9 basically rocks. The "Fast-X" feature .. is sooo yummy :) I can't believe I lived with that ugly flicker the past decade. Also kde-4 .. soo cool, although we all agree it needs more polish. However, I am facing a perhaps higher than usual number of potential bugs! I will detail below, and you decide: - GDM has no shortcut key for "Login" button, while the "Cancel" button right beside it has the C underlined! That hurts my eyes :) - GDM does not remember the last session! So, I always need to choose kde4 - /media/windows-ntfs-drive/ is not automounted when KDE is started. So, okular starts and tries to open the pdf book I was reading, but fails! Not sure if that's a kde bug or a system one. But when I start KDE file manager, and click that directory, it mounts and opens fine! - network service not brining bridge devices up or similar (I will detail in a separate thread) - kernel not powering off my toshiba A105 S361 laptop upon shutdown! (grr .. this keeps coming and going on all 2.6 kernels) - Synaptics driver not "tapping" enabled! This remains a bug to me even though people on https://bugzilla.redhat.com/show_bug.cgi?id=437609 seem to have found a work around. Since Fedora changed the default behaviour, could we at least get a release notes section on how to activate tapping - Firefox3b5 sometimes showing solid color stripes over text, rendering it unreadable .. well, it is still in beta Other than those, F9 still rox :) Regards 2008/5/15 Ramez Hanna : > been using it for a full working day now > i am impressed with the new packagekit so far > yet i don't see major changes that are apparent to the desktop user, but > what more can they ask for ;) > great work > > 2008/5/15 Paul W. Frields : > >> On Thu, 2008-05-15 at 07:51 -0400, Yu Feng wrote: >> > Everything is fine except the low quality graphics for GDM. It looks >> > like an over-compressed jpeg file. ?I'd rather to use a black screen as >> > background instead, but there is even no way to change the background >> > (yet). >> >> Very happy that you guys are trying out the distribution. However, you >> should discuss these topics on fedora-list, and not the lists intended >> for discussion of infrastructure, marketing, and translation. >> Thanks! :-) >> >> -- >> Paul W. Frields http://paul.frields.org/ >> gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 >> http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ >> irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> >> > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From buck_1970 at hotmail.com Sat May 17 07:15:30 2008 From: buck_1970 at hotmail.com (Reggie Buckner) Date: Sat, 17 May 2008 03:15:30 -0400 Subject: Why I want to contribute to Infrastructure In-Reply-To: <20080516160003.2830E619F34@hormel.redhat.com> References: <20080516160003.2830E619F34@hormel.redhat.com> Message-ID: My Name is Reggie Buckner. I am a Unix/Linux geek type who is also working on a degree and certification. My skills are Server Technology ( x86 and RISC), Cisco/Netgear routers, C/C++, Unix shell scripting, MySQL, HTML, XML, and Switches. However I like Fedora OS but I wanted to help with load balancing, clusters, server maintenance, or any way I can. If you need help with any of these thing or network managment work please let me know > From: fedora-infrastructure-list-request at redhat.com > Subject: Fedora-infrastructure-list Digest, Vol 24, Issue 27 > To: fedora-infrastructure-list at redhat.com > Date: Fri, 16 May 2008 12:00:03 -0400 > > Send Fedora-infrastructure-list mailing list submissions to > fedora-infrastructure-list at redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > or, via email, send a message with subject or body 'help' to > fedora-infrastructure-list-request at redhat.com > _________________________________________________________________ Make every e-mail and IM count. Join the i?m Initiative from Microsoft. http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ MakeCount -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Sat May 17 16:15:47 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 17 May 2008 11:15:47 -0500 (CDT) Subject: Why I want to contribute to Infrastructure In-Reply-To: References: <20080516160003.2830E619F34@hormel.redhat.com> Message-ID: On Sat, 17 May 2008, Reggie Buckner wrote: > > My Name is Reggie Buckner. I am a Unix/Linux geek type who is also working on a degree and certification. My skills are Server Technology ( x86 and RISC), Cisco/Netgear routers, C/C++, Unix shell scripting, MySQL, HTML, XML, and Switches. However I like Fedora OS but I wanted to help with load balancing, clusters, server maintenance, or any way I can. If you need help with any of these thing or network managment work please let me know > Welcome Reggie. Please note that we also hang out in #fedora-admin quite a bit on irc.freenode.net and have regular meetings. If you see any topics that interest you jump right in and start talking. -Mike From kr at cybsft.com Sun May 18 23:16:03 2008 From: kr at cybsft.com (K.R. Foley) Date: Sun, 18 May 2008 18:16:03 -0500 Subject: download problem In-Reply-To: <20080515125932.GB7515@auslistsprd01.us.dell.com> References: <539333cb0805150249x2f9651a9l4673b99b8ddecd07@mail.gmail.com> <482C0AC3.2070209@nigelj.com> <20080515125932.GB7515@auslistsprd01.us.dell.com> Message-ID: <4830B8B3.4080801@cybsft.com> Matt Domsch wrote: > On Thu, May 15, 2008 at 10:04:51PM +1200, Nigel Jones wrote: >> subhodip biswas wrote: >>> hi ! >>> while trying to download F9 what I face is quite frustrating ..in fact >>> this can be faced by a lot of user in India . >>> while wbut mirror is down (temporarily ) and other cannot handle all >>> the load and bit torrent is quite slow . >>> clicking on i386 direct download always gives error 412 : too many >>> connected users . >>> any way of avoiding this .. I am currently downloading from a mirror >>> in USA and its quite slow. >>> >>> >> Hi, >> >> Going from what I know (someone might want to update me here): >> We currently only have 3 mirrors in India >> (http://mirrors.fedoraproject.org/), one is on a 45mbps link, while the >> other two are on 5mbps and 2mbps links. > > One thing MM would benefit from would be a weighted sampler. > > Right now, it collects various lists of Hosts to return (same > netblock, same country, same continent, global). It shuffles (python random.shufle()) each of > the lists, then concatenates them, and sends that result to the end > user. However, this does not take into account that one mirror has a > 45Mbps link, and another a 2Mbps; they would each get chosen > "randomly". > > What I need is a replacement for random.shuffle() that takes a list of > tuples: (something, weight). And returns a list of somethings that > was generated with a statistical sampling based on weight. > > Now, this is _probably_ a simple thing to do; my college number theory > professor would mock me for having not "just done it" myself, but hey > - I took that class _twice_ before passing it - I don't trust my > skills in this area to get it right. > > Volunteers? > > Perhaps something like the attached test program. I am new to python so be gentle. -- kr -------------- next part -------------- A non-text attachment was scrubbed... Name: sorted_tuples.py Type: text/x-python Size: 1632 bytes Desc: not available URL: From angel.fedora at gmail.com Mon May 19 08:36:48 2008 From: angel.fedora at gmail.com (Angel) Date: Mon, 19 May 2008 14:36:48 +0600 Subject: Fedora 9 repository DVD Message-ID: Hi, I want to create a Fedora 9 repository DVD. It's necessary, specially for my country. Because 95% of computer user has not any internet connection in our country. Can anyone help me with this? I hit Google, and found this http://fedora-tn.org/?q=node/63 . But this article is too old, and based on Fedora Core 4. So, I am confusing. Thank you. -- Angel GPG key: 0xC4639705 http://fedoraproject.org/wiki/AshiqurRahman -------------- next part -------------- An HTML attachment was scrubbed... URL: From opensource at till.name Mon May 19 08:51:53 2008 From: opensource at till.name (Till Maas) Date: Mon, 19 May 2008 10:51:53 +0200 Subject: Fedora 9 repository DVD In-Reply-To: References: Message-ID: <200805191052.05891.opensource@till.name> On Monday 19 May 2008 10:36:48 Angel wrote: > I want to create a Fedora 9 repository DVD. It's necessary, specially for > my country. Because 95% of computer user has not any internet connection in > our country. Can anyone help me with this? I hit Google, and found this Do you want to have the Fedora Everything repository on DVD? Then the Fedora Unity project already did this for you: https://www.redhat.com/archives/fedora-announce-list/2008-May/msg00010.html Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From jkeating at redhat.com Mon May 19 15:53:55 2008 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 19 May 2008 11:53:55 -0400 Subject: I need a package review done Message-ID: <1211212435.7438.2.camel@localhost.localdomain> Any new folks looking to get their hands dirty a bit? I need a package review done of email2trac which is the software I'm going to use to fulfill the need in ticket https://fedorahosted.org/fedora-infrastructure/ticket/198 The review bug is https://bugzilla.redhat.com/show_bug.cgi?id=447338 I would appreciate it! -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Mon May 19 16:33:30 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 19 May 2008 12:33:30 -0400 Subject: changes at planet fedora Message-ID: <1211214812.3095.0.camel@cutter> Hi all, I?m making some changes with how we build up the list of folks/rss feeds for the fedora planet. We?re making it more self-service and a bit easier to maintain for the admin group (and specifically easier for me to put up with). For all the people currently on the planet please follow these instructions to make sure your feed stays on there: http://skvidal.fedorapeople.org/docs/planet-addition.html These instructions will be added to the wiki after the wiki migration happens next week. Let me know what problems you have, too. thanks, -sv From mmcgrath at redhat.com Tue May 20 03:27:52 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 May 2008 22:27:52 -0500 (CDT) Subject: F10? Message-ID: So F9 is out the door and we had a very exciting last 6 months. Here's the short list: * FAS2 * /mnt/koji migration and deployment * Backup system up and running * Collaboration servers brought up (gobby and asterisk POC) * UTC switch The focus for this last release was mostly around sanity. Cleaning up some configs, things like that. We actually did a very good job of that. All in all I feel it was a good release. So my question to the team, what would you all like to see over the next 6 months? -Mike From dennis at ausil.us Tue May 20 03:39:01 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 19 May 2008 22:39:01 -0500 Subject: F10? In-Reply-To: References: Message-ID: <200805192239.08245.dennis@ausil.us> On Monday 19 May 2008, Mike McGrath wrote: > So F9 is out the door and we had a very exciting last 6 months. Here's > the short list: > > * FAS2 > * /mnt/koji migration and deployment > * Backup system up and running > * Collaboration servers brought up (gobby and asterisk POC) > * UTC switch > > The focus for this last release was mostly around sanity. Cleaning up > some configs, things like that. We actually did a very good job of that. > > All in all I feel it was a good release. So my question to the team, what > would you all like to see over the next 6 months? new ca infrastructure. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From ricky at fedoraproject.org Tue May 20 03:44:21 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 19 May 2008 23:44:21 -0400 Subject: F10? In-Reply-To: References: Message-ID: <20080520034421.GG3540@Max> On 2008-05-19 10:27:52 PM, Mike McGrath wrote: > All in all I feel it was a good release. So my question to the team, what > would you all like to see over the next 6 months? * New wiki :-) * More/better documentation * FAS improvements + Certificate Authority * A more complete test environment? * Asterisk coolness? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dev at nigelj.com Wed May 21 03:50:49 2008 From: dev at nigelj.com (Nigel Jones) Date: Wed, 21 May 2008 15:50:49 +1200 Subject: F10? In-Reply-To: References: Message-ID: <48339C19.9040005@nigelj.com> Mike McGrath wrote: > So F9 is out the door and we had a very exciting last 6 months. Here's > the short list: > > * FAS2 > * /mnt/koji migration and deployment > * Backup system up and running > * Collaboration servers brought up (gobby and asterisk POC) > * UTC switch > > The focus for this last release was mostly around sanity. Cleaning up > some configs, things like that. We actually did a very good job of that. > > All in all I feel it was a good release. So my question to the team, what > would you all like to see over the next 6 months? > I agree, the release went smoothly, compared to what I remember a year back when I was helping out. Some of the 'would be nice' items I guess are: * Logical separation of apps/services - i.e. app2's load really spikes when msgmerge runs (I'm assuming this is l10n stuff, why should this have to run on the same server that runs the wiki etc, if possible it'd be nice to have a similar setup like rel-eng has) * Better load balancing, I'm assuming http://fedoraproject.org/wiki/Infrastructure/Architecture is still technically correct, it'd be nice to have the proxy servers randomly choosing an App server, is this even possible? * Something that Debian has as a service to packagers is machines of various architectures that can be used for debugging/solving build problems, koji scratch builds solve part of the problem, but access to the chroot or something like that would be even better, I know people offer this sort of setup on a 'by request' basis, but if we retiring builders etc in the future, instead of sending them to the graveyard, this is an option. And of course some of the upcoming stuff: * Mediawiki * New DB Server for Koji * Network storage for tarball uploads * Elections App (expect a call for testers soon) - Nigel From Matt_Domsch at dell.com Tue May 20 04:05:00 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Mon, 19 May 2008 23:05:00 -0500 Subject: F10? In-Reply-To: <48339C19.9040005@nigelj.com> References: <48339C19.9040005@nigelj.com> Message-ID: <20080520040500.GA8963@auslistsprd01.us.dell.com> On Wed, May 21, 2008 at 03:50:49PM +1200, Nigel Jones wrote: > * Better load balancing, I'm assuming > http://fedoraproject.org/wiki/Infrastructure/Architecture is still > technically correct, it'd be nice to have the proxy servers randomly > choosing an App server, is this even possible? Most services are using apache mod_balancer now, so requests first hit a proxy server, then are load-balanced across each of the app servers for each app. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From stickster at gmail.com Tue May 20 11:32:47 2008 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 20 May 2008 07:32:47 -0400 Subject: F10? In-Reply-To: <20080520034421.GG3540@Max> References: <20080520034421.GG3540@Max> Message-ID: <1211283167.17352.5.camel@victoria> On Mon, 2008-05-19 at 23:44 -0400, Ricky Zhou wrote: > On 2008-05-19 10:27:52 PM, Mike McGrath wrote: > > All in all I feel it was a good release. So my question to the team, what > > would you all like to see over the next 6 months? > * New wiki :-) > * More/better documentation ^^^^^^^^^^^^^^^^^^^^^^^^^ This is where Jef Spaleta's role-based SIG idea, and the Docs team's new direction, might be helpful. If we can get one or more people from Docs hooked up with this team to help, all the work can/should be done on the wiki. Mike and I have talked in the past about the fact that Fedora has a world-class infrastructure and the team to support it. If we can get the details down on "paper," we add substantially to the proposition that Fedora is much more than just a distro. We can have a blueprint for any similar project, or open-source business startup, or anyone who wants to bootstrap their own community, to go from zero to sixty in terms of supporting that community with the tools they need for communication, coding, and presence. Certainly that could take more than six months, but it's a great time to get that off the ground. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From lmacken at redhat.com Tue May 20 14:59:57 2008 From: lmacken at redhat.com (Luke Macken) Date: Tue, 20 May 2008 10:59:57 -0400 Subject: F10? In-Reply-To: References: Message-ID: <20080520145957.GB5808@x300> On Mon, May 19, 2008 at 10:27:52PM -0500, Mike McGrath wrote: > So F9 is out the door and we had a very exciting last 6 months. Here's > the short list: > > * FAS2 > * /mnt/koji migration and deployment > * Backup system up and running > * Collaboration servers brought up (gobby and asterisk POC) > * UTC switch > > The focus for this last release was mostly around sanity. Cleaning up > some configs, things like that. We actually did a very good job of that. > > All in all I feel it was a good release. So my question to the team, what > would you all like to see over the next 6 months? Here are some things I'd like to get done: - Signing server (sigul) - Solidify our SELinux deployment. I'm sitting down with Dan Walsh this week to churn through our logs and fix as much stuff as possible. Brett Lentz (Wakko666) has also been doing a great job of writing test cases and pushing some crucial puppet SELinux changes upstream. - Get our logging situation under control. - Get bodhi into the app cluster, and give it the ability to kick off mashes on our releng boxes. luke From a.badger at gmail.com Tue May 20 16:15:28 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 20 May 2008 09:15:28 -0700 Subject: F10? In-Reply-To: References: Message-ID: <4832F920.8010207@gmail.com> Things I'd like but probably can't work on myself: * GeoIP/DNS based proxying. I'm in Europe and request admin.fedoraproject.org I get the European app server. I'm in the US I get PHX or tummy. - This might make it possible for us to have app servers around the world. We'd still have latency from database calls having to get replies from PHX but for calls between apps all requests would stay in the same colo. Things I'll have a hand in: * New python-fedora API with exception-like error handling client-side and more standardization server-side. - Porting all our web apps to the new architecture. * Optimize db calls within TG applications to make them as snappy as possible. I can do this for SQLAlchemy but SQLObject isn't flexible enough. Any page which is for viewing data and is returning multiple records is potentially a good candidate. * OpenID auth provider for our TG apps (if it's faster/better than our current jsonfas provider). We don't gain any features from an OpenID provider unless we want to allow other OpenID servers to authenticate our users. * pkgdb: I'm going to concentrate on refactoring existing pkgdb code. I'm hoping mapleoin will keep up the good work he's been doing adding new features. * New koji db server. * Moving TG apps from supervisor to mod_wsgi -Toshio From lmacken at redhat.com Tue May 20 17:54:57 2008 From: lmacken at redhat.com (Luke Macken) Date: Tue, 20 May 2008 13:54:57 -0400 Subject: F10? In-Reply-To: <4832F920.8010207@gmail.com> References: <4832F920.8010207@gmail.com> Message-ID: <20080520175457.GC5808@x300> On Tue, May 20, 2008 at 09:15:28AM -0700, Toshio Kuratomi wrote: > Things I'd like but probably can't work on myself: [...] > * Optimize db calls within TG applications to make them as snappy as > possible. I can do this for SQLAlchemy but SQLObject isn't flexible > enough. Any page which is for viewing data and is returning multiple > records is potentially a good candidate. Speaking of stuff I'd love to see happen, but don't have the time for :) - Port bodhi to SQLAlchemy luke From loupgaroublond at gmail.com Tue May 20 18:18:53 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Tue, 20 May 2008 14:18:53 -0400 Subject: F10? In-Reply-To: <20080520175457.GC5808@x300> References: <4832F920.8010207@gmail.com> <20080520175457.GC5808@x300> Message-ID: <7f692fec0805201118y5e45ba9aw8db86bd3bebd9b54@mail.gmail.com> On Tue, May 20, 2008 at 1:54 PM, Luke Macken wrote: > On Tue, May 20, 2008 at 09:15:28AM -0700, Toshio Kuratomi wrote: >> Things I'd like but probably can't work on myself: > [...] >> * Optimize db calls within TG applications to make them as snappy as >> possible. I can do this for SQLAlchemy but SQLObject isn't flexible >> enough. Any page which is for viewing data and is returning multiple >> records is potentially a good candidate. > > Speaking of stuff I'd love to see happen, but don't have the time for :) > - Port bodhi to SQLAlchemy Depends on how complicated your stuff is already. If it's mostly just a bunch of tables, and the oddball query, I can probably do it in about a day. If it's alot of complicated composite tables with composite keys, custom data types, custom rules, and massive dependencies, then it could take 2-3 days. Let me know when you need help. From johnp at redhat.com Tue May 20 22:01:33 2008 From: johnp at redhat.com (John (J5) Palmieri) Date: Tue, 20 May 2008 18:01:33 -0400 Subject: MyFedora Documentation Message-ID: <1211320893.16731.7.camel@localhost.localdomain> http://fedoraproject.org/wiki/MyFedora/ is pointing to some new documentation I started writing. Right now all I have is the plugin design document (http://fedoraproject.org/wiki/MyFedora/PluginDesign) but will be adding the plugin tutorial tomorrow and the widget tutorial will be written the week before FudCon when Toshio and I lock ourselves in a room and flesh out the design for the widget system that started at the last FudCon. Others are encouraged to comment on the design and send suggestions and I will be working during FudCon to get people interested in developing content or working on the backends. -- John (J5) Palmieri From lmacken at redhat.com Tue May 20 22:57:05 2008 From: lmacken at redhat.com (Luke Macken) Date: Tue, 20 May 2008 18:57:05 -0400 Subject: F10? In-Reply-To: <7f692fec0805201118y5e45ba9aw8db86bd3bebd9b54@mail.gmail.com> References: <4832F920.8010207@gmail.com> <20080520175457.GC5808@x300> <7f692fec0805201118y5e45ba9aw8db86bd3bebd9b54@mail.gmail.com> Message-ID: <20080520225705.GD5808@x300> On Tue, May 20, 2008 at 02:18:53PM -0400, Yaakov Nemoy wrote: > On Tue, May 20, 2008 at 1:54 PM, Luke Macken wrote: > > On Tue, May 20, 2008 at 09:15:28AM -0700, Toshio Kuratomi wrote: > >> Things I'd like but probably can't work on myself: > > [...] > >> * Optimize db calls within TG applications to make them as snappy as > >> possible. I can do this for SQLAlchemy but SQLObject isn't flexible > >> enough. Any page which is for viewing data and is returning multiple > >> records is potentially a good candidate. > > > > Speaking of stuff I'd love to see happen, but don't have the time for :) > > - Port bodhi to SQLAlchemy > > Depends on how complicated your stuff is already. If it's mostly just > a bunch of tables, and the oddball query, I can probably do it in > about a day. If it's alot of complicated composite tables with > composite keys, custom data types, custom rules, and massive > dependencies, then it could take 2-3 days. > > Let me know when you need help. Cool. Give me a week or so to finish up some major bodhi changes that I have underway, and the releng2 migration. I've created a ticket so we can track this task, and I'll let you know when it's safe to dive in. https://fedorahosted.org/bodhi/ticket/202 Thanks! luke From poelstra at redhat.com Wed May 21 03:37:08 2008 From: poelstra at redhat.com (John Poelstra) Date: Tue, 20 May 2008 20:37:08 -0700 Subject: Red Hat Bugzilla 3.2 Upgrade Beta 1 Message-ID: <483398E4.1030508@redhat.com> Hi, I'm passing the following information on for the team that maintains the Bugzilla instance Fedora runs in. It provides a peak into the upcoming Bugzilla update and an opportunity to evaluate it in a test instance. Check it out. John ~~~~~~~~~~~~~~~~ Greetings, The Red Hat Bugzilla team is happy to announce the first beta release of the next version of Red Hat Bugzilla. The next version will be based on the upcoming upstream 3.2 code base soon to be released. https://partner-bugzilla.redhat.com Along the way to the final release, we will be deploying several beta releases that will be used for obtaining user feedback and for finding bugs in our code changes. Red Hat has made substantial customizations to our current 2.18 based Bugzilla system that have been ported to the new release. Several of which we are working on having them accepted by the upstream community which will help in future bug fixes and lower maintenance. We are also hoping to use the upgrade process as a stepping stone to becoming more active in the future road map of Bugzilla itself by providing help with bug fixes and enhancements and taking part in future discussions. Areas of focus for beta1: Ajax optimizations: Speedup one component/version/milestone population on the advanced query screen due to large volume of data for some products such as RHEL and Fedora. Speedup of the show_bug.cgi page by reducing amount of HTML needed to download by not loading all components unless you want to change the value. Needinfo actor support: Using the flags functionality, we are able to specify whom additional information is being required of for a report. In the current 2.18 release a combination of a bug status called NEEDINFO and needinfo flag were used. In 3.2 only a needinfo flag is being used and the bug status will be removed. Guided bug entry: Modified stock guided bug entry page used to help non experts report bugs with proper information. UI enhancements: Upstream Bugzilla developers have done extension work on streamlining the show_bug.cgi page. The page should have a cleaner less cluttered feel as well as show only editable fields for the values the user is allowed to change only. One of the more noticeable things is the removal of the "Bug Status Change" area and moving it up to the basic bug information area. External bug references: Ability to add links to outside bug trackers. XMLRPC API: The Red Hat Bugzilla system was one of the first Bugzilla installations to utilize XMLRPC extensively. Upstream as of 3.0 has a new framework for providing Web Services to clients to manipulate Bugzilla data. We have worked to help the upstream to add features to this framework to support similar functionality to what we have had in operation for some time. Some of the core functions are there such as Bug.get(), Bug.create(), Bug.search() and Bug.update() which can be used to do most things needed. Some of the operations available in our version are not yet available so we are also providing most of the old 2.18 API so that your applications and scripts should continue to work properly for the time being. Please try your scripts against the test Bugzilla system to make sure they are working properly. Let us know if there are any errors such as data not being returned in the proper format, certain methods missing, or bugs in general. New methods available (Note: these are subject to change before final release): 1. Bug.get() - Can be used to get all attributes of one or more bug reports. 2. Bug.create() - Can create a new bug report in the system. 3. Bug.update() - Can update most attributes of one or more current bug reports. 4. Bug.search() - Search the database for bugs matching search criteria similar to advanced search UI. Also supports quicksearch keywords and reloading of saved searches saved in the Bugzilla UI. 5. Bug.get_activity() - Retrieve full history of one or more bug reports. 6. Bug.add_comment() - Can add a comment to a current bug report. 7. User.login() - Can take a username and password as parameters that will return cookies that can be used for all subsequent XMLRPC method calls. (Note: required to use the new methods such as Bug.*) 8. User.create() - Create a new user if you have proper permissions. 9. User.get() - Get information about one or more current users if you have proper permissions. 10. User.update() - Allows updating of email, real name, disabled, etc for one or more current users. 11. Product.get_products() - Get information about one or more products in Bugzilla. 12. Component.get() - Get information about one or more Bugzilla components. 13. Component.create() - Create a new Bugzilla component for a specific product. 14. Component.update() - Updated the attributes of one or more Bugzilla components. Old methods ported to 3.2 (for backwards compatibility): 1. bugzilla.runQuery() 2. bugzilla.getBug() 3. bugzilla.addIT() 4. bugzilla.getBugActivity() 5. bugzilla.nameToId() 6. bugzilla.login() 7. bugzilla.getBugSimple() 8. bugzilla.editComponent() 9. bugzilla.idToName() 10. bugzilla.getBugModified() 11. bugzilla.addComment() 12. bugzilla.updateFlags() 13. bugzilla.closeBug() 14. bugzilla.changeStatus() 15. bugzilla.updateCC() 16. bugzilla.getProdInfo() 17. bugzilla.createBug() 18. bugzilla.changeAssignment() 19. bugzilla.updateDepends() 20. bugzilla.getProdCompDetails() 21. bugzilla.addComponent() 22. bugzilla.updateMilestone() 23. bugzilla.getCompInfo() 24. bugzilla.getProductDetails() 25. bugzilla.getProductDetails() 26. bugzilla.userInfo() 27. bugzilla.addUser() 28. bugzilla.disableAccount() The newer API is likely to change before the next release of upstream Bugzilla so we will be maintaining the older API during the time from 3.2 leading up to the next release. We do encourage people to try out the new API also so as to be ready for the eventual transition. There are numerous other changes behind the scenes that we haven't listed. The goal is to make sure that functionality that people have come to expect in 2.18 is possible in the new system. There are also numerous new features/fixes that are part of the upcoming 3.2 release provided by the upstream Bugzilla community. For more detailed information on what has changed since the last release, check out the [https://partner-bugzilla.redhat.com/page.cgi?id=release-notes.html Release Notes]. The database is a recent snapshot of the live database so should be useful for testing to make sure the information is displayed properly and changeable. Also with a full snapshot it is possible to test for any performance related issues. Email has been disabled so that unnecessary spam is not sent out. So feel free to make changes to bugs to verify proper working order. We are asking for everyone to get involved as much as possible with testing and feedback on the beta releases to help us make this the most robust and stable release possible. We have done extensive work at laying out what we feel the requirements are to maintain feature parity with our current system as well as compiled a list of feature enhancements that people would like to see in the next release. Our goal is to deliver a working bugzilla with the bare essential requirements similar to what is currently being used in our current 2.18 system. After that we will begin work on enhancements as time and resources permit. To view the final release requirements list please refer to our [https://bugzilla.redhat.com/show_bug.cgi?id=406071 Bugzilla 3 Tracker]. Please file any enhancement requests or bug reports in our current Bugzilla system at [https://bugzilla.redhat.com bugzilla.redhat.com]. File them under the Bugzilla product and relevant component with the version 3.2. With everyones help we can make this a great release. Thanks The Red Hat Bugzilla Team From dimitris at glezos.com Wed May 21 09:30:57 2008 From: dimitris at glezos.com (Dimitris Glezos) Date: Wed, 21 May 2008 12:30:57 +0300 Subject: Fedora and CIA.vc Message-ID: <6d4237680805210230g7c428d46u7e7ec8df53f573fc@mail.gmail.com> I think this was discussed briefly in the past on IRC, having Fedora listed on http://cia.vc/. CIA is "a real-time window into the open source world", providing "Real-time open source activity stats" with active projects, people, commits, etc. It probably won't provide much added functionality (although its RSS feeds are handy sometimes eg. [1]), but it'd be good having Fedora on another contributor/project map. And with the diversity of the projects hosted on Fedora Hosted, maybe this will bring more contributors in. We'll need to add the CIA client script to our versioning systems: http://cia.vc/doc/clients/ -d [1]: http://cia.vc/stats/project/kde/amarok -- Dimitris Glezos Jabber ID: glezos at jabber.org, GPG: 0xA5A04C3B http://dimitris.glezos.com/ "He who gives up functionality for ease of use loses both and deserves neither." (Anonymous) -- From mkreder at redhat.com Wed May 21 12:13:25 2008 From: mkreder at redhat.com (Matias Kreder) Date: Wed, 21 May 2008 09:13:25 -0300 Subject: good morning infrastrucure list Message-ID: <483411E5.6000803@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, I've subscribed since yesterday to this list. My name is Matias Kreder, I'm from Buenos Aires, Argentina. I am too interested in be a part of the fedora infrastructure team. I've the RHCE and RHCS certifications, and part of the GSS (Global Suppor Services) Latam Team. I've 6 years of experience in linux, and open source technologies. I hope that I can help in any any. Best Regards! Matias P.D.: My english is not the best - -- Matias E. Kreder Support Engineer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkg0EeQACgkQTeno05BMVzt6HgCghW2+LM3w32yGAQuz7/22W7aA 9zwAn39cKAsQ+XYR7atGOkUu/AHNOo8B =7Zoe -----END PGP SIGNATURE----- From mmcgrath at redhat.com Wed May 21 15:23:00 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 21 May 2008 10:23:00 -0500 (CDT) Subject: Red Hat Bugzilla 3.2 Upgrade Beta 1 In-Reply-To: <483398E4.1030508@redhat.com> References: <483398E4.1030508@redhat.com> Message-ID: On Tue, 20 May 2008, John Poelstra wrote: > Hi, > > I'm passing the following information on for the team that maintains the > Bugzilla instance Fedora runs in. It provides a peak into the upcoming > Bugzilla update and an opportunity to evaluate it in a test instance. > > Check it out. > Any chance of getting OpenID in there? -Mike From mmcgrath at redhat.com Wed May 21 15:24:06 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 21 May 2008 10:24:06 -0500 (CDT) Subject: good morning infrastrucure list In-Reply-To: <483411E5.6000803@redhat.com> References: <483411E5.6000803@redhat.com> Message-ID: > Hi guys, I've subscribed since yesterday to this list. My name is Matias > Kreder, I'm from Buenos Aires, Argentina. > I am too interested in be a part of the fedora infrastructure team. > I've the RHCE and RHCS certifications, and part of the GSS (Global Suppor > Services) Latam Team. > I've 6 years of experience in linux, and open source technologies. > I hope that I can help in any any. > Best Regards! > > Matias hello Matias, we hang out in #fedora-admin on irc.freenode.net as well quite a bit. Stop on by. If you see or hear anything that interests you please say so and offer some help. -Mike From a.badger at gmail.com Wed May 21 15:56:27 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 21 May 2008 08:56:27 -0700 Subject: Fedora and CIA.vc In-Reply-To: <6d4237680805210230g7c428d46u7e7ec8df53f573fc@mail.gmail.com> References: <6d4237680805210230g7c428d46u7e7ec8df53f573fc@mail.gmail.com> Message-ID: <4834462B.40806@gmail.com> Dimitris Glezos wrote: > I think this was discussed briefly in the past on IRC, having Fedora > listed on http://cia.vc/. CIA is "a real-time window into the open > source world", providing "Real-time open source activity stats" with > active projects, people, commits, etc. > > It probably won't provide much added functionality (although its RSS > feeds are handy sometimes eg. [1]), but it'd be good having Fedora on > another contributor/project map. And with the diversity of the > projects hosted on Fedora Hosted, maybe this will bring more > contributors in. > > We'll need to add the CIA client script to our versioning systems: > > http://cia.vc/doc/clients/ > This looks like a good thing to me. Dmitris do you want to get this setup? I can sponsor you into any additional groups you need to work on this. (I can put it on my TODO list if you can't, but you know how those things go :-( ) -Toshio From lmacken at redhat.com Wed May 21 16:20:10 2008 From: lmacken at redhat.com (Luke Macken) Date: Wed, 21 May 2008 12:20:10 -0400 Subject: Fedora and CIA.vc In-Reply-To: <6d4237680805210230g7c428d46u7e7ec8df53f573fc@mail.gmail.com> References: <6d4237680805210230g7c428d46u7e7ec8df53f573fc@mail.gmail.com> Message-ID: <20080521162010.GB8221@x300> On Wed, May 21, 2008 at 12:30:57PM +0300, Dimitris Glezos wrote: > I think this was discussed briefly in the past on IRC, having Fedora > listed on http://cia.vc/. CIA is "a real-time window into the open > source world", providing "Real-time open source activity stats" with > active projects, people, commits, etc. > > It probably won't provide much added functionality (although its RSS > feeds are handy sometimes eg. [1]), but it'd be good having Fedora on > another contributor/project map. And with the diversity of the > projects hosted on Fedora Hosted, maybe this will bring more > contributors in. > > We'll need to add the CIA client script to our versioning systems: > > http://cia.vc/doc/clients/ +1. https://fedorahosted.org/fedora-infrastructure/ticket/164 I'm not sure if anyone addressed Mike's concern. Should we run this by FESCo or The Board ? luke From jaredsmith at jaredsmith.net Wed May 21 18:51:05 2008 From: jaredsmith at jaredsmith.net (Jared Smith) Date: Wed, 21 May 2008 11:51:05 -0700 Subject: F10? In-Reply-To: <20080520034421.GG3540@Max> References: <20080520034421.GG3540@Max> Message-ID: <1211395865.12276.2.camel@localhost.localdomain> On Mon, 2008-05-19 at 23:44 -0400, Ricky Zhou wrote: > * Asterisk coolness? I'm almost always available and willing to help out with Asterisk stuff... Let me know if/when you need any help, and I'd be willing to put in some time to add all kinds of Asterisk coolness. -Jared From jkeating at redhat.com Wed May 21 19:18:22 2008 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 21 May 2008 15:18:22 -0400 Subject: New (beta) service, email to Trac tickets Message-ID: <1211397503.8531.96.camel@localhost.localdomain> Over the past week I've spent some time getting email2trac setup on our hosted environment so that projects can accept email for Trac tickets. I have created an SOP for setting this up: http://fedoraproject.org/wiki/Infrastructure/SOP/HostedEmail2Trac If there are any questions related to this, please post them on list, or in #fedora-admin I'm going to use this for the rel-eng project (and to lesser extent the pungi project as well) for a bit, before announcing this too loudly as a new offering. I want to see how well it works and what concerns we might have with a more public release of this service. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From loupgaroublond at gmail.com Wed May 21 20:02:31 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Wed, 21 May 2008 16:02:31 -0400 Subject: changes at planet fedora In-Reply-To: <1211214812.3095.0.camel@cutter> References: <1211214812.3095.0.camel@cutter> Message-ID: <7f692fec0805211302w5364d98fvb510feb6e657d214@mail.gmail.com> On Mon, May 19, 2008 at 12:33 PM, seth vidal wrote: > Hi all, > I'm making some changes with how we build up the list of folks/rss > feeds for the fedora planet. We're making it more self-service and a bit > easier to maintain for the admin group (and specifically easier for me > to put up with). For all the people currently on the planet please > follow these instructions to make sure your feed stays on there: > > http://skvidal.fedorapeople.org/docs/planet-addition.html > > These instructions will be added to the wiki after the wiki migration > happens next week. > > Let me know what problems you have, too. How do we test these changes. Namely, once I've configured everything, how do I make sure my config file is good, and displays what I want it to display? -Yaakov From skvidal at fedoraproject.org Wed May 21 20:45:47 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Wed, 21 May 2008 16:45:47 -0400 Subject: changes at planet fedora In-Reply-To: <7f692fec0805211302w5364d98fvb510feb6e657d214@mail.gmail.com> References: <1211214812.3095.0.camel@cutter> <7f692fec0805211302w5364d98fvb510feb6e657d214@mail.gmail.com> Message-ID: <1211402747.3559.25.camel@cutter> On Wed, 2008-05-21 at 16:02 -0400, Yaakov Nemoy wrote: > On Mon, May 19, 2008 at 12:33 PM, seth vidal wrote: > > Hi all, > > I'm making some changes with how we build up the list of folks/rss > > feeds for the fedora planet. We're making it more self-service and a bit > > easier to maintain for the admin group (and specifically easier for me > > to put up with). For all the people currently on the planet please > > follow these instructions to make sure your feed stays on there: > > > > http://skvidal.fedorapeople.org/docs/planet-addition.html > > > > These instructions will be added to the wiki after the wiki migration > > happens next week. > > > > Let me know what problems you have, too. > > How do we test these changes. Namely, once I've configured > everything, how do I make sure my config file is good, and displays > what I want it to display? > wait for the planet to update? -sv From jonstanley at gmail.com Wed May 21 20:56:04 2008 From: jonstanley at gmail.com (Jon Stanley) Date: Wed, 21 May 2008 16:56:04 -0400 Subject: changes at planet fedora In-Reply-To: <1211402747.3559.25.camel@cutter> References: <1211214812.3095.0.camel@cutter> <7f692fec0805211302w5364d98fvb510feb6e657d214@mail.gmail.com> <1211402747.3559.25.camel@cutter> Message-ID: On Wed, May 21, 2008 at 4:45 PM, seth vidal wrote: > wait for the planet to update? I think that the real question was "Is there a test instance of the planet somewhere with this new-world config file?" From skvidal at fedoraproject.org Wed May 21 20:51:44 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Wed, 21 May 2008 16:51:44 -0400 Subject: changes at planet fedora In-Reply-To: References: <1211214812.3095.0.camel@cutter> <7f692fec0805211302w5364d98fvb510feb6e657d214@mail.gmail.com> <1211402747.3559.25.camel@cutter> Message-ID: <1211403104.3559.27.camel@cutter> On Wed, 2008-05-21 at 16:56 -0400, Jon Stanley wrote: > On Wed, May 21, 2008 at 4:45 PM, seth vidal wrote: > > > wait for the planet to update? > > I think that the real question was "Is there a test instance of the > planet somewhere with this new-world config file?" > not as yet, no. I'll have one tonight. :) -sv From Matt_Domsch at dell.com Thu May 22 02:55:16 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Wed, 21 May 2008 21:55:16 -0500 Subject: mdomsch vacation Message-ID: <20080522025516.GC27918@auslistsprd01.us.dell.com> FYI, I'll be mostly offline starting Thursday 5/22 noon, back Tuesday 5/27. Mike and Seth know how to contact me in case of emergency. Thanks, Matt -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mmcgrath at redhat.com Thu May 22 04:06:23 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 21 May 2008 23:06:23 -0500 (CDT) Subject: FAS and public Key auth Message-ID: Lets get this topic started. We've had a lot of requests to have fas authentication with third party groups (both nirik and dgilmore have requested such setups) We can easily set things up so that public key's can be used. I still have grave security concerns about this though. The obvious fear is compromise of a third party box that allows an unauthorized person to then access our production servers. The reality is this isn't much different from having an individual contributors machine get hacked and having them then log in to one of our boxes (this has happened once that I am aware of). The main difference though is how to target. Lets assume an attacker wants to commit something bad to our servers. If they wanted to do it as me, they'd have to attack my workstation and somehow gain root access on the box. At that point they'd be able to take my keys or agent. A difficult task. Now lets say that one of our third party machines is allowing people to build via mock for PPC (this is one real request). That third party box has the SSH keys of a number of people, lets say one of them is sysadmin-main. The attacker would need to merely create an fas account, request access to the group that gives access to that machine and they'd be able to take the ssh keys as people log in. Now, I've never actually done this. It's just my understanding that it'd work that way. If you had root on a box and I sshed there with my ssh key, would you not have access to take the key and log in to other boxes as me? So my question is, is this a real risk or is there a precaution in SSH preventing the attack i'm describing (basically a man in the middle type attack) I can think of a number of options to prevent this but I'm curious what the rest of you think. -Mike From wakko666 at gmail.com Thu May 22 06:17:10 2008 From: wakko666 at gmail.com (brett lentz) Date: Wed, 21 May 2008 23:17:10 -0700 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: On Wed, May 21, 2008 at 9:06 PM, Mike McGrath wrote: > Now lets say that one of our third party machines is allowing people to > build via mock for PPC (this is one real request). That third party box > has the SSH keys of a number of people, lets say one of them is > sysadmin-main. The attacker would need to merely create an fas account, > request access to the group that gives access to that machine and they'd > be able to take the ssh keys as people log in. > Shouldn't the builds be done through Koji? Why would someone be doing builds with mock, but not through Koji? Secondly, any attacker can already create a fas account, and use a bit of social engineering to gain enough access to do damage. There are already some obvious attack vectors in the current processes that are much more vulnerable than the configuration of third party systems. That said, that doesn't mean we should ignore potential risk from blindly trusting third party systems. I would recommend that, at a minimum, third party systems should run with selinux on and enforcing. This would afford some additional assurance of the system's security, but won't solve all problems. > Now, I've never actually done this. It's just my understanding that it'd > work that way. If you had root on a box and I sshed there with my ssh > key, would you not have access to take the key and log in to other boxes > as me? > I'm not a crypto guy by any stretch. But, my understanding is that no, that's not how it public key authentication should work. As I understand it, your private key is never sent across the wire and therefore even with root on the remote system, an attacker could only ever has access to your public key. This is assuming that your private key isn't also in your home directory on the remote system (i.e. the only local file they have is the authorized_keys). Please double-check RFC 4252 for more details. > So my question is, is this a real risk or is there a precaution in SSH > preventing the attack i'm describing (basically a man in the middle type > attack) > I think the mitm risk is fairly low. I think there are other risks, such as not having direct control over keeping third party systems up to date, or allowing third party systems running non-Fedora or non-RHEL distros (e.g. the latest Debian openssh debacle). Privilege escalation on the remote system is also a concern. Thankfully, selinux can mitigate the last fairly effectively. I definitely don't think this should be done lightly. > I can think of a number of options to prevent this but I'm curious what > the rest of you think. > I think that keeping the keys secure is only a small piece of the puzzle. One option that helps mitigate the keys issue to some extent is if we adopt a "pull" model with third party systems. We give them a public key that allows us to execute commands on the system and pull results from it, but the remote systems never get access into the Fedora production systems. > -Mike > ---Brett. From mmcgrath at redhat.com Thu May 22 13:31:08 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 08:31:08 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: References: Message-ID: On Wed, 21 May 2008, brett lentz wrote: > On Wed, May 21, 2008 at 9:06 PM, Mike McGrath wrote: > > Now lets say that one of our third party machines is allowing people to > > build via mock for PPC (this is one real request). That third party box > > has the SSH keys of a number of people, lets say one of them is > > sysadmin-main. The attacker would need to merely create an fas account, > > request access to the group that gives access to that machine and they'd > > be able to take the ssh keys as people log in. > > > > Shouldn't the builds be done through Koji? Why would someone be doing > builds with mock, but not through Koji? > Some will want access to the build roots and things to test. There's other reasons third party people would want to setup accounts with us as well that don't involve the account system. > Secondly, any attacker can already create a fas account, and use a bit > of social engineering to gain enough access to do damage. There are > already some obvious attack vectors in the current processes that are > much more vulnerable than the configuration of third party systems. > Maybe, maybe not. If someone wants to gain our trust (which, admittedly would require them to do a lot of work to 'prove' themselves) they could. But thats different then doing the bare minimum to, for example, get in the cvs extras group. > That said, that doesn't mean we should ignore potential risk from > blindly trusting third party systems. I would recommend that, at a > minimum, third party systems should run with selinux on and enforcing. > This would afford some additional assurance of the system's security, > but won't solve all problems. > But how would this protect us in any way if the users of that system had root on it? Since all of these 3rd part systems aren't officially monitored by us we have to assume the worst on each of these hosts. > > Now, I've never actually done this. It's just my understanding that it'd > > work that way. If you had root on a box and I sshed there with my ssh > > key, would you not have access to take the key and log in to other boxes > > as me? > > > > I'm not a crypto guy by any stretch. But, my understanding is that no, > that's not how it public key authentication should work. As I > understand it, your private key is never sent across the wire and > therefore even with root on the remote system, an attacker could only > ever has access to your public key. This is assuming that your private > key isn't also in your home directory on the remote system (i.e. the > only local file they have is the authorized_keys). Please double-check > RFC 4252 for more details. > > > So my question is, is this a real risk or is there a precaution in SSH > > preventing the attack i'm describing (basically a man in the middle type > > attack) > > > > I think the mitm risk is fairly low. I think there are other risks, > such as not having direct control over keeping third party systems up > to date, or allowing third party systems running non-Fedora or > non-RHEL distros (e.g. the latest Debian openssh debacle). Privilege > escalation on the remote system is also a concern. Thankfully, selinux > can mitigate the last fairly effectively. > > I definitely don't think this should be done lightly. > You think mitm is fairly low but is it really? Lets say, for example, you forward your ssh agent to this remote host. What are the implications there? -Mike From opensource at till.name Thu May 22 13:59:27 2008 From: opensource at till.name (Till Maas) Date: Thu, 22 May 2008 15:59:27 +0200 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: <200805221559.39425.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > You think mitm is fairly low but is it really? Lets say, for example, you > forward your ssh agent to this remote host. What are the implications > there? When someone forwards the ssh agent to a machine, the root user of this machine can access it and use it to authenticate to other machines. Afaik, the only way to prevent this is to use "ssh-add -c" when adding the keys to the agent which makes the agent ask the user for permission everytime the key should be used for authentication. But this is a problem that exists even when the FAS is not used by third parties, because an user can still forward his ssh-agent. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From opensource at till.name Thu May 22 14:01:52 2008 From: opensource at till.name (Till Maas) Date: Thu, 22 May 2008 16:01:52 +0200 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: <200805221601.53297.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > Now, I've never actually done this. It's just my understanding that it'd > work that way. If you had root on a box and I sshed there with my ssh > key, would you not have access to take the key and log in to other boxes > as me? > > So my question is, is this a real risk or is there a precaution in SSH > preventing the attack i'm describing (basically a man in the middle type > attack) Afaik this attack is not possible with ssh because a user signs some information that is unique to the current session and contains among other things a hash of the host key that the user wants to login to. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Thu May 22 14:16:51 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 09:16:51 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: <200805221601.53297.opensource@till.name> References: <200805221601.53297.opensource@till.name> Message-ID: On Thu, 22 May 2008, Till Maas wrote: > On Thu May 22 2008, Mike McGrath wrote: > > > Now, I've never actually done this. It's just my understanding that it'd > > work that way. If you had root on a box and I sshed there with my ssh > > key, would you not have access to take the key and log in to other boxes > > as me? > > > > So my question is, is this a real risk or is there a precaution in SSH > > preventing the attack i'm describing (basically a man in the middle type > > attack) > > Afaik this attack is not possible with ssh because a user signs some > information that is unique to the current session and contains among other > things a hash of the host key that the user wants to login to. > Yeah, I've been talking with someone in #openssh as well. My understanding of how openssh auth is happens basically like this (sorry I'm not going to take the time to diagram this even though thats what it really needs) Client tries to ssh to Server A Server A generates a random number, encrypts it with pub, sends it to the client The client decrypts this number with private key and sends it back to A. Bam! Shell. Here was my concern. Client tries to ssh to untrusted Server B (with hacked ssh server) Server B tries to ssh to Server A as the client user. Server A generates random number, encrypts it with pub, sends it to B. Server B doesn't know what the number is so it sends that encrypted payload to the client. The client decrypts this number with private key and sends it back to Server B. Server B sends this number back to Server A. Server A allows shell to server B as client user. Server B allows shell to client user. client doesn't realize what just happened as it went very quick. The guys in #openssh are saying this isn't possible but I wasn't convinced with their reason (basically that server B doesn't have server A's host keys). Can someone else explain why the above isn't possible? -Mike From opensource at till.name Thu May 22 14:40:31 2008 From: opensource at till.name (Till Maas) Date: Thu, 22 May 2008 16:40:31 +0200 Subject: FAS and public Key auth In-Reply-To: References: <200805221601.53297.opensource@till.name> Message-ID: <200805221640.36728.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > Client tries to ssh to Server A > > Server A generates a random number, encrypts it with pub, sends it to the > client > > The client decrypts this number with private key and sends it back to A. > > Bam! Shell. The public key authentication does not work this way. > The guys in #openssh are saying this isn't possible but I wasn't convinced > with their reason (basically that server B doesn't have server A's > host keys). Can someone else explain why the above isn't possible? To authenticate, the client needs to sign a session identifier (and some other information) with his private key and send the signature to the server. The session identifier is a hash of several data that includes the host key. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From wakko666 at gmail.com Thu May 22 15:09:28 2008 From: wakko666 at gmail.com (brett lentz) Date: Thu, 22 May 2008 08:09:28 -0700 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: On Thu, May 22, 2008 at 6:31 AM, Mike McGrath wrote: > On Wed, 21 May 2008, brett lentz wrote: > >> On Wed, May 21, 2008 at 9:06 PM, Mike McGrath wrote: >> That said, that doesn't mean we should ignore potential risk from >> blindly trusting third party systems. I would recommend that, at a >> minimum, third party systems should run with selinux on and enforcing. >> This would afford some additional assurance of the system's security, >> but won't solve all problems. >> > > But how would this protect us in any way if the users of that system had > root on it? Since all of these 3rd part systems aren't officially > monitored by us we have to assume the worst on each of these hosts. > That's why I said it won't solve all problems. The scenarios where selinux helps are when root is not yet compromised, it helps reduce the risk of things like privilege escalation and exploiting holes in a public facing application to gain shell access. Unfortunately, the current selinux policies will not stop someone accessing an existing shell account and sudoing their way to root. This is where I think we need to work up some requirements for third party systems. We need some level of assurance that the admins of that system have some sane security policies and are maintaining them. It shouldn't be difficult to work up a script or set of scripts to periodically audit the third party systems to assure that these policies are adhered to. IMO, a good starting point for those requirements would be: 1. system runs Fedora/RHEL 2. system has selinux enabled and enforcing. 3. system uses an acceptable update schedule. 4. system's admins are known, and willing to be available when we need to contact them (within a reasonable set of hours) 5. the system's admins document their policy for providing root access to their system. this allows us to do some risk analysis. 6. we should be able to quickly and easily revoke the system's access to Fedora. >> > Now, I've never actually done this. It's just my understanding that it'd >> > work that way. If you had root on a box and I sshed there with my ssh >> > key, would you not have access to take the key and log in to other boxes >> > as me? >> > >> >> I'm not a crypto guy by any stretch. But, my understanding is that no, >> that's not how it public key authentication should work. As I >> understand it, your private key is never sent across the wire and >> therefore even with root on the remote system, an attacker could only >> ever has access to your public key. This is assuming that your private >> key isn't also in your home directory on the remote system (i.e. the >> only local file they have is the authorized_keys). Please double-check >> RFC 4252 for more details. >> >> > So my question is, is this a real risk or is there a precaution in SSH >> > preventing the attack i'm describing (basically a man in the middle type >> > attack) >> > >> >> I think the mitm risk is fairly low. I think there are other risks, >> such as not having direct control over keeping third party systems up >> to date, or allowing third party systems running non-Fedora or >> non-RHEL distros (e.g. the latest Debian openssh debacle). Privilege >> escalation on the remote system is also a concern. Thankfully, selinux >> can mitigate the last fairly effectively. >> >> I definitely don't think this should be done lightly. >> > > You think mitm is fairly low but is it really? Lets say, for example, you > forward your ssh agent to this remote host. What are the implications > there? The implications for ssh-agent is fairly simple. Your private key still never touches the wire or the remote systems. SSH-Agent forwards the auth challenges to the local system you're logging in from. Here's a great diagram of the process: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > -Mike > ---Brett. From mmcgrath at redhat.com Thu May 22 15:10:42 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 10:10:42 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: <200805221640.36728.opensource@till.name> References: <200805221601.53297.opensource@till.name> <200805221640.36728.opensource@till.name> Message-ID: On Thu, 22 May 2008, Till Maas wrote: > On Thu May 22 2008, Mike McGrath wrote: > > > Client tries to ssh to Server A > > > > Server A generates a random number, encrypts it with pub, sends it to the > > client > > > > The client decrypts this number with private key and sends it back to A. > > > > Bam! Shell. > > > The public key authentication does not work this way. > > > The guys in #openssh are saying this isn't possible but I wasn't convinced > > with their reason (basically that server B doesn't have server A's > > host keys). Can someone else explain why the above isn't possible? > > To authenticate, the client needs to sign a session identifier (and some other > information) with his private key and send the signature to the server. The > session identifier is a hash of several data that includes the host key. > So what you're saying is it is impossible to do a man in the middle attack with OpenSSH (assuming the host keys of the server haven't been compromised) ? -Mike From mmcgrath at redhat.com Thu May 22 15:19:54 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 10:19:54 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: References: Message-ID: On Thu, 22 May 2008, brett lentz wrote: > IMO, a good starting point for those requirements would be: > > 1. system runs Fedora/RHEL > 2. system has selinux enabled and enforcing. > 3. system uses an acceptable update schedule. > 4. system's admins are known, and willing to be available when we need > to contact them (within a reasonable set of hours) > 5. the system's admins document their policy for providing root access > to their system. this allows us to do some risk analysis. > 6. we should be able to quickly and easily revoke the system's access to Fedora. > Thats the problem though, there's no way for us to enforce that in any way without regularly checking in, etc. What if they're not compliant and for how long? I think this policy should be simple or non-existant at all. If we can't reliably say that ssh-key based auth to remote machines is a no-risk operation for us, then we shouldn't do it. > > The implications for ssh-agent is fairly simple. Your private key > still never touches the wire or the remote systems. SSH-Agent forwards > the auth challenges to the local system you're logging in from. > > Here's a great diagram of the process: > http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > I know your private key doesn't touch the wire or remote system. But the agent creates a socket in /tmp/ssh-* and I'm worried someone with access to that socket could auth to other machines as the user. -Mike From wakko666 at gmail.com Thu May 22 15:41:09 2008 From: wakko666 at gmail.com (brett lentz) Date: Thu, 22 May 2008 08:41:09 -0700 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: On Thu, May 22, 2008 at 8:19 AM, Mike McGrath wrote: > On Thu, 22 May 2008, brett lentz wrote: >> >> The implications for ssh-agent is fairly simple. Your private key >> still never touches the wire or the remote systems. SSH-Agent forwards >> the auth challenges to the local system you're logging in from. >> >> Here's a great diagram of the process: >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd >> > > I know your private key doesn't touch the wire or remote system. But the > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > to that socket could auth to other machines as the user. Yes, that's a well-known risk. The only protections on that socket are filesystem-level permissions, which root can obviously bypass. The only mechanism I'm aware of that could revoke root's ability to access that file is selinux. However, current policy still allows root to do whatever he likes. I don't think it's possible to dictate a "don't use ssh-agent" policy. That seems unenforceable. This is where I come back to the assurance bit. As you said, that can get a bit complicated and hard to manage on systems that aren't ours. > -Mike > ---Brett. From katzj at redhat.com Thu May 22 15:55:34 2008 From: katzj at redhat.com (Jeremy Katz) Date: Thu, 22 May 2008 11:55:34 -0400 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: <1211471734.16123.4.camel@aglarond.local> On Thu, 2008-05-22 at 08:41 -0700, brett lentz wrote: > On Thu, May 22, 2008 at 8:19 AM, Mike McGrath wrote: > > On Thu, 22 May 2008, brett lentz wrote: > >> The implications for ssh-agent is fairly simple. Your private key > >> still never touches the wire or the remote systems. SSH-Agent forwards > >> the auth challenges to the local system you're logging in from. > >> > >> Here's a great diagram of the process: > >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > >> > > > > I know your private key doesn't touch the wire or remote system. But the > > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > > to that socket could auth to other machines as the user. > > Yes, that's a well-known risk. The only protections on that socket are > filesystem-level permissions, which root can obviously bypass. And the risk isn't increased by us allowing third-party groups to do auth via FAS. This risk is present whenever any user logs in to another machine with agent forwarding. Which is requested by the user/client -- not the machine being logged into Jeremy From jkeating at redhat.com Thu May 22 16:01:47 2008 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 22 May 2008 12:01:47 -0400 Subject: trac-git plugin updated on hosted1 Message-ID: <1211472107.5079.71.camel@localhost.localdomain> Please keep your eye out for any new failures with the git plugin. It still doesn't handle file downloads, somebody is going to have to write some code for that. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Thu May 22 16:22:03 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 11:22:03 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: <1211471734.16123.4.camel@aglarond.local> References: <1211471734.16123.4.camel@aglarond.local> Message-ID: On Thu, 22 May 2008, Jeremy Katz wrote: > On Thu, 2008-05-22 at 08:41 -0700, brett lentz wrote: > > On Thu, May 22, 2008 at 8:19 AM, Mike McGrath wrote: > > > On Thu, 22 May 2008, brett lentz wrote: > > >> The implications for ssh-agent is fairly simple. Your private key > > >> still never touches the wire or the remote systems. SSH-Agent forwards > > >> the auth challenges to the local system you're logging in from. > > >> > > >> Here's a great diagram of the process: > > >> http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd > > >> > > > > > > I know your private key doesn't touch the wire or remote system. But the > > > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > > > to that socket could auth to other machines as the user. > > > > Yes, that's a well-known risk. The only protections on that socket are > > filesystem-level permissions, which root can obviously bypass. > > And the risk isn't increased by us allowing third-party groups to do > auth via FAS. This risk is present whenever any user logs in to another > machine with agent forwarding. Which is requested by the user/client -- > not the machine being logged into > The risk does increase as far as targeting goes though. If you were to do this type of attack right now, how would you go about doing it and what machines would you use? If we start allowing third party machines that have basically no barrier to entry it becomes much easier to plan and execute the attack. -Mike From opensource at till.name Thu May 22 20:28:35 2008 From: opensource at till.name (Till Maas) Date: Thu, 22 May 2008 22:28:35 +0200 Subject: FAS and public Key auth In-Reply-To: References: <200805221640.36728.opensource@till.name> Message-ID: <200805222228.35988.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > So what you're saying is it is impossible to do a man in the middle attack > with OpenSSH (assuming the host keys of the server haven't been > compromised) ? I am saying that the information an attackers gets when a user logs in with public-key authentication to a server under the attackers control is not enough to allow the attacker to login into another machine the user can login to. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Thu May 22 20:33:09 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 May 2008 15:33:09 -0500 (CDT) Subject: FAS and public Key auth In-Reply-To: <200805221640.36728.opensource@till.name> References: <200805221601.53297.opensource@till.name> <200805221640.36728.opensource@till.name> Message-ID: On Thu, 22 May 2008, Till Maas wrote: > On Thu May 22 2008, Mike McGrath wrote: > > > Client tries to ssh to Server A > > > > Server A generates a random number, encrypts it with pub, sends it to the > > client > > > > The client decrypts this number with private key and sends it back to A. > > > > Bam! Shell. > > > The public key authentication does not work this way. > Side note about this for my own education. Can you fill in the blanks? Because I know what is there is accurate, just not complete. -Mike From dev at nigelj.com Thu May 22 20:52:06 2008 From: dev at nigelj.com (Nigel Jones) Date: Fri, 23 May 2008 08:52:06 +1200 Subject: Meeting Log - 2008-05-22 Message-ID: <4835DCF6.6020103@nigelj.com> 07:57 < dgilmore> mmcgrath: show time? 07:58 < mmcgrath> yep 07:58 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's Here? 07:58 < ivazquez> Pong. 07:58 * ianweller 07:59 < mmcgrath> so who's all here? 07:59 * dgilmore is here 07:59 * skvidal is 07:59 < G> me 07:59 * mmcgrath lets people roll in 07:59 * ricky 07:59 * nirik is off in the spectator seats. 08:00 < jcollie> hello 08:00 * f13 08:01 < mmcgrath> Allrighty, lets get started 08:01 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Tickets 08:01 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=%7EMeeting&order=priority 08:01 < zodbot> mmcgrath: http://tinyurl.com/2hyyz6 08:01 < mmcgrath> .ticket 395 08:01 < zodbot> mmcgrath: #395 (Audio Streaming of Fedora Board Conference Calls) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/395 08:01 < mmcgrath> jcollie: any news ? 08:02 < jcollie> not really 08:02 < mmcgrath> k, next ticket 08:02 < mmcgrath> .ticket 398 08:02 < zodbot> mmcgrath: #398 (elfutils `monotone' (mtn) error) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/398 08:02 < mmcgrath> abadger1999: jcollie: anything there? 08:02 < jcollie> nope 08:02 < abadger1999> nope 08:02 < abadger1999> It's all roland for now. 08:02 < mmcgrath> k 08:02 < mmcgrath> .ticket 446 08:02 < zodbot> mmcgrath: #446 (Possibility to add external links on spins page) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/446 08:02 < mmcgrath> dgilmore: any news? 08:03 * dgilmore notes that he sucks 08:03 < mmcgrath> hah, no news then? 08:04 < mmcgrath> .ticket 547 08:04 < zodbot> mmcgrath: #547 (Koji DB Server as postgres 8.3) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/547 08:04 < mmcgrath> abadger1999: so we're going to package this but we didn't really get any farther then that. 08:04 < abadger1999> mmcgrath: Right. It's packaged and in the fi-repo now. 08:04 < abadger1999> F-9 versions. 08:04 < dgilmore> abadger1999: is this weekend too soon to roll out 08:05 < dgilmore> abadger1999: just thinking we can piggy back on the fsck 08:05 < abadger1999> I thought we were going to wait for the dedicated koji db server? 08:05 < jcollie> fsck is going take almost 24hrs anyway 08:05 < dgilmore> we can do that also 08:05 < abadger1999> We could deploy now... just saying that was my original plan. 08:06 < mmcgrath> yeah, lets just wait for the new server. 08:06 < mmcgrath> That way we can call an outage, try to migrate. if it fails, we can just turn db2 back on. no harm no foul 08:06 < abadger1999> Makes sense to me 08:06 < dgilmore> having done a conversion from 8.1 to 8.3 it was pretty smooth 08:06 < mmcgrath> we can do it this weekend but I won't be around much is all. 08:07 < mbonnet> the dump/restore will take a significant amount of time 08:07 * abadger1999 likes having an escape option 08:07 < dgilmore> mbonnet: which is why i suggested during the 24 hr window for the fsck 08:08 < dgilmore> but im with abadger1999 08:08 < abadger1999> Do we know how long the backup currently takes on the koji db? 08:08 < dgilmore> we do 4 a day 08:08 < dgilmore> restore will take longer i think 08:08 < mmcgrath> abadger1999: the backups don't take long, the restores take a very long time though. I'm not sure how long though. 08:08 < abadger1999> yeah. 08:09 < mmcgrath> its the indexes 08:09 < mmcgrath> abadger1999: to give you an idea, the backup is 4.1G, the database is 61G. 08:10 < abadger1999> 08:10 < mmcgrath> anywho. I'll leave that up to you tosho when you want to do it. It'd be nice to do a trial run first and import of all the production data to know what issues we'll run into. 08:11 < mmcgrath> anything else on that? If not we'll move on. 08:11 < abadger1999> k. For the real thing I say wait for the koji db server. 08:11 < abadger1999> Nope, no more. 08:11 < mmcgrath> k 08:11 < mmcgrath> next item 08:11 < G> yeah, kind of makes sense 08:11 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- The Wiki Migration 08:11 * ricky must go now :-( 08:11 < mmcgrath> So the new wiki will be in place on Friday (most of it) 08:11 < mmcgrath> ricky: later! 08:11 < ianweller> woo, my subject. :D 08:12 < ianweller> ricky: cya 08:12 < mmcgrath> we're officialy doing the switchover on Tuesday. 08:12 * dgilmore hopes he can continue to use moin syntax 08:12 < ianweller> i've had enough with moin syntax :/ 08:12 < mmcgrath> the idea is we'll do the main mass import on friday, go through, fix up, test, etc. Then just re-import the pages that have changed in moin. 08:12 * lmacken wants LaTeX syntax by default ;) 08:12 < mmcgrath> This will consume almost all of my time starting two days ago until Tuesday. 08:13 < ianweller> same here 08:13 < mmcgrath> ianweller and ricky have also been hard at work but if _any_ of you have free time we can use additional hands and eyes on this. 08:13 < mmcgrath> in testing, verifying, etc. 08:13 < mmcgrath> We're in good shape but there's a couple of hangups right now. 08:13 < mmcgrath> 1) auth 08:13 < mmcgrath> and 2) auth -> email mapping. 08:13 < mmcgrath> beyond that I don't think there's any blockers. 08:13 < jcollie> brb 08:14 < mmcgrath> A reminder, you won't be able to do regex watchlists anymore. (thats a design choice and one of the reaons Moin was so slow on page saves) 08:14 < ianweller> tomorrow after the main mass import my first priority is to fix up the WikiEditing page 08:14 < mmcgrath> s/slow/expensive/ 08:14 < mmcgrath> but you should (if we get the extension configured in time) be able to watch /wiki/Docs/* for example. 08:15 < mmcgrath> This is going to be painful for about the first month I suspect. After that we'll all be glad we switched. 08:15 < mmcgrath> Does anyone have any questions or comments about the wiki? 08:15 < mmcgrath> Anyone want to volunteer some time? 08:15 * ianweller 08:15 < mmcgrath> oh! G's also been mega helpful in this too. 08:15 < mmcgrath> as has smooge 08:15 < dgilmore> mmcgrath: what do we have as the backend/frontend setup? 08:15 < ianweller> mediawiki allows spaces in page names. 08:15 < mmcgrath> dgilmore: backend is going to be db1, frontend is going to be app[1-2] 08:16 < smooge> ? 08:16 < mmcgrath> well the append 08:16 < mmcgrath> smooge: talking about mediawiki :-P 08:16 < G> mmcgrath: I might be able to help on Tuesday, but it'll be a balancing act 08:16 < mmcgrath> to start we won't be deploying any caching abilities of mediawiki. I want to make sure to get a baseline. 08:16 < mmcgrath> G: thanks. 08:17 < mmcgrath> Anyone have anything else to discuss there? 08:17 < mmcgrath> k, next item 08:17 < smooge> ah ok. 08:17 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- 3rd party machine auth. 08:18 < mmcgrath> this is on the infrastructure list right now 08:18 < mmcgrath> nirik: ping (see topic) 08:18 < nirik> you rang? 08:18 < mmcgrath> What do y'all think? I want to be able to provide this but I need to do it in a way that won't get me fired. 08:18 * nirik doesn't want to cause any security problems... but it would be nice to have. 08:19 < nirik> I need ssh pub keys & logins I guess... no password auth. 08:19 < mmcgrath> nirik: and its a service we'd like to be able to provide. 08:19 < G> this is where something like two facter authentication would be nice 08:19 < mmcgrath> does anyone think this is a service we should not provide? 08:20 < G> oh I really do think it's something we should provide 08:20 < mmcgrath> G: indeed, I'd like to do that but right now I'm -ENOTIME unless someone else wants to pick up the job. 08:20 * ianweller is reading the list archive 08:21 < nirik> G: which 2 factors? ssh key + openid or something? 08:21 * dgilmore thinks we should provide it. 08:21 < ianweller> is the subject 'FAS and public Key auth'? 08:21 < G> if you were to do something like what the banks use (two facter auth) you have something *you* know and something you *don't* know 08:21 < dgilmore> but im biased as im one of those wanting it 08:21 < mmcgrath> Yeah, i don't think anyone is against providing it, the question now is how to do it properly. 08:21 < mmcgrath> G: yeah, and we have a couple of options there. 08:21 < G> shouldn't be too hard to implement inside fedora, you could have a pam_fas plugin or something to manage the something you don't know token 08:22 < G> login to fas, bam there is the one use token that you can use to login to the core machines w/ your public key 08:23 < nirik> well, I thought 2 factor is more: something you know + something you have... (cell/secureid fob, etc), but ok. 08:23 < wfp> To make it worth doing, doesn't 2 factor auth need something like a hardware crypto card? 08:23 < G> wfp: not really 08:23 < mmcgrath> wfp: that makes it much more secure, but there are levels of security between singlefactor and two factor w/ hardware key. 08:24 < nirik> if we have * and cell phone numbers we could use that... "call from fedora account system, do you auth this, press 1" 08:24 < G> nirik: that sounds costly :) 08:24 < ivazquez> There's PhoneFactor, but I don't think they work outside NA. 08:24 < ianweller> nirik: G: myopenid.com does that. 08:24 < G> get a SMS gateway to sponsor text messages 08:24 < ianweller> G: costly to the end user 08:24 < G> ianweller: ohhh okay 08:24 * dgilmore just wants to easily give fedora community access to a sparc box for doing mock builds 08:25 * dgilmore really doesnt care how its achieved 08:25 * nirik just wants to give fedora community acces to ppc and x86_64 boxes for mockbuilds and debugging. 08:25 < dgilmore> mmcgrath: ill bring you a sparc box to put into phx :) 08:25 < G> I agree, we should provide it for those exact reasons (didn't I mention this in my F10 wishlist? :P) 08:26 < mmcgrath> Lets think on this for another week or so and talk about it at the next meeting as well. 08:26 < nirik> I can also think of more fun stuff down the road... on demand test virtuals, access to archive of rawhide daily installs, etc. 08:28 < G> exactly, Debian offer Developer (equiv to our cvsextras) access to donated boxes for testing w/ chroots, bugfixing etc 08:28 < mmcgrath> alrighty then, beyond that I've got nothing else. 08:28 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 08:28 < mmcgrath> Who's got something they want to discuss? 08:28 < lmacken> SELinux! 08:28 < mmcgrath> lmacken: have at it. 08:28 < lmacken> I sat down with Dan Walsh today, and we tackled the SELinux issues around bastion, app1, and proxy1. 08:28 < lmacken> .ticket 230 08:28 < zodbot> lmacken: #230 (SELinux Deployment) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/230 08:28 < lmacken> see the ticket for more details :) 08:28 < lmacken> progress is being made 08:29 < mmcgrath> if only we can get Dan to sit down with everyone who wants to use selinux :) 08:29 < lmacken> seriously 08:29 < mmcgrath> lmacken: how bad of shape are we in? 08:29 < lmacken> mmcgrath: well, we've got a lot of custom apps, running in a lot of custom locations. 08:29 < lmacken> which is easily fixable from an selinux standpoint 08:29 < lmacken> but puppet.. 08:29 < lmacken> that's were we need the changes 08:30 < mmcgrath> lmacken: how does selinux work with the satellite deployment tools? 08:30 < lmacken> Brett Lentz (wakko666) has been doing a great job of pushing the selinux patch and unit test to puppet upstream 08:30 < lmacken> mmcgrath: No clue whatesover 08:31 < mmcgrath> 08:31 < lmacken> dwalsh is pretty determined to get our infrastructure working 100% with SELinux by F10 08:31 < dgilmore> lmacken: builders will need alot of work 08:31 < ivazquez> What a coup that would be for SELinux. 08:31 < mmcgrath> lmacken: now with selinux and puppet are you talking about deploying selinux policies via puppet? Or actually what puppet does when deploying configs is causing selinux issues? 08:31 < lmacken> dgilmore: yes, but a lot of that is being done right now by Eric Paris, with the mock/livecd-creator stuff, right ? 08:31 < dgilmore> lmacken: not really 08:32 < dgilmore> lmacken: simmiliar but different 08:32 < lmacken> mmcgrath: deploy custom policies, booleans, and contexts with puppet.. and also making puppet smart when creating new files 08:33 < mmcgrath> solid. 08:33 < mmcgrath> well, baby steps I guess :) 08:33 < lmacken> indeed. I'm meeting with dan again next week. I'll keep that ticket up to date with our progress 08:33 < mmcgrath> solid. 08:34 < mmcgrath> lmacken: are you or dan going to hold some training sessions for the rest of our team? 08:34 < lmacken> mmcgrath: yeah, we'll make sure it's well documented and people know how to use it 08:34 < mmcgrath> solid. 08:35 < mmcgrath> anything else on selinux? 08:35 < lmacken> nada 08:35 < abadger1999> lmacken: You might want to look at app2 as well 08:35 < abadger1999> app1 is the one app server not running all of our TG apps. 08:35 < mmcgrath> solid 08:36 < mmcgrath> anyone have anything else they'd like to discuss? 08:36 < lmacken> abadger1999: yep, we'll get there :) we just wanted to hit a few different types of machines today to get a good high-level idea of what we're dealing with 08:36 < G> The voting app is near readiness 08:36 < abadger1999> Yeah, you're doing really great work on that! 08:36 < G> Hopefully I'll have something ready for testing with the masses in a day or two 08:37 < mmcgrath> G: you've got everything you need to put togther a public test of it for everyone right? 08:37 < G> I've got an RPM ready, but I spotted something wack with the URLs etc but hopefully get that fixed today 08:38 < ivazquez> Although not quite FI-specific, do we have the new planet up somewhere? 08:38 < G> mmcgrath: all I really need to create a dummy fas login, so I don't expose a real user login on pt10 and a new group in the main fas 08:38 < G> but yeah, I'll do a test deploy today on pt10 and see what happens 08:38 < mmcgrath> ivazquez: the new planet? Like what skvidal has been up to? 08:38 < mmcgrath> G: solid 08:38 < skvidal> ivazquez: call be slartibartifast! 08:39 < ivazquez> Yes. 08:39 < ianweller> hey now. slartibartfast is my computer's host name. 08:39 < ianweller> that would get confusing for me :/ 08:39 < ianweller> ;) 08:39 < skvidal> ivazquez: we still only have 78 people in the .planet files 08:39 < G> if anyone wants to, the new group is currently meant to be "elections" :P 08:39 < skvidal> and 230 in the existing planet 08:39 < dgilmore> skvidal: im sorry i suck and have not done it yet 08:39 < ivazquez> Well, it would still be nice if the 78 people could make sure that their feeds work :P 08:39 < G> skvidal: thats a third, the rest will fall in line when they suddenly disappear :) 08:40 < skvidal> ivazquez: agreed 08:40 < ivazquez> Plus it might get some others in gear when they see it happening. 08:40 < ianweller> skvidal: if you need help with pinging individual people, i'm up for it after the wiki switch ;) 08:40 < skvidal> ianm: nah 08:40 < skvidal> err ianweller nah 08:40 < iWolf> mmcgrath: re, the wiki, has any PHP hardening been done or considered? 08:40 < skvidal> ivazquez: agreed - but it's only been a week - so I didn't want piss off everyone :) 08:40 < G> abadger1999: btw, thanks 08:40 < ivazquez> A week is Forever in Fedora time. 08:41 * skvidal rolls his eyes 08:41 < ivazquez> Heh. 08:41 < ianweller> so it takes 26 forevers for each fedora release? ;) 08:41 < mmcgrath> iWolf: we have mod_security mildly deployed. Beyond that though no. Needs someone with time and experience to do it, I only have the latter at the moment. 08:41 < jcollie> ianweller: sometimes it seems like it 08:42 < abadger1999> G: For what? You've been doing all the work :-) 08:42 < iWolf> mmcgrath: understood. 08:42 < G> abadger1999: I was saying thanks for your comment :) 08:42 < ianweller> mediawiki is pretty secure (lots of testing), not so sure about the extensions though 08:42 < ianweller> the more extensions you have, the more potential holes you have. 08:43 < iWolf> mmcgrath: does one just need sysadmin-test to access the current wiki server php config? 08:43 < mmcgrath> iWolf: yes. 08:43 < mmcgrath> iWolf: We've got multiple deploys of it going, if you want your own you're encouraged to install one :) 08:43 < iWolf> mmcgrath: :) 08:43 * ianweller has one at /w-ian/ 08:44 < ianweller> that's where he's writing his IRCLog extension for the moment. 08:44 < mmcgrath> we've got like 5 or 6 wiki's I think :) 08:44 < ianweller> something like that 08:45 < mmcgrath> Ok, well talks seem to have calmed down a bit. If no one has anything else we'll close a little early this week. I'll give it 30 08:46 < G> yeah, I have nothing more 08:46 < mmcgrath> 15 08:46 < mmcgrath> 5 08:46 -!- mmcgrath changed the topic of #fedora-meeting to: Infrasturcture -- Meeting End 08:46 < mmcgrath> Thanks for coming everyone! 08:46 < G> I'll sort out the log 08:47 -!- giallu [n=giallu at 81-174-9-190.dynamic.ngi.it] has joined #fedora-meeting 08:47 -!- mmcgrath changed the topic of #fedora-meeting to: Channel is used by various Fedora groups and committees for their regular meetings | Note that meetings often get logged | For questions about using Fedora please ask in #fedora | See http://fedoraproject.org/wiki/Communicate/FedoraMeetingChannel for meeting schedule From opensource at till.name Thu May 22 21:04:28 2008 From: opensource at till.name (Till Maas) Date: Thu, 22 May 2008 23:04:28 +0200 Subject: FAS and public Key auth In-Reply-To: References: <200805221640.36728.opensource@till.name> Message-ID: <200805222304.37161.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > On Thu, 22 May 2008, Till Maas wrote: > > On Thu May 22 2008, Mike McGrath wrote: > > > Client tries to ssh to Server A > > > > > > Server A generates a random number, encrypts it with pub, sends it to > > > the client > > > > > > The client decrypts this number with private key and sends it back to > > > A. > > > > > > Bam! Shell. > > > > The public key authentication does not work this way. > > Side note about this for my own education. Can you fill in the blanks? > Because I know what is there is accurate, just not complete. I do not understand what you ask me to do. Do you want me to explain the ssh public-key authentication? I already explained in very short, if you want more detail, you better look into the rfcs, because I would basically copy it to add more detail: 1st phase: create a session encryption key and a uniqe session identifier (hash H in the rfc): http://www.ietf.org/rfc/rfc4253.txt page 22 lists all the information that the hash is computed of which includes the host key 2nd phase: authentication: The clients signs the hash H from above and some other information like the user name and sends it to the server, a full list of the signed information can be found on page 9 of rfc 4252: http://www.ietf.org/rfc/rfc4252.txt Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From a.badger at gmail.com Thu May 22 21:51:58 2008 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 22 May 2008 14:51:58 -0700 Subject: FAS and public Key auth In-Reply-To: <200805222304.37161.opensource@till.name> References: <200805221640.36728.opensource@till.name> <200805222304.37161.opensource@till.name> Message-ID: <4835EAFE.30802@gmail.com> Till Maas wrote: > On Thu May 22 2008, Mike McGrath wrote: >> On Thu, 22 May 2008, Till Maas wrote: >>> On Thu May 22 2008, Mike McGrath wrote: >>>> Client tries to ssh to Server A >>>> >>>> Server A generates a random number, encrypts it with pub, sends it to >>>> the client >>>> >>>> The client decrypts this number with private key and sends it back to >>>> A. >>>> >>>> Bam! Shell. >>> The public key authentication does not work this way. >> Side note about this for my own education. Can you fill in the blanks? >> Because I know what is there is accurate, just not complete. > > I do not understand what you ask me to do. Do you want me to explain the ssh > public-key authentication? I already explained in very short, if you want > more detail, you better look into the rfcs, because I would basically copy it > to add more detail: > > 1st phase: create a session encryption key and a uniqe session identifier > (hash H in the rfc): > http://www.ietf.org/rfc/rfc4253.txt > page 22 lists all the information that the hash is computed of which includes > the host key > > 2nd phase: authentication: > The clients signs the hash H from above and some other information like the > user name and sends it to the server, a full list of the signed information > can be found on page 9 of rfc 4252: > http://www.ietf.org/rfc/rfc4252.txt > Note: I have not read the rfc's or openssh source code/docs. It seems like this would be open to attack in the special case where the user has never logged into 1) The server they think they're connecting to 2) The machine the malicious server is actually trying to authenticate them against. In this scenario the client doesn't have host keys for either of the remote machines so it's unable to verify that the malicious server is lying to it. I wouldn't think that's a huge issue, just noting that it exists. -Toshio From opensource at till.name Fri May 23 09:02:32 2008 From: opensource at till.name (Till Maas) Date: Fri, 23 May 2008 11:02:32 +0200 Subject: FAS and public Key auth In-Reply-To: <4835EAFE.30802@gmail.com> References: <200805222304.37161.opensource@till.name> <4835EAFE.30802@gmail.com> Message-ID: <200805231102.38525.opensource@till.name> On Thu May 22 2008, Toshio Kuratomi wrote: > It seems like this would be open to attack in the special case where the > user has never logged into 1) The server they think they're connecting > to 2) The machine the malicious server is actually trying to > authenticate them against. In this scenario the client doesn't have > host keys for either of the remote machines so it's unable to verify > that the malicious server is lying to it. This is also not possible with public key authentication, because the server needs to create a signature with the host key when the session encryption key is generated. In case the attacker forwards the network traffic in this phase to the other server, he will not be able to decrypt the authentication phase. If he uses its own host key, then the signature used for authentication will not be accepted by the other server. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From k.georgiou at imperial.ac.uk Fri May 23 11:42:51 2008 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Fri, 23 May 2008 12:42:51 +0100 Subject: FAS and public Key auth In-Reply-To: References: Message-ID: <20080523114251.GA29354@imperial.ac.uk> On Thu, May 22, 2008 at 10:19:54AM -0500, Mike McGrath wrote: > I know your private key doesn't touch the wire or remote system. But the > agent creates a socket in /tmp/ssh-* and I'm worried someone with access > to that socket could auth to other machines as the user. The agent *isn't* forwarded by default, you need to use either -A in the command line or ForwardAgent yes in the config. Of course nothing stops users from enabling agent forwarding by default but then again nothings stops them from doinf other stupid things with ssh keys, having passwordless keys and keeping a copy of them in some insecure location is one of the worst examples. For the people having agent forwarding enabled by default you already have a problem with all the other machines that they connect anyway for their daily work/whatever. Running a kerberos server is a good alternative to ssh pubkey auth, you can enforce centrally non forwardable tickets if you want so you can be sure that other machines that the user authenticates with cannot connect back to the fedora servers. Kostas Georgiou From opensource at till.name Fri May 23 11:53:48 2008 From: opensource at till.name (Till Maas) Date: Fri, 23 May 2008 13:53:48 +0200 Subject: FAS and public Key auth In-Reply-To: References: <1211471734.16123.4.camel@aglarond.local> Message-ID: <200805231353.54668.opensource@till.name> On Thu May 22 2008, Mike McGrath wrote: > On Thu, 22 May 2008, Jeremy Katz wrote: > > And the risk isn't increased by us allowing third-party groups to do > > auth via FAS. This risk is present whenever any user logs in to another > > machine with agent forwarding. Which is requested by the user/client -- > > not the machine being logged into > > The risk does increase as far as targeting goes though. If you were to do > this type of attack right now, how would you go about doing it and what > machines would you use? If we start allowing third party machines that > have basically no barrier to entry it becomes much easier to plan and > execute the attack. One can still provide services to Fedora maintainers without using FAS, e.g. a ppc machine that can be used by maintainers to debug their package on that arch. Then the maintainers would send their ssh public key by themself to the administrator of the machine. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From linux at elfshadow.net Sat May 24 00:37:12 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Fri, 23 May 2008 20:37:12 -0400 Subject: PHP Security Tweaks Message-ID: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> I asked yesterday in the meeting about any modifications made to the default PHP install to help tighten things up a little with MediaWiki quite close to going into production. I took a look at the php.ini file on publictest2 and have a couple of suggestions to make - please feel free to comment or question any of them. I will add my own comments after each item. /etc/php.ini * Change 'allow_url_fopen' to Off. This is a big one as it can allow a remote file to be used in an include(). * Set 'expose_php' to Off. This one is just to reduce the amount of information one can gather through a script looking for vulnerable versions. Anyone determined to cause trouble could determine this information another way, like the Version info page in MediaWiki. * Set 'display_errors' to Off I think this was just set to On in testing to help with working through various bugs. But we should be sure it is set to Off for the production instance. * Set the upload_tmp_dir to a location that is only accessible by the user running MediaWiki and not readable or writeable by anyone else as well as being outside the web root. * Use disable_functions to limit what PHP functions are available. The following is a possible recommended list: disable_functions = "apache_get_modules,apache_get_version,apache_getenv,apache_note, apache_setenv,disk_free_space,diskfreespace,dl, highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo, proc_nice,shell_exec,show_source,symlink,system,exec,fsockopen, dl,popen" This appears to work on a MediaWiki instance I have, though that wiki is not as large or complex as the Fedora Wiki will be. Some of the items above are just information gathering components, others have a little more value to them. And then, set an open_base_dir directive in the wiki.conf file like this: php_admin_value open_basedir /var/www/wiki:/location/of/upload/tmp/dir Setting an open_basedir is not 100% foolproof to limiting access to PHP scripts, but it is another hurdle. The above config changes are some options we might want to consider. There are also tools out there like php-suhosin [1] that we might want to consider using as well to keep things as tight as possible. I have not made any changes to publictest2, but we may want to consider trying some of these config changes out and see if things still work and then possibly apply to the production instance. Thanks! Jeffrey [1] http://www.hardened-php.net/suhosin.127.html From mmcgrath at redhat.com Sat May 24 01:08:34 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 23 May 2008 20:08:34 -0500 (CDT) Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> Message-ID: On Fri, 23 May 2008, Jeffrey Tadlock wrote: > I asked yesterday in the meeting about any modifications made to the > default PHP install to help tighten things up a little with MediaWiki > quite close to going into production. I took a look at the php.ini > file on publictest2 and have a couple of suggestions to make - please > feel free to comment or question any of them. I will add my own > comments after each item. > > /etc/php.ini > > * Change 'allow_url_fopen' to Off. > > This is a big one as it can allow a remote file to be used in an include(). > > * Set 'expose_php' to Off. > > This one is just to reduce the amount of information one can gather > through a script looking for vulnerable versions. Anyone determined > to cause trouble could determine this information another way, like > the Version info page in MediaWiki. > > * Set 'display_errors' to Off > > I think this was just set to On in testing to help with working > through various bugs. But we should be sure it is set to Off for the > production instance. > > * Set the upload_tmp_dir to a location that is only accessible by the > user running MediaWiki and not readable or writeable by anyone else as > well as being outside the web root. > > * Use disable_functions to limit what PHP functions are available. > The following is a possible recommended list: > > disable_functions = > "apache_get_modules,apache_get_version,apache_getenv,apache_note, > apache_setenv,disk_free_space,diskfreespace,dl, > > highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo, > > proc_nice,shell_exec,show_source,symlink,system,exec,fsockopen, > dl,popen" > > This appears to work on a MediaWiki instance I have, though that wiki > is not as large or complex as the Fedora Wiki will be. Some of the > items above are just information gathering components, others have a > little more value to them. > > And then, set an open_base_dir directive in the wiki.conf file like this: > > php_admin_value open_basedir /var/www/wiki:/location/of/upload/tmp/dir > > Setting an open_basedir is not 100% foolproof to limiting access to > PHP scripts, but it is another hurdle. > > The above config changes are some options we might want to consider. > There are also tools out there like php-suhosin [1] that we might want > to consider using as well to keep things as tight as possible. I have > not made any changes to publictest2, but we may want to consider > trying some of these config changes out and see if things still work > and then possibly apply to the production instance. > > Thanks! > Jeffrey > These are all fine with me. -Mike From dev at nigelj.com Sat May 24 06:15:34 2008 From: dev at nigelj.com (Nigel Jones) Date: Sat, 24 May 2008 18:15:34 +1200 Subject: Away for a couple of days Message-ID: <4837B286.1080506@nigelj.com> Hi All, Just FYI I'll be quite busy the next few days, couple of reasons: a) -ETOOBUSY b) -EBADHARDWARE - RAM is giving me nightmares on my desktop, so I'll be spending a bit of time trying to get that going I *should* be able to still look after my packages and I'll be infrequently checking my dev e-mail & IRC, if anything urgent comes up, you can always try to catch me on my normal e-mail address nigel at nigelj.com. I'll be back around 0000 28th May UTC - Nigel From antonio.montagnani at alice.it Sat May 24 11:46:00 2008 From: antonio.montagnani at alice.it (antonio montagnani) Date: Sat, 24 May 2008 13:46:00 +0200 Subject: Creation of an user profile... Message-ID: <4837FFF8.70003@alice.it> when I try to create my Profile I get this reply: Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /wiki/UserPreferences. Reason: Error reading from remote server ________________________________ Apache/2.2.3 (Red Hat) Server at fedoraproject.org Port 80 Any idea??? Tnx Antonio From luca at foppiano.org Sat May 24 12:06:04 2008 From: luca at foppiano.org (Luca Foppiano) Date: Sat, 24 May 2008 14:06:04 +0200 Subject: Creation of an user profile... In-Reply-To: <4837FFF8.70003@alice.it> References: <4837FFF8.70003@alice.it> Message-ID: <1211630764.3966.50.camel@sboing.byte-code.lan> On Sat, 2008-05-24 at 13:46 +0200, antonio montagnani wrote: > when I try to create my Profile I get this reply: > > Proxy Error > > The proxy server received an invalid response from an upstream server. > The proxy server could not handle the request POST /wiki/UserPreferences. > > Reason: Error reading from remote server It's a common bug...solution is to cross fingers and retry ;-) AFAIK wiki will be migrated on mediawiki to avoid this errors Luca -- Today is Prickle-Prickle, the 71st day of Discord in the YOLD 3174 In God we trust; all else we walk through. From mmcgrath at redhat.com Sat May 24 14:13:47 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 24 May 2008 09:13:47 -0500 (CDT) Subject: Creation of an user profile... In-Reply-To: <1211630764.3966.50.camel@sboing.byte-code.lan> References: <4837FFF8.70003@alice.it> <1211630764.3966.50.camel@sboing.byte-code.lan> Message-ID: On Sat, 24 May 2008, Luca Foppiano wrote: > On Sat, 2008-05-24 at 13:46 +0200, antonio montagnani wrote: > > when I try to create my Profile I get this reply: > > > > Proxy Error > > > > The proxy server received an invalid response from an upstream server. > > The proxy server could not handle the request POST /wiki/UserPreferences. > > > > Reason: Error reading from remote server > > It's a common bug...solution is to cross fingers and retry ;-) > > AFAIK wiki will be migrated on mediawiki to avoid this errors > Yep, this will happen on Tuesday, watch for a notification. -Mike From kanarip at kanarip.com Sat May 24 15:15:09 2008 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Sat, 24 May 2008 17:15:09 +0200 Subject: Wiki Migration (Tuesday 05-26-2008) In-Reply-To: References: Message-ID: <483830FD.40505@kanarip.com> Mike McGrath wrote: > Please let us know if you have any questions or concerns. The wiki is > such a critical piece of Fedora's infrastructure we want to make sure that > after the migration it and everyone gets up to speed as quickly as > possible. Happy wiki-ing! > Answering on this list because it just seems more appropriate: Assuming I should be editing at http://fp.o/wikinew/ (which I got from #fedora-admin and didn't find in the announcement mail -maybe worth a follow-up?); On the Main_Page (or any other page -that does not yet exist?-), the link to "edit this page" links to: http://app1.fedora.phx.redhat.com/w/index.php?title=Main_Page&action=edit The Edit link on top of existing pages goes well though. Kind regards, Jeroen van Meeuwen -kanarip From mmcgrath at redhat.com Sat May 24 15:51:38 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 24 May 2008 10:51:38 -0500 (CDT) Subject: Wiki Migration (Tuesday 05-26-2008) In-Reply-To: <483830FD.40505@kanarip.com> References: <483830FD.40505@kanarip.com> Message-ID: On Sat, 24 May 2008, Jeroen van Meeuwen wrote: > Mike McGrath wrote: > > Please let us know if you have any questions or concerns. The wiki is > > such a critical piece of Fedora's infrastructure we want to make sure that > > after the migration it and everyone gets up to speed as quickly as > > possible. Happy wiki-ing! > > > > Answering on this list because it just seems more appropriate: > > Assuming I should be editing at http://fp.o/wikinew/ (which I got from > #fedora-admin and didn't find in the announcement mail -maybe worth a > follow-up?); > /wikinew/ was intentionally left off because its only a pre-migration. Its difficult to explain to a ton of people that, for example, it just had to be re-migrated. > On the Main_Page (or any other page -that does not yet exist?-), the link to > "edit this page" links to: > > http://app1.fedora.phx.redhat.com/w/index.php?title=Main_Page&action=edit > > The Edit link on top of existing pages goes well though. > Yep, stuff like that is still being worked out. -Mike From linux at elfshadow.net Sun May 25 02:18:58 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sat, 24 May 2008 22:18:58 -0400 Subject: PHP Security Tweaks In-Reply-To: References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> Message-ID: <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> On Fri, May 23, 2008 at 9:08 PM, Mike McGrath wrote: > On Fri, 23 May 2008, Jeffrey Tadlock wrote: >> * Change 'allow_url_fopen' to Off. >> >> * Set 'expose_php' to Off. >> >> * Set 'display_errors' to Off >> >> * Set the upload_tmp_dir to a location that is only accessible by the >> user running MediaWiki and not readable or writeable by anyone else as >> well as being outside the web root. >> >> disable_functions = >> "apache_get_modules,apache_get_version,apache_getenv,apache_note, >> apache_setenv,disk_free_space,diskfreespace,dl, >> >> highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo, >> >> proc_nice,shell_exec,show_source,symlink,system,exec,fsockopen, >> dl,popen" >> >> php_admin_value open_basedir /var/www/wiki:/location/of/upload/tmp/dir > > These are all fine with me. I made most of these changes tonight on publictest2. There were two exceptions. I did not change the 'display_errors' as it is useful for the testing going on. 'open_basedir' is causing issues with the user's page (i.e. clicking the jeffreyt link at the top of the page), when it is enabled it just goes to a blank page. The same happens with the Infrastructure page as well. Everything else seemed to work well with it enabled. I will play with that on a vanilla install at home and see what is up with that. Everything else has been modified. If something has broken and I missed it, feel free to ping me (iWolf) on IRC. If I am not around you can grab the original php.ini file from my home directory under the php-sec directory. Just copy it to /etc/php.ini and bounce apache and you will be back to the way it was before I made the changes. Please let me know if you need to do that though, so I can look at it further. Thanks, Jeffrey From loupgaroublond at gmail.com Sun May 25 04:05:48 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Sun, 25 May 2008 00:05:48 -0400 Subject: Blog syndication for GSoC - ers In-Reply-To: <4838C94B.9060505@redhat.com> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> Message-ID: <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> On Sat, May 24, 2008 at 10:04 PM, Eugene Teo wrote: > > Sankarshan Mukhopadhyay wrote: >> With the new process for getting (and staying) on Planet Fedora in >> place, how does it affect GSoC-ers ? >> >> Do we have their blogs on the Planet ? And, do they get FedoraPeople.org >> accounts ? > > Is it possible to waive the requirement that my mentee has to be > sponsored to a group other than the CLA group? I remember there were > discussion about syndicating our mentees blogs to Planet Fedora? I'm going to forward this to seth vidal, who is in charge of such things, and the Fedora Infrastructure team. Personally I think that the students/mentees will need access to the wiki at some point or another. That can definitely count as a second group. I've made it a point for my mentee to have a biography on the wiki, and with the new wiki, it has it's own group in FAS. To actually put a blog on Planet Fedora, the mentees need to follow the instructions seth posted a few days ago. They can be found here http://skvidal.wordpress.com/2008/05/19/changes-at-planet-fedora/ -Yaakov From mmcgrath at redhat.com Sun May 25 04:22:49 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 24 May 2008 23:22:49 -0500 (CDT) Subject: Blog syndication for GSoC - ers In-Reply-To: <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> Message-ID: On Sun, 25 May 2008, Yaakov Nemoy wrote: > On Sat, May 24, 2008 at 10:04 PM, Eugene Teo wrote: > > > > Sankarshan Mukhopadhyay wrote: > >> With the new process for getting (and staying) on Planet Fedora in > >> place, how does it affect GSoC-ers ? > >> > >> Do we have their blogs on the Planet ? And, do they get FedoraPeople.org > >> accounts ? > > > > Is it possible to waive the requirement that my mentee has to be > > sponsored to a group other than the CLA group? I remember there were > > discussion about syndicating our mentees blogs to Planet Fedora? > > I'm going to forward this to seth vidal, who is in charge of such > things, and the Fedora Infrastructure team. > > Personally I think that the students/mentees will need access to the > wiki at some point or another. That can definitely count as a second > group. I've made it a point for my mentee to have a biography on the > wiki, and with the new wiki, it has it's own group in FAS. > > To actually put a blog on Planet Fedora, the mentees need to follow > the instructions seth posted a few days ago. > > They can be found here > http://skvidal.wordpress.com/2008/05/19/changes-at-planet-fedora/ > My personal feeling is that individuals that want to be on planet really should be a fedora contributor. The barriers are pretty low (and going down even more all the time) to contribute. The question then is, why would someone want to be on Fedora planet but not be a fedora contributor? -Mike From mmcgrath at redhat.com Sun May 25 04:27:36 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 24 May 2008 23:27:36 -0500 (CDT) Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> Message-ID: On Sat, 24 May 2008, Mike McGrath wrote: > On Sun, 25 May 2008, Yaakov Nemoy wrote: > > > On Sat, May 24, 2008 at 10:04 PM, Eugene Teo wrote: > > > > > > Sankarshan Mukhopadhyay wrote: > > >> With the new process for getting (and staying) on Planet Fedora in > > >> place, how does it affect GSoC-ers ? > > >> > > >> Do we have their blogs on the Planet ? And, do they get FedoraPeople.org > > >> accounts ? > > > > > > Is it possible to waive the requirement that my mentee has to be > > > sponsored to a group other than the CLA group? I remember there were > > > discussion about syndicating our mentees blogs to Planet Fedora? > > > > I'm going to forward this to seth vidal, who is in charge of such > > things, and the Fedora Infrastructure team. > > > > Personally I think that the students/mentees will need access to the > > wiki at some point or another. That can definitely count as a second > > group. I've made it a point for my mentee to have a biography on the > > wiki, and with the new wiki, it has it's own group in FAS. > > > > To actually put a blog on Planet Fedora, the mentees need to follow > > the instructions seth posted a few days ago. > > > > They can be found here > > http://skvidal.wordpress.com/2008/05/19/changes-at-planet-fedora/ > > > > My personal feeling is that individuals that want to be on planet really > should be a fedora contributor. The barriers are pretty low (and going > down even more all the time) to contribute. > > The question then is, why would someone want to be on Fedora planet but > not be a fedora contributor? > Alternatively, perhaps we should just have an GSoC group? These guys are technically contributors... -Mike From loupgaroublond at gmail.com Sun May 25 04:33:42 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Sun, 25 May 2008 00:33:42 -0400 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> Message-ID: <7f692fec0805242133j66f698c5va183540ed2d4dbee@mail.gmail.com> On Sun, May 25, 2008 at 12:22 AM, Mike McGrath wrote: > On Sun, 25 May 2008, Yaakov Nemoy wrote: > >> On Sat, May 24, 2008 at 10:04 PM, Eugene Teo wrote: >> > >> > Sankarshan Mukhopadhyay wrote: >> >> With the new process for getting (and staying) on Planet Fedora in >> >> place, how does it affect GSoC-ers ? >> >> >> >> Do we have their blogs on the Planet ? And, do they get FedoraPeople.org >> >> accounts ? >> > >> > Is it possible to waive the requirement that my mentee has to be >> > sponsored to a group other than the CLA group? I remember there were >> > discussion about syndicating our mentees blogs to Planet Fedora? >> >> I'm going to forward this to seth vidal, who is in charge of such >> things, and the Fedora Infrastructure team. >> >> Personally I think that the students/mentees will need access to the >> wiki at some point or another. That can definitely count as a second >> group. I've made it a point for my mentee to have a biography on the >> wiki, and with the new wiki, it has it's own group in FAS. >> >> To actually put a blog on Planet Fedora, the mentees need to follow >> the instructions seth posted a few days ago. >> >> They can be found here >> http://skvidal.wordpress.com/2008/05/19/changes-at-planet-fedora/ >> > > My personal feeling is that individuals that want to be on planet really > should be a fedora contributor. The barriers are pretty low (and going > down even more all the time) to contribute. > > The question then is, why would someone want to be on Fedora planet but > not be a fedora contributor? > These are our google summer of code students, more or less. In the case of Smolt, I want Pavel sending patches to me instead of just pushing them. The only reason is because of google requirements. That's why you probably haven't seen his application to be a member of hgsmolt. Still, the wiki's a group, no? -Yaakov From skvidal at fedoraproject.org Sun May 25 11:48:59 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Sun, 25 May 2008 07:48:59 -0400 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> Message-ID: <1211716139.30433.0.camel@cutter> On Sat, 2008-05-24 at 23:22 -0500, Mike McGrath wrote: > > They can be found here > > http://skvidal.wordpress.com/2008/05/19/changes-at-planet-fedora/ > > > > My personal feeling is that individuals that want to be on planet really > should be a fedora contributor. The barriers are pretty low (and going > down even more all the time) to contribute. > > The question then is, why would someone want to be on Fedora planet but > not be a fedora contributor? +1 -sv From loupgaroublond at gmail.com Sun May 25 16:45:33 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Sun, 25 May 2008 12:45:33 -0400 Subject: Notice of awayness Message-ID: <7f692fec0805250945y35b61d41y13ad59a622072a@mail.gmail.com> Hi lists, I'm probably not important enough that it warrants a full message, but this is to inform you that I will be out of touch from May 26th 2008 through May 31st 2008. I will have limited access to internet and email, and will be busy interacting with people in meatspace anyways. If there are any major problems with Smolt, or anything else that requires my attention, the best person to reach is probably Mike McGrath. -Yaakov From linux at elfshadow.net Sun May 25 17:19:11 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sun, 25 May 2008 13:19:11 -0400 Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> Message-ID: <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> On Sat, May 24, 2008 at 10:18 PM, Jeffrey Tadlock wrote: > 'open_basedir' is causing issues with the user's page (i.e. clicking > the jeffreyt link at the top of the page), when it is enabled it just > goes to a blank page. The same happens with the Infrastructure page > as well. Everything else seemed to work well with it enabled. I will > play with that on a vanilla install at home and see what is up with > that. I think I have this working now. I needed to add /usr/share/pear to the open_basedir list. The things I saw broken because of that last night now appear to be working. It is now enabled on publictest2. If I am not around and it turns out it is causing issues somewhere else, you can just comment it out in /etc/php.ini and bounce Apache and you'll be good to go. > If something has broken and I missed it, feel free to ping me (iWolf) > on IRC. If I am not around you can grab the original php.ini file > from my home directory under the php-sec directory. Just copy it to > /etc/php.ini and bounce apache and you will be back to the way it was > before I made the changes. Please let me know if you need to do that > though, so I can look at it further. Same applies. I have some garden work to do this afternoon, so if I am not around, you can copy the original php.ini from my home directory under the php-sec directory to /etc/php.ini and bounce apache to be back to the original way it was before I made changes. Just let me know if you end up needing to do that so I can look at it further. Thanks! Jeffrey From mmcgrath at redhat.com Mon May 26 03:29:14 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 25 May 2008 22:29:14 -0500 (CDT) Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> Message-ID: On Sun, 25 May 2008, Jeffrey Tadlock wrote: > On Sat, May 24, 2008 at 10:18 PM, Jeffrey Tadlock wrote: > > 'open_basedir' is causing issues with the user's page (i.e. clicking > > the jeffreyt link at the top of the page), when it is enabled it just > > goes to a blank page. The same happens with the Infrastructure page > > as well. Everything else seemed to work well with it enabled. I will > > play with that on a vanilla install at home and see what is up with > > that. > > I think I have this working now. I needed to add /usr/share/pear to > the open_basedir list. The things I saw broken because of that last > night now appear to be working. It is now enabled on publictest2. > > If I am not around and it turns out it is causing issues somewhere > else, you can just comment it out in /etc/php.ini and bounce Apache > and you'll be good to go. > > > If something has broken and I missed it, feel free to ping me (iWolf) > > on IRC. If I am not around you can grab the original php.ini file > > from my home directory under the php-sec directory. Just copy it to > > /etc/php.ini and bounce apache and you will be back to the way it was > > before I made the changes. Please let me know if you need to do that > > though, so I can look at it further. > > Same applies. I have some garden work to do this afternoon, so if I > am not around, you can copy the original php.ini from my home > directory under the php-sec directory to /etc/php.ini and bounce > apache to be back to the original way it was before I made changes. > Just let me know if you end up needing to do that so I can look at it > further. > Thanks for looking in to this stuff, once we're sure its all working right we can get that in to puppet and deploy it on our new mediawiki hosts. -Mike From mmcgrath at redhat.com Mon May 26 03:40:50 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 25 May 2008 22:40:50 -0500 (CDT) Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> Message-ID: On Sun, 25 May 2008, Jeffrey Tadlock wrote: > On Sat, May 24, 2008 at 10:18 PM, Jeffrey Tadlock wrote: > > 'open_basedir' is causing issues with the user's page (i.e. clicking > > the jeffreyt link at the top of the page), when it is enabled it just > > goes to a blank page. The same happens with the Infrastructure page > > as well. Everything else seemed to work well with it enabled. I will > > play with that on a vanilla install at home and see what is up with > > that. > > I think I have this working now. I needed to add /usr/share/pear to > the open_basedir list. The things I saw broken because of that last > night now appear to be working. It is now enabled on publictest2. > Side note about this, it seems to have broken OpenID support. I've reverted to a default configuration so ricky can continue testing. If you've got a moment could you hook up with him at some point and find out exactly what configuration is causing the problem? -Mike From linux at elfshadow.net Mon May 26 11:47:37 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Mon, 26 May 2008 07:47:37 -0400 Subject: PHP Security Tweaks In-Reply-To: References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> Message-ID: <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> On Sun, May 25, 2008 at 11:40 PM, Mike McGrath wrote: > Side note about this, it seems to have broken OpenID support. I've > reverted to a default configuration so ricky can continue testing. If > you've got a moment could you hook up with him at some point and find out > exactly what configuration is causing the problem? I checked the file listing in the OpenID packages and I bet the open_basedir wasn't letting the OpenID stuff have access to the files it needed. I can modify that and allow access to those directories it most likely needs. It's a trip to the zoo day with the kids, but I will cross paths with Ricky later today/this evening and get this sorted out. Thanks! Jeffrey From loupgaroublond at gmail.com Mon May 26 14:55:40 2008 From: loupgaroublond at gmail.com (Yaakov Nemoy) Date: Mon, 26 May 2008 10:55:40 -0400 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <3237e4410805252117q14c32d80gf5bc3722b3344a98@mail.gmail.com> Message-ID: <7f692fec0805260755x6efe6f6em6d58aedd0611eedc@mail.gmail.com> On Mon, May 26, 2008 at 3:01 AM, Karsten Wade wrote: >> It would be but I get the feeling that some aren't joining or aren't >> allowed to because of google rules (I have no idea about either of >> these, someone please correct me) > > Well, AIUI Google's whole point of getting the students connected > months ago was so they could join the projects and so forth. > > If there are any students who haven't got their FAS account ... why? Etc. > > Google mainly wants the students to fit in with the project, under our > own regular processes. Where they exert influence is in, for example, > requiring the students to work on their own code and not be a a team > working on a module, etc. I presume this is mainly to let them tie > expenditure to effort directly, without team effects. This is more or less 'it' in a nutshell. There is one extra requirement that they have a uploadable set of files, mainly for legal reasons. That's pretty much all there is to it. In my case, I've asked pavel to email me patches for git. The reasoning is that we'll have a log of emails complete with files that can be tarballed and submitted to Google easily. I've asked him not to ask for permission to participate in our git instance, although he really does need to sign up for our trac. He also needs to be signed up for the wiki, and a few mailing lists. His participation is supposed to be the same as anyone else's with the notable exception of the 'hgsmolt' group. -Yaakov From kwade at redhat.com Mon May 26 23:54:45 2008 From: kwade at redhat.com (Karsten 'quaid' Wade) Date: Mon, 26 May 2008 16:54:45 -0700 Subject: OpenID and CLA Message-ID: <1211846085.3594.99.camel@calliope.phig.org> Just doing some thinking ... If we want to move our OpenID acceptance outside of Fedora's OpenID server, we'll have a blocker with the CLA. AIUI, we need someone to knowingly accept the CLA and have that tied to a Real Name and email address in our database. Right? However, OpenID could be a good way to get permissions to Talk: pages. That is a great way to get feedback from drive-bys, the kind of people who might take advantage of an OpenID to make a minor change on a page. Content in Talk: could be treated procedurally as we do bug reports. Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights link enough?) for that? Either way, Talk: could be a discussion area, cf. mailing lists and bugzilla, that may produce content. If someone gives specific wording and we want to use it, and now or later modify it, redistribute it, etc., it needs to be under the CLA and site license. This is comparable to receiving a patch via bugzilla where the contributor should include licensing text. - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue May 27 01:11:12 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 26 May 2008 20:11:12 -0500 (CDT) Subject: OpenID and CLA In-Reply-To: <1211846085.3594.99.camel@calliope.phig.org> References: <1211846085.3594.99.camel@calliope.phig.org> Message-ID: On Mon, 26 May 2008, Karsten 'quaid' Wade wrote: > Just doing some thinking ... > > If we want to move our OpenID acceptance outside of Fedora's OpenID > server, we'll have a blocker with the CLA. AIUI, we need someone to > knowingly accept the CLA and have that tied to a Real Name and email > address in our database. Right? > Correct. > However, OpenID could be a good way to get permissions to Talk: pages. > That is a great way to get feedback from drive-bys, the kind of people > who might take advantage of an OpenID to make a minor change on a > page. > I looked briefly into this but haven't totally come to a solution yet. > Content in Talk: could be treated procedurally as we do bug reports. > Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights > link enough?) for that? Either way, Talk: could be a discussion area, > cf. mailing lists and bugzilla, that may produce content. If someone > gives specific wording and we want to use it, and now or later modify > it, redistribute it, etc., it needs to be under the CLA and site > license. This is comparable to receiving a patch via bugzilla where the > contributor should include licensing text. > Yeah, this is both a question for legal and a question to see what is technically feasible. OpenID is great, but once again the CLA continues to be the biggest blocker to growing our contributor base. -Mike From jeff at ocjtech.us Tue May 27 03:18:31 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Mon, 26 May 2008 22:18:31 -0500 Subject: OpenID and CLA In-Reply-To: <1211846085.3594.99.camel@calliope.phig.org> References: <1211846085.3594.99.camel@calliope.phig.org> Message-ID: <935ead450805262018w4619a89q7e38138066e6f2df@mail.gmail.com> 2008/5/26 Karsten 'quaid' Wade : > > If we want to move our OpenID acceptance outside of Fedora's OpenID > server, we'll have a blocker with the CLA. AIUI, we need someone to > knowingly accept the CLA and have that tied to a Real Name and email > address in our database. Right? You don't have to limit the choices to "only accept Fedora OpenID identities" or "allow any OpenID identity". It should be possible to limit out acceptance of OpenID identities to ones that have previously been associated with a FAS account. So before you could use your Yahoo or MyOpenID identity to login to the Fedora Wiki you'd have to log into FAS and register any other identities that you'd like to use. I don't know enough about the MediaWiki OpenID plugin to know if that would be easy or hard to do. Jeff From ianweller at gmail.com Tue May 27 03:36:21 2008 From: ianweller at gmail.com (Ian Weller) Date: Mon, 26 May 2008 22:36:21 -0500 (CDT) Subject: OpenID and CLA In-Reply-To: <935ead450805262018w4619a89q7e38138066e6f2df@mail.gmail.com> References: <1211846085.3594.99.camel@calliope.phig.org> <935ead450805262018w4619a89q7e38138066e6f2df@mail.gmail.com> Message-ID: On Mon, 26 May 2008, Jeffrey Ollie wrote: > You don't have to limit the choices to "only accept Fedora OpenID > identities" or "allow any OpenID identity". It should be possible to > limit out acceptance of OpenID identities to ones that have previously > been associated with a FAS account. So before you could use your > Yahoo or MyOpenID identity to login to the Fedora Wiki you'd have to > log into FAS and register any other identities that you'd like to use. > I don't know enough about the MediaWiki OpenID plugin to know if that > would be easy or hard to do. > You can only allow or deny certain OpenID servers, as far as I can tell. -- ian From johnp at redhat.com Tue May 27 15:04:56 2008 From: johnp at redhat.com (John (J5) Palmieri) Date: Tue, 27 May 2008 11:04:56 -0400 Subject: OpenID and CLA In-Reply-To: References: <1211846085.3594.99.camel@calliope.phig.org> Message-ID: <1211900696.30628.35.camel@localhost.localdomain> On Mon, 2008-05-26 at 20:11 -0500, Mike McGrath wrote: > On Mon, 26 May 2008, Karsten 'quaid' Wade wrote: > > > Just doing some thinking ... > > > > If we want to move our OpenID acceptance outside of Fedora's OpenID > > server, we'll have a blocker with the CLA. AIUI, we need someone to > > knowingly accept the CLA and have that tied to a Real Name and email > > address in our database. Right? > > > > Correct. > > > However, OpenID could be a good way to get permissions to Talk: pages. > > That is a great way to get feedback from drive-bys, the kind of people > > who might take advantage of an OpenID to make a minor change on a > > page. > > > > I looked briefly into this but haven't totally come to a solution > yet. > > > Content in Talk: could be treated procedurally as we do bug reports. > > Maybe we can have a WikiLicense type of thing (FedoraProject:Copyrights > > link enough?) for that? Either way, Talk: could be a discussion area, > > cf. mailing lists and bugzilla, that may produce content. If someone > > gives specific wording and we want to use it, and now or later modify > > it, redistribute it, etc., it needs to be under the CLA and site > > license. This is comparable to receiving a patch via bugzilla where the > > contributor should include licensing text. > > > > Yeah, this is both a question for legal and a question to see what is > technically feasible. OpenID is great, but once again the CLA continues > to be the biggest blocker to growing our contributor base. > > -Mike It is my understanding that OpenID isn't about giving people unfettered access. It is about not having to type your information and remember passwords for 100 different sites. The idea behind federation is you can allow access from certain OpenID domains to specific resources (FAS still decides what gets served up) and you can also federate a Fedora user account with an OpenID account. For more sensitive operations you can still require the user type in their Fedora password or have a certificate. http://www.gnucitizen.org/blog/openid-a-security-story/ lists some OpenID concerns (a lot of which we prevent by using https). This issue is more than just an OpenID issue. In fact you can take OpenID out of the equation to ask, how do we allow people to join when the CLA is our biggest blocker. I think the correct answer here is the one being looked at which is to allow things like posting comments, bugs and setting up a user presence within Fedora should all be allowed without the CLA (bugs are already allowed this way). For all other things, as people want to do more the CLA is then presented as the next step. Putting OpenID back into the equation doesn't really change much other than a discussion on what level do we just accept OpenID and on what level do we make them federate with a Fedora account. Concentrating on the CLA bottleneck would make everything else possible. We have concluded that it is a necessity but I hope that doesn't mean we don't have any wiggle room. -- John (J5) Palmieri From kwade at redhat.com Tue May 27 15:11:02 2008 From: kwade at redhat.com (Karsten 'quaid' Wade) Date: Tue, 27 May 2008 08:11:02 -0700 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> Message-ID: <1211901062.3594.114.camel@calliope.phig.org> On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > Alternatively, perhaps we should just have an GSoC group? These guys > are > technically contributors... I didn't realize this discussion was cross-posted, I already sent my agreement to this idea to the other thread. Having a group 'gsoc_2008' or 'summercoders_2008' could help more than just this problem. As was said elsewhere, these _are_ Fedora contributors, but they don't all fit directly in to an existing group, or their contributions are being filtered outside of the group. - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue May 27 15:28:36 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 May 2008 10:28:36 -0500 (CDT) Subject: Blog syndication for GSoC - ers In-Reply-To: <1211901062.3594.114.camel@calliope.phig.org> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> Message-ID: On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > Alternatively, perhaps we should just have an GSoC group? These guys > > are > > technically contributors... > > I didn't realize this discussion was cross-posted, I already sent my > agreement to this idea to the other thread. Having a group 'gsoc_2008' > or 'summercoders_2008' could help more than just this problem. As was > said elsewhere, these _are_ Fedora contributors, but they don't all fit > directly in to an existing group, or their contributions are being > filtered outside of the group. > Why not just gsoc? I don't understand what we gain from the _2008? -Mike From kwade at redhat.com Tue May 27 16:14:21 2008 From: kwade at redhat.com (Karsten 'quaid' Wade) Date: Tue, 27 May 2008 09:14:21 -0700 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> Message-ID: <1211904861.3594.119.camel@calliope.phig.org> On Tue, 2008-05-27 at 10:28 -0500, Mike McGrath wrote: > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > > > Alternatively, perhaps we should just have an GSoC group? These guys > > > are > > > technically contributors... > > > > I didn't realize this discussion was cross-posted, I already sent my > > agreement to this idea to the other thread. Having a group 'gsoc_2008' > > or 'summercoders_2008' could help more than just this problem. As was > > said elsewhere, these _are_ Fedora contributors, but they don't all fit > > directly in to an existing group, or their contributions are being > > filtered outside of the group. > > > > Why not just gsoc? I don't understand what we gain from the _2008? Gain, not sure. Lose, the ability to differentiate between groups. A main purpose of GSoC is to get more coders into more projects. For this reason, all students who stick around Fedora should be in other groups. Their continued presence in "last year's group" should *not* be construed as an ongoing contributor effort. By the end of this Summer, the group is essentially defunct. If that is the only group someone is in, and six months later ... it's still the only group, then they aren't contributing to any coding projects. If they move on to Ambassadors, then they are in another group, are contributing, etc. Does that make sense? For a similar reason, I recommend a generic name. Maybe all interns and summer coders could be in the group. That way we can include the Finnish Summer Code effort into this, and any RHT interns that aren't part of another group (yet.) - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Tue May 27 17:46:49 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 May 2008 12:46:49 -0500 (CDT) Subject: Blog syndication for GSoC - ers In-Reply-To: <1211904861.3594.119.camel@calliope.phig.org> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> <1211904861.3594.119.camel@calliope.phig.org> Message-ID: On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > On Tue, 2008-05-27 at 10:28 -0500, Mike McGrath wrote: > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > > > > > Alternatively, perhaps we should just have an GSoC group? These guys > > > > are > > > > technically contributors... > > > > > > I didn't realize this discussion was cross-posted, I already sent my > > > agreement to this idea to the other thread. Having a group 'gsoc_2008' > > > or 'summercoders_2008' could help more than just this problem. As was > > > said elsewhere, these _are_ Fedora contributors, but they don't all fit > > > directly in to an existing group, or their contributions are being > > > filtered outside of the group. > > > > > > > Why not just gsoc? I don't understand what we gain from the _2008? > > Gain, not sure. Lose, the ability to differentiate between groups. > > A main purpose of GSoC is to get more coders into more projects. > > For this reason, all students who stick around Fedora should be in other > groups. Their continued presence in "last year's group" should *not* be > construed as an ongoing contributor effort. By the end of this Summer, > the group is essentially defunct. If that is the only group someone is > in, and six months later ... it's still the only group, then they aren't > contributing to any coding projects. If they move on to Ambassadors, > then they are in another group, are contributing, etc. > > Does that make sense? > > For a similar reason, I recommend a generic name. Maybe all interns and > summer coders could be in the group. That way we can include the > Finnish Summer Code effort into this, and any RHT interns that aren't > part of another group (yet.) > In 2009, what use will the gsoc_2008 group be? I had assumed that at the end of summery 2008, the gsoc group would be cleared out except for admins and sponsors. Similar to what would happen with ols. -Mike From skvidal at fedoraproject.org Tue May 27 17:54:08 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 May 2008 13:54:08 -0400 Subject: Blog syndication for GSoC - ers In-Reply-To: References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> <1211904861.3594.119.camel@calliope.phig.org> Message-ID: <1211910848.14871.63.camel@cutter> On Tue, 2008-05-27 at 12:46 -0500, Mike McGrath wrote: > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > On Tue, 2008-05-27 at 10:28 -0500, Mike McGrath wrote: > > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > > > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > > > > > > > Alternatively, perhaps we should just have an GSoC group? These guys > > > > > are > > > > > technically contributors... > > > > > > > > I didn't realize this discussion was cross-posted, I already sent my > > > > agreement to this idea to the other thread. Having a group 'gsoc_2008' > > > > or 'summercoders_2008' could help more than just this problem. As was > > > > said elsewhere, these _are_ Fedora contributors, but they don't all fit > > > > directly in to an existing group, or their contributions are being > > > > filtered outside of the group. > > > > > > > > > > Why not just gsoc? I don't understand what we gain from the _2008? > > > > Gain, not sure. Lose, the ability to differentiate between groups. > > > > A main purpose of GSoC is to get more coders into more projects. > > > > For this reason, all students who stick around Fedora should be in other > > groups. Their continued presence in "last year's group" should *not* be > > construed as an ongoing contributor effort. By the end of this Summer, > > the group is essentially defunct. If that is the only group someone is > > in, and six months later ... it's still the only group, then they aren't > > contributing to any coding projects. If they move on to Ambassadors, > > then they are in another group, are contributing, etc. > > > > Does that make sense? > > > > For a similar reason, I recommend a generic name. Maybe all interns and > > summer coders could be in the group. That way we can include the > > Finnish Summer Code effort into this, and any RHT interns that aren't > > part of another group (yet.) > > > > In 2009, what use will the gsoc_2008 group be? I had assumed that at the > end of summery 2008, the gsoc group would be cleared out except for admins > and sponsors. Similar to what would happen with ols. > I think what Karsten is saying (maybe) is that remembering to clear our the group is something ELSE we have to do. with a group with a year in the name we can just delete the group w/o having to check who is in it, or not. -sv From Matt_Domsch at dell.com Tue May 27 18:16:52 2008 From: Matt_Domsch at dell.com (Matt Domsch) Date: Tue, 27 May 2008 13:16:52 -0500 Subject: Blog syndication for GSoC - ers In-Reply-To: <1211910848.14871.63.camel@cutter> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> <1211904861.3594.119.camel@calliope.phig.org> <1211910848.14871.63.camel@cutter> Message-ID: <20080527181652.GD25696@auslistsprd01.us.dell.com> On Tue, May 27, 2008 at 01:54:08PM -0400, seth vidal wrote: > On Tue, 2008-05-27 at 12:46 -0500, Mike McGrath wrote: > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > On Tue, 2008-05-27 at 10:28 -0500, Mike McGrath wrote: > > > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > > > > > > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > > > > > > > > > Alternatively, perhaps we should just have an GSoC group? These guys > > > > > > are > > > > > > technically contributors... > > > > > > > > > > I didn't realize this discussion was cross-posted, I already sent my > > > > > agreement to this idea to the other thread. Having a group 'gsoc_2008' > > > > > or 'summercoders_2008' could help more than just this problem. As was > > > > > said elsewhere, these _are_ Fedora contributors, but they don't all fit > > > > > directly in to an existing group, or their contributions are being > > > > > filtered outside of the group. > > > > > > > > > > > > > Why not just gsoc? I don't understand what we gain from the _2008? > > > > > > Gain, not sure. Lose, the ability to differentiate between groups. > > > > > > A main purpose of GSoC is to get more coders into more projects. > > > > > > For this reason, all students who stick around Fedora should be in other > > > groups. Their continued presence in "last year's group" should *not* be > > > construed as an ongoing contributor effort. By the end of this Summer, > > > the group is essentially defunct. If that is the only group someone is > > > in, and six months later ... it's still the only group, then they aren't > > > contributing to any coding projects. If they move on to Ambassadors, > > > then they are in another group, are contributing, etc. > > > > > > Does that make sense? > > > > > > For a similar reason, I recommend a generic name. Maybe all interns and > > > summer coders could be in the group. That way we can include the > > > Finnish Summer Code effort into this, and any RHT interns that aren't > > > part of another group (yet.) > > > > > > > In 2009, what use will the gsoc_2008 group be? I had assumed that at the > > end of summery 2008, the gsoc group would be cleared out except for admins > > and sponsors. Similar to what would happen with ols. > > > > I think what Karsten is saying (maybe) is that remembering to clear our > the group is something ELSE we have to do. with a group with a year in > the name we can just delete the group w/o having to check who is in it, > or not. Or, really, shouldn't the student be included in some existing group now, and not create a new gsoc group at all? If the point is to get them involved in Fedora and to keep contributing after the summer is over, then being a part of a group that's directly related to the work they're doing, not how they're being mentored via GSOC, makes sense to me. Yes, we can create groups if they're beneficial, but being in the sysadmin-web group, or the gittransifex group, would seem to make more sense. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mmcgrath at redhat.com Tue May 27 18:49:54 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 May 2008 13:49:54 -0500 (CDT) Subject: Logging #fedora-meeting Message-ID: There's been some requests to log #fedora-meeting automatically. There's technical issues there like where to store them, is there a way to auto start / stop meetings, etc. Lets discuss. thoughts? -Mike From skvidal at fedoraproject.org Tue May 27 18:59:09 2008 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 May 2008 14:59:09 -0400 Subject: Logging #fedora-meeting In-Reply-To: References: Message-ID: <1211914749.14871.75.camel@cutter> On Tue, 2008-05-27 at 13:49 -0500, Mike McGrath wrote: > There's been some requests to log #fedora-meeting automatically. There's > technical issues there like where to store them, is there a way to auto > start / stop meetings, etc. > > Lets discuss. thoughts? > Can zodbot log? and if so can it log multiple channels? -sv From mmcgrath at redhat.com Tue May 27 19:06:27 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 May 2008 14:06:27 -0500 (CDT) Subject: Blog syndication for GSoC - ers In-Reply-To: <20080527181652.GD25696@auslistsprd01.us.dell.com> References: <4838C681.2060700@gmail.com> <4838C94B.9060505@redhat.com> <7f692fec0805242105m40be11a0k8f1e699d60775549@mail.gmail.com> <1211901062.3594.114.camel@calliope.phig.org> <1211904861.3594.119.camel@calliope.phig.org> <1211910848.14871.63.camel@cutter> <20080527181652.GD25696@auslistsprd01.us.dell.com> Message-ID: On Tue, 27 May 2008, Matt Domsch wrote: > On Tue, May 27, 2008 at 01:54:08PM -0400, seth vidal wrote: > > On Tue, 2008-05-27 at 12:46 -0500, Mike McGrath wrote: > > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > > > > On Tue, 2008-05-27 at 10:28 -0500, Mike McGrath wrote: > > > > > On Tue, 27 May 2008, Karsten 'quaid' Wade wrote: > > > > > > > > > > > > > > > > > On Sat, 2008-05-24 at 23:27 -0500, Mike McGrath wrote: > > > > > > > > > > > > > Alternatively, perhaps we should just have an GSoC group? These guys > > > > > > > are > > > > > > > technically contributors... > > > > > > > > > > > > I didn't realize this discussion was cross-posted, I already sent my > > > > > > agreement to this idea to the other thread. Having a group 'gsoc_2008' > > > > > > or 'summercoders_2008' could help more than just this problem. As was > > > > > > said elsewhere, these _are_ Fedora contributors, but they don't all fit > > > > > > directly in to an existing group, or their contributions are being > > > > > > filtered outside of the group. > > > > > > > > > > > > > > > > Why not just gsoc? I don't understand what we gain from the _2008? > > > > > > > > Gain, not sure. Lose, the ability to differentiate between groups. > > > > > > > > A main purpose of GSoC is to get more coders into more projects. > > > > > > > > For this reason, all students who stick around Fedora should be in other > > > > groups. Their continued presence in "last year's group" should *not* be > > > > construed as an ongoing contributor effort. By the end of this Summer, > > > > the group is essentially defunct. If that is the only group someone is > > > > in, and six months later ... it's still the only group, then they aren't > > > > contributing to any coding projects. If they move on to Ambassadors, > > > > then they are in another group, are contributing, etc. > > > > > > > > Does that make sense? > > > > > > > > For a similar reason, I recommend a generic name. Maybe all interns and > > > > summer coders could be in the group. That way we can include the > > > > Finnish Summer Code effort into this, and any RHT interns that aren't > > > > part of another group (yet.) > > > > > > > > > > In 2009, what use will the gsoc_2008 group be? I had assumed that at the > > > end of summery 2008, the gsoc group would be cleared out except for admins > > > and sponsors. Similar to what would happen with ols. > > > > > > > I think what Karsten is saying (maybe) is that remembering to clear our > > the group is something ELSE we have to do. with a group with a year in > > the name we can just delete the group w/o having to check who is in it, > > or not. > > Or, really, shouldn't the student be included in some existing group > now, and not create a new gsoc group at all? If the point is to get > them involved in Fedora and to keep contributing after the summer is > over, then being a part of a group that's directly related to the work > they're doing, not how they're being mentored via GSOC, makes sense to > me. > > Yes, we can create groups if they're beneficial, but being in the > sysadmin-web group, or the gittransifex group, would seem to make more > sense. > Some of these guys are just working on and committing code. And some of that code isn't hosted with us. -Mike From mmcgrath at redhat.com Tue May 27 19:06:56 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 May 2008 14:06:56 -0500 (CDT) Subject: Logging #fedora-meeting In-Reply-To: <1211914749.14871.75.camel@cutter> References: <1211914749.14871.75.camel@cutter> Message-ID: On Tue, 27 May 2008, seth vidal wrote: > On Tue, 2008-05-27 at 13:49 -0500, Mike McGrath wrote: > > There's been some requests to log #fedora-meeting automatically. There's > > technical issues there like where to store them, is there a way to auto > > start / stop meetings, etc. > > > > Lets discuss. thoughts? > > > > Can zodbot log? and if so can it log multiple channels? > Can and does though its not 'public' yet. Also I think ianweller had something in mind for sticking that data in the wiki. -Mike From ianweller at gmail.com Tue May 27 19:49:25 2008 From: ianweller at gmail.com (Ian Weller) Date: Tue, 27 May 2008 14:49:25 -0500 (CDT) Subject: Logging #fedora-meeting In-Reply-To: References: <1211914749.14871.75.camel@cutter> Message-ID: On Tue, 27 May 2008, Mike McGrath wrote: > On Tue, 27 May 2008, seth vidal wrote: > >> Can zodbot log? and if so can it log multiple channels? >> > > Can and does though its not 'public' yet. Also I think ianweller had > something in mind for sticking that data in the wiki. > Just wrote a patch to the popular irclog2html.py [1] to output MediaWiki table syntax. Its at http://ianweller.fedorapeople.org/irclog2html/ -- ian [1]: http://mg.pov.lt/irclog2html/ From dennis at ausil.us Tue May 27 20:23:48 2008 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 27 May 2008 15:23:48 -0500 Subject: Logging #fedora-meeting In-Reply-To: References: Message-ID: <200805271524.01457.dennis@ausil.us> On Tuesday 27 May 2008, Mike McGrath wrote: > There's been some requests to log #fedora-meeting automatically. There's > technical issues there like where to store them, is there a way to auto > start / stop meetings, etc. > > Lets discuss. thoughts? A bot that you can issue commands to such as startmeeting , endmeeting. and postmeeting would be good. It would really want a very limited set of commands. we would need a host for the bots to run on. then we could export meetings via http. Dennis. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From ivazqueznet at gmail.com Tue May 27 21:02:46 2008 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Tue, 27 May 2008 17:02:46 -0400 Subject: Logging #fedora-meeting In-Reply-To: References: Message-ID: <1211922167.4081.22.camel@ignacio.lan> On Tue, 2008-05-27 at 13:49 -0500, Mike McGrath wrote: > There's been some requests to log #fedora-meeting automatically. There's > technical issues there like where to store them, is there a way to auto > start / stop meetings, etc. > > Lets discuss. thoughts? ##distros had a meeting bot during the last meeting we had. -- Ignacio Vazquez-Abrams PLEASE don't CC me; I'm already subscribed -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dev at nigelj.com Wed May 28 10:23:04 2008 From: dev at nigelj.com (Nigel Jones) Date: Wed, 28 May 2008 22:23:04 +1200 Subject: Outage Notification - 2008-05-28 10:00 UTC Message-ID: <483D3288.2040401@nigelj.com> We are currently experiencing an unplanned outage as of 2008-05-28 10:00 UTC Affected Services: CVS / Source Control Unaffected Services: Websites Buildsystem Database DNS Mail Torrent Reason for Outage: There appears to be a routing issue preventing outside hosts accessing the machine that runs the CVS system used by Fedora Developers and the Docs Team We are currently in the process of isolating the issue but an ETA is not available and apologise for any inconvenience. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. Regards, Nigel Jones From antonio.montagnani at alice.it Wed May 28 11:32:41 2008 From: antonio.montagnani at alice.it (antonio montagnani) Date: Wed, 28 May 2008 13:32:41 +0200 Subject: Creation of an user profile... In-Reply-To: <1211630764.3966.50.camel@sboing.byte-code.lan> References: <4837FFF8.70003@alice.it> <1211630764.3966.50.camel@sboing.byte-code.lan> Message-ID: <483D42D9.6050805@alice.it> Luca Foppiano wrote / ha scritto on /il 24/05/2008 14:06: > On Sat, 2008-05-24 at 13:46 +0200, antonio montagnani wrote: > >> when I try to create my Profile I get this reply: >> >> Proxy Error >> >> The proxy server received an invalid response from an upstream server. >> The proxy server could not handle the request POST /wiki/UserPreferences. >> >> Reason: Error reading from remote server >> > > It's a common bug...solution is to cross fingers and retry ;-) > > AFAIK wiki will be migrated on mediawiki to avoid this errors > > Luca > I created an user account as antoniomontag (even if I tried to create it as AntonioMontagnani): how do I change it??? Also in the new wiki, I cannot create another account. Any help??? -- Antonio M Mob.+393386586046 Skype: antoniomontag ========================================================== Mail by Thunderbird 2.0 Websurfing by Firefox 3.0b5 ========================================================== Linux Fedora F9 (Sulphur) on Acer 5720 Linux user number 362582 www.linuxsaronno.net www.campingmonterosa.com www.roburtennissaronno.com ========================================================== From mmcgrath at redhat.com Wed May 28 16:08:00 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 28 May 2008 11:08:00 -0500 (CDT) Subject: Creation of an user profile... In-Reply-To: <483D42D9.6050805@alice.it> References: <4837FFF8.70003@alice.it> <1211630764.3966.50.camel@sboing.byte-code.lan> <483D42D9.6050805@alice.it> Message-ID: On Wed, 28 May 2008, antonio montagnani wrote: > Luca Foppiano wrote / ha scritto on /il 24/05/2008 14:06: > > On Sat, 2008-05-24 at 13:46 +0200, antonio montagnani wrote: > > > > > when I try to create my Profile I get this reply: > > > > > > Proxy Error > > > > > > The proxy server received an invalid response from an upstream server. > > > The proxy server could not handle the request POST /wiki/UserPreferences. > > > > > > Reason: Error reading from remote server > > > > > > > It's a common bug...solution is to cross fingers and retry ;-) > > > > AFAIK wiki will be migrated on mediawiki to avoid this errors > > > > Luca > > > I created an user account as antoniomontag (even if I tried to create it as > AntonioMontagnani): how do I change it??? > Also in the new wiki, I cannot create another account. > Any help??? > There is no longer a separate account needed for the wiki. You'll need to sign up at https://admin.fedoraproject.org/accounts/ for your username. You already have one (antoniomontag) and should be able to log in with it to the wiki and the /accounts/ link above. If not, please reset your password. -Mike From jkeating at redhat.com Wed May 28 17:00:29 2008 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 28 May 2008 13:00:29 -0400 Subject: postfix alias issue Message-ID: <1211994029.3809.108.camel@localhost.localdomain> A few days ago I setup email2trac on our hosted1 system to allow for using emails to create Trac tickets for select hosted projects. At this was all working, and the setup was such that the aliases file and aliases.db for Trac projects that accept tickets were owned by apache so that the mail command /in/ the alias would be ran as apache. This was necessary because it's the apache user who has write access to the trac databases. Sometime in the last few days this has stopped working. Mail is getting through the alias path and delivered to the email2trac command but that command is dropping it somewhere. I could really use a second set of eyes looking at the setup with me that has more experience with postfix and aliases. Please find me on #fedora-admin as "f13". Thanks! -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Wed May 28 17:44:39 2008 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 28 May 2008 13:44:39 -0400 Subject: postfix alias issue In-Reply-To: <1211994029.3809.108.camel@localhost.localdomain> References: <1211994029.3809.108.camel@localhost.localdomain> Message-ID: <1211996679.3809.117.camel@localhost.localdomain> On Wed, 2008-05-28 at 13:00 -0400, Jesse Keating wrote: > A few days ago I setup email2trac on our hosted1 system to allow for > using emails to create Trac tickets for select hosted projects. At this > was all working, and the setup was such that the aliases file and > aliases.db for Trac projects that accept tickets were owned by apache so > that the mail command /in/ the alias would be ran as apache. This was > necessary because it's the apache user who has write access to the trac > databases. > > Sometime in the last few days this has stopped working. Mail is getting > through the alias path and delivered to the email2trac command but that > command is dropping it somewhere. > > I could really use a second set of eyes looking at the setup with me > that has more experience with postfix and aliases. Please find me on > #fedora-admin as "f13". Thanks! > And of course I just found the problem. email2trac's spam detection code is... sub par. It was seeing a 'X-Spam-Level:' header with no content and trying to split that line. Whoops. It seems to me it really needs to grok the X-Spam-Status line and find the score within. I don't necessarily have time to do that today so I've hand patched email2trac to just catch on 'X-Spam-Flag'. If any of you would like to work on a better patch please shoot it my way, I'll hold off on building email2trac for a few days. -- Jesse Keating Fedora -- Freedom? is a feature! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From tmz at pobox.com Wed May 28 19:21:35 2008 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 28 May 2008 15:21:35 -0400 Subject: postfix alias issue In-Reply-To: <1211996679.3809.117.camel@localhost.localdomain> References: <1211994029.3809.108.camel@localhost.localdomain> <1211996679.3809.117.camel@localhost.localdomain> Message-ID: <20080528192135.GJ2769@inocybe.teonanacatl.org> Jesse Keating wrote: > And of course I just found the problem. email2trac's spam detection > code is... sub par. It was seeing a 'X-Spam-Level:' header with no > content and trying to split that line. Whoops. It seems to me it > really needs to grok the X-Spam-Status line and find the score within. Why is parsing X-Spam-Status better than counting the '*' in X-Spam-Level though? As long as the code doesn't try to split an empty field, I think it should be fine. (Unless there are cases where Spamassassin inserts X-Spam-Status and no X-Spam-Level.) > I don't necessarily have time to do that today so I've hand patched > email2trac to just catch on 'X-Spam-Flag'. If any of you would like > to work on a better patch please shoot it my way, I'll hold off on > building email2trac for a few days. Here[1] is something only lightly tested (outside of trac, as I have no trac install handy to test with). It might be something worth adding along with the check you've added to catch X-Spam-Flag: Yes. [1] http://tmz.fedorapeople.org/tmp/email2trac-0.13-spamcheck.patch -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Total strangers need love, too; and I'm stranger than most. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From mmcgrath at redhat.com Thu May 29 02:02:56 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 28 May 2008 21:02:56 -0500 (CDT) Subject: OpenID Message-ID: Hey guys, so the last little bits are in good shape for the OpenID provider we're attempting to be. Don't go announcing this to others yet. Lets test it out, if it breaks something let us know. We'll be announcing it officially soon. You can, for example, log in to livejournal.com with: username.id.fedoraproject.org as your openID provider. For example, my openID url is mmcgrath.id.fedoraproject.org -Mike From sundaram at fedoraproject.org Thu May 29 02:09:32 2008 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Thu, 29 May 2008 07:39:32 +0530 Subject: OpenID In-Reply-To: References: Message-ID: <483E105C.1050406@fedoraproject.org> Mike McGrath wrote: > Hey guys, so the last little bits are in good shape for the OpenID > provider we're attempting to be. Don't go announcing this to others yet. > Lets test it out, if it breaks something let us know. We'll be announcing > it officially soon. You can, for example, log in to livejournal.com with: > > > username.id.fedoraproject.org > > as your openID provider. > > For example, my openID url is mmcgrath.id.fedoraproject.org Cool. That works just fine. Rahul From poelstra at redhat.com Thu May 29 02:17:25 2008 From: poelstra at redhat.com (John Poelstra) Date: Wed, 28 May 2008 19:17:25 -0700 Subject: Logging #fedora-meeting In-Reply-To: <200805271524.01457.dennis@ausil.us> References: <200805271524.01457.dennis@ausil.us> Message-ID: <483E1235.9090308@redhat.com> Dennis Gilmore said the following on 05/27/2008 01:23 PM Pacific Time: > On Tuesday 27 May 2008, Mike McGrath wrote: >> There's been some requests to log #fedora-meeting automatically. There's >> technical issues there like where to store them, is there a way to auto >> start / stop meetings, etc. >> >> Lets discuss. thoughts? > > A bot that you can issue commands to such as startmeeting , > endmeeting. and postmeeting would be good. It would really > want a very limited set of commands. > > we would need a host for the bots to run on. then we could export meetings > via http. > > Bonus points if you could specify the timezone for the timestamps of if defaulted to UTC. John From nicu_fedora at nicubunu.ro Thu May 29 06:16:09 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Thu, 29 May 2008 09:16:09 +0300 Subject: OpenID In-Reply-To: References: Message-ID: <483E4A29.2080407@nicubunu.ro> Mike McGrath wrote: > Hey guys, so the last little bits are in good shape for the OpenID > provider we're attempting to be. Don't go announcing this to others yet. > Lets test it out, if it breaks something let us know. We'll be announcing > it officially soon. You can, for example, log in to livejournal.com with: > > > username.id.fedoraproject.org > > as your openID provider. > > For example, my openID url is mmcgrath.id.fedoraproject.org It *almost* worked for me, until an "500 Internal error" in https://admin.fedoraproject.org/accounts/openid/allow -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From rayvd at bludgeon.org Thu May 29 06:34:52 2008 From: rayvd at bludgeon.org (Ray Van Dolson) Date: Wed, 28 May 2008 23:34:52 -0700 Subject: Logging #fedora-meeting In-Reply-To: References: Message-ID: <20080529063452.GA21064@bludgeon.org> On Tue, May 27, 2008 at 01:49:54PM -0500, Mike McGrath wrote: > > There's been some requests to log #fedora-meeting automatically. There's > technical issues there like where to store them, is there a way to auto > start / stop meetings, etc. > > Lets discuss. thoughts? > I suppose you guys have your own bot going (think I've seen it in #fedora-admin?), but this would be a pretty easy task for an eggdrop bot. Overkill perhaps? Ray From ricky at fedoraproject.org Thu May 29 06:37:07 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 29 May 2008 02:37:07 -0400 Subject: OpenID In-Reply-To: <483E4A29.2080407@nicubunu.ro> References: <483E4A29.2080407@nicubunu.ro> Message-ID: <20080529063707.GD3890@Max> On 2008-05-29 09:16:09 AM, Nicu Buculei wrote: > It *almost* worked for me, until an "500 Internal error" in > https://admin.fedoraproject.org/accounts/openid/allow Ah, good find. I just tried to fix a bug in that, can you try again with the same OpenID consumer and see if it works? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dev at nigelj.com Thu May 29 08:07:51 2008 From: dev at nigelj.com (Nigel Jones) Date: Thu, 29 May 2008 20:07:51 +1200 Subject: Call For Testers - Elections Application Message-ID: <483E6457.7010505@nigelj.com> Hi everyone, With Fedora 9 out the door we hit a very busy time for elections, the previous system was, well lets just say, not optimal. So I accepted the goal of creating an application by our post-release election season that would integrate well with FAS and would allow a different method of voting, Range Voting. If your not familiar with Range Voting check out http://en.wikipedia.org/wiki/Range_voting the essentials however is that you rank candidates from 0<-># of candidates, if you don't like them, just rank them 0. In the future, the application will not only allow the Board and Steering Committees to hold elections, it will (hopefully) become available to SIGs and Steering Committees for any time of poll/call to vote. This is where you all come in, it's impossible for a small group of people to find every possible mistake or bug in ANY item of software, so the more people we can get in to test it and report bugs/issues/thoughts the better! All I ask is 10-20 minutes of your time, whenever your free over the couple of days to test and provide feedback. Instructions: 1) You'll need an account on the test instance of FAS at http://publictest10.fedoraproject.org/accounts/ (PLEASE) do not use your normal password and you don't need to do CLA etc (I've removed that requirement in the elections app for now). 2) Please direct your browser to https://publictest10.fedoraproject.org/elections/ and test away! 3) Try voting etc, make sure that you *can* view the results at https://publictest10.fedoraproject.org/elections/results/fedora but can't view the results at https://publictest10.fedoraproject.org/elections/results/president Notes: * I'm aware the UI is absolutely awful, there is already a ticket open for this (https://fedorahosted.org/elections/ticket/4) please feel free to add items there. * Any errors you encounter that are 'unexpected' to you, please file a ticket at https://fedorahosted.org/elections/newticket setting Milestone to 'Release 0.1.0' with full reproduction steps, and the time it occurred (TZ=UTC date) * Any other feedback can be directed to the elections-devel list (elections-devel at lists.fedorahosted.org) After 5am UTC on the 1st June both elections will end and the 'results' should be public and hopefully we'll have a decent election app! Thanks a lot & Happy Testing, Nigel Jones p.s. Sorry to those that fall asleep during my e-mail - I nearly did too! p.s.s. Thanks must be given to Toshio, Ricky, Luca and Mike who have all assisted in this release From jonrob at fedoraproject.org Thu May 29 09:41:28 2008 From: jonrob at fedoraproject.org (Jonathan Roberts) Date: Thu, 29 May 2008 10:41:28 +0100 Subject: OpenID In-Reply-To: References: Message-ID: <507738ef0805290241l771fa5b3t803a91666342e2c0@mail.gmail.com> 2008/5/29 Mike McGrath : > Hey guys, so the last little bits are in good shape for the OpenID > provider we're attempting to be. Don't go announcing this to others yet. > Lets test it out, if it breaks something let us know. We'll be announcing > it officially soon. You can, for example, log in to livejournal.com with: > > > username.id.fedoraproject.org > > as your openID provider. > Works perfectly, great work all :) Jon From musolinoa at gmail.com Thu May 29 09:50:48 2008 From: musolinoa at gmail.com (Alex Musolino) Date: Thu, 29 May 2008 19:20:48 +0930 Subject: Introduction Message-ID: <200805291920.49079.musolinoa@gmail.com> Hi, I've been using Linux for a little more than 3 years now (RedHat 9, FC5, FC6, F7, F8) and have since taken a strong interest in all things Linux/FOSS/Computers in general. I'm currently doing a Computer Systems Engineering degree as a double with Mathematical and Computer Sciences. I'm familiar with XML, XHTML/CSS, MySQL, I can program in PHP, and a little Java (working on my Python, Perl, C/C++). I've messed around with some linux home servers, so I'm familiar with setting up and running basic Linux services. I'd love to help out with anything I can, and hopefully I'll learn a thing or two from other contributors. Regards, Alex Musolino From opensource at till.name Thu May 29 10:07:43 2008 From: opensource at till.name (Till Maas) Date: Thu, 29 May 2008 12:07:43 +0200 Subject: OpenID In-Reply-To: References: Message-ID: <200805291207.48276.opensource@till.name> On Thu May 29 2008, Mike McGrath wrote: > Hey guys, so the last little bits are in good shape for the OpenID > provider we're attempting to be. Don't go announcing this to others yet. > Lets test it out, if it breaks something let us know. We'll be announcing > it officially soon. You can, for example, log in to livejournal.com with: The login to livejournal worked for me, too. But after I have seen how it works, I think it is too insecure to use the FAS password for authentication. This makes it pretty easy for any openid user to get the FAS password, because instead of really forwarding someone to the FAS homepage, one could just present the FAS login form to get the password. Here is an interesting blog article about security considerations wrt. openid: http://idcorner.org/2007/08/22/the-problems-with-openid/ Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From jeff at ocjtech.us Thu May 29 13:01:19 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 29 May 2008 08:01:19 -0500 Subject: OpenID In-Reply-To: <200805291207.48276.opensource@till.name> References: <200805291207.48276.opensource@till.name> Message-ID: <935ead450805290601q56857f24mdd79b41480f24807@mail.gmail.com> 2008/5/29 Till Maas : > On Thu May 29 2008, Mike McGrath wrote: >> Hey guys, so the last little bits are in good shape for the OpenID >> provider we're attempting to be. Don't go announcing this to others yet. >> Lets test it out, if it breaks something let us know. We'll be announcing >> it officially soon. You can, for example, log in to livejournal.com with: > > The login to livejournal worked for me, too. But after I have seen how it > works, I think it is too insecure to use the FAS password for authentication. > This makes it pretty easy for any openid user to get the FAS password, > because instead of really forwarding someone to the FAS homepage, one could > just present the FAS login form to get the password. Here is an interesting > blog article about security considerations wrt. openid: > http://idcorner.org/2007/08/22/the-problems-with-openid/ While I don't have any specific replies to the issues that Stefan Brand points out in that article (I'm too new at the OpenID game), it should be noted that Stefan is the owner of a company that is developing a competing patented[1] technology that recently sold out to Microsoft[2]. However, David Recordon does have a rebuttal of Stefan's points[3]. [1] http://www.credentica.com/patent_portfolio.html [2] http://idcorner.org/2008/03/06/microsoft-acquires-credenticas-u-prove-technology/ [3] http://daveman692.livejournal.com/310578.html Jeff From k.georgiou at imperial.ac.uk Thu May 29 13:03:03 2008 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Thu, 29 May 2008 14:03:03 +0100 Subject: OpenID In-Reply-To: <200805291207.48276.opensource@till.name> References: <200805291207.48276.opensource@till.name> Message-ID: <20080529130302.GA13369@imperial.ac.uk> On Thu, May 29, 2008 at 12:07:43PM +0200, Till Maas wrote: > On Thu May 29 2008, Mike McGrath wrote: > > Hey guys, so the last little bits are in good shape for the OpenID > > provider we're attempting to be. Don't go announcing this to others yet. > > Lets test it out, if it breaks something let us know. We'll be announcing > > it officially soon. You can, for example, log in to livejournal.com with: > > The login to livejournal worked for me, too. But after I have seen how it > works, I think it is too insecure to use the FAS password for authentication. > This makes it pretty easy for any openid user to get the FAS password, > because instead of really forwarding someone to the FAS homepage, one could > just present the FAS login form to get the password. Here is an interesting > blog article about security considerations wrt. openid: > http://idcorner.org/2007/08/22/the-problems-with-openid/ A possible solution to the phishing issue might be to only allow ssl client auth and not a login/password for a.fp.org/accounts/openid/login this doesn't stop the phishing site asking for a password but the difference might be enough for the user to notice that something is wrong. I am not sure that I see any value in OpenID in any case, there are very few OpenID consumers that I know about. Kostas From jeff at ocjtech.us Thu May 29 13:17:08 2008 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 29 May 2008 08:17:08 -0500 Subject: OpenID In-Reply-To: <20080529130302.GA13369@imperial.ac.uk> References: <200805291207.48276.opensource@till.name> <20080529130302.GA13369@imperial.ac.uk> Message-ID: <935ead450805290617n57efb649k8b88ff4392d01662@mail.gmail.com> On Thu, May 29, 2008 at 8:03 AM, Kostas Georgiou wrote: > > A possible solution to the phishing issue might be to only allow ssl > client auth and not a login/password for a.fp.org/accounts/openid/login > this doesn't stop the phishing site asking for a password but the > difference might be enough for the user to notice that something is > wrong. The phishing problem isn't unique to OpenID. > I am not sure that I see any value in OpenID in any case, there are very > few OpenID consumers that I know about. While OpenID is definitely an emerging technology, there are a lot of places where OpenID can be used to authenticate. Here are a couple of sites that have directories of OpenID-enabled sites: https://www.myopenid.com/directory http://openiddirectory.com/ Jeff From mmcgrath at redhat.com Thu May 29 14:06:20 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 May 2008 09:06:20 -0500 (CDT) Subject: Introduction In-Reply-To: <200805291920.49079.musolinoa@gmail.com> References: <200805291920.49079.musolinoa@gmail.com> Message-ID: On Thu, 29 May 2008, Alex Musolino wrote: > Hi, > > I've been using Linux for a little more than 3 years now (RedHat 9, FC5, FC6, > F7, F8) and have since taken a strong interest in all things > Linux/FOSS/Computers in general. I'm currently doing a Computer Systems > Engineering degree as a double with Mathematical and Computer Sciences. I'm > familiar with XML, XHTML/CSS, MySQL, I can program in PHP, and a little Java > (working on my Python, Perl, C/C++). > > I've messed around with some linux home servers, so I'm familiar with setting > up and running basic Linux services. I'd love to help out with anything I > can, and hopefully I'll learn a thing or two from other contributors. > Welcome Alex, we hang out in #fedora-admin on irc.freenode.net as well as in this list. There's a meeting today at 20:00 UTC if you can make it. Also https://fedorahosted.org/fedora-infrastructure/ has a list of our current open tickets (work that needs to get done) if you see something you'd like to do just say so. -Mike From nicu_fedora at nicubunu.ro Thu May 29 14:15:31 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Thu, 29 May 2008 17:15:31 +0300 Subject: OpenID In-Reply-To: <20080529063707.GD3890@Max> References: <483E4A29.2080407@nicubunu.ro> <20080529063707.GD3890@Max> Message-ID: <483EBA83.4060900@nicubunu.ro> Ricky Zhou wrote: > On 2008-05-29 09:16:09 AM, Nicu Buculei wrote: >> It *almost* worked for me, until an "500 Internal error" in >> https://admin.fedoraproject.org/accounts/openid/allow > Ah, good find. I just tried to fix a bug in that, can you try again > with the same OpenID consumer and see if it works? Yes, it works now (the consumer was blogger.com) -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From nicu_fedora at nicubunu.ro Thu May 29 14:20:02 2008 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Thu, 29 May 2008 17:20:02 +0300 Subject: OpenID In-Reply-To: References: Message-ID: <483EBB92.40300@nicubunu.ro> Mike McGrath wrote: > Hey guys, so the last little bits are in good shape for the OpenID > provider we're attempting to be. Don't go announcing this to others yet. > Lets test it out, if it breaks something let us know. We'll be announcing > it officially soon. You can, for example, log in to livejournal.com with: > > > username.id.fedoraproject.org > > as your openID provider. > > For example, my openID url is mmcgrath.id.fedoraproject.org There is any way to make the landing page of that URL prettier? People will see the URL and maybe will click on it, so is a must to have the same CSS as all our websites. In the "nice to have" category would be a little user customization, like the user can include a link to his fedorapeople.org account, link to personal blog, Fedora wiki userpage, maybe the hackergotchi image (from .planet) etc. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From linux at elfshadow.net Thu May 29 14:42:03 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Thu, 29 May 2008 10:42:03 -0400 Subject: OpenID In-Reply-To: <935ead450805290601q56857f24mdd79b41480f24807@mail.gmail.com> References: <200805291207.48276.opensource@till.name> <935ead450805290601q56857f24mdd79b41480f24807@mail.gmail.com> Message-ID: <10e0a9b00805290742x7bb6edd7g8f98775c8170c16@mail.gmail.com> On Thu, May 29, 2008 at 9:01 AM, Jeffrey Ollie wrote: > 2008/5/29 Till Maas : >> Here is an interesting >> blog article about security considerations wrt. openid: >> http://idcorner.org/2007/08/22/the-problems-with-openid/ > > While I don't have any specific replies to the issues that Stefan > Brand points out in that article (I'm too new at the OpenID game), it > should be noted that Stefan is the owner of a company that is > developing a competing patented[1] technology that recently sold out > to Microsoft[2]. However, David Recordon does have a rebuttal of > Stefan's points[3]. > > [1] http://www.credentica.com/patent_portfolio.html > [2] http://idcorner.org/2008/03/06/microsoft-acquires-credenticas-u-prove-technology/ > [3] http://daveman692.livejournal.com/310578.html I wouldn't dismiss his comments because of who he sold his patented technology to until people on the infrastructure team more familiar with OpenID and the security risks associated with it (I'm not that person either :-) ) have reviewed the article for merit. Stefan does post a follow-up comment to the David Recordon post. It seems people are divided on the security OpenID does or does not provide. It also seems to me an area where if OpenID is implemented there should be some people on the infrastructure team that understand the nuances of any security issues related to OpenID. We may have those people on the team already - in which case hearing their opinion on some of these articles would be useful. > The phishing problem isn't unique to OpenID. No, it isn't unique to OpenID - but it is certainly an area we should take into account before implementing OpenID. With all of that said - I like the OpenID idea. And we run other services that have potential exposure to security issues (ssh, just our normal FAS logins, etc) - but we do make efforts to protect those services to the best of our ability to reduce our risk. I think we should do the same with an OpenID implementation. Sure the Infrastructure team can get OpenID to work, we just need to be sure someone also makes sure we have evaluated potential security concerns and addressed them when deemed appropriate. We may already have that person on the team - or we may need to spend the time to study some of the issues pointed out and determine if they are a valid risk and if so - how do we protect against it. ~Jeffrey From katzj at redhat.com Thu May 29 14:46:16 2008 From: katzj at redhat.com (Jeremy Katz) Date: Thu, 29 May 2008 10:46:16 -0400 Subject: OpenID In-Reply-To: <10e0a9b00805290742x7bb6edd7g8f98775c8170c16@mail.gmail.com> References: <200805291207.48276.opensource@till.name> <935ead450805290601q56857f24mdd79b41480f24807@mail.gmail.com> <10e0a9b00805290742x7bb6edd7g8f98775c8170c16@mail.gmail.com> Message-ID: <483EC1B8.7090805@redhat.com> Jeffrey Tadlock wrote: >> The phishing problem isn't unique to OpenID. > > No, it isn't unique to OpenID - but it is certainly an area we should > take into account before implementing OpenID. > > With all of that said - I like the OpenID idea. And we run other > services that have potential exposure to security issues (ssh, just > our normal FAS logins, etc) - but we do make efforts to protect those > services to the best of our ability to reduce our risk. ... and we should actually look at using our SSL certs more for authentication as opposed to requiring people to type their FAS password all over the place. This is something I keep meaning to bring up but then having other stuff come up instead. But that's neither here nor there wrt OpenID Jeremy From mmcgrath at redhat.com Thu May 29 15:02:58 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 May 2008 10:02:58 -0500 (CDT) Subject: OpenID In-Reply-To: <483EC1B8.7090805@redhat.com> References: <200805291207.48276.opensource@till.name> <935ead450805290601q56857f24mdd79b41480f24807@mail.gmail.com> <10e0a9b00805290742x7bb6edd7g8f98775c8170c16@mail.gmail.com> <483EC1B8.7090805@redhat.com> Message-ID: On Thu, 29 May 2008, Jeremy Katz wrote: > Jeffrey Tadlock wrote: > > > The phishing problem isn't unique to OpenID. > > > > No, it isn't unique to OpenID - but it is certainly an area we should > > take into account before implementing OpenID. > > > > With all of that said - I like the OpenID idea. And we run other > > services that have potential exposure to security issues (ssh, just > > our normal FAS logins, etc) - but we do make efforts to protect those > > services to the best of our ability to reduce our risk. > > ... and we should actually look at using our SSL certs more for authentication > as opposed to requiring people to type their FAS password all over the place. > This is something I keep meaning to bring up but then having other stuff come > up instead. > Actually we have some SSL auth in place already though I'm not totally sure the status of it. We haven't officially announced it I know that :) ricky? toshio? any comments? -Mike From schaiba at gmail.com Thu May 29 15:44:36 2008 From: schaiba at gmail.com (Aioanei Rares) Date: Thu, 29 May 2008 18:44:36 +0300 Subject: Call For Testers - Elections Application In-Reply-To: <483E6457.7010505@nigelj.com> References: <483E6457.7010505@nigelj.com> Message-ID: <483ECF64.1040901@gmail.com> Nigel Jones wrote: > Hi everyone, > > With Fedora 9 out the door we hit a very busy time for elections, the > previous system was, well lets just say, not optimal. > > So I accepted the goal of creating an application by our post-release > election season that would integrate well with FAS and would allow a > different method of voting, Range Voting. > > If your not familiar with Range Voting check out > http://en.wikipedia.org/wiki/Range_voting the essentials however is > that you rank candidates from 0<-># of candidates, if you don't like > them, just rank them 0. > > In the future, the application will not only allow the Board and > Steering Committees to hold elections, it will (hopefully) become > available to SIGs and Steering Committees for any time of poll/call to > vote. > > This is where you all come in, it's impossible for a small group of > people to find every possible mistake or bug in ANY item of software, > so the more people we can get in to test it and report > bugs/issues/thoughts the better! > > All I ask is 10-20 minutes of your time, whenever your free over the > couple of days to test and provide feedback. > > Instructions: > 1) You'll need an account on the test instance of FAS at > http://publictest10.fedoraproject.org/accounts/ (PLEASE) do not use > your normal password and you don't need to do CLA etc (I've removed > that requirement in the elections app for now). > 2) Please direct your browser to > https://publictest10.fedoraproject.org/elections/ and test away! > 3) Try voting etc, make sure that you *can* view the results at > https://publictest10.fedoraproject.org/elections/results/fedora but > can't view the results at > https://publictest10.fedoraproject.org/elections/results/president > > Notes: > * I'm aware the UI is absolutely awful, there is already a ticket open > for this (https://fedorahosted.org/elections/ticket/4) please feel > free to add items there. > * Any errors you encounter that are 'unexpected' to you, please file a > ticket at https://fedorahosted.org/elections/newticket setting > Milestone to 'Release 0.1.0' with full reproduction steps, and the > time it occurred (TZ=UTC date) > * Any other feedback can be directed to the elections-devel list > (elections-devel at lists.fedorahosted.org) > > After 5am UTC on the 1st June both elections will end and the > 'results' should be public and hopefully we'll have a decent election > app! > > Thanks a lot & Happy Testing, > > Nigel Jones > > p.s. Sorry to those that fall asleep during my e-mail - I nearly did too! > p.s.s. Thanks must be given to Toshio, Ricky, Luca and Mike who have > all assisted in this release > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > Secure Connection Failed publictest10.fedoraproject.org uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. This is what i get.... From mmcgrath at redhat.com Thu May 29 15:50:56 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 May 2008 10:50:56 -0500 (CDT) Subject: Call For Testers - Elections Application In-Reply-To: <483ECF64.1040901@gmail.com> References: <483E6457.7010505@nigelj.com> <483ECF64.1040901@gmail.com> Message-ID: On Thu, 29 May 2008, Aioanei Rares wrote: > Nigel Jones wrote: > > Hi everyone, > > > > With Fedora 9 out the door we hit a very busy time for elections, the > > previous system was, well lets just say, not optimal. > > > > So I accepted the goal of creating an application by our post-release > > election season that would integrate well with FAS and would allow a > > different method of voting, Range Voting. > > > > If your not familiar with Range Voting check out > > http://en.wikipedia.org/wiki/Range_voting the essentials however is that you > > rank candidates from 0<-># of candidates, if you don't like them, just rank > > them 0. > > > > In the future, the application will not only allow the Board and Steering > > Committees to hold elections, it will (hopefully) become available to SIGs > > and Steering Committees for any time of poll/call to vote. > > > > This is where you all come in, it's impossible for a small group of people > > to find every possible mistake or bug in ANY item of software, so the more > > people we can get in to test it and report bugs/issues/thoughts the better! > > > > All I ask is 10-20 minutes of your time, whenever your free over the couple > > of days to test and provide feedback. > > > > Instructions: > > 1) You'll need an account on the test instance of FAS at > > http://publictest10.fedoraproject.org/accounts/ (PLEASE) do not use your > > normal password and you don't need to do CLA etc (I've removed that > > requirement in the elections app for now). > > 2) Please direct your browser to > > https://publictest10.fedoraproject.org/elections/ and test away! > > 3) Try voting etc, make sure that you *can* view the results at > > https://publictest10.fedoraproject.org/elections/results/fedora but can't > > view the results at > > https://publictest10.fedoraproject.org/elections/results/president > > > > Notes: > > * I'm aware the UI is absolutely awful, there is already a ticket open for > > this (https://fedorahosted.org/elections/ticket/4) please feel free to add > > items there. > > * Any errors you encounter that are 'unexpected' to you, please file a > > ticket at https://fedorahosted.org/elections/newticket setting Milestone to > > 'Release 0.1.0' with full reproduction steps, and the time it occurred > > (TZ=UTC date) > > * Any other feedback can be directed to the elections-devel list > > (elections-devel at lists.fedorahosted.org) > > > > After 5am UTC on the 1st June both elections will end and the 'results' > > should be public and hopefully we'll have a decent election app! > > > > Thanks a lot & Happy Testing, > > > > Nigel Jones > > > > p.s. Sorry to those that fall asleep during my e-mail - I nearly did too! > > p.s.s. Thanks must be given to Toshio, Ricky, Luca and Mike who have all > > assisted in this release > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > Secure Connection Failed > > > > > > publictest10.fedoraproject.org uses an invalid security certificate. > > The certificate is not trusted because it is self signed. > > (Error code: sec_error_untrusted_issuer) > > > > > > * This could be a problem with the server's configuration, or it could be > someone trying to impersonate the server. > > * If you have connected to this server successfully in the past, the error > may be temporary, and you can try again later. > > This is what i get.... > its a self signed cert. You'll have to configure our browser to accept it. -Mike From opensource at till.name Thu May 29 17:38:33 2008 From: opensource at till.name (Till Maas) Date: Thu, 29 May 2008 19:38:33 +0200 Subject: OpenID In-Reply-To: <20080529130302.GA13369@imperial.ac.uk> References: <200805291207.48276.opensource@till.name> <20080529130302.GA13369@imperial.ac.uk> Message-ID: <200805291938.49860.opensource@till.name> On Thu May 29 2008, Kostas Georgiou wrote: > I am not sure that I see any value in OpenID in any case, there are very > few OpenID consumers that I know about. I would like to see many upstream bugtrackers allow ingan OpenID login, so that I do not need another new password and registration for them. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From aoliva at redhat.com Thu May 29 19:58:00 2008 From: aoliva at redhat.com (Alexandre Oliva) Date: Thu, 29 May 2008 16:58:00 -0300 Subject: Call For Testers - Elections Application In-Reply-To: <483E6457.7010505@nigelj.com> (Nigel Jones's message of "Thu\, 29 May 2008 20\:07\:51 +1200") References: <483E6457.7010505@nigelj.com> Message-ID: On May 29, 2008, Nigel Jones wrote: > So I accepted the goal of creating an application by our > post-release election season that would integrate well with FAS and > would allow a different method of voting, Range Voting. Have you considered basing your work on CIVS? http://www.cs.cornell.edu/andru/civs.html I've got a version stripped off of all the voting-by-e-mail aspects, which you might be interested in. Search for 'civs' in my home page (URL in the .sig). -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org} FSFLA Board Member ?S? Libre! => http://www.fsfla.org/ Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org} From ricky at fedoraproject.org Thu May 29 21:11:50 2008 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 29 May 2008 17:11:50 -0400 Subject: Meeting Log - 2008-05-29 Message-ID: <20080529211150.GA10361@Max> 16:10 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 16:10 * ricky 16:10 * ianweller 16:10 -!- sharkcz [n=dan at plz1-v-4-17.static.adsl.vol.cz] has joined #fedora-meeting 16:10 -!- MrBawb [i=abob at goldfish.drown.org] has joined #fedora-meeting 16:10 -!- nim-nim [n=nim-nim at fedora/nim-nim] has joined #fedora-meeting 16:10 -!- notting [n=notting at redhat/notting] has joined #fedora-meeting 16:10 -!- sternecg [n=sternecg at ohnat.bristolwest.com] has joined #fedora-meeting 16:11 < mmcgrath> abadger1999: dgilmore f13 G lmacken paulobanon skvidal others I've forgotten: PING! 16:11 * abadger1999 stands on his dot and raises his hand 16:11 * f13 16:12 < skvidal> hi 16:12 * MrBawb 16:12 < mmcgrath> starting a little late today :) 16:12 < skvidal> slacker 16:12 * ianweller , again 16:12 < mmcgrath> jcollie: you around 16:12 < jcollie> yo 16:12 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 16:12 < mmcgrath> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=~Meeting&order=priority 16:12 < zodbot> mmcgrath: http://tinyurl.com/47e37y 16:12 < mmcgrath> .tickety 395 16:12 < mmcgrath> .ticket 395 16:12 < zodbot> mmcgrath: #395 (Audio Streaming of Fedora Board Conference Calls) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/395 16:13 * dgilmore is here 16:13 < mmcgrath> jcollie: dgilmore: so sometime in the next week or two I'm going to start getting the asterisk install in better shape for all of that and build an asterisk2 box, etc. 16:13 < jcollie> cool 16:13 < mmcgrath> jcollie: I'm assuming no progress on the audio streaming for now? 16:13 < jcollie> nope 16:13 < mmcgrath> Since mediawiki is now deployed after next week asterisk is my next major project. 16:14 < ricky> Cool :-) 16:14 < mmcgrath> specifically fas integration and deployment. 16:14 < dgilmore> :) 16:14 < mmcgrath> .ticket 398 16:14 < zodbot> mmcgrath: #398 (elfutils `monotone' (mtn) error) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/398 16:14 -!- rmcgrath [n=roland at c-76-102-158-52.hsd1.ca.comcast.net] has joined #fedora-meeting 16:14 -!- daMaestro [n=jon at fedora/damaestro] has joined #fedora-meeting 16:14 < rmcgrath> mmcgrath: hii 16:14 < mmcgrath> rmcgrath: howdy, any word on - https://fedorahosted.org/projects/fedora-infrastructure/ticket/398 16:14 < mmcgrath> ? 16:15 -!- ldimaggi_ [n=ldimaggi at nat/redhat-us/x-2ef0128bbf8b70fd] has quit "Leaving" 16:15 < rmcgrath> mmcgrath: sorry, no progress (real work keeps taking priority, silly me) 16:15 < mmcgrath> no worries, we'll skip it for now 16:15 < rmcgrath> otay 16:15 -!- rmcgrath [n=roland at c-76-102-158-52.hsd1.ca.comcast.net] has left #fedora-meeting [] 16:15 < mmcgrath> .ticket 446 16:15 < zodbot> mmcgrath: #446 (Possibility to add external links on spins page) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/446 16:15 < mmcgrath> dgilmore: anything? 16:16 -!- fab [n=bellet at bellet.info] has quit "Leaving" 16:17 < dgilmore> no i still suck 16:17 < mmcgrath> k 16:17 < mmcgrath> .ticket 547 16:17 < zodbot> mmcgrath: #547 (Koji DB Server as postgres 8.3) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/547 16:18 < mmcgrath> This one's on hold until we get db3 installed which, btw brings me to my next topic. 16:18 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Hardware Installs 16:18 < mmcgrath> So next week I'll be in PHX, all week. 16:18 < dgilmore> :) 16:18 < mmcgrath> installing, IIRC, around 16 new servers. 16:18 < ricky> Woah. 16:18 < mmcgrath> it'll be a variation of blades and normal rack mounts. 16:18 < dgilmore> mmcgrath: ill be able to install the new builders 16:19 < jcollie> yowza 16:19 * f13 is quite excited. 16:19 < f13> mmcgrath: we should talk about the breakdown of blades. 16:19 < dgilmore> f13: as am i 16:19 < mmcgrath> but I'll likely be busy doing that all week so if you need something... ping someone else :) 16:19 < mmcgrath> f13: as in x86_64 vs ppc? 16:19 < f13> that and what duties they'll be put under 16:19 < dgilmore> f13: all builders 16:19 < f13> and what we'll do with the existing builders. 16:20 < dgilmore> f13: existing will remain 16:20 < dgilmore> though we could get rid of hammer2 xenbuilder1 and ppc1 16:20 < f13> I'd like to have a PPC system for doing community logins with mock 16:20 < dgilmore> they are the 3 oldest builders 16:20 < f13> that continues to run RHEL5 to match the actual buildsystem. 16:21 < mmcgrath> So my plan was to have those old builders stay there until 1) they die or 2) we need the space. 16:21 < f13> with PHX2 now online, how much space do we currently have? 16:21 < mmcgrath> f13: as of yet, we've not touch PHX2. 16:22 < mmcgrath> err touched it. 16:22 < f13> /we/ haven't, but hasn't some RH stuff moved over to PHX2 leaving us some space in PHX? 16:22 < dgilmore> f13: we only have space in PHX1 16:22 < dgilmore> f13: no idea 16:22 < mmcgrath> all of our space is allocated in PHX1 (actually Mesa) 16:22 < mmcgrath> f13: technically we always had space, just no power. 16:22 < f13> I thought that was what led to us being able to deploy the blade center 16:22 < f13> ah. 16:22 < mmcgrath> welll. no power _and_ space was tighet. 16:22 < f13> well, what is our upper limit now? 16:22 < mmcgrath> but they found it somewhere 16:22 * mmcgrath cannot type today 16:23 < mmcgrath> we basically have two full racks now. 16:23 < mmcgrath> minus some space they leave reserved for administrative stuff (bottom 6 U and the top 2 or 3 U) 16:24 < mmcgrath> and I lied, it looks like I'll be installing 19 servers. I think as far as builders go we're getting 8 x86_64 boxes and 6 PPC 16:24 < f13> so if I came to you in 3~ months time and said we want to deploy an automated testing lab of a number of machines, would we be able to do that? 16:24 < mmcgrath> depends on how much time and what type of machines they are. 16:24 < ricky> How will having all of these new builders affect NFS? 16:24 < mmcgrath> f13: if thats the plan please let me know because come Q4, both racks will be filled already. 16:24 < mmcgrath> ricky: not sure, we have the ability to cache some of that though now. 16:25 < mmcgrath> I've been trying to get a good baseline and, for example. 16:25 < mmcgrath> .buildload 16:25 < zodbot> mmcgrath: Load: 1.9 Total: 36.0 Use: 5.3% (Very Light Load) 16:25 < f13> mmcgrath: I haven't found a source for the hardware yet, but it would likely be x86(_64) and rackable. 16:25 < f13> 1us, 2us 16:25 < mmcgrath> ^^^^ thats pretty typical. 16:25 < f13> mmcgrath: we have software being developed to do automated testing, I just don't know how soon we'd be to the point of deployment 16:25 < mmcgrath> f13: ping me after the meeting.... If this is beyond the early planing stage I really should have known already because all the space in PHX (including new space) is spoken for. 16:25 < f13> mmcgrath: I wouldn't say beyond. 16:26 < f13> just that Q4 is a loooong time away 16:26 < mmcgrath> Q4 is yeah, but unless your lab is going ot go in during Q2 and be removed during Q3, then my Q4 plans are messed up. 16:27 < mmcgrath> Also going in next week are 5 other servers. 16:27 < mmcgrath> one dedicated to replace DB1, one of them is going to replace lockbox, one is the new db3 and the other two are application servers. 16:27 < dgilmore> mmcgrath: whats the plans for cvs-int 16:28 < mmcgrath> cvs-int (the host) needs to be rebuilt. but the box is fairly new. 16:28 < ricky> Cool 16:28 < mmcgrath> remember we had a horrible crash about a year or so ago? 16:28 < dgilmore> :) ok 16:28 < dgilmore> yeah disk array went bad 16:28 < mmcgrath> IIRC we did some drive swapping or some dd action or something. I can't remember. 16:28 < mmcgrath> but yeah, we need to rebuild cvs-int. I might work on that this week actually. 16:28 < ricky> Hah. 16:29 < dgilmore> we had scsi back plane go bad along with 2 disks 16:29 < mmcgrath> then we need to get the lookaside off of there. 16:29 < dgilmore> :) 16:29 < mmcgrath> Anyone have any questions about next week? 16:30 < mmcgrath> alllrighty 16:30 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Mediawiki 16:30 < f13> not that shouldn't be held off until after the meeting 16:30 * ianweller is gone next week. so hit me with all your mediawiki problems today and tomorrow :) 16:30 < mmcgrath> :) 16:30 < mmcgrath> So yeah, we deployed a new wiki this week! 16:30 < mmcgrath> few problems aside its been mostly painless and according to plan. 16:30 < dgilmore> :) 16:31 < f13> fantastic job all around 16:31 < ianweller> and it looks a lot better too ;) 16:31 < mmcgrath> I'm hoping that after the next week or so all remaining kinks will have been worked out and people will have long forgotten Moin ever existed. 16:31 < dgilmore> i miss my moin syntax :) 16:31 < mmcgrath> There's already been some requests for plugins/extensions to be added. 16:31 < ianweller> no you don't 16:31 < mmcgrath> Which is nice because... THAT DIDN'T EXIST IN MOIN :) 16:31 < dgilmore> ianweller: i do 16:31 < ricky> Hehe. 16:31 < ianweller> mmcgrath: is this a good time to bring up the toolserver idea i had? 16:32 * ianweller brainwashes dgilmore accordingly 16:33 < dgilmore> ianweller: not going to work im thick headed 16:33 < mmcgrath> ianweller: go ahead. 16:33 * mmcgrath still doesn't totally get it. 16:33 -!- giarc_w [i=hidden-u at gnat.asiscan.com] has joined #fedora-meeting 16:33 < ianweller> ok so my idea was to create a toolserver, which could be used for some scripts and other mashups dealing with FAS, mediawiki, and other apps we have for fedora. 16:34 < mmcgrath> ianweller: give me a use case you have in mind. 16:34 < ianweller> the wikimedia foundation in germany has a toolserver, which has some neat scripts that are a little too complex to make mediawiki extensions for 16:34 < ianweller> um 16:34 < ianweller> regex page watching :) 16:34 < ianweller> you would login with FAS, enter what regexes you wanted, and the script would find those pages matching the regex using the API 16:35 < ianweller> it could then aggregate the RSS feeds and send out emails. 16:35 < ianweller> it would only use a bit of extra load on mediawiki, the script itself would reside on the toolserver 16:35 < ricky> I think Debian does have a lot of "non-official" tools that developers setup themselves. Not sure if they have something like a toolserver, though. 16:35 < mmcgrath> so exactly how much work is involved in implementing that and how many people would be using it? 16:35 -!- jeff_hann [n=arares at 89.40.98.185] has left #fedora-meeting [] 16:35 -!- wolfy [n=lonewolf at fedora/wolfy] has joined #fedora-meeting 16:36 < mmcgrath> also, and I probably still don't understand it, but why is a "regex search engine" called a "tool server" ? 16:36 < MrBawb> what I have at work is an rss to irc gateway, that I use to monitor wiki edits. maybe something similiar would be useful? 16:36 < ianweller> the regex search engine would go on the toolserver, along with other scripts that programmers could write. 16:36 * ianweller notes that this is still a halfbaked idea 16:37 < ianweller> http://wiki.toolserver.org/view/Main_Page -- here's the wikimedia toolserver 16:37 < mmcgrath> 16:37 * ricky also notes that they seem to have some sort of application process to get an account. 16:37 < mmcgrath> ianweller: if you think it'll add value, I'd say run with it. You still have access to the publictest servers so you should have everything you need :) 16:38 < ianweller> ok. 16:38 < ianweller> that's another thing; should there be just one pt server for the 'tools', and if so which one should it be? 16:38 < mmcgrath> Ok, anyone have anything else on the wiki? 16:38 < skvidal> one quick question 16:39 < mmcgrath> ianweller: I'd just keep using pt2 for now. 16:39 < ianweller> mmcgrath: k. 16:39 < skvidal> are we doing anything with the xmlrpc interface for it, yet? 16:39 < mmcgrath> skvidal: not yet, i've actually been trying to get that up and going this afternoon. I'd expect it to be working soon. 16:39 < ianweller> MrBawb: almost missed your message, i was gonna setup an irc bot to listen to recent changes and report to a channel 16:39 < mmcgrath> skvidal: we _are_ using mediawiki's xmlrpc interface in smolt though. 16:39 < skvidal> mmcgrath: and aren't there mediawiki python bindings? 16:39 < MrBawb> ianweller: ah, cool 16:39 -!- mdomsch [n=Matt_Dom at cpe-70-124-62-55.austin.res.rr.com] has quit Remote closed the connection 16:40 < mmcgrath> good question, I'm not sure. I'm just using the standard python xmlrpc bindings. 16:40 < skvidal> nod 16:40 < skvidal> that's what I thought 16:40 -!- mdomsch [n=Matt_Dom at cpe-70-124-62-55.austin.res.rr.com] has joined #fedora-meeting 16:40 < skvidal> I wanted to check on that though b/c it is intriguing to me 16:40 < ricky> skvidal: I think so. 16:40 < ianweller> skvidal: i think i remember seeing some somewhere, but i think they're implemented within a bot platform 16:40 < mmcgrath> skvidal: yeah, it'll be interesting to see what our greater community comes up with. 16:40 < f13> if there is xmlrpc, I bet lmacken will hookup an ability to use vim to edit the wiki 16:40 < skvidal> mmcgrath: wiki-mining :) 16:40 < mmcgrath> :) 16:40 < f13> (like he did for the Trac wikis/tickets) 16:40 < mmcgrath> alrighty, if no one has anything else we'll move on to the next topic. 16:41 < ricky> (http://meta.wikimedia.org/wiki/Using_the_python_wikipediabot) 16:41 < mmcgrath> ok 16:41 -!- tibbs [n=tibbs at fedora/tibbs] has quit "Konversation terminated!" 16:41 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 16:41 < mmcgrath> anyone have anything to discuss? 16:41 < mdomsch> sponsoring people? 16:42 < mdomsch> I've had a couple requests in the last few weeks 16:42 < mmcgrath> mdomsch: always an excellent topic. 16:42 < mmcgrath> how many people have taken on sponsors in the last month? 16:42 * mmcgrath has :) 16:42 < f13> I have not. 16:42 < mdomsch> I presume the method is to have them join sysadmin and sysadmin-test 16:42 < mdomsch> sponsor them there, and find them somethign to do 16:43 < mdomsch> from the trac list 16:43 < mmcgrath> mdomsch: correct, my general approach has been this 16:43 < mmcgrath> 1) get them on sysadmin and try to figure out what they want to do. 16:43 < mmcgrath> from there I usually stick them in sysadmin-devel sysadmin-test or, in rare instances, right into sysadmin-web. 16:43 < mmcgrath> mdomsch: how have your sponsors been? pretty reactive? 16:43 * abadger1999 has 16:44 < mdomsch> my minions have been pretty quiet thus far 16:44 -!- wolfy [n=lonewolf at fedora/wolfy] has quit Remote closed the connection 16:44 < mdomsch> but I've been away a lot since then too 16:44 -!- sharkcz [n=dan at plz1-v-4-17.static.adsl.vol.cz] has quit "Ukon?uji" 16:44 < mmcgrath> abadger1999: how have your sponsors been? 16:45 < abadger1999> They come and go :-( 16:45 < mmcgrath> yeah 16:45 < abadger1999> I think people have time and so they apply and get started, then other things come up and they leave for a while. 16:45 -!- couf [n=bart at fedora/couf] has quit "leaving" 16:45 < mmcgrath> yeah, 16:46 < mmcgrath> thats one of the hardest things I've seen is people volunteering who just don't have the time they need to. 16:46 < mmcgrath> nothing's worse then working with, training, answering questions, for someone that can only give an hour or so every other week. 16:46 < mmcgrath> the interest is nice. but the amount of work that goes into a voulnteer vs how much you get out doesn't always add up :( 16:46 < mdomsch> it's best to find them something they can be responsible for 16:47 < mmcgrath> I'd *LOVE* to get a volunteer management expert or something at FUDCon this year. 16:47 < mdomsch> ownership breeds interest 16:47 < mdomsch> e.g. someone who is good at mailman instances could offload dgilmore 16:47 < mmcgrath> Thats a good example of a core problem I've seen. 16:48 < mmcgrath> someone comes to volunteer wanting to manage our xen infrastructure (just an example) but then goes away when they find out they have to pay the dues. 16:48 < dgilmore> :( me will go and hide 16:48 < mmcgrath> when you find someone willing to pay the dues (like work on mailman) they don't stick around very long. 16:48 < mmcgrath> its that hard balance I guess. 16:48 * mmcgrath takes this time to curse at RH's vpn solution. 16:48 < mmcgrath> anywho. 16:49 < ricky> Heh. 16:49 < wfp> coming from the other side, I feel like it's hard to find where I can start to help, other than contrib a package. 16:49 < mmcgrath> mdomsch: do you think we're doing the right thing or should we re-examine our situation? 16:49 -!- drago01_ [n=linux at chello062178124130.3.13.univie.teleweb.at] has joined #fedora-meeting 16:49 < mmcgrath> wfp: https://fedorahosted.org/fedora-infrastructure/ pick a ticket and start helping. 16:49 < mmcgrath> its really that easy. 16:49 < skvidal> wfp: if you find you need access to things ping me 16:50 < skvidal> or mmcgrath 16:50 < mdomsch> that's a good start; picking some easy-to-do things that we'd like a new volunteer to take on would help 16:50 < skvidal> or anyone 16:50 < ricky> How can we encourage more feedback from would-be conributors? 16:50 < dgilmore> mdomsch: please make me obsolete :) 16:50 < skvidal> but I sponsored you for sysadmin 16:50 < londo> picking a ticket sometimes require some knowledge on how the system works though 16:50 < skvidal> so ping me 16:50 -!- drago01 [n=linux at chello062178124130.3.13.univie.teleweb.at] has quit Read error: 104 (Connection reset by peer) 16:50 < dgilmore> or me 16:50 < ricky> Feel free to ask in #fedora-admin. We're pretty open about our setup 16:50 < sternecg> londo: true 16:50 -!- drago01_ is now known as drago01 16:50 * dgilmore would like to make sure that if he fell off the planet that things would be ok 16:51 < wfp> Yeah, it's the details of getting access to systems and stuff. Either I'm missing the docs on that stuff or I just need to dive and bug you guys as I go on my first trip 16:51 < ricky> wfp: Feel free to bug :-) 16:51 < mmcgrath> wfp: so when you found a ticket you were interested in working on.... what did you do? 16:51 < mmcgrath> and more importantly, why did you do it? 16:52 < wfp> Nothing yet, as I wasn't sure how/what I would still need to do to actually get the appropriate actions. 16:53 < mmcgrath> so you found what you wanted to do. and then did nothing. 16:53 < ricky> wfp: Commenting on the ticket/asking in #fedora-admin or the list sounds like a good first step. 16:53 < mmcgrath> ricky: but how do we get that point across to people that haven't done it I think is what wfp is saying. 16:53 < mmcgrath> this is the same issue I blogged about the account system the other day. 16:53 < wfp> I found something I *might* be able to do, but wasn't sure how to go about looking into further. 16:54 < ricky> wfp: Did you see http://fedoraproject.org/wiki/Infrastructure/GettingStarted by any chance? 16:54 < ricky> Should we work on improving that page? 16:54 < ricky> Or is it not visible enough in the first place? 16:54 < mmcgrath> new voluteers, in my mind, just seem completely clueless as to what to do next, no matter how explicit we document, now matter how full a GettingStarted page is, they just don't do anything. 16:54 < mmcgrath> I don't know if this is a process thing, a training thing or what. 16:54 < ricky> Perhaps a huge banner on the Infrastructure page could help? 16:55 < sternecg> mmcgrath: I would say training.. 16:55 < mmcgrath> quaid: you around? 16:55 < ricky> "If you'd like to help, read this!" 16:55 < wfp> What I feel is lacking is a more of a process thing. 16:55 < mmcgrath> I just don't understand why someone would show up, say they want to help (or even worse just sign up for an account) and thast the end of it? 16:55 < abadger1999> 1) joinmsg for cla_done should direct people to the toplevel getting started in fedora page that outlines what projects to join. 16:55 < ricky> mmcgrath: One thing that's weird is that I never see people respond to your welcome emails on list. 16:55 < mmcgrath> I mean if you want to do something, why aren't you looking around for stuff to do, and bugging people to do it? 16:55 < ricky> (Your reply to their introduction) 16:55 < mmcgrath> ricky: no kidding. 16:56 < abadger1999> 2) We should have a group description field that outlines what a group is and what to do once you've decided you want to be a part of it. 16:56 < mmcgrath> We should also make it very clear that applying for a group is the _last_ thing you should do if you're new to fedora. 16:56 < abadger1999> 16:56 < wfp> For example, from the mailing list, I see you folks appear to be maintaining config files in CVS. Again, I may missed the docs, but I don't see how you guys do that process. 16:56 < mmcgrath> I love new people but why on earth someone thinks they can come in and be an account system admin is beyond me. 16:57 < ricky> I'm honestly not as concerned about group spam than I am with the response to people that do know what they want to do. 16:57 < skvidal> wfp: once you get access to things you can ssh into certain machines and modify/check things in 16:57 < mmcgrath> wfp: there's no point in telling you that though because you're not at that level yet. 16:57 < mmcgrath> I mean, when the time comes and access is given, one of the first things I always tell people is look at SOP/Puppet. 16:57 < abadger1999> wfp: https://fedoraproject.org/wiki/Infrastructure/SOP/Puppet 16:57 < mmcgrath> but why would someone be given that access if they've not even agreed to do anything yet? 16:58 < wfp> I'm not expecting the access, I just want to see the path. 16:58 < mmcgrath> well, curiosity is one thing. 16:58 < mmcgrath> wfp: lets say you started from the begnining. 16:58 < mmcgrath> how do you think it should have gone? 16:58 < ricky> wfp: It's not that we wouldn't tell you if you asked :-) 16:59 < mmcgrath> lowering the barriers is a very important thing to me which is why I'm bugging wfp. He's fresh meat, clean view of how things seemed to him. 16:59 < ricky> I think we just don't see a point to training that part until the person has something to work on. 17:00 < mmcgrath> I think, perhaps, we need a much better "what to expect" page on the wiki somewhere to help shape what new volunteers can expect. 17:00 < mmcgrath> I always try to do that, its in the GettingStarted section, I think its even in the about section of the account system. 17:00 < mmcgrath> bah, we're out of time. 17:00 < mmcgrath> wfp: we'll have to continue this next time :) thanks for your comments though 17:01 < sternecg> thanks for the discussion 17:01 < mmcgrath> if no one has anything else we'll close the meeting in 15 17:01 < ricky> Quick thing: 17:01 < ricky> .ticket 576 17:01 < zodbot> ricky: #576 (Infrastructure Contact Information) - Fedora Infrastructure - Trac - https://fedorahosted.org/projects/fedora-infrastructure/ticket/576 17:01 < mmcgrath> ricky: how about a file in the private repo on puppet1? 17:02 < ricky> mmcgrath: That sounds good 17:02 < mmcgrath> k 17:02 < mmcgrath> and with that :) 17:02 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From lmacken at redhat.com Fri May 30 13:45:51 2008 From: lmacken at redhat.com (Luke Macken) Date: Fri, 30 May 2008 09:45:51 -0400 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <1210865099.7058.7.camel@localhost.localdomain> References: <482B0E00.5030705@gmail.com> <20080514163957.GA11441@x300> <1210865099.7058.7.camel@localhost.localdomain> Message-ID: <20080530134551.GA3527@x300.bos.redhat.com> On Thu, May 15, 2008 at 11:24:59AM -0400, John (J5) Palmieri wrote: > On Wed, 2008-05-14 at 12:39 -0400, Luke Macken wrote: > > On Wed, May 14, 2008 at 09:06:24AM -0700, Toshio Kuratomi wrote: > > > Forwarding to fedora-infrastructure-list soit canget more exposure and > > > discussion. > > > > > > -------- Original Message -------- > > > Subject: Tosca widgets, only half the battle > > > Date: Sun, 11 May 2008 12:27:36 -0400 > > > From: John (J5) Palmieri > > > To: Toshio Kuratomi > > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > > > After hacking away at MyFedora and producing a lot of ugly code in the > > > process I finally sat down the last two weeks to organize everything > > > into a framework make it much more extensible and have patterns for > > > people to easily create content. Most of the technologies are > > > solidifying into my head and I have been working on hashing out an API > > > design behind the user interaction design I had started with. The issue > > > I am running into now is the fact that Turbo Gears and related > > > technology come from a monolithic design and adhere too stringently to > > > the Model/View/Controller design pattern. This is really an issue when > > > your models, views and controllers can come from different applications > > > or even different servers. MyFedora is of course a mashup of different > > > tools and does not fit the, I'm grabbing data from a single database and > > > displaying it via a self contained template, mold. What I need is a > > > complete plugin system where a person can write their own self contained > > > controllers, templates and static files which then drop in and are > > > loaded on the fly, while integrating with the global project. > > > > > > Before I go further let me describe my design. > > > > > > Vocabulary: > > > > > > Resource - This is the starting point for MyFedora plugins. A resource > > > is any abstract grouping such as "packages", "people" and "projects" > > > which contain tools for viewing and manipulating data within the > > > resource's context. > > > > > > Tools - A tool is a web app for viewing or manipulating data. For > > > example Builds would be a tool for the package resource. > > > > > > Data Id - The data id is a pointer to a specific dataset the tools work > > > on. For example the package resource considers each fedora package name > > > to be a data_id. > > > > > > The way things work are Resources are placed in the resources/ directory > > > and contain the logic for routing requests to a specific tool. They > > > also contain the master template which is a cause of path problems with > > > the current TG setup (include paths are relative to the including > > > template) > > > > > > Tools are placed in the tools/ directory and are controllers just like > > > any other TG controller. The exception is there is a standard for > > > including the master template and the tool pulls templates and static > > > files from its own directory. Tools can register with more than one > > > resource and must modify its behavior based on the resource calling it. > > > For instance the Build tool would be able to register with the package > > > and people resource and depending which resource is being used it would > > > display either a specific person's builds or the build history of a > > > package. Based on the resource being used the master template is pulled > > > in by the tool's templates. > > > > > > Data id's are simply what the resource passes to the tool and the tool > > > needs to be able to accept when dealing with a particular resource. For > > > instance the Packages resource would send a package name as a data id > > > and the Peoples resource would send a person's FAS username. > > > > > > The issue here is I need the tools to be self contained but still > > > integrate correctly with the global assests such as master templates and > > > graphics. Tosca widgets seemed to be the answer until I looked further > > > and found out they are just a higher level display layer than a self > > > contained controller/template system. It seems to be confusing because > > > it breaks the connection between the controller, data and the display > > > when I want that all to be encapsulated. Basically I don't want the > > > master page dolling out the data because the master page is just a > > > container to display the tool and links to other tools. The tools > > > should know where to get their data from. > > > > > > One solution is to use ToscaWidgets as a replacement for templates (or > > > more apt another layer between the controller and the template). That > > > makes things more complicated and throws away a lot of the concepts of > > > TG controllers. I guess I am probably just hung up on how I first > > > learned TG and we can just document around those issues. But another > > > thing to think about is stuff like WSGI. > > > > > > What do you guys think? Given my design and goals such as the ability to > > > display tools on the portal page, what is our plan of attack? How do we > > > concoct a plugin system to make it easy for others to create integrated > > > content while really just concentrating on their bits and not the wider > > > integration infrastructure? Are there systems/libraries out there that > > > already do this? Tosca is only part of the solution because it only > > > deals with encapsulating display and is mostly geared to generic widgets > > > like lists and not complete pages. I would like to have a framework > > > that is simple, focused and easy to use. > > > > You mention that you're running into issues with TurboGears v1.0's > > "monolithic design", which makes various assumptions about how your > > application is going to be implemented. I agree that this may not be > > ideal for the MyFedora environment, which is why I think basing this on > > TurboGears v2.0 is the way to go. Being built on top of Pylons, which > > does not make these strict assumptions, it will allow us to have much > > more control over how our application stack is structured. Since > > TG2/Pylons leverages the WSGI standard (which we are starting to adopt > > in our infrastructure deployment already), it will allow us to change > > any part of our own stack at any time, without taking apart the whole > > framework. If we treat resources as WSGI applications/middleware, it > > will make it trivial to plug these into our framework, package them, and > > develop them in isolation. > > > > ToscaWidgets is extremely useful, but not at this low of a level in our > > framework design. I think that TW will be great for the high-level > > re-usable widgets that can potentially use various MyFedora > > resources/tools, but for core MyFedora resources, I think basing them on > > top of the WSGI standard will be the most flexible solution. > > I was thinking that but I am still not sure what WSGI is. Right now it > is just a magic term to me. Can you describe them in terms of > controllers right now? How does relative paths work (for instance with > template inheritance)? Is TG 2.0 stable enough for me to start rebasing > on? So, in terms of controller dispatching, they use two different mechanisms. TurboGears 1.0 uses CherryPy's object dispatch, which is essentially an attribute lookup for each path segment. Pylons uses Route's pattern matching against the full path to determine the controller to dispatch to. Basically, TurboGears object dispatching points to a function that is invoked by CherryPy, where Pylons points to a WSGI application. Since we're already using Routes for MyFedora, the switch to TG2 seems quite logical. TurboGears2 will use a more flexible object-dispatching system, and will also support direct Routes integration as well. For a great comparison of TurboGears (1.0) to Pylons, I recommend checking out this blog post by Ian Bicking: http://blog.ianbicking.org/turbogears-and-pylons.html luke From bilash.apece at gmail.com Fri May 30 19:26:59 2008 From: bilash.apece at gmail.com (Arifur Rahman) Date: Sat, 31 May 2008 01:26:59 +0600 Subject: [Fwd: Tosca widgets, only half the battle] In-Reply-To: <20080530134551.GA3527@x300.bos.redhat.com> References: <482B0E00.5030705@gmail.com> <20080514163957.GA11441@x300> <1210865099.7058.7.camel@localhost.localdomain> <20080530134551.GA3527@x300.bos.redhat.com> Message-ID: <5285704c0805301226p7f463696h16c8178d219f63e9@mail.gmail.com> hi! i have been using fedora since 2005. i like this very mouch and i alwas encorage my friends to use it. it was my dream to be one of the fedora contributores and now i am here. But dont know how to start. i have knowledge on administrative level, server configuration, shell scripting, C, assembly language. now i am studying on kernel and in the very primary level. please give me some advice how can i start as a contributor, how can i get a project that should be done to develop fedora and which is within my ability. On Fri, May 30, 2008 at 7:45 PM, Luke Macken wrote: > On Thu, May 15, 2008 at 11:24:59AM -0400, John (J5) Palmieri wrote: > > On Wed, 2008-05-14 at 12:39 -0400, Luke Macken wrote: > > > On Wed, May 14, 2008 at 09:06:24AM -0700, Toshio Kuratomi wrote: > > > > Forwarding to fedora-infrastructure-list soit canget more exposure > and > > > > discussion. > > > > > > > > -------- Original Message -------- > > > > Subject: Tosca widgets, only half the battle > > > > Date: Sun, 11 May 2008 12:27:36 -0400 > > > > From: John (J5) Palmieri > > > > To: Toshio Kuratomi > > > > CC: tcallawa at redhat.com, lmacken at redhat.com, mmcgrath at redhat.com > > > > > > > > After hacking away at MyFedora and producing a lot of ugly code in > the > > > > process I finally sat down the last two weeks to organize everything > > > > into a framework make it much more extensible and have patterns for > > > > people to easily create content. Most of the technologies are > > > > solidifying into my head and I have been working on hashing out an > API > > > > design behind the user interaction design I had started with. The > issue > > > > I am running into now is the fact that Turbo Gears and related > > > > technology come from a monolithic design and adhere too stringently > to > > > > the Model/View/Controller design pattern. This is really an issue > when > > > > your models, views and controllers can come from different > applications > > > > or even different servers. MyFedora is of course a mashup of > different > > > > tools and does not fit the, I'm grabbing data from a single database > and > > > > displaying it via a self contained template, mold. What I need is a > > > > complete plugin system where a person can write their own self > contained > > > > controllers, templates and static files which then drop in and are > > > > loaded on the fly, while integrating with the global project. > > > > > > > > Before I go further let me describe my design. > > > > > > > > Vocabulary: > > > > > > > > Resource - This is the starting point for MyFedora plugins. A > resource > > > > is any abstract grouping such as "packages", "people" and "projects" > > > > which contain tools for viewing and manipulating data within the > > > > resource's context. > > > > > > > > Tools - A tool is a web app for viewing or manipulating data. For > > > > example Builds would be a tool for the package resource. > > > > > > > > Data Id - The data id is a pointer to a specific dataset the tools > work > > > > on. For example the package resource considers each fedora package > name > > > > to be a data_id. > > > > > > > > The way things work are Resources are placed in the resources/ > directory > > > > and contain the logic for routing requests to a specific tool. They > > > > also contain the master template which is a cause of path problems > with > > > > the current TG setup (include paths are relative to the including > > > > template) > > > > > > > > Tools are placed in the tools/ directory and are controllers just > like > > > > any other TG controller. The exception is there is a standard for > > > > including the master template and the tool pulls templates and static > > > > files from its own directory. Tools can register with more than one > > > > resource and must modify its behavior based on the resource calling > it. > > > > For instance the Build tool would be able to register with the > package > > > > and people resource and depending which resource is being used it > would > > > > display either a specific person's builds or the build history of a > > > > package. Based on the resource being used the master template is > pulled > > > > in by the tool's templates. > > > > > > > > Data id's are simply what the resource passes to the tool and the > tool > > > > needs to be able to accept when dealing with a particular resource. > For > > > > instance the Packages resource would send a package name as a data id > > > > and the Peoples resource would send a person's FAS username. > > > > > > > > The issue here is I need the tools to be self contained but still > > > > integrate correctly with the global assests such as master templates > and > > > > graphics. Tosca widgets seemed to be the answer until I looked > further > > > > and found out they are just a higher level display layer than a self > > > > contained controller/template system. It seems to be confusing > because > > > > it breaks the connection between the controller, data and the display > > > > when I want that all to be encapsulated. Basically I don't want the > > > > master page dolling out the data because the master page is just a > > > > container to display the tool and links to other tools. The tools > > > > should know where to get their data from. > > > > > > > > One solution is to use ToscaWidgets as a replacement for templates > (or > > > > more apt another layer between the controller and the template). > That > > > > makes things more complicated and throws away a lot of the concepts > of > > > > TG controllers. I guess I am probably just hung up on how I first > > > > learned TG and we can just document around those issues. But another > > > > thing to think about is stuff like WSGI. > > > > > > > > What do you guys think? Given my design and goals such as the ability > to > > > > display tools on the portal page, what is our plan of attack? How do > we > > > > concoct a plugin system to make it easy for others to create > integrated > > > > content while really just concentrating on their bits and not the > wider > > > > integration infrastructure? Are there systems/libraries out there > that > > > > already do this? Tosca is only part of the solution because it only > > > > deals with encapsulating display and is mostly geared to generic > widgets > > > > like lists and not complete pages. I would like to have a framework > > > > that is simple, focused and easy to use. > > > > > > You mention that you're running into issues with TurboGears v1.0's > > > "monolithic design", which makes various assumptions about how your > > > application is going to be implemented. I agree that this may not be > > > ideal for the MyFedora environment, which is why I think basing this on > > > TurboGears v2.0 is the way to go. Being built on top of Pylons, which > > > does not make these strict assumptions, it will allow us to have much > > > more control over how our application stack is structured. Since > > > TG2/Pylons leverages the WSGI standard (which we are starting to adopt > > > in our infrastructure deployment already), it will allow us to change > > > any part of our own stack at any time, without taking apart the whole > > > framework. If we treat resources as WSGI applications/middleware, it > > > will make it trivial to plug these into our framework, package them, > and > > > develop them in isolation. > > > > > > ToscaWidgets is extremely useful, but not at this low of a level in our > > > framework design. I think that TW will be great for the high-level > > > re-usable widgets that can potentially use various MyFedora > > > resources/tools, but for core MyFedora resources, I think basing them > on > > > top of the WSGI standard will be the most flexible solution. > > > > I was thinking that but I am still not sure what WSGI is. Right now it > > is just a magic term to me. Can you describe them in terms of > > controllers right now? How does relative paths work (for instance with > > template inheritance)? Is TG 2.0 stable enough for me to start rebasing > > on? > > So, in terms of controller dispatching, they use two different > mechanisms. TurboGears 1.0 uses CherryPy's object dispatch, which is > essentially an attribute lookup for each path segment. Pylons uses > Route's pattern matching against the full path to determine the > controller to dispatch to. > > Basically, TurboGears object dispatching points to a function that is > invoked by > CherryPy, where Pylons points to a WSGI application. > > Since we're already using Routes for MyFedora, the switch to TG2 seems > quite logical. TurboGears2 will use a more flexible object-dispatching > system, > and will also support direct Routes integration as well. > > For a great comparison of TurboGears (1.0) to Pylons, I recommend > checking out this blog post by Ian Bicking: > > http://blog.ianbicking.org/turbogears-and-pylons.html > > luke > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ivazqueznet at gmail.com Sat May 31 00:35:57 2008 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Fri, 30 May 2008 20:35:57 -0400 Subject: [Fwd: Problem logging in] Message-ID: <1212194157.455.1.camel@ignacio.lan> Any ideas on this one, guys? -- Ignacio Vazquez-Abrams PLEASE don't CC me; I'm already subscribed -------------- next part -------------- An embedded message was scrubbed... From: Mark Hamzy Subject: Problem logging in Date: Fri, 30 May 2008 18:03:22 -0500 Size: 134269 URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From brothers at logn.org Sat May 31 03:22:34 2008 From: brothers at logn.org (Jared Brothers) Date: Fri, 30 May 2008 23:22:34 -0400 Subject: [Fwd: Problem logging in] In-Reply-To: <1212194157.455.1.camel@ignacio.lan> References: <1212194157.455.1.camel@ignacio.lan> Message-ID: <5b2e5c580805302022na173430v8018cec328e4e31d@mail.gmail.com> I see the same error. -- Jared Brothers From mmcgrath at redhat.com Sat May 31 03:47:14 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 30 May 2008 22:47:14 -0500 (CDT) Subject: [Fwd: Problem logging in] In-Reply-To: <5b2e5c580805302022na173430v8018cec328e4e31d@mail.gmail.com> References: <1212194157.455.1.camel@ignacio.lan> <5b2e5c580805302022na173430v8018cec328e4e31d@mail.gmail.com> Message-ID: Are you still seeing it now? If not try clearing your cookies and restarting your browser? I made some pretty serious auth changes today that I could imagine caused this. If the problems go away then we're ok, the cookies for people will expire eventually. If you keep getting them though I need to go back and re-look at some things. -Mike On Fri, 30 May 2008, Jared Brothers wrote: > I see the same error. > > -- > Jared Brothers > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From Matt_Domsch at Dell.com Sat May 31 14:20:35 2008 From: Matt_Domsch at Dell.com (Matt_Domsch at Dell.com) Date: Sat, 31 May 2008 09:20:35 -0500 Subject: wiki change notes from wrong user. References: <200805311409.m4VE926q025988@app2.fedora.phx.redhat.com> Message-ID: Wiki change notes originating from odd user (below says changed by Mikec302, when it was me who made the change). What gives? -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -----Original Message----- From: WikiAdmin [mailto:webmaster at fedoraproject.org] Sent: Sat 5/31/2008 9:09 AM To: Mdomsch Subject: FedoraProject page FTBFS has been changed by Mikec302 Dear Mdomsch, The FedoraProject page FTBFS has been changed on 09:09, 31 May 2008 by Mikec302, see https://fedoraproject.org/wiki/FTBFS for the current version. See https://fedoraproject.org/w/index.php?title=FTBFS&diff=0&oldid=28695 for all changes since your last visit. Editor's summary: /* What to do if you get a FTBFS bug? */ Contact the editor: mail: https://fedoraproject.org/wiki/Special:Emailuser/Mikec302 wiki: https://fedoraproject.org/wiki/User:Mikec302 There will be no other notifications in case of further changes unless you visit this page. You could also reset the notification flags for all your watched pages on your watchlist. Your friendly FedoraProject notification system -- To change your watchlist settings, visit https://fedoraproject.org/wiki/Special:Watchlist/edit Feedback and further assistance: https://fedoraproject.org/wiki/Help:Contents From dev at nigelj.com Sat May 31 14:25:05 2008 From: dev at nigelj.com (Nigel Jones) Date: Sun, 01 Jun 2008 02:25:05 +1200 Subject: wiki change notes from wrong user. In-Reply-To: References: <200805311409.m4VE926q025988@app2.fedora.phx.redhat.com> Message-ID: <48415FC1.5040401@nigelj.com> Matt_Domsch at Dell.com wrote: > Wiki change notes originating from odd user (below says changed by Mikec302, when it was me who made the change). > What gives? > According to https://fedoraproject.org/w/index.php?title=FTBFS&action=history 'Mikec302' is also making changes :) - Nigel > -- > Matt Domsch > Linux Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > > > > -----Original Message----- > From: WikiAdmin [mailto:webmaster at fedoraproject.org] > Sent: Sat 5/31/2008 9:09 AM > To: Mdomsch > Subject: FedoraProject page FTBFS has been changed by Mikec302 > > Dear Mdomsch, > > > The FedoraProject page FTBFS has been changed on 09:09, 31 May 2008 by > Mikec302, see https://fedoraproject.org/wiki/FTBFS for the current > version. > > See > https://fedoraproject.org/w/index.php?title=FTBFS&diff=0&oldid=28695 > for all changes since your last visit. > > Editor's summary: /* What to do if you get a FTBFS bug? */ > > Contact the editor: > mail: https://fedoraproject.org/wiki/Special:Emailuser/Mikec302 > wiki: https://fedoraproject.org/wiki/User:Mikec302 > > There will be no other notifications in case of further changes unless > you visit this page. You could also reset the notification flags for > all your watched pages on your watchlist. > > Your friendly FedoraProject notification system > > -- > To change your watchlist settings, visit > https://fedoraproject.org/wiki/Special:Watchlist/edit > > Feedback and further assistance: > https://fedoraproject.org/wiki/Help:Contents > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From linux at elfshadow.net Sat May 31 15:27:59 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sat, 31 May 2008 11:27:59 -0400 Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> Message-ID: <10e0a9b00805310827x7580f343yb37864df3f1322ce@mail.gmail.com> I took a look at pt2 again today and it looks like the php.ini was set back to the default after Ricky and I sorted out the OpenID issues on Monday. Was the more restrictive version causing troubles for someone? I would be happy to look at what was going on - so far we've been able to adjust it to make everything that has been brought to my attention work - but I need to know what broke to see what needs tweaked before rolling this to the production systems. Just let me know what broke and I will look at it again. Thanks! Jeffrey From mmcgrath at redhat.com Sat May 31 15:30:31 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 31 May 2008 10:30:31 -0500 (CDT) Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805310827x7580f343yb37864df3f1322ce@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> <10e0a9b00805310827x7580f343yb37864df3f1322ce@mail.gmail.com> Message-ID: On Sat, 31 May 2008, Jeffrey Tadlock wrote: > I took a look at pt2 again today and it looks like the php.ini was set > back to the default after Ricky and I sorted out the OpenID issues on > Monday. > > Was the more restrictive version causing troubles for someone? I > would be happy to look at what was going on - so far we've been able > to adjust it to make everything that has been brought to my attention > work - but I need to know what broke to see what needs tweaked before > rolling this to the production systems. > > Just let me know what broke and I will look at it again. > Sorry, I'll set that back to how it was. I moved it to test some strange things that were happening. -Mike From linux at elfshadow.net Sat May 31 18:28:53 2008 From: linux at elfshadow.net (Jeffrey Tadlock) Date: Sat, 31 May 2008 14:28:53 -0400 Subject: PHP Security Tweaks In-Reply-To: References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> <10e0a9b00805310827x7580f343yb37864df3f1322ce@mail.gmail.com> Message-ID: <10e0a9b00805311128i2940330aq9f6277b055148756@mail.gmail.com> On Sat, May 31, 2008 at 11:30 AM, Mike McGrath wrote: > Sorry, I'll set that back to how it was. I moved it to test some strange > things that were happening. Cool! Thanks Mike. I wasn't sure if it had caused issues again or not. I was giving it some time to sit on publictest2 without causing issues before seeing if we could push it to production. Thanks! Jeffrey From mmcgrath at redhat.com Sat May 31 18:47:56 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 31 May 2008 13:47:56 -0500 (CDT) Subject: PHP Security Tweaks In-Reply-To: <10e0a9b00805311128i2940330aq9f6277b055148756@mail.gmail.com> References: <10e0a9b00805231737t3b3a2efane364def682c4f4ed@mail.gmail.com> <10e0a9b00805241918y33be002fo2b974c88eca3dc9c@mail.gmail.com> <10e0a9b00805251019y235ff0dfkca30a866ffe6825e@mail.gmail.com> <10e0a9b00805260447h4b7a4317u8a5f9d4fe34fdc6d@mail.gmail.com> <10e0a9b00805310827x7580f343yb37864df3f1322ce@mail.gmail.com> <10e0a9b00805311128i2940330aq9f6277b055148756@mail.gmail.com> Message-ID: On Sat, 31 May 2008, Jeffrey Tadlock wrote: > On Sat, May 31, 2008 at 11:30 AM, Mike McGrath wrote: > > Sorry, I'll set that back to how it was. I moved it to test some strange > > things that were happening. > > Cool! Thanks Mike. I wasn't sure if it had caused issues again or > not. I was giving it some time to sit on publictest2 without causing > issues before seeing if we could push it to production. > nope, we should give it another good lookover on pt2 though and decide when we want to move it. -Mike From mmcgrath at redhat.com Sat May 31 19:05:43 2008 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 31 May 2008 14:05:43 -0500 (CDT) Subject: [Fwd: Problem logging in] In-Reply-To: <1212194157.455.1.camel@ignacio.lan> References: <1212194157.455.1.camel@ignacio.lan> Message-ID: On Fri, 30 May 2008, Ignacio Vazquez-Abrams wrote: > Any ideas on this one, guys? > Figured this one out. Some alterations to our auth extension made it so users that hadn't logged in weren't able to. I'm pushing the configs now if it continues to happen please let me know. -Mike